4G and CDMA

Saturday, August 13, 2011


4G and CDMA reportedly hacked at DEF CON

DEF CON banner

Share This Article k.ramesh

At the DEF CON 19 hacking conference, which took place between August 4 and 7, it seems that a full man-in-the-middle (MITM) attack was successfully launched against all 4G and CDMA transmissions in and around the venue, the Rio Hotel in Las Vegas. This MITM attack enabled hackers to gain permanent kernel-level root access in some Android and PC devices using a rootkit, and non-persistent user space access in others. In both cases, whoever launched this attack on CDMA and 4G devices was able to steal data and monitor conversations.
For now the only evidence that such an attack occurred is the report of Coderman on the Full Disclosure mailing list. Coderman seems to be a relative veteran of security and open source mailing lists, though, and he says he has attended six DEF CONs. If he’s telling the truth, then this attack would represent the first ever man-in-the-middle attacks on two networks that have so far proven to be unhackable. For the ailing and nigh-stillborn CDMA this isn’t such a huge issue — but if 4G has fallen, just as AT&T, Sprint, Verizon, and cellular companies around the world begin to plow huge dollars into its roll out, this could be a massive blow.
Coderman’s report suggests that, like Wi-Fi MITM, which regularly harasses surfers at DEF CONs and other hacker conventions, the attackers were able to inject custom packets into the 4G and CDMA data stream. These forged packets allowed the attackers to create on-screen prompts that, if clicked, installed a rootkit on the PC or Android device. If you’ve seen “fake AV” pop-ups while surfing the web, then that’s a good analogy for what this man-in-the-middle attack is capable of. Once the rootkit (or similar backdoor) is installed, it’s simply a matter of connecting to the exploited device via SSH. Coderman says the attackers could also monitor conversations, which suggests that not only can packets be injected, but they can also be sniffed and decoded in real-time.
Without more information from Coderman, another savvy DEF CON hacker, or from the hackers themselves, it’s hard to prove that this attack actually occurred. It’s still very early days, too — Coderman only posted his findings to the mailing list a few hours ago — but if we see some more activity on the mailing lists or a reaction from a cellular carrier with an interest in 4G, then we’ll be sure to update this story. It’s also worth pointing out that we don’t know which version of 4G has been hacked. HSDPA, WiMAX, and LTE all use different transport layers and security methods, and the repercussions will depend on which one has fallen.

Posted by K.RAMESH at 9:41 AM 0 comments

USB Power charge your laptop


USB Power Delivery: charge your laptop (or power a LCD monitor) via USB 2.0 and 3.0

  • By Ramesh on August 13, 2011 at 12:16 am
  • 11 Comments

USB logo

Share This Article by k.ramesh b.e

With a move that proves that the USB Implementers Forum is more than a little scared of Thunderbolt, a new specification for delivering up to 100 watts of power over USB 2.0 and 3.0 is being drawn up. A technical demonstration of the technology is expected towards the end of 2011 and the specification should be ratified and codified by the beginning of 2012. In other words, developers and OEMs will be able to get their hands on cheap, cheerful, and commoditized power-over-USB parts just as Apple’s exclusive distribution rights for Thunderboltdry up in spring 2012.
As you’re probably aware, you can already power/charge devices such as smartphones and tablets over USB, but because the current specification only allows for 5 volts @ 0.9 amps, the max power draw is only 4.5 watts; i.e. not much. This new specification, called USB Power Delivery, allows for voltage and ampage to be negotiated by the host and device up to a maximum of 100 watts, using existing cables and connectors. Thunderbolt, by comparison, carries a maximum of just 10 watts.
100 watts, in case you were wondering, is more than enough to power almost any kind of peripheral, including external displays, printers, hard drives, or even other computers. Before you boggle at the harebrained idea of charging a laptop with another laptop, however, get this: USB Power Delivery will be capable of operating in both directions. Yes, if OEMs allow it, this new specification could finally usher in a new age of standardized computer power connectors. You could also charge a laptop from your desktop, or perhaps power a ViDock-like eGPUOne USB cable to rule them all…
Of course the main problem is the size and strength of batteries in laptops and netbooks. Modern laptops like the MacBook Pro have batteries that are capable of providing around 80 watts for an hour, which equates to a few hours of up-time. Plug a 50-watt external LCD monitor into it, however, and you’ll be flat in under an hour. Having more amps on tap does mean that you’ll be able to quick-charge your smartphone, tablet, or Kindle from your laptop or desktop, though.
Ultimately, then, 100W-over-USB is likely to simplify cabling in much the same way as Thunderbolt, and perhaps provide a few innovative use cases along the way. There’s no reason that a computer couldn’t have both Thunderbolt and powered-USB sockets, too: USB for connecting to the grid and quick charging of peripherals, and Thunderbolt for hi-fi audiovisual gear and exorbitantly expensive add-ons like the Thunderbolt Display.
Read more about USB Power Delivery [PDF]

Posted by K.RAMESH at 9:13 AM 0 comments

Subscribe to: Comments (Atom)