08:47 AM
Don Bailey
Don Bailey
Connect Directly

Been Caught Stealin'

Emergence of machine to machine (M2M) devices makes life easier for thieves and hackers -- and more dangerous for victims

Everyone remembers that moment when, as a small child, they learned an extremely important social or ethical lesson. For me, it was theft: I must have been all of 8 years old and on a field trip at a museum in Flint, Mich., to see a modern art exhibit. I still remember the glow of one particular installation. It was made of thick pieces of what must have been plastic made to look like shattered glass. Each piece was about the size of a penny, and sat in a medium-sized black cauldron. All I can remember was how pretty I thought the glass looked and how I wanted to take a piece of that artwork home for myself. So after waiting until the rest of my school group passed by the exhibit, I snatched a small shard of plastic and shoved it into my pocket. My heart raced. The palms of my hands started to sweat. I walked right through the door.

I had possibly -- and unintentionally -- become the world’s youngest art thief.

Unfortunately for my young self, and fortunately for my adult self, the thrill of success was short-lived. Like every criminal, I took time to bask in the glory of my own misdeeds. I foolishly took out the plastic shard on the way back to school, thinking no one was looking and, of course, someone noticed and word quickly got around that I had something that I wasn't supposed to have.

My mother was a wise woman. I didn't get grounded. I didn't get spanked. But I did get my butt thrown back into the car to head back to the Sloan Museum. Facing my mother was horror enough, but then facing the learned and established museum curators was an entirely different story. However, I learned an important lesson: Theft is a dangerous game. Not only can you rise to the Olympian heights of the youngest art thief in northern America, but you also can plummet to the depths of suffering travel through Flint during the mid 1980s.

Sadly, others do not learn so quickly. Last May, a woman in Tasmania was sentenced to 18 months in jail for using a stolen SIM card. Why? Her abuse ran up a bill of more than $193,000, which she was ordered to pay back. What was little-known about the issue is that the woman, or a mysterious Internet accomplice, had apparently stolen a SIM card out of a smart meter somewhere in the country. As is often the case with machine 2 machine (M2M) systems, the SIM card can simply be moved to another system and used to immediately gain telephony and data access. The issue was reportedly fixed, but this highlights a common issue with mobile systems: identifying abuse.

In 2011, thieves performed a similar attack against traffic lights in South Africa. Traffic lights were augmented with cellular modules, enabling these systems to be controlled and monitored remotely. Thieves broke open these traffic control units, stole the SIM cards, and began making phone calls deemed "untraceable" by South African press.

This is likely to occur in the U.S. as well, if it hasn't already. To date, AT&T's M2M network has 1,194 approved unique devices. If each device has at least 1,000 users, that's potentially a little more than 1 million unique devices carrying a SIM card in North America. What does this mean for the security engineer at Joe Co.? It means a lot.

Emerging devices, also known as M2M, are everywhere. Point-of-sale systems are already using M2M. Building security systems, including motion detectors, gate entry, and cameras, are all using M2M. Even the smart meters and environmental monitoring systems in office buildings are enabled with M2M technology, and sometimes even capillary M2M technologies such as Bluetooth and Zigbee. Bluetooth is the most interesting capillary technology because it's so ubiquitous in modern offices. If an attacker can compromise a building environmental sensor over a cellular network, then can he abuse the Bluetooth chip on the same sensor to attack laptops, phones, or other mobile devices in the surrounding offices?

Sometimes the thieves aren't just poised to enter your network. Sometimes, like smart meter SIM thieves, they're simply after your technology. Thankfully, smartphone security is quickly improving. There are many options for maintaining access restrictions, secure containers, and backup management on modern phones. The first product I turn to for control over a smartphone is Lookout. While there are quite a few stellar solutions for mobile protection, Lookout has certainly emerged as a leader not only for the individual, but also for the enterprise.

Lookout's mobile security technology can safely back up your phone's data remotely. It can also scan your Android smartphone for malware, spyware, and other icky executables. Lookout often can even detect whether a URL presented to the user is malicious, preventing possible phishing or malware attacks. Last, but certainly not least, is my favorite feature: the location service. This security software can remotely locate your device's physical location, easily guiding you to the lost item. This is exceptional if you're like me and you keep losing your phone around a messy apartment.

It's even more important if you're like Anthony Lineberry, a friend of mine and software engineer at Lookout. Anthony's phone was stolen at gunpoint last July. During a difficult time, he was able to remotely locate his stolen phone using his own company's software. Once the location was identified, police raided the house where the device was pinpointed. While police didn't recover all of Anthony's belongings, they did retrieve his phone. Score one for technology.

The teenager who stole the smartphone made the same mistake I made. He paraded his ill-gotten goods around like a trophy, not realizing that Big Brother is always watching. As our mobile market grows exponentially in these coming years, we have to imagine the potential haul for miscreants and hackers. Is it an NFC bug that will net the first multimillion-dollar mobile heist? A device like a SIM card that can be easily ripped out of unmanned hardware? What about mobile wallet technology, like Google Wallet? The threat surface is vast, and the potential is high.

And, besides, some people enjoy stealin'. It's just as simple as that.

Don Bailey is director of research at iSEC Partners. Don A. Bailey is a pioneer in security for mobile technology, the Internet of Things, and embedded systems. He has a long history of ground-breaking research, protecting mobile users from worldwide tracking systems, securing automobiles from remote attack, and mitigating ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/ in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.