Encryption Archive

  • Meganet’s Dominator I snoops on four GSM convos at once, fits in your overnight bag

    Meganet’s Dominator I snoops on four GSM convos at once, fits in your overnight bag

    Posted on May 10, 2010 | No Comments
    "Dominator I" sounds more like a monster truck than a collection of small boxes that collectively erase 20 years of relatively secure wireless phone service, doesn't it? Alas, what you're looking at here is a convenient, plug-and-play solution for exploiting the hard work the world's hacking community has put into cracking the A5/1 encryption used on GSM networks in Europe and the US over the past few years. The system consists of two nondescript white boxes, two directional antennas that you'll point in the direction of your victim, and a laptop that you can use to get a glimpse at all of the phones currently connected to your nearest cell site and record up to four active calls simultaneously -- and if you're more of the text messaging type, Dominator I's got you covered there, too, with full access to SMS. The company claims that the system was "declassified only last week" and is completely undetectable both by the operator and the end user, putting it in this rare nexus of "awesome" and "completely terrifying." It can't do the 128-bit A5/3 used in UMTS, but now that it's been cracked in a somewhat practical way, we're sure the Dominator II can't be far behind. Follow the break for Meganet's video of the system in action.

    Continue reading Meganet's Dominator I snoops on four GSM convos at once, fits in your overnight bag

    Meganet's Dominator I snoops on four GSM convos at once, fits in your overnight bag originally appeared on Engadget on Mon, 10 May 2010 18:02:00 EST. Please see our terms for use of feeds.

    Permalink | Email this | Comments

    Full Story

  • What’s the secret message on the USB drive?

    What’s the secret message on the USB drive?

    Posted on April 5, 2010 | No Comments
    There were a bunch of USB keys sent out to gaming outlets today, with no return address and only a cryptic message. What could it mean? Is Majestic coming back? Are aliens trying to contact gaming press outlets?

    Full Story

  • GSM call encryption code cracked, published for the whole world to see

    GSM call encryption code cracked, published for the whole world to see

    Posted on December 29, 2009 | No Comments
    var digg_url = 'http://digg.com/security/GSM_call_encryption_code_cracked_published_for_the_world'; Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force -- they fed enough random strings of numbers in to effectively guess the password. The GSM Association -- which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators -- has responded by having a whinge about Mr. Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks. Right, only a modified 64-bit code is just as vulnerable to cracking as the one that just got cracked. It's important to note that simply having the code is not in itself enough to eavesdrop on a call, as the cracker would be faced with just a vast stream of digital communications -- but Karsten comes back to reassure us that intercepting software is already available in customizable open source varieties. So don't be like Tiger, keep your truly private conversations off the airwaves, at least for a while.

    GSM call encryption code cracked, published for the whole world to see originally appeared on Engadget on Tue, 29 Dec 2009 04:18:00 EST. Please see our terms for use of feeds.

    Permalink | Email this | Comments

    Full Story

  • Why the Predator drone encryption doesn’t matter

    Why the Predator drone encryption doesn’t matter

    Posted on December 25, 2009 | No Comments
    Bruce Schneier wrote a great piece on the unencrypted Predator drone video feeds, noting that the drones were built for a post-Soviet, pre-insurgent era and that encryption, in the case of a live feed, is more of a problem than a threat. The problem is, the world has changed. Today’s insurgent adversaries don’t have KGB-level intelligence [...]

    Full Story

  • Germany ousts BlackBerry for government VIPs

    Germany ousts BlackBerry for government VIPs

    Posted on November 30, 2009 | No Comments
    RIM may have recently opened a facility in Bochum, but that apparently wasn't enough Bavarian love to save it from being canned as the German government's platform of choice for its high-security needs. Deutsche Telekom subsidiary T-Systems has been selected to lead up an effort to procure "several thousand" customized handsets with mega-uncrackable encryption, winning the deal over the old BlackBerry standby thanks to concerns that state secrets are being transmitted overseas -- to Canada, specifically. Canada has always struck us as a pretty trustworthy bunch of good, hard-workingfolks, but then again, it's all fun and games until Canadian Motor Works, Canadawagen, Canada-Benz, and Canadorsche all come out of nowhere.

    [Thanks, Toby]

    Germany ousts BlackBerry for government VIPs originally appeared on Engadget Mobile on Mon, 30 Nov 2009 04:36:00 EST. Please see our terms for use of feeds.

    Permalink | Email this | Comments

    Full Story

  • Review: Lexar JumpDrive SAFE S3000 FIPS USB drive

    Review: Lexar JumpDrive SAFE S3000 FIPS USB drive

    Posted on October 13, 2009 | No Comments
    I mentioned a newly released hardware encrypted USB flash drive last week, and promised a full review. Here it is! The Lexar JumpDrive SAFE S3000 FIPS is a hardware-encrypted USB drive that satisfies U.S. government computer security standard FIPS 140-2 Level 3. "Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module." The SAFE S3000 FIPS accomplishes this by means of a Gemalto .NET V2.2 FIPS smart card, which provides "tamper-resistant storage, isolation of all security-critical computations, and strong authentication through a stringent PKI-based challenge-response process." The metal casing is water proof, and the entire thing is filled with "military-grade epoxy compound" to thwart physical access. This drive has some serious heft to it, compared to other USB sticks. In a pinch, you could probably cause modest pain to someone by throwing it at them. Seriously, this thing is solid. Read on for the whole story.

    Full Story

  • Secure your data with encrypted USB drives

    Secure your data with encrypted USB drives

    Posted on October 8, 2009 | No Comments
    USB media represents a double-edged sword: on the one hand, data portability is an extremely useful thing; but on the other hand, data portability can be a gigantic liability for your business operations. You can try to train your users not to put sensitive data on USB drives, but chances are that convenience will win out over security, and your data will slip out on USB media anyway. And then it's all too easy for USB media to simply disappear: I can't count how many thumb drives I've lost. New products are coming soon to help solve this problem.

    Full Story

  • WPA encryption cracked in under a minute

    WPA encryption cracked in under a minute

    Posted on August 27, 2009 | No Comments
    wifilogo.gifResearchers in Japan have developed an attack against WiFi Protected Access when using the Temporal Key Integrity Protocol (TKIP) that can successfully break the encryption in less than a minute. If you're using WPA with TKIP, switch to AES, or step up to WPA2.

    Full Story