Saturday, August 6, 2011

“Somebody set up us the bomb! We get signal. What!”

Wow!  I just read an article from CNN about Charlie Miller, a St. Louis resident who just recently demonstrated a hack at the Black Hat security conference in Las Vegas that can disable the battery of a MacBook.  He said his goal was to see if he "could make one blow".  He unable to accomplish his goal because of different mechanisms in place on the battery hardware itself but he was able to get it to essentially stop working.  A pretty cool proof of concept!

0324_p40-risk-miller_398x380

Getting one to blow up though is not too far fetched of an idea, however.  The circuitry that protects the battery from exploding is probably accessible through the same mechanisms he used to disable it.  Purely speculation here but he was probably a few lines of code away from getting to those protective mechanisms, exploiting them, and then having complete control over the battery in an unstable way, but was probably on a deadline to get his presentation out and figured disabling it was going to have to do for now.

So what does all this mean to the general public?  Well, it means we should be thanking Mr. Miller for finding this exploit before someone malicious released it into the wild.  Because of his efforts, this problem will probably be “fixed” relatively soon with a patch from Apple.  I would imagine that a stream of devices will probably all be patched in the near future to prevent this type of attach from occurring including primarily phones and laptops, but think about the number of devices you use or know about that connect to the internet and have a battery:  Amazon Kindle, Barnes and Noble Nook, high end alarm clocks, satellite radio, home security systems, cars with OnStar, etc.

While disabling a battery doesn’t really seem like much, think about the potential for a few minutes.
Let’s look a totally fictitious scenario for a moment:  a major software company wants to drive sales of its latest operating system but it found that many people were still satisfied with the one from 10 years ago and have no real desire to upgrade.  What to do, what to do?  One way to get people to upgrade is to drive new hardware purchases, right?  Ah ha!  Release a “patch” for that 10 year old operating system that disables the battery of those older laptops!  Then people will be forced to upgrade!  Brilliant!

style_warning

Is that all that can be done though?  Not necessarily.  Picture this more sinister scenario:  a terrorist cell identifies the logic to disable the safety mechanism on the battery and actually get it to explode.  This opens the potential to disable it on any similar battery.  They also figure out how to trigger a remote code execution on your laptop, phone, OnStar, whatever and push this code out via text message, email, website popup, etc.  Payload day comes and boom goes the dynamite!  Millions of micro chemical explosions worldwide, disabled workers, crippled communications, highways littered with dead vehicles, etc, etc.

We could essentially all be carrying bombs with us that could literally be remotely detonated and explode at any time!  Sounds pretty crazy, but it seems like almost every wireless device has a battery, and inside the battery is a combination of chemicals, and on the cover of every battery is a warning that says caution, explosive!

Probably VERY far fetched....... or is it?!  You tell me!  ;)  Until next time, keep your electronics away from the women and children!

References:

http://www.cnn.com/2011/TECH/mobile/08/05/miller.apple.battery.hacks/index.html?hpt=hp_t2

http://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html

Oh, and for those that do not get the "Somebody set up us the bomb!" reference, see the classic worldwide phenomenon All Your Base Are Belong To Us.

Thursday, August 4, 2011

FortiGate 200B - Central NAT Table causes potential performance issues

I just had the pleasure of dealing with a strange issue on a FortiGate 200B 4.0 MR3.  The client was reporting slow internet browsing from their hosted offsite Citrix server (which is behind the FortiGate).  They were able to connect to their Citrix server without any problems, run all of their applications at normal speeds, print, etc. just fine, but when you launched Internet Explorer from within the Citrix session, it would give sporadic results.  Most pages were just very slow to come up, others would load only half of the page, and some would just load the title bar.  I checked to make sure that it was not just the Citrix server but it was also happening from their Small Business Server, their Microsoft SQL server, and other line of business application servers in their environment, although the Citrix server seemed to be the worst.

I went over to SpeedTest.net to run a quick speed check and it failed.  Yes, failed.  I have seen some strange results from that site but I had never seen it actually say fail.  I was able to get it to fail repeatedly from their environment but it worked everywhere else I tested from outside of their environment.

After looking over the rules on the firewall and looking at performance counters, my co-worker wanted me to try and change the outbound NAT policies on the FortiGate from "Use Central NAT Table" to "Use Dynamic IP Pool".  Since then, the problem seems to have gone away and internet browsing speed has returned to normal.  SpeedTest.com also now completes successfully from their environment.

I did a quick search on Fortinet’s website and on Google and have not found any similar issues being reported.  I am going to have my "FortiExpert" (the co-worker that had me change to IP pools) review this and give me his analysis and submit it as a “FortiGlitch”.  Luckily the client was just trying to use the Central NAT Table as a convenience so they did not have to enter each address that they wanted to translate in the policies. 

Maybe this is why the Central NAT Table is disabled by default?  Or maybe it was just a misconfiguration that half-way sort of worked.  Either way, more research is required on this one.