The iWorm

Apple’s iPhone is sold as a closed device: it can only be used on the AT&T network, and only applications that are approved by Apple can be used on it.  It is, of course, basically a small general-purpose computer at heart, and some people have succeeded in an iPhone “Jailbreak” — they have managed to work around the iPhone’s security restrictions to gain access to the underlying operating system (which is basically a variant of Mac OS X, which is at heart a variant of BSD Unix).

There has been speculation for some time about the likelihood of malware attacks on smart phones, like the iPhone.  Ars Technica has an article about a worm that attacks “jailbroken” iPhones that are vulnerable in a particular way.  Although the specific worm in question is not, as a practical matter, a particularly important threat, it does serve as a “proof of concept” for constructing something considerably nastier.

Here is how this worm works.  Apparently, some users that jailbreak their phones like to leave an ssh daemon running on the phone (ssh is the secure shell remote login, which uses an encrypted connection).  The iPhone’s OS has a default password set for the root account (the super-user).  The worm uses standard port-scanning techniques to look for iPhones running ’ssh’ with a default password. The initial version of the worm just displayed a warning message about unchanged default passwords.  However, more malicious variants have been spotted.

One of these, ‘iKee.B’, was studied by researchers at SRI International.  Despite being a fairly small piece of software, it incorporates the three key functions of a botnet worm:

• It can self-propagate
• It has a malicious payload (which steals personal data)
• It periodically contacts a “command & control” server for new instructions

The real worry here is not this particular worm, which can only infect a small subset of iPhones (those that have been “jailbroken” and that still have the default root password).  It is that there is an attack platform already in existence that could be easily adapted to work via an OS exploit, or on other smart phones:

Though this example can only infect a small subset of iPhone users, extending the software to rely on a future iPhone OS exploit, or to merely infect other smartphone platforms that don’t have the same security measures as the iPhone, is relatively trivial. This has the researchers worried that smartphones could quickly become an important target for malware writers, since we continue to entrust so much personal data to the devices.

Smart phones could prove an extremely attractive target for Bad Guys who want to steal personal information, since they are frequently used to store that information, and because the limited selection of applications makes it quite easy to scan for potentially valuable data.

Big Time Cyber-Crime

I’ve written here a couple of times before about a trend that has become apparent in worm, virus, and other malware attacks: whereas they were once most like vandalism, they are now serious (criminal) business.  The attacks are often targeted at specific organizations or individuals, with the aim of stealing credentials that can be used for further mischief.

A new article on the “Threat Level” blog at Wired is another example of this development.  It describes how an international group of crooks, apparently assembled ad hoc via the Internet, carried out a chain of operations to net more than $2 million stolen from Citibank ATMs.  The article is full of interesting details, but the key sequence of events went something like this:

• Two Russian hackers attacked the public Web site of Seven-Eleven (the convenience store chain), apparently with an SQL injection attack, and managed to gain access to the company’s servers.
• The hackers used this access to collect ATM card numbers and PINs from machines located in 7-11 stores. (These machines were provided by Citibank, and apparently at least some of them were especially vulnerable, because the offered “advanced” functions, such as selling money orders, that had to be supported by a server at 7-11.)
• Using local workers recruited via the Internet, the gang then manufactured phony ATM cards, and used the captured PINs to withdraw money from ATMs in and around New York City.

The deal was organized so that the Russians provided the card numbers and PINs, the local workers got the money, and the take was split:

The deal was straightforward: They’d use the information to encode fraudulent ATM cards and withdraw cash, sending 70 percent of the take to the Russian and keeping 25 percent for themselves. Another 5 percent went for expenses.

One of the local participants also was allegedly involved in another scam to loot iWire pre-paid MasterCard accounts, which resulted in 9000 attempted withdrawals from cash machines around the world in just two days, and caused losses of approximately $5 million.

It should be apparent that this kind of organized crime operation is not the work of bored teenagers.  If you run a business, or are responsible for systems security at one, this is another wake-up call.  Just making sure that you put anti-virus on all the PCs doesn’t cut it anymore (if it ever did).  Any machine that is connected to the outside world (meaning the Internet, in particular) is a potential attack point.

New Cyber-Security Czar

The White House announced this morning that President Obama has appointed Howard Schmidt as Cyber-Security Coordinator (or “Czar”, as he will undoubtedly be called).   Mr. Schmidt has considerable experience in the area, having served as a security advisor in the Bush administration, and also as security chief at E-Bay and Microsoft.  He has worked for the FBI in computer forensics.  People in the security field generally regard him as competent and well-qualified; the major reservation about his appointment, shared by many, is that his position has a broad scope of responsibility, but very limited real authority (for example, he has no budgetary authority). Whether the position may evolve into one of greater influence remains to be seen.

The New York Times also has an article on Mr. Schmidt’s appointment.

Quantum Batteries

I’ve written here several times about potential advances in battery technology (including sodium ion batteries, rechargeable zinc-air batteries, and nuclear batteries).   Now Technology Review has an article describing another new battery technology: digital quantum batteries,  a concept proposed by a physicist at the University of Illinois at Urbana-Champaign, Alfred Hübler.  The proposed device is actually a sort of hybrid battery/capacitor:

The concept calls for billions of nanoscale capacitors and would rely on quantum effects–the weird phenomena that occur at atomic size scales–to boost energy storage

A conventional capacitor stores energy in an electric field that is created when electric charge is applied to two parallel plates. (A conventional battery, by contrast, stores chemical energy which it converts to electricity.)  Capacitors can be charged and discharged much faster than batteries, but their storage capacity is limited; apply too much charge, and electrical arcing between the plates will occur.

In Hübler’s design, the “battery” is actually an array of a large number of nanoscale capacitors.  In theory, quantum effects that manifest themselves only at such small scales would act to reduce arcing:

If capacitors were instead built as nanoscale arrays–crucially, with electrodes spaced at about 10 nanometers (or 100 atoms) apart–quantum effects ought to suppress such arcing.

If the device can be fabricated successfully, and if the theoretical calculations of its properties prove accurate, the improvement in energy storage could be substantial:

Hübler claims the resulting power density (the speed at which energy can be stored or released) could be orders of magnitude greater, and the energy density (the amount of energy that can be stored) two to 10 times greater than possible with today’s best lithium-ion and other battery technologies.

Today, the quantum battery is only a research concept, but Hübler believes that the devices could be fabricated by existing lithographic technologies used to manufacture semiconductor chips, using metals such as iron or tungsten on a silicon substrate.  He thinks that a lab prototype might be developed in about a year.  Nanoscale capacitors have been fabricated, by researchers in Korea, but the quantum battery would require millions of them to be practical.  (The concept is discussed in more detail in a paper [PDF], of which Hübler is the lead author, to be published in the journal Complexity.)

As I’ve noted before, developing new batteries and other types of energy storage technologies are critical in allowing us to shift to greater reliance on renewable energy sources like solar or wind power.  The quantum battery is one of the moe exotic concepts that has been proposed, and it’s not clear that it will become a viable product; but this kind of research is of tremendous importance to developing a sensible energy strategy for the future.

Cooking, Revisited

I’ve written here before about Prof. Richard Wrangham’s hypothesis s that cooking, in addition to being a distinctly human trait, also played a key role in shaping human evolution.  The New Scientist now has a brief recent interview with Prof. Wrangham, a professor of anthropology at Harvard, in which he discusses some of the reasoning behind the hypothesis.   He also suggests that the advent of cooking may have to some extent influenced the development of gender roles in society, a claim that will almost certainly raise some hackles; however, as Prof. Wrangham says, to make the claim is not to argue that it should be that way now.

Notes from Underground

Matt Blaze, a well-known and respected researcher in computer security, has a very interesting post on his “Exhaustive Search” blog, about a visit he made to the Titan Missile Museum in Sahuarita, AZ.  The museum is a decommissioned Titan II missle site, complete with missile (no longer functional!) and silo.  It is possible tp take a complete tour of the site, to get a first-hand look:

If you can climb a fifteen foot ladder and fit through a two foot diameter hole, you can, with a bit of advance planning, take an extensive “top-to-bottom” tour of a Titan II ICBM launch complex, complete with missile silo and missile.

Mr. Blaze took the tour, and his account of the visit is fascinating and a bit disturbing.  At the height of the Cold War, there were more than 1,000 ICBMs equipped with nuclear warheads, in silos scattered across sparsely-populated areas.  This included, from 1963 to 1984, 54 Titan II missiles, each with a 9-megaton warhead.

He was particularly interested in looking at the security systems used at the launch site, as an extreme example of the role of security trade-offs:

The control of strategic nuclear weapons can thus be considered an extreme case study in one of the most difficult — and in this case most dramatic — tradeoffs in designing secure systems: balancing high availability with strong access control.

The missiles must be ale to be launched on very short notice for a counter-attack, lest they be destroyed in an enemy “first strike”; yet, because the adversary’s missiles are at the same state of high alert, an accidental launch is unthinkable.

One of the interesting things that came out of the tour is the degree to which many of the security safeguards, once inside the silo, were procedural rather than technical.  One of the key policies was that, with a few exceptions, like the toilets, no crew member was allowed to be alone in any section of the silo.

No Lone Zone

Similarly, there was a safe containing the launch codes that required two keys to be opened, but the locks were just ordinary padlocks.  The launch consoles that required two keys to be turned to launch the missile did exist (just like in War Games), but the equipment itself was not especially secure physically.  It seems clear that the underlying security assumption was that the major danger was one of the crew more or less suddenly going crazy.  There were of course blast doors and the underground location to protect the crew and missile from external attack.

The security mechanisms once past the exterior blast doors appear to have been designed to deter individual malfeasance in the presence of other trusted people, not to resist a sustained military attack or sabotage effort. As with many computers and networks, the focus was on strong perimeter security, with far weaker mechanisms protecting against insider attack.

Of course, much of the original motivation for building these sites has disappeared, but there are still a  few hundred Minuteman III ICBMs in silos in the US.   Matt Blaze puts it well in his closing comment:

Looking up from the bottom of the silo at the little crack of sunlight 150 feet above, an obvious fact hit home for me. I realized at that moment that these things are actually aimed somewhere, somewhere not at all abstract.

(The image is Copyright © 2009 Matt Blaze, and licensed under a Creative Commons license.)