The creator of Signal hacked a notorious device to crack phones
[ad_1]
This week, Apple the spring product launch event against one of its suppliers, Quanta Computer, was a ransomware attack. This is noteworthy because it involves the release of Apple and secret schemes, but also because it represents a crossroads numerous alarming trends in digital extortion.
In new hacks next to Apple, it was discovered by Facebook researchers The Palestinian-affiliated group built custom malware to attack iOS, hidden within a functional messaging application. Victims had to visit a third-party app store to install malicious software, but hackers used social engineering techniques to trick them. And speaking of Facebook, the social media giant has been involved in another data exposure, this time email addresses of millions of users who set this information as “private” in their settings. This The mistake allowed Facebook users to extract 500 million phone numbers this was released earlier this month.
We also saw a bug that was fixed in the Clubhouse it would allow people to stay invisible in rooms like ghosts and even to cause a racket, the moderator cannot mute or expel them.
And there is more! We collect weekly news that WIRED did not cover in depth. Click on the titles to read the full story. And safe away.
In December, the Cellebrite forensic company, which helps authorities enter and extract data from iPhones and Android devices.claim Signal data could be accessed. This was the wrong direction; he did not weaken Strong signal encryption rather it added support for the file types that the signal uses to its Physical Analyzer tool. The distinction matters quite a bit. Cellebrite will basically be able to access Signal messages after holding and unlocking the phone, which is it will be dangerous with encrypted messaging applications.
Forward to this week, when Signal is the creator Moxie Marlinspike published a blog post This sets out Cellebrite’s highly successful phone hacking device. What he found: a lot of vulnerabilities, including the application of a specially formatted file on a scanned phone to the extent that an application could endanger the Cellebrite machine. Marlinspike suggests that the damaged Cellebrite hardware could not be disturbed by the data, looking forward to overshadowing the company’s forensic reports.
That was a short version already, but an even shorter version is that Signal invented the idea of confusing it with one of the most widely used companies for cracking phones, and that it wasn’t so subtle. Fun times!
Security in Apple’s iOS App Store has taken center stage in recent months as a video game developer It challenges Epic’s business model and Congress continues to examine the anti-monopoly implications. Is it one thing to prove that it is not so good? Identify and stop obvious scams. A developer named Kosta Eleftheriou has undertaken to do this work, marking multiple multi-million dollar schemes in recent months. Verge did a snooping on her own and found that undoing scams was as easy as scrolling through the app’s largest app store. The scams are hidden from view.
It’s healthy to treat LinkedIn requests with suspicion on a personal level. But MI5 warned this week that UK citizens should also be careful about raising foreign spies as a friendly connection. They have suggested 10,000 cases in recent years, as false profiles have targeted people in government and sensitive industries, using privileged information techniques to use social engineering techniques. Activity is also not limited to the UK; The US, Canada, Australia and New Zealand have had some version of this rise. Expand your network, for sure, but be careful.
The extent of face recognition technology Like Clearview AIs and location data generated by applications law enforcement efforts on your phone have been pushed out of control in recent years. It wants to fix a new bill with extensive bilateral support that was introduced this week. The fourth amendment, which is not on sale, would address both laws, ordering the court to obtain broker location data and prohibit agencies from hiring companies that obtained their data illegally. (Clearview AI, for example, built its image database by dragging social media companies, which is a clear violation of the terms of service.) And yes, it may be surprising that these practices are not only legal but also commonplace today.
More great KABEKO stories
[ad_2]
Source link