The University of London has just published news pertaining to a serious vulnerability in the popular Open Secure Shell(OpenSSH) encryption algorithm.
Their shocking revelation is that attackers are able to effectively ‘steal’ 32 bits of plaintext data in an exploit, which is active in some versions of OpenSSH on the linux platform.

This recent vulnerability has been identified as critically important because researchers have admitted to the significance of this as a major design flaw in OpenSSH.

Essentially, this is a main-in-the-middle attack with a difference. By snooping packets of data and sending them back to the server repeatedly until an error is triggered and the encryption is breached. This results in attackers slowly being able to reconstruct messages.

Whilst the vulnerability in all honesty is relatively minor as it is tremendously difficult to exploit, the fact that it exists has put a cloud of doubt over OpenSSH.
The attacks were revealed at the IEE security symposium, which was held in California, and the full details of the flaw were released into the public in order to raise awareness and force organizations to move over to more secure methods.

The security vulnerability in OpenSSH has been identified and fixed, but software professionals have admitted that this is not a weakness in coding, but a fundamental vulnerability in the design of Open SSH.

Whilst there were no reports of this vulnerability actually being exploited for any other purpose than security research, this does highlight the weaknesses that can exist when organizations rely on single layers of security. The conclusion that people should be making is that this is an example of a possible breach, and a possible breach could most likely than not be a real one before long.

Nokia 1100 - Firmware Encryption Keys Hacked

Recently, security groups have been receiving increased reports of hackers successfully intercepting SMS messages and subsequently gaining access to banking details of individuals.

This shocking revelation came to light just recently, when the security group “Ultrascan” managed to acquire not just the full working details of this exploit, but also all the hardware required.

This attack relies on the Nokia 1100 telephone, which was one of the few Nokia phones in which the firmware encryption keys have reached public domain and thus it has successfully been decrypted, reverse engineered and modified.

Hackers have managed to effectively clone a mobile phone by hacking this firmware and then by using it to eavesdrop on SMS messages, were able to intercept secure banking information and breach online security.

When used in conjunction with key loggers and other snooping tools hackers are effectively bypassing the once thought rugged security methods of European online banking.

This vulnerability essentially involves rewriting the firmware of a cell phone, and then using it as a secret receiver to eavesdrop SMS messages.

GSM security has been vulnerable to attack for a while now and the old GSM proprietary encryption algorithms have already been breached on multiple occasions.

For the average hacker, obtaining the devices is out of the question, but organized gangs of criminals who are already in the process of cloning SIM cards and conducting online fraud already are actively seeking these cellular devices.

These devices are now appearing on the black market for sale to criminals who are looking to use them to conduct cyber fraud in online banking.
Given the latest vulnerability with SMS messages, then perhaps banks and consumers need to start thinking about using some sort of encryption for all GSM communications, not just GSM voice data.