Connect with us

Eavesdropping

Policymakers Sharpen Their Sights On Encryption

Published

on

Former Assistant FBI Director Steve Pomerantz agreed with a Fox News show host’s determination that terrorism and technology had outpaced legislation.

“Yes, particularly to clear up what the FBI director talks about, that we have the authority to do something, in this case, to listen to  certain telephone calls, and to monitor certain emails,” he said. “But because of encryption, of what technology has done, we can’t do it. This administration has refused to push legislation that would fix that.” The host then suggests going after companies like Twitter and Facebook.

Policymakers and innovators have had disagreements on how to treat encryption. For instance, Apple’s recently announced full-disk encryption plan has been denounced by Manhattan District Attorney Cyrus R. Vance, Jr..

According to Vance, the company introduced the plan “so that it could no longer comply with the judicial search warrants that make this work possible.” He said, in doing so, Apple had made history.

“iPhones are now the first consumer products in American history that are beyond the reach of lawful warrants,” Vance said in a statement. “The result is crimes go unsolved and victims are left beyond the protection of law.”

Encryption is becoming part of the popular vernacular, already widely available for messaging systems, including Apple’s iMessage and Facebook’s WhatsApp. Vance put Apple CEO Tim Cook on notice.

“Because Apple is unwilling to help solve this problem, the time for a national, legislative solution is now,” Vance said.

In the Washington Post article by Vance entitled, “5 ways tech companies distort the encryption debate,” he wrote:

In a recently published report, my office — in consultation with cryptologists, technologists and law enforcement partners — has proposed a solution that we believe is both technologically and politically feasible: Keep the operating systems of smartphones encrypted, but still answerable to locally issued search warrants.

This can be achieved in two ways: through good-faith collaboration with Apple and Google or through enactment of a federal statute providing that any smartphone made or sold in the United States must be able to be unlocked — not by the government, but by the designer of the phone’s operating system — when the company is served with a valid search warrant.

While there is currently no precedent for banning encryption, similar proposals have been made in the United Kingdom.What’s more likely than banning encryption is criminalizing those individuals who make such tools available to criminals and terrorists.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 1 rated postsJustin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.




Feedback or Requests?

3 Comments

3 Comments

  1. PacketWraith

    December 28, 2015 at 6:17 pm

    Most of the politicians and law enforcement talking about this subject never talk about the other what-ifs. If the manufacturer puts a back door in, that is a back door that can be exploited by a hacker or other entity who either finds a flaw in the software backdoor, or who gains the access through the manufacturer. I haven’t seen anything suggesting that the government will cover the manufacturers legal and production cost when this back door is exploited by bad guys to do harm to the individual. Its a sticky legal issue when a consumer then files a lawsuit against the manufacturer stating that they knowingly built in an insecurity “just in case”.

    This issue has been brought up to politicians and law enforcement, but the people talking to the press simply do not understand. All of their responses that I have seen have been “there has to be a way to make it secure and give us access”. What they fail to realize is no there isn’t, access is access, even with authentication it can be bypassed. This has been brought up by all of the top industry security experts, and never answered.

    I for one would appreciate a stop to the “Your a terrorist supporter” simply because I use and support the use of encryption at a personal individual level.

  2. Illutian Kade

    December 28, 2015 at 9:13 pm

    Ohnoes, da tarrowists gonna git us all if our gobberments can’t read emails!

  3. concerndcitizen

    December 28, 2015 at 9:26 pm

    There’s no limit to what the so called terrorists are blamed for. It’s a handy catch bin since terrorists use money, phones and computers. If you believe the narrative in the mainstream media, they should clamp down on purchases of $3 box cutters. Where does it end? Putting everyone in jail appears to be what they want.

You must be logged in to post a comment Login

Leave a Reply

Cybersecurity

Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones

Published

on

In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.

Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.

A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.

Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:

The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.

The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:

Source: Ben-Gurion University of the Negev Cyber Security Research Center

Source: Ben-Gurion University of the Negev Cyber Security Research Center

One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.

While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.

Here is a demonstration of the method in action:

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Continue Reading

Cyberespionage

Apple Watches Banned from UK Cabinet Meetings for Hacking Fears

Published

on

Cabinet ministers have voiced concerns that Apple Watches could be hacked by Russian spies, prompting the devices to be barred from meetings, according to a report from The Telegraph.

Under the new leadership of Theresa May, U.K cabinet ministers have been barred from wearing the watch during meetings after concerns were raised that the gadgets could be employed as listening devices.

The Apple Watches join the list of banned items alongside mobile phones after these were barred for similar reasons.

According to a survey conducted by research firm IDC, Apple Watches account for seven percent of the market compared to FitBit, which is reported to account for 25.4 percent.

A Threat from Russian Hackers

This latest news comes amid concerns of a possible threat from Russian hackers who have recently been in the news.

Russian hackers are alleged to have been able to obtain confidential emails from the Democratic National Congress during the U.S. elections despite Russian president, Vladimir Putin, denying this was the case. Surprisingly, congressional leaders are reported to have known about the hacking a year before it was officially announced.

Not only that, but at the recent Rio Olympics, which saw many Russian athletes banned from competing after it was revealed that there was a state-run doping program in the country, Russian hackers have retaliated.

A Russian cyberespionage group known as Fancy Bear recently accessed and leaked data from several high-profile Olympic athletes, by targeting a World Anti-Doping Agency (WADA) database. This is the same agency that placed a recommendation to ban all Russian athletes from the 2016 Rio Olympics.

Unsurprisingly, with the threat of Russian hackers high, and with devices such as mobile phones and watches now being considered as vulnerable gadgets that can be hacked into, it seems as though banning them from important meetings is the only way that will remove any possible threat to state security.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...





Feedback or Requests?

Continue Reading

Cybersecurity

In Child Porn Bust, FBI May Have Used Malware on Innocent Users

Published

on

In 2013, the FBI confiscated Freedom Hosting, a service that hosted websites on the dark web, including several child pornography websites and private email service TorMail. When it happened, it was seen as a massive victory, but recently unsealed documents show the FBI may have used malware on innocent users.

Three years ago, the FBI was given a warrant that allowed them to hack 300 TorMail users who were allegedly linked to child pornography. They went with a piece of malware known as a Network Investigative Technique (NIT), with the goal of acquiring users’ real IP addresses.

The agency did manage to arrest a lot of people for child pornography, but documents unsealed by the American Civil Liberties Union (ACLU) show the NIT was actually used on innocent users.

According to the documents, the FBI was allowed to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password”. Yet, the NIT was used on users even before the TorMail login page appeared. WIRED’s coverage at the time claims users were given a “Down for Maintenance” page that carried the malware, on al websites hosted by Freedom Hosting.

Christopher Soghoian, principal technologist at the ACLU told told Motherboard:

While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade

The malware was quickly discovered by the community, and that forced the Feds to end their operation sooner than expected. Be that as it may, the FBI still arrested a large number of child pornographers.

Christopher Soghoian also noted that it remains unclear whether the court knew the FBI hacked innocent users it shouldn’t have, and whether the agents who did it were punished.

How the Feds Caught the Pedophiles

Although the Feds allegedly hacked innocent users, they still got the job done, as their malware exploited a critical memory management vulnerability in Firefox, which later fixed the problem.

The NIT specifically targeted Tor’s Firefox version, through a hidden Windows executable named “Magneto”. All it did was look up the infected user’s MAC address – a unique hardware identifier – and the Windows hostname. Then it was all sent to a server in Virginia outside of Tor, exposing the user’s real IP address.

Magneto also sent a serial number that tied the victim to her visit to the hacked websites. Those who noticed the hidden iframe tag that loaded the JavaScript code, noticed a lot of work went into simply identifying users, so the Feds became a suspect.

Still, after identifying users’ real IP addresses, their anonymity was broken. Thus, child pornographers were taken down.

Image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.8 stars on average, based on 4 rated postsCryptocurrency enthusiast, writing about financial freedom and the future of money




Feedback or Requests?

Continue Reading

5 of 15 Seats Available

Learn more here.

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending