« August 2006 | Main | January 2007 »

December 2006 Archives

December 15, 2006

Some security notes

Just a few assorted security items of interest.

I've heard about this before, but here's an article about how the FBI reportedly can remotely turn on the mic of someone's cell phone in order to listen to their conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. ... Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

And if you wanted more news of security holes companies are building into their products, it seems there is a new system called the Nike+iPod SportKit, where your Nike shoes transmit data to your iPod in order to track your running progress. While this sounds neat at first, Computer Science researchers at the University of Washington itemized several of the security problems with the device.

As noted in Wired:

The first problem is that the RFID in the shoe sensor contains its own on-board power source, essentially turning your running shoe into a small radio station capable of being received from up to 60 feet away, with a signal powerful enough to be picked up from a passing car.

This hole could easily be exploited. One scenario is a stalker or company wanting to track the movements of a target:

Molnar also speculated about how easy it would be for a company to build their own tiny readers and deploy them in a large environment, selling the data stream to those who would track spouses or teens, or collect information about how many people wearing Nikes visit malls or movie theaters. "Given that there are no laws about skimming data in California right now, it would be perfectly legal to do it there," he said.

What to do? Well, companies are starting to market products to help protect people from the security holes in other companies' products. As an example, DFIRwear makes RFID-blocking wallets and passport holders.

Wait---there are RFID chips in passports now? Yes.

Travel safely and securely this Yule season.

Technorati Tags: ,

Posted on December 15, 2006 11:30 PM |

You might also find these related links of interest:


About December 2006

This page contains all entries posted to Kendall Giles in December 2006. They are listed from oldest to newest.

August 2006 is the previous archive.

January 2007 is the next archive.

Many more can be found on the main index page or by looking through the archives.