Paving the way towards the mark
New RFID Attack Opens the Door
LIGHT READING - Kelly Jackson Higgins, Senior Editor - March 23, 2007
Be careful of who walks up to your building and swipes an ID card: New proof-of-concept code will soon be released that lets attackers hack RFID readers and walk right in as if they work there.
The attack uses SQL injection to fake the back-end RFID reader into admitting the cardholder into the building, says Joshua Perrymon, hacking director for PacketFocus Security Solutions and the researcher who wrote the POC. Perrymon -- who's taking a cue from the recent Black Hat RFID flap and won't name RFID vendor names -- says he's tested it on a few RFID vendors' systems, but the exploit will work on most any of them. (See HID Lists RFID Security Steps, HID, IOActive Butt Heads Again, and Black Hat Cancels RFID Demo.)
The RFID databases don't validate the input they receive from the swiped cards, he says, which leaves them wide open for hacks. "I was noticing the back- end database is the same across all products -- I haven't seen any using input validation" to confirm the data they've swiped is legitimate, he says. "It doesn't really matter who the vendor is... In any building you go to with this, bang, you gain access." - - - -
Perrymon says adding input validation to these products would be simple for RFID vendors, and he's hoping his work will pressure the vendors to fix the problem. "I want vendors to put in input validation in the reader or database," he says. "Preferably the reader."
But this attack is not for any script kiddie. "You have to be pretty skilled in RFID to understand all the components," says Perrymon, whose company does penetration testing and social engineering exploits. He plans to release the POC soon.
Read Full Article
IBM Optical Chipset Allows Instant Downloads
Prototype optical transceiver speeds transmission by using light pulses
PC WORLD - Ben Ames, IDG News Service - March 26, 2007
IBM Corp. researchers showed a prototype optical transceiver chipset Monday they say will allow people to download movies or share online data eight times faster than current technology allows.
The chipset can move data at 160G bits by representing information as light pulses instead of electrons and could be used for both corporate and consumer applications as soon as 2010, IBM said.
Consumer demand for digital media such as movies, music and photos has caused an explosion in the amount of data being transferred over the Internet, and underlined the need for greater bandwidth and connectivity, said T.C. Chen, vice president for science and technology at IBM Research, in a statement. - - -
Although all those technologies exist today, it will probably be at least three years until suppliers can produce enough parts for IBM to bring optical transceivers into its product stream, the company said.
When it does arrive, the part could have an immediate impact on applications from computing to communications and entertainment. A PC using that board would be able to reduce the download time of a typical high-definition feature-length movie from 30 minutes to one second, the company said.
The demand for bandwidth has also pushed other chipmakers to explore optical circuits. In September, researchers at Intel Corp. and the University of California at Santa Barbara said they had discovered how to build low-cost "laser chips" that move data much faster than standard copper wire interconnects. That could help eliminate the bottleneck of feeding data to processors that are becoming ever faster according to Moore's Law, they said. And in December, IBM said it had found a way to slow down speeding photons, allowing them to store data as light instead of electricity.
IBM did the work with funding from the U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA). Researchers will present details of the project on March 29 in a report at the Optical Fiber Conference in Anaheim, California. The full name of the chipset is the "160Gb/s, 16- channel, full-duplex, single-chip CMOS optical transceiver."
Read Full Article
Hacking the Car Navigation System
LIGHT READING - Kelly Jackson Higgins, Senior Editor - March 28, 2007
If you find you're relying a little too much on your car's navigation system, beware: Italian researchers have discovered a way to hack into some of these systems and potentially "own" the messages your car gives you and where it tells you to go.
At risk are satellite-based navigation systems that use Radio Data System-Traffic Message Channel (RDS- TMC) to receive traffic broadcasts and emergency messages, a technology that is widely deployed in vehicles throughout Europe and increasingly, North America, says Andrea Barisani, chief security engineer of Inverse Path. Barisani and Inverse Path's hardware hacker Daniele Bianco built tools that let an attacker inject fake messages to the navigation system, or launch a denial-of-service attack.
RDS-TMC provides broadcasts on traffic conditions, accidents, and detours for the driver. (RDS is also used to display the name of the radio station you're listening to on satellite radio.) The technology doesn't authenticate where the traffic comes from, so an intruder could easily send a bogus message of a road closure, rerouting drivers to another road, Barisani says. Or an attacker could pummel the system with messages and cause a denial-of-service (DOS) attack, which could crash not only a car's navigation system, but its climate control system, and stereo, too, he says.
Barisani says the criminal or terrorist element would most likely be attracted to this type of attack. "If you're a hit man, you can use that kind of system to detour or ambush someone on any street you want," he says. "We can also send sensitive messages about security events, [weather conditions], or related to terrorist incidents." He says he got the idea of trying to perform this type of hack from his new vehicle, which uses one of these navigation systems. "There is no authentication," he says. "So I started to wonder if you could inject false traffic information into them."
"We were amazed you could put in such powerful messages and they were not authenticated in any way," he says. - - -
Meanwhile, the good news is user data or privacy is not at risk with these types of attacks, since the attacker could only send, not grab, data.
"We're basically trying to fuzz the navigator, send it some incorrect information, and see how it would react," he says.
The researchers tested the hardware within one to five kilometers of the vehicles. An attacker could also target a specific vehicle by using a directional antenna, Barisani says, or by tweaking the power output.
Meanwhile, there are some emerging technologies for car navigation systems that could provide some protection for drivers. - - -
There's also the Global System for Telematics (GST), a European effort that would add protocols for navigation systems that let cars communicate with one another, for instance, Barisani says. GST -- which is at least five years away from availability -- will include encryption, so it would be less susceptible to attacks, he sys. For now, there's not much you can do to determine whether your navigation system is under attack. Not until you find yourself in some deserted road far from your destination, that is. "We wanted to expose this problem. We think it's a [potentially] pretty severe one," he says. "No one has bothered looking into this, and there's no other research about it."
Read Full Article
New PC security recognizes your face
EE TIMES - By Larry Greenemeier - March 28, 2007
In the future, workers will have to check in with their IT departments before getting any cosmetic surgery done to their face. That new nose job might just keep you from being able to log on to your PC, especially if your company opts to use the USB-pluggable 3-inch 3- D face recognition camera introduced Wednesday by Bioscrypt Inc. to authenticate end users.
The new technology combines Bioscrypt's background as a provider of fingerprint-based biometric access controls with the advanced face imaging and recognition technology it acquired along with A4Vision March 14.
The user sits in front of Bioscrypt's new VisionAccess 3D DeskCam and, with just a glance, can log onto their computer, network, or applications if integrated with Bioscrypt's VeriSoft SSO network logon and single sign on software, which automatically enters necessary credentials when a registered Web-based or Microsoft Windows application is accessed.
Enrolling users within the Bioscrypt system means first casting a 40,000-point infrared mesh grid over the user's face in order to take measurements. "It captures the shape of your face rather than taking a digital photo," says Ryan Zlockie, director of product management. These measurements are then stored as data either on the computer or in a more centralized network directory. There's also an encryption feature that protects this data while it's in transit or at rest. Since the sensor checking measurements of the user's face is infrared, it can work either in darkness or regular office light.
The VisionAccess 3D DeskCam, which costs about $300, was designed to be used with desktop PCs, but it can also be used as a laptop peripheral device. Bioscrypt would like to eventually see its technology embedded into a laptop the way cameras are today.
VisionAccess has one very important advantage over most laptop security. "You can't leave home without your face," says Grant Evans, former A4Vision CEO and president and member of Bioscrypt's board of directors. A4Vision attracted some serious backing during its brief life as an independent company, counting Larry Ellison's TAKO Ventures investment group and In-Q-Tel, a Central Intelligence Agency- backed venture group, as financial backers.
Bioscrypt Wednesday also said it's partnering with 3VR, a maker of searchable digital video surveillance systems, to integrate VisionAccess 3D Face Readers and the VisionAccess 3D DeskCam with 3VR's technology. The goal of this union is to help companies identify suspicious people or activity in real time either at a facility's entrance using the 3D Face Reader or at a closer proximity using the 3D DeskCam.
In such situations, Bioscrypt's 3D facial recognition system works with 3VR to perform multiple facial scans and comparisons against a database of stored images and corresponding data. If a person identified by the combination of Bioscrypt and 3VR biometric and digital video surveillance technologies was previously placed on a watch list, the system will initiate an alert to security personnel. - - - -
Read Full Article