UW Computer Security Research and Course Blog

Big Hollywood parties have big time guest lists, so it’s no wonder that many people want to be there.  These include both (mostly) benign fans and some people of the less benign variety.  Hence, security at these events is a big deal.  In 2000, the event’s security made national headlines when the oscar statues were stolen by a shipping company employee.  More recently, Scott Weiss has been trying to crash all variety of big Hollywood parties, including the Grammy’s, the Golden Globes, and the Oscars, producing a documentary on the topic.

Assets and Security Goals:

• The safety of attendees.  The guest lists of these events contains lots of famous names that could be the target of attacks  on their personal safety.
• The timeliness of the event.  These events are usually televised live, with lots of advertising revenue depending on the event showing on time.  Failing to do so would cause significant losses to many parties involved.
• The exclusivity of the event.  Failing to prevent the general public form obtaining access to the even would dilute the exclusivity and mysticism of the even, making the event feel less important overall

Potential Adversaries:

• Personal enemies.  The guests are often famous, meaning they’ve made a name for themselves, generally meaning they’ve also made a few enemies, who may want to harm them.
• Paparazzi.  These pseudo journalists will do anything to capture or make a story about some celebrity, often at the epense of that person’s reputation and possibly safety.
• Overzealous fans.  These fans can go overboard in their attempts to meet the Hollywood star in question, possibly causing safety issues for that person.

Weaknesses:

• Given the large guest lists generally include many lesser-known celebrities and their entourage, security personnel generally don’t know everyone on the guest list, so it’s possible to impersonate one of these people given the right fake credentials.
• While electronic keycards are common, there is quite often an entrance without the capability to verify these that’s used by service personnel, making the system trivial to bypass.
• As always, the human element applies, in that if a person acts like they belong at the event, no one tends to question that fact, once they’re inside.  Moreover, Weiss has found that security personnel will often back down from asking question is you claim to be in a hurry, not wanting to make themselves a target of the guests anger.

Potential Defenses:

• The electronic keycard system could be expanded to be at every entrance, making passes much more difficult to duplicate.
• Better training and protection from retribution for security personnel could help prevent the specific human weaknesses exploited by Weiss and company.

In conclusion, while the parties are generally secure from a large scale perspective, becoming totally secure for such a large even will be extremely difficult and possibly be at the cost of usability of the system.  The celebrities generally don’t want to be bothered with security, so the system will likely have backdoors built in to allow them easy access in, which could make any of these upgrades moot anyways.

Most people renting an apartment use a common drop-box to pay the rent. Most often this is located in an easily accessible common are like the mailboxes or near the manager’s office. The setup to be discussed here is a box with a key lock. The box has a flap that opens with just enough room to slip in a folded check but, presumable, not enough to reach in.

Assets/Security Goals

• The money in the checks
• The personal information and signatures on the checks

Adversaries

• Non residents interested in stealing money or identity
• Residents interested in the same
• Residents interested in forcing neighbors into late fees or the like

Weaknesses

• The checks are left in the box often for days. This means there is a significant amount of time during which the box can be compromised without anyone noticing.
• Common areas are accessible not only by residents, but quite easily by non-residents: guests, or strangers who follow a resident through the main door.
• The key lock is often a very weak lock which is easily picked or broken.
• The box itself is often cheap a flimsy or is fastened together with regular screws. Using a screw driver in the easiest case, or to the extreme a crow bar or brute force.

Potential Defenses/Conclusion
There are several solutions which could alleviate to a large extent these security risks. An overriding weakness of these solutions is that they are relatively expensive compared to the cheap cost of existing drop boxes and the biggest stake holders (the residents paying rent) are not in charge of choosing the solution (the building managers). Nevertheless, I will discuss some possible solutions. There are two basic levels of the solution. Limiting access to the box: general complex security measures like double door entrances, keys on more doors before getting to the drop-box area and the like, as well as only leaving checks out for a shorter period of time (perhaps collecting several times a day during payment periods. Making the drop box more secure: stronger boxes and locks would prevent access to the checks. Moreover, other methods such as direct delivery (in person) to the managers would eliminate most of these vulnerabilities. These solutions either compromise convenience (for example delivering directly to manager means that more coordination is required) or money (for example more expensive boxes or locks).

The apartment complex I live in is comprised of a garage and multiple residential floors. The access points into the building are through the elevator, garage, and a street access door. All three use RFID keycards to restrict the access to only residents. The elevators are activated with the keycard. Once activated a floor button can be pushed and the elevator functions normally. The keycard is also used open the garage gate and outside doors. Once inside a resident would have to use the elevator to reach his or her apartment floor.
(Read on …)

One of the interesting topics brought up by Microsoft Research India during their Change talk last week was that of mobile banking in the developing world. Managing and distributing money can be a tricky proposition in the developing world – often, people end up entrusting their money to drivers to transfer around the city or country.

Mobile banking through cell phones has proven to be an extremely cost-effective way to avoid these kinds of headaches. Through both downloadable software and text message interfaces, it is possible to efficiently transfer and manage money without the existence of local branches to handle the transaction, with minimal fees and far less obvious physical risk. However, this method has resulted in its own set of idiosyncrasies that would not likely exist with similar systems elsewhere.

Afraid of doing something wrong, many people in these developing areas are reluctant to actually carry out their own banking. Thus, a whole class of middlemen have arisen specifically for mobile banking. People will bring their mobile phones into these middlemen’s stores and tell the store owners what they want done, and the middlemen will then go do it for them. This interesting use case leads to quite a few security implications.

Assets and Security Goals

• Customers’ money is of course important. The reasons should be fairly obvious – we of course want to protect it from being stolen.
• Customers’ financial records are also important – financial histories are private, with some exceptions, and they should stay that way. Knowing how much money someone has may put them at risk for a real-life robbery, for instance, or knowing their stock portfolio could cause other problems.

Adversaries and Threats

• Malicious third parties who would like to steal the customers’ money, perhaps by listening to the airwaves, or physically stealing the phone. A lot can be done with just a few seconds with a phone given a text messaging interface.
• The middlemen have an extraordinary amount of power given what they have been entrusted with by the end-users. And, since their clients won’t have it any other way, banks have been forced to actually work with these middlemen, including them in the system. A store owner could easily pull off an “Office Space” type scheme, stealing miniscule amounts of money from each customer.

Potential Weaknesses

• Snooping on peoples’ wireless connections is difficult since the network provides some level of intrinsic security. We’re not experts on this subject, so it’s difficult for us to assess how feasible this approach is in reality.
• Replay attacks are possible, especially if any actions are carried out via text message, and a malicious user manages to take over the phone physically, or duplicate/forge the SIM card.
• Physical access is an imminent problem given the prevalence of these middlemen in transactions. Somehow, even with physical access by users other than the clients there needs to be security and accountability.

Potential Defenses

• For snooping, simply use any of the well-established encryption protocols we discussed this quarter.
• Replay attacks can be guarded against by confirming each action with a code that can only be used once.
• The physical access problem is the most difficult problem to address – and the most interesting. Since third parties are allowed access to the system by the clients, it is difficult to enforce anything in the system if the third party is malicious. One way to defend against third party mischief would be to not carry any actions out immediately, but instead to queue them and then confirm them via text message with the client an indeterminate amount of time in the future, on the order of several hours. This way, hopefully clients will be forced to examine and acknowledge all actions away from the influence of the store owners. Malicious middlemen could counter this by requesting to keep the phone until the transaction is complete, but hopefully clients would grow suspicious of this request before long.

Mobile banking is something that hasn’t quite caught on here like it has in other places of the world. Not only is it useful for banking when branches aren’t nearby, the service has in some places, like Japan, evolved to include payments via cell phone rather than credit card, and other technology-enabled services which have security implications. Ultimately, a lot of these problems are already being worked on in the context of their low-tech equivalents (eg transmitting credit card information, etc), but as we can see with the rural banking case study, there can be a lot of unexpected usages which result in unexpected potential problems.

These unexpected issues are likely where we will see the most interesting security issues in the future.

Clint Tseng and Erik Turnquist

Rob Spence, a Canadian Filmmaker, is currently developing a prototype to equip his prosthetic eye with a built-in, wireless video camera.  The digital system, while not able to transmit information to his brain, will be able to route the signal through a series of increasingly large transmitters to a remote machine, which could potentially stream that data live on the internet.  As Spence explains, “If you lose your eye and have a hole in your head, then why not stick a camera in there?”
Spence hopes to be able to integrate this recorder seamlessly into his existing prosthetic eye, such that a casual observer would not be able to notice its presence (for a stunning picture of how realistic his current eye looks, and how small his current camera is, see the article linked at the bottom of this post).  He plans to have an on/off switch, so the recording feature can be stopped for private events, theater screenings, or bathroom trips.  Spence and his team are currently working to shrink all of the necessary components such that they are small enough and lightweight enough to fit within the space of an eye-socket, without weighing enough to cause disfigurement.

(Read on …)

The HomeLink Universal Transceiver is a device that, like a universal remote, can record the output of a wide variety of garage door openers and home automation control systems and emulate the output for future use. When used as advertised, the HomeLink system simply replays signals that you could have produced anyway, but from a central source. However, since the HomeLink device basically allows replay attacks, there are security implications if the device is to be used by someone with sinister intentions.

Community gate openers and garage door openers are, by their very design, long-range communication devices. If the signal the opener emits cannot be detected a good distance away, the devuce is not doing its job. Therefore, it follows that the HomeLink device could record garage door opener signals while passing by a car that is using a garage door opener. With access to many types of garage doors after being in the proximity of the door opening, a world of possibilities opens up.

(Read on …)

Ever considered ‘recycling’ your computer without thoroughly wiping your hard drive first? Don’t. A recent study suggests that up to 40% of hard drives that end up on eBay and aren’t explicitly marked as erased may contain easily recoverable data from previous owners.

(Read on …)

A game of poker can be played for fun or money. The game itself uses low tech equipments, and the two main ones are a standard deck of cards and playing chips of different colors to represent different amounts of money. Depends on the type of poker game, the dealer usually shuffles the card and deals out the cards to the players. Then the players would bet chips to play against each other. The goal is to garner as much money (in chips) as you can. I’m going to use the terms chips and money interchangeably.

(Read on …)

I noticed that the Denver airport has upgraded its power stands to include USB ports that presumably give power to recharge devices like cell phones, iPhones, and iPods. What I wonder is how I know that’s all that’s going on. I know that, at least for my old iPod shuffle and one of my cell phones, some of these devices don’t authenticate the computers they plug into, but simply appear as R/W flash drives. What’s to stop a malicious version of this kiosk from

• taking inventory of my files?
• figuring out who I am and tracking me?
• installing autorun software (like a virus) onto my device?
• copying my contacts, my email, my cell phone pictures, my mp3s, etc?
• <your idea here>?

I don’t know whether this particular power stand does anything more complicated than supplying power and ground to the right two pins, and I suppose that by paying attention (to the screen on a cell phone or the lights on an iPod shuffle) you might be able to tell if serial communication were initiated and something fishy was going on. But that doesn’t provide much comfort; in the end what we need is a good way for portable devices to verify the authenticity of the device to which they connect.

EDIT: It appears that I goofed with the “more” tag when I first posted this, so I’ve included the rest of the article below.

Since the days of waking up at 5am to watch the Tour de France live with my dad at eight years old, I’ve been a big fan of bikes. I’ve since grown to love riding them, and spent several years as an avid road racer. While I’m somewhat of an anomaly, many of you also rely on cycling for transportation to class, to work, and elsewhere. Unlike cars, which are just slightly harder to steal, bikes are the candy-from-a-baby in the world of theft. One magazine article I read several years ago had a “professional bike thief” (probably a security professional who learned methods of theft in his research) attempt to steal a bike secured by one each of every available bike lock on the market at the time. In public. The result? All but a single lock could be circumvented so quickly that nobody in the area even noticed that it was not unlocked by normal means.

I have to say, I am particularly bitter about bike security. A few years ago I was living in Stevens Court with a few friends. A past summer job at Gregg’s Greenlake Cycles had yielded an absurdly cheap employee purchase of a Lemond Tourmalet, a very nice road bike. I wasn’t using it to commute to school (who locks up a bike like that around the Ave?), but I did have it in our apartment so I could go riding. One day I came home and it had been stolen from my living room. My roommates had left the front windows wide open and the door unlocked. Go go speed racer, go.

(Read on …)