While governments and law enforcement agencies continue to push device makers to create backdoors, there is always a workaround that lets them crack open devices on there own in the name of investigation.
In this regard, companies like Cellebrite and Greyshift have turned out to be very helpful, as they provide solutions to break into almost any device.
Back in 2016, we saw a major controversy involving Apple and the FBI when Apple refused to unlock the iPhone of the shooter involved in the San Bernardino case.
It’s a different story that recently Apple faced criticism for not encrypting iPhone backup data on iCloud, thereby leaving scope for government access.
iPhone more hackable than Android
Anyway, when it comes to cracking smartphones, iPhones are assumed to be superior to Android in terms of privacy and security.
However, the story has taken a u-turn, and Android phones have become harder to crack than iPhones. That’s according to a forensic detective Rex Kiser who works with the Fort Worth Police Department.
“Right now, we’re getting into iPhones. A year ago we couldn’t get into iPhones, but we could get into all the Androids. Now we can’t get into a lot of the Androids,” Kiser told Vice.
Kiser suggests that it has now become tougher to extract data from newer operating systems. Probably, they are “trying to make it harder for law enforcement to get data from these phones, under the guise of consumer privacy.”
During a test conducted by NIST, Cellebrite’s UFED InFeild Kiosk tool couldn’t efficiently harvest browsing activity, GPS data, or app data from social media apps like Facebook, Instagram, Twitter, etc., when trying to get inside Google Pixel 2 and Galaxy S9.
Surprisingly, the tool returned empty-handed in the case of Huawei P20 Pro. As per the test report, the tool (version v126.96.36.1995) supports over 15,000 types of devices on paper, including Android, iOS, and feature phones.
On the other hand, the UFED tool could suck in a lot more when tested on iPhone X.
Overall, it’s evident that OEM encryption backdoors could be helpful, but law enforcement agencies aren’t relying on them entirely. Instead, they’re trying to create backdoors on their own by reverse engineering.
So, technically, it’s possible to get inside a smartphone as new as iPhone 11 Pro Max; it will just take time, patience, and resources.
However, one thing to note here is that breaking a smartphone’s encryption isn’t the end of the road, according to former FBI agent Bob Osgood.
Beyond that, forensic detectives need to decipher millions of lines code inside apps containing complex data structures that constantly change with software updates. That’s where companies like Greyshift, Cellebrite, and MSAB jump into the game with their magic wands.
The world is more connected than ever. We are becoming more technologically advanced, markets are stronger, and central technologies that encompass our daily actions are constantly emerging.
These technological advances are based on seamless connectivity. As our digital transformation continues, we continue to build a more cohesive and connected society. Our data is now shared and used by more platforms than ever – in the datacentre, on the cloud and event on internet of things (IoT) devices, for example - and this trend will only increase. But this huge benefit comes with a cost. The more connected we become, the more vulnerable our data is.
By looking at security developments over the past couple of years, it is possible to forecast what is likely to happen in the cyber landscape over the next 12 months. Forewarned is forearmed. These are what I believe will be the main trends of cybersecurity in 2020:
1) The ‘cyber cold war’ intensifies
A new cyber 'cold war' is taking place online as Western and Eastern powers increasingly separate their technologies and intelligence. The ongoing trade feud between the US and China, and the decoupling of these two huge economies, is a clear sign. Cyberattacks will increasingly be used as proxy conflicts between smaller countries, funded and enabled by larger nations looking to consolidate and extend their respective spheres of influence.
2) The rise of artificial intelligence (AI)
The US elections in 2016 saw the beginning of AI-based propagation of fake news. Political campaigns devoted resources to creating special teams that orchestrated and spread false stories to undermine their opponents. As we prepare for major elections worldwide in 2020, we can expect to see these activities in full effect once again.
As AI continues to be used as a proxy for crime, it will also be used to accelerate security responses. Most security solutions are based on detection engines built on human-made logic, but keeping this up-to-date against the latest threats and across new technologies and devices is impossible to do manually. AI dramatically accelerates the identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also starting to take advantage of the same techniques to help them probe networks, find vulnerabilities and develop more evasive malware.
3) Our means of communication will become more weaponized
The notion that connectivity creates new combat landscapes is proven by the developing spheres of today’s and tomorrow’s cyberattacks. In the first half of 2019 we saw a 50% increase in mobile banking malware compared with last year, which means that our payment data, credentials and funds are handed over to cyberattackers in the innocent click of a button on our mobile devices. The attempts of cybercriminals to trick consumers to hand out their personal data through their most common means of communications will intensify and will range from email to SMS texting attacks, social media posts and gaming platforms. Whatever we use most frequently can become a more popular attack surface.
4) 5G development and adoption of IoT devices increase vulnerability
As 5G networks roll out, the use of connected IoT devices will accelerate dramatically, massively increasing networks’ vulnerability to large scale, multi-vector 5th generation cyberattacks. IoT devices and their connections to networks and clouds are still a weak link in security. This ever-growing volume of personal data will need securing against breaches and theft. We need a more holistic approach to IoT security, combining traditional and new controls to protect these ever-growing networks across all industry and business sectors.
5) Enterprises will rethink their cloud approach
Detection is no longer enough to ensure protection, and prevention is now the key to being secure.
Organizations already run a majority of their workloads in the cloud, but the level of understanding about security in the cloud remains low; in fact it is often an afterthought in cloud deployments. Security solutions need to evolve to new, flexible, cloud-based architectures that deliver scalable protection at speed.
Understanding what is coming towards us will help us to better prepare. Some paradigms will need to shift. The enormous spread of technologies and solutions will force all of us to think about how to consolidate. In 2020 more than ever, cyber-attacks are no longer a question of if, but of how and when. This is a concern that applies to us all.
Saturday, February 29, 2020
Posted by Sivapriya
Don't share WhatsApp Group invite links on public platforms.
Update (24/02/2020, 7:00 PM IST): Initially, it seemed that WhatsApp didn’t give users even a single ray of hope after their private chats ended up on Google Search and on other search engines as well.
Update (24/02/2020, 7:00 PM IST): Initially, it seemed that WhatsApp didn’t give users even a single ray of hope after their private chats ended up on Google Search and on other search engines as well.
But according to an update posted by Jane Wong, the company was working quietly behind the curtain. Now, making a search for the said private chat invite links on Google brings nothing but an error message. Whatsapp has delisted the invitation links from Google by including the “noindex” meta tag.
The original post continues from here.
Google is indexing the invitations to the WhatsApp Group chats, including the links to join private groups as reported by Vice. As a result, the links are available for people all around the globe to join any discoverable group.
Multimedia journalist Jordan Wildon tweeted and raised a question over WhatsApp’s security. He said that WhatsApp’s ‘Invite to Group via Link’ feature permits Google to index groups, which then become available all over the internet for everyone to join.
Vice discovered several private groups with the help of specific search queries. The result page consisted of a lot of groups meant for porn sharing. Once anyone joins the group, they have permission to view all the participants and their phone numbers.
Popular reverse engineering enthusiast Jane Manchun Wong said in her tweet that a misconfiguration from WhatsApp is allowing Google to index group invite links. She suggested that there are ways to deindex the invite links from Search.
A WhatsApp spokesperson said that group admins can invite any user to join their group by sharing the invite link. Like all other content available on the open web, invite links posted on public platforms are also searchable. He concluded his statement by saying that admins should make sure that they share the group link with trusted people only.
Google refused to comment on the scenario going on. However, Google official Danny Sullivan tweeted that search engines like Google index pages from the open web. The same thing happened in the case of invite links to WhatsApp groups.
He concluded by saying that WhatsApp as a website has allowed listing the invite links publically. Sullivan also added a link in his tweet, which redirected people to the Help Center to block content to be displayed from the Google search results.
So, it seems that things are designed this way, even if they pose a threat to users’ privacy. Users are advised not to share personal WhatsApp group links on public platforms until WhatsApp announces any under-the-hood changes.
This is in terms of financing, labor, industry regulation and numerous other factors. However, the growing reliance on information technology including machine learning, robotics, the Internet of Things and big data, has made cybersecurity one of the industry’s biggest risk factors.
The motivation for cyberattacks on manufacturers are varied. They range from financial fraud to industrial espionage (an example of espionage would be the theft of detailed product or equipment plans to be fed to a pressure die casting machine).
The following tips can help manufacturers reduce the likelihood of a successful attack.
1. Start at the Top
Like any other company initiative, successful cybersecurity is dependent on management buy-in. If the people at the top of the organization do not set the right tone in word and deed, it becomes harder to motivate staff lower down the hierarchy to do the right thing.
Cybersecurity cannot be left to the CIO or the technology department alone. In fact, communication on cyber matters should occasionally come from the CEO’s office. That will get employees to see the seriousness of the issue and align their behavior accordingly.
2. Perform a Broad Risk Assessment
Conduct an exhaustive cyber risk assessment that covers the industrial control systems, ERP systems and any standalone systems. The assessment should be done at least once every six months in order to capture vulnerabilities that have been introduced by changes to the operating environment.
The risk assessment should not only cover traditional cyber risks like password management and firewall configuration but should delve into more manufacturing-related risks such as IP protection.
3. Circulate Cyber Risk Reports
A cyber risk assessment report is of no use if it all it does is gather dust on an office shelf. Instead, enterprise risk reports including remedial action roadmaps should be shared with the board and executive leadership.
There should be a high level discussion of the key sticking points with a view to demonstrating impact and identifying areas of priority in resource allocation. Decisions can then be made that take cognizance of the manufacturer’s risk posture and risk tolerance goals.
4. Built-in Security
All new manufacturing equipment, software and connected products must be evaluated for compliance and coherence with the company’s cyber risk program. Since the acquisition and deployment of major equipment and software will usually be done by a special project team, always confirm that there’s the requisite cyber security talent in this team.
This will ensure security considerations are a decisive factor in the acquisition from the get go.
5. Recognize Data as an Asset
The importance of cyber security can be harder to sell to the management of manufacturing companies than to leaders of service-oriented industries such as banking. Manufacturers are used to dealing with a tangible product built by tangible equipment and may thus not readily see data as a critical business asset.
Yet, treating data as an indispensable asset is at the heart of any successful enterprise-wide cyber security campaign. Making sure management and staff see the business value of data and why it needs to be protected will inform the adoption of best practice on where the data is stored, how it is accessed and who can access or modify it.
6. Assess Third-Party Risk
The success of a manufacturing operation is dependent on the reliable partners including suppliers and service providers. In order to do business seamlessly, such third parties will sometimes need access to enterprise systems or facilities. This introduces a potential loophole for a data leak.
Manufacturers must perform thorough background checks on the third parties they work with and clearly define the rules of engagement including outlining what is off limits. Third parties should be given physical access only to the areas of the facility that they need to do their work.
7. Vigilant Monitoring
Good organizational policies, procedures and action plans are only as good as their implementation. Create checklists, reporting procedures and escalation mechanisms that ensure existing and emerging cyber threats are caught before they spiral out of control.
Regular scheduled monitoring creates an avenue for identifying loopholes that had fallen through the cracks and amend policies and procedures to mitigate against these risks.
8. Recovery Planning
Some of the companies that have suffered massive cyberattacks were doing the right thing and checking all the right cyber risk boxes at the time. A robust cyber security plan is no guarantee that an attack will not occur or that systems will not fail.
A detailed recovery plan is required that includes what actions to take in the event that a cyberattack is suspected to have taken place. Manufacturers can increase their resiliency through war-gaming or table top simulations that envisage the worst case scenario.
9. Clarify Responsibilities
Many organization problems can be attributed to the absence of a specific person assuming full responsibility for a process. It should be clear who is tasked with each component of the cyber risk program including at department level.
Ideally, there should be a cybersecurity champion within each department who’ll ask all the important questions whenever a new project or product is planned.
10. Drive Awareness
Most cybersecurity breaches are less to do with technology failures and more to do with deliberate or accidental human actions. Employees must be regularly sensitized on what their individual responsibilities are in mitigating non-technical cyber risks such as social engineering, phishing and identity theft.
They should also be provided with a clear reporting path whenever they notice suspicious or unusual activity.
These tips can help manufacturers deeply embed cyber risk management, identify areas of improvement and chart a road map towards a more vigilant, secure and resilient work environment.
A team of security researchers from the Ruhr University of Bochum, Germany has revealed a series of vulnerabilities in the popular instant messaging app WhatsApp.
According to a Wired report, the flaws allow a person with the control of WhatsApp’s servers to add anyone to a WhatsApp group without admin permission.
Once added to a group, the respective encryption keys of all the group members get shared automatically with the new user. So, a newly added eavesdropper can easily read all the new end-to-end encrypted messages exchanged between the members. But not the older messages and the ones for which the stranger doesn’t have the end-to-end encryption key.
The report was quick to ring the bell at the house of WhatsApp’s daddy Facebook. Its chief security officer Alex Stamos made multiple tweets as a response to Wired’s report.
“Read the Wired article today about WhatsApp – scary headline! But there is no a secret way into WhatsApp groups chats. The article makes a few key points.”
“Everyone in the group would see a message that a new member had joined,” he argued. But should that be considered as a safety measure, relying on the alertness of the members to make sure some eavesdropper has not entered their WhatsApp group?
“WhatsApp is built so group messages cannot be send to hidden users and provides multiple ways for users to confirm who receives a message prior to it being sent.”
Stamos said that WhatsApp has seen the researchers’ findings. But preventing a possible attack would require to let go of a popular feature called “group invite links” which allows anyone with a link to join a WhatsApp group. “There may be a way to provide this functionality with more protections, but it’s not clear cut.”
Even if such an attack could be performed, how many people would have access to WhatsApp’s servers except their employees and governments wanting to conduct surveillance? An experienced hacker would first have to compromise the servers before adding an eavesdropper to the group.
According to Maxie Marlinspike, who developed the Signal protocol, it’s not possible to suppress the alerts sent when someone joins the group, contrary to the researchers’ claim. It turns out, it’s not possible for someone to snoop into group chats and hacking the servers is not that easy.
Commenting on the report, Mike said that the article is a better example of the problems associated with security industry and how research is done today. “I think the lesson to anyone watching is clear: don’t build security into your products, because that makes you a target for researchers, even if you make the right decisions,” he wrote.
Talking at the DEF CON convention in Las Vegas, the Tor Project co-founder Roger Dingledine said that the dark web doesn’t exist and it’s just a few web pages. He added that media has wrongly labeled it as a heaven for illegal activities. Also, only 3% of Tor users connect to a hidden .onion website.
You might have come across numerous articles outlining the massive size of dark web and how it’s used by criminals to perform illegal activities and trade. However, who’d know the dark web in a better manner than a Tor co-founder?
At the DEF CON convention in Las Vegas, on Friday, Roger Dingledine, one of the three Tor Project founders, said that there are tons of misconceptions about the same. According to The Register, Dingledine bashed the journalists for giving a bad name to the Tor network by calling it a heaven for pedophiles and terrorists.
“There is basically no dark web. It doesn’t exist. It’s only a very few webpages,” he told.
If you’re interested in numbers, only 3% of Tor users connect to a hidden .onion website, said Dingledine. This means that majority of users are using it for simply analyzing their activities on the indexed web. They are, most probably, using it for stopping the website owners from tracking them.
According to his data, surprisingly, Facebook is the most popular website visited by Tor users. Today, more than a million people visit Facebook using Tor browser, thanks to the network’s hidden service launched in 2014.
Dingledine also made attempts to calm down those who feared that different intelligence agencies have already cracked Tor and compromised the integrity. “Intelligence agencies didn’t need to set up their own stepping-stone nodes he said, since they could – if they wanted to – just monitor those who did run them,” as reported by The Register.
Malware and hacking tactics are becoming more advanced, and users need to be prepared against attack
It’s one thing to click the wrong link and accidentally download some annoying adware on your personal 7 Worst Cyberattacks in Recent Historydevice. It’s another thing to watch as hospitals, train stations, nuclear power plants, and private businesses fall victim to a devastating cyber attack that obliterates their networks and decimates their data.
While viruses and worms of the ‘90s and early ‘00s might be memorable, the malware of the past few years have been unbelievably destructive. Because the internet is everywhere these days, hackers are finding it easier than ever to spread malicious software and gain access to highly sensitive information. If you need more proof that recent cyber attacks are some of the worst in history, the following devastating attacks should be evidence enough.
While a spate of similar malware programs has spread in its wake, WannaCry is certainly the most talked-about attack this year. Using a vulnerability developed by none-other than the U.S. National Security Agency, WannaCry was able to infiltrate computer networks running outdated operating systems, taking them and their data hostage. As a result, more than 230,000 machines in more than 150 countries fell victim to the attack, including dozens of hospitals and care centers in the U.K., a train system in Germany, and a telecommunications provider in Spain. Fortunately, most home users can stay safe from WannaCry by updating their software whenever there is an update and by installing strong internet security software.
Shamoon or Disttrack
A computer virus that targeted devices linked to the energy sector, Shamoon was developed in 2012 by a hacker group known as “Cutting Swords of Justice.” The group’s goal was to destabilize Saudi Amarco Company, an energy giant in the Middle East – and it was somewhat successful. More than 30,000 workstations were impacted by the virus, which prevented machines from connecting to the web and communicating with each other. Also affected were Qatari RasGas Company and LNG Company, though it’s unknown whether they were additional targets of the attack.
Operation Olympic Games or Stuxnet
At the end of President Bush’s administration, the U.S. government attempted to disrupt and sabotage Iranian nuclear facilities with a concentrated cyberattack. Working in conjunction with Israel, the U.S. developed a worm, named Stuxnet, that could take command of devices and use them to control machinery connected to them. Stuxnet was ruthless in its attack, incapacitating over 1,000 centrifuges in just one Iranian nuclear plant; it is a powerful digital weapon, and security experts believe it is being traded around black hat hacker circles – which means the most physically damaging cyber attack is likely on the horizon.
Operation Shady RAT
Operation Shady RATAs you read, a cyber attack is being waged. In 2008, a cybersecurity professional uncovered a series of similar attacks, which he dubbed Operation Shady RAT, launched against government institutions and private agencies in 14 different countries. Though investigations have yet to determine the source of the extensive attack, many analysts believe the operation is sponsored by the Chinese government.
In the early 2000s, American computer systems experienced an onslaught of epic proportions. Contractors working with the Department of Defense, to include dozens of private businesses like Lockheed Martin and Redstone Arsenal, lost an inordinate amount of sensitive information to attackers, who most security professionals believe were working for China. The attacks continued for three full years before cybersecurity received enough funding to build proper digital defenses. The British Ministry of Defense endured similar attacks, though on a smaller scale.
Beginning on Holocaust Remembrance Day in 2013, a series of cyber attacks coordinated by anti-Israeli groups and individuals began taking down Israeli websites. The hacks ranged from annoying defacements to disruptive database hijacking and devastating leaks. Unfortunately, the attack debilitated schools, newspapers, small businesses, nonprofit groups, and banks – many of which were not Israeli in origin, effectively working counter to the attackers’ main goal of showing discontent with Israel.
July 2009 Cyberattacks
Though they still lack a flashy name, these attacks propagated against South Korea and the U.S. affected more than 100,000 computers. It seems that attackers targeted governmental websites, including the South Korean National Assembly, the White House, and the Pentagon, as well as a handful of media outlets. To this day, the source and intention of the attacks are unknown, though many experts believe the North Korean telecommunications ministry is to blame..