Professional Documents
Culture Documents
Page |1
The Industry Im selecting is cellphones. Phreaking is a large problem with Cell Phones in this day and age. Home phones are a thing of the past. Now the only phones at risk of getting phreaked are cellphones, business phones and Internet Phones. The primary target for the cellphone and cryptography business would be the manufactures, designers, Chief Information Officers, employees and shareholders as well as stakeholders such as customers . The primary cellphone providers I will focus on are Sprint, Apple and Verizon and AT&T.
Sprint Sprint offers Smartphones, Basic phones and IPhones. Phones with the Android operating systems have been the target of hacking and viruses. Sprints newest offering for the holiday season is the LG Viper which runs the Android 4.0 Ice Cream sandwich operating system. Sprint offers twenty-three Smartphones the most notable other ones being iPhone 5, LG Optimus G and HTC EVO 4G LTE. They offer seven basic phones: LG Rumor Reflex, Samsung M400, LG Remarq, Samsung Array, LG Rumor Touch, Kyocera DuraCore and Kyocera DuraXT. Apple Apple has three iPhones still in circulation. The iPhone 4, iPhone 4 S and their newest offering iPhone 5.
Verizon Verizon offers twenty-three Smartphones. They are most known for their Droid phones. The newest notable phone they offer is the Window Phone 8X by HTC. They have several phones that use the Android operating system. The two most notable are the Samsung Galaxy S III and the Samsung Galaxy Note II.
AT&T
AT&T offers 47 smart phones. They are most known for carrying the iPhones. The two most notable phones that they carry that have the android operating system is the Samsung Galaxy Note II and the HTC One X+. Three more notable phones are the LG Optimus G, HTC TITAN II and the Samsung Galaxy S III
Page |2
Feasible Attacks
The words phone and freak combine to coin the term phreak to describe a phone hacker. The phreak tries to break into your telephone network with the intention of listening to your conversations or making costly calls at your expense. In other words, phreaking is a VoIP security threat to internet phone network as well as to conventional phones and can do lots of damage to you ("Phreaking - VoIP," ) The crime of phreaking goes back to the time of traditional phone lines which were the original victims of this criminal activity. Those who provide phone services such as Sprint Verizon, Apple and AT&T to customers have gotten more intelligent and tightened the security around their communication networks which have made phreaking more difficult and sometimes impossible. However, VoIP telephone technology which has become common and provides opportunities to the phreakers to get into them and do their nefarious work. The reason is that VoIP works on internet and is vulnerable to the same security threats that internet is prone to. ("Phreaking - VoIP,") If your Internet phone service has a security loophole, a phreaker can not only make calls at your expense but also can spy on you and learn about your personal financial information if it is given out while you use your phone. This could result in identity theft and other malicious acts. If you use a VoIP service for your business, a phreaking intrusion can result in your business secrets being passed to your competitors. ("Phreaking - VoIP,") Being aware of feasible attacks is important. My dad is a disabled Army vet he always says that the military never releases information on a tool or weapon unless there is something better already developed for their use. On September 28th of this year the military made their application for Android smartphones PlaceRaider public knowledge. Place Raider is malware developed by the military that uses the cameras on android phones to take pictures of a persons surroundings. From there the pictures can be retrieved and formed into a 3D model for the malwares operator to use. If this App were to fall in the wrong hands it could mean havoc for Android phone users. The power of modern smartphones is one of the technological wonders of our age. These devices carry a suite of sensors capable of monitoring the environment in detail, powerful data processors and the ability to transmit and receive information at high rates. (The physics arXiv, 20012) Robert Templeman at the Naval Surface Warfare Center in Crane, Indiana and some of his connections at Indiana University released info about PlaceRaider which allows the theft of virtual objects such as financial information, data on computer screens and other identityrelated information. PlaceRaider if it were to fall into the wrong hands could be a virtual menace.
Page |3
It doesnt always take the technical skills of a cell phone phreak such as Lucky255 to access your phone account and accompanying personal information. There is websites that educate black-hat (bad hackers) and white-hat (good hackers) such as http://infinityexists.com/ There are also automated pre-packaged tools for compromising current smartphone platforms are readily available One such automated pre-packaged tool for compromising current compatible smartphones is FlexiSPY. Sadly there is also a growing market for products advertised by companies for lawful monitoring of cell phone activity. One syllogism I found about smartphones while doing my research is: Smartphones are vulnerable; Vulnerabilities are exploited; Smartphones will be exploited.
Page |4
Good Passwords
A good password is needed anytime you use the internet. More importantly a good password is needed when you use encryption. The RSA Security manual has 6 guidelines for making a password. They are: 1. Use at least 10 characters 2. Mix in uppercase and lowercase letters, numbers ,spaces ,punctuation , and other symbols. 3. Avoid using a character more than twice. 4. Avoid using actual words. 5. Avoid using personal information, such as the name of a spouse, child, parent, or friend, or your phone number, Social Security number, license plate number, or birthday. 6. Do not write it down. Instead, memorize it. (University, 2011)
Page |5
Key Recovery
It is possible to set up a scheme to restore keys that someone loses by forgetting a password or losing a token. There are also signing keys if these are lost its not a problem. existing signatures are still valid because only the public key is needed to verify. (University, 2011) When using new signatures you generate a new key pair and distribute the new public key. Because of this it is important that participants have separate signing and key exchange keys.
Page |6
Page |7
References
Sprint phones . (n.d.). Retrieved from http://shop.sprint.com/mysprint/shop/phone_wall.jsp?INTCID=AB:Shop:C:Phones:All Apple store shop iphone. (n.d.). Retrieved from http://store.apple.com/us/browse/home/shop_iphone Verizon wireless smartphones. (n.d.). Retrieved from http://www.verizonwireless.com/b2c/store/controller?item=phoneFirst&action=viewPhoneOv erviewByDevice&deviceCategoryId=1 Shop wireless devices smart phones. (n.d.). Retrieved from http://www.att.com/shop/wireless/devices/smartphones.html he physics arXiv, B. (20012, September 28). Placeraider: the military smartphone malware designed to steal your life. Retrieved from http://www.technologyreview.com/view/429394/placeraider-the-military-smartphonemalware-designed-to-steal-your-life/ Phreaking - VoIP security threat. (n.d.). Retrieved from http://www.smart-voipsolution.com/phreakthreat.html/ Schiffman, N. (2008, December 12). When smartphones attack. Retrieved from http://www.networkworld.com/community/node/36328 Phonecrypt. (2008). Retrieved from http://www.securstar.com/products_phonecrypt.php Decryption, E. (2012). Digital encyption standard. Retrieved from http://www.encryptionanddecryption.com/algorithms/digital_encryption_standard.html University, D. (2011). Cryptography and security mechanisms. (p. 73). McGraw-Hill Companies. University, D. (2011). Cryptography and security mechanisms. (pp. 93-94). McGraw-Hill Companies. University, D. (2011). Cryptography and security mechanisms. (p. 173). McGraw-Hill Companies. University, D. (2011). Cryptography and security mechanisms. (pp. 295-296). McGraw-Hill Companies. University, D. (2011). Cryptography and security mechanisms. (p. 300). McGraw-Hill Companies.