Feeds

Superphone system-CRACKING cable of DOOM ... is quite handy

MiniUSBs and common connectors are a sysadmin's best friend

Top three mobile application threats

Thumbs up

Android, Windows Mobile, Symbian and RIM are all different. Here you can add “thumb drive” to the list; it was replaced by the humble MicroUSB cable. If your device has Wi-Fi and the administrator of the target network is lax enough to employ WEP or WPA, you own them...

Given the compute power available in modern superphones, cracking and joining said network is trivial. Android is a real threat here; the number of applications for the Linux ecosystem to do exactly this is staggering. With a modest amount of programming skill, cloud services such as Amazon’s EC2 make these sorts of tasks even easier.

For added fun and merriment, you can get USB 10/100 NICs that will – to varying degrees of success – work on many of these devices. Even if security won’t let you into the building with a notebook, the systems administrator has thwarted your removal of data via USB and there is no Wi-Fi to crack, you have a hardwired network node in the palm of your hand.

Phones are a great place to smuggle in MicroSD cards. My keychain has a MicroSD-to-USB reader that folds out of what looks for all the world to be a supermarket loyalty card. Left alone for just a few minutes with a target computer, I can boot it up into the Linux distro of my choice.

Having bypassed the operating system restrictions of the local systems administrator, I now can use one of those readily available MicroUSB cables to turn my phone into a tethered 3G modem. Suddenly I can funnel any information on the local hard drive (or any vulnerable information on the network) out through a VPN over my 3G to wherever I want.

As a systems administrator, this is terrifying. It has helped me though. I have recently found myself called in more than once to clean up some mess left either by a fired administrator, or simply one who was on vacation and unreachable. Business owners are both impressed and afraid when you can take apart years of their IT security with an HTC Desire.

The threat of superphones has served me well. As a method of scaring the suits white enough to allow me to implement some real security measures, it’s priceless. So consider this article a thank you to the humble MicroUSB cable – you keep me employed. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Brit boffins use TARDIS to re-route data flows through time and space
'Traffic Assignment and Retiming Dynamics with Inherent Stability' algo can save ISPs big bucks
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.