My Weekly RoundUp #78
Interesting things in the last week! A stupid Facetime bug causes some privacy problems, Facebook facing a controversy with an iOS app and…apparently someone already knows Game Of Thrones finale!
Disable FaceTime Now! Bug Lets Callers Snoop On You Without Permission
A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call.https://www.bleepingcomputer.com/news/security/disable-facetime-now-bug-lets-callers-snoop-on-you-without-permission/
To use this bug, a caller would FaceTime another person who has an iOS device and before the recipient answers, add themselves as an additional contact to Group FaceTime. This will cause the microphone of the person you are calling to turn on and allow the caller to listen to what is happening in the room. Even worse, if the person that is being called presses the power button to mute the FaceTime call, the front facing camera would turn on as well.
Siri Shortcuts Can Be Abused by Attackers
With Apple’s introduction of iOS 12 for all their supported mobile devices came a powerful new utility for automation of common tasks called Siri Shortcuts. This new feature can be enabled via third-party developers in their apps, or custom built by users downloading the shortcuts app from the app store. Once downloaded and installed, the Shortcuts app grants the power of scripting to perform complex tasks on users’ personal devices.https://securityintelligence.com/hey-siri-get-my-coffee-hold-the-malware/
But accessing the phone from Siri Shortcuts also presents some potential security risks that were discovered by X-Force IRIS and reported to Apple’s security team. This post gives some insight into potential attack scenarios using Shortcuts and reminds users that keeping a tight lid on app permissions is a critical step to upping security on devices and the way we use them
U.S. intelligence officials question Canada’s ability to test China’s Huawei for security breaches
Senior officials overseeing U.S. cyberintelligence expressed strong skepticism over Canada’s recent declaration that it possesses sufficient safeguards to address the risk of cyberespionage through devices made by Chinese telecom equipment maker Huawei.https://www.theglobeandmail.com/politics/article-us-intelligence-officials-question-canadas-ability-to-test-chinas/
Top officials from the cyberpolicy office of Defence Secretary Jim Mattis, the FBI and the U.S. State Department’s Office of the Co-ordinator of Cyber Issues convened in Washington last week to discuss cyberthreats, according to Pierre Paul-Hus, the Conservative Party’s national-security critic, and Christopher Parsons, a research associate at the Munk School’s Citizen Lab at the University of Toronto, who both attended the meetings.
Facebook shut down its controversial market research app for iOS
Facebook will end a controversial market research program that violated Apple developer guidelines in order to harvest user data from the phones of volunteers. The company said early Wednesday evening that the Facebook Research app, which offers volunteers between the ages of 13 and 35 monthly $20 gift cards in exchange for near-total access to the data on their phones, would no longer be available on iOS. It will apparently continue to be available for Android users.https://www.theverge.com/facebook/2019/1/30/18203349/facebook-research-app-apple-shutdown
TechCrunch reported on Tuesday that the company has been paying the gift cards to people aged 13 to 35 in exchange for installing an app called Facebook Research on iOS and Android. The app monitors their phone and web activity and sends it back to Facebook for market research purposes.
The 5G Protocol May Still Be Vulnerable to IMSI Catchers
The upcoming 5G protocol for cellular communications promised many improvements over the current 4G standard, including a claim that it would protect mobile users from cell-site simulators. But here’s the catch: new research suggests that it won’t. Researchers from ETH Zurich and Technische Universität Berlin have discovered that a flaw in the Authentication and Key Agreement (AKA) protocol (used in 3G, 4G, and the upcoming 5G standard) allows for a new privacy attack against all variants of the protocol.https://www.eff.org/deeplinks/2019/01/5g-protocol-may-still-be-vulnerable-imsi-catchers
Hackers Now Utilizing SS7 Attacks to Steal Money from Bank Accounts
As indicated by yet another research cyber hackers have now shifted their attention towards taping the phone network by means of the misuse of the SS7 protocol in order to steal money from the bank accounts directly by intercepting the messages.http://www.ehackingnews.com/2019/02/hackers-now-utilizing-ss7-attacks-to.html
Since the protocol is utilized by Internet service providers and telecom company to control the telephone calls and instant text messages across the world, the SS7 attacks performed by the said cyber criminals uses a current ‘structure blemish’ i.e. a flaw in it and exploits it accordingly so as to perform different perilous attacks, that are very much similar to the acts of data theft, eavesdropping, text interception and location tracking.
Steve Jobs Never Wanted Us to Use Our iPhones Like This
Smartphones are our constant companions. For many of us, their glowing screens are a ubiquitous presence, drawing us in with endless diversions, like the warm ping of social approval delivered in the forms of likes and retweets, and the algorithmically amplified outrage of the latest “breaking” news or controversy. They’re in our hands, as soon as we wake, and command our attention until the final moments before we fall asleep.https://www.nytimes.com/2019/01/25/opinion/sunday/steve-jobs-never-wanted-us-to-use-our-iphones-like-this.html
Steve Jobs would not approve.
What 2000 years of cryptography can teach us
These days, a lot of your data gets encrypted when you save it to disk or send it over the internet.
The data gets decrypted again when you read it back in or after it’s received at the other end.
For that, you need some sort of cryptographic algorithm – what’s known in the jargon as a symmetric cipher or secret-key encryption.
Symmetric ciphers use the digital equivalent of a key, typically a string of characters, to lock and unlock the data.
In this article, we’ll take a journey through the history of symmetric ciphers during the pen-and-paper era, before mechanical and electronic encryption devices came onto the scene.https://nakedsecurity.sophos.com/2019/01/20/serious-security-what-2000-years-of-cryptography-can-teach-us/
A Brief History of the U.S.S. Enterprise‘s Pre-Kirk Voyages
The original Enterprise’s voyages to explore strange new worlds, and to seek out new life and new civilizations under the auspices of its most famous captain, are a legend Star Trek fans are more than familiar with. But Kirk wasn’t Enterprise’s first captain. Now that the famous ship has shown up on Discovery, here’s a brief guide to what we do know about what came before.https://io9.gizmodo.com/a-brief-history-of-the-u-s-s-enterprises-pre-kirk-voya-1832170393
Honestly—and oddly, given its stature as one of the most legendary starships in Federation history—there’s not a whole lot known.
Kit Harington spoiled ‘Game of Thrones’ finale for wife Rose Leslie
It turns out that Kit Harington does know something after all. And he’s spilling.https://mashable.com/article/kit-harington-spoils-game-of-thrones-rose-leslie/
While putting in an appearance at U.K.’s Kiss FM breakfast show on Friday, the actor told hosts Daisy Maskell and Tom Green that he revealed the ending of Game of Thrones‘ long-awaited final season to wife Rose Leslie last year.
“She wouldn’t talk to me for about three days,” he said. “And she’d asked.”
So basically anyone who’s suffered through a Game of Thrones spoiler can deeply relate to Leslie.