_xv33 has quit [Read error: Connection reset by peer]
ArturSha1 has joined #neo900
<Oksana>
Is this kind of attack relevant for N900 or Neo900? https://iss.oy.ne.ro/Shattered <-- "chip-in-the-middle" scenario
Kabouik has quit [Ping timeout: 240 seconds]
<sn0wmonster>
iirc it's why Apple stopped using the headphone jack
<sn0wmonster>
(in addition to the added ability to make money closing the connectivity off to only their own wireless products at will)
<sn0wmonster>
might be wrong about that though, haven't looked it up in a while
<tramtrist>
people still mad about that?
<Oksana>
Nay, not headphone jack.
<Oksana>
Rather, a malicious chip inside display assembly. Two different attacks are described.
<Oksana>
One: touches being mis-reported, aka touch-screen getting a mind of its own, instead of reporting finger-touches properly.
<Oksana>
Two: buffer overflow allowing malicious code to gain control over more of the phone's hardware.
<Oksana>
While manufacturer may check the assembly before adding it into phone... After the phone is shipped to customer, customer may easily find display shattered, and replace it, with whatever spare part is available.
<tramtrist>
ha
chomwitt has quit [Ping timeout: 255 seconds]
_cris has quit [Changing host]
_cris has joined #neo900
err0r3o3_ has joined #neo900
Pali has joined #neo900
err0r3o3_ has quit [Client Quit]
err0r3o3_ has joined #neo900
Pali has quit [Remote host closed the connection]
<Joerg-Neo900>
Oksana: such attacks are always possible, they can place a eavesdropping devuce into your underwear. However such attack is very sophisticated for absolutely no obvious benefit from additional complexity
<tramtrist>
haha
<Joerg-Neo900>
but simulating touch events is particularly tricky on Neo900 since the digitizer is passive
<Joerg-Neo900>
the software attacks are what you get from poorly written software. Luckily on Neo900 there won't be any software you couldn't audit, unless you deliberately decide to install it
jonsger has joined #neo900
<Joerg-Neo900>
fake touchscreen events also gives inspiration to thoughts about device lock code concepts. Obviously using a PIN on a fixed shape numeric keypad is completely wrong approach, the stories from fictional movies are legion how to trick those from thermal scan, vidoe of you entering it, fingerprints or other stains on HID and so on. probably a combination of "shake the device" gesture and tapping certain randomly *moving* targets on lockscreen is
<Joerg-Neo900>
the way to go
<Joerg-Neo900>
reCapchas are close but suffer a weakness form limited number of predefined riddle images on embedded
<Joerg-Neo900>
when you make a keypad from 'flying numbers', you even can use PIN entry and it's relatively safe
deafboy has quit [Ping timeout: 246 seconds]
<sixwheeledbeast>
when you say flying numbers I assume you mean numbers that are in different positions each time you hit a PIN entry screen?
<Joerg-Neo900>
yes
<Joerg-Neo900>
though it would be even better they moved during entry too
Kabouik has joined #neo900
<Joerg-Neo900>
point-in-time input events are *very* hard to replay later on, no matter what channel you use for spying, as long as spies don't have the actual visual feedback nor the original movie sequence
<Joerg-Neo900>
think of a whhel of fortune type display and you simply shake device slightly when your next digit is "in the slot". Add to that a slight random jitter of the spinning speed of wheel
deafboy has joined #neo900
illwieckz has joined #neo900
<Joerg-Neo900>
you don't want same display for digits on a keypad even when you use one time random (static) digit positions in the pad. Since from brightness modulations it's still easy to determine which digit your finger pressed, no matter at which position it was, when somebody would for example take a video of you entering the code
<sn0wmonster>
> they can place a eavesdropping devuce into your underwear
<sn0wmonster>
lol
<Joerg-Neo900>
your finger prssing a bright 8 on black background looks different from your finger pressing a ".", even when somebody only watches the light reflections in your face
<Joerg-Neo900>
back in times of CRT TVs it was even possible to recover the actual display content aka picture from just watching the brightness / shine of the TV on your curtains
<Joerg-Neo900>
the method been based on the idea that a CRT only 'draws' one pixel at a time
<Joerg-Neo900>
so by simply pointing a very basic brightness sensor at your curtains, attacker can recover the (CVBS) Video signal instantly, with cheap hardware
<Joerg-Neo900>
a good lockscreen would be for example a video of a ice hockey game where you touch then players with the right tricot number to imput your pin
<Joerg-Neo900>
only downside: attacker might find dame vidoe and then exploit that info to determine where and when you touched
<Joerg-Neo900>
s/dame/same/
<Joerg-Neo900>
so maybe rather make that a socker video game that has sufficient random in it to be completely safe from replay/prediction
illwieckz has quit [Ping timeout: 240 seconds]
<Joerg-Neo900>
another probably safe concept: use a dial lock like on a steel vault. When lockscreen opens that dial is in a random postition, you use Vol+/- keys to spin it into correct position for first number. Then e.g press cam trigger or gipe devide t tap, to enter first number and make dial spin randomly again to a new random posution. Enter 2nd and 3rd number same way
<Joerg-Neo900>
s/gipe/give/
<Joerg-Neo900>
ohm my, "give device a tap"*
<Joerg-Neo900>
of yourse you also could spin the dial with whatever gesture on touchscreen, as long as it's sufficiently "analog", in that dial spin has acceleration etc
* Joerg-Neo900
needs more coffee, can't type
<Joerg-Neo900>
actually the date&time input dialog on maemo's welcome screen is an excellent PIN entry method, however clumsy it is for the originally intended purpose. That clumsiness makes it ideal for PIN entry
<Joerg-Neo900>
;-))
<Joerg-Neo900>
what could be less suspicious than that notorious Date&Time entry dialog? ;->
<sixwheeledbeast>
This is type of thing is used in the higher end of access control system. A button is pressed to light a decimal 7 seg grid of buttons randomly generated. Obviously the code is the same per user but the pattern is different each time.
illwieckz has joined #neo900
<Joerg-Neo900>
and would even suggest itself to dynamic PIN: set day of month to "$today - 6" (with wrap around to previous month, set the rest to the year and month of a date you can remember. Set hour and minute to a PIN you picked randomly
<sixwheeledbeast>
It's used for higher end but pretty secure by design. Especially in combination with a POTD (pin of the day) for example.
<Joerg-Neo900>
yes, any sort of POTD is a good part of secure AUTH, ideally algorithmically derived from other environmental data like time of day, Date, or some data displayed on the HID
<sixwheeledbeast>
Low to medium risk is mostly prox now (RFID), this provides quick access but easily cloned. A pin is still preferred for higher security even over bio-metrics which have there issues.
<Joerg-Neo900>
biometric is shite, never *really* works
<Joerg-Neo900>
too easy to fake, easily gets confiused and then has false negatives too
<sixwheeledbeast>
yep, it's used mainly in clocking systems to avoid double clocking but it's rarely used for security. 10 years ago the industry said it was the future :rollseyes:
<Joerg-Neo900>
stuff like fingerprint sensors or face / voice / iris recognition is really only for low security convenience stuff
<Joerg-Neo900>
all way too fragile and way too simple to fake
<sixwheeledbeast>
All been replaced with prox tags as the hardware is more stable.
<Joerg-Neo900>
:mod: but easily lost
<Joerg-Neo900>
or stoledn, or even cloned
<sixwheeledbeast>
and copied
* Joerg-Neo900
runs for coffee, while mumbling excuses for terrible typing
<sixwheeledbeast>
:nod: but again it low to medium risk. Security is relative to risk due to costs.
<Joerg-Neo900>
yes, obviously
<Joerg-Neo900>
that's why I said for Neo900 such hidden rogue chip atacks are highly improbable since they cost way too much for a result you can achieve more cheap and easy
<Joerg-Neo900>
it's like running away from a lion - you're fast enough when you're faster than the slowest person of the group
<Joerg-Neo900>
;-)
<Joerg-Neo900>
you hardly can be faster than the lion
<Joerg-Neo900>
Neo900 concept somewhat resembles lizards: when under attack you could drop a fake bait to stop and distract the attacker from attacking you
illwieckz has quit [Ping timeout: 255 seconds]
<Joerg-Neo900>
for that you need to detect an attack, to start with. It's not like we try to harden like a turtle so atacks would never hurt us. Since that's probably futile given the capabilities of the attacker
<Joerg-Neo900>
see wpwrak's talk quote: "...and you decide to turn right instead and head to the supermarket, buying stuff and then return home"
<Joerg-Neo900>
so for lockscreen I strongly suggest to not reject unlocking device when wrong PIN got enetered, but instead unlock a fake device with fake bogus data booty for the spy
<sn0wmonster>
deterministic VMs
<sn0wmonster>
lol
<sn0wmonster>
that was one thing i liked about Truecrypt/Veracrypt, and continue to like about BIP39 bitcoin wallets
<sn0wmonster>
you enter password1 and get a different fully functional wallet than if you enter password2
<Joerg-Neo900>
yeah, the plausible deniability
<sn0wmonster>
ultimate deniability
<sn0wmonster>
^
chainsawbike has quit [Ping timeout: 248 seconds]
<Joerg-Neo900>
folks, I only try to provide the hw and the concepts, you need to do the implementation :-)
chainsawbike has joined #neo900
<Joerg-Neo900>
which makes a lot of sense, in a context of security. You shouldn't trust anything software you didn't build yourself. For the hw you're free to check the schematics against the actual physical PCB
illwieckz has joined #neo900
jonsger has quit [Ping timeout: 248 seconds]
<Joerg-Neo900>
((unlock a fake device)) that's also a good way to make the attacker keep the device active, to allow complete erasure of the protected content in background
<sixwheeledbeast>
Bit difficult to do that type of thing with physical electronic security... lol
<Joerg-Neo900>
similar rationale applies when the average junkie steals your device. Fake power-off so you can still track
* sixwheeledbeast
imagines a "go straight to jail don't pass go" door opening
<Joerg-Neo900>
hm?
<sn0wmonster>
Monopoly
<Joerg-Neo900>
fake system for plausible deniability is not a hardware thing
<Joerg-Neo900>
it's also not forbidden afaik
<Joerg-Neo900>
of course the real tough TLA guys will not even *try* to unlock your device the usual way. They go to disassemble and forensically analyze it right away
<Joerg-Neo900>
again a question of cost/expense vs benefit ratio
illwieckz has quit [Ping timeout: 246 seconds]
<Joerg-Neo900>
when you don't agree on US customs copying the complete content of your smartphone, any low level plausible deniability solution totally suffices to stop them from getting your contacts and chats
<Joerg-Neo900>
the room cleaner attack used to install a tracker software to your device into the fake system will also miss it's aim
Kabouik has quit [Ping timeout: 255 seconds]
<Joerg-Neo900>
you can either try to harden/lock your device to forbid the rogue neighbor to install such tracker, until finally you lose the daily battle one day and they install the tracker nevertheless. Or you *allow* then to succeed instaling tracker right away, just not to your real system but to a fake system where it is 'in quarantine' and you instantly get to know about the failed attack
Kabouik has joined #neo900
<sn0wmonster>
which is why #OPSEC is not always about protecting against, but counter-surveillance and honeypots
<sn0wmonster>
key point being isolation
<Joerg-Neo900>
yep
illwieckz has joined #neo900
<Joerg-Neo900>
on hw level that's why we isolate the considered-rogue modem and tightly monitor it for any unusual behavior
<Joerg-Neo900>
no auditing of modem radio stack firmware could actually win the protection battle for all times
jkepler has joined #neo900
<Joerg-Neo900>
we also make sure you can't enter flashing mode on system boot time (like on N900) unless you have removed batery lid. So no rogue charger port at airport or pub could compromise your device by reflashing it without you even noticing
<Joerg-Neo900>
reflasjing or simply using rescueOS to read out whatever the attacker is interested in
<Joerg-Neo900>
for the paranoid users there's a trace to cut, to completely disallow flashing mode unless xloader allows it, which is a thing user may vontrol via software (e.g. by asking for PIN to allow flashing)