Obama's BlackBerry still hackable, warns Mitnick President Obama's 'bullet-proof' BlackBerry might still be cracked, according to uber-hacker Kevin Mitnick. The social engineering pioneer and ex-con turned security consultant said that although breaking into the supposedly super-secure device would be difficult, it wouldn't be impossible. "It's a long shot, but it's possible …
@ "Once the address was obtained, perhaps after breaking into the PCs of Mitnick's confidants, a targeted email could be sent to Obama. This email would direct Obama to a website hosting exploit code, the scenario suggests."
Hardy hi-tech now is it? Sounds like a typical targeted spam hack attack and relies on luck as opposed to any technical genius. Is this the best that the infamous Mitnick could come up with?
/Me thinks the social engineering master has seen better days.
"Of course, the greater risk of attack against such a prime intelligence target comes from a well-resourced foreign intelligence agency rather than a common-or-garden computer hacker."
More likely his own spooks moonlighting for the previous bunch of <put your own expletive here>!
I expect that the email address is suitably obfuscated and known only to the people who forward the emails from the public address. The blackberry is likely to be one of a handful which are identical and moved around so anyone tracking the devices would have trouble working out which one is the right one and I would also expect that RIM have made some special allowances in terms of hardware and software as requested by the secret service. At the very least the web browsing will use the BES to ensure it goes through the same malware controls as the whitehouse internet access.
It isn't going to be an off the shelf BB like you or I have.
OK, as far as cunning approach'es go this is very much so old that it was current even when Mitnick hadn't even heard of prison soap.
First of you could do a elimination scan, ie rule out all other cell's by a process of elimination. Then you could home in on the cells signal, and from there work on breaking the encyption, or just force it to login to a spoofed cell. But thats if you have the time/resources to actiuon such a plan.
Personaly if I was doing a design for a president I'd have the GSM parts located elsewere with proprietry band hopping wireless from there to the handset for a start.
I'd then have everything inhouse, but lets face it - cellphones tend to need basestations which need providers, oh wait if we ran our own then we could negate all aspects of it.
Also if any browing it would be only approved (pre-vetted) sites and then you would be daft not to have a human controlled proxy in the middle, hell he's the president could employ 100 peeps to vet every page he wants to see in almost realtime :).
I'd also have some funky cpu that had say ew a encrypted instruction set which means only code encypted for that chip would actual run on it, avoiding any injection issues and taking signed code that step further.
But what would you actualy want to get at, well in all honestly it would be the emails themselfs, lets face it that would be it. Now how would you do that remotely, well you could do many things but lets keep it simple, why not use the laws of the land to actualy get a copy of said emails, perish the thought.
I'd say Mitnick is right on this count. Given the Sectera is apparently a dual-PDA, one with an unknown (but I'm sure quite secure) OS, and the other Windows Mobile... I would guess any old (well, new at least) Windows Mobile attack could affect the Sectera. But... 1) I'd assume given the concerns the Sectera omit GPS hardware, so "they" would be unable to track it even if "they" got GPS tracking software on it. 2) The photos I've seen, the secure side apparently even has a seperate little LCD display, I'd guess the WinMo and secure PDAs are electrically seperate, so any amount of screen grabs, "key" logs, etc would not show a thing from the secure side. 3) As Mitnick says, the heat would be too intense. Anyone would be a moron to even try it.
It's possible that they want to see if this can in fact be accomplished. I also agree with Kevin. See a common "hacker" would obviously not have the resources available to pull off this task.
It would take one of the following methods to really achieve something of this magnitude and the hard working folks over in Ft. Meade agree.
First, it would require a huge source/pool of cash and equipment. Simply disabling the Web browser on the RIM device is not going to "secure" the equipment. Disabling the bluetooth device, wifi, etc.. isn't going to secure the phone.
Physical access to the device with a JTAG cable and a notebook would be needed. Clone the image on the eeprom. Clone the SIM card.
Another option would be to break into the secure server at RIM where the updates are pushed out (I'm pretty sure they have a special server for his device) so not likely. However, if one were cunning enough or had inside assistance they could push out a rouge image, module or a java app that would run in the background. Something similar to a rootkit. If the firmware on the device was reversed and updated remotely the attacker could easily change the address of the remote host that the phone communicates with for updates thus allowing complete control over anything running on the device at the application layer.
Who would want to do this anyway? The guy is awesome and loved by more than many. Not all of us agree with everything he done so far, but he has been the most transparent U.S. President we have ever had. He smokes a cigarette every once and while, drinks coffee, loves to chat with average people, loves technology, promotes new ideas, loves innovation, civil liberties for everyone not just one race or two or his. He believes in equality and wants a better America and a better world. If you hack Barack your pissing on a better world. The guy is amazing and it's because of him that we are moving in a direction which makes us more competitive to the Chinese and the Russians. There are other more important things on the table then discussing vulnerable blackberry devices. Everyday we have thousands of attacks on our defense networks from foreign "entities". We need to be more focused on protecting our defenses, commercial, ideas, creativity, technology and most of all our economy.
Do yourself a favor and hack your mind into the right way of thinking. Get into college, get a job and raise a family. There is a much better reward in seeing your face on the news with hacker next to it and something you used those 1337 skills for to help people or make a difference in the world, technology or even humanity.
Real hackers get themselves into school and find jobs. You wan't a tough challenge break into life. Trust me it's a bitch and it's the greatest challenge you will ever face.
Good article though.
My title says how convinced I am of this. Despite the fact that the NSA will have done the locking down of the crackberry, they will be treating it as an unsecure device. No national security stuff will be going through it and as pointed out, GPS is disabled - so there would be nothing to gain (other than embarassment).
Not to mention that the company I work for which has only a fraction of the securiy requirements has web disabled - entirely for this reason.
Pfff again is all I can say
I've yet to see an exploit of that kind for the BlackBerry, especially as the BB has JavaScript *disabled* by default.
Anyway, as some of the others have pointed out (and the article's author as well), Obama may not be using his BB at all, but the Sectera Edge. I just hope it isn't the Windows version he's using. Oh man, a Windows box with SIPRNet access is a worse thing than having Obama use a Blackberry...
Then what? It's not like Mr. O is going to have an outgoing email saying, "OK, General, you have my approval. Nukes for Pyongyang, and make it snappy!"
Probably the worst thing you could manage would be to publish his suit measurements and embaras^H^H^H^H^H^H^Hembarrass the White house.
I did not pick the title so don't blame me!
Second, I told this reporter numerous times that I don't believe Obama uses his Blackberry device for any classified communications-- that should be a no brainer, right?
I did, however, share some attack scenarios that are feasible. One example below I used to surveill the FBI when playing the fugitive game-- which would likely work today.
Objective: Identify Obama's current cellular phone number (SIMPLE)
1. Compromise his past provider (he's likely to be using the same one).
2. Obtain past (3 months) billing records (call detail records)
3. Compromise (current) provider and perform terminating number searches for any mobile device that has dialed or received calls from the same numbers on Obama's past billing records.
4. Maintain a list of suspect devices (mobile handsets) for further analysis
5. Analyze each suspect device's call detail records looking for a similar pattern of call traffic (incoming /outgoing)
6. Narrow the list of devices down to similar call patterns
7. Pull the subscriber data (billing name, address, contact #, device info (IMEI, SIM info) or (ESN if CDMA provider)
8. Use mobile operator's intelligent network to find where the device is registered (in real time)... Is Obama near that location?
Once Obama's cellular number is identified the attacker can acquire his text messages by compromising the smsc (orable db) at the provider, determine his location via cell tower registrations, and his capture call traffic ( via real time CDR).
Objective: Obtain Obama's email address. (SIMPLE)
1. Identify Obama's close circle of friends and family.
2. Compromise these target systems (phishing, wifi, etc) and install a trojan
3. Steal authentication credentials stored on target system or via keylogger (web based email)
4. Watch email communications.. eventually the attacker may hit pay dirt.
As far as compromising his BB device, I said it would be difficult but not impossible depending on whether he uses BB's browser. The possible attack scenario I explained to the reporter was:
1. Identify vulnerability in BB's browser that allows execution of arbitrary code.
2. After compromising his provider, identify what sites Obama visits on his BB (this can be logged by an attacker in the providers intelligent network.)
3. Identify the sites visited that are not so popular (minimize the potential victims) and compromise these targets.
4. Plant exploit code to execute payload-- whatever that is...
5. Wait... and see what happens.
I brought up some others but the article omitted most of what I discussed... go figure...
Anyway, Happy Friday the 13th...
Kevin
I will leave it to Kevin Mitnick to try this one out first. Let's see if that get's him as far as it did with the bell companies. Uber Hacker?? Giving a little to0 much credit to someone that spent years in prison for getting caught not even hacking.
Anyway, As the President's blackberry is only allowed to dial certain numbers and recieve calls from certain people. Do you really think that President Obama and the secret service is going to allow for viagra adds and spam to show up on his blackberry??? Come on!!
I have more chance of Kevin Hacking socially engineering my shorts than Obama does of receiving spam.
Ridiculous!!!
....at least he is a "hacker" "smart" enough to go after the weakest link. Isn't this how he succeeded the "first" "time"?
And that's to find the dumbest person allowed to email Obama and exploit them. Now I wonder if the NSA or *whomever* allowed those few people to stick with their gmail/hotmail/whatever accounts?
This whole "location awareness" thing is being overblown.
For one thing, the President of the United States works from home, so chances are most times you'll find him at 1600 Pennsylvania Ave. As an American, I'd be upset if you took a crack at that house, but hey, that's where the man lives. It's public record.
Furthermore, just because he uses a BlackBerry doesn't mean the service has to initially run through RIM servers. I'm sure there's a nice dedicated box at a certain compound in Virginia whose sole existence in life is to happily NAT the *real* device.
Hopefully the No Such guys have a sense of humor, and leave some of the dummy-but-actively-broacasting gadgets in fun places like Yemen, Euro Disney, or a variety of "burlesque" establishments operating conveniently near the aforementioned domicile.
I could just see the hacker's face when he thinks he's found the Prez based on his IP, and it turns out to be someplace, as Messrs. Chapman, Jones, Idle, et have said, "completely different"...
Going after a hardened target like this is way beyond the resources of some dweebie hacking Sarah Palin's Yahoo account. We are talking nation state level resources here.
There are numerous ways to go about this from a technical security standpoint. I won't even speculate on all the ways it could be done.
Here is the rub...
Would BHO even know his BB had been compromised? If a nation state is ballsy enough to go after this target, they sure are not going to publicize it. They will leech information and not tell anyone. Heck, if there was ever a crisis (think of the confusion in the first hours of 9/11), they could even use the compromised BB to insert *misinformation*. VERY scary!
I personally think it is irresponsible for BHO to continue using consumer grade communications. He has the best communication technology available to him and he needs to set down his BB until 1/20/13.
@3rd Anonymous Coward, "/Me thinks the social engineering master has seen better days."
Mitnick was never as great as he wanted the world to believe. This quote is just another example of his social engineering skills covering limted technical expertise.
Why does he assume that Obama's Blackberry has no effective ACL protecting it? why does he assume that the image is not digitally signed with various hashes and reviewed frequently? Why does he assume that there are no content filters implemented on the connections it uses?
Try turning it around. Assume the guys protecting it are at least as good as you are, Kev. They may have thought of every attack you have, and taken countermeasures. They may even have thought of stuff you haven't, and forestalled that as well.
@Marty McFly, would BHO know if he was compromised? Yes, you can consider it a safe assumption that there are ways to detect a compromise. Many of us could invent one, so we should not expect anything less from the resources devoted to protecting the President of the most powerful nation-state in today's world, should we?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
