intrepidus
Latest
ZTE partnering with Intrepidus to secure future smartphones
ZTE is building up quite a name for itself here in the US and as its market share grows, so too do the concerns about the company and its wares. Though the Chinese manufacturer isn't saying as much, its new partnership with Intrepidus feels partially like an effort to assuage the fears of the American consumer and its government. How the New York-based security firm fits into ZTE's broader plans isn't exactly clear, but the vague press release (after the break) does say that Intrepidus will "investigate the security mechanisms of ZTE-manufactured smartphones," -- phrasing that feels very purposefully chosen. Obviously the ultimate goal is make your personal data safer, and we assume that means both from individual criminal ne'er-do-wells and state actors.
Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it
Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named "UltraReset" and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able to reset and reuse -- free of charge -- transit access cards in both San Francisco's MUNI system and New Jersey's PATH system. Before you go getting any bad ideas, know that Benninger and Sobell haven't released the app for public use, and warned both transit systems in late 2011 (though neither region has fixed the exploit, the duo claim). PATH and MUNI share a common chip access card -- the Mifare Ultralight -- which can apparently be reset for 10 extra rides (as demonstrated on video below) via Android phones with NFC, an OS newer than 2.3.3 (Gingerbread). Starting to sound familiar? Intrepidus is, however, releasing a modified version of the app, named "UltraCardTester." The modified app functions just like its nefarious progenitor, except it can't add time to cards (see it in action below). The app can tell you how many rides you have left, and if a system is open to exploit, but it won't assist you in the act of exploiting. We reached out to both New Jersey's PATH and San Francisco MUNI on the issue, but have yet to hear back as of publishing.
