Security

Link

Cellebrite Releases Report of Digital Intelligence Trends 2020

Andrew Orr ·

Forensics company Cellebrite, mainly known for its iPhone hacking capabilities, released a report of top digital intelligence trends for 2020. One thing that stuck out at me:

…over 70 percent of officers are still asking witnesses and victims to surrender their devices…However, most people do not want to have their primary communication device taken away for an indefinite period. To combat this issue, 67 percent of agency management believe that mobility technology is important or very important to the agency’s long-term digital evidence strategy and 72 percent of investigators believe it is important to conduct in-the-field extractions of this data.

In other words, it sounds to me like LE wants the capability to extract data from devices on site, instead of sending it to a lab. Fast action is important for LE, but it may also be too fast for people to think about those pesky rights they have before handing their phone over.

Link

Grayshift Increases Price as it Struggles to Hack iPhones

Andrew Orr ·

iOS forensics company Grayshift was forced to raise its prices last year, noting that “Forensic Access to iOS continues to increase in difficulty and complexity.”

“I think it’s going to get harder and harder to find these kinds of unlocking flaws, because Apple does control the entire stack,” Alex Stamos, director of the Stanford Internet Observatory and former Facebook chief security officer, previously told Motherboard. “I think a couple more hardware revisions of understanding the ways that these unlocks are happening and [Apple is] going to make it extremely difficult. Which then will bring this debate back…”

It’s a complex issue. On one hand it’s good news for Apple customers. On the other hand, it makes the government is fight tooth and nail to take away our security.

Link

Shadowserver Keeps the Web Safe. Now it Needs Help

Andrew Orr ·

A small nonprofit organization called Shadowserver helps keep the web safe. It scans almost the entire internet to create activity reports for network operators. It also hosts a database of 1.2 billion malware samples, freely accessible to everyone. But it needs to raise money to stay in operation.

For more than 15 years, Shadowserver has been funded by Cisco as an independent organization. But thanks to budget restructuring, the group now has to go out on its own. Rather than seek a new benefactor, founder Richard Perlotto says the goal is for Shadowserver to become a fully community-funded alliance that doesn’t rely on any one contributor to survive. The group needs to raise $400,000 in the next few weeks to survive the transition, and then it will still need $1.7 million more to make it through 2020…

I had never heard of Shadowserver but it’s clear the organization is important. You can become a sponsor to donate money here.

Link

56 Apps Spy on Your Clipboard and Apple Doesn’t Care

Andrew Orr ·

Researchers found 56 apps that are spying on the iOS clipboard/pasteboard, like TikTok, New York Times, Fruit Ninja, and more. There are undoubtedly many more apps engaging in this behavior. And as I wrote in February, Apple doesn’t think it’s a problem.

We found that many apps quietly read any text found in the pasteboard every time the app is opened. Text left in the pasteboard could be as simple as a shopping list, or could be something more sensitive: passwords, account numbers, etc.

Link

Sneak Peek: Here’s How a NordVPN Server Works

Andrew Orr ·

TechRadar Pro teamed up with NordVPN to give people an idea of what exactly goes on inside of a VPN server. It’s a fascinating glimpse into a technology ever-growing in popularity.

The session revealed that NordVPN’s Linux servers are configured with various tools that enhance security, privacy, and authentication. FreeRADIUS is used for authentication, while the squid proxy software is also used. SaltStack is used for correct server configuration, controlling the infrastructure.

Link

How Worried Should You Be About Public USB Charging Stations?

Andrew Orr ·

Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.

Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.

Link

A Database of 500 iPhones Cops Tried to Unlock

Andrew Orr ·

Motherboard built a database of over 500 iPhones that law enforcement have tried to unlock. Many of them weren’t able to be unlocked at all.

Out of 516 analyzed cases, 295 were marked as executed. Officials from the FBI, DEA, DHS, Homeland Security and Investigations, the Bureau of Alcohol, Tobacco, Firearms and Explosives were able to extract data from iPhones in investigations ranging from arson, to child exploitation, to drug trafficking. And investigators executed warrants against modern iPhones, not just older models.

As mentioned, this provides useful data instead of the usual anecdotes. You can find the database here.

Link

Careless ‘Whisper’ Leaks Years of User Data

Andrew Orr ·

Whisper, an app for people to share their secrets, exposed user data like age, location, and more for years.

The records were viewable on a non-password-protected database open to the public Web. A Post reporter was able to freely browse and search through the records, many of which involved children: A search of users who had listed their age as 15 returned 1.3 million results.

The cybersecurity consultants Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security, said they were able to access nearly 900 million user records from the app’s release in 2012 to the present day.

You can never be 100% secure but at least put a damn password on your server.

Link

Do You Own a Tesla? It’s Vulnerable to Hacking

Andrew Orr ·

Security experts found that Teslas are vulnerable to certain kinds of hacks. One expert, Brian DeMuth, said there are no easy ways to prevent it, but you can take some measures.

There are a few things that can reduce the risk if you are willing to accept diminished functionality in the car. For example, the telematics unit can be removed from the vehicle to eliminate attacks over the cellular network, but this also will prevent mobile apps and other remote functionality from working. Removing the telematics unit could also trigger warnings and other errors to appear in the instrument cluster or infotainment system.

Link

Patch Your Netgear Router Because it Could Get Hacked

Andrew Orr ·

Netgear is pushing out security patches for its networking products this week. They contain flaws that could open them up to hackers.

Modem/routers:

D6200, D6220, D6400, D7000, D7000v2, D7800, D8500

Range extenders:

PR2000

Routers:

JR6150, R6120, R6220, R6230, R6250, R6260, R6400, R6400v2, R6700, R6700v2, R6700v3, R6800, R6900,  R6900P, R6900v2, R7000, R7000P,  R7100LG, R7300DST, R7500v2, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R9000, RAX120, RBR20 (Orbi), RBS20 (Orbi), RBK20 (Orbi), RBR40 (Orbi), RBS40 (Orbi), RBK40 (Orbi), RBR50 (Orbi), RBS50 (Orbi), RBK50 (Orbi), XR500, XR700

Link

Someone Hacked J.Crew Last Spring and we Only Find Out Today

Andrew Orr ·

According to a notice [PDF] from J.Crew, someone hacked the company last year. For some reason we’re only finding out about it today, a year later.

“The information that would have been accessible in your jcrew.com account includes the last four digits of credit card numbers you have stored in your account, the expiration dates, card types, and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders,” J.Crew’s data breach notification explains.

You know, sometimes when I write about this stuff, like Facebook doing every bad thing under the sun with our data, I stop and think: “Am I just a cynical a**hole?” Then, when yet another idiot company has a data breach, I realize, no I’m just reporting reality. These companies deserve to be named and shamed.

Link

How to Create a Honeypot URL With URL Canary

Andrew Orr ·

A service I recently discovered is URL Canary. It creates a honeypot URL that you can then put in a location such as your cloud storage. It alerts you if that URL has been accessed.

URL Canary will catch automated robots and crawlers, as well as manual human attackers. The only time it won’t catch an attacker is if they don’t see the canary, or they don’t find it sufficiently-compelling and opt not to visit it. Since you have control of the URL and the domain name, you can make your canaries as compelling as possible for your specific use case.

There’s a similar service I know of called CanaryTokens.

Link

MI5 Chief Wants ‘Exceptional Access’ to Encrypted Messages

Andrew Orr ·

Sir Andrew Parker is the head of MI5, the UK’s domestic security service. He wants tech firms to provide “exceptional access” to encrypted messages.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

Bah, this is smoke and mirrors. As the head of a security agency he knows that restricting backdoors to the good guys is impossible.