Connect with us

Cybersecurity

Apple CEO Tim Cook: Building iPhone Backdoor is ‘Dangerous’; Govt Demand is ‘Chilling’

Published

on

 

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

 

 

 

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Apple CEO Tim Cook, easily among the most vocal advocators of encryption in the world has, in an open letter today, passionately vowed to fight the US government over a court order that demands unrestricted backdoor access to an iPhone.

When the government comes knocking with a court order to demand that a company builds a backdoor for its products, most companies would typically oblige and comply at the behest of such governmental requests. Apple isn’t among them.

In an open letter published on Tuesday, Apple CEO Tim Cook has deemed a court order by the US government requesting that Apple build a backdoor for an iPhone as an “overreach.”

The court order comes from the US government via an FBI request that demands access to data stored on an iPhone 5c used by a gunman involved in the recent San Bernadino shooting.

The open letter, simply titled “A Message to Our Customers,” sees Cook begin by stating:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers.

We oppose this order, which has implications far beyond the legal case at hand.

Apple’s Encapsulated Encryption

Security was front and center in Apple’s to-do list when developing the most recent versions its mobile operating system, starting from iOS 8. Apple began encrypting its iPhones and other mobile devices by default via an encapsulated encryption method. Quite simply, the security upgrade pins a pass key with the device’s unique ID, locally.

The encryption protocol renders offline phone hacking to be a near impossibility. Furthermore, any attempt to break the device’s encryption would require physical access to the device, directly.

Even then, a codebreaker decryption program would need the hurdle of the 80 millisecond cooldown period employed by the iOS password attempt counter. According to Apple’s estimates, a supercomputer wielding brute-force techniques to relentlessly hammer a device with a barrage of password attempts would still take over five and a half years to crack a six-digit passcode with numbers and lowercase letters. A stronger, longer passcode could take decades, according to the tech giant.

Quite simply, Apple’s reinforced devices are hardened to resist backdoors and passcode breakers, the kind of programs that the FBI is seeking to use to crack Apple’s devices.

Apple’s Compliance So Far

Cook revealed that Apple has actively engaged the FBI in providing support to solve the San Bernadino case during the aftermath of the crime. Apple has also complied with valid search warrants and subpoenas as well as providing the FBI with information that was requested by the agency. It’s important to note that this requested data and information, was in the possession of Apple.

Apple’s Chief Executive also revealed the company has made its engineers available to advise the FBI on investigative options at the agency’s disposal. What’s significant is Apple’s complete encryption philosophy through all this, wherein customers’ personal data is also beyond Apple’s reach with their own products.

“We have even put that (customer) data out of our own reach, because we believe the contents of your iPhone are none of our business,” Cook reminded.

A Request Too Far: A Backdoor to the iPhone

In noting Apple’s compliance to valid law enforcement requests up to this point, Cook then revealed a request by the FBI that Apple simply wasn’t going to adhere to.

Up to this point, we have done everything that is both within our power and within the law to help them (the FBI). But now, the US government has asked us for something we simply do not have, and something we consider too dangerous to create.

They have asked us to build a backdoor to the iPhone.

Cook even elaborated on the specific request from the FBI itself: a new version of the iPhone operating system, iOS, engineered without the security features to be installed on the retrieved iPhone 5c belonging to the gunman from the San Bernadino shooting.

Cook was quick to note that this requested version of a tweaked, security-light iOS does not exist today.

In the wrong hands, this software – which does not exist today – would have the potential to unlock an iPhone in someone’s physical possession.

The FBI’s request for a custom iOS image ROM (software image) seeks a new addition to the modified operating system, one which enables the FBI to bypass the iOS password attempt counter. Fundamentally, the FBI is looking to allow a passcode to be entered electronically.

Cook explained the ‘chilling’ implications of the governmental demands:

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

A direct electronic passcode-breaking device plugged in through the iPhone’s Lightning port without the 80-millisecond delay between passcode attempts would make it easy to crack the iPhone.

Cook was clear about the implications of designing a backdoor for one single iPhone. He argued that once the information is known, anyone with the knowledge to overcome such encryption can replicate it on any number of devices.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.

Apple Isn’t Budging

The overall tone and content of Cook’s letter is one wherein the CEO of the most valuable companies in the world calls for a public discussion about backdoors with a passionate, even aggressive pro-encryption stance.

Cook stated:

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Apple’s chief executive also elaborated on other demands by the government that may soon come through, if, the request for a backdoor goes through.

The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Cook added that such a vocal, open opposition to the government order isn’t something that is taken lightly by Apple. In making the FBI’s backdoor request public, Cook put a marker on this moment as one wherein everybody involved – millions of citizens and billions of mobile users around the world as well as governments – understand the implications of such a request.

Defiantly, Cook declared:

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products.

“And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect,” Cook concluded.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

The Pirate Bay is Hijacking PCs to Stealth-Mine Cryptocurrency

Published

on

For the second time in as many months, The Pirate Bay has been caught mining cryptocurrency on your computer without consent. The torrent platform was actually test-driving cryptocurrency mining in your browser – no doubt a lucrative revenue stream.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The Pirates Are At It Again

The Pirate Bay has been caught using software called Coinhive, a JavaScript library that essentially serves as a cryptocurrency miner. It basically connects to visitors’ computers to mine Monero, one of the world’s most profitable cryptocurrencies.

The news was later confirmed by Bleeping Computer, which reported that,”The Pirate Bay, the internet’s largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September.”

Estimates indicate that the scheme has earned the pirates a total of $43,000 over a three-week period.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Users had no way to opt their computers out of being test-driven by the torrent network. Back in September, The Pirate Bay got away by telling people it was just a test. The site’s owners cannot use the same excuse this time around.

CoinHive advises websites to let their visitors  know their browser is being used to mine cryptocurrency.

“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company said.

The good news is most ad-blockers and antivirus programs will block CoinHive, given its recent abuses. That means not all visitors of The Pirate Pay were being used as a conduit for mining Monero.

Monero Joins Global Crypto Rally

The value of Monero (XMR) shot up nearly 8% on Friday, and was last seen trading at $94.17. With more than 15.2 million XMR tokens in circulation, the total market cap for Monero is $1.4 billion, according to CoinMarketCap. That’s enough for ninth on the global cryptocurrency list.

Twelve cryptos have now crossed the $1 billion valuation mark. A handful of others have made their way north of $500 million.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Breaches

Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility

Published

on

Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Ethereum Forges Higher Path

Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.

At its peak, ether was up 10% on the day and 70% for the month of August.

The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Fractured Bitcoin Community

Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.

Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.

Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.

Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.

Ethereum Prices Unaffected by ICO Heist

Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.

In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.

The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.

ETH/USD (Bitfinex)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

Spotting a Well-Made Investment Scam

Published

on

For every reasonably safe investment, there are 1000 scams and 10,000 reasonably toxic investments. Self-served advertising via social media and search engines exacerbates the problem – people sometimes click ads they think were search results, or, as humans are intended to, simply consumes the content on the screen instead of paying attention to where they’re being redirected to.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

In this article we will review a recent example of a well-executed investment scam.

The intended victim, who did not actually get scammed but alerted this author to the hustle, was led to believe that the above image was redirecting to a CNN news article. This is the actual URL the link went to:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

http://cnn.com-cat.press/anonymous-is-going-after-global-stock-market/?aref=http%3A%2F%2Ftrck.anony.trade%2Fsite%2Fredirectpage%3Fsid%3D99462%26hv%3Dgjalu5988de395a461839785307%26hid%3D264193#!

Now if you visit com-cat.press, all you see is a directory listing. This site’s entire purpose is to make people believe they are visiting legitimate .com websites, when in fact they are visiting others. It doesn’t always have to be a scam, sometimes it is simple an advertisement, but often enough it is a definite funnel to a scam. In this case, here’s where you wind up, at a place that looks an awful lot like CNN Money:

Again, this is not a real article on CNN. This is promotion for 10Markets.eu.

10Markets.eu is extremely professional looking. The platform looks to capture your details even just for demo trading. Most traders expect hurdles, so one can imagine tons of phone numbers and e-mail addresses entered:

The demo trading screen never loaded for this analyst, but the phone number is fake anyway. Took it from a coffee shop in Germany. Funnily, it appears the German exchange code is 030 in the first place, but you can’t edit that part. They also don’t allow you to visit the site at all if you’re in North America.

The tipster was clever enough to find out if 10Markets.eu was a registered broker or not. They’re not. According to ForexBrokerz.com:

10Markets is a forex and CFD broker that is headquartered in Scotland [sic] and supports the popular MetaTrader 4 platform. It is not licensed by any authority and there is not much information about the trading conditions on its website. What is worse, this broker is present in the warning lists of UK’s FCA, Australia’s ASIC and Cyprus’ CySEC, so we don’t recommend doing business with 10Markets.

There are review websites which help. Regarding 10Markets, we came up with this one.

The tipster happens to have been our own Jonas Borchgrevink. He is equipped with years of experience in website publishing, and this is why he quickly noticed that he was not reading a CNN article. The sad fact is that a high percentage of people who read that article believe it to be real, and a percentage of those people end up getting scammed. As such, here is a checklist for new trading outfits that you haven’t used or heard about before:

  • Always try to get phone support right away. Before creating an account. If no one answers or there is anything suspicious, this is a scam.
  • Always search for “[EXCHANGE NAME]” + “scam,” and read carefully any results that come up. Most scams could stop at one person if others listened to that one.
  • In the US, you can use FINRA to check the legitimacy of an exchange or broker. In the UK, you have FCA. Many countries have sites like these, and it’s important to check the one from the country where the broker does business.
  • Use ad blockers at least when legitimately searching for financial solutions.
  • Check the URL! For every legitimate exchange website, there are a few fake ones designed to steal your account information.

In The Event That You Spot A Scam

Tattle! Spread the word far and wide, not just so others don’t get scammed, but also to give authorities the jump on the thieves. Otherwise, they may exit and get away with all the money before anyone stops them.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending