Those Magnificent Men and their Frauding Machines

I have a sort of love/hate relationship with phone spammers.  I enjoy watching them backpedal and deflect when I ask them something they can’t answer, but I hate getting called in the first place.

Four calls this afternoon from the “Computer Department” regarding my “Windows error messages”.  My standard response is “What is my IP address?”  So far I’ve been told:

  • They can’t tell me for privacy reasons
  • I’ll have to speak to the manager
  • Windows 7
  • F**k you m***erf***er

The best part is that the **** guy has called me before.  He makes it a point of honour to call me back and spout expletives when I call him on his bullshit.  Alas, he knows more English swear words than I know [Middle-Eastern | East-Indian | North-African] swear words.

Shame, really.

Part of me wants to play along and follow their instructions on a virtual machine, just to see what kind of payload they get me to install.  Part of me wants to waste as much of their time as possible.  There’s also a part of me that doesn’t want to receive heavily accented cursing through voicemail.  Which part will win?

Who is that hot ad girl?

Ahhh, Internet.  Answerer of questions.  I’ve had this Heineken commercial stuck in my head for months and wanted to know what the song was and “who is that hot ad girl?”

Well, as luck would have it, there’s a tumblr site just for this sort of thing:

Who is that hot ad girl?

For those of a similarly inquiring mind, the song is “The Golden Age” by Asteroids Galaxy Tour, and the hot ad girl is Mette Lindberg.


Dragon ID’s mobile unlock by voice

A brief but interesting story on GigaOm.

Nuance, the company behind the Dragon family of voice recognition products, is promoting a mobile app called Dragon ID.  The app acts as a replacement for standard user authorization schemes like PINs or swipe patterns by matching speech characteristics of a user against a known set of characteristics.  It’s the old “My voice is my passport” idea that we (or at least I) saw in “Sneakers“; the user speaks a phrase into the device, the device checks to see if the user’s speech has the same x, y, and z as the real Mr. User, and accepts or rejects the attempt.

At first blush this looks like a UX winner.  The user doesn’t have to remember any complicated passwords, PINs, or other meaningless tokens.  And it would be impossible for the user to lose his authenticator, his voice, except by disease or injury.

But there are some security considerations that must be satisfied for this to be an acceptable gatekeeper for a mobile device.  The most obvious weakness of this system would be to a replay attack, literally replaying a recording of the user authenticating.  What countermeasures are used by Dragon ID to prevent such simple attacks?  Presumably the audio recording is analyzed by Dragon ID to ensure that the voice is coming from a point directly in front of the device or headset microphone, but this would not be a robust defense.  Can it detect artifacts of digital audio reproduction?  Audio compression schemes like MP3?  Does it emit a one-time audio watermark via the speaker during recording so that a replay would be easily detected?  I’d certainly love to know.

Pattern matching is performed against an established set of phrases recorded by the user.  This simplifies the task of matching a candidate audio sample’s characteristics against a known set of characteristics, but it presumably reduces the amount of work an attacker would need to put into making a passable authenticator.  In a perfect world, the app would compose a unique phrase for each attempted authentication, each log-in, so that an attacker would have no real template for a “good guess”.  The attacker would need to know about a user’s full range of accents, inflections, cadences, etc., in order to make a passable authenticator, and he would only get one shot at each phrase.  With a known subset of authenticators (like a decent recording of one successful authentication attempt), the attacker knows what the phrase will be for any future attempt and that he will only have to polish it somehow for it to be acceptable.

Phrases can be disabled by the user or disallowed by the device or the Dragon ID servers for too many failed attempts, but this raises a question about the resistance of the app to multiple attempts.  The app surely only allows a certain number of attempts before either locking the device entirely, disabling a specific phrase, or forcing the user to authenticate with a password or some other non-voice token.  But how does it track multiple attempts? The app is required to work even when the device is completely disconnected from voice or data networks, so there must be some form of device-resident logging.  If the device’s memory is cloned before an attack, what prevents the attacker from reflashing the device into its previous state where the counter was at 0?  There are plenty of memory locations on a device to store counter information, and more clever ways than a simple variable in a LoginAttempts.dat file.  Is it possible to completely reset the state of the device to a set point such that an attacker could indefinitely attempt authentication?

Enlighten me.  I love this stuff.


Original article on GigaOm.

Playstation 3 Slim Penny Debacle

For the past month I’ve been purchasing damaged or defective electronics off of eBay for repair and resale.  I thought I’d mention an interesting repair story…  Well, it was interesting to me.

I purchased a PS3 Slim from SurplusByDesign for much less than $100.  The device was said to be working perfectly except for a Blu-ray drive that refused to read any discs, Blu-ray or otherwise.  The unit was in great shape (some minor scratches on the plastic casing) but it was perfectly functional otherwise.  I opened it up with some help from the iFixit teardown guide, pulled the drive, then disassembled the drive to reveal

A penny sitting on a blu-ray laser.

A penny sitting on a blu-ray laser.

Somehow a 2011 Canadian penny had found its way into the drive and sat directly on the laser.  Thankfully the laser’s vibration damping structure lets it move up and down, so the penny wasn’t grinding against any discs in the drive.  I took the penny (and kept it for posterity), cleaned the laser, and put the whole thing back together.

Everything’s working perfectly, now.  If only it were always this easy!

It’s about time…

I finally put up a new site.  I’ve only owned the domain for the past, oh, two years?  Mind you, I have a very good excuse for the dead time…  can you guess what it is?

I thought so.

Anyhow, I’m back.  I’m putting things back together as best I can.  Feel free to give me a shout.