When it comes to our technology, we like to think there might be a hint of privacy in their use. Signaling System 7 is a set of protocols used to help route data, messages, and even phone calls through mobile networks but the problem is that such a widely used system is actually flawed. This flaw led to Ted Lieu, a congressman for the state of California, calling for an investigation into the longstanding mobile security flaw after it was demonstrated to him by a group of hackers based in Germany.
The mobile security flaw was demonstrated on 60 minutes by german security researcher Karsten Nohl, with it initially being revealed all the way back in 2014. Nohl managed to use the exploit after knowing nothing more than just the congressman’s phone number. With just their number Nohl stated that they could track people’s locations, read their texts and even what was said in their phone calls.
Lieu is coming hard at those who might have known about this issue, saying that any government employee that knew about the SS7 problem should be fired because “this affects so much of daily life to your personal phone”. With everyone using their mobile phones people don’t protect them, often being lulled into a false sense of security and risking their personal lives and data on a daily basis.
When it comes to mobile phones Blackberry pride themselves on their security, with many companies taking up the device as their go-to model thanks to its support and security features. It now appears that those security features may not have been so secure after all with the Royal Canadian Mounted Police (RCMP) gaining the ability to read encrypted BBM messages.
When it comes to encryption, companies are having to be careful with the likes of Apple going to congress to discuss just how much they can be expected to help and support law enforcement without oversight or detailed rulings on how and when they can access private data. In this case, the RCMP gained access to BlackBerry’s BBM (BlackBerry messenger) services by using the encryption that came with your everyday BlackBerry, meaning the only ones that were safe from this interception are those connected to enterprise servers.
If you weren’t connected to an enterprise server, your BlackBerry would have used a peer-to-peer key that is loaded into your phone when it’s built, something that the RCMP managed to gain access to and in turn granted them access to people’s encrypted BBM messages and conversations.
As part of an operating, titled Project Clemenza, the RCMP intercepted and decrypted roughly one million messages as reported by Vice news in a joint investigation with Motherboard, who in turn revealed that the RCMP actually had a server in Ottawa that acted like a mobile phone by simulating “a mobile device that receives a message intended for [the rightful recipient]”.
With BlackBerry looking to step away from mobile devices and into security consulting, this news couldn’t come at any worse of a time given that if the server is still operational (key and all) then without a large update to its phones, the RCMP could still be reading people’s messages to this day even after the operation ended in 2012.
Apple vs the FBI looks liked it would never end, originally starting with the FBI requesting (and then a federal judge ordering) Apple’s support in unlocking and gaining access to an iPhone in a court case. Apple looked to defend itself and ultimately the FBI recalled its actions when it received support from an outside party. It has now been revealed how the tool used by the FBI gained access to the iPhone through the use of a security flaw.
The security flaw, one that was previously unknown to Apple, allowed the creation of a tool to crack the four digit pin used to protect the phone from 10 failed attempts to gain access to a phone. The group that provided the tool to the government was a group of “grey hat” hackers who actively seek out flaws in software to then sell on to groups such as the government.
The exposed flaw affects both the iPhone 5 and iOS 9 iPhones, and may not affect work on newer versions of both iPhones and the iOS operating system. With FBI director James B. Comey saying that they may or may not disclose the security flaw to Apple, but with the latest leak revealing where they need to focus, Apple may now fix the problem before others are able to exploit it.
Apple has reportedly fixed a security flaw in the iOS operating system that would allow attackers to be able to bypass passcode lock screens on iPhone 6S and 6S Plus that are running version 9.3.1 of iOS. The bypass would have allowed malicious parties to be able to access the address book and photos of a targeted device, which could expose a lot of private data.
German security firm, Evolution Security, were responsible for discovering the bypass, which takes advantage of the integration of Siri with apps such as Twitter or Facebook, as well as the new 3D Touch feature that is included only in the iPhone 6S and 6S Plus. Even while the device is locked, an attacker would be able to request information on @ tags from Twitter, Facebook, and Yahoo. From there, the 3D touch’s hard push feature can be used to bring up the context menu for a string such as an email address. This menu provides the ability to add the data to a contact in the phone’s address book and from there, by accessing the choice to change user pictures, the photo gallery can be launched.
According to the Washington Post, the vulnerability was patched by Apple on Tuesday without users needing to install a software update. Considering the high level of security on the iPhone that led to Apple’s protracted battle with the FBI, it is surprising that so much user data can be exposed by a flaw in the lock screen, which is often the first and last line of defense for the security of the data on the device.
After the recent court battle people, the FBI have been rather quiet regarding how they managed to get into an encrypted iPhone. That was until recently when the FBI started briefing senior officials about the methods they used, so it’s likely we won’t hear about it anytime soon.
The FBI have already given a briefing to senator Dianne Feinstein (Vice chairman of the Senate Select Committee on Intelligence) about the technique they used to get into the iPhone 5C. Although no real details were given, it would seem that this may be the first of many with senator Richard Burr (the chairman of the Senate Intelligence Committee) was also offered a briefing, something that he has not accepted yet.
Feinstein and Burr are currently supporting a bill that would see companies required to help the government gain access to encrypted technologies that companies create. This new bill would see Apple and other companies compelled to help bypass or remove encryption on their hardware and software, something which the White House has yet to support.
With the new bill in sight, Feinstein and Burr also believe that companies like Apple shouldn’t be informed about the techniques the FBI used to gain access to their device, with Feinstein saying, “I don’t believe the government has any obligation to Apple. No company or individual is above the law, and I’m dismayed that anyone would refuse to help the government in a major terrorism investigation.”.
With encryption now one of many technological advances that governments and law enforcement now struggle with dealing with, it should be interesting to see how governments address this and if they choose to work with or against companies in dealing with the dangers this technology possesses if used in the wrong hands.
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is available method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forthin the All Writs Act Order in this case.
As much as the FBI would love to think that they came up with the solution, but it was Snowden criticizing the FBI’s claims about unlocking the phone that seems to have been the tipping point. With numerous groups claiming to have ways to unlock the iPhone, the FBI pushing for Apple to create a way for them to unlock an iPhone has long been suspected of being an entry to the encrypted software.
If the FBI had this alternative available since the start, it would appear suspicions about the FBI using this an attempt to make future requests easier were true. If this is the case, trust in the FBI could be damaged even more with people questioning why the FBI wanted easy access to everyone’s iPhones.
Security is important in modern times, with hacks such as VTech and Talk-Talk exposing just how vulnerable data connected to the internet can be. What about those closer to home, though? How about on the very device you’re reading this on? If you are a Linux user you may want to check for updates for a very simple hack that could give someone unwanted access to your machine.
Two researchers at the University of Valencia in Spain have found an age old way of breaking through the login screen that is so simple, someone might even do it by accident. As revealed by them, the hack is performed by simply pressing the backspace key no more than 28 times. No more, no less, in doing so you open up the Grub2 (the bootloader software that initializes Linux) rescue shell which can be used to access the system completely unrestricted.
While this may not seem too big a problem, the issue has been found on Ubuntu, Debian and Red Hat variations of Linux and is quite widespread. While a hotfix has been pushed out to address the issue on these versions it is slightly worrying that such as a simple hack has been available for anyone to use.
Privacy, spying, hacking, monitoring, tracking, just some of the words that people around the world have become frighteningly familiar with over the last few years. Edward Snowden uncovered many details of how our governments treat our data and he’s showing no sign of slowing down. His latest revelation reveals how Microsoft worked closely with the US Government, namely the NSA, to bypass encryption mechanisms that are intended to protect the privacy and data of the millions of users of Microsoft software such as Windows.
According to his article in The Guardian, NSA memos show that Microsoft helped the find a way to decrypt messages sent over various platforms, including Outlook, Hotmail and Skype, effectively handing them a backdoor into the data we entrusted them with.
While it’s no secret (anymore) that big tech companies were under pressure from various agencies to provide them with data on users, both with and without a warrant or similar legal document to back up their demands. However, the new leaks suggest Microsoft actively went out of their way to assist federal investigators, such as helping to circumvent encrypted chat messages via Outlook.com, prior to the product being launched to the public!
How Microsoft will react from this, especially given the privacy concerns of many in regards to Windows 10, remains to be seen.
Thank you RT for providing us with this information.
Some ISP providers have been told by the government to block the popular torrent website, The Pirate Bay, due to its infringing content. Media groups all around the world have been battling piracy constantly and state that the blocks so far are effective and enough to diminish piracy.
However, a new statistic has revealed that The Pirate Bay’s traffic has doubled since the ISP blocks have been issued. It is said that the United States still remains the most popular traffic source and almost 9% of all users access the website through a proxy or VPN.
TorrentFreak has stated that The Pirate Bay confirmed its traffic increase since 2011, when the ISP blocks in question have been issued, having it doubled in just 3 years. The statistic below shows the number of unique visitors since 2011.
As a result, the censorship appears to have no significant effect on The Pirate Bay at all. It does however show minimal signs of restriction, having users who do not know how to use a proxy or VPN blocked out of using the website altogether, but it is safe to say that most people simply bypass the restrictions and continue to use the torrent website as usual.