UW Computer Security Research and Course Blog

Summary

Parental controls on television sets (or on the Internet, or mobile phones, etc.) allow parents to restrict the media to which their children have access to an age-appropriate level. Parental controls allow parents to restrict access to television based on a variety of different factors, including rating, the content that produced the rating (e.g., violence, language, nudity, etc.), and occasionally even the time that the shows are on (no movies after 11:00PM, kids). Of course, sometimes cartoons can get a little raunchy while still technically meeting none of the filter criteria, so parents can also block shows individually.

(Read on …)

Summary

Parking meters are a common access control system used by thousands of people every day. There are many types of meters but for this assignment I will conduct a security review on a specific one. The meters I will discuss are located in the U-District and make use of tickets that driver’s must place on their car window. The tickets display an expiration date and time in addition to a barcode that can be scanned to ensure validity. They also have some extra markings of which I assume are there to make counterfeiting more difficult.

The system is designed to control the amount of cars that can park in a given zone, usually densely populated areas. Each driver that parks in a designated spot must retrieve a ticket from a nearby electronic parking meter. At the meter the driver electronically enters the desired time he/she wishes to reside in the parking spot (usually with a maximum of two hours) and then pays using a combination of coins, bills, and credit/debit cards. Once payment is confirmed, the machine prints out a ticket which the driver then places on the inside of his car window.

Of course, all this is useless without means of enforcing proper use of the system. In order to do this, a specially designated police force, or meter maids, patrol parking meter zones and periodically check meter tickets for validity. If a car is found with an expired ticket, invalid ticket, or with no ticket at all, the meter maid takes down the make, model, and license plate number of the vehicle and issues the owner of the vehicle a fine.

Assets and Security Goals

·         The parking spaces themselves are assets. The entity who owns the spaces would like to ensure that no one is illegally utilizing their property.

·         Potential earnings from those parking in the spaces are another asset. The owner of the space would like to generate as much revenue as possible from the drivers using their service. This includes preventing freeloaders from taking spaces that potential paying customers would have otherwise taken.

Adversaries and Threats

·         Drivers who park in metered spaces are potential adversaries. If they find ways to cheat the system are not only utilizing the actual property for free, but they are robbing the owner of potential revenue.

·         Random vandals are also potential adversaries. Vandals might deface, damage, or destroy parking meters around the city.

Potential Weaknesses

·         Insufficient amount of law enforcement officers to enforce correct usage. If there are not enough cops, then people will abuse the system more often.

·         Possibility of counterfeiting meter tickets. It might be possible for clever individuals to counterfeit the meter tickets and get by without ever paying for parking.

Potential Defenses

·         The obvious way to curb the potential weakness of too little law enforcement is to simply task more law enforcement officers to the job. There are, however, other ways to enforce the parking zones. For instance, automated sensors placed around the parking area could tell how long a particular car has been parked there. Through wireless transmission, the sensors could report back to the main meter machine, which could photograph license plates of illegally parked vehicles.

·         In order to stop people from counterfeiting tickets, you simply need to make the tickets very difficult to replicate. This is currently done in two ways. One, the tickets have various designs that would be fairly difficult to copy, and two, there is a barcode on each ticket that somehow conveys to the meter maids whether or not the ticket is valid.

Risk Evaluation

Weighing the potential weaknesses against the potential defenses gives one the idea that parking meters are relatively insecure. It would not be incredibly difficult for an adversary to take free space from the parking spot owner, and in turn rob them from potential revenue.

It seems to me the biggest weakness is the fact that there simply aren’t enough law enforcement officers tasked to the meters to make the threat of a ticket very intimidating. Considering this fact, if one were to do a moderately good job of counterfeiting tickets, even if they had invalid barcodes, they would probably be able to at least break even in terms of money saved on parking vs. amount paid in parking tickets. Law enforcement officers would likely see the ticket and move on.

Conclusion

Even though it is fairly obvious that parking meters would be relatively easy to cheat, I wouldn’t recommend drastically changing the system any time soon. The truth is, the city makes more money from the parking tickets people receive trying to cheat the system lazily, than they would by actually having those individuals go ahead and pay for the parking in the first place. This is a clear cut situation where both sides can benefit from the perceived lack of security.

Summary

Biometrics is an authentication mechanism that relies on identification or verification based on unique physiological characteristics.  Biometric devices employ fingerprint recognition, hand geometry, retina scanning, and other methods to identify or verify a person based on stored biometric information.  Biometric devices are becoming more prolific and are now standard on many laptops and computers.

(Read on …)

Summary:

At the UW IMA, members are allowed to checkout locker bins for a quarter where they may store their gym apparel. By checking out a bin, members are given a lock to use for the bin. The records of who has what bin and lock are kept in a binder, and the entries are recorded in pencil. In order to register for a bin, individuals must show a gym membership, and for students and staff, that would be their Husky IDs with a current registration sticker. Also, you must fill out a form with your student number, name, e-mail address, phone number, and I believe your resident address. All of this information is kept behind an open counter in the respective locker rooms.

Assets:

• Gym members would undoubtedly like to keep their information private. Information such as addresses can be very sensitive pieces of information and if compromised can open doors to countless scams and other criminal activity.
• The IMA takes measures to reduce theft in the locker rooms, and so safeguarding the lock combinations for individuals is an important measure. Once a thief has a combination, it would be very easy to gain access to the bin with the valuables.
• The bins themselves are assets to the IMA since there are only a limited number of them. Checking out bins and locks to non-members could cause harm to their services due to handling more customers than needed.

Potential Adversaries/Threats:

• The IMA employees who have access to the records. Employees have the easiest access to the records, and they also have the benefit of being in the locker rooms after hours when no people are present. This combination of circumstances would seem to give employees the best opportunity to be able to steal information or valuables.
• Individuals who are not members of the IMA. Obviously, the IMA would like to keep out individuals who are not subscribed and paying the quarterly fees so they do not interfere with their business operations by slowing down operations, making equipment sparse, and sucking up their budget in general.
• Individuals who are members of the IMA. Members of the IMA could have motives to steal from bins in the locker rooms just as much as employees. Albeit it might be more risky for these individuals, they still pose as threats as employees do.

Weaknesses:

• Records are kept behind an open counter in a binder or filing cabinet. If the records were left unattended for a short duration of time, they could be easily accessed just by opening a drawer or binder.
• The records for relating persons to bins/locks are written in pencil. Once these records are accessed, they could be easily and quickly modified (and most likely without a trace).

Potential Defenses:

• A plastic or glass window could be installed where the counter is for registering a bin much like you see at movie theater box offices. This would prevent an individual from simply hopping the counter and being in the employee restricted area.
• The records could be computerized. This way, they could be safeguarded by logging into the system. Also, it could be rigged to trace who logs in and when, so use of the records could be traced.

Risks and other issues:

Considering the assets listed above, I would say the private information and the bin/lock information of the members is the item at most risk. This is due to the ease of access to the records behind the open counter. As a secondary result of gathering this information, an individual could then open a bin easily because they would have the lock combination. Thus, stealing the valuables inside the bins would be at less risk than the previous asset since they would either need to successfully steal the combination first or break into the bin using force. Next, considering the threats and adversaries, I believe the employees have the least risk of being found out due to the reasons stated above. Members would have the second smallest risk from the list since they at least have access to the locker room, whereas non-members ideally do not. Finally, of the weaknesses above, I believe the first one listed is the easiest and least risky to pull off. This is due to the fact that modifying the records implies that you have gained access to them already.

I would say it is not likely the current system would evolve unless crime became a more common occurrence. Change requires effort, and the reality is, generally people do not like to put in effort unless it is needed. Also, as long as the system works (crime is not a concern) then why change? I think these are the main motivators which could cause change, so as long as the system maintains as it has, I do not see any foreseeable change.

By exploiting any of these vulnerabilities above, I would say such an act is definitely unethical. Exploiting these vulnerabilities is analogous to stealing, and as a society, we have agreed that stealing is wrong and should be punished. I do not believe this requires anymore explanation.

Conclusion:

Although there is not terribly sensitive information kept in the IMA locker records, it is still information that should be kept safer than it is. Many members of the gym keep their backpacks locked up temporarily when they use the facility. What do backpacks contain? Our livelihood as students; our books, music players, phones, laptops, homework, etc. If any of these were to be stolen due to laziness to keep our information safe, it would harm us significantly.

I do not see many individuals or groups who would try to access the IMA’s locker records for our personal information, however. The most sensitive private information they keep is perhaps our addresses and phone number. Perhaps a spammer might want these, or another advertising agent, but parsing large amounts of addresses and numbers from a hard copy source is not efficient. Thus, since the payoff is most likely small, it would seem unlikely that this would happen. It might be more likely that a crazed ex-friend would look up your information for their malicious intents.

Surveillance cameras, or closed circuit television, is the technology I am evaluating. For example, you generally see these camera at a bank, gas stations, malls, and etc. They are different than broadcast television because the signal is not openly transmitted, although some systems might communicate through wireless links.
Some assets that the surveillance cameras are protecting are people safety, confidential informations, and any other valuables. With the surveillance cameras in place. If people get attack in the view of the surveillance cameras, the event will be recorded so that the adversaries can be punished. For confidential informations and other valuables, the goal for the surveillance camera is to prevent information from being stolen without gaining any information about the adversaries to catch them. In addition to this goal, just having the camera in place will make the adversaries think twice before doing anything illegal. (Read on …)

Piracy has long been a prominent issue in the software industry. Software developers and publishers earn their livelihood selling their programs, but since the products they create are digital in nature, they can often easily (and illegally) be copied and redistributed with minimal effort. This problem applies to all digital media, but one interesting case study in computer security specifically pertains to the PC videogame industry. In response to the rampant PC game software piracy on the internet and in foreign countries, many developers have opted to place security mechanisms in their software or on the game discs themselves in an attempt to thwart would-be pirates. These security features are often effective, but can have unintended consequences which end up hurting legitimate customers. In this review, I examine the set of anti-piracy mechanisms on PC games and single out a few examples when necessary. (Read on …)

Buses are vital for college students looking to get out of the university district and explore the greater Seattle area. The King County Metro transit service is partially funded by local and federal government but depends on riders’ tolls to break even. Fares are either collected when the rider boards a bus if the route is inter-city or heading toward downtown, while routes heading out from downtown collect fares when the passenger disembark. Fares can be in one of four forms, with a fifth (RFID) currently being developed. (Read on …)

My review was on safety deposit boxes based on my experience using them. I was surprised at how stunningly insecure they are (although there may be additional controls I did not know about that banks implement), and am further surprised by the fact that the system is still largely operational. Beyond that, I was surprised at how interesting something as mundane as a safety deposit box could turn out to be.

(Read on …)

For my security review, I have chosen to cover the anti-theft devices that are commonly used at retail clothing stores, which I believe are called “ink tags”.  I am basing this information from personal experience (I briefly worked for a clothing store a while back) and also from this entry on wikipedia: http://en.wikipedia.org/wiki/Retail_loss_prevention.

Summary: 

Ink tags are used very commonly at clothing stores in an attempt to prevent theft.  It’s a somewhat sizable piece of beige-colored plastic that’s pinned onto every single article of clothing at the store.  The removal of this plastic is relatively hard to do so with force.  And, more specifically, if it’s not taken off with the provided special device (which the stores stock), the glass vials inside the tags break and spill ink onto the clothing, presumably ruining it.

Assets/Security Goals:

• The obvious assets are the clothes that the stores stock.  They want to prevent people from taking it without paying money since their businesses rely on this.
• The ability for shoppers to shop effectively and safely.  This is more subtle, but the stores need to ensure that, for example, the tags wouldn’t falsely trigger and spill ink onto valuable customers.

Potential Adversaries/Threats:

• A typical shoplifter.  The thief could still just take the clothing and wear it with the tag still on there, or, if it was later taken off incorrectly, with the ink stains.  Wikipedia also describes a method in which people try to cover the holes the ink spills out from with duct tape, thereby reducing or eliminating the amount of ink that spills onto the clothing.
• An employee or ex-employee.  An employee with access to the device could take the tag off safely and steal the piece of clothing.

Weaknesses:

• Though the mechanism will likely deter potential thief’s from otherwise stealing, it does very little (perhaps even absolutely nothing) to prevent them from actually taking the merchandise.  However, the motives to want to do such thing seems illogical (steal clothing but not wear it, or, wear clothing with an ink tag still on or with ink stains).
• As I already mentioned, the ink can perhaps be blocked from spilling onto the clothing by covering up the holes.

Potential Defenses:

• In a way, the defense is that the affected clothing will be of no use to the thief.  Also, stores should pair this device with other security measures like sensors that sound an alarm or security cameras.
• Make the holes small enough and plentiful enough so that they cannot be seen, making it impossible to block the ink.  This is apparently already being implemented in the newer (?) devices.

Risk Analysis:

To begin, I would say that the monetary value of the asset is relatively small.  The costs of producing and shipping for most clothing is cheap.  And since we’re dealing with just clothes, there’s no confidential data or the like that we’re losing (the clothes aren’t exclusively designed to be unique products to exist as one, but instead designed once and then massively reproduced cheaply).  The probabilities of the threats and vulnerabilities seem low as well.  Given the state of our society’s  ethics and enforced laws, most people wouldn’t even consider shoplifting.  and the small percentage of people that would will be deterred from doing so since, from their perspective, the likeliness of successfully benefiting from stealing to the risks are bad.  I would say the only exception is maybe for the employees who would have an easier time removing the ink tags.  This is why I believe other security measures should also be in place like having security cameras.

Conclusions:

More recently, the retail industry’s goal has been not necessarily to prosecute thief’s but instead to simply prevent it from happening in the first place.  This is due to many companies being sued for falsely accusing people of theft (as an example, I heard of a story about how one employee ran after a thought-to-be thief and tackled them to the ground).  I believe that the retail industry has successfully been able to do this with the use of ink tags (along with other devices) by making the potential reward for the thief very small as compared to the risks involved.

This post documents an actual vulnerability exploit I recently witnessed. Details have been changed to protect the stupid.

I happened to be loafing around on IRC yesterday, when an unusual opportunity to observe some pointless cybercrime in action presented itself. One user on a channel I occasionally visit brought the channel’s attention to the website of a state government agency. Because this blog is open to the public and this post concerns a currently extant vulnerability in a public website, I will not identify the particular agency, but I will say that it is an Internet crime database for an entire state, including information about missing children, parole and probation supervision, and a sex offender registry. (Read on …)