Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Powered by WPeMatico
Category: backdoors
Auto Added by WPeMatico
General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 … Read More “Intentional Flaw in GPRS Encryption Algorithm GEA-1” »
For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the … Read More “FBI/AFP-Run Encrypted Phone” »
Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will … Read More “Bizarro Banking Trojan” »
Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the … Read More “Backdoor Found in Codecov Bash Uploader” »
Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internet’s websites use PHP, it’s scary. Developers … Read More “Backdoor Added — But Found — in PHP” »
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. … Read More “Chinese Supply-Chain Attack on Computer Systems” »
Zoom was doing so well…. And now we have this: Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to decipher communications. “Free users for sure we don’t want to give that because … Read More “Zoom’s Commitment to User Security Depends on Whether you Pay It or Not” »
This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from … Read More “Another Story of Bad 1970s Encryption” »
Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy … Read More “Security and Privacy Implications of Zoom” »