Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researcher Wows Black Hat With NFC-based Smartphone Hacking Demo

samzenpus posted about 2 years ago | from the unsafe-at-any-speed dept.

Security 95

alphadogg writes "At the Black Hat Conference in Las Vegas Wednesday, Accuvant Labs researcher Charlie Miller showed how he figured out a way to break into both the Google/Samsung Nexus S and Nokia N9 by means of the Near Field Communication (NFC) capability in the smartphones. NFC is still new but it's starting to become adopted for use in smartphone-based purchasing in particular. The experimentation that Miller did, which he demonstrated at the event, showed it's possible to set up NFC-based radio communication to share content with the smartphones to play tricks, such as writing an exploit to crash phones and even in certain circumstances read files on the phone and more."

cancel ×

95 comments

Hmm (3, Insightful)

masternerdguy (2468142) | about 2 years ago | (#40784953)

Workaround: Blacklist the kernel module used for NFC?

Re:Hmm (3, Insightful)

sexconker (1179573) | about 2 years ago | (#40785011)

Solution: Don't buy a phones with NFC gimmickry, NFC gimmickry goes away.

Re:Hmm (-1)

Anonymous Coward | about 2 years ago | (#40785089)

shut up faggot conker

Re:Hmm (1)

Anonymous Coward | about 2 years ago | (#40787117)

It's not gimmicky in the rest of the world that uses it actively with vending machines, train tickets, subways, etc.

Re:Hmm (1)

sexconker (1179573) | about 2 years ago | (#40797429)

I have a credit card for that. I have exactly zero desire to use my phone as a payment device.

There's no real benefit in not carrying a credit card if you have to carry around your phone.
If you're so dead set on not carrying shit, just memorize your credit card number and key it in.

Re:Hmm (3, Funny)

sjames (1099) | about 2 years ago | (#40787767)

Even better, all we need to do is come up with a way to use NFC to share music and movies. Then the *AA won't rest until it's dead.

Re:Hmm (2)

fatphil (181876) | about 2 years ago | (#40788463)

Let me introduce you to the concept of a "switch" with settings we like to call "on" and "off". With said feature, you can have the NFC functionality enabled (or "on") when you specifically want it, and disabled ("off") the rest of the time. And the N9 has that.

If you want to connect to any wireless network you're not in control of, then you are just as vulnerable from most facets of this attack as you are from using NFC. More so, as with NFC you actually have to be physically close to Malory.

Re:Hmm (2)

fatphil (181876) | about 2 years ago | (#40788819)

The Forbes and arstechnica write-ups are worth a read, and it appears that the bluetooth "off" switch is the problem. It's just plain ignored. You turn it off, NFC turns it back on without asking you. Braindead.

Then again, Nokia's maemo devices have a long history of ignoring user preferences or choices because of braindead diktats made by people who were incapable of thinking through the consequences of their demands. (Yes, I'm ex-Nokia, and could write a book full of the horror-stories I've seen.)

Re:Hmm (1)

sexconker (1179573) | about 2 years ago | (#40797413)

Unless you have a physical switch you leave the door open for exploits and shittydumb apps, OEMs, carriers, and os vendors just plain ignoring your settings.

Re:Hmm (1)

fatphil (181876) | about 2 years ago | (#40800543)

But it was a conscious decision to permit software to over-ride a user's setting. That decision didn't have to be made.

I'd like to know who made that decision in Nokia. I wish I'd had access to a RFID tag writer while I worked there, as my plan would have been to turn the useful tags that had helpfully been scattered around (things such as pulling up a bus timetable/route-planner as you went through the exit that led to the station) with goatse, or worse. Who knows, I may have discovered this exploit first if that had been the case. I would have enjoyed filing a bug like that against middleware. I can just imagine the "works as designed - INVALID", "security threat - REOPEN", "works as designed - INVALID", "security threat - REOPEN", "no exploit known - WONTFIX", "because you're too stupid - REOPEN", ... loops ad nauseam.

Nokia can't fix this now. They've got rid of all the people who can do anything about it. Harmattan is in maintenance phase and outsourced to a team who I've heard are in general severely under-skilled. They'll just try to downplay its severity.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40785017)

kernel module obviously needs tinfoil hat

Re:Hmm (1)

murder_face (2574275) | about 2 years ago | (#40785587)

These days it seems like the whole phone needs a tinfoil hat. Reminds me of the ESN snarfing days back when I was in Junior High

Re:Hmm (3, Interesting)

socceroos (1374367) | about 2 years ago | (#40785063)

I cannot believe..........no wait....I cannot understand why these things aren't being made with security at the forefront. Surely anyone with half a brain realises that every point of communication with a phone is a potential point of exploitation. LOCK IT DOWN PEOPLE - FOR BLINKY'S SAKE, THIS HAS BEEN GOING ON TOO LONG.

Re:Hmm (1)

Trillan (597339) | about 2 years ago | (#40785087)

Perhaps they are. It is remarkably difficult to secure a large code base.

Though I would hope that NFC is new enough that it would be coded securely right from the start.

Re:Hmm (4, Insightful)

socceroos (1374367) | about 2 years ago | (#40785209)

I'm under no illusion that a large code base is hard to secure, but I'm still baffled^H^H^H^H^H^H^Hannoyed that when a new point of access to a device is born that it isn't done with utmost security in mind. We live in an age where the devices we own hold the keys to our lives, why aren't they as secure as they possibly can be short of not existing??

Re:Hmm (5, Insightful)

jader3rd (2222716) | about 2 years ago | (#40785423)

why aren't they as secure as they possibly can be short of not existing?

Because first to market wins.

Re:Hmm (4, Funny)

Opportunist (166417) | about 2 years ago | (#40786473)

Damn, you beat me to it and cashed in the insightful mods.

Re:Hmm (1)

pentadecagon (1926186) | about 2 years ago | (#40787433)

Wrong. It's not supposed to be as secure as *possible*, but as secure as *necessary*. And it apparently is: Even the world's leading experts were not able to break into current Android phones.

Re:Hmm (1)

socceroos (1374367) | about 2 years ago | (#40787463)

Firstly, you've got to be kidding. Android security has been broken multiple times since its inception and it will continue to happen. Secondly, "necessary" is a very subjective term, my friend.

Re:Hmm (1)

pentadecagon (1926186) | about 2 years ago | (#40787921)

Ah, sorry, of course my comment referred to NFC, as this is the topic at hand. And this article here in fact says they were not able to exploit NFC on current phones.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40788323)

You shouldn't be baffled. It's an industry-wide culture. It took so many years before the HTML and browser bunch started on Content Security Policy. Their priority was always creating new fancy stuff.

Car analogy: For years they were busy creating hundreds or even thousands of new different accelerator pedals for cars, and nobody cared to put in a single brake pedal. So to stop bad stuff from happening you have to make sure all the pedals including the new ones (that may not have been present when the webapp was made) are not pressed.

Re:Hmm (1)

thoth (7907) | about 2 years ago | (#40790391)

We live in an age where the devices we own hold the keys to our lives, why aren't they as secure as they possibly can be short of not existing??

Because corporations and lazy and cheap, and security doesn't pad their bottom line in the all-consuming march for profits.

It is less expensive for them to punt all security issues and instead rely on the government to make abusing the non-security of these devices "illegal".
Yes that is ineffective, but before criticizing the government, consider the fundamental impossibility of fixing security problems by declaring the abuse illegal, and also consider the root problem is that corporations are basically irresponsible and will offload all expenses to somebody else rather than spend money to protect their customers.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40785239)

Nice try, but communications drivers shouldn't be large codebases. If they are, you're doing it wrong.

Re:Hmm (-1)

Anonymous Coward | about 2 years ago | (#40785139)

Because then freetards would be bawwwing over their phones being locked down.

Re:Hmm (1)

socceroos (1374367) | about 2 years ago | (#40785223)

Troll. =P

Congratulations on missing the point.

Re:Hmm (4, Insightful)

Opportunist (166417) | about 2 years ago | (#40786467)

Because security does not sell. It's that simple.

Go out there and ask 1000 random people what they are looking for in a cell. NONE of them will say security. Not even at any point in that whole list of things they might mention.

Security is a non-issue for pretty much every phone user out there save a few "computer people" who know what you just said: Any channel, if not properly secured, can and will be abused to compromise the confidentiality of the device using it.

Problem is, I guess for at least 80% of the phone users out there reading half of the last sentence is enough to make their eyes glaze over. Doesn't take pictures, doesn't play MP3s, doesn't let me tell everyone I'm on the can on Facebook, so why'd I need it?

Making code secure costs money and is no selling point. Well, it sure as hell would be with me and most likely you, but for every you or me, there's a thousand Bobs out there who prefer shiny.

Re:Hmm (1)

socceroos (1374367) | about 2 years ago | (#40786723)

I hate it, but you are right.

At some point, the companies/people making these services available should 'do the right thing' - because, well, its the right thing to do. They're responsible for the world's privacy, they should take it seriously.

I feel I'm being entirely unrealistic, but it is something to at least pursue with good conscience.

Re:Hmm (3, Insightful)

chiguy (522222) | about 2 years ago | (#40787821)

Go out there and ask 1000 random people what they are looking for in a cell. NONE of them will say security.

All true, security is not a selling point.

But the reason people don't list it for cell phones is that security is assumed. Similar to if you asked me what I look for in a bank, security is not something I would list. I assume all banks offer adequate security. At least to the level required by law.

What you're pointing out is the average user does not realize/understand how poor the security really is on their devices.

Re:Hmm (1)

Zet (178940) | about 2 years ago | (#40790087)

I predict that NONE of those surveyed will say "to be able to make phone calls"
either.

I think that security is something people don't think about very much, but they
also buy the phone with the assumption that *surely* it would be made secure,
("they would be fools sell it to millions of people if it were not secure").

And, to a reasonable extent they *are* made secure. But securing a device is a
process, not a one-time event. It is an ever-escalating back and forth between
having all known holes plugged and an intruder finding the next one (which is
presumably harder to find).

Re:Hmm (1)

smeaggie (1172215) | about 2 years ago | (#40788215)

I cannot believe..........no wait....I cannot understand why these things aren't being made with security at the forefront. Surely anyone with half a brain realises that every point of communication with a phone is a potential point of exploitation. LOCK IT DOWN PEOPLE - FOR BLINKY'S SAKE, THIS HAS BEEN GOING ON TOO LONG.

For the nexus phone, the actual exploit was in the browser, NFC was just used to open the browser without the user being asked to do so. On the nokia, the actual exploit was in the bluethooth stack. This particular implementation allows bluetooth device pairing over NFC even if bluetooth is turned off on the phone, so now with NFC the exploit is reachable without the users knowledge. The exploit in the bluetooth stack allows for root access on the device. So the biggest problem with current NFC implementations is they don't ask the user anything, just act on what the other side is giving you. That is the real problem, because now one may change the payment terminal to hack your phone. If I hold my phone against a payment terminal and it asks me to pair a bluetooth device I'll just deny it, but with the current phones, I'm not asked anything. Info from this site (dutch): http://tweakers.net/nieuws/83354/beveiligingsonderzoeker-waarschuwt-voor-misbruik-nfc.html [tweakers.net]

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40795435)

I doubt this works with payments, which use a security implementation. Doing anything awry pretty much breaks them, like flashing ROMs etc.

Re:Hmm (5, Informative)

Emetophobe (878584) | about 2 years ago | (#40785071)

You can disable NFC in the android settings.

System Settings -> More... -> NFC (uncheck it).

Re:Hmm (3, Informative)

SpzToid (869795) | about 2 years ago | (#40785253)

The Nokia N9 is mentioned, and the NFC settings required for this exploit are turned off by default. I first read this detail on arstechnica.com and then double-checked on my own device; it is true.

Re:Hmm (4, Informative)

SomePgmr (2021234) | about 2 years ago | (#40785785)

Well, that's an important bit of info I didn't see in the article.

And I suppose it's worth reminding everyone that this is NFC. Your phone would have to be in near-contact with the exploiting hardware. Not impossible I suppose, given that skimming happens with traditional payment cards.

I didn't understand the two word description of the problem with Android, so I looked up that Ars article you mentioned...

The Nexus Sâ"when running the Gingerbread (2.3), by far the most dominant Android installationâ"contains multiple memory-corruption bugs. They allow Millerâ"using nothing more than a specially designed tagâ"to take control of the application "daemon" that controls NFC functions. With additional work, he said the tag could be modified to execute malicious code on the device. Some, but possibly not all of those bugs were fixed in the Ice Cream Sandwich (4.0) version of Android, so the attacks may also work against that release and Jelly Bean (4.1) as well.

Ah. So upgrade your phone.

http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/ [arstechnica.com]

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40786325)

So upgrade your phone.

If possible.

Re:Hmm (2)

Opportunist (166417) | about 2 years ago | (#40786519)

Getting close to a cell is trivial. Take for example every place where people have to sit close together like theaters or lecture halls. Hey, how about conferences, just go into one of the panels, sit down and presto.

Re:Hmm (2)

admdrew (782761) | about 2 years ago | (#40787007)

Very cool demo/exploit, but:
http://www.androidcentral.com/android-nfc-hack-cool-not-new-or-dangerous [androidcentral.com]

- majority of phones running exploitable version of Android don't support NFC
- majority of phones supporting NFC have patched version of Android
- future phones supporting NFC will all have patched version of Android

Re:Hmm (1)

marsu_k (701360) | about 2 years ago | (#40787839)

While I'm not worried about this exploit, I'm surprised they got it to work in the first place across multiple platforms. NFC seems to be not-so-standardized at the moment - recently when visiting my brother I tried to pair my S3 with a Nokia NFC speaker he has. All I got was the S3 to say it had spotted an unknown tag, something about Bluetooth (which is what the speaker ultimately uses for transmission), but nothing useful.

Re:Hmm (1)

seb42 (920797) | about 2 years ago | (#40789259)

seem the phone is running the old 4.0.1 android.

Re:Hmm (1)

sjames (1099) | about 2 years ago | (#40788255)

The more significant part is that the presenter plans to make the NFC fuzzing tool he created available

Re:Hmm (1)

tlhIngan (30335) | about 2 years ago | (#40791893)

And I suppose it's worth reminding everyone that this is NFC. Your phone would have to be in near-contact with the exploiting hardware. Not impossible I suppose, given that skimming happens with traditional payment cards.

Given the NFC reader I've seen is just another box beside the PIN pad and card reader, it's actually a trivially-doable exploit. Peopla already swap out PIN pads and readers in order to capture PINs and swipes. Replacing an NFC thing should be easier still with one that not only grabs the data, but installs the malicious code as well.

Or hell, a nicely done up sticker on the NFC reader that injects the malware. The thing can be passive and work off the NFC field like an RFID tag, and you can print a logo on it to make it look legit.

Or, I'm certain one could put something near an ATM keypad - mark it as a spot to put a cellphone so you can do your transaction while keeping an eye on your phone. In the meantime, that convienient pad injects the NFC malware. You'll find a lot of people will subconciously put their cellphone there!

Re:Hmm (2)

Opportunist (166417) | about 2 years ago | (#40786491)

The more interesting question is why do I have to turn it off if I don't want it and not turn it on if I want it?

Why does every maker of Smartphones think I want all their new, and usually quite battery draining, bells and whistles? I dunno, I might be old fashioned, but a phone that can make phone calls is a good start for me. Put the rest in the manual and gimme a hint that it is there, and if I am interested I'll try it out and turn it on when I find the time to do that.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40787447)

One may not need to. The article does not mention if it can do this when the phone is locked.
On my Galaxy Nexus (And I presume this is the same on pretty much all android phones with NFC), I cannot read tags until I unlock the phone. I need to press the powerbutton, then slide to unlock it. Until I do that, there is no NFC communication.
If he has overcome that obstacle, I'm impressed and slightly scared. But I doubt it.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40791187)

I believe his solution that was to place the rogue NFC tag next to or near a NFC-enabled payment terminal, then when someone pays with NFC on their phone, they'll unlock their phone and their phone will also read the rogue tag.

Re:Hmm (2)

Eponymous Hero (2090636) | about 2 years ago | (#40785085)

maybe NFC just needs something like a public key/private key handshake. the services you use would give you a public key (like banks, paypal, etc) so that hackers would have to have the institution's private key in order to break in. it could be made so that only insured/bonded institutions could offer NFC services that access vulnerable information. i'm probably overlooking something, but then it's time for that end of day coffee so i can wake up again. oh i know what it is. we can't even get ssl to work right, private keys will get stolen/forged. oh well.

Re:Hmm (2)

wierd_w (1375923) | about 2 years ago | (#40785225)

The problem is that this is intended for one-off purchases, like vending machines.

TPI will make that considerably less convenient, unless the device was issued unique certificates.

In which case, there would be a sudden market for stolen device certificates for credit fraud purposes, which would exploit the broken security flag implementation of the android marketplace. (The ad supported freemium content requires phonehome powers to serve you ads, and the frequently ask for phonebook and local storage as well. An application could yank the device cert store at the same time with those privs.)

Re:Hmm (1)

MrHanky (141717) | about 2 years ago | (#40785245)

It's off by default on my Nokia N9. Also, it only works over really sort distances, like centimetres.

Re:Hmm (5, Insightful)

socceroos (1374367) | about 2 years ago | (#40785959)

That's what people said about RFID tags until people started skimming them at distances beyond a kilometre.

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40787167)

Citation please.

Near field is what it says - the antenna needs to be NEAR the tag, usually using HF/magnetic coupling. Far field can read a lot further, usually using UHF. You might be able to read long distances with a sensitive enough antenna and reader, broadcasting over and abouve FCC power emission regulations, but telling me you can get a reliable read (much less reliable write!) over kilometer distance is a bit much.

Re:Hmm (3, Informative)

sjames (1099) | about 2 years ago | (#40788313)

Have a look here [tombom.co.uk] (PDF doc).

I know it has been demonstrated at 217 feet (well short of a kilometer but well more than the industry claimed) with a U.S. passport, but the paper above indicates 2 miles is theoretically possible.

Re:Hmm (1)

jo_ham (604554) | about 2 years ago | (#40788455)

It's off by default on my Nokia N9. Also, it only works over really sort distances, like centimetres.

So?

The article itself mentions the N9 as a tested phone where this works, despite the NFC being off by default.

Solution: fix bugs in Android (mostly done for these exploits in ICS and JB).

Re:Hmm (0)

Anonymous Coward | about 2 years ago | (#40791399)

The N9 doesn't use Android, so your proposed 'fix' will not work. Idiot.

Re:Hmm (1)

jo_ham (604554) | about 2 years ago | (#40791607)

The N9 doesn't use Android, so your proposed 'fix' will not work. Idiot.

Like a man in orthopeadic shoes, I stand corrected. You're right, I'm a damn idiot.

Re:Hmm (-1)

Anonymous Coward | about 2 years ago | (#40785711)

The AFC approves of this message.

Fuzzing (1)

TubeSteak (669689) | about 2 years ago | (#40785037)

Are fuzzing tools really that hard to write?

Re:Fuzzing (2)

Keith111 (1862190) | about 2 years ago | (#40785111)

Very easy, actually. The focus of a huge portion of my work is dedicated to writing or improving fuzz technology for security testing. I could write a basic fuzzer for almost anything in 20 minutes...

Re:Fuzzing (1)

jmerlin (1010641) | about 2 years ago | (#40785249)

Would you mind starting a blog on it and posting the URL here? Those of us writing code and unit tests need to know how to fuzz our code really well, too.

Yes Please! (0)

Anonymous Coward | about 2 years ago | (#40785523)

I second the motion!

My favorite fuzzer was for the original Mac; it just fed random keyboard and mouse inputs:
http://folklore.org/StoryView.py?project=Macintosh&story=Monkey_Lives.txt

eavesdropping (2, Interesting)

Anonymous Coward | about 2 years ago | (#40785053)

Ironic. The technical tools to solve all these problems exist, but if they were used properly, even the gov't. couldn't break in.

So which do you want? An inherently weak system that allows civil monitoring, or something so secure it'd be as anonymous as cash. After all, this is *cash* we are talking about replacing here.

The gov't. has a "thing" about encrypting wireless communications ...

Re:eavesdropping (1)

socceroos (1374367) | about 2 years ago | (#40785103)

I agree with your point. But this isn't just about cash. NFC can be used for divers purposes - its like even shorter-range Bluetooth.

Re:eavesdropping (1)

hawkinspeter (831501) | about 2 years ago | (#40788195)

When I tried using it, my phone stopped working. I only went down about 10m.

Is it that hard to buy a phone w/ NFC default=off? (0)

Anonymous Coward | about 2 years ago | (#40785067)

If it is, hopefully it won't be by Christmas.

Re:Is it that hard to buy a phone w/ NFC default=o (2)

93 Escort Wagon (326346) | about 2 years ago | (#40786515)

Regardless of what the default NFC state is, we've been hearing NFC is the nifty next thing for these phones. Google made a huge deal about it at Google IO.

Stating that NFC is secure because you can turn it off is analogous to claiming SSH1 is secure because it can be turned off. It's not secure; you're just ameliorating the problem - not to mention losing the desired functionality.

Besides, what are all the people who bought those Nexus Q's supposed to do now?

It's a simple rule, really... (2)

gstrickler (920733) | about 2 years ago | (#40785265)

Another network or communications port = another attack vector.

The question is why to vendors think they need to keep adding new communication methods faster than they can test and debug those ports?

Colorado Movie Theater Massacre (-1)

Anonymous Coward | about 2 years ago | (#40785357)

Colorado Movie Theater Massacre

âoeThere is already conjecture that James Holmes may have been involved in mind-altering neuroscience researchâ

Colorado Movie Theater Massacre
July 20th, 2012

http://cryptogon.com/?p=30455 [cryptogon.com]

Where Did Robert Holmes, Father of James Holmes, Work Before 2000?

I would be interested in knowing where Robert Milton Holmes, the father of James Holmes, worked before 2000. If anyone has this information, please send it to me.

On his Linkedin profile Robert Holmes lists a University of California, Berkeley Ph.D. in Statistics from 1981. He currently works for FICO, but also lists working for HNC Software from 2000 to 2002. (HNC Software was acquired by FICO.)

We have a DARPA link in HNC Software.

This is from a 1999 company profile for HNC Software:

HNC Software Inc. is San Diegoâ(TM)s largest software company and develops predictive software solutions for business-to-consumer service companies. These solutions allow companies to make more intelligent and profitable decisions and are marketed to industries- including financial, insurance, retail, telecommunications and the Internet.

Like many San Diego-based software companies, HNC Software Inc. traces its origins to the defense industry. When the company was launched in 1986, it focused on defense-related research and development. But over the years as defense budgets shrank not only in San Diego, but nationwide, HNC quickly realized that in order to succeed and grow, other commercial applications had to be found for its products.

â¦
But perhaps the most exciting frontier awaiting exploration and commercial development by HNC is in an area that scientists still know very little about: the human brain. HNC is working on a long-term research project launched in 1998 that is jointly funded by HNC and the Defense Advanced Research Projects Agency (DARPA), part of the U.S. Defense Department, to investigate âcortronic neural networks,â(TM) a concept originally proposed by Robert Hecht-Nielsen, HNCâ(TM)s co-founder and chief scientist.

HNC hopes to develop new capabilities in the areas of textual, aural and visual representation, and to actually build three new predictive, neural-net based systems: one that reads, interprets and searches text more effectively; a second recognizing speech and other sounds, enabling users to perform audio searches; and a third that can scan for and interpret images. The ultimate goal is to integrate all three systems. The net result â" machines that someday might be able to reason like humans.

âoeThis is the most important scientific challenge of our time, and finding the answer will be the adventure of the millennium,â says Hecht-Nielsen.

â"

James Holmes: Accused Colorado Shooter Is Grandson of Decorated Veteran, Has Mamily Roots in Monterey County

Via: Contra Costa Times:

James Holmes, the man believed responsible for killing 12 people Friday during one of the largest mass shooting in U.S. history, is the grandson of a decorated military veteran who was a respected educator at prestigious York School in Monterey.

Lt. Col. Robert M. Holmes, who served in the Okinawa campaign during World War II, retired in 1963 as the last commander of the Nike missile group in San Francisco Bay. He was one of the first Turkish language students at the Army Language School, now the Defense Language Institute, graduating in 1948, a school spokesman confirmed Friday.

After his military retirement, Holmes taught math and science at York School for 17 years. He died in 1990. His wife, Mary Jane Crawford Holmes, attended Stanford University and worked at the Monterey City Library, Fort Ord Library and Pacific Grove High School before finishing her career as librarian and college counselor at York School. She died in 2010.

A 1945 graduate of Pacific Grove High School, she was also a member of numerous historical societies, including the Order of the Crown of Charlemagne, Descendants of the Ancient and Honorable Artillery Company of Boston and the Monterey Bay Colony of Mayflower Descendants, of which she served as governor.

Their personal histories, taken from their obituaries in The Monterey County Herald, are difficult to reconcile with the most indelible image of their 24-year-old grandson.

Research Credit: TR

â"

Colorado Batman Shooting Shows Obvious Signs of Being Staged

Research Credit: TR

â"

Flashback 2005: CIA Plans to Shift Work to Denver

Via: Washington Post:

The CIA has plans to relocate the headquarters of its domestic division, which is responsible for operations and recruitment in the United States, from the CIAâ(TM)s Langley headquarters to Denver, a move designed to promote innovation, according to U.S. intelligence and law enforcement officials.

About $20 million has been tentatively budgeted to relocate employees of the CIAâ(TM)s National Resources Division, officials said. A U.S. intelligence official said the planned move, confirmed by three other government officials, was being undertaken âoefor operational reasons.â

A CIA spokesman declined to comment. Other current and former intelligence officials said the Denver relocation reflects the desire of CIA Director Porter J. Goss to develop new ways to operate under cover, including setting up more front corporations and working closer with established international firms.

â"

Update: âoeI am The Jokerâ

Via: AP:

Holmes was studying neuroscience in a Ph.D. program at the University of Colorado-Denver, university spokeswoman Jacque Montgomery said. Holmes enrolled a year ago and was in the process of withdrawing at the time of the shootings, Montgomery said.

ABC News reported that Holmes told police âoeI am the Joker,â according to NYPD police commissioner Ray Kelly. The report also says Holmes had died his hair like The Joker.

â"End Updateâ"

Via: CNN:

The man suspected of shooting up an Aurora, Colorado movie theater screening the new Batman film early Friday, killing 12 and wounding 59, also left his apartment rigged with traps, police said.

âoeItâ(TM)s booby trapped with various incindiery and chemical devices and trip wires,â Aurora police chief Dan Oates said, adding that it could take days to work through the apartment safely.

Five buildings around suspect James E. Holmesâ(TM) Aurora apartment were evacuated, Oates said.

Police say Holmes, 24, dressed head-to-toe in protective tactical gear, set off two devices of some kind before spraying the theater with bullets from an AR-15 rifle, a 12-gauge shotgun and at least one of two .40-caliber handguns police recovered at the scene.

Oates said investigators are confident that Holmes acted alone.

The shooting unfolded inside a darkened theater packed with Batman fans, some in costume for the premiere of the movie âoeThe Dark Knight Rises.â Screaming, panicked moviegoers scrambled to escape from the black-clad gunman, who wore a gas mask and randomly shot as he walked up the theaterâ(TM)s steps, witnesses said.

It was a scene âoestraight out of a horror film,â said Chris Ramos, who was inside the theater.

âoeHe was just literally shooting everyone, like hunting season,â Ramos said.

Holmes surrendered without resistance within minutes of the first calls from panicked moviegoers reporting a shooting inside the Century 16 theater, Oates said. He is scheduled to appear in court on Monday, court officials said.

http://www.linkedin.com/pub/robert-holmes/4/47b/24a [linkedin.com]
http://www.leavcom.com/hm_hnc.htm [leavcom.com]
http://www.contracostatimes.com/rss/ci_21124710?source=rss [contracostatimes.com]
http://www.naturalnews.com/036536_James_Holmes_shooting_false_flag.html [naturalnews.com]
http://www.washingtonpost.com/wp-dyn/content/article/2005/05/05/AR2005050501860.html [washingtonpost.com]
http://www.abcactionnews.com/dpp/news/national/james-holmes-suspected-aurora-colorado-dark-knight-rises-shooter-i-am-the-joker [abcactionnews.com]
http://edition.cnn.com/2012/07/20/us/colorado-theater-shooting/index.html?hpt=hp_t1 [cnn.com]
http://theintelhub.com/2012/07/15/preparing-for-civil-war-chart-shows-dhs-has-bought-hundreds-of-millions-of-rounds-of-ammo-since-2009/ [theintelhub.com]

Fact? Who needs em. (1)

jxander (2605655) | about 2 years ago | (#40785385)

While TFA does say:

he managed to break into the Nokia 9 when his home-made NFC-based device is in very close proximity to the targeted smartphone ... NFC works at near-contact range

It doesn't give any actual numbers or distance measurements. Would be nice to have some actual facts and details on this. Suffice to say, if someone walks up next to me waving an unknown device around my crotch, I'm going to be a bit suspicious. The article also doesn't mention what modifications, if any, were made to the target phones. A few posters here have mentioned NFC being turned off by default. Does his methods force NFC on, or work without it? But I guess reporting accurately and completely would make this mostly a non-issue, which doesn't garner nearly as many clicks.

My quick tests with NFC (3, Informative)

witherstaff (713820) | about 2 years ago | (#40785659)

I've played with distances using a few different smart cards, a USB NFC reader, and a nexus S. I couldn't get a smartcard to read through the front of the phone or the side. I could get a USB NFC reader to detect if smartphone was placed face down. From the back it is about 3 inches with a USB reader, 1-2 inches with a smartcard.

NFC is also a battery hog. I don't see having it running all the time.

Re:Fact? Who needs em. (5, Informative)

iluvcapra (782887) | about 2 years ago | (#40785703)

Here are some videos [forbes.com] . He represents the phones as unmodified, though running an old version.

The distance isn't so much of an issue because he was able to use an NFC tag, not a transmitter, not an active device of any kind, but a mere tag to cause the phone to switch on its bluetooth radio and give him a sudoer's command line over the BT radio. An attacker could hide an NFC tag in a table or at waist level in a public place, or in a tag that's disguised to be legitimate, where people are liable to stand for more than 10 seconds: the tag cracks the phone open, and then someone with a laptop within BT distance conducts a brief session to grab what they can, or install a rootkit.

Re:Fact? Who needs em. (1)

MachDelta (704883) | about 2 years ago | (#40785759)

NFC is very short range. Centimeters. The devices would have to touch or very nearly touch, although modified attack hardware (stronger antennas) would probably allow some leeway.
NFC is enabled by default on the Galaxy Nexus and (I believe) the Nexus S. But it's trivial to disable (Settings -> More -> NFC) and AFAIK cannot be forced on unless you compromise the device via some other vector (at which point, you're already screwed).
Furthermore, the article on Ars states that most of the exploits were for Gingerbread (2.3), some of which had been patched in ICS (4.0), and that it hadn't yet been tested against Jelly Bean (4.1).

My take on it is that most enthusiasts/power users won't have to worry about it, as they're the ones who seek out updates on their own, as well as being conscious of disabling things they aren't using (such as NFC) either for security or power concerns. But, as always, there will be plenty of clueless and gullible idiots ready to be taken advantage of.

Re:Fact? Who needs em. (3, Informative)

wierd_w (1375923) | about 2 years ago | (#40786309)

The near field is within the first 1.5 wavelengths of the frequency used. It has certain special properties related to it having a higher (proportionally) density of virtual photons entangled with the source antenna than does the far field.

(A connection on the near field will actively change the resistance and resonance characteristics of the signalling antenna, where a far field connection will not.)

Giving a set distance is moot. Saying it is near field is accurate, and sufficient. The distance in which NFC is possible is inseperable from the chosen comm frequency. A very short wavelength frequency will have a very tiny near field. A long wavelength frequency will have a very large near field.

Cellular devices in the ghz band will have only a few millimeters around the antenna as the NFC reception range.

The deal that I would consider to be the threat, is that you can't have a near field without a far field. The far field will also have broadcasted data encoded into it, and will travel much further. It could well be intercepted.

Re:Fact? Who needs em. (0)

Anonymous Coward | about 2 years ago | (#40786923)

FYI: NFC is at 13.5MHz.
1 wavelength is 22.12 meters, so 1.5 wavelength = 33.18 meters or 108.9 feet.

Re:Fact? Who needs em. (1)

wierd_w (1375923) | about 2 years ago | (#40787177)

They are probably relying on the fact that the falloff of the energy is inverse cube, and that total energy in the antenna is very very low.

Communication probably has more to do with antenna coupling than with actual carrier wave data.

However, signal only falls off to approaching zero. It never reaches it. It instead is more appropriately described as signal entropy, where the signal is lost to random fluctuations. However, a cleverly designed listening device inside the nearfield zone could get useful signal through coupling, even at very low power if done correctly.

You would need a powered antenna in the same frequency range as a driven element, and a small reciever antenna with a rectifier. It would work a lot like a driven element AM radio antenna.

(You basically use your own high powered antenna as a reference source, and use the weak interference of the distant NFC device to induce subtle variances through wave reinforcement/cancellation. Your rectified reception antenna cancells the reference signal, leaving only the amplified "noise" signal, which, since it is inside the near field of the target device, will have a high probability of being the secret message.)

The drawback is that a properly designed NFC device could detect this through the resonance it would induce in the comm antenna.

(The near field has both electrical charge oscillations and EM wave oscillations. The far field only has em waves. Your antenna knows the frequency, and makes use of both the charge and wave oscillation nature of the near field to recover the noisy signal. Only the real signal will also have the charge component! However, inducting the charge component will result in current drop in the broadcasting antenna. It can be detected.)

Out-of-band comm + PKE = enough security (5, Interesting)

davidwr (791652) | about 2 years ago | (#40785503)

One, both sides of the conversation should know "something" about who they are talking to before engaging or continuing a transaction.

"Enough" may be nothing more than making sure a man-in-the-middle hasn't taken over the conversation.

Second, any conversation has to begin at a minimum trust level - basically "I don't trust you, you don't trust me, here's my name-of-the-day, what should I call you today?" level.

Some people have suggested public key cryptography. While this is cool, it may be simpler to use "out of band" communication to verify identities. Since phones have cameras and screens, these can provide the necessary out of band communications.

Scenario:

Say I'm at the Burger Bar and I want to buy something using my phone. My phone doesn't trust the radio signal pretending to be Burger Bar's, and Burger Bar doesn't trust that my phone isn't someone else's phone nearby.

So I use my phone to take a picture of a display at the Burger Bar order counter. This picture has a QR code for Burger Bar's public key or web site that has the public key, as well as a second, changing QR code that is my transaction ID plus some randomness. I encrypt all of this plus my made-up-on-the-spot public key plus a made-up QR code using Burger Bar's public key. I display this QR code on my phone and put it in range of the small camera at the register. Burger Bar's computer checks the QR code against what I just transmitted to verify it's my phone it's talking to.

Now we can talk to each other securely and, thanks to the ordinary security cameras that show me holding my phone close to the order counter, in a difficult-to-repudiate way.

I didn't have to give Burger Bar my phone's serial number. I didn't have to give it any identification beyond what our banks need to transact business, just as if I were using a traditional credit card or debit card payment. If we are using bit-coin or something similar, I didn't even have to give them that much - true anonymity.

Now I go enjoy my meal. Oh wait, this is Burger Bar we are talking about. Now I go ingest my mass quantities.

Burger Bar really doesn't have to use its own public key. Like me, it can make up one for this transaction. It's the taking-a-picture of the public key and transaction code that make this secure against a radio-only intercept. If there is a risk that the transaction code picture or my phone's on-screen QR code will be intercepted, it's easy enough to let the two devices look at each other in a way that's very difficult to "peek into."

Re:Out-of-band comm + PKE = enough security (4, Insightful)

vux984 (928602) | about 2 years ago | (#40785721)

Well, yes, that's all great...

But the problem you need to solve is "paying for a burger with less effort than using a debit / credit card" while not being less secure.

Your solution passes on being more secure, but fails dismally at being easier.

Re:Out-of-band comm + PKE = enough security (0)

Anonymous Coward | about 2 years ago | (#40786351)

So make it simpler. Have the display and camera attached to the cash register. Hold phone in between them, NFC signal triggers the QR key exchange, proceed with transaction.

Re:Out-of-band comm + PKE = enough security (0)

Anonymous Coward | about 2 years ago | (#40786449)

But the problem you need to solve is "paying for a burger with less effort than using a debit / credit card" while not being less secure.

A click of the camera is easier than a signature. Plus, it doesn't to be "easier" it just needs to be roughly equal because not having to carry a card separate from the phone is already a benefit.

Re:Out-of-band comm + PKE = enough security (0)

Anonymous Coward | about 2 years ago | (#40788055)

Cash?

Re:Out-of-band comm + PKE = enough security (1)

Overzeetop (214511) | about 2 years ago | (#40790477)

Have you ever seen your average order taker/waiter try to make change?

Re:Out-of-band comm + PKE = enough security (1)

Anonymous Coward | about 2 years ago | (#40786391)

this is about 2x more complicated than it needs to be. you don't need the nfc part at all to do this securely! also, the bitcoin wallet for android already does it.

Re:Out-of-band comm + PKE = enough security (1)

Anonymous Coward | about 2 years ago | (#40786483)

What about malicious QR codes?

Re:Out-of-band comm + PKE = enough security (1)

ghn (2469034) | about 2 years ago | (#40786897)

Nice write-up. Extremely complex and awkward in every way if you think of it in real life and according to the current state of technoloy.

Here's my version of a secure transaction at Burger bar

Ask for combo #1

Hand of five dollar bill

Get combo #1 and some change

No trace left and no security risk.

Sure, I need to acquire and carry said 5$ bill in a safe and secure manner, but they way I do it RIGHT NOW satisfies my need for privacy and security.

Re:Out-of-band comm + PKE = enough security (0)

Anonymous Coward | about 2 years ago | (#40790061)

Hand of five dollar bill

Get combo #1 and some change

Get asked for the remaining balance. Pay remaining balance. Get combo #1.

There, fixed that for you.

How many Nexus S in the field are vulnerable? (0)

Anonymous Coward | about 2 years ago | (#40785623)

The Nexus S in question was only running Gingerbread, the latest version of Android to be exploitable in this way. All Nexus S devices have had Ice Cream Sandwich available via OTA update for a long time, and most are getting Jelly Bean now. I'd imagine the number of vulnerable devices in the wild is incredibly low.

Re:How many Nexus S in the field are vulnerable? (1)

admdrew (782761) | about 2 years ago | (#40787065)

AC:

The Nexus S in question was only running Gingerbread, the latest version of Android to be exploitable in this way. All Nexus S devices have had Ice Cream Sandwich available via OTA update for a long time, and most are getting Jelly Bean now. I'd imagine the number of vulnerable devices in the wild is incredibly low.

Yup, exactly:
http://www.androidcentral.com/android-nfc-hack-cool-not-new-or-dangerous [androidcentral.com]

NFC is too Functional (5, Interesting)

Jah-Wren Ryel (80510) | about 2 years ago | (#40785707)

I've long thought that NFC was a disaster waiting to happen - or really a never-ending series of disasters, just as each one is patched-over a new one will appear.

The problem is that NFC's functionallity is all out of proportion to the problem it is intended to solve. It's kind of like adding a video display when all you need is an LED indicator light. NFC is supposed to handle short and fast communications between devices that are in very close proximity. Stuff like exchanging v-cards, electronic payments at the register, kickstarting ad-hoc wifi connections, etc.

None of that stuff requires radio communications and even though NFC is designed for broadcast ranges of a couple of centimeters, that never stops the bad guy from using high-powered transmitters and ultra-sensitive antennas to do their dirty work from a more comfortable and non-obvious location.

I believe that almost everything that NFC is likely to ever be useful for could also be done with no extra hardware. Just use the camera already built into every smart-phone to take a picture of a 2d-barcode displayed by the other device. That gets you physical access controls limited by line of site and a window of opportunity limited to the second or so that the user explicitly presses the camera button.

Re:NFC is too Functional (0)

Anonymous Coward | about 2 years ago | (#40788445)

Or use ancient technology: an infrared LED like a remote control uses, or old Palm devices used. The disadvantage that it is only line-of-sight and that it can be easily blocked is ... actually an advantage in terms of security. And it's dirt cheap to implement and in terms of power use.

Re:NFC is too Functional (1)

Inda (580031) | about 2 years ago | (#40789137)

"that never stops the bad guy from using high-powered transmitters and ultra-sensitive antennas "

I know pretty much nothing about NFC, but why can't the handshake, if there is such a thing, why can't it measure the distance between the two objects?

1ms ping back means the objects are close
10ms, the objects are too far away, handshake failure.

Re:NFC is too Functional (0)

Anonymous Coward | about 2 years ago | (#40793771)

Hi-powered long-distance attacks aren't the only vulnerability, just the first most obvious one.

Re:NFC is too Functional (0)

Anonymous Coward | about 2 years ago | (#40794909)

Because light can travel 10km both ways in less than 1ms, so it will probably take longer to process the ping request than the signal would take to travel to the attacker and back and thus the margin of error in the distance calculation would be too large.

NFC for authentication (3, Interesting)

jbeaupre (752124) | about 2 years ago | (#40785741)

The discussion about single point login got me thinking. Rather than having some server out there become a single point of failure, how about a device you carry with you that stores the multitude of logins and passwords? Smart phones seem capable of just that.

Has anyone come across using NFC on a phone as a login/password authentication method? Store all of your login and passwords on the phone. Then when prompted for login info (website, laptop login, etc), you use your phone.

Yeah, a whole new security nightmare. But the idea still appeals to me.

Not really a problem for Android any longer. (-1)

Anonymous Coward | about 2 years ago | (#40785807)

This only applies to old versions of Android (pre-Honeycomb) and phones that have NFC chips. Considering basically every Android phone that has an NFC chip has Ice Cream Sandwich available to it (and, soon, Jelly Bean), this is a non-issue.

Heh, last week /. editor timothy claimed Apple... (0)

Anonymous Coward | about 2 years ago | (#40786431)

was the vulnerable one and that Charlie Miller would hack an iPhone.

Heh.

Where Out Thou Good Nazi (0)

Anonymous Coward | about 2 years ago | (#40786465)

The General of the NSA was going to cum in during a Wagner Waltz and masturbate his way to the hearts and minds of the attended.

Where Out Thou O'Great Good Nazi?

LoL

Overrated... (2, Insightful)

Anonymous Coward | about 2 years ago | (#40787647)

Unfortunately, like most web sites, slashdot brings this article way too sensational, omitting most of the facts that make this a lot less impressive and worrisome.

First, at least on Android devices, NFC is only enabled when the screen is on and unlocked. That means that nobody can just walk by you and communicate to your device over NFC. You need to be already working with your phone.

Second, there is the range. NFC typically only works one or two inches away, and the two devices interacting need to be aligned properly as well. Somebody literally needs to put a phone back to yours to make this work. Of course, range could be expanded a bit with some seriously large gear, but it is still extremely difficult to align to such a small antenna from a distance. And remember, your phone's screen needs to be and unlocked. You'll notice when someone comes that close to you or your phone.

Third, you can't just pull data from an Android device over NFC. You need to confirm that you want to push data. What Charlie did was to push a web link over NFC to a remote device. Because there was a bug in webkit on the remote device (only on 4.0.1), this allowed him to execute code. If he had entered the URL manually, or scanned a QR code, the same would have happened. It's true that Android does not ask for confirmation when *receiving* data over NFC. That said, most users would click *yes* anyway on such confirmations. And there are more effective ways to exploit webkit bugs (sending mass e-mails, just putting a link to the malicious URL on a popular website).

Seems like a good time (0)

Anonymous Coward | about 2 years ago | (#40788853)

to drop a nuke on Las Vegas.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...