Forwarded from BlackBox (Security) Archiv
U.S. Officials Say Huawei Can Covertly Access Telecom Networks
Trump administration ramps up push for allies to block Chinese company
U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.
Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.
The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.
👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256
#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Trump administration ramps up push for allies to block Chinese company
U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.
Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.
The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.
👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256
#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data
The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.
Two security researchers said this week that they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from popular vendor C-Data.
FTTH stands for Fiber-To-The-Home, while OLT stands for Optical Line Termination.
The term FTTH OLT refers to networking equipment that allows internet service providers to bring fiber optics cables as close to the end-users as possible.
As their name hints, these devices are the termination on a fiber optics network, converting data from an optical line into a classic Ethernet cable connection that's then plugged in a consumer's home, data centers, or business centers.
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data
#ftth #network #backdoors
The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.
Two security researchers said this week that they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from popular vendor C-Data.
FTTH stands for Fiber-To-The-Home, while OLT stands for Optical Line Termination.
The term FTTH OLT refers to networking equipment that allows internet service providers to bring fiber optics cables as close to the end-users as possible.
As their name hints, these devices are the termination on a fiber optics network, converting data from an optical line into a classic Ethernet cable connection that's then plugged in a consumer's home, data centers, or business centers.
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data
#ftth #network #backdoors
Forwarded from BlackBox (Security) Archiv
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
👀 👉🏼 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
👀 👉🏼 🇩🇪 https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
👀 👉🏼 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
👀 👉🏼 🇩🇪 https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
huawei
Security Notice – Statement on the Media Reports About the Suspected Security Issues in HiSilicon Video Surveillance Chips
Forwarded from BlackBox (Security) Archiv
Combating abuse in Matrix - without backdoors
Hi all,
Last Sunday, the UK Government published an international statement on end-to-end encryption and public safety, co-signed by representatives from the US, Australia, New Zealand, Canada, India and Japan. The statement is well written and well worth a read in full, but the central point is this:
"We call on technology companies to [...] enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight."
In other words, this is an explicit request from seven of the biggest governments in the world to mandate a backdoor in end-to-end encrypted (E2EE) communication services: a backdoor to which the authorities have a secret key, letting them view communication on demand. This is big news, and is of direct relevance to Matrix as an end-to-end encrypted communication protocol whose core team is currently centred in the UK.
Now, we sympathise with the authorities’ predicament here: we utterly abhor child abuse, terrorism, fascism and similar - and we did not build Matrix to enable it. However, trying to mitigate abuse with backdoors is, unfortunately, fundamentally flawed.
👀 👉🏼 https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors/
#matrix #uk #gov #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Hi all,
Last Sunday, the UK Government published an international statement on end-to-end encryption and public safety, co-signed by representatives from the US, Australia, New Zealand, Canada, India and Japan. The statement is well written and well worth a read in full, but the central point is this:
"We call on technology companies to [...] enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight."
In other words, this is an explicit request from seven of the biggest governments in the world to mandate a backdoor in end-to-end encrypted (E2EE) communication services: a backdoor to which the authorities have a secret key, letting them view communication on demand. This is big news, and is of direct relevance to Matrix as an end-to-end encrypted communication protocol whose core team is currently centred in the UK.
Now, we sympathise with the authorities’ predicament here: we utterly abhor child abuse, terrorism, fascism and similar - and we did not build Matrix to enable it. However, trying to mitigate abuse with backdoors is, unfortunately, fundamentally flawed.
👀 👉🏼 https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors/
#matrix #uk #gov #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
matrix.org
Combating abuse in Matrix - without backdoors.
Matrix, the open protocol for secure decentralised communications
The U.S.A National Spy Agency ducks questions about 'back doors' in tech products
http://telegra.ph/Spy-agency-ducks-questions-about-back-doors-in-tech-products-10-28
https://www.reuters.com/article/us-usa-security-congress-insight/spy-agency-ducks-questions-about-back-doors-in-tech-products-idUSKBN27D1CS
Comments
https://news.ycombinator.com/item?id=24918538
#nsa #backdoors #usa #gov
http://telegra.ph/Spy-agency-ducks-questions-about-back-doors-in-tech-products-10-28
https://www.reuters.com/article/us-usa-security-congress-insight/spy-agency-ducks-questions-about-back-doors-in-tech-products-idUSKBN27D1CS
Comments
https://news.ycombinator.com/item?id=24918538
#nsa #backdoors #usa #gov
Telegraph
Spy agency ducks questions about 'back doors' in tech products
SAN FRANCISCO (Reuters) - The U.S. National Security Agency is rebuffing efforts by a leading Congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, in a controversial practice that critics…
Forwarded from BlackBox (Security) Archiv
EU anti-terrorism commissioner warns against video games and pleads for backdoors
According to Gilles de Keroche, terrorists use video games for attack preparation and communication. Platform operators should therefore hand over the plain text of encrypted messages to law enforcement agencies.
In an interview with the news agency AFP, the EU anti-terrorism commissioner demands stronger regulation of computer games. Terrorists could use them to prepare attacks and as a means of communication. Combat games are suitable for testing attack scenarios.
The Belgian emphasizes that extremists already abuse video games for propaganda purposes. Right-wing extremists in Germany in particular have developed titles in which one could shoot at Arabs, the Jewish billionaire George Soros or the German Chancellor. In addition, the politician points out the danger of money laundering via game currencies. The games sector is not problematic as a whole, he said, but from the point of view of counter-terrorism there is too little regulation.
👀 👉🏼 Translated with DeepL:
https://t3n.de/news/anti-terrorbeauftragter-eu-computerspiele-videospiele-warnung-anschlaege-hintertueren-verschluesselung-1341260
#eu #antiterrorism #videogames #encryption #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
According to Gilles de Keroche, terrorists use video games for attack preparation and communication. Platform operators should therefore hand over the plain text of encrypted messages to law enforcement agencies.
In an interview with the news agency AFP, the EU anti-terrorism commissioner demands stronger regulation of computer games. Terrorists could use them to prepare attacks and as a means of communication. Combat games are suitable for testing attack scenarios.
The Belgian emphasizes that extremists already abuse video games for propaganda purposes. Right-wing extremists in Germany in particular have developed titles in which one could shoot at Arabs, the Jewish billionaire George Soros or the German Chancellor. In addition, the politician points out the danger of money laundering via game currencies. The games sector is not problematic as a whole, he said, but from the point of view of counter-terrorism there is too little regulation.
👀 👉🏼 Translated with DeepL:
https://t3n.de/news/anti-terrorbeauftragter-eu-computerspiele-videospiele-warnung-anschlaege-hintertueren-verschluesselung-1341260
#eu #antiterrorism #videogames #encryption #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
t3n Magazin
Anti-Terrorbeauftragter der EU warnt vor Videospielen und plädiert für Hintertüren
Laut Gilles de Kerchove nutzen Terroristen Videospiele für die Anschlagsvorbereitung und zur Kommunikation.
Forwarded from BlackBox (Security) Archiv
Privacy / Interviews - Tutanota wants to file a complaint at the BGH (Federal Supreme Court)
Because of the court decision by the Regional Court of Cologne, the anonymous e-mail service Tutanota wants to bring about a decision by the highest court.
The anonymous e-mail service Tutanota wants to bring about a decision by the supreme court in response to the court ruling by the Cologne Regional Court. The company does not agree that they must provide the LKA NRW with access to unencrypted messages for individual users. However, the judgement does not indicate that the company has had a major impact on the German market to date.
The Regional Court of Cologne is forcing the cryptology service Tutanota to rebuild its technical infrastructure again. Once again, the company from Hanover is to guarantee the investigators access to individual accounts. The public prosecutor's office wants direct access to non-encrypted messages of an extortionist. Despite our current interview, we have again followed up on the incident with press spokeswoman Hanna Bozakov.
👀 👉🏼 Translated with DeepL
https://tarnkappe.info/tutanota-will-beschwerde-vor-dem-bgh-vorbringen/
#tutanota #bgh #encryption #email #backdoors #lka #interview #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Because of the court decision by the Regional Court of Cologne, the anonymous e-mail service Tutanota wants to bring about a decision by the highest court.
The anonymous e-mail service Tutanota wants to bring about a decision by the supreme court in response to the court ruling by the Cologne Regional Court. The company does not agree that they must provide the LKA NRW with access to unencrypted messages for individual users. However, the judgement does not indicate that the company has had a major impact on the German market to date.
The Regional Court of Cologne is forcing the cryptology service Tutanota to rebuild its technical infrastructure again. Once again, the company from Hanover is to guarantee the investigators access to individual accounts. The public prosecutor's office wants direct access to non-encrypted messages of an extortionist. Despite our current interview, we have again followed up on the incident with press spokeswoman Hanna Bozakov.
👀 👉🏼 Translated with DeepL
https://tarnkappe.info/tutanota-will-beschwerde-vor-dem-bgh-vorbringen/
#tutanota #bgh #encryption #email #backdoors #lka #interview #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Tarnkappe.info
Tutanota will Beschwerde vor dem BGH vorbringen
Wegen des Gerichtsurteils vom Landgericht Köln will der anonyme E-Mail-Dienst Tutanota eine höchstrichterliche Entscheidung herbeiführen.
arstechnica@mastodon.social -
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Most critical of the bugs allowed attackers to root federated instances.
The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users.
#Mastodon #backdoors #vulenerability #infosec #TootRoot
Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking
Most critical of the bugs allowed attackers to root federated instances.
The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users.
#Mastodon #backdoors #vulenerability #infosec #TootRoot
The U.K. Government Is Very Close To Eroding Encryption Worldwide | Electronic Frontier Foundation –
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
Electronic Frontier Foundation
The U.K. Government Is Very Close To Eroding Encryption Worldwide
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the
Changes to UK Surveillance Regime May Violate International Law | JusticeOrg -
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Just Security
Changes to UK Surveillance Regime May Violate International Law
Proposed changes to the UK Investigatory Powers Act 2016 may violate international human rights law.