Security Scene: May 2021 Edition
By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer
Happy May! I hope everyone had a nice Mother’s Day. This is normally a bittersweet time of year for me – the students are leaving for the summer, so it’s easier to park and get dinner near campus, but it just feels so empty without them. Just me?
Many of you are probably familiar with Cellebrite, the Israeli firm that helps police and government investigators break into mobile phones owned by people under suspicion of doing bad things. And many of you are probably familiar with Moxie Marlinspike, security researcher and creator of Signal. Marlinspike had a stroke of good luck and happened upon a case of Cellebrite hardware and software, which he proceeded to analyze. While Cellebrite’s software works by exploiting unfixed bugs in IOS and Android software, they don’t seem to have hardened their own software. Marlinspike was able to put malicious files on the devices under examination, which would then be executed on the computer running the Cellebrite analyzer software. Here is his original article.
Returning to ‘Normal’
Once again on the topic of “returning to normal,” this article from Dark Reading raises some good points I hadn’t previously considered. Shutting down unused ports is basic security, but have you done this in your access layer in buildings and spots where critical infrastructure exists? How many sensitive documents have accidentally been printed to office printers, and left uncollected? Are you planning to do any checks of physical hardware security on keyboards and videoconferencing equipment that have languished in place? Regarding the skeleton crew of essential employees, have they received specific training to restrict access to sensitive locations?
This Month in Routing Security
In mid-April, there was another BGP misconfiguration that disrupted connectivity for more than 30,000 routes. Vodafone India was the source of the misconfiguration, which lasted for about 10 minutes. Doug Madory from Kentik listed the things that adjacent networks could have done to prevent propagating the incorrect routes, and I doubt you’re surprised that his recommendations line up with those from MANRS!
Our friends from NIST have released a new version of their RPKI monitor with some added analysis, features, and graphs. I note that Vodafone India, from above, is in the top 5 sources of both invalid /24s and invalid BGP-originated prefixes.
Things That May Interest Only Me
Finally, in “surprising but not really surprising” news, one of the most well-known confidence men, Frank Abagnale, may have been fibbing about his life story. I’m not really shocked by that, but I am amused.