Evidently what’s good in your personal life is also good in your mobile life – USB Condom.  USB Condom is a new security product to wrap that rascally USB device and defend you from infection by Internet baddies.  If I were the product marketer I could have so much fun with this but instead I refer you to the previous link for a full product description.

I’m not so sure the public understands birds and bees of USB devices and perceives any USB security threats.  Until the public is better educated on USB security or more incidents surface, this product is a solution trying to find a problem.  Make no mistake, USB security is real problem but it’s going to take more education to for the public understand the threats before they see any value in a product solution.

It would be great if the product had a plastic case like a thumb drive instead of bare board.  Still I will gladly pay $10 if it works as expected.

–Milton

A couple of interesting research papers from Stanford University.  I may decide to cover these in more detail in the future but for now I provide the links.

Mobile Device Identification via Sensor Fingerprinting
This research is significant since your mobile device can be fingerprinted uniquely like the HTML 5 canvas attack.  This is similar to the canvas attack in that it bypasses any cookie policies or device hardware policies for reading mobile IMEI numbers, etc.  Users can be tracked without their knowledge or consent.

Gyrophone: Recognizing Speech From Gyroscope Signals
This research describes using the gyroscope on mobile devices as a microphone to listen to sounds or conversations in the vicinity of the phone.  This is interesting since any privileges assigned to the microphone are not applicable to the gyroscope.

With canvas fingerprinting, and the new weaknesses discovered by Stanford, there is a trend where device sensors are used in ways outside their design parameters.  If your a hardware manufacturer, threat modeling your hardware devices with your engineering teams is probably a great exercise.

A few ideas to stimulate some thought, it may be possible to determine if a mobile device is being held by the capacitive properties of the human body on microwave transmitter power.  Exfiltrating data from mobile devices by modulating GSM, WIFI, or BlueTooth to transmit over other harmonics.  Listening to conversations by picking up background IR modulated on reflected glass in the room over mobile IR sensors.  Using the capacitive touch sensitive keypads in new and creative ways?  We have already seen add-hoc audio computer mesh networks transmitting ultrasonics over PC micspeakers.  It’s likely this can be done using mobile as well.  Imagine bots running on your mobile devices transmitting data to other bots over add-hoc audio mesh networks – creepy.  Even more creepy, many of device hacks are not detectable by carrier network security controls.  The value of this research is not so much in the research itself but the new approaches it stimulates.  Guaranteed we will see more research using device sensors in new and creative ways we previously didn’t imagine possible.

–Milton

Thanks to CNET article (hat tip) I discovered a new comic book, “beyond Edward Snowden“, written by Marvel Comics’ Punisher writer Valerie D’Orazio.  I am not a Punisher reader and I have not read this comic yet.  However, I like Marvel comics, security, and interested in Snowden material, so this caught my eye.  Passing along for those interested.  Comic Flea Market looks like some fringe reading for those interested.

–Milton

Xan Brooks of the theguardian announced in a recent article director Oliver Stone is planning a new movie to tell of story of NSA whistle blower Edward Snowden.  Oliver Stone directed the controversial film JFK in 1991 starring Kevin Costner.

In the interim, if you would like to learn more about facts surrounding Edward Snowden before seeing the movie please consider consider reviewing my previous post.  Enjoy!

–Milton