Caught on the Web

Luca Ballore’s blog

- Font Size +

Archive for the ‘ Security ’ Category

Try to imagine a couple of situations: during an examination someone cheated using a smartphone while you have been rejected,  or you simply want to film a police action during a demonstration. A new patent granted to Apple a few days ago could prevent this by blocking your iPhone remotely. In the patent war that involves the company based in Cupertino in the first line are indented, sometimes quietly, even some permissions that drawing a future not very reassuring in terms of personal freedom.

Continue reading “Apple and a modern 1984” »

Security hacker Charlie Miller has found a code-signing flaw that allows trusted apps to run malicious code. Something that could put the App Store approval system under treath. Here’s the video that shows an impressive demonstration of  the security hole.

Continue reading “Serious security bug on iOS discovered” »

FBINew documents confirm the FBI’s project to extend the federal surveillance laws. The Electronic Frontier Foundation ( EFF ) has received some documents that was waiting for the past two years, when filed a request according to the Freedom of Information Act ( FOIA ) .

On topic, the FBI requests to modernize the techniques of interception to the new media: the documents testify new details of the plan of the bureau called “Going Dark”, created to expand the existing legislation and develop a new monitoring framework. Appeared in the budget for 2010, which with the FBI received 233.9 million dollars, plus other 9 million in congressional budget request, the Bureau is working on it under track since 2006.

The New York Times has also linked the program to a plan to extend federal regulations about surveillance like the Communications Assistance to Law Enforcement Act ( CALEA ).

The initiative of the Bureau is directed to overcoming the difficulties that the authorities are having with their usual interception techniques, inappropriate if compared to the evolution of new technologies. And in particular to get a chance to watch “email, social networking sites and peer-to-peer”

The documents allow to bring out some aspects of the program, starting with the name, which does not refer to any specific capacity, but concerns that the lack of appropriate techniques for new technologies, resources and specific trainings is slowly bringing the FBI to be “unaware” of any evidence of crime.

As evidence of this, the spokesman of the bureau mentioned a biennial survey on a cocaine smuggling failed because the provider was not able to carry out the interception, and a case of child abuse in which neither the social network or ISP were able to intercept the alleged offender.
In general we speak about the FBI’s effort to acquire innovative technologies “in an attempt to bridge the gap between the legal requirements for the interceptions and our abilities.”

Continue reading “FBI, a backdoor for wiretapping online?” »

During my studies and my work experience, I have always had a keen interest in mobile messaging, that (sometimes) annoying “beep beep” that often forces us to abandon our occupations or conversations just to see who is looking for us on our mobile device.
By now, SMS business is by far one of the most profitable services in the world of communications (4 billion euros per year, just for italian operators), but the short messages services are not just an economic phenomenon. Indeed. In 18 years of life, SMS have surely changed our habits: confidences are shared via text message, betrayals are discovered, people broke up with partners (it happened to the former tennis player Boris Becker and his wife Sandy: she had sent five consecutive farewell messages, just to be sure). A Malaysian court has even recently ruled that a SMS can be considered as an official announcement of divorce.

During my research, my goal was to find a way (or more than one) to alter the context of a SMS, or to create an SMS with a potentially compromising content and to prove how that can be easy to do.

NOTE: The following informations are only for educational purposes and a misuse can be ILLEGAL. The author disclaims any responsibility for what anyone might do or not do based on something read herein. For more info, please read my legal disclaimer.

I worked with two NOKIA phones (5800 XpressMusic and 6600), based on different versions of Symbian OS.

Continue reading “SMS spoofing, too easy?” »