Mac security researcher Jaron Bradley says he believes hackers are still using an open source macOS backdoor called “Tiny SHell.”
Tinyshell is an open source tool that operates like a shady version of SSH. It’s been a while since I’ve encountered a new sample, but I fully believe attackers are still out there using it. If you watched the Macdoored talk then you’ve seen what attackers are doing “post mortem” with this tool. However, no technical details have been discussed about the malware itself.
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss Huawei’s access to 5G networks, and Bryan “shows” Split-Screen on iPad.
Although the U.S. hasn’t shared it publicly, it claims to have found actual evidence of Huawei backdoors.
The United States has long claimed that Huawei can secretly access networks through the networking gear it sells to telcos, but the goverment previously argued that it doesn’t need to show any proof. US officials still are not providing such evidence publicly but have begun sharing their intelligence with other countries.
The best part is that, according to The Wall Street Journal, the origin of this report, these backdoors were intentionally put into place for law enforcement. And yet, the DoJ wants Apple to put backdoors in iOS that they swear can only be accessed by law enforcement, and definitely not foreign state hacking groups.
Hardware researcher Vladislav Yarmak found a Huawei equipment backdoor used in video recorders and security cameras.
To be clear, this security vulnerability is said to be present in the software HiSilicon provides with its system-on-chips to customers. These components, backdoor and all, are then used by an untold number of manufacturers in network-connected recorders and cameras.
It’s not a major threat, or anything people need to fret about, it’s just another indicator of Huawei’s piss-poor approach to security.
AKA do not let Huawei build your 5G infrastructure.
The RubyGems package repository removed 18 backdoors from Ruby 11 software libraries meant to launch secret cryptocurrency mining.
U.S. Attorney General William Barr suggested that Americans should just accept encryption backdoor security risks (via TechCrunch). Encryption Backdoor Risks In a speech today, William Barr called on tech companies to help the federal government to access devices with a lawful order. In other words, ignore the security risks and put a backdoor into their…
A report from Bloomberg says software flaws found in Vodafone’s Huawei equipment back in 2011-2012 were backdoors. Vodafone, while admitting that the equipment did have security flaws, denies that Huawei could have used them as such.
The issues in Italy identified in the Bloomberg story were all resolved and date back to 2011 and 2012. The ‘backdoor’ that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet. Bloomberg is incorrect in saying that this ‘could have given Huawei unauthorised access to the carrier’s fixed-line network in Italy’.
The BBC article is worth the read. Also keep in mind that this isn’t the first time Bloomberg has reported on alleged backdoors by a Chinese company. They provided no evidence the first time and so far have refused to issue a retraction.
Researchers uncovered a GitHub code ring made up of 89 accounts promoting 73 repos that contain over 300 apps with backdoors.
You can’t simultaneously have strong end-to-end encryption and a way to break or circumvent that encryption.
The Electronic Frontier Foundation (EFF) is backing the the Secure Data Act, proposed legislation the EFF says would stop government-mandated backdoors.
The Mac Observer has some best practices to make sure you’re safe from phishing attacks:
By “evil genius stuff” he of course refers to mathematics. That’s what encryption is, just a bunch of fancy math.
When politicians propose that Apple build a backdoor into the iPhone for law enforcement, we write off their idea as ill-informed. So why do they persist?