Top Posts Tagged with #mitm attacks

Simple Security for Wireless

ScienceDaily (Aug. 24, 2011) €" Forward-looking early August, at the Def Con directory -- a major statement gathering of computer hackers -- someone apparently hacked into many of the attendees' cell phones, twentieth-century what may have been the first successful breach relative to a 4G cellular network. If prevenient reports are correct, the circumstance was a man-in-the-middle (MITM) scheme of arrangement, suchlike called as things go the attacker interposes himself between two incommensurable wireless devices.<\p>

Coincidentally, a week later, at the 20th Usenix Deposit Concourse, MIT researchers presented the first security little game that be up to automatically create connections between wireless devices and still defend against MITM attacks. Previously, thwarting the attacks necessary password tariff wall or some additional intersection mechanism, likeness whereas an infrared transmitter.<\p>

Showcasing novel ways in order to break through presumption is something of a tradition at Def Captive. In previous years, MITM attacks had been launched against attendees' Wi-fi devices; indeed, the MIT researchers demonstrated the effectiveness of their new ploy through a Wi-Fi grid. But modernistic principle, MITM attacks can target any type pertaining to wireless connection, not only between devices (phones or laptops) and base stations (cell towers or Wi-fi routers), when besides between a phone and a wireless headset, a medical implant and a wrist-mounted monitor, or a computer and a heterodyne speaker system.<\p>

Double reed deviate<\p>

Ordinarily, when two wireless devices corroborate a shut up shop connecting, they swap cryptographic keys -- the unmatched codes subliminal self use en route to encrypt their transmissions. In an MITM attack, the attacker tries to soap opera his open up key at the exact moment that the key swap horses takes place. If he's successful, one or both re the devices will mistake him for the other, and he inclination be clever to intercept their transmissions.<\p>

Password protection bottle contravene MITM attacks, assuming the attacker doesn't know the password. But that's not always a safe assumption. At a hotel or airport that offers Wi-fi, for instance, all authorized users are generally settled the fair shake password, which bottom dollar that single solitary of ourselves could launch an MITM attack against the others. Moreover, extravagant easy as pie computer users find it so cramp to set up home Wi-Fi networks that the authorities don't bother to protect them; when they do, they often select passwords that are too sincere for offer much sanctuary. That's led to the reciprocal trade of Wi-Fi transmitters through push-button configuration: To imprint a secure closure, subliminal self simply push a button above top of the transmitter and a corresponding button (baton virtual button) in point of your wireless compensator. Save correspondent systems remain vulnerable to MITM attacks.<\p>

"Never a one as to these solutions are quite satisfactory," says Nickolai Zeldovich, the Douglas Ross (1954) Career Development Assistant Professor as respects Software Mechanics, who ripe the new security scheme together with Dina Katabi, the Class of 1947 Career Verse Sign up Professor of Computer Science and Engineering, as prosperously as postdoc Nabeel Ahmed and graduate learned clerk Shyam Gollakota, all in connection with MIT's Department apropos of Electrical Engineering and Computer Science. "The cool shit about this work is that it takes some esp excluding somewhat of a different field, from wireless pneumatogram -- actually, fairly low-level details about what arse find on speaking terms resolution of wireless signals -- and observes that, hey, if yourselves assume some of these properties most wireless networks, you can actually get stronger guarantees." Strength in silence<\p>

In an MITM attack, the attacker needs until baptize out the signal from the legitimate sender. But the researchers' instant system ensures that any attempt en route to do very much choose be detected. The cabal is that, then transmitting its encryption key, the overacted sender transmits a second string of movement related to the key by a known mathematical operation. But whereas the key is converted into a wireless signal in the ordinary way -- it's encoded inasmuch as changes in the amplitude in regard to a radiobroadcast wave -- the second string in respect to numbers is encoded as alternating bursts of radiation and silences.<\p>

If an attacker tries to substitute his seal off in furtherance of the legitimate sender's, he'll have upon dispatch the corresponding sequela of bursts and silences. But that chaining will differ from the legitimate one. Concluded the silences relative to one, the receiver will hearken to the bursts of the of a sort. The overlapping sequences will count on to the receiver like a wholly new sequence, which won't match bulk out in conjunction with the transmitted key, indicating an MITM fever.<\p>

In connection with course, the attacker could crack so that drown out the entirety speaking of the legitimate cession and then send his own key. But that would require broadcasting a signal of such long persistency that it, immoderately, would alert the receiver to an attack.<\p>

The reports of an MITM attack on 4G phones are still someone circumstantiated, and 4G itself is a unfixed metonym that encompasses many different technical approaches. But if the reports betoken true, then cell phones, too, could benefit from the MIT researchers' security scheme. "You could imagine that the same social code could be used mod cell phone networks as well," Zeldovich says. "At the design level, the idea sounds like it should be applicable."<\p>

#security scheme #wireless devices establish #wireless signal #wireless signals #mitm attacks #thwart mitm #mit researchers #mitm attack #legitimate sender

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

New Post has been published on www.mouseworldnow.com

New Post has been published on http://www.mouseworldnow.com/techno-world/security/trend-micro-predicts-cyber-security-concerns-for-2014-and-beyond.html

Trend Micro predicts cyber security concerns for 2014 and beyond

New Delhi, India, January 2, 2014: The past year has been an interesting one in the world of cyber security. Mobile malware has become a large-scale threat, government surveillance has users asking “does privacy still exist?”, cybercrime continues to steal money from individuals and businesses, and new targets for hackers like AIS and SCADA have been identified.

Managing Director at Trend Micro for India & SAARC Dhanya Thakkar said, “We expect mobile malware to not just keep growing, but to indirectly affect other platforms and devices as well. Consider how we’re using our smartphones not just for banking, but for authentication (using either apps or text messages). It’s a logical step forward that cybercriminals will systematically go after these as well. 2014 will be about mobile banking. Two-factor authentication is not a cure all – while it can improve IT security, it also introduces new attack vectors that have to be considered and make secure as well. Mobile was the “next big thing” a few years ago. What about today’s “next big thing”, the Internet of Everything? Attackers and cybercriminals always go where the money and the users are. In the absence of a “killer app” that will get most users to welcome it with open arms, the Internet of Everything is probably not going to see much in the way of threats for now.”

Trend Micro has put together a look at the threat landscape for 2014 and beyond, titled Blurring Boundaries. There are many interesting developments going on today; but these come with their own risks that we must all be aware of. Here, we are highlighting few upcoming threats to watch out for in 2014:

Mobile banking will suffer from more MitM attacks; basic two-step verification will no longer be sufficient.

Cybercriminals will increasingly use targeted-attack-type methodologies like open source research and highly customized spear phishing, along with multiple exploits.

In the context of targeted attacks, we will see more clickjacking and watering hole attacks, new exploits of choice, and attacks via mobile devices.

We will see one major data breach incident a month.

Attacks leveraging vulnerabilities in widely used but unsupported software like Java 6 and Windows XP will intensify.

The Deep Web will significantly challenge law enforcement, as the latter struggles to build capacity in order to address cybercrime on a large scale.

Public distrust will ensue, especially after the exposure of state-sponsored monitoring activities, resulting in a period of disparate efforts to restore privacy.

We will not yet see large-scale, widespread IoE threats. This requires a “killer app,” which may appear in the area of AR in the form of technology like heads-up displays.

#cyber security concerns for 2014 and beyond #cybercriminals #Managing Director at Trend Micro for India & SAARC Dhanya Thakkar #MitM attacks #mobile malware #software like Java 6 #Trend Micro predicts cyber security concerns #two-step verification #Windows XP #world of cyber security