iPhone Vulnerable to Web Hacking

Its about time. Security researchers at Baltimore based ISE have announced that the iPhone could be turned into a mobile spammer if the user visits a specially crafted web page. Details will not be released until the Blackhat Conference on August 2nd in Las Vegas.

"You could have a million iPhones dialing the company's main line and overwhelm it that way," Miller said.

In addition, hijacked iPhones could be used to send spam by cell-phone text message, which computers generally can't. Any personal data on the phones, such as private phone numbers and text messages, would be accessible as well.

The flaw applies not only to the iPhone, which was launched just three weeks ago, but also to Apple computers running Mac OS and the company's Safari Web browser, a version of which comes with the iPhone. It does not affect Safari running on Microsoft Corp.'s Windows systems.

Link

Cisco Wireless ARP Storm Vulnerabilities

DOS possible in latest released details for Cisco Wireless LAN Controllers. Workarounds and updates available.

The WLC contains vulnerabilities in the processing of unicast ARP traffic where a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group...
If the client sends a unicast ARP request with a destination MAC address that has not been learned by the Layer-2 infrastructure, that request will be flooded to all ports in the Layer-2 domain after egressing the WLC. This allows the second WLC to reprocess the ARP request and incorrectly reforward this packet back into the network...
If the arpunicast feature has been enabled on the WLC, the WLC will re-forward broadcast ARP packets targeting the IP address of a known client context. This creates an ARP storm if more than one WLC is installed on the corresponding VLAN...
In a Layer-3 (L3) roaming scenario, a wireless client moves from one controller to another where the wireless LAN interfaces configured on different controllers are on different IP subnets. In this scenario, a unicast ARP may not tunneled back to the anchor controller, but may instead be sent by the foreign controller out to a local VLAN...

Link

Senator Calls for Higher Encryption Standards for No Swipe Cards

Senator Schumer from New York held a press conference today calling for higher encryption standards for new no swipe credit cards being introduced. I'm relieved to see that some of our elected officials are technically informed and looking out for the consumer.

No-swipe credit cards that use radio waves to relay their data put consumers at increased risk of identity theft, Sen. Charles Schumer said Sunday.

"These cards may be convenient, but they're a double-edged sword," said Schumer, D-N.Y.

Tens of millions of no-swipe credit cards have been issued in the past year.

Link

Macbook Wireless Exploit

Proof of concept now available for Apple Airport Drivers via the new Metasploit module we listed below. Apple's security tower is crumbling now that more people are paying attention to it.

The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution.

Previously Apple, followed by others, had denied that Maynor and Ellch were actually able to crack a stock Macbook without third party peripherals. The proof is now in the Metasploit.

Link, Metasploit Module (via Kernel Fun)

RFID in Identity Cards Vote Delayed

Delayed but not dead yet. I'm glad my passport doesn't expire for another 5 years, maybe by then there won't be as many vulnerabilities in RFID as there are now.

"The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on using RFID in government-mandated identity cards and documents (PDF link). But this met with some consternation among the DHS bureaus that plan to use RFID in this way and the businesses eager to sell the technology to the government, and now a vote on the report has been delayed until December."

Link

WiFi to be Integrated into Metasploit

For all of those interested in security (blackhats or whitehats), Metasploit is adding a wifi module to its software. The module is based off of Johnny Cache Lorcon tool.

Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits.

Because the framework provides an easy-to-use interface for connecting vulnerabilities to actual payloads, this Metasploit gives users an avenue to target the most sensitive part of the operating system.

Moore told eWEEK he is collaborating with Ellch on an actual 802.11 exploit. The plan is to use Ellch's LORCON (Loss of Radio Connectivity) hacking tool to send exploits at Wi-Fi bugs that are haunting widely used devices and computers.

Link

RFID Security Lapse in Credit Cards

Classic case of technology outpacing security. Luckily RFID scanners aren't nearly as widespread as WiFi yet.

A report released today by a team of scientists in the RFID Consortium for Security and Privacy (RFID-CUSP) reveals lapses in the security and privacy features of several types of currently deployed RFID credit cards. The report (of which I am a co-author) highlights two basic vulnerabilities in the cards under study:

1. Names in the clear: The RFID credit cards transmit bearer names promiscuously. Any device capable of scanning a card can learn the name imprinted on it—with or without the owner’s consent.

2. Payment fraud: In varying degrees, the RFID credit cards are vulnerable to an attack called “skimming.” An attacker with an RFID reader can harvest information from a card, create an inexpensive clone device, and make charges against the legitimate card. (Alternatively, an attacker may be able to perform online transactions with harvested credit-card information.) Skimming requires minimal technical expertise and expense.

Link