The police force in Evanston, Illinois had a problem on their hands. A mystery transmitter was blocking legal use of radio devices, car key fobs, cellphones, and other transmitters in an area of their city, and since it was also blocking 911 calls they decided to investigate it. Their first call for help went to the FCC who weren’t much use, telling them to talk to the manufacturers of the devices affected.
Eventually they approached the ARRL, the USA’s national amateur radio organisation, who sent along [Kermit Carlson, W9XA] to investigate. He fairly quickly identified the frequencies with the strongest interference and the likely spot from which it originated, and after some investigation it was traced to a recently replaced neon sign power supply. Surprisingly the supply was not replaced with a fault-free unit, its owner merely agreeing to turn it off should any further interference be reported.
The ARRL are highlighting this otherwise fairly unremarkable case to draw attention to the problem of devices appearing on the market with little or no pretence of electromagnetic compatibility compliance. In particular they are critical of the FCC’s lacklustre enforcement response in cases like this one. It’s a significant problem worldwide as huge numbers of very cheap switch-mode mains power supplies have replaced transformers in mains power applications, and in any center of population its effects can be readily seen with an HF radio in the form of a significantly raised RF noise floor. Though we have reported before on the FCC’s investigation of the noise floor problem we’d be inclined to agree with the ARRL that it is effective enforcement of EMC regulations that is key to the solution.
City of Evanston police vehicle picture, [Inventorchris] (CC BY-NC 2.0) via Flickr.
It looks like Lockheed Martin is the latest victim in what seems to be an endless string of security breaches. This time however, it does not look like a lack of security measures led to the breach. In fact, it seems that Lockheed’s implementation of a widely-trusted security tool was the attack vector this time around.
Last month we reported on the apparent compromise of RSA’s SecurID product, and while many speculated that this intrusion could lead to subsequent attacks, the firm downplayed the breach. They stated that the stolen data was unlikely to affect their customers, but as usual, the problem appears to be far larger than originally estimated.
The breadth of the intrusion is currently unknown, and with both RSA and Lockheed officials keeping mum, it may be some time before anyone knows how serious it is. When military secrets are in question however, you know it can’t be good!
SecurID is a two-factor hardware-based authentication system. It requires you to enter the number displayed on a hardware fob like the one seen above, along with the rest of your login information. It’s regarded to be a very secure method of protecting information when users are logging into a company’s secure system remotely. But as with everything else, there’s always a way to break the security. It sounds like last month someone hacked into the servers of the company that makes SecurID.
You’ll need to read between the lines of that letter from RSA (the security division of EMC) Executive Chairman [Art Coviello]. He admits that someone was poking around in their system and that they got their hands on information that relates to the SecurID system. He goes on to say that the information that the attackers grabbed doesn’t facilitate direct attacks on RSA’s customers.
We’d guess that the attackers may have what they need to brute-force a SecurID system, although perhaps they have now way to match which system belongs to which customer. What’s you’re take on the matter? Lets us know by leaving a comment.