dicula nulla est

TunnelCrack Attack leaks traffic outside VPN

Mon, 14 Aug 2023 00:00:00 +0000

Authored by KU Leuven, NYU, and NYU Abu Dhabi

Our tests indicate that every VPN product is vulnerable on at least one device. We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable. The discovered vulnerabilities can be abused regardless of the security protocol used by the VPN. (“Every VPN product” is a misjudgement, and they are not responsible for this judgement but they are responsible for fixing this accusation in their report and their website.)

The two resulting attacks are called the LocalNet and ServerIP attack. Both can be exploited when a user connects to an untrusted Wi-Fi network. Our ServerIP attack can also exploited by malicious Internet service providers. The attacks manipulate the victim’s routing table to trick the victim into sending traffic outside the protected VPN tunnel, allowing an adversary to read and intercept transmitted traffic.

LocalNet Attack

CVE-2023-36672: LocalNet attack resulting in leakage of traffic in plaintext. The reference CVSS score is 6.8.
CVE-2023-35838: LocalNet attack resulting in the blocking of traffic. The reference CVSS score is 3.1.
adversary acts as a malicious Wi-Fi or Ethernet network, and tricks the victim into connecting to this network
Here there adversary wants to intercept traffic to target.com, which has the IP address 1.2.3.4. To accomplish this, the adversary tells the victim that the local network is using the subnet 1.2.3.0/24. In other words, the victim is informed that IP addresses in the range 1.2.3.1-254 are directly reachable in the local network. When the victim now visits target.com, a web request will be sent to the IP address 1.2.3.4.

ServerIP Attack

CVE-2023-36673: ServerIP attack, combined with DNS spoofing, that can leak traffic to arbitrary IP address. The reference CVSS score is 7.4.
CVE-2023-36671: ServerIP attack where only traffic to the real IP address of the VPN server can be leaked. The reference CVSS score is 3.1.
VPNs don’t encrypt traffic towards the IP address of the VPN server
adversary first spoofs the DNS reply for vpn.com to return the IP address 1.2.3.4, which equals the IP address of target.com
victim will then connect with the VPN server at 1.2.3.4
adversary still redirects this traffic to the real VPN server
victim will add a routing rule so that all traffic to the VPN server, in this case the spoofed IP address 1.2.3.4, is sent outside the VPN tunnel

Am I affected by this vulnerability?

all built-in VPN clients of Windows, macOS, and iOS
Android 12 and higher is not
significant number of Linux VPNs
most OpenVPN profiles, when used with a vulnerable VPN client, may be

How can I learn more about TunnelCrack?

For more details about the ServerIP experiments, see our paper. Our paper behind the attack is titled Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables and will be presented at USENIX Security 2023. To prevent the attack, VPN clients should be updated to send all traffic through the VPN tunnel, except traffic generated by the VPN app itself.

References

Bibliography

@inproceedings{usenix2023-tunnelcrack,
  author = {Nian Xue and Yashaswi Malla and Zihang Xia and Christina P\"opper and Mathy Vanhoef},
  title = {Bypassing Tunnels: Leaking {VPN} Client Traffic by Abusing Routing Tables},
  booktitle = {Proceedings of the 32th {USENIX} Security Symposium},
  year = {2023},
  month = {August},
  publisher = {\{USENIX} Association}
}

What's a SIM card, and how do I secure it?

Thu, 11 May 2023 00:00:00 +0000

Perceived SIM card OPSEC

SIM cards provide a degree of privacy by allowing users to control their identity and access to mobile services, but users should also be mindful of other potential privacy risks and take appropriate measures to protect their personal information.

The Subscriber Identity Module is a topic which I have talked about on my blog before, but never at length. I’ve talked about what to do to prevent, or significantly lower the risk of, SIM swaps. But what are SIM cards? What do they store, really? I usually don’t find the need to talk about SIM cards in the realm of cybersecurity. However, it poses an interesting topic as it has received a rise in popularity as a threat rather than a convenience. Here, I will discuss the increase in cyberattacks targeting mobile phones, specifically SIM cards: (1) how do they work and (2) how do attackers leverage them for profit?

This post is not to inform hackers on techniques, tools, and procedures (“TTPs”), but rather it should be considered an informative article on the dangers of mobile phones realistically, not just as some tinfoil persona. The cellular devices that you know and use (and likely carry everywhere) are not impervious to spyware, malware and unwanted behavior, however, most people don’t fully understand these risks and the importance of having the knowledge of how to protect your phones. Some dangers involved in carrying a mobile device include tracking, spyware, surveillance, and even stalking. We’ll discuss these all in depth, and we’ll also discuss ways to prevent them, or at least decrease the likelihood of being targeted by individuals, corporations, and even the government.

Origins of the SIM card and necessity on cell networks

In the early 1990s, GSM (Group systems for mobile communications) was developed as a standard for mobile communication. It introduced the 2G protocol, which became widely used in smartphones. The first deployment of GSM took place in Finland in December 1991. Over time, GSM evolved into 3G and 4G technologies. SIM (Subscriber Identity Module) cards are used to store user information such as IMSI, ICCID, Authentication Key, Location Area Identity (LAI), and national emergency call operator details. SIM cards provide identification and authentication across different telecom operators and incorporate COMP128v1 authentication algorithms, including A3 for network security and A8 for encryption keys related to authentication key security. SIM cards come in different versions, including standard, micro, and nano.

Standard SIM: The standard SIM card, also known as a mini SIM, is the traditional form factor used in older mobile devices. It is larger in size compared to the newer versions and is gradually being phased out in favor of smaller SIM card types.
Micro SIM: The Micro SIM card is smaller than the standard SIM and was introduced to accommodate slimmer smartphones. It retains the same functionality as the standard SIM but has a reduced form factor.
Nano SIM: The Nano SIM card is the smallest SIM card type currently available and is commonly used in modern smartphones. It is significantly smaller than both the standard and micro SIM cards and requires specialized tools to handle due to its compact size.

SIM cards play a crucial role in the interaction between mobile devices and the GSM network. When a SIM card is inserted into a mobile device, it provides the necessary identification and authentication information for the device to connect to the GSM network. The SIM card stores essential data such as the International Mobile Subscriber Identity (IMSI), Integrated Circuit Card ID (ICCID), and authentication key. This information allows the device to establish a secure connection with the network and access services like voice calls, messaging, and mobile data. The GSM network uses the SIM card’s information to verify the user’s identity, authorize network access, and apply specific service features based on the user’s subscription. This interaction ensures the seamless functioning of mobile devices within the GSM network, enabling communication and access to various network services.

Real risks of SIM cards and its implications

By using the SIM card, customers can have a level of control over their personal information and access to mobile services. The SIM card allows customers to switch between different mobile devices while retaining their identity and subscribed services. This offers a level of privacy and convenience.

However, it’s important to note that while SIM cards provide some privacy protection, they do not guarantee complete privacy. Mobile network operators and authorized parties can still access certain information stored on the SIM card, such as call records and location data, for legitimate purposes like billing and providing network services. Additionally, SIM cards are subject to security vulnerabilities and can be targeted by hacking or unauthorized access attempts.

Why are hackers targeting SIM cards? Mostly for fraud, and otherwise profit. The SIM contains its own microprocessor (CPU), program memory (ROM), working memory (RAM), data memory (EPROM or E2PROM), and serial communication module. The SIM card interacts with the mobile device through a serial Input/output (I/O) connection, serving as a communication link. The T0 protocol is commonly used, defining the electrical coding for commands and responses between the mobile device and SIM card. The SIM card operates in a passive role, responding to commands from the mobile device and providing “Status Words” as responses. It cannot initiate communication with the device independently.

SIM cards pose several threats to personal information security:

Confidential information: SIM cards can store sensitive data like login IDs, passwords, and messages related to bank accounts and social networking sites, making them potential targets for unauthorized access and identity theft.
Personal and professional data: SIM cards may contain personal and professional messages, important contact information, and call logs. If accessed by unauthorized individuals, this information could be exploited for malicious purposes.
Deleted data recovery: deleted messages can potentially be recovered from SIM cards, posing a risk of privacy breaches even after data deletion.
Data persistence: SIM card data is resistant to various environmental conditions such as heat, flame, dust, moisture, stains, and magnetic fields. This persistence makes it difficult to destroy the data stored on a SIM card through ordinary means.
Physical damage: while scratches and striations may not render a SIM card unreadable, physical damage inflicted by compression marks, such as from a stone or hammer, can make the card unreadable. I prefer to use a screwdriver or drill if I have time to spare. Screwdriver and hammer to split the “fibers” of embedded chips and capacitors, and a drill to completely penetrate and destroy the platters of storage devices.
Data recovery: even if a SIM card becomes unreadable or damaged, it can potentially be read by replacing the EEPROM chip into a new SIM card or by using proper probing techniques. This highlights the need for proper disposal or secure handling of old SIM cards.

To protect private data from being easily stolen using a SIM card reader, it is recommended to break the SIM card into two pieces before discarding it, making it significantly harder for strangers or criminals to access private information.

To prevent forensic recovery and ensure the secure disposal of a SIM card, it is recommended to follow a thorough process that involves physical destruction. Here is an in-depth description of the process:

Protecting yourself against forensics

You will need a pair of pliers, scissors, or a sharp knife, as well as safety gloves to protect your hands. Remove the SIM card from the mobile device. Power off the mobile device and locate the SIM card slot. You will use a SIM card ejector tool or a small paperclip to remove the SIM card from the device.

First, disable the SIM card: access the device settings. Disable any security features or PIN codes associated with the SIM card. This step ensures that the SIM card does not prompt for authentication when attempting to access the data. When you’ve removed the SIM, physically destroy it by placing it on a flat and sturdy surface, and, using the pliers, scissors, or a sharp knife, applying pressure or cut through the SIM card. Start by severing the gold contacts and then proceed to cut or break the rest of the card into multiple pieces. Make sure to apply enough force to render the card irreparable. Dispose of the SIM card safely: once the SIM card is completely destroyed, separate the broken pieces. It is advisable to dispose of the pieces in separate trash bins or through different waste collection methods. This helps further ensure that the card cannot be reconstructed or retrieved. Remember, failure to dispose of SIM cards can result in retrieval of sensitive data. It is very important to not only physically destroy it but also not to leave the pieces in the same bin. If it’s not incinerated or degaussed, you should always use at least two bins.

By following this process, you significantly reduce the chances of forensic recovery and unauthorized access to the data stored on the SIM card. However, it’s critical to note that physical destruction does not guarantee absolute security, and if highly sensitive data is involved, additional precautions may be necessary, such as incineration or professional destruction services.

To protect yourself, follow these practices

Use strong authentication: set a strong alphanumeric passcode for your SIM card to prevent unauthorized access, or at the very least, use a long PIN. This adds an extra layer of security, ensuring that even if your device is lost or stolen, your SIM card remains protected. Most telecoms will allow a registration PIN or subscriber PIN to prevent unauthorized changing of your number or inserting into a new device without your permission. This is one of the most important steps in this article.

Enable two-factor authentication (2FA): whenever possible, enable 2FA for your mobile services. This is an additional step for authentication, typically involving a verification code sent to your SIM card, further securing your identity and preventing unauthorized access. You can use TOTP (time-based authentication mechanism) or something like a hardware key from Yubico. Store your TOTP separate from your passwords and do not keep them in your password manager, as any unauthorized access to your manager would lead to compromise of the sensitive time-based codes as well.

Regularly update software and firmware: keep your mobile device’s software and firmware up to date. Updates often include security patches and bug fixes that help protect against potential vulnerabilities and threats.

Be wary of phishing attempts: exercise caution when receiving text messages, emails, or phone calls asking for personal or sensitive information. Telecom providers typically do not request such information through unsolicited communications. Be vigilant and avoid sharing personal information unless you can verify the legitimacy of the request. Your bank and your telecom provider will never ask for your sensitive details over the phone. If they do, consider that it isn’t in your best interest to share anywhere but in person to a credentialed employee or technician.

Monitor account activities: regularly review your mobile service account activities, such as call logs, text message records, and data usage. If you notice any suspicious or unfamiliar activities, report them to your telecom provider immediately. You have the option to subscribe to services that can do this for you, either manually or automatically, like Delete Me.

Secure network connections: when accessing the internet or using mobile data, connect to secure and trusted networks. Avoid using public Wi-Fi networks, which can be susceptible to eavesdropping and data interception. Consider using a virtual private network (VPN) for additional privacy and encryption. VPNs do not offer anonymity. You could also consider use of SafingIO’s SPN Anonymity can only be offered by proper onion routing via the Tor network or the i2p network.

Protect Physical Security: keep your mobile device and SIM card in a secure location, such as a safe or loclbox. Avoid lending your device to others or leaving it unattended in public places. Do not hand your devices to strangers to make calls becasue this is a tactic used by thieves. You’d think this is common sense, but it has been used before to nab physical devices from darknet vendors and admins. Physical security of your device helps prevent unauthorized access. By following these measures, you can enhance the protection of your identity at the telecom level while using a SIM card, reducing the risk of identity theft, unauthorized access, and fraudulent activities.

In conclusion, protecting your identity while using a SIM card requires a combination of proactive measures and responsible practices. By implementing strong authentication, enabling two-factor authentication, keeping your software up to date, being vigilant against phishing attempts, monitoring account activities, securing network connections, and maintaining physical security, you can significantly enhance the protection of your personal information. Besides the registration PIN at your provider, which can be a real life-saver, remember to dispose of old SIM cards properly by physically destroying them to prevent forensic recovery. By taking these precautions, you can enjoy a safer and more secure mobile experience, reducing the risk of identity theft and unauthorized access to your sensitive data.

References

Huurdeman, A. A. (2003). The Worldwide History of Telecommunications. John Wiley & Sons.
Gudimalla, T. K. M., P, V., & Kannan, S. (2019). Survey Analysis of Cloned SIM Card. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3431642
Oyediran, O., Omoshule, A., Misra, S., Maskeliūnas, R., & Damaševičius, R. (2019). Attitude of mobile telecommunication subscribers towards sim card registration in Lagos State, Southwestern Nigeria. International Journal of System Assurance Engineering and Management, 10(4), 783–791. https://doi.org/10.1007/s13198-019-00809-6
Srivastava, A., & Vatsal, P. (2016). Forensic Importance of SIM Cards as a Digital Evidence. Journal of Forensic Research, 07(02). https://doi.org/10.4172/2157-7145.1000322

Let's talk about the "RESTRICT Act"

Tue, 28 Mar 2023 00:00:00 +0000

Let’s talk about the RESTRICT Act

The Senate text summary of S.686 - RESTRICT Act, Sen. Warner, Mark R. [D-VA] (Introduced 03/07/2023) is as follows:

“The purpose of the bill is to create a framework for the federal government to identify, assess, and address national security threats posed by certain types of information and communications technology (ICT) products and services.”

It would prohibit federal agencies from purchasing or using specific products and services. The bill would also establish a grant program to assist small and rural communication providers in replacing any equipment or services that have been deemed to pose a national security threat.

In addition, the bill would establish a program within the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the secure use of ICT products and services, and it would require the Director of National Intelligence to provide an annual report on the national security risks posed by ICT products and services.

Overall, the goal of the RESTRICT Act is to strengthen the security of the United States’ ICT infrastructure by identifying and addressing potential national security threats posed by certain ICT products and services. It also appears that it references Executive Order 13526 as well, an Order enacted by President Obama which summarily defines:

“a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism”.

Notice also the term “joint resolution” mentioned freely in its pages.

“Joint resolutions may originate either in the House of Representatives or in the Senate. There is little practical difference between a bill and a joint resolution. Both are subject to the same procedure, except for a joint resolution proposing an amendment to the Constitution. On approval of such a resolution by two-thirds of both the House and Senate, it is sent directly to the Administrator of General Services for submission to the individual states for ratification.”

If that’s too confusing, the ELI5 is this type of resolution would be used if Congress wants to disagree with a determination made by the Secretary of Commerce under Section 3 of the bill. The section sets out a specific process for considering this type of resolution, including waiving certain rules and limiting debate to 10 hours. Waiving the requirements for a vote of disapproval or approval, in either case, would be highly unethical.

What does this bill actually introduce into federal law?

creation of a framework for the identification and assessment of national security risks posed by certain ICT products and services, including the establishment of an interagency process for identifying and assessing these risks;
prohibition on federal agencies purchasing or using ICT products and services that have been identified as posing a national security risk;
creation of a grant program to assist small and rural communication providers in replacing any equipment or services that have been deemed to pose a national security risk;
establishment of a program within the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the secure use of ICT products and services;
the requirement for the Director of National Intelligence to provide an annual report on the national security risks posed by ICT products and services.

In this sense, the RESTRICT Act could be seen as a way for the federal government to exert greater control over the purchase, use, and sale of certain ICT equipment and services that are deemed to pose a national security threat. (Essentially, as it sees fit to do so.)

Yes, up to and including the VPNs and virtual credit cards services we all know and love. :(

Similar texts to S.686 with overarching legislation

S.2098 - 115th Congress (2017-2018): Foreign Investment Risk Review Modernization Act of 2018 (05/22/2018) - expands the scope of such “covered transactions”;
McCaul, Meeks, Gallagher, Langevin, Kinzinger, Keating Reintroduce the Cyber Diplomacy Act. Committee on Foreign Affairs.
Rep. Escobar, V. [D-T.-16. (2022, November 1). H.R.3557 - 117th Congress (2021-2022): Homeland Security Improvement Act.
Sen. Schumer, C. E. D-N. (2021, June 8). S.1260 - 117th Congress (2021-2022): United States Innovation and Competition Act of 2021 (06/08/2021)

On MSPs

Tue, 02 Aug 2022 00:00:00 +0000

First, let’s note a couple things about them:

paid to secure your infrastructure - can’t even secure their infrastructure a majority of the time
account for majority of large-scale attacks on FVEY by foreign gov

So can they really be trusted with our nation’s infrastructure?

Cold hard facts produce cold hard cash

GRU is performing brute force attacks since mid-2019
- incredibly easy to brute force en mass
- Russian General Staff Main Intelligence Directorate(GRU) 85^th Main Special Service Center (GTsSS)
  - GRU Conducting Global Brute Force Campaign
Microsoft advisory - NOBELIUM (pt 1)
Microsoft blog - NOBELIUM APT (pt 2)
Phishing is such a massive revenue generator, it’s used against MSPs
- Case study

MSPs don’t use basic domain protections:

multi-layer security/restriction approach involving people and processes (OSI Model)
SSO (application and network layer)
requirements engineering process ¹ [Faroom2019]
SPF and DMARC (e-mail threats)
network segregation
least privilege
depreciate obsolete accounts and processes
maintenance and updates regularly
rolling backups on-prem and in the cloud
Mandatory Access Controls (SELinux, SSO, network permissions)

These truly are basic fundamentals of security and should be utilized at the bare minimum by companies paid to protect the infrastructure and systems (e.g., applications and controllers) of SMB’s and large companies. But they’re just not. Why?

References

Zowghi, Didar & Sahraoui (2023). A Lightweight Workshop-Centric Situational Approach for the Early Stages of Requirements Elicitation in Software Development. ↩

OSI Model

Wed, 27 Jul 2022 00:00:00 +0000

Please Do Not Throw Sausage Pizza Away.

Physical - data, cables, cat6
Data - Switching. MAC addresses
Network - IP addresses, routing
Transport - TCP/UDP
Session - session management
Presentation - WMV, JPEG, MOV (media)
Application - HTTP, SMTP, etc.

Windows 11

Fri, 01 Jul 2022 00:00:00 +0000

Windows 11 is trying to take away your autonomy by imposing lockdown and - while this may not be new - it has evolved slowly into a monopoly over your data. Now you are locked into their services; their cloud, their software, their hardware modules. They have been boiling you slowly in a pot for so long, you are becoming comfortable with it, and even, in some extreme cases, you are forced to get into the water.

If you want encryption and you’re not tech savvy, you’re forced to use Windows’ encryption software (Bitlocker). If you want to save your data but aren’t tech savvy, you likely turn to easy solutions like this because it’s what is shipped in Windows Home. The average consumer is very forcibly “asked” to use their software and hardware in order to keep you so walled in that you can’t function without them. It’s very hard, as with Google and its parent company Alphabet, to switch out of this mindset.

It’s a prison but you can break free.

Using Zettlr for note-taking

Mon, 13 Jun 2022 00:00:00 +0000

I find that Zettlr [ˈset·lər] and Zotero make my life easier. I have used it to make bibliographies with several papers now, all while keeping a digital Zettelkasten. It just requires knowledge of Markdown syntax and how to use Zettlr for note-taking. The best part is how easy it is.

You just need to download the extension for Zotero which is what you will be using to create citations – without having to install plugins on the website. You simply open Zotero, create a “Collection”, then you add references as you browse. If you go to a link in your browser and click the “Save to Zotero” button for the extension (it’s available for both Firefox and Chrome/Chromium browsers), you can save multiple references in your Collection. This allows you to, when done, simply export to a bibliography in various formats. It makes note-taking a breeze and it improves your ability to read without having to stop so often to manually write up your references and lookup things. There is a very handy setting in Zotero that allows to import all metadata for a certain DOI or arxiv number, just by pasting the number into the “Add Item(s) by Identifier” button. It pulls all the information for you in a second. No more manual references. The only thing is you will have to manually set the reference pointers like I have done in this post. Numbering and setting the #refs themselves is pretty easy, just create a numbered list in the markdown editor or your IDE.

What exactly does Windows collect on you? Well..

Sun, 12 Jun 2022 00:00:00 +0000

Just from one angle, the Bluetooth and Wi-Fi?

Geo-location via Wi-Fi & Bluetooth: Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect telemetry information by default even if you never opt-in or opted-out from the start. Some like Windows will not even allow disabling telemetry completely without some technical tweaks. This information collection can be extensive and include a staggering number of details (metadata and data) on your devices and their usage.

Itemized lists:

Mitigation:

W10Privacy:

Download and install W10Privacy
Right-click > Run as administrator
Check all the recommended (Green) settings and save.
Optional but recommended (but could break things, use at your own risk), also check the orange/red settings, and save.
Reboot

WindowsSpyBlocker:

Download and run WindowsSpyBlocker
Type 1 and go into Telemetry
Type 1 and go into Firewall
Type 2 and add Spy Rules
Reboot

Also, consider using O&O ShutUp10++:

Download and run O&O ShutUp10++
Enable at least all of the recommended settings.

Settings > Privacy > Diagnostic > Delete all Data

You will need to update and re-run W10Privacy and WindowsSpyBlocker frequently and after any Windows update as they tend to silently re-enable telemetry using those updates.

As a bonus, it could be interesting to also consider hardening your Windows host. (This is a security guide, not a privacy guide.)

The Hitchhiker’s Guide to Online Anonymity

Disclaimer: I am the co-owner of THGTOA above.

Take back control of your data

Sun, 12 Jun 2022 00:00:00 +0000

Steps:

Embrace a zero trust model. Don’t rely on reactive security practices. Never trust. Always verify. Never put all your eggs into one basket.

These are ~3 things you should absolutely be doing:

1. Better passwords:

go change them all, seriously, right now!
use strong/non-unique passwords (diceware)
never mix or reuse them across services/accounts
use a password manager (preferably offline, like KeePassXC)
avoid sharing passwords and use something that notifies you of breaches (but don’t rely solely on reactive security)
enable 2FA/MFA, possibly use hardware keys/tokens
backup everything just in case
update your OS with security updates and employ active IDS/IPS (it’s not as hard as it sounds)
disable and/or avoid telemetry from your OS, browser and IoT devices
don’t use browser storage for sensitive info including passwords

2. Better browsing:

block ads at the host level (Pi-hole, DNSSEC/DNSCRYPT, /etc/hosts, router VPN)
uBlock Origin, LibRedirect, Smart Referrer
ensure website integrity (in Tor, you can verify a site’s /mirrors.txt)
use a private search engine (SearXNG, DuckDuckGo, Brave)
don’t use unnecessary extensions (cf. https://github.com/arkenfox/user.js/wiki/4.1-Extensions) - useless bullshit
use HTTPS (default in your regular browser usually)
DNS over HTTPS (DOH)
containerize and/or sanitize browsing in-between sessions, (again, Arkenfox/user.js)
minimize your footprint/fingerprint (Firefox RFP)
plain-text emails only, question all attachments from all sources

3. Practice your OPSEC:

don’t login on another person’s device and use privacy shields if you can
avoid password hints or use answers that have nothing to do with them (confuse the enemy :))
don’t use a 4-digit pin for your devices, use a strong password
minimize or eliminate the SMS 2FA for services to avoid SIM swaps
avoid using your password manager for OTP
avoid face and biometric unlocks
never reuse usernames
use a mail forwarding service to combat spam (and further confuse the enemy)
use security keys (YubiKey, etc.) for U2F/OATH/FIDO; they are resistant to phishing
personal security checklist

Removing microdots from printed documents

Thu, 09 Jun 2022 00:00:00 +0000

Anonymize your documents by removing metadata and ensure you don’t have any identifying marks embedded.

For hundreds of years, paper and printing techniques are the foundation for distribution of information. Thereby, physical documents enjoy high confidence. To have something in “black and white” carries significance. But forgery or alteration of documents are nearly as old as the history of writing. Hence the question for the originator is important. Nowadays, because of continual technological development, even individuals can print high-quality documents and duplicates. This can be done with cheap and customary devices. In addition image processing software, like GIMP or Adobe Photoshop, allows to manipulate documents and images easily. Therefore printed documents are often an issue in crimes, e.g. faked proof of identity, copyright theft, or as exhibit in a criminal case. In all this cases it could be useful for law enforcement agencies to, e.g., identify the device or model which was used to print the questionable document.

The primary focus of the research lies on the extraction of artifacts, which are originated from the print process. These artifacts emerge particularly through electromechanical imperfections and also through differences between constructions of printer models. We try to find and analyze artifacts which are stable and e.g. model specific and therefore usable as intrinsic signatures for a specific printer model. The extraction of these signatures should be conducted with customary scanner devices and image processing techniques. Simultaneously, the company Dence (cooperation partner) will investigate the scanner forensics.

The second part of the project deals with research of print-scan resilient checks of duplicates. Here the knowledge about artifacts which occur in the print and scan process represent a reliable basis. As use case the typical workflow in an insurance can be mentioned. In the event of damage, the insured person would take a photo of the damage and send it postal, together with forms, to the insurance. Afterwards the insurance will scan these documents. The insurance staff examines the event of damage on the basis of the digital reproduction. Because of the print and scan processes, which the original document went through, the question of authenticity of the document is difficulty to answer. Goal of the analysis is the implementation of an image search for duplicates, which is resilient against the print and scan process. This means, that images can also be matched, if only printed and re-digitized versions are available. The duplicate testing must be able to check an image immediately against a data pool with millions of images. From technical view, this will be realized with a distinct image hash. The challenge for the print-scan scenario is the computation of this hash. The hash value has to be equal or very similar between the original photo and the printed and re-digitized image, so that they can matched. Another difficulty is a working check for duplicates also with slight manipulations in the image (like a car scratch). All of this must be accomplished without matching false positives.

References

https://dfd.inf.tu-dresden.de/
https://github.com/dfd-tud/deda