Replicating UVB-76

For the uninitiated, UVB-76 is a station that broadcasts coded messages over AM radio. It is still active with messages transmitted as recently as Oct 2016 and is speculated to be related to the Russian military. The transmission and tone generation equipment are from the analog era, hence I ...

IP Hiding and Cloaking for Services

It is relatively easy to hide the IP address of clients through the use of VPNs and proxies. However, it is a challenge for services since they need to be reachable by the clients. Imagine if your phone number changed at the stroke of midnight everyday, it would be very difficult for others to ...

Authenticating with NRIC numbers

I was recently asked to take a survey which authenticated users solely using IC numbers. According to guideline 6 of PDPC's advisory on the use of NRIC numbers, NRIC numbers are widely used for various business purposes and organisations that use NRIC numbers as user names or membership numbers ...

Security Theatre: Samsung Note 7

Go google for photos of 'exploding Note 7' and you will realise that in every single photo, the phone is still intact in a one piece. If the phone really exploded, you would be looking at fragments scattered over an area. The Note 7 caught fire. It didn't explode. The media just blows (no pun ...

National Vulnerability Reporting Programme

Recent incidents have convinced me of the need to have a single avenue where the public can responsibly disclose vulnerabilities found on both government as well as commercial systems in a secure and efficient manner. While using these systems on a day to day basis, we sometimes do chance upon ...

Analysing smali code

Mobile apps have become increasingly widespread compared to their desktop counterparts. In addition, many apps often have stricter security requirements since they incorporate micropayments. We also perform sensitive transactions through mobile apps. For example, there are no desktop internet ...