Are you over 18 and want to see adult content?
More Annotations
A complete backup of www.www.kinky.nl
Are you over 18 and want to see adult content?
A complete backup of www.blackmonsterterror.com
Are you over 18 and want to see adult content?
A complete backup of www.www.quartier-rouge.be
Are you over 18 and want to see adult content?
A complete backup of celebfanforum.com
Are you over 18 and want to see adult content?
A complete backup of perfectgirls.net
Are you over 18 and want to see adult content?
A complete backup of www.kaufmich.com
Are you over 18 and want to see adult content?
A complete backup of www.redlights.be
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of valbonneyoga.com
Are you over 18 and want to see adult content?
A complete backup of alliedstoneinc.com
Are you over 18 and want to see adult content?
A complete backup of statehousereport.com
Are you over 18 and want to see adult content?
A complete backup of cheapcial20mg.com
Are you over 18 and want to see adult content?
A complete backup of infonortedigital.com
Are you over 18 and want to see adult content?
A complete backup of periodistas-es.com
Are you over 18 and want to see adult content?
A complete backup of fashionvalet.com
Are you over 18 and want to see adult content?
Text
use
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection.A DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
THE HACKABILITY OF ORGANIZATIONS CAN BE MEASURED AND The Hackability of organizations can be measured and compared. As security researchers and consultants, we often get asked, ‘How does the security of my organization compare to others?’. In this blog post, we introduce a metric to help answer this question: The Hackability Score. Based on the Hackability Score we deep-dive intothe security
NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
PAYMENT TERMINALS ALLOW FOR REMOTE PIN CAPTURE AND CARD Payment terminals allow for remote PIN capture and card cloning. Plastic cards are an increasingly popular means of payment all over the world. Payment credentials come in different flavors ranging from credit cards of globally operating brands (Visa, Mastercard, AmEx), to national payment schemes (i.e., German EC cards) and store-issued gift BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702 BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’recognized’using’several’idenPfiers’ 4 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ BREAKING GSM PHONE PRIVACY Industry responds to GSM cracker by creating a new challenge the GSM call has to be identified and recorded from the radio interface. we strongly suspect the team developing the intercept approach has underestimated its practical complexity. SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their LEGIC PRIME RFID CARDS RELY ON OBSCURITY AND CONSEQUENTLY Motivation. The Legic Prime system uses proprietary RFIDs for access control to buildings throughout Europe including critical infrastructure such as military installations, governmental departments, power plants, and airports. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their LEGIC PRIME RFID CARDS RELY ON OBSCURITY AND CONSEQUENTLY Motivation. The Legic Prime system uses proprietary RFIDs for access control to buildings throughout Europe including critical infrastructure such as military installations, governmental departments, power plants, and airports. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry aboutA DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. MOBILE NETWORKS DIFFER WIDELY IN SECURITY, NONE PROTECT The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks. PAYMENT TERMINALS ALLOW FOR REMOTE PIN CAPTURE AND CARD Payment terminals allow for remote PIN capture and card cloning. Plastic cards are an increasingly popular means of payment all over the world. Payment credentials come in different flavors ranging from credit cards of globally operating brands (Visa, Mastercard, AmEx), to national payment schemes (i.e., German EC cards) and store-issued giftGLOBAL DEEP SCANS
SRLabs Template v12 Corporate Design 2016 Global Deep Scans – Measuring vulnerability levels across organizations, industries, and countries Fabian Bräunlein LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702 BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’recognized’using’several’idenPfiers’ 4 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their LEGIC PRIME RFID CARDS RELY ON OBSCURITY AND CONSEQUENTLY Motivation. The Legic Prime system uses proprietary RFIDs for access control to buildings throughout Europe including critical infrastructure such as military installations, governmental departments, power plants, and airports. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY Incorrectly patched ZyXEL vulnerability becomes zero-day again. New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their LEGIC PRIME RFID CARDS RELY ON OBSCURITY AND CONSEQUENTLY Motivation. The Legic Prime system uses proprietary RFIDs for access control to buildings throughout Europe including critical infrastructure such as military installations, governmental departments, power plants, and airports. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry aboutA DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
MOBILE NETWORKS DIFFER WIDELY IN SECURITY, NONE PROTECT The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks. PAYMENT TERMINALS ALLOW FOR REMOTE PIN CAPTURE AND CARD Payment terminals allow for remote PIN capture and card cloning. Plastic cards are an increasingly popular means of payment all over the world. Payment credentials come in different flavors ranging from credit cards of globally operating brands (Visa, Mastercard, AmEx), to national payment schemes (i.e., German EC cards) and store-issued giftGLOBAL DEEP SCANS
SRLabs Template v12 Corporate Design 2016 Global Deep Scans – Measuring vulnerability levels across organizations, industries, and countries Fabian Bräunlein LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702 BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’recognized’using’several’idenPfiers’ 4 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
A DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables THE HACKABILITY OF ORGANIZATIONS CAN BE MEASURED AND The Hackability of organizations can be measured and compared. As security researchers and consultants, we often get asked, ‘How does the security of my organization compare to others?’. In this blog post, we introduce a metric to help answer this question: The Hackability Score. Based on the Hackability Score we deep-dive intothe security
MOBILE NETWORKS DIFFER WIDELY IN SECURITY, NONE PROTECT The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks. THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702SIMSEC INFO PAGE
Simsec Info Page. Simsec -- SIM card security. About Simsec. English (USA) To see the collection of prior postings to the list, visit the Simsec Archives . Using Simsec. To post a message to all the list members, send email to simsec@lists.srlabs.de . You can subscribe to the list, or change your existing subscription, in the sections below. BREAKING GSM PHONE PRIVACY Industry responds to GSM cracker by creating a new challenge the GSM call has to be identified and recorded from the radio interface. we strongly suspect the team developing the intercept approach has underestimated its practical complexity. SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROLSECURITY ACCESS CONTROL PROCEDURESSECURITY ACCESS CONTROL SYSTEMS Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROLSECURITY ACCESS CONTROL PROCEDURESSECURITY ACCESS CONTROL SYSTEMS Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
A DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables THE HACKABILITY OF ORGANIZATIONS CAN BE MEASURED AND The Hackability of organizations can be measured and compared. As security researchers and consultants, we often get asked, ‘How does the security of my organization compare to others?’. In this blog post, we introduce a metric to help answer this question: The Hackability Score. Based on the Hackability Score we deep-dive intothe security
MOBILE NETWORKS DIFFER WIDELY IN SECURITY, NONE PROTECT The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks. THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702SIMSEC INFO PAGE
Simsec Info Page. Simsec -- SIM card security. About Simsec. English (USA) To see the collection of prior postings to the list, visit the Simsec Archives . Using Simsec. To post a message to all the list members, send email to simsec@lists.srlabs.de . You can subscribe to the list, or change your existing subscription, in the sections below. BREAKING GSM PHONE PRIVACY Industry responds to GSM cracker by creating a new challenge the GSM call has to be identified and recorded from the radio interface. we strongly suspect the team developing the intercept approach has underestimated its practical complexity. SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROLSECURITY ACCESS CONTROL PROCEDURESSECURITY ACCESS CONTROL SYSTEMS Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
SECURITY RESEARCH LABSBITESTHE ANDROID PATCH ECOSYSTEMRFID TOOLBOXSIMTESTERSMART SPIES Security Research Labs is a Berlin-based hacking research collective and consulting think tank. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. PROJECTS - SRLABS OPEN SOURCE PROJECTS Android application for Android security patch analysis and detecting mobile abuse: Network insecurities, evidence of IMSI catcher, SIM card attacks, and SS7 abuse. SRLabs Gobuster is a tool used to brute-force and perform web tests based on OJ Reeves @TheColonial Gobuster. Enhanced False Positives detection. SIM CARDS ARE PRONE TO REMOTE HACKING SIM cards are prone to remote hacking. SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. With over seven billion cards in activeuse
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables SMART SPIES: ALEXA AND GOOGLE HOME EXPOSE USERS TO VISHING Smart speakers from Amazon and Google offer simple access to information through voice commands. T he capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING New RCS technology exposes most mobile users to hacking. In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. NEW SIM ATTACKS DE-MYSTIFIED, PROTECTION TOOLS NOW New SIM attacks de-mystified, protection tools now available. SIM cards are at the heart of mobile network security. Vulnerabilities including the 2013 remote applet installation hack and the recent ‘Simjacker’ vulnerability put millions of users at risk. We wanted to understand the extent to which users need to worry about LEGACY BOOKING SYSTEMS DISCLOSE TRAVELERS’ PRIVATE Travel bookings worldwide are maintained in a handful of systems. The three largest Global Distributed Systems (GDS) Amadeus, Sabre, and Travelport administer more than 90% of flight reservations as well as numerous hotel, car, and other travel bookings. Today’s GDSs go back to the 70s and 80s, built around mainframe computers and leased lines. ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROLSECURITY ACCESS CONTROL PROCEDURESSECURITY ACCESS CONTROL SYSTEMS Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
A DECADE OF HACKING
Luca Melette. Currently, Vincent is working on Autobahn, a new security software and the brainchild of Luca, who notes: “The name Autobahn is actually rather cryptic. At the time of the research, it was just a codename, something that didn’t reveal what it is, but would serve as a mnemonic.”. Luca is leading one of the SRLabs teamsin Berlin.
USB PERIPHERALS CAN TURN AGAINST THEIR USERS USB peripherals can turn against their users. USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect overthe
DECRYPTING GSM PHONE CALLS Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables THE HACKABILITY OF ORGANIZATIONS CAN BE MEASURED AND The Hackability of organizations can be measured and compared. As security researchers and consultants, we often get asked, ‘How does the security of my organization compare to others?’. In this blog post, we introduce a metric to help answer this question: The Hackability Score. Based on the Hackability Score we deep-dive intothe security
MOBILE NETWORKS DIFFER WIDELY IN SECURITY, NONE PROTECT The base technology of most cell phone networks in the world – GSM – has been known to be weak for years. Consequently, standardization bodies and equipment manufacturers have invented and implemented security features to protect cell phone users from simple attacks. THE CLOUD EXPOSES YOUR PRIVATE IP CAMERAS The security of IP camera cloud services mainly relies on obfuscation through proprietary protocols. Large numbers of cloud-exposed devices in private networks will certainly capture the interest of bot herders, exposing users to privacy intrusions, and intrusions of their private networks; and exposing the internet to large-scale DDoSattacks.
ESTABLISHING SECURITY BEST PRACTICES IN ACCESS CONTROL Access Control Best Practices 4/29 A controller, sometimes also called “door controller”, is placed inside the protected area and is connected to one or more readers or trans-ceivers and one or moredoors.
BADUSB’—’ON’ACCESSORIES’THATTURN’EVIL’ USB’devices’are’iden[fied’’ 5 USBdevices Connectors$+hubs$ Host Root hub Examples USB’thumb’drive’ 8’–Mass’Storage’ AA627090820000000702SIMSEC INFO PAGE
Simsec Info Page. Simsec -- SIM card security. About Simsec. English (USA) To see the collection of prior postings to the list, visit the Simsec Archives . Using Simsec. To post a message to all the list members, send email to simsec@lists.srlabs.de . You can subscribe to the list, or change your existing subscription, in the sections below. BREAKING GSM PHONE PRIVACY Industry responds to GSM cracker by creating a new challenge the GSM call has to be identified and recorded from the radio interface. we strongly suspect the team developing the intercept approach has underestimated its practical complexity.Skip to content
* Bites
* Projects
* Lab
* Careers
SECURITY RESEARCH LABS SRLABS IS AN IT SECURITY CONSULTANCY STRIVING FOR IMPACT THROUGH CUTTING EDGE RESEARCH, HIGH-IMPACT CONSULTING PROJECTS AND INNOVATIVESAAS SOFTWARE
Consulting Services__ Hacking Research__ Security Software__ Security Research LabsBites
12.05.2021
INCORRECTLY PATCHED ZYXEL VULNERABILITY BECOMES ZERO-DAY AGAIN New vulnerabilities and attack vectors emerge almost daily. The less time between the active exploitation by hackers and the detection through defense teams, the higher the chance that attacks can be fended off. While SRLabs conducts research on both vulnerabilities (e.g., reverse engineering, black box testing) and exploitations (e.g., honeypots, more… “Incorrectly patched ZyXEL vulnerability becomes zero-day again”11.08.2020
A DECADE OF HACKING – MEET THE PEOPLE BEHIND SRLABS It almost seems like eons ago when we were just some geeks having fun solving tech puzzles. We were discovering flaws in systems that we used every day. From this research, we soon realized it would be a bigger benefit for everybody if we started actually sharing our knowledge and help get more… “A decade of hacking – meet the people behind SRLabs”22.04.2020
THE ANDROID PATCH ECOSYSTEM – STILL FRAGMENTED, BUT IMPROVING Since 2018, SRLabs has refined Android patch analysis through the app SnoopSnitch . Recent SnoopSnitch data paints an improved picture of the Android ecosystem over what we saw in 2018 . All major vendors appear to apply patches more regularly, and some of the vendors implement security updates exceptionally fast. more… “The Android patch ecosystem – Still fragmented, but improving”29.11.2019
NEW RCS TECHNOLOGY EXPOSES MOST MOBILE USERS TO HACKING In the second half of 2019, Google and a group of mobile operators started implementing a new communication technology, Rich Communication Services (RCS) . RCS is poised to replace calling and text messaging for billions of people. It also introduces new messaging possibilities to make native text messaging be more more… “New RCS technology exposes most mobile users to hacking” MORE BITES no more bitesBites
Projects
SNOOPSNITCH
DETECT MOBILE NETWORKS ABUSE ON YOUR ANDROID PHONE.GSMMAP
CHECK PROTECTION CAPABILITIES OF NETWORKS WORLD-WIDE.SIMTESTER
FIND SECURITY FLAWS IN SIM CARDS.BADUSB
COLLECT THREAT INFORMATION ABOUT REPROGRAMMABLE USB PERIPHERALS.RFID TOOLBOX
SHOW ISSUES IN OUTDATED ACCESS AND PAYMENT CARDS.YOUR PROJECT
JOIN OUR GROWING RESEARCH TEAM.Projects
Lab
SECURITY RESEARCH LABS IS A BERLIN-BASED HACKING RESEARCH COLLECTIVE AND CONSULTING THINK TANK. We are seeking to drive security evolution, combining insights from research, industry, and the hacker community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. Our goal is to fix issues before consumers are put at risk; or publicly discuss flaws in systems where this did not happen. Our lab is an open collective of like-minded thinkers. If you are interested in our projects, collaborating or proposing a project of your own, please feel free to get in touch.Lab
legal notice
SECURITY RESEARCH LABS GMBHBrunnenstrasse 181
10119 Berlin — Germany Registration. HRB 128449 District court. Berlin-Charlottenburg EU-VAT. DE 815 218 931 Managing director: Karsten NohlDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0