December 29, 2014

4G Security: Hacking USB Modem and SIM Card via SMS

Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as well as to access a subscriber account on a mobile operator portal. Additionally, attacks on a SIM card using a binary SMS allow an intruder to sniff and decrypt traffic or lock the SIM.

December 2, 2014

DDoS attack over Load Balancer: secure your cookies!

In security analysis, we deal with various network devices, both well-known and rare ones. Among the latter, load balancers can be singled out. Today we would like to talk about session persistence methods of F5 BIG-IP load balancer. As we found out, an intruder is able to attack such a system and bypass the specified load balancing algorithm by manipulating with cookies’ value.

What is load balancer? It’s a network device that distributes application traffic between servers and allows to control and change traffic characteristics due to specified parameters. When using applications, a client session should be served by the same server. For this purpose BIG-IP monitors and saves session information, which includes an address of a certain web server that serves the client. This information is used mainly for sending client requests to one and the same web server during the session lifetime.