Blog

Are SMS messages vulnerable in 5G ?

SS7 Phishing

This blog discusses the security of SMS in the context of 5G. In a preceding blog (https://cylab.be/blog/171/sms-based-2-factor-authentication-is-insecure), we already addressed the issue of SMS interception in 2G/3G networks and its potential consequences for 2-Factor Authentication. Here, we analyze the situation within the 5G ecosystem.

Read
Guessing the width of an image

Forensics

Interpreting a 1-D array of pixels is not possible by the human eye. And yet such data is available in several circumstances, like the dump of pixel arrays from RAM or disk, the availability of image files in RAW format (without the width) or when solving a Capture-The-Flag cybersecurity challenge with images.

Read
Testing an Image Format

Forensics

Image format testing is a necessary action for digital preservation to ensure that the data will be readable in the long term. It may also be part of the solution to detect image manipulation for cybersecurity defense or in Capture-The-Flag exercises.

Read
Python or C or Python+C ?

Python C

We present a discussion on the use of the C and the Python languages and the use of Python calling a C library. Some arguments are general while others arise from the specific application of modifying a .csv (text) file.

Read
Calling C from Python

Python C

Whatever the reason you would like to call C functions from Python, one approach is presented here and consists in creating a C dynamic library, compiled as a .so module and accessing the library thanks to the ctypes package of Python. Explanations are given step by step and stand for a Linux environment (tested with Ubuntu20.04).

Read
Creating a dynamic library in C

C

C libraries are handy for distribution of programming work or for structuring a large development into units. In the specific case of Python programming, a C dynamic library can be a solution for a missing Python equivalent or if performance in execution time is a concern. We explain hereunder with an example the steps necessary to write a dynamic (shared) C library in Linux (tested on Ubuntu20.04). Another blog describes how to call a C dynamic library from Python ([https://cylab.be/blog/235/calling-c-from-python]).

Read
What is VoWiFI ("Wi-Fi Calling") ?

1. What is VoWiFi ("Wi-Fi Calling") ?

Read
Mobile Phones: Should you be afraid of disclosing your IMSI ?

SS7

The smartphone has become so important in daily life that users should be concerned about its security. We try to explain here some reasons to be or not to be afraid about disclosing the IMSI, the subscriber identity number used in the global telecommunication network.

Read
A bit of PIL for bit plane display

Python Steganography

Displaying image bit planes, in particular less significant ones, is an important task to reveal some image artefacts due to image degradation or manipulation. In particular, the Least Significant Bit (LSB) of pixel values is heavily used in steganography to hide messages in a cover image. We will see in this blog how to use the Python Imaging Library (PIL) to save and display an image containing some specified bit planes of a given image.

Read
SMS-based 2-Factor Authentication is insecure !

SS7

The US National Institute of Standards and Technology (NIST) has declared in its Digital Authentication Guideline that SMS-based two-factor authentication should be banned due to security concerns [End of SMS-based 2-Factor Authentication; Yes, It's Insecure!]. We explain why in this blog.

Read