Category Archives: uae

internet security uae

Phone numbers as default eLife WiFi keys

antsThe UAE’s internet is pretty much provided by two ISP’s: Etisalat and Du who provide broadband services to its customers.

Focusing on the largest of the two, Etisalat, they provide a eLife program that allows triple play services into the homes of their customer base, which include a WiFi network. The problem though is that many of these wireless access points are setup by Etisalat’s technicians themselves, sporting a certain convention for encryption keys; the client’s mobile phone number.

This mobile number convention is a limited keyspace, with just a few numbers short of 36 million possibilities. (8999999 * 4 prefixes). Knowing a possible key, helps tremendously in brute forcing the keys of a Wireless network. To create a list that creates all these numbers in a list, one could write that in Perl:

#!/usr/bin/perl
# generates 05[0256][1-9][0-9]{6} numbers
$| = 1;
foreach my $a (0, 2, 5, 6){
  foreach my $b (1000000..9999999){ print "05".$a.$b."\n"; }
}

*Note: this script can be optimized of course, since it will be unlikely that you’ll have networks with several repetitive numbers having a default eLife installation.

Another handy fact is that “default” eLife setups have their SSID configured as etisalat-XXXXX where XXXXX is a “random” number.

Aside from “having free Internet access” to load balance your torrent web surfing traffic, there’s a much greater risk here.

eLife is delivered with a Aztech HW550 3G wireless router. These devices have an embedded version of Linux available, and Aztech was so kind to have make the source code available. Alternatively, you can resort to OpenWRT’s efforts, but the latter might raise some suspicion if the original owners decide to change something about their WiFi network.

Now, the danger lies in the following scenario:

  • Attacker adds a backdoor into the HW550’s firmware.
  • Attacker cracks your wireless keys and accesses your network
  • Attacker accesses your wireless router (assuming you didn’t change the admin password)
  • Attacker uploads the new firmware
  • Attacker has access to your connection at all times, can use it to launch attacks and tunnel connections

Since the HW550 has a MIPS CPU of “only” 384 Mhz, and only 32 Megabytes of RAM, it can’t be used for heavy load network traffic, but you get the basic idea. Aside from creating “AP zombies”, one could redirect your traffic to do a MITM attack, etc …

So, to prevent this scenario from happening, choose a strong Wireless encryption key and change it regularly. Or, install OpenWRT yourself, or just get an other (better) Access Point.
That, and living inside a Faraday cage, so nobody picks up your wireless signals.

internet security uae

UAE issues new decree to combat cybercrime

The UAE has issues a new decree on “combating cyber crimes”. This decree, available in three parts (here, here and here) stipulates recent do’s and don’ts that amend the previous decree dated from 5 years ago.

In a world where we see religiously offensive cartoons and movements such as Occupy Wall Street, and all its derivatives; many countries in the region have had uprisings against their governments. This protests have largely been made possible due to technology.

Be warned though, although it is widely known that the promotion of prostitution and gambling is illegal in the country, some rules may not be so obvious. If you try to raise funds for a cause which isn’t authorized, you could end up in trouble.

uae

TRA to developed e-commerce “policy”

The Telecommunications Regulatory Authority (TRA) wishes to boost the online commerce in the UAE by implementing new policies, said the National.

“The TRA’s aim is to increase and boost the online transactions and the population who are using online commerce,” Ms al Jaberi said at The Internet Show in Abu Dhabi yesterday.

(The National)

Seeing this is the same department that is willing to suspend Blackberry services due to its encrypted nature; Would this mean that solely UAE payment gateways are to be used? Paypal, be worried.

uae

VoIP unblocked in the UAE, the UAE way.

skype remains blocked in the UAEAll hail, newspapers and radio’s stated that VoIP calls are now allowed in the UAE, but.. -and there’s a catch always- only “through licensed operators”.

In layman terms, VoIP calls will be billed and the prices will be set by those operators. So we’d have to wait and see if there will be big savings on VoIP calles, if any at all. The licensed operators would be:

  • Du
  • Etisalat
  • Thuraya
  • Yahsat

Of course, skype and vonage and the likes remains blocked, as they don’t generate revenue for the local market. Normal for a country with a large number of expatriates, whereby the telco’s main revenue is from overseas calls.

Thank you,
Michael

misc uae

When health warnings and math don’t go together

Health Warning - Gasoline
Health Warning - Gasoline

I got an email today from a colleague, warning about a poisonous gas called gasoline. Odd in a oil-rich country though.

If you read it, you’ll notice that 15 degrees Fahrenheit is 6 degrees Celcius or 60 degrees Celcius. In reality, 15 degrees Fahrenheit is -9 degrees Celcius. I guess this memo wasn’t really talking about Abu Dhabi’s sunshine.

Let’s assume that you don’t want to open the windows for a while when driving in -9 degrees. And that the gasoline fumes you get while filling up at a petrol station are bit more dangerous (or more fun?) then your average plastic seat covers.

fun uae

Dubai Twestival 2009

Yesterday evening, it was the Dubai Chapter of the Twestival. Twestival is a festival, organized by the Twitter community worldwide. Over 165 cities worldwide participated on this event to support the Charity Water foundation.

The Dubai chapter was held yesterday in Barasti, Mina Seyahi.

It was an amazing event, and had a great turnout. It’s very handy to put a person behind a “twitter username”, and met many new twitterers.

Thanks for the awesome team who organized it,
m1ke

uae

Another good Democamp Dubai

2 days ago, there was the 4th episode of Democamp Dubai. This event brings an opportunity for internet startups to present their product to the public – and it’s an amazing chance to do some networking and getting to know the people.

I know I blog about this event a bit late, just like I arrived too late, but hey. Better late than never 😉

I am looking forward for the following episode, I silently promised the spinbits guys to have a demo ready for that.

Thanks,
Michael

misc uae

Dubai 2.0, more transparency please

This post is not necessarily about the current credit crunch, and how Dubai is affected. Although it leans onto it.

I just had a coffee with a good friend of mine, and we were speaking about the status of Dubai, and the entire region actually and it’s corporate profiles. And what is lacking is transparency. Ironically enough, a new body is being setup to provide transparency, accountability and governance.

Anyhow, I refer to corporate transparency, what’s happening in the companies itself. I refer to blogging.

Current modern copanies, such as Sun microsystems, Facebook, Google, etc all have corporate blogs, where employees; both executive management as any other layer, talk about their strategies, challenges and outcomes.

In Dubai, very few companies do this, and especially none of the top 20 companies.

In times such as the ones we are in now, many people are unsure about what is going to happen. I don’t expect any of the Dubai top companies’ CEO’s, or other key people, to have a crystal ball and foresee the future, yet any news insights would be welcome. Rather directly instead of usual channels such as news papers.

Even prior to these less than perfect times, from an economical point of view. I am not sure about any UAE based top exec, giving in their own words how he/she is going to move the company forward, or just voice an opinion about global events.

I don’t expect that to happen anytime soon, but it’s sad, nevertheless. We’re 2009 already (ok, almost), we should follow the global trends and get away from communication means and marketing techniques that are so 90’s.

uae

Dubai Credit Card Fraudsters arrested

Dubai Police arrested a gang of Arab men, who stole over 200 million dirhams using credit cards doing online shopping, Gulf News said.

They were tipped off in August about the guys, and caught most of them now (one out of four is out of the country).

uae

UAE Banks hit by ATM fraudsters

Multiple banks issues SMS messages and emails for UAE customers to change their PIN codes. Some banks even disabled international ATM cash withdrawal (which would suck if you’re on a holiday and need cash).

So, if you are living in the UAE; it never hurts to change your pin. Which is something you should do on a regular basis anyways.