UK cops beat phone encryption by "mugging" suspect after he unlocked his phone

_92805318_n267-2016-yew

Detectives from Scotland Yard's cybercrime unit decided the easiest way to get around their suspect's careful use of full-disk encryption and strong passphrases on his Iphone was to trail him until he made a call, then "mug" him by snatching his phone and then tasking an officer to continuously swipe at the screen to keep it from going to sleep, which would reactivate the disk encryption. Read the rest

The hacker who took over San Francisco's Muni got hacked

lenovo-victim

Last week, the San Francisco Municipal Light Rail system (the Muni) had to stop charging passengers to ride because a ransomware hacker had taken over its network and encrypted the drives of all of its servers. Read the rest

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

050-056c026d-1c66-4d42-9fae-a8

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest

How to defend your digital rights: street protest edition

og-protesters-1

The Electronic Frontier Foundation's Digital Security Tips for Protesters builds on its indispensable Surveillance Self Defense guide for protesters with legal and technical suggestions to protect your rights, your data, and your identity when protesting. Read the rest

UAE surveillance contractor is recruiting an army of foreign hackers to break into its citizens' devices

faisal-al-bennai-article-1

The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor -- but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance. Read the rest

Audit reveals significant vulnerabilities in Truecrypt and its successors

050-056c026d-1c66-4d42-9fae-a8

Veracrypt was created to fill the vacuum left by the implosion of disk-encryption tool Truecrypt, which mysteriously vanished in 2014, along with a "suicide note" (possibly containing a hidden message) that many interpreted as a warning that an intelligence agency had inserted a backdoor into the code, or was attempting to force Truecrypt's anonymous creators to do so. Read the rest

Digital Defenders: a free open-licensed booklet for kids about privacy and crypto

050-056c026d-1c66-4d42-9fae-a8

European Digital Rights has created a free, CC-licensed kids' booklet about privacy called Digital Defenders. Read the rest

Wikileaks: a "state party" has cut off Julian Assange's primary internet access

pliers-1031982_960_720

Late yesterday, the @wikileaks account tweeted "Julian Assange's internet link has been intentionally severed by a state party. We have activated the appropriate contingency plans." Read the rest

Cryptpad: a free/open, end-to-end encrypted, zero-knowledge shared text editor

050-056c026d-1c66-4d42-9fae-a8

Tools like Etherpad and Google Docs are transformative ways to collaborate on text (including code); I've used them in contexts as varied as making unofficial transcripts of statements at UN agencies to liveblogging conference presentations -- but they all share a weakness, which is that whomever owns the document server can see everything you're typing. Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten

iC1yJL.kSM3w

Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

Join me at EFF's 25th Pioneer Awards in San Francisco next Wednesday

pioneer-650-banner-2

Nicole from EFF writes, "The Electronic Frontier Foundation is excited to host the 2016 Pioneer Awards in San Francisco next Wednesday, September 21 at Delancey Street’s Town Hall Room." Read the rest

Help wanted: Director of Technology Policy for Consumer Reports

050056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1177

This is a pretty amazing vacancy: "You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products while being protected by privacy policies regulating the collection, use, and storage of their data. This is a chance to build something big, meaningful, and new." Read the rest

The Tor Project's social contract: we will not backdoor Tor

Magna_Carta_(British_Library_Cotton_MS_Augustus_II.106)

I first encountered the idea of "social contracts" for software projects in Neal Stephenson's seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: "As far as I know, Debian is the only Linux distribution that has its own constitution." Read the rest

100 million VWs can be unlocked with a $40 cracker (and other cars aren't much better)

Screen-Shot-2016-08-10-at-11.34.18-AM

In Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems, a paper given at the current Usenix Security conference in Austin, researchers with a proven track record of uncovering serious defects in automotive keyless entry and ignition systems revealed a technique for unlocking over 100,000 million Volkswagen cars, using $40 worth of hardware; they also revealed a technique for hijacking the locking systems of millions of other vehicles from other manufacturers. Read the rest

DoJ to judges: use Tor to protect your internet connection

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1154

This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers. Read the rest

BBC will use surveillance powers to sniff Britons' wifi and find license-cheats

BLW_TV_Detector_Van (1)

If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account). Read the rest

Spoofing GPS is surprisingly easy; detecting it is surprisingly hard

Mjc5MDkzOQ

GPS security is increasingly implicated in both physical and information security: from steering a super-yacht (or a super-tanker) into pirate-friendly waters to diverting self-driving cars or even unlocking geo-tagged tokens and AR game objectives. Read the rest

More posts