Researcher Shows Simple iPhone Hack FBI Said Couldn't Be Done
Earlier this year, the FBI sparked a major controversy by
seeking to force Apple to develop hacking tools for breaking into iPhones. Ultimately, the bureau backed down and found
another, rather
expensive way to hack into the particular iPhone in question, which had
been used by one of the San Bernardino terrorists.
At the time, some security experts suggested an easier way
for the FBI to bypass the iPhone’s security measures. The FBI said the technique, which involved
removing the phone’s memory chip that stored user data, wouldn’t work.
But now one of those experts has written a paper
demonstrating just how easily the technique could have been used. University of Cambridge researcher Sergei
Skorobogatov says he was able to bypass the security measures that bedeviled
the FBI, including the phone’s limit of 10 incorrect PIN code guesses that, if
reached, would cause all data on it to be deleted.
“The process does not require any expensive and
sophisticated equipment,” Skorobogatov writes. “All needed parts are low-cost and were
obtained from local electronics distributors.”
(Related) Next time: How to hack the evidence!
How a hacker discovered that Tesla’s in-car camera retains
accident footage
… Jason Hughes, a
Tesla owner and a programmer by trade, became curious to find out how much
data — if any — the Model S saves after his car’s automatic emergency
braking system turned on to prevent a crash. Much to his surprise, he found that basic
information was stored on-board. To dig
deeper, he bought the center display unit from a wrecked Tesla Model S and
began tearing it down.
… Tesla has often
enumerated the features of its Autopilot suite of electronic driving aids, but
it has never talked about the recording function. Hughes points out accessing the footage isn’t
a straight-forward task that the average owner can replicate.
“I kind of knew what I was looking for, since I had messed
with it on my own car. It’s not too
terribly difficult. You have to basically
gain root access to the Media Control Unit (MCU), and such. Tesla’s likely going to make that more
difficult. I won’t say it’s simple, but
it’s not impossible,” he explained in an interview with Inverse.
The
programmer believes that the camera’s footage is transferred to the MCU when
the airbags deploy, and he adds that it’s not salvageable if the car
is badly damaged. That means footage
wasn’t sent from the camera to the MCU when a Model S hit a truck in
Florida last May.
Very interesting.
… It stands to
reason that governments with access to vast pools of knowledge, colossal
funding, and an insurmountable desire to be one step ahead of both ally and
enemy would realize the value in deploying incredible sophisticated spyware and
malware variants.
Let’s take a look at some of the most famous nation-state
threats we’re aware of.
I’ve been working with the Privacy Foundation at the University
of Denver Sturm College of Law for years.
Google never offered me an unrestricted gift.
Great reporting by Sam Biddle on Google’s entrenchment in
privacy scholarship. Why isn’t there
more transparency and disclosure by the researchers, though? Sam reports:
In January,
academic-turned-regulator Lorrie Cranor gave a presentation and
provided the closing remarks at PrivacyCon, a Federal Trade Commission event
intended to “inform policymaking with research,” as she put it. Cranor, the FTC’s chief technologist,
neglected to mention that over half of the researchers who presented that day
had received financial support from Google — hardly a neutral figure in
the debate over privacy. Cranor
herself got an “unrestricted gift” of roughly $350,000 from the
company, according to her CV.
Virtually none of these ties were
disclosed, so Google’s entanglements at PrivacyCon were not just extensive,
they were also invisible.
Read more on The
Intercept.
Serious disruption for Western Union?
Fintech Firm Ripple Gets $55 Million In Funding
Ripple, the San Francisco-based startup building a
bitcoin-like payments platform aimed at banks, announced a $55 million Series B
funding round on Tuesday, bringing its total capital to about $93 million.
The move makes it one of the best capitalized startups in
the blockchain industry, where firms use so-called open ledgers to solve a wide
variety of technology challenges.
… At $93 million,
Ripple trails only Circle Internet Financial ($136 million), 21 Inc. ($121
million), and Coinbase ($116 million) in terms of capital raised among bitcoin
and blockchain firms, according to news and research site Coindesk. Funding in the sector appears to have slowed
down recently.
… “The banks don’t
like showing their aggregate data to the world,” he said. What Ripple has developed is a system, which
it calls interledger, that allows banks to transact with each other directly,
without any public ledger that would record and transmit the data.
The immediate focus is on cross-border transfers, a
process that is currently cumbersome and generally expensive, and what Ripple
describes as high-volume, low-value transactions, in other words, generally
smaller transactions like, for example, payments on Amazon and other online platforms,
or rides in Uber cars.
Mr. Larsen said the firm currently has 10 of its clients
using the product commercially, with another 30 working on integrating Ripple
into their systems. He expects more of
these banks to go live on the platform this year, and start marketing their
new, Ripple-based products in 2017.
“I think
the tipping point has been reached,” Mr. Larsen said.
I’m not surprised they want to do it. I am surprised it is so cheap! (Or am I misreading this article?)
EU’s digital market rules land vowing free Wi-Fi, 5G tech,
and copyright overhaul
The European Commission has promised free Wi-Fi in every
town, village, and city in the European Union, in the next four years.
A new grant, with a total
budget of €120 million, will allow public authorities to purchase
state-of-the art equipment, for example a local wireless access point. If approved by the European Parliament and
national ministers the cash could be available before the end of next year.
The commission has also set a target for all European households
to have access to download speeds of at least 100Mbps by 2025, and has
redefined Internet access as a so-called universal service, while removing
obligations for old universal services such as payphones.
It also envisions fully deploying 5G, the fifth generation
of mobile communication systems, across the European Union by 2025.
Why my IT Architects need to “think mobile.”
How Mobile Has Changed How People Get Things Done: New
Consumer Behavior Data
… To get a better
understanding of how people meet their needs in a world of limitless online and
offline options, we collaborated with the research firm, Purchased. All of the findings presented here are from
this research study.
… we learned how
consumers choose—both online and offline—to navigate their I-want-to-know,
I-want-to-go,
I-want-to-do,
and I-want-to-buy
moments.
No comments:
Post a Comment