November 22, 2024

Lax Security Exposes Voice Mail to Hacking, Study Says

But according to a study to be presented Tuesday, cellphone users in Europe and the rest of the world may be just as vulnerable as the actor Hugh Grant and other celebrities to having their personal voice mail hacked — or worse — because of outdated mobile network security.

In a study of 31 mobile operators in Europe, Morocco and Thailand, Karsten Nohl, a Berlin hacker and mobile security expert, found that many operators provided poor or weak defenses to protect consumers from illicit surveillance and identity theft.

Mr. Nohl said he was able to hack into mobile conversations and text messages and could impersonate the account identities of cellphone users in 11 countries using an inexpensive, 7-year-old Motorola cellphone and free decryption software available on the Internet. He has tested each mobile operator more than 100 times, he said, and has ranked the quality of their defenses.

He plans to present his results at a convention of the Chaos Computer Club, a hackers’ group, in Berlin, where he will open the project to researchers in other countries.

In 2009 Mr. Nohl, who runs a Berlin consulting company, Security Research Labs, published the algorithms used to encrypt voice and data conversations on GSM digital networks, which are used in Europe and elsewhere.

In an interview, Mr. Nohl said he had made sure to conduct his latest research to avoid the illegal theft of data and communications by intercepting the phone transmissions of a colleague during field tests. In random tests, he said, he ended interceptions just one or two seconds after they began.

The technique he uses focuses on deciphering the predictable, standard electronic “conversations” that take place between a cellphone and a mobile network at the beginning of each call. Typically, Mr. Nohl said, as many as 40 packets of coded information are sent back and forth, many just simple commands like, “I have a call for you,” or “Wait.”

Most operators vary little from this set-up procedure, which Mr. Nohl said allowed him to use hacking software to make high-speed, educated guesses to decipher the complex algorithmic keys networks use to encrypt transmissions. Once he derived this key, Mr. Nohl said, he was able to intercept voice and data conversations by impersonating another user to listen to their voice mails or make calls or send text messages on their mobile accounts.

Mr. Nohl said operators could easily fix this vulnerability in the GSM system, which is found in older 2G networks used by almost every cellphone, including smartphones, with a simple software patch. His research found that only two operators, T-Mobile in Germany and Swisscom in Switzerland, were already using this enhanced security measure, which involves adding a random digit to the end of each set-up command to thwart decoding. (For example, “I have a call for you 4.”)

“This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair,” Mr. Nohl said. “Often it is just a question of inertia on the part of operators, or they have other priorities, such as building their networks.”

Philip Lieberman, the chief executive and president of Lieberman Software, a company in Los Angeles that sells identity management software to large businesses and the U.S. government, said much of the digital technology that protects the privacy of cellphone calls had been developed in the 1980s and 1990s and is now ripe for attack.

That said, Mr. Lieberman added that the kind of interception being done by researchers like Mr. Nohl demands a level of skill and sophistication that is beyond the abilities of most individuals.

Article source: http://www.nytimes.com/2011/12/26/technology/26iht-hack26.html?partner=rss&emc=rss

Coaching and Much More for Chinese Students Looking to U.S.

For answers, she turned to ThinkTank Learning, a college admission consulting company from California that had recently opened an office in Shenzhen, next door to Hong Kong.

“I wanted American professionals to look at my application and shed some new light on how I could make it better,” she said.

The price was steep: 100,000 renminbi, or $15,000. But it came with a 100 percent money-back guarantee — if Ms. Lu was rejected from the nine selective U.S. universities to which she applied, her family would get a full refund.

Ms. Lu brainstormed with a ThinkTank consultant on ways to redo her admissions essay, which had originally been about playing badminton. The new version she came up with focused on a cross-strait dialogue conference that Ms. Lu had organized with high schoolers in Taiwan.

Happily for Ms. Lu and for ThinkTank, the approach worked. She has just completed her first year at the University of Pennsylvania.

As a record number of students from outside the United States compete for a limited number of spots at the most selective American colleges, companies like ThinkTank are seeking to profit from their ambitions.

In the United States, students have long turned to independent college counselors, but in recent years, larger outfits have entered the market, offering full-service designer courses, extracurricular activities and focused application assistance. These services have spread to the fast-growing and lucrative market in China.

With China sending more students to American colleges than any other country, the competition for spots at the top schools has soared. During the 2009-10 academic year, 39,947 Chinese undergraduates were studying in the United States, a 52 percent increase from the year before and about five times as many as five years earlier, according to the Institute of International Education, a U.S. organization.

But students from China can find themselves ill-prepared for the admissions process at American colleges. The education system in mainland China focuses on assiduous preparation for the national university entrance exam, the gaokao, often at the expense of extracurricular activities.

About 400 overseas education agencies — including joint Chinese-foreign schools, language training centers and college application consulting agencies — are certified by the Chinese Ministry of Education. The ministry is affiliated with the two largest application consulting agencies in China, the China Center for International Education Exchange and Chivast Education International.

Some of these agencies offer to write their clients’ college essays from scratch, train them for alumni interviews and even modify student transcripts, consultants have said.

Capitalizing on the increasingly globalized education system, ThinkTank Learning has tapped into the market in the United States and China.

The founder of the company is Steven Ma, 32, a former Wall Street analyst who started the company as a business for preparing students for college entrance tests in 2002 before expanding into application consulting in 2006, starting with seven students. In 2010, that number had risen to 300, including 75 from China. The company said it made about $7 million last year, with 50 percent from admission consulting.

ThinkTank said it was able to distill the college admissions process into an exact science, which Mr. Ma compared with genetic engineering. “We make unnatural stuff happen,” he said.

Students, whose parents often pay tens or even hundreds of thousands of dollars, are molded by ThinkTank into well-rounded, socially conscious overachievers through a regimen often beginning as early as the year before entering high school. The company designs extracurricular activities for the students; guides them in essay writing; tutors them for the SAT, the U.S. college admission exam; and helps them with meet-and-greet sessions with alumni.

“There’s a system built by colleges designed to pick out future stars and we are here to crack that system,” Mr. Ma said.

Article source: http://feeds.nytimes.com/click.phdo?i=ca082d09c173e4bd0915a7e52c4f06a9