This is an interesting page for how to make secure internet connections from an Android phone. I’ve not gone through all of it yet, but it looks like it’s on the right track.
The basic process is to “root” your Android phone (that is, get “Administrator” or “SuperUser” rights), then set it up so that all of the internet traffic from it is routed through an SSH connection (Secure SHell) to a remote server. One that can be purchased / rented at an ISP, or your home device / computer.
This is particularly useful, IMHO, if you “mix it up” with a couple of options.
First off, it gives a great way to leverage a Raspberry Pi. It would be a great, minimal, SSH server. So one of them can be the “home server” that then does the connection out to the internet. Further, it can be set up to use Onion Routing if desired. So on one level, you have a secure connect from your phone to a trusted connect and it helps lock down folks snooping at your phone on open networks. Your traffic is still ‘trackable’ in that it is now shown as coming from your home box, so is tagged as ‘you’. But run that traffic through Onion Routing from your home box, and that too disappears. Now you have a largely untrackable internet connection with very hard to identify origin and exit. (I’m not saying “impossible” simply because it does depend on Onion Routing and that is an exterior service outside your control / proof – but it looks fairly secure and private.)
Second, nothing prevents having a couple of SSH server options. So “day to day” you could use the “home server” and “from time to time” you could swap to a secondary server (commercial or “group shared” or foreign open server) when desiring to “mix it up” a little. Now, for example, someone wanting to get a ‘warrant’ to look at the traffic on that server would need to deal with a foreign government that might not be so impressed with an FBI warrant.
Finally, IMHO, nothing but desire to do the work and the performance loss of multi-hop prevents layering on servers. Bounce off one to route through another. (This isn’t as big a feature as you might think. Each ‘bounce’ added is one more attack point. It obscures the trail, but adds exposure points.) While I’d likely not go that far, not seeing much reason to do so, it is an interesting option. So, for example, say you had a friend in Belize, they could set up a private encrypted tunnel to your computer at your home. Now each of you can connect to either computer and exit at the other location. Each of you is now “originating” your traffic in a country other than where your phone is located. (Be sure you are both comfortable with getting warrants served to demand looking at ‘your server’… This is where having that RPi with volatile memory, no logs, and a ‘disposable system’ image comes in handy. Just pull power and hand them the now useless $35 to $50 of parts… Those ‘very worried’ can just house the RPi inside a box where opening the lid chops power. Can’t take it without a power cut.)
OK, the link:
http://lifehacker.com/5803880/how-to-encrypt-all-internet-use-on-your-android-phone
Exposures:
This isn’t an entirely secure solution. There are still exposures.
The software on the phone, Android, is large and complex and can be hacked. If, at any time you connect to the internet, even through secure tunnels, it is possible that someone can do an attack on the phone operating system. From Phishing attacks to inserting ‘tools’ via a ‘click me’ or app. Once the phone is hacked, it can send information to a target receiver through whatever kind of secure tunnel you have set up. In an ideal situation, you would run your own secured OS on the phone instead, but for most folks, that’s way too much trouble. As a secondary level, since the phone is ‘rooted’, you could simply restore the OS (Android) from a known clean copy each time you wished to assure the phone had not been compromised. (So, for example, if the last week you were just on vacation in Spain and didn’t really care about folks knowing you were telling your Sister about the beaches, why reload each day? Once home, clean the phone of any ‘warez’ by a reload. Then start doing business again.)
Your phone, being connected to a phone service provider, is still a beacon of your location and traffic. You can be tagged and bagged at any time by any ‘agency’ that wants you. You are broadcasting that you have your traffic routed through your server as all your traffic will have that IP number showing it’s not going to the usual internet places. A smart agent will finger that IP and scour it prior to moving on you and your phone. Then they can also see the ‘outbound’ from that IP. (Thus the benefit of having it Onion Route or secure tunnel to another jurisdiction. All they get is “talking to Belize”…)
It is, of course, possible to have a primary phone used for all ‘day to day’ things, and a less ‘visible’ phone used for secure things. So if someone is ‘tagging’ you, the ‘burner’ phone gets used and ‘recycled’ while you continue to have cover traffic on “your phone”. There are two aspects to this. One is that if YOU get a ‘disposable phone service’, that will show up in records, but you are adding a time element. Now a second tap (and potentially second approval) is needed. Don’t know if that is a 10 day timer, or a 10 hour timer, but there is a ‘first use’ window of opportunity to do some untrackable activity. The second option is to simply have friends willing to do the ‘straw man’ purchase of the phone service. So your secure traffic shows up on phone from “Susy in N.Y.C” not you, nor your friend in Belize. (That will ‘have issues’ if doing anything criminal since it becomes ‘conspiracy to FOO’ and its own crime. It also ‘has issues’ if you are being ‘contact traced’ as ‘friends’ will also come under observation. So ‘use sparingly’… and don’t do criminal things.)
There may well be some other modes of exposure that I’ve not thought up, just realize that while this method complicates things for the attacker, it is not 100% secure against all modes of monitoring and attack. It does provide a much better level of security compared to the ordinary internet connection and, with some indirections and private servers, can reduce the effectiveness of ‘official’ monitoring.
For “private group” communications, where a private email server (for example) is shared between a group of private routing servers, it can be a great security enhancement. In that case, you open a SSH connection from your phone to the SSH server, then your email goes to the private group server (never being on a public or ISP based server) and only shared out to the recipients and then only over their SSH tunnels. Now if the email is not saved, it can not be recovered by ‘agencies’. Further, the email server itself can be made ‘volatile’ saving no information and subject to the same ‘jurisdictional’ relocations and power cut ‘features’. So even email ‘in transit’ can be made hard to access even if you know there is a private mail server, and where it is located.
Such mail servers can be made very secure from hacking – simply placed behind a firewall that ONLY allows mail protocol traffic and nothing else, and being stripped of any facilities (software) other than mail serving and security. Now if the mail “spool” file where mail in transit ‘lives’ is in a RAM disk, any power cut and the mail is gone. With no logging, no record of prior mails, all mail through secure encrypted tunnels. It’s darned hard to get any message information. Essentially, you have to hack the phone and pick it up once decrypted there. Hard to do that if the phone never connects to the public internet… (all traffic through the SSH tunnel and not going on to the internet for browsing or other things.) Still possible if there is a ‘hack’ into the phone directly from the ISP that avoids the tunneling. (i.e. if Android has a back door for ‘agencies’ or the ISP takes over the phone and downloads an ‘update’ to the OS… why just ‘rooting’ the phone isn’t quite enough. You also need to be able to really fully secure the OS against change…)
OK, not perfect, but a very nice option for many kinds of use.
Will I be doing this?
Most likely not. Unfortunately, my life is way too uninteresting to have any use for this ‘feature’. Frankly, all I use my phone for is phone calls. (Some folks send me text messages, but I rarely originate any more interesting than “pick up milk” and “I’m running late”.) I don’t even use the ‘web features’ on it. The screen being all of about 2 inches wide, it’s pretty useless for anything. Even text messages require a certain amount of finding the glasses and squinting… Not something I like doing.
Oh, and my phone is about a decade old and does not have Android on it… details details ;-)
So why the interest?
Because I’m a Computer Geek who spent years securing sites against attack. It’s just “what I do” to be interested in such things. You might as well ask a professional dancer not to dance just because they had no audience.
Also, we’ve reached an unfortunate point. It is now the case that the erosion of personal privacy and personal rights has become so extreme that I find myself increasingly alienated from the goals of our world governments, and increasingly aligned with the folks that advocate for personal liberties. In short, the largest risk is a mix of things, but with a lot of “Government Sponsored” activity. (Both Chinese Hacker groups with probable government sponsors, and our own USA / UK / EU western governments abusing citizens for ‘protection’ against ‘terrorists’.) So to the extent I see solutions to that problem, well, I’m going to note them. We all need to start being more skilled at such security protections.
Some notes from the page:
When you connect to a public Wi-Fi network, your Android phone is susceptible to the same sorts of attacks as a laptop—as demonstrated by the Android data vulnerability exposed a few days ago. The solution to securing your communication is simple: You have to encrypt it. Here’s how to set up an SSH tunnel as a cheap, easy method to encrypt all your Android phone’s data.
[…]
Normally, you don’t need to worry about encryption on your phone because you’re already using your carrier’s mobile data connection, which in and of itself is pretty secure already, if only because you’re the only person using it. The problem arises when you connect to public Wi-Fi. On public Wi-Fi, anybody can listen in on everyone else’s web traffic with the right tools, and in doing so, potentially gain access to things like your social networks, your email, or worse.SSH Tunneling allows your phone to create a secure, encrypted connection to a server located far away from the public Wi-Fi, and run all your data through that connection (like a tunnel). The Wi-Fi connection you’re using may not be secure, but when you’re using an SSH tunnel, your data will be. See our previous guide to encrypt your web browsing session using this method on a computer for the desktop version of this guide.
There are interesting links in the article as well.
FWIW, I’ve set up company networks where we had bought some other companies, so had ‘diverse’ sites and needed rapid integration. One of the things we would do is set up an encrypted tunnel (VPN Virtual Private Network) between sites and then ‘join’ the internal networks with adjustments of the routing tables. The idea of a ‘private network’ connected with encrypted tunnels over a public internet is common practice and can be made very secure. That level of the security and privacy process is pretty well vetted and locked down.
IMHO, the biggest risk is at the level of the ‘desktop’ (increasingly a laptop of palmtop) where the typical Microsoft OS is quite porous and easily hacked. With everyone and their brother visiting all sorts of web sites, and with even such fundamental layers of software as Java being subject to hacking and with large holes in them, the largest risk is just that the ‘desktop’ gets hacked and then opens its own tunnel out to the hacker who is then ‘inside your house’. So all the above is “nice to have”, but if the desktop or palmtop is not secured, and you visit the wrong places, you will be hacked. That’s why I’m looking at (and sporadically using) “boot new each time” servers like CD-ROM based ‘Live Linux’ releases and RPi on a chip that can be reloaded from time to time. As it is no longer possible to secure the desktop against being hacked (thanks MicroSoft and Oracle / Java…) it is necessary to have a ‘fresh start’ checkpoint reset before doing things that need security (like, oh, logging into a stock trading account or paying bills on line…)
Given that, to use this method most effectively, you really ought to have a clean Android release that can be secured, and reloaded into the phone from time to time. This means some hacking skills of your own. And a secure server for the release of software (best choice is to write all ‘clean’ copies of software to CD or DVD in my opinion. And not rewritable ones… A locked SD card is almost as good.) In that way, you could periodically flush and hacks out of the phone and reload a clean base system. Yes, it’s a timer until the next time you ‘click a link’ to something that’s a honey pot and cracks into the phone. But it’s better than just being hacked and doing nothing. Maybe someday folks, like Oracle and Microsoft, will care more about security. Maybe.
So that’s the story for today. This may slightly shift my focus on the RPi from a ‘desktop’ to a ‘server’ for a little while. It ought to be fairly quick to set up as an SSH server (or at least quick to explore) and will not need an HDMI interface (still saving my nickles for that $400 TV ;-) Having my own VPN at home would be nice anyway. Then when the laptop and I are at Starbucks, I could VPN into home and be encrypted ‘end to end’. I’ve run my own Linux mail server (many times) and there would also be a benefit in having that running again. Then even email would be ‘inside the tent’. I have my own DNS “caching server” on the same box, though it has been turned off for a couple of years. That is a security and performance feature. It helps protect against DNS based attacks and it allows you to ‘blackhole’ some address ranges. It also gives very fast (near instant) DNS resolutions on frequently used addresses and when folks are doing a Denial Of Service attack on DNS, you still get fast resolves of what you use regularly.
All in all, I can see a significant benefit from a RPi server with email, caching DNS, and VPN / SSH tunnels as a basic “server appliance”. Then with laptop VPN or with an Android SSH, any of my “public site” traffic is encrypted and tunneled and reflected off my own server. For other “close friends”, we could then set up private email exchanges over our own VPN / SSH tunnels and with private network numbers (i.e. non-routable to the internet) and with multiple ‘exits’ to the internet, one from each site, traffic to the internet could be routed out in various places as needed (so, say your country blocks some sites, you could exit in another country). At this point, I think the fastest path to the most benefit is likely that RPi server appliance, and a laptop with a Live CD or VirtualBox “desktop” to provide the interface. With a RPi desktop to come later.
Who knows, maybe someday I’ll even get an Android phone and add it to the mix ;-)
Now if only I was doing something important and had some reason to care about all this, I’d be all set!
;-)
(It’s still fun to do it, but it was more fun when, for 7 years at Apple, we were under constant attack and kept them out. It’s kind of a ‘rush’ to have that bit of victory each day. On one occasion what looked like a Russian attack could not get in, so was routing through our boundary router to a U.S. Military site. They got hacked, but not us. Yes, we called the site – after we hacked in and got their phone number – and told them they were under attack. Also called the FBI. But that’s another story… Somehow the energy level isn’t quite as high, when what you are protecting is pictures of a Pile Of Bricks BBQ. Oh Well. It’s still fun.)
Musings from the Chiefio 
Looks like others have already been exploring SSH on RPi:
http://www.raspberrypi.org/phpBB3/viewtopic.php?t=5167&f=5
I would add to that a step of mv boot.rc boot.rc.old to save the original in case you wanted to change back. (Assuming there is already a boot.rc in place)
It goes on to talk about VNC – Virtual Network Computing. Something I’ve not used. Looks like others have been adding remote computing desktop features while I’ve been not paying attention.
https://help.ubuntu.com/community/VNC
Given this, it looks like it might be easiest for me to forget the HDMI interface, and just use VNC (once configured using the dreaded NTSC TV Monitor ;-) to run the thing from any of my other machines (acting as window server boxes).
I’d dreaded the whole ‘setting up X-Windows’ thing (having done it too many times), but PuTTY wasn’t that hard to do on the PC, and it looks like the RPi side is simplified from the old long hand ways of the past.
OK, looks like the ‘project of the week’ is to get the RPi running ‘headless’ as an SSH server and then start adding services. (Eventually to include figuring out how to get to it through the Telco controlled firewall settings on the router… While it’s nice that they do the work, it’s a PITA when you can’t see the config or change things as needed. Oh Well… Just another chance to demonstrate skilz…)
So, one RPi to become a headless ‘internal secure server’, reached initially via PuTTY on the laptop, then via same over SSH / VPN from Starbucks. Then set up caching DNS and email relay. The other RPi as a ‘headless’ redirection box (i.e. it plugs into the laptop) remotely. Now anyone has to get through THAT RPi to get to the laptop, and traffic looks to originate from the IP of that RPi. Laptop being only a Virtual “thin client” keyboard and display, has nothing on it. That RPi can have the dongle ditched and the MAC goes with it. It, too, contains nothing of interest. That leaves the ‘add a keyboard and display’ for carry to Starbucks as a ‘someday’ task. As any old laptop can be the virtual display and keyboard, just getting a craptop for $30 off Ebay gives a disposable option for about the cost of parts to make a dedicated one.
Hmmm…. I think I’m liking this. RPi in a “paperback book” sized box with a USB power connect to the laptop and WiFi dongle. Dedicated ethernet cable to the laptop (no wireless snoop to the laptop, no MAC of laptop visible). Call it done.
Something goes “bump”, pull the USB / Enet cable and SD chip and walk away. “Your Laptop” has nearly nothing on it. The RPi is now generic hardware and the “dongle” has the identifiable MAC so depending on circumstances, you burn it, toss it, or leave it. No clunky keyboard / mouse / display build and nothing that ties you to operations of things (unless on a TV monitor – so trench coat, hat, and glasses optional. Guy Fawkes mask over the top, IMHO ;-)
@ EM – “Get Milk” that sounds like code words to me.
This is very interesting stuff. I cringe at the daily loss of privacy and think things like this are great. My life is also boring, but I wouldn’t mind setting some of this up, but my knowledge is very lacking in this area and your threads are very enlightening. You should seriously consider writing a detailed step by step, how to book.
If you send anything out of the country (email) can it be encrypted without breaking the law?
Tor was a step for me, but this is great.
I have always wondered how hackers were so successful, I would love to have you walk us through what you would do if you were hacking. Don’t know if their are legalities on such things but it would be nice to understand better.
Very interesting!
I read elsewhere (was it the BBC?) about using a CD of a Linux system to boot from to do the home banking. What turned me off was the fact that I use Keypass to keep details in, only you can’t with a CD. The other option was using a USB thumb and again having a dual boot PC. I downloaded Ubuntu and with some additional software (can’t remember, it was a few weeks ago) installed the Linux on the thumb. Worked fine to start with, then the Ubuntu wanted to update. That messed it up completely. Undetered I tried again with a new install which worked for a day or two and then messed itself up again. Not having your skills by a long way I gave up at that point.
I’ve had an up/down relationship with Linux for years. I think that unless you are lucky or a geek there are good chances of finding Linux is incompatible with ones PC; either the latter is too old or too new. Apart from the thumb episode it is some years since I last tried. Pity, I like Linux when it is working. I was surprised how well the Ubuntu integrated until it crashed.
Best wishes, and thanks for your blog.
Tim.
@Tim:
One of my ‘pet peeves’ is the way M.S. has trained people into what are, from my point of view, ‘bad habits’. It is now substantially even being built into software. So the ubiquitous ‘self updating’. This is guaranteed to toss you into Compatibility Hell. Just a question of when.
The excuse, of course, is the “need” for rapid “security updates”. The reality is that, built well, there would be no such “need”.
So I basically NEVER turn on “auto update” on anything if at all possible to avoid it. (It also gives a nice easy ‘entry point’ for any ‘agency’ wishing access to your box. Just flash the badge and arrange the ‘special’ update for you…)
Because Ubuntu is in love with “auto update”, I tend to not use it. (Well, that, and the fact that it’s a big pig of a resource scrounge and has the idea that it is in charge of my machine, not me…)
Yes, there’s that “too old or too new” problem. FWIW there are some “legacy” releases around. (I’ve kept a pretty big set of them) for running on things like old x486 boxes. and Pentiums. Mostly it’s a memory size issue as newer releases have been built ‘way fat’. Often using Puppy or Knoppix or related gets things running on small memory machines. (In my last posting on this I noted the use of an old Toyshiba laptop for low end of performance testing with releases… and I do mean old… 20 years?)
So first off, I’d suggest starting from a different Linux release, then not having it auto-update. Once all the stars are aligned, lock that sucker down. (In fact, one of the old style security cross checks was to have a hidden list of file sizes and checksums. Periodically, a daemon runs to recalculate and compare (which can be done on a different machine via an Network File System mount, so anyone watching on the target machine doesn’t see it and can’t stop it…) IFF any file changes, it sends a “squawk” to the SysAdmin who investigates for system crackers and other hackers and / or an update that was not approved… Locked down is good.)
I’ve also been favorably impressed with Virtual Box for some uses. It’s a bit finicky on some releases and it’s slower on all of them, but has potential.
But don’t give up. After a while Linux becomes your friend…
If you haven’t seen them, there are some prior articles here:
https://chiefio.wordpress.com/2012/10/25/first-safer-appliance-computer-torrent-and-browsing/
https://chiefio.wordpress.com/2012/10/27/i-ought-to-have-gone-danish-for-secure-linux/
@BobN:
Yes, they are code words. Code for “I made the damn tea before checking the fridge and now I’ve got tea and no milk, damn it. Guess I’ll turn it into bad iced tea even though it’s frosty in the yard. Damn it.”
;-)
Yes, things sent out of country can be encrypted (at least for the USA, and, I think, the EU – not for China IIRC) then again, part of the ‘art’ is ignoring such petty things as ‘legality’…
(only 1/2 ;-)
Everyone starts off knowing nothing. It’s an eternal learning curve. Merit comes just from being one page ahead of the next guy. (Old joke / computer geek aphorism: “An expert is the guy who has read one page further ahead in the manual.”…)
Per “book”: The “step by step” is the end stage. Right now you are watching me do the “explore and learn” (in some cases ‘re-learn’) stage. Yes, I’m “learning by doing”. So, for example, I’ve never run an ARM chip before nor dealt with Linux on one. That’s all new to me. Similarly, that VNC thing. (I know something similar that is now likely ‘old and deprecated’…) So on those things, you are my equal. We are both starting from dead zero.
Now, I will learn some bits faster as I have a fundamental Unix / Linux skill set. Then again, when an “unlearn” moment comes along, I’m down the rabbit hole doing the wrong thing until I realize someone changed things… You will just keep making steady progress…
There are “legalities” on everything. Yet one can say “this is how a hack is done” (how else could I have taught my computer forensics session that involved how to crack into boxes for folks in law enforcement? Yes, I’m a ‘white hat teacher’. Or have been.)
I’ll give a short idea here, but likely do a bit more later. Frankly, though, there are system crack kits you can just download and run these days. A lot of the fun is gone from it when you are not discovering the weaknesses and holes…
So generally, “cracking” is the act of breaking into a box. “Hacking” is commonly used to mean system cracking, but also “in the community” has a meaning of “skilled at getting around problems”. Thus the “ethical hacking”. So just fix in your mind that “Hacker” does NOT mean “bad guy”… To “hack together a fix” is commonly used to mean “Fixed the problem so the client can run while we get the vendor to update a broken bit.”
OK, that out of the way, every hack depends on a vulnerability. Somebody writing some code did something sloppy. Some are trivial, some are very very trick. There are as many vulnerabilities are there computer codes; and then some. So “how to do it” in detail constantly mutates as various vulnerabilities rise and are fixed. There are security sites that post the details of the latest vulnerabilities and exploits for SysAdmins to be notified what to fix. Yes, that means “black hats” can see that too and use it as an ‘exploit library’. But, by definition, if it is on one of those boards, it’s already known and circulating to the black hats. (They have their own chat rooms, boards, etc.)
One trivial “how to” is find some “warez” on line and download a system cracking kit. Then just run it. Those folks are called “script kiddies”… It’s not got much status.
At the other extreme, there are folks who get a new release of some software and start probing it for indications of ‘weakness’ and finding ways to exploit that. Sometimes very indirect and exquisitely unique. Those are the highest status.
In between are most of the rest. Folks who use known, but not yet well defended, weaknesses. They mostly just look for systems that are not yet “fully locked down” and then use a known library of attacks to gain administrator privileges. At that point, they can install whatever they want, including code that lets them in easily (a ‘back door’. Sometimes the exploit is a back door left in by the software maker… or mandated by ‘agencies’… those are the best ;-) you get access, and get to ‘spit in the eye’ of the stupids who put it there…)
So any given example will be out of date fairly quickly. The current ‘hot button’ is the exposures in Java. To the best of my understanding, Oracle has still not got it fully locked down. (but I haven’t looked in a while). You can follow the story / links from here:
https://chiefio.wordpress.com/2012/11/14/disable-java/
if you like.
I’ll give a fairly understandable example. It’s also one that I personally “invented” while in school.
Way back in ancient times of the ’70s (that makes it safe to discuss too ;-) we had a Burroughs B6700 dual processor computer on campus. It had a nice FORTRAN compiler with some interesting “extensions”. Anything “added” is usually not nearly as secured as the core… One of the things it did was it let you do “random writes” to files. Open a file of 10,000 records, then just write a new value into record 8000. Great for making databases in FORTRAN (that was never intended for databases)….
Well, I got to thinking. When I first created a file, it didn’t have any time lag. Even on big files. How could I close a file today, open it tomorrow, have my “stuff” still be there, if it did anything to the “stuff”? What was the “stuff” in my file when I first opened it? The manual said, per that ‘random record write’ feature, that it was ‘my responsibility’ to zero that file on first opening. OK, so something is in it. What?
At that point, a peculiar aspect of that operating system comes into play. It used all “free disk space” as “swap space” where the computer could temporarily store bits of things from memory if some running program needed to use that memory. Even bits of system information. AND: it did not erase that data / disk when done as that would slow things down. A Lot.
When I opened a file “Write record 1, Write record 100,000” then closed it; I captured 99,998 records of “random stuff” that included some ‘swap space’ that included some system work. It was then nearly trivial to read the file looking for “assword:” and print out any such lines.
For the rest of my time at University I had unlimited computer time. (At the time, it was parceled out in little bits of ‘accounts’ with bogus dollars assigned to it.)
Or, rather, I would have had unlimited time…
I shared this ‘exploit’ with a friend (who later got a Ph.D in Physics) who thought it interesting, and using a ‘gathered’ account, decided to print stuff out. As his second box of printout was coming out, the operator was wondering who was printing whole boxes of green striped paper… Looking at it, figured out it was NOT what that person usually did, then waited for the friend to show up to collect the paper…
He got to talk to the Admins for a good long time… but didn’t finger me. He ended up with a job at the data center IIRC (they did that then, coopt the folks doing ‘interesting things’, as it was not a crime then.) FWIW, the vendor didn’t fix that particular exploit for many months. (Maybe a year or two?). The performance penalty would have been large, and they thought it was ‘under wraps’. Every so often I’d ‘test it’ to see if it still worked…. It worked for a long time.
So that, in a nutshell, is how a ‘hack’ is done. Software comes out. “Some Guy” pushes on some soft part of it, and finds an interesting behaviour, then adds a second bit (that search for ‘assword’ or a phish or…) and turns it into an exploit.
Another example is even easier. The language of choice on that machine was Algol. ( I really like it, but it is, sadly, not common any more.) One of the neat things it let you do was that one program could ‘spawn’ another one. So program A could start program B via “start B”.
Now, an operator could ‘discontinue’ a program by typing “ds {process number}”, but an operator is way slower than the computer. IFF the operator ever really pissed someone off, an interesting thing could be done via two programs. One named A the other named B:
A: start B;
GoTo A;
B: start A;
GoTo B;
Now you need only type “start A” or “start B” on your terminal and an exponential explosion of processes would begin. This would be fine ‘for a while’, but as they eventually filled all memory, they would then spill into swap as well over running the process table that also ended up swapping.
The operator would for a while try “DSing” processes, but eventually catch on that this was a losing game. Eventually the system slowed to a functional stop, and they would reboot. For about 1/2 hour they would be dealing with angry phone calls from the user community.
Best done from an account “not your own”… which is where that first ‘exploit’ comes in handy…
Have I mentioned lately that “It’s a bad idea to annoy the geek.”?
At any rate, time passed and I ended up on the operations side of things for a living (about a decade into my career) defending against such things. So there is a balance to the universe ;-) (We won’t talk about the time an engineer inside the company ‘got root’ on one of my boxes and I had to take it, and him, down. We had a policy of ‘trusting inside’ and he was not honoring that trust…)
So hopefully that gives you an idea how it all is done. The specifics change, but the overall stays the same. “Security Exploit” in the first case of illicit access. “Denial Of Service” attack in the second (though they were not named yet, then…)
Very interesting read. Do you still have MAC Skills, OSX Snow Leopard? 10.6.8
You might like this: 20 awesome Rasberry projects: http://www.treehugger.com/slideshows/gadgets/20-awesome-projects-raspberry-pi-microcomputers/
RPi compares to Ricomagik or MiniAnd MK808? Better built?
From kindle
@EM – Thanks so much for your comments, very interesting stuff. I designed mainframes in my early days and only learned enough to properly debug the hardware. Its funny, we never discussed any aspects of design that might affect security. I suspect that was a legacy of the day and its much different today. You just gave me enough info to start my learning, thank you.
@R de Haan:
Yup. Under the skins it’s a Mach kernel, so basically a Unix-oid. We have mostly Macs in the house, other than the LInux I use a lot and the ONE M.S. laptop…
I’m on 10.x.x for my Mac, but don’t know the minor numbers off the top of my head. At least one of the machines is Snow Leopard.
@Pouncer:
Not familiar with the other ones, I’ll look them up. The RPi is most notable for being incredibly cheap. So making “disposable systems” from it is ‘easy’ on the wallet…
@BobN:
You are welcome. There was an evolution from the ’70s when “just make it work” was the goal, through the ’80s when “keep it functional and add on some security” came along to the ’90s when it became “Hey, what’s your security system” to the 00’s when “security built in” started going somewhere, but the “Internet Software” started adding user level holes faster than the systems side could cover them.
Now, in the ‘teens, we’ve got porous systems and folks are mostly just deciding that’s OK, go ahead and let the Chinese steal everything, the Russians into everywhere, and the Islamists break anything they want and steal all the money they need. Sad, really. “Security” is an add on feel good anti-virus package that doesn’t do anything against significant threats, just keeps the annoyance level down.
Oh Well… ;-)
So now I look paranoid, when all I’m trying to do is get 1/2 the security level I used to have as a minimum. Sigh.
Well, off to make dinner. Back a bit later…
I tried Ubuntu a few years back, RH, too, for that matter. My impression of Ubuntu was that it was a Windows wannabe. I dumped it for my true love, Debian. At least Debian is polite, never doing doing what you haven’t asked it to do. RH (I ran a RH web server with all that entails) struck me as unsane, but that may be because of Debian’s so very logical structure.
@Gary Turner:
RH was good in the beginning. Somewhere around Fedora it went off the rails. Agree on the Ubuntu comments. It’s for folks who want a Windoze replacement…
I’d not used Debian until lately. During the “First Safer Appliance” effort, I decided to “Give it a go”. (My major issue for years was the lack of a CD install for it. The early releases wanted to install off the internet and I was on 56 kb Modem…). Now I’m pretty much sold on it.
I still think the Gentoo approach is more “me” (builds from source ON your target machine and you can inspect the source) but, frankly, it’s been a pain each time I’ve tried. “Maybe Someday”…
I’ve also found that the Knoppix / Puppy / CrunchBang (#!)/ Privatix / SliTaz / etc. Linux on a CD with small memory foot print and RAM disk based function are great for “single use” boot and go. Not so good for building “production services” nor for “ongoing desktop” as personal state / data are volatile. Still working out the ‘kinks’ of save state files… Many of them are built on a Knoppix core, so have the same great hardware discovery. But each has so far also had ‘some issues’ (detailed in the prior posting). CrunchBang is a Debian system, so you might like it for a ‘boot and go’ option. IIRC Privatix is also Debian based. (But if you use the browser NOT via Onion Routing, it turns into a CPU suck – that’s a FireFox bug so likely fixed “Real Soon Now” ;-)
Well, I’ve left a CrunchBang ‘server’ up for about 5 days now, so ought to go check on it. The first time it filled up the root file system (in RAMdisk) with log files in /var/log and then a lot of other stuff could not be run. I’ve ‘dealt with that’ and now left it up to see what else happens to it. Being designed for “Boot, use session, shutdown” it likely has not been through ‘endurance testing’ with running live for a month ;-)
Ah, the joys of self defense…
@E.M “Yup. Under the skins it’s a Mach kernel, so basically a Unix-oid. We have mostly Macs in the house, other than the LInux I use a lot and the ONE M.S. laptop…
I’m on 10.x.x for my Mac, but don’t know the minor numbers off the top of my head. At least one of the machines is Snow Leopard.”
I use snow leopard and snow leopard server edition. Full administrator rights and root password set etc. Recently I found out that my password is no longer accepted by Terminal so de facto, I no longer control my own computers, 2 x iMac, 1 x Macbook Pro. Another observation is that my permissions (restored with disk utility) are screwed up. I have been looking for malware but didn’t find anything (use Sophus for virus/malware protection. Also use TOR Browser bundle and Videlia when I surf the web visiting unknown sites or on the move with the Pro. Maybe the Deutsche Nachrichtendienst, the CIA or the Chinese abuse my Macs, since anybody using TOR is either regarded a criminal or a child molester by the authorities(LOL), The forums chatter about a conflict between adobe and apple software responsible for the screw up of the permissions but I have not found a really helpful posting. Did you ever have a similar experience?
I had some permissions issues when a disk started to fail and some inodes (information nodes – disk / file content information for each file) started losing bits of oxide. Also had a permissions screwup when the hardware was repaired once (keyboard replaced, larger disk) and they “updated” my OS and also reset root to not be owned by me…
Unfortunately, one of the “differences” of MacOS vs Linux / Unix is the emphasis on “Apple controlled security”. That is, Apple is anathema to you having root and controlling things. So your “disk utility” may well have made assumptions about permissions and who owns root along with any other system updates. That would be my first guess.
I’d look at where in the file system the permissions ‘screw up’; was concentrated. System files? User files? Random? If it’s concentrated in your user files, I’d suspect some software / malware run by you with your permissions (knowingly, or not). If it’s concentrated in system files, I’d suspect some malware or ‘security mis-feature’ having issues (and quite possibly an attempted malware insertion that failed as it was not expecting a Mac but a regular Linux). Random files ‘having issues’ and maybe one or two completely non-readable with disk errors, I’d dump the data now and have the disk replaced if it is over a few years of regular use… the possibility of loss of oxide and cascade failure of the surface is not worth the $100 for a new disk.
OK, “fixing it”. First thing to do is a full system backup / dump. Now you can recover if any ‘bad thing’ happens. I use a USB disk as they are cheap and hold a lot of data.
IF you are talking about some kind of system management / root access permission instead of file permissions, then I’ve gone down the rabbit hole and the following is misguided advice…
Inspect syslog for disk error messages. (I’m not certain Apple writes disk errors to syslog, so that would need to be validated first).
Next, you do a ‘system update’ with original Apple media. That ought to reset any file permissions or broken bits to the original status. Now you can run disk testing programs to see if the hardware “has issues” or not. ( It can be as simple as looking in the syslog for disk errors, doing a whole lot of disk read / write, then looking again.) IFF there are no disk errors, I’d then proceed to seeing if the software “update” fixed the odd permissions (identify some sample files before doing the update that can be checked after). It’s a toss up if any given ‘update’ simply puts in changed files, or puts in all the files overwriting the old ones.
IFF the system update doesn’t fix it, and the hardware is testing as OK, then you have a choice:
IF the permissions errors are concentrated in your user space, system updates are not going to fix them. Even if they are in system space, you might end up in this option. This is the ‘Fix it long hand’ choice. Find the files with wrong permissions and reset them. It can be simple (if it is only a few well identified files) or it can take days (if there are lots of them that are screwed up, all over, and you don’t know what they are supposed to be, so need to find a model to follow). For those in “your space” you can sometimes use a simple script like a “find $HOME -exec chown myid ;” (exact syntax subject to memory faults on my part, so check the man page ;-)
IF the permissions errors are huge, and/or all over the place and you just can’t get them all by hand; or if worried about an infected system: It is reasonable to do the “scrub and re-install”. At that point I’d make a second backup copy of “my stuff” and any installed non-system software and test it before scrubbing anything. Most paranoid is to then format the disk, reinstall the OS from original media, install any added software, and put back your user files. Less paranoid is just install the OS from scratch without a full format the disk.
I’d put more time in up front on ‘diagnosis’ before taking any of those paths. You really want to know what the “problem” is, both in nature and extent, before running off to “fix it”. If you have access to a second clean same release system, you can make lists of file permissions and “diff” them. So things like “ls -l /etc” in each system then “diff list.one list.two”. If things are the same, you get no output (but there ought to be some differences – log files of different sizes, /etc files with different modified dates). Some judicious setting of “ls flags” and use of editors (like sed stream editor) can cut that ‘data’ down to just permissions and file names for less ‘hits’ on benign differences like modification date. (Though usually on a first pass I want to find changed mod dates and make sure ‘static’ files have not been modified…a flag of malware attack) It is also possible to “mount” the suspect file system as a network mounted file system onto the ‘analysis’ system and then just do a the work directly from the analysis host.
Hope that helps.
Thanks E. M, great suggestions from an academic thinker. When I use Skype (use it a lot), I normally have processor use around 10 to 15 %. Over the past time I noticed processor use went up to 75 to 80%, resulting in a very hot powerbook and the iMac revving it’s vents. Activity Monitor showed a long list of active “agent programs” Yesterday I installed a program called Net barrier which has the nice property that it lists programs triggering data exchange, shows it they are incoming or outgoing and when you click the name you’re directly the files is opened at location. Until now all the programs I checked were Apple, Adobe, MS progs running bezirk. Now the only thing that happened is that Microsoft took over Skype, introduced a skype update and strarted to collect information. I installed an older Skype version and the processor kept it’s cool. Just moments ago Sophus detected a Trojan Keygen FY on a memory stick I used so maybe I’ve solved the problem. I never worried or had to worry about the mac systems/software in the past although I think the current OSX has become less stable compared to the early version I used when I ran the MAC II, but that was in an other century when the hardware set you back 50k for a bundle with scanner and laser printer and software took another 100k. For this money you had a magic box, the laser printer was a money machine and Apple Service the best in the world.
Today you make a Ram upgrade on an IMac and risk rigging the entire hardware since everything is taped together and connectors simply break loose from the mother board.
I really think Apple should fresh up old product quality standards, improve it’s software and stop playing control freak at the costs of it’s users. Anyhow, many thanks for the input.
I took a 30 day free trial for NetBarrier which came in a bundle with Virusbarrier. Virusbarrier didn’t detect the malware Sophos found. So I wrote a message to the Virus/Netbarrier developers and told them why I signed up for a 30day free trial because I had “issues” with my computers and found out their virus program was crap, sending the scan report and the Trojan with it. Well, they gave me the keys for permanent use for free for 5 systems but didn’t come up with an explanation why their software didn’t detect a trojan that’s around since 2011. I think this has become standard in the business. They are riding a wild horse and don’t know where the front or the back of the horse is. As long as companies think they can solve technical problems with their PR department……. what a world.
Just installed waterroof http://download.cnet.com/WaterRoof/3000-10435_4-126498.html
Hi E.M.
That sounds really interesting, especially the VPN part. The only caveat would be the need to have a fixed IP Address (some ISP’s give their customers this option for a fee), or having to use something like dyn-dns.org and setting up port forwarding on the router.
I’m currently setting mine up as a server, and I had hoped to try and use Python for the full stack. Although Python make it easy to initiate requests, they don’t have a standalone module that serves pages and handles all the rest of the stuff.
Instead you have to install apache or nginx or lighttpd, then get a WSGI server, then get an application framework, then connect them all together and hope, well let’s just say I can see why Python on the web hasn’t caught on. I’d go over to PHP in a New York minute, but I want to be able to access the Pi at a low level, and there’s lots of Python stuff for that.
I went for nginx. It’s small, very fast, and uses very little resources, perfect for the Pi. It also has IMAP / POP3 straight out of the box, and I had it installed and running in minutes. It gets my vote. If you want to have another Pi to bounce yours off of, just let me know how you’d like it set, and I’ll happily do it.
@Paul Hanlon:
I’m still a ways away from having anything ready to ‘bounce’, but when I get there, I’ll holler if I need it. My old college roomie lives about 10 miles away and we get together once a week, plus he wrote code for H.P. for decades and is a darned good geek; so my present plan is to loan him one of my two RPi’s for any debug session. He also has control of his router (unlike me, stuck with the Telco) so any “is the router the problem”? can be sorted there. He’s also coaching a robotics team right now so is interested in small smart CPU boards with pinouts making him easy to recruit ;-) Oh, and he has a static IP…
FWIW, most “dynamic IP” setups have DHCP with long lease times, so you have a stable IP until a long downtime reboot happens… For my purposes (i.e. only me using it) I’m comfortable with a mutating IP on powerfails or reboots. Heck, I can find the IP each time I leave the house if I want. A static IP is really only needed for things advertized to the world.
But I’ve got more to do before I’m ready for that step. For one, I’ve got to hook it back up in my ‘cables spread over one end of the house’ mode and download / update to xVNC server on it ;-)
@R. de Haan:
One of the ‘minor’ reasons I’m going to ‘disposable generic appliance computing’ is so I can have things like a ‘Skype Server Chip’ that I put in the box when wanting to do Skype, so all M.S. ever gets is “generic unchanging box doing Skype and nothing else”. Similarly, GMail only gets “Generic unchanging box doing GMail and nothing else”. Similarly the “browser chip” can have Adobe updating its heart out on PDF and Oracle updating its heart out on Java and hackers hacking their hearts out at that mix… and I just flush it all at the end of the browsing session and reload the base chip… I’m just really really tired of everyone else in the world thinking they own the box and can do everything from re-writing my software to profiling and tracking me. (Heck, I looked at Coleman Stoves for a posting and then for 2 damn weeks has this flashing ad from some camping store trying to sell me a coleman stove generator…)
So I’ll have a stack of SD cards, and some fixed “images” and just ‘reset’ the SD card whenever I don’t like what has been done to it…
I’m pretty sure the NVC client / server solves my last “issue” in that I can still have a nice “laptop” interface, that then actually is just virtual Keyboard, Mouse, and Display on the PRi… that is the target of all the network crap…
Glad to hear you have things more or less under control. Having the information that there was a performance hit / ramp up is a key bit of info. Says somebody is doing something on the box and go to “security paranoid” tool kit not “disk / admin brain fart” tool kit… But you already know that ;-)
Tim says….I’ve had an up/down relationship with Linux for years…..
>>>>>>>>>>>>>>>>>>>>>>>>>>>
For what it is worth, my husband put Linux/ Ubuntu on my machine. It sends a message that it wants to update about once a week or so and I just cancel, otherwise no problems. Our machines are all junkyard rejects that have been wiped and Linux/ Ubuntu installed. We have one machine with Windows because it is sometimes necessary for business communications.
I am about as computer challenged as you can get and still communicate by computer BTW.
E.M.Smith says:
1 May 2013 at 3:35 am @R. de Haan:
“One of the ‘minor’ reasons I’m going to ‘disposable generic appliance computing’ is so I can have things like a ‘Skype Server Chip’ that I put in the box when wanting to do Skype”….
E. M., I 100% share your opinion about our personal freedoms being eradicated and I am in favor of any solution that puts Big Brother back in his box or offers nothing more but an “empty box” while standing in front of your door with a few green hulks with M15’s to underline the argument.
The moment Governments think they can do things better, spend more money on arms, saving the planet and internet security than they spend on educating and saving people we know what;s coming at us. I think the concept of a ‘disposable generic appliance computing” should be worked out and if possible transformed in to marketable solution for secure internet and communication.
In Germany the telecom provider until now delivered the connector box in your home and that was it. The next step was to contract an ISP, close a service contract with or without a wlan router and you were on the net. Now new regulation will make the telecom company responsible not only for the connector box but also for the router. The router of course is made in China which indicates the totalitarians have opted for similar controls. It won’t be long before we are going to need your security solutions by default. Don’t you think it would be a great idea to create a plug and play solution, hardware and software in combination with a nice manuals explaining the “rules of engagement”, Unlimited secure communication and unlimited information access and distribution is the very basis of our defense.
The next logical step is to use TOR rather than ssh. Orbot is designed to run TOR on Android. Then run VoIP over TOR for full encrypted comms (yes, GSM is encrypted, but it’s broken and the governments have a back door to listen in).
@Borepatch:
The cellphone “encryption” is near trivial. (At least, last time I looked). Easily broken.
Like the idea of VoIP through the tunnel… and I’d completely ignored that TOR is routing and not just the browser on top of it… so yeah, one could use Onion Routing for various parts of things… (though it has a performance hit).
Nice ideas…
@Gail:
I love the way Linux lets me take “obsolete” hardware from friends and turn it into high performance machines. Until the Florida Contract (where I needed an up to date Windoz Laptop for the job) I’d not bought a new M.S. afflicted PC ever. Just “hand me downs”… I’d look forward to each new M.S. “release” cycle as I’d get loads of great hardware for free.
Ubuntu is a reasonable choice, especially for folks who generally just want things to work without much technical background, but there are other releases that are a bit better for specific tasks, or after you get comfortable with the “Linux World” ;-)
As I’m a long time (’80s? ’70s?) Unix user, I like mine a bit less ‘hand holding / fat’ and more ‘lean and raw’… Then again, I’ll run as SuperUser for weeks on end (where one character out of place can kill your box. “rm -rf /tmp/trash” removes trash in the tmp scratch area while “rm -rf / tmp/trash” destroys your system. The space between the leading / and the tmp/trash tells it to ‘start at root of the file system, /, and remove absolutely everthing; then come back to the local directory and remove tmp/trash” which of course crashes part way through when it blows the system brains out via deleting critical files… It takes a special kind of person to like that… ;-)
@R. de Haan:
That’s what I’m doing. Just being a bit slow about it, as I need to do other stuff to keep the place entertaining too ;-)
The end goal is a set of postings that are all a “how to” for each step (with folks in comments adding interesting bits) and a parts list along with clear instructions. Then the sweep back through it pulls it all together into a unified package. At some point I hope to have downloadable zip files of specific configs and ‘cookbook’ man pages as well.
@ E. M @R. de Haan:
That’s what I’m doing. Just being a bit slow about it, as I need to do other stuff to keep the place entertaining too ;-)
The end goal is a set of postings that are all a “how to” for each step (with folks in comments adding interesting bits) and a parts list along with clear instructions. Then the sweep back through it pulls it all together into a unified package. At some point I hope to have downloadable zip files of specific configs and ‘cookbook’ man pages as well.”
The big worry people have is with internet banking. There is a huge market for any product that stops people worrying. This is one of them, especially if the price is right. So why don’t you write a short specification list, create workgroups and turn this into an Open Source Development project choose for a similar setup as the developers from the Raspberry undertook. If you’re intend to use two Raspberries in the system they are one of the first partners/participants.
The site you use can also be used to attract capital, even crowd funding, potential manufacturers, part manufactures. assembly partners and distributors. You can also attract testers and pre-orders with a down payment to finance the development. Now if your hardware is set and you have a good software writer this project is more than realistic.
@R. de Haan:
All true.. But first you do a ‘rapid prototype’ and find out if the whole idea is crap or not. That’s where I am now…
At this point, it’s a bit low on performance with some browsers and for many folks it would be too crappy an experience. I need to get past that point to ‘acceptable’ before hauling more folks into things. Second problem is it’s just a tad “geeky” at this stage. Though that can be left for others, later.
Essentially, I need to be comfortable that it’s a reasonable approach before advocating others to jump in on a big formal project… Probably talking maybe a month? to know? Not exactly a long time… ;-)
A bit off the topic, but it relates to security by detecting drones. I like this!
http://www.usnews.com/news/articles/2013/05/01/tiny-device-will-detect-domestic-drones
A bit off the topic, but it relates to security by detecting drones. I like this!
http://www.usnews.com/news/articles/2013/05/01/tiny-device-will-detect-domestic-drones
No, this is part of our future.
All we need now is an omni directional ice thrower or a Micro directional EMP generator to take them out.
@R. de Haan:
A friend used to design radars for the DOD. They had a nice little unit that was about 10 kW. They would watch for when the Russian radars were looking at them (the software to do that without transmitting anything was the trick part ;-) then would send a few seconds pulse down its throat. Often smoke could be seen coming from the radio room of the ‘fishing’ trawler…
Present microwave ovens have a 1 to 2 kW microwave source in them. Just add wave guide and parabolic disk from an old / defunct satellite TV antenna… It ought to nicely fry any non-DOD machines… (they have zero input protection to speak of…) Aiming and firing software and hardware as an exercise for the student ;-)
BTW, I’m maybe two weeks away from my first trial of a Raspberry Pi on a dongle as a proxy system in a Starbucks… We’ll know pretty soon if it’s going to work. As of now it sure looks like it. And not too hard either. I’ve pretty much decided to sell folks preloaded SD cards if they want one. Likely an 8 GB card (running about $10 ? for the hardware?) with everything loaded and tested for $20? Something like that. Along with a hardware list. Then it just becomes “plug it all together and load needed apps on your laptop”. (Like VNC)
I’ll have an image ready to upload somewhere at the same time, so folks wanting to “DIY” can just download and do it themselves.
Then at least you can use your laptop with one more level of indirection between the hacker and it. Android will have to come later as I don’t have any android devices ;-)
@ EM – I look forward to getting one of your cards!
I hope you got my note yesterday.
I love thinking about beat the Fed applications. Your tunneling sounds great. I hate the way they can track where you are and put a time stamp on things. It would be great if you could send an email to your home PC and the home PC could recognize the email as a special text wrapper, when it saw that special marker it would follow a protocol to build a text message and send it on via the Free PC to text messaging services. The person receiving the text would see it as coming from the PC location. The wrapper that you built the packet could have a time delay option. It receives the message at 1 PM, but the message is coded to go out at 3PM. The whole packet is encrypted between you and the home PC, but it is sent out normal. With a Wi-FI hot spot you could send texts to someone and look like your at home.
This an many more options seem doable, but I’m not very skilled at the system level, more of a firmware type of guy. Can this be done?
@BobN:
Yes, that kind of thing can be done (and fairly easily). The “hard part” is the connection to home. (I just got back from Starbucks and attempting to set up an SSH session… don’t know if my config is off or if the AT&T router is blocking me…)
In some ways it might be easier to just make a ‘mail application’ that picks up email from you sent to a dedicated “drop box” then unwraps and acts on it. All it takes is a mail agent and some re-writing rules / software.
While I’m not working on it very fast, connections to ‘home’ when on the road are a common tool folks use. Here’s a couple of example links:
http://souptonuts.sourceforge.net/sshtips.htm
http://inside.mines.edu/~gmurray/HowTo/sshNotes.html
Of course, there’s always the choice of just using the modem to “phone home”. It works, but has a 56kb speed limit…
@E.M. – The links were great. I was clueless about ssh, but I know have a pretty good idea on whats going on and how to use it. The fog is lifting. ;-)