Posts Tagged: hacking
Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking
Indian authorities allied with Prime Minister Narendra Modi have questioned Apple on the accuracy of its internal threat algorithms and are now investigating the security of its devices, according to The Washington Post. Officials apparently targeted the company after it warned journalists and opposition politicians that state-sponsored hackers may have infiltrated their devices back in October. While Apple is under scrutiny for its security measures in the eyes of the public, the Post says government officials were more upfront with what they wanted behind closed doors.
They reportedly called up the company's representatives in India to pressure Apple into finding a way to soften the political impact of its hacking warnings. The officials also called in an Apple security expert to conjure alternative explanations for the warnings that they could tell people — most likely one that doesn't point to the government as the possible culprit.
The journalists and politicians who posted about Apple's warnings on social media had one thing in common: They were all critical of Modi's government. Amnesty International examined the phone of one particular journalist named Anand Mangnale who was investigating long-time Modi ally Gautam Adani and found that an attacker had planted the Pegasus spyware on his Apple device. While Apple didn't explicitly say that the Indian government is to blame for the attacks, Pegasus, developed by the Israeli company NSO Group, is mostly sold to governments and government agencies.
The Post's report said India's ruling political party has never confirmed or denied using Pegasus to spy on journalists and political opponents, but this is far from the first time its critics have been infected with the Pegasus spyware. In 2021, an investigation by several publications that brought the Pegasus project to light found the spyware on the phones of people with a history of opposing and criticizing Modi's government.
This article originally appeared on Engadget at https://www.engadget.com/apple-reportedly-faces-pressure-in-india-after-sending-out-warnings-of-state-sponsored-hacking-073036597.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
America’s original hacking supergroup creates a free framework to improve app security
Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, has options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet.
“We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”
Similar to other privacy products like Tor, cDc said there’s no profit motive behind the product, which was created “to promote ideals without the compromise of capitalism.” The group emphasized the focus on building for good, not profit, by throwing slight shade at a competing conference for industry professionals, Black Hat, held in Las Vegas at the same time as DEF CON. “If you wanted to go make a bunch of money, you’d be over at Black Hat right now,” Bowden said to the audience of hackers.
The design standards behind Veilid are “like Tor and IPFS had sex and produced this thing,” cDc hacker Christien “DilDog” Rioux said at DEF CON. Tor is the privacy-focused web browser best known for its connections to the “dark web,” or unlisted websites. Run as a non-profit, the developers behind Tor run a system that routes web traffic through various “tunnels” to obscure who you are and what you’re browsing on the web. IPFS, or the InterPlanetary File System, is an open-source set of protocols behind the internet, mainly used for file sharing or publishing data on a decentralized network.
The bigger Veilid gets, the more secure it will be as well, according to Rioux. The strength doesn’t come from the number of apps made on the framework, but by how many people use the apps to further the routing of nodes that make up the network. “The network gains strength by a single popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem not just your app.” In the presentation, cDc likened the nodes to mutual aid in the sense that they work to strengthen and support each other to make the entire network more secure.
Rious explained that VLD0 will be the cryptography — the protocols that keep information secure — behind Veilid. It’s a mix of existing cryptography frameworks, like Ed25519 to support authentication efforts and xChaCha20-Poy1305 as its 192-bit encryption support. But, recognizing that advancing technology will change cryptography needs over time, cDc already has a plan to handle updates. “Every new version of our crypto system is supported alongside the old ones” so that there are no gaps in security, Rioux said. cDc also put other measures in place like anti-spoofing, end-to-end encryption even at rest and data protection even if you lose your device.
Veiled and cDc aim to build an approachable internet with fewer ads and more privacy, according to Bowden. Veilid Chat, a messaging app similar to Signal, will be the first app built on the framework. You’ll be able to sign up without using a phone number, to decrease personal identifiers, Bowden told Engadget in an email.
cDc is currently in the process of putting together a community and foundation to support the project. “There are a lot of folks who can’t see past web3 as far as privacy (we are more like the web2 we should have had), and really can’t process the idea that we’re doing this without a profit motive,” Bowden said.
Known as the “original hacking supergroup,” cDc’s most noted accomplishments include inventing hacktivism, helping to develop Tor and pushing top companies to take privacy seriously. Notable members include former US representative from Texas, Beto O'Rourke.
This article originally appeared on Engadget at https://www.engadget.com/americas-original-hacking-supergroup-creates-a-free-framework-to-improve-app-security-190043865.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Commerce Department limits sale of hacking tools to Russia and China
The US Commerce Department has announced new rules related to the export and resale of cyber intrusion software. Once the limits come into effect in 90 days, companies that want to sell their hacking tools to countries “of national security or weapons of mass destruction concern” will need to obtain a license from the department’s Bureau of Industry and Security (BIS). The policy also covers nations that are under a US arms embargo.
Per The Washington Post, the rule is complicated. There are already many limitations on the export of intrusion software. Similarly, there are opportunities for companies to obtain exceptions. The main point is that the policy would cover the sale of software to countries like China and Russia. It would also limit the sale of programs like NSO’s Pegasus spyware, which some governments have used to target dissidents and journalists.
“The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that US companies are not fueling authoritarian practices,” the Commerce Department said.
Among the 42 countries involved in the Wassenaar Arrangement, a pact that sets voluntary export controls on military and dual-use technologies, the US is one of the last to impose limits on the sale of hacking software. Part of the reason for that is that the country has spent years working on the rules to ensure they don’t prevent cybersecurity researchers across the globe from working together to discover new flaws.
US arrests two members of console hacking group Team Xecuter
Two members of Team Xecuter, a group that develops and sells devices that allow people to play pirated copies of games on their consoles, are in FBI custody. On Friday, the Department of Justice said Max Louarn, a 48-year-old French national, and Gar…
Engadget RSS Feed
Brazilian judge dismisses hacking charges against journalist Glenn Greenwald
Engadget RSS Feed
Uber and LinkedIn attackers plead guilty to hacking and extortion
Engadget RSS Feed
[TA Deals] Save big on the 2019 Ethical Hacking Master Class bundle (99% off)
Ethical hacking is a skill in high demand right now, especially with the reliance on network infrastructure for even the smallest apps and services. The best way to figure out how to make something secure is to figure out how to break into it first, and that’s exactly what the 2019 Ethical Hacking Master Class […]
Come comment on this article: [TA Deals] Save big on the 2019 Ethical Hacking Master Class bundle (99% off)
[TA Deals] Pick up the Ethical Hacking A to Z bundle for just $19 right now
Ethical hacking is a skill in high demand right now, especially with the reliance on network infrastructure for even the smallest apps and services. The best way to figure out how to make something secure is to figure out how to break into it first, and that’s exactly what the Ethical Hacking A to Z […]
Come comment on this article: [TA Deals] Pick up the Ethical Hacking A to Z bundle for just $ 19 right now
FDA recalls close to half-a-million pacemakers over hacking fears
Turns out former Vice President (and erratic shooter) Dick Cheney was right all along: Your heart can be hacked. At least if you have a pacemaker, that is. On Tuesday, the FDA recalled 465,000 of the medical devices — the ones that help control your…
Engadget RSS Feed