Tuesday, 11 December 2012

The DCRI explains how to hack a smartphone

"You can do anything," the French domestic intelligence service. Scary.
We were intrigued by looking the conference program managers Club Business Security (CDSE), which was held in Paris on Thursday. Document promising indeed a "demonstration on cyber capabilities by a representative of the DCRI," the French domestic intelligence service. We did not hesitate for a second: we went. And we were not disappointed.

If the Commissioner of the Central Directorate of Internal Intelligence (DCRI) did not demo "live" to avoid the risk of "revealing photos of the mistress of one of the participants," he explained, however, how it was easy to hack a smartphone, screenshots support. His goal: to raise the awareness of computer security companies. Smartphones employees are already an important tool for industrial espionage and state. The DCRI has made "an educational presentation of risk that a company or public organization."

Software that does everything

"Today, the level of awareness of the risk is zero," lamented Commissioner noting that the penetration rate of 10% of smartphones antivirus is the rate of PC equipment in 1990. And smartphone, "it's like a computer hacker." The scenario presented by the DCRI is the snatching an iPhone, but nobody is fooled: it feels lived, as they say ...

"In 30 seconds, the thief was extracted Sim", which means "the operator can not erase the data on the phone remotely." Then just the thief to retrieve data "with software that does everything" and costs "the price of three tickets for the Rolling Stones." Between 400 and 1500 euros (depending on placement!). The phone lock code passes the pot in a few minutes. "A four-digit code is broken into three to ten minutes, depending on the device."

"Apple, a castle the drawbridge cardboard"

And bad news for geeks: the phone is more powerful, the processor quickly break his own code using the famous software. The six-digit codes take up to 50 hours, and the eight-digit codes, up to 165 days."Everything can be broken, but the important thing here is to slow down the access to sensitive information," to have time to take the necessary measures, such as changing passwords and security keys. And that eight figures, it is, unless you put the date of birth or that of one of his relatives, too obvious a spy.

Once the phone lock code broken, the software attack "keychain", a file gathering many sensitive information. Time required: 40 minutes. And do not be fooled by appearances: "Apple is a castle ... with the drawbridge is cardboard," quipped Commissioner. With the keychain spy find all your personal information. Everything. Credentials to connect to your email, access codes to your corporate network, all the places you went through the GPS memory, all Wi-Fi codes that you ever recorded, the history of your web browser, your photos and geolocation accompanying possibly your banking credentials if you installed the application from your bank, etc.. "After a flight smartphone, who thinks his key to change Wi-Fi on his way home?" asks the man. With good reason ...

Your data legible to 15 meters

Side of NFC (Near Field Contact) technology for information exchange without contact used in smartphones, but also in the metro cards or identity documents, the situation is alarming. If manufacturers ensure that the data reading can be done at three centimeters a terminal, the DCRI to collect this information says 15 meters, or 500 times farther away. A frightening revelation if one considers the respect for privacy. Especially when banks offer credit cards NFC, and payment tools integrated into smartphones via NFC.

"Anyone could scan your bank, even at three centimeters. This can easily happen in the subway, for example", explains the Commissioner. With a range of 15 meters, it is impossible not to think the worst science fiction scenarios where people are tracked down wherever they go ... Hollywood simply had not imagined that it would be via the subway cards or credit cards ...

The presentation of the Commissioner of the DCRI had the merit to raise security officers in the room. To drive the point home, he distributed to the end of his speech a video taken with a hidden camera in a room of "Asian hotel" where we see security guards to look the contents of a telephone European visitor during his absence. Lesson of the day: the smartphone is the perfect tool for espionage. And conclude with a quote from the actor and comedian Francis Blanche: "It is better to think of change as change the dressing." Try to think ...

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...