Friday, September 16, 2016

For my Ethical Hacking students: “Told ya!” 
Researcher Shows Simple iPhone Hack FBI Said Couldn't Be Done
Earlier this year, the FBI sparked a major controversy by seeking to force Apple to develop hacking tools for breaking into iPhones.  Ultimately, the bureau backed down and found another, rather expensive way to hack into the particular iPhone in question, which had been used by one of the San Bernardino terrorists.
At the time, some security experts suggested an easier way for the FBI to bypass the iPhone’s security measures.  The FBI said the technique, which involved removing the phone’s memory chip that stored user data, wouldn’t work.
But now one of those experts has written a paper demonstrating just how easily the technique could have been used.  University of Cambridge researcher Sergei Skorobogatov says he was able to bypass the security measures that bedeviled the FBI, including the phone’s limit of 10 incorrect PIN code guesses that, if reached, would cause all data on it to be deleted.
“The process does not require any expensive and sophisticated equipment,” Skorobogatov writes.  “All needed parts are low-cost and were obtained from local electronics distributors.”

(Related) Next time: How to hack the evidence!  
How a hacker discovered that Tesla’s in-car camera retains accident footage
   Jason Hughes, a Tesla owner and a programmer by trade, became curious to find out how much data — if any — the Model S saves after his car’s automatic emergency braking system turned on to prevent a crash.  Much to his surprise, he found that basic information was stored on-board.  To dig deeper, he bought the center display unit from a wrecked Tesla Model S and began tearing it down.
   Tesla has often enumerated the features of its Autopilot suite of electronic driving aids, but it has never talked about the recording function.  Hughes points out accessing the footage isn’t a straight-forward task that the average owner can replicate.
“I kind of knew what I was looking for, since I had messed with it on my own car.  It’s not too terribly difficult.  You have to basically gain root access to the Media Control Unit (MCU), and such.  Tesla’s likely going to make that more difficult.  I won’t say it’s simple, but it’s not impossible,” he explained in an interview with Inverse.
The programmer believes that the camera’s footage is transferred to the MCU when the airbags deploy, and he adds that it’s not salvageable if the car is badly damaged.  That means footage wasn’t sent from the camera to the MCU when a Model S hit a truck in Florida last May.

Very interesting.
   It stands to reason that governments with access to vast pools of knowledge, colossal funding, and an insurmountable desire to be one step ahead of both ally and enemy would realize the value in deploying incredible sophisticated spyware and malware variants.
Let’s take a look at some of the most famous nation-state threats we’re aware of.

I’ve been working with the Privacy Foundation at the University of Denver Sturm College of Law for years.  Google never offered me an unrestricted gift. 
Great reporting by Sam Biddle on Google’s entrenchment in privacy scholarship.  Why isn’t there more transparency and disclosure by the researchers, though?  Sam reports:
In January, academic-turned-regulator Lorrie Cranor gave a presentation and provided the closing remarks at PrivacyCon, a Federal Trade Commission event intended to “inform policymaking with research,” as she put it.  Cranor, the FTC’s chief technologist, neglected to mention that over half of the researchers who presented that day had received financial support from Google — hardly a neutral figure in the debate over privacy.  Cranor herself got an “unrestricted gift” of roughly $350,000 from the company, according to her CV.
Virtually none of these ties were disclosed, so Google’s entanglements at PrivacyCon were not just extensive, they were also invisible.
Read more on The Intercept.

Serious disruption for Western Union?
Fintech Firm Ripple Gets $55 Million In Funding
Ripple, the San Francisco-based startup building a bitcoin-like payments platform aimed at banks, announced a $55 million Series B funding round on Tuesday, bringing its total capital to about $93 million.
The move makes it one of the best capitalized startups in the blockchain industry, where firms use so-called open ledgers to solve a wide variety of technology challenges.
   At $93 million, Ripple trails only Circle Internet Financial ($136 million), 21 Inc. ($121 million), and Coinbase ($116 million) in terms of capital raised among bitcoin and blockchain firms, according to news and research site Coindesk.  Funding in the sector appears to have slowed down recently.
   “The banks don’t like showing their aggregate data to the world,” he said.  What Ripple has developed is a system, which it calls interledger, that allows banks to transact with each other directly, without any public ledger that would record and transmit the data.
The immediate focus is on cross-border transfers, a process that is currently cumbersome and generally expensive, and what Ripple describes as high-volume, low-value transactions, in other words, generally smaller transactions like, for example, payments on Amazon and other online platforms, or rides in Uber cars.
Mr. Larsen said the firm currently has 10 of its clients using the product commercially, with another 30 working on integrating Ripple into their systems.  He expects more of these banks to go live on the platform this year, and start marketing their new, Ripple-based products in 2017.
“I think the tipping point has been reached,” Mr. Larsen said.

I’m not surprised they want to do it.  I am surprised it is so cheap!  (Or am I misreading this article?)
EU’s digital market rules land vowing free Wi-Fi, 5G tech, and copyright overhaul
The European Commission has promised free Wi-Fi in every town, village, and city in the European Union, in the next four years.
A new grant, with a total budget of €120 million, will allow public authorities to purchase state-of-the art equipment, for example a local wireless access point.  If approved by the European Parliament and national ministers the cash could be available before the end of next year.
The commission has also set a target for all European households to have access to download speeds of at least 100Mbps by 2025, and has redefined Internet access as a so-called universal service, while removing obligations for old universal services such as payphones.
It also envisions fully deploying 5G, the fifth generation of mobile communication systems, across the European Union by 2025.

Why my IT Architects need to “think mobile.”
How Mobile Has Changed How People Get Things Done: New Consumer Behavior Data
   To get a better understanding of how people meet their needs in a world of limitless online and offline options, we collaborated with the research firm, Purchased.  All of the findings presented here are from this research study.
   we learned how consumers choose—both online and offline—to navigate their I-want-to-know, I-want-to-go, I-want-to-do, and I-want-to-buy moments.

No comments: