dear Eve,

coderman coderman@gmail.com
Wed Jan 22 07:38:17 PST 2014


it was fun!  i assume we have come to an understanding - security,
like anonymity, is best as public good that floats all boats UPSTREAM
(even if current reality far from vision of ideal).

hopefully a good arrangement not needlessly obstructed...

best regards,
  except to the surreptitious surveillance-ers; you're the outlier here!

love,
  codermange

---

many of the best detections for advanced attacks involved not-quite
consumer hardware and customized systems for distributed storage,
observation, and processing.  this is way beyond the budget, skill,
and time afforded even modestly technical users for most intents and
purposes.

however,
 sometimes simple measures to thwart attacks combined with a keen
situational awareness can identify sophisticated attacks with less
technical means.  anomalies signal to attempt counter measures and
initiate in depth scrutiny.

---

consider the following,

- baseband attack against mobile target:
 + cannot "hot patch" running image, as some changes take effect
during initialization.  force push results in restart. anomaly #0.
 + battery longevity one third what expected, distinct transition
post-baseband-push for longevity of full charge - power consumption
doesn't lie. anomaly #1.
 + abnormal signal power level for well known location for cell link.
anomaly #2.
 + outbound dial attempts cannot put cell radio into lower bitrate
audio call mode - outbound dial attempts fail - serious anomaly #3.
(workaround of making call immediately on boot appears effective, and
keeping a call in voice mode appears to thwart data exfiltation when
no wifi uplink avail.
 + (technical but possible) pushed baseband needs to pass
authentication of image; signature valid, revision same as prior mtd
partition archive version, however sha digests do NOT match! this is
not expected for the same build version. anomaly #4.

---

consider the following,

- BIOS attack with post-boot re-infection vector triggered once
graphics mode transitions from console to graphical display:
 + target hardware is a match and supported, however, root file system
is XFS, ZFS, or other unsupported *nix variant.  attempt to persist by
injection on file system using kernel fs funcs and data structures
(this gets around FDE by interacting before
luks/mdcrypt/loopaes/cryptoloop layer) thus causes kernel panic.
anomaly #0.
 [note: A for effort++ by setting a not-again flag after first
attempt.  this prevents the kernel panic from becoming a persistent
DoS as the next boot attempt will complete normally into graphical
desktop.  Subsequent reactivation follows similar fail safe of next
boot succeeding after post boot persistent hook failure and kernel
panic.]

---

consider the following,

- SMS MitM attack against Android mobile target:
 + normal delivery of SMS using a client such as TextSecure that
checks for delivery confirmation on SMS, (do NOT use fire-and-forget
like majority of text clients).  attack introduces latency on
confirmation due to radio mode switching between high rate exfiltation
mode and low rate SMS with additional MitM proxy processing latency
added as well. this results in messages initially showing "Message
delivery failed" before shortly then confirming successful
transmisssion. anomaly #0.
+ abnormal signal power level for well known location for cell link. anomaly #1.



More information about the cypherpunks mailing list