Friday, 26 July 2013

Mobile Phone SIM Cards Could Be Next Target for Hackers

According to reports from the BBC, a leading Internet security expert has warned of a security flaw he found that could expose millions of mobile phone users to hackers who could use the flaw to steal identities or intercept phone calls. Security Research Labs' Karsten Nohl claims to have found a way to discover SIM card digital keys by sending a text message to mobile phones.

Nohl told the BBC the security flaw is based in the old digital encryption standard (DES) of the 1970s. This form of encryption was once thought to be incredibly secure. As it turns out, it is not. It can be easily breached by anyone with a computer and a few minutes to kill.

In order to test the potential flaw, Nohl sent text messages to a group of phones. The messages were disguised as official communications from mobile phone carriers. While most phones would end the communication upon discovering an incorrect digital signature, some of them sent a response containing the SIM card's encrypted digital signature.

By decrypting that signature, a hacker can potentially access a mobile phone's SIM card as a means of intercepting calls or stealing data. The GSMA is taking the threat seriously, looking into the number of mobile phones that might potentially be affected.

Though neither Nohl nor the BBC disclosed what countries might be most affected, they did say mobile phone users in Africa are particularly vulnerable. It has been recommended that people with older phones be careful about using their devices to conduct online banking or other sensitive transactions.

Why It's a Problem

Like any potential hacking scenario, the security issues with mobile phone SIM cards could develop into a big problem if manufacturers and carriers do not do something about it. The problem is further exacerbated by the realisation that even 3G and 4G phones are vulnerable.

Any transaction linking a mobile phone to Internet networking could be accessed by hackers who manage to get hold of SIM card information. Online banking has already been mentioned as a potential problem, so let's use it as an example here.

A mobile phone used for online banking could be a target with the right SIM card. By simply sending a text message and waiting for the response, a hacker can have control of a phone in a matter of minutes. Without the phone’s owner ever knowing, a bank account can be accessed and drained rather easily.

Another concern is that hackers might take control of mobile phones and use them to send text messages to other phones, multiplying the problem like so many computer viruses and spyware programs. The potential is certainly there if Nohl's estimate of 500 million to 750 million affected phones is true.

According to the BBC, phone manufacturers and service providers should be on the case very quickly. They said to expect security fixes to start being available for download in the near future. At least that's good news.

Tuesday, 23 July 2013

Samsung Introduces New Ultra High-Capacity SSD

The annual Samsung SSD Global Summit exhibition is an opportunity for the company to showcase its brand-new solid-state disks (SSD) before a captive audience consisting of technology bloggers and members of the media. Samsung did not waste the opportunity this year, unveiling several new models including two new ultra high-capacity, high-speed disks.

This year's event was presented under the theme ‘SSD for everyone’. The point of the theme was to demonstrate how Samsung has moved beyond just producing high-capacity SSDs for enterprise deployment and into technologies that will be useful in consumer electronics such as smart phones and laptop computers.

The crown jewel of this year's exhibition was the 840 EVO SSD. This 1 TB disk is a consumer-oriented product aimed at entry-level applications for consumer electronics. It is a SATA-based disk. At the enterprise level, Samsung unveiled a 1.6 TB NVMe disk designated as the XS1715. Both products demonstrate an ongoing commitment to further developing the SSD market.

Already Samsung's contributions have clouded the future of the HDD sector. All signs point to the eventual phasing out the more antiquated hardware in favour of solid-state design. SSDs allow for more compact deployments, greater storage capacity, and certainly more speed. They are ideal for enterprise applications because they offer everything the heavy-duty user needs in a small package and with an affordable price tag.

The company's strategy for entering the consumer market involves making the 840 EVO available to electronics manufacturers later this summer. After assessing the success of that venture, the company will decide how to expand into other markets in the future. However, make no mistake about it; their market share will grow.

It should be no surprise that Samsung is leading the SSD industry, given the fact that they were the ones to first bring SATA SSDs to market. Their products are among the most popular for use in ultra-compact notebooks and enterprise servers. There's no reason to suspect that will change in the future.

Riding the New Technology Wave

Samsung high-capacity, high-speed SSD have arrived at the perfect time for almost every technology company in need of computer storage. In the world of IT, they are the ideal solution for an Internet that is increasingly more focused on automation and virtualisation. SSDs provide the speed and raw power with smaller space requirements and less energy consumption.

As new solid-state drives become more advanced, there's no doubt they will completely replace HDD technology at both the consumer and enterprise levels. The only question now is how long it will take. If Samsung's latest releases are any indication, it shouldn't be too much longer.

New data centres and server manufacturers would be foolish to sidestep this technology at this point in the game. There's really no longer a need to employ old storage paradigms when SSDs are so advanced. As for existing servers, it's only a matter of time before they're all switched over to high-capacity SSDs.

We can hardly wait for next year's Samsung SSD Global Summit...

Thursday, 18 July 2013

Introducing the Urine Fuel Cell!

In the Star Trek science fiction franchise, nothing on board a starship is wasted. That includes human waste. All waste is collected and reused for other purposes, including energy production. Now, thanks to some enterprising researchers at the University of West England, yet another Star Trek concept has been brought to life.

This new development comes by way of a fuel cell that can be used to operate or charge a mobile phone. What powers the cell? Urine. Yes indeed, researchers have found a way to take advantage of a rather plentiful waste product and turn it into usable electricity.

The process works by collecting urine and introducing special bacteria to it. These bacteria break down the chemical components of the urine in order to consume them. The process creates electrons that can then be stored in what is known as a microbial fuel cell (MFC).

Researchers recently showed off their fuel cell by using it to power a mobile phone. Although the first version of their invention is incapable of producing enough electricity to make it viable, they are confident that they can reproduce the effort on a much larger scale. Researchers envision the day when the fuel cells are installed in bathrooms to power mobile phones, electric razors, and so on.

Even more amazing is the fact that the fuel cells can be manufactured for about one pound apiece. If it turns out that they can be produced on a larger scale, the cost for commercial applications would be extremely attractive when compared to more expensive solar and wind options.

Another important point made by the researchers is the fact that humanity will have a reliable and unending supply of urine. And unlike wind and solar power, urine power is not unpredictable or subject to the whims of nature. As long as humanity exists, there will be a constant and steady supply.

Funny but Important

In the days and weeks to come there will plenty of jokes being made about the urine powered MFC. We'll laugh about the idea of using the bathroom to make a conference call, or company management asking employees to donate urine for a greater cause. But all jokes aside, this breakthrough may be more revolutionary than we can imagine right now.

The concept of recycling waste products for other purposes is something humanity has been working on for a while. And obviously, we've made great strides in developing useful technologies. However, in a world that is now driven by data and interconnectivity, electricity is becoming one of the most precious commodities on the planet. Being able to use waste products to generate electricity opens the door to untold potential.

All by itself, urine is unlikely to produce enough electricity to meet the demands of the digital age. But combined with current technologies and those yet to be developed, it's likely to be a major player in the decades to come. Perhaps our kids and grandkids will have to get used to taking a cup to the bathroom...

Monday, 15 July 2013

European Commission Raids Three ISPs

Early last week the European Commission carried out raids on three European Internet service providers (ISP) in what appears to be the early stages of an antitrust investigation. The Commission said the raids were carried out amid concerns that the three companies were abusing their market positions. Such abuse would be a violation of European law.

According to various sources, the three companies in question are Deutsche Telekom (Germany), Orange (France), and Telephonica (Spain). At the time of this writing only Deutsche Telekom and Orange had officially responded to news reports of the raids.

The German company defended its position by attesting to the fact that all previous efforts attempting to link them to violations of antitrust laws have failed. Apparently, the company has been the target of similar investigations by a number of regulatory agencies, all of which have turned up nothing. The company has never been charged.

Deutsche Telekom went further by placing the blame for any alleged violations on US-based companies. In the remarks, the company claimed the European ISP market is dominated by American interests, which, by default, would be responsible for any antitrust issues.

The official response from Orange included the fact that their company was cooperating fully with the investigation. Like their German counterpart, Orange officials denied any wrongdoing in the matter. The company claims that their compliance with French regulations ensures they are also in compliance with the European Commission's antitrust rules. It should be noted that in both cases the investigations are still ongoing.

It is also worth noting that the EC investigation has nothing to do with the local data centre, hosting company, or cloud-computing outfit. For now, it is confined strictly to ISP operations offering Internet access at both the residential and commercial levels.

What Happens Next

If the European Commission's investigation turns up nothing, the three companies will continue on their way doing business as usual. However, if investigators find enough evidence to bring charges, a costly and expensive legal battle could ensue. Unfortunately, the Commission hasn't identified what the potential abuses being investigated are, so there's no way to really tell how far this might go.

Even so, abusing one's market position in order to dominate a given market seems to be awfully difficult to prove to a court. The Internet is so interconnected on so many levels, how do you decide what constitutes market abuse and what constitutes good business?

Given that Deutsche Telekom has prevailed in all of their previous investigations, it would be no surprise if they prevailed here as well. It is quite likely that Orange and Telephonica would also be spared charges if Deutsche Telekom were cleared. Nevertheless, we'll have to wait and see what the investigations reveal. In the meantime, EC commissioner Neelie Kroes is still shooting for the 2015 implementation of a plan to create a single telecom market in Europe. One cannot help but wonder whether these raids have anything to do with that plan...

Thursday, 11 July 2013

Microsoft Issues Patch to Deal with 'Silly Code'

Back in May, Google engineer Travis Ormandy took the occasion of a blog post to point out a security flaw present in the Microsoft Windows 7 and Windows 8 operating systems. Microsoft's reputation for security problems insured Ormandy's post garnering little real media attention. However, the Washington-based software giant did take notice. Their latest patch for both operating systems closes the loophole pointed out by Ormandy.

The security flaw was one that allowed local users on either of the operating systems to increase their security privileges. For experienced computer users like Ormandy, this flaw is more of a blessing than a bug. By increasing security privileges, they are able to gain more access to their own systems with relative ease. However, such ease is dangerous in the hands of an inexperienced user.

Ormandy's critics, while agreeing with his assessment of the security flaw, claim he should have gone directly to Microsoft and allowed them to fix the hole without going public. In failing to do so, he opened the door for hackers who previously were not aware of the issue. Indeed, it seems some hackers have done just that.

In his own defence, Ormandy claims Microsoft can be hostile against researchers to the point of making it very uncomfortable to report vulnerabilities. Ormandy has even gone so far as to advise other researchers to deal with Microsoft using pseudonyms or as anonymous entities.  In his blog post, he said he did not have time to deal with ‘silly Microsoft code’ relating to the security flaw he found.

It Pays to Be Dominant

Microsoft's inability to design and build secure operating systems with a minimum of vulnerabilities opens them up to these types of embarrassing situations. Furthermore, it seems rather strange to have outside researchers being the main force in pointing out software vulnerabilities. This type of scenario is one of the reasons Microsoft-based cloud computing has been slow to catch on. Companies just don't feel secure.

Nonetheless, Microsoft continues to move ahead unchanged simply because they can. Their OS dominates the market without question; competing operating systems do not even come close. Moreover, because everything from IT services to major manufacturers to local entrepreneurs depends on Windows, there is no real incentive to make drastic changes.

In support of Microsoft, it would have been better for Ormandy had he dealt with them directly. It doesn't help Internet users or those running the Windows OS one bit to publicly air Microsoft's dirty laundry in a blog post. It could have even been potentially dangerous from an IT perspective.

If there is any good news here then it's the fact that Google has assured the IT community that Ormandy's actions were done on his own time. The company says he does not engage in vulnerability research within his role as a Google engineer, indicating he does not have a Google endorsement to do what he did. That is probably no comfort to Microsoft.