Coffee Break // Cyber News 010

I’m enjoying a café lungo this morning, with a slight breakfast of some toaster naan. Delicious—would that all the calories I eat in a day could be so toasty and savory.

The coffee is gone altogether to quickly… I consider another, but I should make myself some real food instead.

But first, let me share with you some details of a pet-project that I’m working on…

//

Penetration testing. (it sounds dirtier than it is)

Yesterday evening I spent around two hours setting up a penetration test of my family’s home security network. For those that don’t know, a penetration test is a legal, authorized attempt to compromise security frameworks in order to strengthen them.

Imagine if you put new locks on your doors, then challenged a lock-picking enthusiast to try and break in. If he’s able to get past the locks, or otherwise gain unauthorized access within the parameters you define, then you learn valuable information about where the vulnerabilities in your attack surface are, and how to mitigate or avoid that risk in the future.

Ok, that’s great, but how do we go about testing the security system in my family’s home?

First we define our objective. My goal is simple:

To gain remote access to the security cameras in the house, learning the administrator password or otherwise compromising the system by non-physical means.

Why non-physical attacks? A physical attack on the system is outside of the scope for this pen-test. I live inside the house in question—I’m literally inside of the system already.
What could I learn by walking across the house and unplugging the recorder? Nada.

So instead, we’ll see what we can leverage across the network. First stop: reconnaissance.

I boot up Kali Linux is because I don’t have many pen-testing tools installed directly on my Windows PC. Luckily, Kali Linux is chock full of them.

One of the tools I’m interested in trying out at this stage is Zenmap. Zenmap is a user interface for nmap, the command line port scanning and network mapping tool.
With Zenmap I make a list of IP addresses active on the network, and several open ports on these computers. TCP/UDP ports are like channels you can exchange information over the network with. Open ports are necessary for using the internet or your home network, but certain ports run more secure protocols than others, so leaving specific ports open potentially leaves your computer vulnerable to attack.
Think about if you locked all your doors, but forgot to lock your windows! All a burglar would need is a ladder and BAM he’s in.

After scanning the network with Zenmap for a while, I take note of a few vulnerable ports on one of the IP addresses I discovered. I’ll set that aside for now; I’m really only interested in mapping the network at the moment.

I want to find my target. To do that I need to look at the IP and MAC addresses of the devices on the system.

So, as it turns out, I don’t need really need Zenmap just yet. Just a terminal Window and Wirehsark’s OUI look-up tool will do.

Switching back to my main Window’s machine, I run an arp command to learn which IP and MAC addresses are associated on the network.

With that information in hand, it’s a simple matter to run each MAC address through Wireshark’s OUI lookup tool and identify the manufacturer for each device.

Conveniently for me, only one of them is associated with home security equipment.

Excellent; target acquired.

Unfortunately this was all the time I had for this project on Monday, but my next steps are clear: research the target device and probe it for any vulnerabilities.

I’ll post an update on this when I have time to progress the project later.

//

In the news.

In one week, the EU will vote on a proposed law that would enable governmental oversight of all communications on apps like Signal, basically bypassing the privacy guarantees of end-to-end encrypted services.
Signal indicates that it will not offer its services in Europe if the law changes. Speaking of Signal, the privacy leader is adding new encryption to it’s system that it says will be future-proofed against the rise of quantum computing. While that claim is untested, I think it’s good that companies are continuously investing in better and better encryption methods.
Since encryption stops an attacker from reading intercepted data, but not from recording it, advances in computation like quantum computing theoretically present a future vulnerability, where attackers will eventually be able to decrypt communications they captured but were unable to crack years ago.

Do you use Signal or other encrypted apps? Do you trust the end-to-end encryption they advertise?

In other news, I was mildly disappointed to see that popular communications and social forum app Discord (my go to for communicating with friends about hobbies) announced it had suffered a data breach through it’s customer support platform.
Evidently the stolen in formation included names/usernames, email and contact information, billing information, and message history with customer service agents.
Worryingly for those that reached out to Discord to settle age-verification issues, the government issued-ID they used to verify their accounts were also compromised.
I use Discord a lot in my day-to-day—it’s an important (albeit unsurprising) reminder that data breaches occur all the time, and if you had your information included in a breach yet, you likely will at some point.

It just goes to show, if you don’t want to risk information being leaked, don’t keep it in a digital format at all.