hacking – Page 13 – Stilgherrian

18 May 2015

Talking the hacking of airliners on 2UE

Is it possible to hack into a commercial airliner’s flight control systems by first hacking into its inflight entertainment system?

That’s the worry, certainly. But now the FBI has said that security researcher Chris Roberts told them he’d done exactly that hack 15 or 20 times, and on one occasion even managed to compromise the Thrust Management Computer, getting it to issue a “climb” command to one engine — with the result that the burst of increased thrust caused “lateral movement” of the aircraft.

Except Wired reports that Roberts told them that he claimed no such thing. He’d had many hours of conversations with the FBI, and in condensing that down to a few sentences they’ve got the wrong end of the stick.

This whole story caught the attention of 2UE morning presenter Stuart Hocking, we spoke about it for about seven minutes earlier today, and here’s the recording.

Podcast: Play in new window | Download (3.9MB)

19 April 201524 April 2015

Weekly Wrap 254: Regret, introspection, and a new dawn

My week of Monday 13 to Sunday 19 April 2015 was rather full, but not as productive as the plan intended. Instead, there were unexpected loose ends to tie up, plus hours and hours of introspection.

Introspection about the fact that Q1 of 2015 was, in revenue terms, my second-worst quarter in more than four years. Introspection about just how I’ll increase revenue. And about the isolation of living at Bunjaree Cottages, which isn’t good for me — and the fact that these accommodation arrangements, only ever intended to be for “a few weeks”, have run for more than four years. All my household possessions, apart from two suitcases of personal items and the like, have been in storage all this time.

Introspection about two events coming up next month, a birthday that ends in a “5” and, on 13 May, the twentieth anniversary of moving from Adelaide to Sydney — a move triggered by taking on a new job during the first dotcom boom. With both work and accommodation issues on the agenda again, is it time for another migration?

Introspection about the “need”, as my doctor put it, to get some exercise, change my diet, and lose 10kg of weight. And introspection about just how I’ll change all those things — and more that I haven’t mentioned yet — without going postal.

I don’t have any answers yet. Heck, I don’t even have most of the questions. But I am starting to get a clearer view of the landscape, like the sun rising through dawn clouds.

All that said, I did get a few things done this week…

Podcasts

“The 9pm Statement of Regret”, being The 9pm Edict episode 40. It contains quite a bit about Australia’s forthcoming celebrations for Anzac Day and the mythic nature of Gallipoli in those celebrations. I’d like to hear your responses. Your deadline for audio comments is Tuesday 21 April at 1700 AEST.

Articles

Verizon’s yearly reminder that we’re still useless at infosec, ZDNet Australia, 17 April 2015.

5at5

There were four editions of 5at5 this week, on Monday, Tuesday, Thursday and Friday. To save me having to tell you this, you could just subscribe.

Media Appearances

I was quoted in a story in this week’s The Saturday Paper, Islamic State’s online strategies.

Corporate Largesse

On Friday, I had coffee with an executive from Dyn, an internet performance optimisation company. That coffee was paid for by their PR people.

The Week Ahead

I’ll be in the Blue Mountains all week, as far as I can tell at this stage.

On Monday and Tuesday, I’m finishing a column for ZDNet Australia, producing another episode of The 9pm Edict podcast, and setting up some sort of subscription drive for same. Those last two tasks are intertwined. On Tuesday night, I’ll be talking tech news with Dom Knight on ABC 702 Sydney at 2030 AEST.

On Wednesday through Friday, I’ll finally get that ebook sorted, write a column for ZDNet Australia, review the scripts for six episodes of a television drama. Yes, that last one is running late. Also left over from last week is producing and posting the recording of my recent lecture at UTS. There’s no way that’ll fit into the coming week.

The weekend is currently unplanned, but given how much I’ll be doing during the week, I suspect I’ll just be a sloth for two days. Apart, that is, from going to a local Anzac Day Dawn Service somewhere. Maybe. I may also try to have some sort of social life. Possibly.

Further Ahead

The following week, on 29-29 April, I’ll be covering the Disruptocon conference in Sydney, trying not to choke on the name.

Then on Saturday 2 May, I’ll be flying to the US for eight days, primarily to cover NetSuite’s SuiteWorld conference once again. I currently plan to return to Australia on Tuesday 12 May. I’ll tell you more about that trip in due course.

Update 24 April 2015: Edited to reflect cancellation of US trip.

[Photo: Sunrise over Roselle Bay, Sydney, photographed on 19 April 2015. Yes, today.]

26 February 2015

Talking Gemalto’s response to ‘hack’ on ABC Radio’s AM

ABC logo So SIM card manufacturer Gemalto has responded to the claims that America’s NSA and Britain’s GCHQ had hacked their network in 2010 and 2011 and stolen SIM card encryption keys. I spoke about that response on ABC Radio’s AM this morning.

You can read Gemalto’s full press statement, but The Wall Street Journal has a good summary, and The Intercept has various infosec experts disputing Gemalto’s analysis.

If nothing else, it seems unlikely that Gemalto could have conducted a thorough forensic investigation in just six days — although they may have just dig out a report they’d prepared earlier.

Here’s how AM introduced the story today:

Overnight the world’s largest SIM card manufacturer has responded to allegations it was hacked by American and British spies. Dutch company Gemalto confirmed it was the target of sophisticated hacks in 2010 and 2011, and most likely the US National Security Agency and their British counterparts were responsible. Last week, documents from Edward Snowden alleged spies stole encryption keys from Gemalto, giving them potential to monitor mobile communications. But Gemalto denies there was mass theft of encryption keys and says their products are secure.

And here’s the full report from journalist Sarah Sedghi.

Podcast: Play in new window | Download (1.8MB)

25 February 2015

Talking SIM cards, spooks and hacks on 1395 FIVEaa

Third time’s the charm, right? My third radio spot on The Great SIM Heist was for 1395 FIVEaa in Adelaide on Wednesday afternoon.

Again, I won’t repeat the background, because it’s all in my first post on the subject. But I will say that this is the most detailed conversation about it so far, because presenter Will Goodings and I spoke for 13 minutes.

That said, there’s not much more information than we had yesterday. Gemalto isn’t due to hold its press conference until late this evening Australian time, so we’ll know more tomorrow.

Podcast: Play in new window | Download (18.4MB)

25 February 201525 February 2015

Talking SIM cards, spooks and hacks on 2UE

The second radio spot I did on The Great SIM Heist — or perhaps I should say the claimed heist, or even the alleged heist — was for the Sydney talk radio station 2UE on Tuesday afternoon.

I won’t repeat all the background. See my previous post for that. But I will say that it’s always interesting to hear the different questions asked and concerns raised by different presenters. And of course my responses differ in content and style to match the style of the program and the radio station.

Here’s the full seven-minute chat with drive presenter Justin Smith. At the end, we seem to have invented a new regular segment. And at least this time I pronounced Gemalto correctly.

Podcast: Play in new window | Download (7.0MB)

25 February 201510 March 2015

Talking SIM cards, spooks and hacks on The World Today

ABC logo On Friday, The Intercept published some astounding claims under the headline The Great SIM Heist: How spies stole the keys to the encryption castle. The story claims that Five Eyes spooks had achieved a major breakthrough in their ability to monitor mobile communications.

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden…

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

The company in question is Gemalto. With headquarters in Amsterdam, and 28 “personalisation facilities” around the world that burn the encryption keys into SIM cards, it has nearly 30% of the market — making it an obvious target for spooks.

The story started to filter through to the mainstream media on Monday in the US, or Tuesday Australian time, and I’ve already done two radio spots on the topic — and doubtless there’ll be more to come.

The first spot was an interview for ABC Radio, and parts of it ended up in this report on The World Today.

[The three Australian mobile network operators] Telstra, Vodafone and Optus have all confirmed that Gemalto has supplied their SIM cards. Sarah Sedghi reports.

This is the full five-minute report.

Podcast: Play in new window | Download (Duration: 4:59 — 2.3MB)