Cellphone Vulnerabilities
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Cellphone Vulnerabilities as PDF for free.
More details
- Words: 1,380
- Pages: 7
Wireless technology is part of everything we use today. From our wireless internet in our computers, wireless remotes for our car locking mechanisms and, arguably the most popular, cell phone communications. The problem with all wireless technology, though, is its insecurity and its ability to be traced, hacked and interfered with. In previous papers, I have explored the insecurity and ease that comes with Bluetooth technology. Bluetooth, being equipped on almost every cell phone on the market today, is a security risk in and of itself. But what about cell phone technologies? Consider the following: President Elect Barack Obama had his cell phone records snooped through by employees of Verizon wireless (http://www.sciam.com/blog/60second-science/post.cfm?id=obamas-cell-phone-hacked-privacy-is-2008-1121). The most protected person in the United States, who is constantly covered by secret service agents with fully automatic weapons and rides in bomb proof cars, had his one vulnerability exploited without even knowing it. If those conversations had been to private parties, or the conversations recorded without his knowledge, significant amounts of damage could have been done. He will also have his Blackberry taken away once he takes office on January 20th. (http://www.economist.com/world/unitedstates/displaystory.cfm? story_id=12865117) For exactly these reasons, General Dynamics and C4 systems have created the first ever fully secured smart phone for use by government agencies and anyone who needs their communications to be guaranteed private and
unable to be listened in on by a third party. In the following paper, I will address the need for secure smart phones, how the Sectera Edge works, and some other products similar to the Sectera Edge, also developed by General Dynamics for secured communications. On March 6th , 2008, General Dynamics issued a press release about its newest product, the Sectera Edge smart phone. The Edge was developed in addition to the STU-III technology, a technology which allows for encryption enabled phones to send encrypted signals to other encryption enabled phones to allow for secured conversations. The STU-III technology standard is classified into four separate categories ranging 1 through 4, with 1 being to most popular and allowing for secured communications up to a Top Secret government security level. (http://www.tscm.com/STUIIIhandbook.html). STU-III works by utilizing the Electronic Key Management System, an encryption technique in which asymmetric cryptography is used, and uses what is called a KSD-64A or a key shaped piece of plastic with a Read Only Memory chip installed in it. This memory chip is assigned and programmed by the National Security Agency. The KSD-64A contains a CIK or Crypto Ignition Key which is similar to a digital password which allows for the key to be used within the STU-III device. This key is provided by the National Security Agency through the Electronic Key Management System, who also maintains a list of keys that may have been compromised. In general, the way that a device utilizing the STU-III technology works is by the operator
asking the other party to “go secure” at which time a button is pushed which transmits the device’s key to the other device. The keys are then compared to a “key revocation list” which the devices compare the age of to one another and exchange more updated lists if necessary (http://www.tscm.com/STUIIIhandbook.html). Once the keys have been verified and key revocation lists updated accordingly, the phones are in an encrypted mode which, as previously mentioned, has been approved by the Department of Defense up to a Top Secret clearance rating. The greatest asset to the STU-III technology is that it allows for the device to place both unsecured calls to other unsecured lines under the Plain Old Telephone System (POTS), and also that it allows for secured calls to be made as well. Because of this fact, STU-III systems can be used by any authorized government agency, with no special equipment is needed. (http://www.tscm.com/STUIIIhandbook.html). The only time this is untrue is if the device is used over Voice Over IP (VOIP) communications, in which the phone must be hooked up to a secured network, such as the military’s Secret Internet Protocol Routing Network (SIPRnet) (http://www2.hawaii.edu/~wes/ICS623/Reports/WYip.html). With this in mind, General Dynamics C4 Systems created the Sectera Edge, the first smart phone to be classified by the NSA as Top Secret voice enabled and Secret data enabled. The phone, in its most basic sense, is a Motorola phone with GSM (Global System for Mobile communications) technology built
into its architecture. Therefore, it is able to place unsecured calls over the GSM system in both the United States and any other country which allows access to the GSM system. It can also be used on any wireless carrier which utilizes GSM, specifically AT&T and T-Mobile in the United States, as well as Sprint which utilizes the CDMA (Code Division Multiple Access) system for cellular phones. The Edge is quite different than many other devices that came before it. As mentioned, it allows for both secured and unsecured conversations, and it is one of the first of its kind in that it is a wireless device which does not need to be connected in a wired fashion to utilize the encryption. It also is the first of its kind because instead of merely a cellular phone which allows for wireless communications, it is also a handheld computer, or Personal Digital Assistant (PDA), as well. The PDA is able to be connected to a computer terminal and maintain secured or unsecured information as well. The operations of this will be covered later in the paper. Though the Edge is touted as being similar to most other wireless phones, there is the difference in that it needs two separate phone numbers to operate. The first is the standard voice number that all cell phones are issued and is used for unsecured operations. The second, is “for secure encrypted phone calls using 9600 BPS asynchronous transparent circuit switched data service, with mobile originate (MO) and mobile terminate (MT)” (http://www.gdc4s.com/content/detail.cfm?item=97aef0a4-96e4-4ab2-
b33b-eb832c4bb4c2). To simplify this explanation a bit, secured conversations and data transfers that take place on the Sectera Edge are done so over the data portion of the cell phone, similar to accessing the internet over any wireless phone or viewing a secured internet page. The features of the Sectera Edge are plentiful, and make for a phone that any authorized government agency, as well as most civilians, would be more than happy to have. It is generally network neutral, so long as the cell phone provider is able to handle GSM or CDMA communications, two of the most popular in the United States. Unlike many other phones used on these common carriers, there is no need for it to have to be unlocked with special codes, instead it comes with a cross-vendor compatibility. Unlike other models that have been rated for secured wireless communications, such as the General Dyamics TalkSECURE, the Edge also has a PDA built into it, also containing the ability to store and view classified materials on it. The phone has two separate screens for exactly this reason: one being used for unsecured wireless technologies, utilizing Windows Mobile for an operating system and allowing for basic internet browsing, calendar operations and common smart phone usage, and the other being a black and white “trusted LCD display” (http://www.ruggedpcreview.com/3_handhelds_gd_sectera_edge.html) for secured messaging and viewing. The Edge also has a full 47 key QWERTY
key pad, similar to most other smart phones, allowing for full messages to be typed out with ease. Similar to the separate screens that the Edge has for the two different modes of data, it also has two separate USB ports for the same reason. This allows for USB transfers to different parts of the phone’s memory, specifically to a secured storage versus a regular storage chip. The phone also contains the Common Access Card (CAC) card reader slot for verification of identity, public key signing and to access secured government websites and portals. As can be seen, the Sectera Edge is one of a kind and one of the few solutions that can be used for a fully secured mobile work environment for authorized government employees and contractors. With its large number of features, secured communication and data transfer ability and a fully functional PDA built in, it is exactly what is needed for any government contractor. http://www.gdc4s.com/content/detail.cfm?item=82337f34-170b-4d11-8e5d83e7e5299918 http://www.reuters.com/article/pressRelease/idUS201411+06-Mar2008+PRN20080306 http://www.policeone.com/police-products/communications/secure/pressreleases/70138/ http://www.ruggedpcreview.com/3_handhelds_gd_sectera_edge.html
http://www2.hawaii.edu/~wes/ICS623/Reports/WYip.html http://www.tscm.com/STUIIIhandbook.html http://www.sciam.com/blog/60-second-science/post.cfm?id=obamas-cellphone-hacked-privacy-is-2008-11-21 http://www.economist.com/world/unitedstates/displaystory.cfm? story_id=12865117
unable to be listened in on by a third party. In the following paper, I will address the need for secure smart phones, how the Sectera Edge works, and some other products similar to the Sectera Edge, also developed by General Dynamics for secured communications. On March 6th , 2008, General Dynamics issued a press release about its newest product, the Sectera Edge smart phone. The Edge was developed in addition to the STU-III technology, a technology which allows for encryption enabled phones to send encrypted signals to other encryption enabled phones to allow for secured conversations. The STU-III technology standard is classified into four separate categories ranging 1 through 4, with 1 being to most popular and allowing for secured communications up to a Top Secret government security level. (http://www.tscm.com/STUIIIhandbook.html). STU-III works by utilizing the Electronic Key Management System, an encryption technique in which asymmetric cryptography is used, and uses what is called a KSD-64A or a key shaped piece of plastic with a Read Only Memory chip installed in it. This memory chip is assigned and programmed by the National Security Agency. The KSD-64A contains a CIK or Crypto Ignition Key which is similar to a digital password which allows for the key to be used within the STU-III device. This key is provided by the National Security Agency through the Electronic Key Management System, who also maintains a list of keys that may have been compromised. In general, the way that a device utilizing the STU-III technology works is by the operator
asking the other party to “go secure” at which time a button is pushed which transmits the device’s key to the other device. The keys are then compared to a “key revocation list” which the devices compare the age of to one another and exchange more updated lists if necessary (http://www.tscm.com/STUIIIhandbook.html). Once the keys have been verified and key revocation lists updated accordingly, the phones are in an encrypted mode which, as previously mentioned, has been approved by the Department of Defense up to a Top Secret clearance rating. The greatest asset to the STU-III technology is that it allows for the device to place both unsecured calls to other unsecured lines under the Plain Old Telephone System (POTS), and also that it allows for secured calls to be made as well. Because of this fact, STU-III systems can be used by any authorized government agency, with no special equipment is needed. (http://www.tscm.com/STUIIIhandbook.html). The only time this is untrue is if the device is used over Voice Over IP (VOIP) communications, in which the phone must be hooked up to a secured network, such as the military’s Secret Internet Protocol Routing Network (SIPRnet) (http://www2.hawaii.edu/~wes/ICS623/Reports/WYip.html). With this in mind, General Dynamics C4 Systems created the Sectera Edge, the first smart phone to be classified by the NSA as Top Secret voice enabled and Secret data enabled. The phone, in its most basic sense, is a Motorola phone with GSM (Global System for Mobile communications) technology built
into its architecture. Therefore, it is able to place unsecured calls over the GSM system in both the United States and any other country which allows access to the GSM system. It can also be used on any wireless carrier which utilizes GSM, specifically AT&T and T-Mobile in the United States, as well as Sprint which utilizes the CDMA (Code Division Multiple Access) system for cellular phones. The Edge is quite different than many other devices that came before it. As mentioned, it allows for both secured and unsecured conversations, and it is one of the first of its kind in that it is a wireless device which does not need to be connected in a wired fashion to utilize the encryption. It also is the first of its kind because instead of merely a cellular phone which allows for wireless communications, it is also a handheld computer, or Personal Digital Assistant (PDA), as well. The PDA is able to be connected to a computer terminal and maintain secured or unsecured information as well. The operations of this will be covered later in the paper. Though the Edge is touted as being similar to most other wireless phones, there is the difference in that it needs two separate phone numbers to operate. The first is the standard voice number that all cell phones are issued and is used for unsecured operations. The second, is “for secure encrypted phone calls using 9600 BPS asynchronous transparent circuit switched data service, with mobile originate (MO) and mobile terminate (MT)” (http://www.gdc4s.com/content/detail.cfm?item=97aef0a4-96e4-4ab2-
b33b-eb832c4bb4c2). To simplify this explanation a bit, secured conversations and data transfers that take place on the Sectera Edge are done so over the data portion of the cell phone, similar to accessing the internet over any wireless phone or viewing a secured internet page. The features of the Sectera Edge are plentiful, and make for a phone that any authorized government agency, as well as most civilians, would be more than happy to have. It is generally network neutral, so long as the cell phone provider is able to handle GSM or CDMA communications, two of the most popular in the United States. Unlike many other phones used on these common carriers, there is no need for it to have to be unlocked with special codes, instead it comes with a cross-vendor compatibility. Unlike other models that have been rated for secured wireless communications, such as the General Dyamics TalkSECURE, the Edge also has a PDA built into it, also containing the ability to store and view classified materials on it. The phone has two separate screens for exactly this reason: one being used for unsecured wireless technologies, utilizing Windows Mobile for an operating system and allowing for basic internet browsing, calendar operations and common smart phone usage, and the other being a black and white “trusted LCD display” (http://www.ruggedpcreview.com/3_handhelds_gd_sectera_edge.html) for secured messaging and viewing. The Edge also has a full 47 key QWERTY
key pad, similar to most other smart phones, allowing for full messages to be typed out with ease. Similar to the separate screens that the Edge has for the two different modes of data, it also has two separate USB ports for the same reason. This allows for USB transfers to different parts of the phone’s memory, specifically to a secured storage versus a regular storage chip. The phone also contains the Common Access Card (CAC) card reader slot for verification of identity, public key signing and to access secured government websites and portals. As can be seen, the Sectera Edge is one of a kind and one of the few solutions that can be used for a fully secured mobile work environment for authorized government employees and contractors. With its large number of features, secured communication and data transfer ability and a fully functional PDA built in, it is exactly what is needed for any government contractor. http://www.gdc4s.com/content/detail.cfm?item=82337f34-170b-4d11-8e5d83e7e5299918 http://www.reuters.com/article/pressRelease/idUS201411+06-Mar2008+PRN20080306 http://www.policeone.com/police-products/communications/secure/pressreleases/70138/ http://www.ruggedpcreview.com/3_handhelds_gd_sectera_edge.html
http://www2.hawaii.edu/~wes/ICS623/Reports/WYip.html http://www.tscm.com/STUIIIhandbook.html http://www.sciam.com/blog/60-second-science/post.cfm?id=obamas-cellphone-hacked-privacy-is-2008-11-21 http://www.economist.com/world/unitedstates/displaystory.cfm? story_id=12865117
Related Documents
Cellphone Vulnerabilities
June 2020 6
Cellphone
November 2019 12
Cellphone
June 2020 13
Iis Vulnerabilities
May 2020 12
Apache Vulnerabilities
May 2020 15