Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works
Officials want to upgrade rules from device searching to message interception
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect's device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
Spokespeople for Facebook-owned WhatsApp, and Threema, makers of encrypted messaging software, were not available to comment.
The rules are the latest in an ongoing global feud between the developers of secure messaging apps and the governments. The apps, designed in part to let citizens, journalists, and activists communicate secured from the prying eyes of oppressive government regimes.
https://www.theregister.co.uk/2019/05/28/german_government_encryption/
Read as well:
Germany Seeks Access to Encrypted Messages on WhatsApp, Telegram
https://www.infosecurity-magazine.com/news/germany-seeks-access-to-encrypted/
📡 @NoGoolag
https://t.me/NoGoolag/1259
#decrypt #encrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Officials want to upgrade rules from device searching to message interception
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.
According to Der Spiegel this month, the Euro nation's Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people's private enciphered chats to authorities that obtain a court order.
This would expand German law, which right now only allows communications to be gathered from a suspect's device itself, to also include the companies providing encrypted chat services and software. True and strong end-to-end encrypted conversations can only be decrypted by those participating in the discussion, so the proposed rules would require app makers to deliberately knacker or backdoor their code in order to comply. Those changes would be needed to allow them to collect messages passing through their systems and decrypt them on demand.
Up until now, German police have opted not to bother with trying to decrypt the contents of messages in transit, opting instead to simply seize and break into the device itself, where the messages are typically stored in plain text.
The new rules are set to be discussed by the members of the interior ministry in an upcoming June conference, and are likely to face stiff opposition not only on privacy grounds, but also in regards to the technical feasibility of the requirements.
Spokespeople for Facebook-owned WhatsApp, and Threema, makers of encrypted messaging software, were not available to comment.
The rules are the latest in an ongoing global feud between the developers of secure messaging apps and the governments. The apps, designed in part to let citizens, journalists, and activists communicate secured from the prying eyes of oppressive government regimes.
https://www.theregister.co.uk/2019/05/28/german_government_encryption/
Read as well:
Germany Seeks Access to Encrypted Messages on WhatsApp, Telegram
https://www.infosecurity-magazine.com/news/germany-seeks-access-to-encrypted/
📡 @NoGoolag
https://t.me/NoGoolag/1259
#decrypt #encrypt #whatsapp #telegram #wire #threema #germany #statetrojan #backdoor #why #eu
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Google confirms that advanced backdoor came preinstalled on Android devices
https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices
#google #android #backdoor
https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices
#google #android #backdoor
Ars Technica
Google confirms that advanced backdoor came preinstalled on Android devices
After Google successfully beat back Triada in 2017, its developers found a new way in.
Facebook Plans on Backdooring WhatsApp
https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html
This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp:
In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.
The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.
Facebook's model entirely bypasses the encryption debate by globalizing the current practice of compromising devices by building those encryption bypasses directly into the communications clients themselves and deploying what amounts to machine-based wiretaps to billions of users at once.
Once this is in place, it's easy for the government to demand that Facebook add another filter -- one that searches for communications that they care about -- and alert them when it gets triggered.
Of course alternatives like Signal will exist for those who don't want to be subject to Facebook's content moderation, but what happens when this filtering technology is built into operating systems?
The problem is that if Facebook's model succeeds, it will only be a matter of time before device manufacturers and mobile operating system developers embed similar tools directly into devices themselves, making them impossible to escape. Embedding content scanning tools directly into phones would make it possible to scan all apps, including ones like Signal, effectively ending the era of encrypted communications.
I don't think this will happen -- why does AT&T care about content moderation -- but it is something to watch?
EDITED TO ADD (8/2): This story is wrong. Read my correction:
https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html
📡 @NoGoolag
#WhatsApp #fb #facebook #libra #why #backdoor #encryption
https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html
This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp:
In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.
The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.
Facebook's model entirely bypasses the encryption debate by globalizing the current practice of compromising devices by building those encryption bypasses directly into the communications clients themselves and deploying what amounts to machine-based wiretaps to billions of users at once.
Once this is in place, it's easy for the government to demand that Facebook add another filter -- one that searches for communications that they care about -- and alert them when it gets triggered.
Of course alternatives like Signal will exist for those who don't want to be subject to Facebook's content moderation, but what happens when this filtering technology is built into operating systems?
The problem is that if Facebook's model succeeds, it will only be a matter of time before device manufacturers and mobile operating system developers embed similar tools directly into devices themselves, making them impossible to escape. Embedding content scanning tools directly into phones would make it possible to scan all apps, including ones like Signal, effectively ending the era of encrypted communications.
I don't think this will happen -- why does AT&T care about content moderation -- but it is something to watch?
EDITED TO ADD (8/2): This story is wrong. Read my correction:
https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html
📡 @NoGoolag
#WhatsApp #fb #facebook #libra #why #backdoor #encryption
Forwarded from BlackBox (Security) Archiv
FBI warns about snoopy smart TVs spying on you
An FBI branch office warns smart TV users that they can be gateways for hackers to come into your home. Meanwhile, the smart TV OEMs are already spying on you
A recent #FBI #report warned #smart #TV users that #hackers can also take control of your unsecured TV. "At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently #cyberstalk you," explained the FBI.
The risk isn't new. A few years ago, smart TVs from #LG, #Samsung, and #Vizio were #spying and #reporting on your viewing habits to their #manufacturers.
Today, the FBI is warning that "TV manufacturers and #app #developers may be listening and watching you." It added, "[A] television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the #backdoor through your #router."
That's true, but while there have been relatively few cases of hackers invading homes via their smart TVs, it's only a matter of time until they're watching and listening to you.
👉🏼 Read more:
https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
An FBI branch office warns smart TV users that they can be gateways for hackers to come into your home. Meanwhile, the smart TV OEMs are already spying on you
A recent #FBI #report warned #smart #TV users that #hackers can also take control of your unsecured TV. "At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently #cyberstalk you," explained the FBI.
The risk isn't new. A few years ago, smart TVs from #LG, #Samsung, and #Vizio were #spying and #reporting on your viewing habits to their #manufacturers.
Today, the FBI is warning that "TV manufacturers and #app #developers may be listening and watching you." It added, "[A] television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the #backdoor through your #router."
That's true, but while there have been relatively few cases of hackers invading homes via their smart TVs, it's only a matter of time until they're watching and listening to you.
👉🏼 Read more:
https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Tldr: NSA adds exploits to commercial encryption programs using their tool called Bullrun
https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
#NSA #GCHQ #gov #why #encryption #backdoor
https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
#NSA #GCHQ #gov #why #encryption #backdoor
the Guardian
Revealed: how US and UK spy agencies defeat internet privacy and security
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records• $250m-a-year US program works covertly with tech companies to insert weaknesses into products• Security experts say programs ‘undermine the fabric of the internet’
NoGoolag
Tldr: NSA adds exploits to commercial encryption programs using their tool called Bullrun https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security #NSA #GCHQ #gov #why #encryption #backdoor
http://arstechnica.com/security/2013/09/crypto-prof-asked-to-remove-nsa-related-blog-post/
https://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog-post-johns-hopkins
#NSA #gov #why #encryption #backdoor
https://www.theguardian.com/commentisfree/2013/sep/10/nsa-matthew-green-takedown-blog-post-johns-hopkins
#NSA #gov #why #encryption #backdoor
Ars Technica
Crypto prof asked to remove NSA-related blog post
Predictable backtrack from Johns Hopkins comes a few hours later.
Huawei built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips
https://www.theregister.co.uk/2020/02/04/hisilicon_camera_backdoor
#huawei #backdoor #cam #security #camera #surveillance #why
https://www.theregister.co.uk/2020/02/04/hisilicon_camera_backdoor
#huawei #backdoor #cam #security #camera #surveillance #why
The Register
Trivial backdoor found in firmware for Chinese-built net-connected video recorders
Crap security in millions of cheap gadgets? Shocked, shocked, we tell you
Forwarded from BlackBox (Security) Archiv
True privacy and security depend on free software
For all of the assurances you might receive from proprietary software companies that they respect your right to privacy, it is impossible to guarantee that your online communications are actually private without free software. Among technical users, it's common knowledge that privacy is dependent on strong encryption. However, the complex connection between software freedom, encryption, and privacy can be a little difficult to explain in the course of our individual activism, and is due for a more in-depth explanation.
Encryption is about keeping secrets secret, whether that means messages between you and a loved one, sensitive documents, or an entire hard drive. It also isn't only for those with something to hide: making strong encryption part of standard practice increases the safety of all those who really do need it by making it a normal thing to do. When your personal information is at stake, it's all the more important that encryption technology be based on free software. Even the most "benign" proprietary programs have a long history of mistreating their users, and a single "snitch" or backdoor in a proprietary encryption program in some cases could cost lives. At the FSF, we advocate for software freedom in any and all situations -- and in some cases, your safety may depend upon it.
👀 👉🏼 https://www.fsf.org/bulletin/2020/spring/privacy-encryption
#privacy #encryption #backdoor #activism #software #freedom #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
For all of the assurances you might receive from proprietary software companies that they respect your right to privacy, it is impossible to guarantee that your online communications are actually private without free software. Among technical users, it's common knowledge that privacy is dependent on strong encryption. However, the complex connection between software freedom, encryption, and privacy can be a little difficult to explain in the course of our individual activism, and is due for a more in-depth explanation.
Encryption is about keeping secrets secret, whether that means messages between you and a loved one, sensitive documents, or an entire hard drive. It also isn't only for those with something to hide: making strong encryption part of standard practice increases the safety of all those who really do need it by making it a normal thing to do. When your personal information is at stake, it's all the more important that encryption technology be based on free software. Even the most "benign" proprietary programs have a long history of mistreating their users, and a single "snitch" or backdoor in a proprietary encryption program in some cases could cost lives. At the FSF, we advocate for software freedom in any and all situations -- and in some cases, your safety may depend upon it.
👀 👉🏼 https://www.fsf.org/bulletin/2020/spring/privacy-encryption
#privacy #encryption #backdoor #activism #software #freedom #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
www.fsf.org
True privacy and security depend on free software
Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch
A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.
The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches. The device, which sells for about $200, runs on Android and offers a range of capabilities, including the ability to make and receive voice calls to parent-approved numbers and to send an SOS broadcast that alerts emergency contacts to the location of the watch. A separate app that runs on the smartphones of parents allows them to control how the watches are used and receive warnings when a child has strayed beyond a present geographic boundary.
https://arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor
https://www.theregister.com/2020/10/12/xplora_4_smartwatches
#xplora #smartwatch #kids #backdoor
A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.
The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches. The device, which sells for about $200, runs on Android and offers a range of capabilities, including the ability to make and receive voice calls to parent-approved numbers and to send an SOS broadcast that alerts emergency contacts to the location of the watch. A separate app that runs on the smartphones of parents allows them to control how the watches are used and receive warnings when a child has strayed beyond a present geographic boundary.
https://arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor
https://www.theregister.com/2020/10/12/xplora_4_smartwatches
#xplora #smartwatch #kids #backdoor
Ars Technica
Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch
The X4, made and jointly developed in China, raises concerns.
Walmart router, others on Amazon, eBay have hidden backdoors to control devices
Article, Comments
#router #walmart #backdoor #china
Article, Comments
#router #walmart #backdoor #china
Cybernews
Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices
Walmart-exclusive Jetstream routers and Wavlink routers contain hidden backdoors. The routers are actively being exploited by Mirai malware
Backdoor found in 2G mobile data encryption standard
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
AP NEWS
Security flaw found in 2G mobile data encryption standard
BERLIN (AP) — Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Telegraph
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet…
#SysJoker #Backdoor for Windows, macOS, and Linux went undetected until now
https://arstechnica.com/information-technology/2022/01/backdoor-for-windows-macos-and-linux-went-undetected-until-now/
https://arstechnica.com/information-technology/2022/01/backdoor-for-windows-macos-and-linux-went-undetected-until-now/
Ars Technica
Backdoor RAT for Windows, macOS, and Linux went undetected until now
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
The Bvp47 - a Top-tier #Linux #Backdoor of US #NSA Equation Group hidden for 10 years
https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/
https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/
www.pangulab.cn
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Forwarded from Pegasus NSO & other spyware
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research – June 2023
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor.
Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.
The Stealth Soldier infrastructure has some overlaps with infrastructure the The Eye on the Nile which operated against Egyptian civilian society in 2019. This is the first possible re-appearance of this threat actor since then.
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
China identifies the culprits behind cyberattack on Wuhan Earthquake Monitoring Center; a secretive US global reconnaissance system to be exposed - Global Times –
Investigation into a cyberattack incident targeting the Wuhan Earthquake Monitoring Center affiliated to the city's Emergency Management Bureau, after a joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of US intelligence agencies, the Global Times learned on Monday. Chinese authorities will publicly disclose a highly secretive global reconnaissance system of the US government, which poses a serious security threat to China's national security and world peace.
#China #Wuhan #NSA #USA #Spyware #backdoor
Investigation into a cyberattack incident targeting the Wuhan Earthquake Monitoring Center affiliated to the city's Emergency Management Bureau, after a joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of US intelligence agencies, the Global Times learned on Monday. Chinese authorities will publicly disclose a highly secretive global reconnaissance system of the US government, which poses a serious security threat to China's national security and world peace.
#China #Wuhan #NSA #USA #Spyware #backdoor
Forwarded from Pegasus NSO & other spyware
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor | welivesecurity
#APT #BallisticBobcat #backdoor #Israel #Iran #UAE
ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor
ESET researchers discovered a Ballistic Bobcat campaign targeting various entities in Brazil, Israel, and the United Arab Emirates, using a novel backdoor we have named Sponsor.
We discovered Sponsor after we analyzed an interesting sample we detected on a victim’s system in Israel in May 2022 and scoped the victim-set by country. Upon examination, it became evident to us that the sample was a novel backdoor deployed by the Ballistic Bobcat APT group#APT #BallisticBobcat #backdoor #Israel #Iran #UAE
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
"Triangulation" infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.
“The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email. “Our analysis hasn't revealed how they became aware of this feature, but we're exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”
Four zero-days exploited for years
...
https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/
#iphone #apple #backdoor
"Triangulation" infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.
“The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email. “Our analysis hasn't revealed how they became aware of this feature, but we're exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”
Four zero-days exploited for years
...
https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/
#iphone #apple #backdoor
Ars Technica
4-year campaign backdoored iPhones using possibly the most advanced exploit ever
"Triangulation" infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
This is big: The US Govt has created a hardware #backdoor in the CPUs of #Apple devices. This cannot be patched with a software update. Every owner of an Apple device is affected. You have no security. US spy agencies will have done the same with other CPUs.
https://twitter.com/KimDotcom/status/1772694668582453465
https://twitter.com/KimDotcom/status/1772694668582453465