Mysterious Hack Destroyed 600,000 Internet Routers

source: wired.com  |  image: pixabay.com

 

If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

Continue reading “Mysterious Hack Destroyed 600,000 Internet Routers”

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

source: wired.com | image: pexels.com

 

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

 

In April, Apple sent notifications to iPhone users in 92 countries, warning them they’d been targeted with spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” the notification reads.

Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based in India, but others in Europe also reported receiving Apple’s warning.

Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed “LightSpy,” but Apple spokesperson Shane Bauer says this is inaccurate, and researchers at security firm Huntress say the variant Blackberry analyzed was a macOS version, not iOS. Continue reading “Apple’s iPhone Spyware Problem Is Getting Worse”

Apple Sued Over AirTags Privacy: Everything to Know

source: cnet.com  |  image: pexels.com

AirTags digital trackers have raised privacy concerns since the beginning. But now, a lawsuit claims Apple didn’t implement sufficient safeguards.

A class-action lawsuit against Apple alleges the tech giant didn’t sufficiently resolve privacy issues raised by its AirTag digital tracking devices, leading to unwanted stalking and abuse.

The lawsuit, which was filed last year and given court approval to proceed earlier this month, says plaintiffs suffered “substantial” injuries from people who abused Apple’s $29 Bluetooth tracker in ways the company didn’t sufficiently work to address.

Communication devices found on Chinese-made cranes in US ports

 

source: newsnationnow.com (contributed by FAN, Steve Page)  | image: pixabay.com

 

A congressional investigation into Chinese-built cargo cranes at U.S. ports has uncovered concerns about potential national security risks.

According to a report from The Wall Street Journal, some of the cranes were found to contain communications equipment, including cellular modems, that could be accessed remotely.

Lawmakers worry about the threat of espionage and disruption posed by these cranes, which are predominantly manufactured by ZPMC, a Chinese company.

Continue reading “Communication devices found on Chinese-made cranes in US ports”

It’s official: Apple’s Find My network

now lets you track twice as many devices

source: techradar.com (contributed by FAN, Steve Page)  |  image: pixabay.com

Apple has quietly confirmed that it has doubled the number of devices that you can track in its Find My app. While no official announcement was made by Apple itself, the change was first reported by Nicolas Alveraz (@nicolas09F9) and shared in a post on X (formerly Twitter). 

In a support document published on January 11, Apple revealed that you can now add up to 32 items in Find My instead of the previous limit of 16 items. This includes AirTags, first-party headphones, selected Beats headphones, newer MagSafe wallets, and third-party accessories and gear such as e-bikes. 

It was confirmed by MacRumors that Apple increased the Find My item limit when iOS 16 and iPadOS 16 was launched in September 2022, but Apple never mentioned the change publicly until now. 

In the Apple document, it details that some AirPods will count as more than one item when paired to Find My. With the exception of the AirPods Max, regular AirPods and AirPods Pro (1st gen) count as two items, and the AirPods Pro (2nd gen) count as three items. With AirPods and the 1st gen AirPods Pros, users can track each AirPod individually, thus marking it as two items. When tracking 2nd gen AirPods Pros, you can use Find My to track the charging case, making it the third item. 

Apple introduced AirTags in 2021, making it easier for you to track your personal belongings as well as other Find My-compatible devices. However, avid Apple users voiced their concerns as they found themselves reaching the original 16-item limit quickly. This meant users would have to strategically decide which items to pair, which became increasingly difficult when Apple opened Find My pairing to third-party products shortly after. 

How to add an AirTag to your Find My network 

This now-official increase to the Find My device limit means that Apple super-users can track more devices and products without the fear of quickly reaching the limit. 

Not sure how to pair more products to your Find My network? Adding AirTags, for example, to the network is pretty easy. 

Hold your AirTag near your iPhone, and from there a pop up will appear on your screen for you to tap ‘Connect’. You’ll then have to name your AirTag from the options that appear in the scrolling list and tap ‘Continue’. 

Once you’ve tapped ‘Continue’ again, register your AirTag with your Apple ID by tapping ‘Done’.  

 

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

 

source: threatpost.com  | image:  pixabay.com

 

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software.

Researcher Felix Krause, who outlined how Meta tracks users in a blog posted Wednesday, claims that this type of tracking puts users at “various risks”. He warns both iOS versions of the apps can “track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap” via their in-app browsers.

iOS users’ concerns over tracking were addressed by Apple’s 2021 release of iOS 14.5 and a feature called App Tracking Transparency (ATT). The added control was intended to require app-developers to get the user’s consent before tracking data generated by third-party apps not owned by the developer.

Krause said that both iOS apps Facebook and Instagram are using a loophole to bypassed ATT rules and track website activity within their in-app browsers via the use of a custom JavaScript code used in both in-app browsers. That means, when an iOS user of Facebook and Instagram click on a link within a Facebook and Instagram post (or an ad), Meta launches its own in-app browser which can then track what you do on external sites you visit.

Meta’s Use of a JavaScript Injection 

“The Instagram [and Facebook] app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause wrote.

Continue reading “Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’”

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

 

source: wired.com  |  image: pixabay.com

 

Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool’s future in jeopardy.

The federal law authorizing a vast amount of the United States government’s foreign intelligence collection is set to expire in two months, a deadline that threatens to mothball a notoriously extensive surveillance program currently eavesdropping on the phone calls, text messages, and emails of no fewer than a quarter million people overseas.

The US National Security Agency (NSA) relies heavily on the program, known as Section 702, to compel the cooperation of communications giants that oversee huge swaths of the internet’s traffic. The total number of communications intercepted under the 702 program each year, while likely beyond tally, ostensibly reaches into the high hundreds of millions, according to scraps of reportage declassified by the intelligence community over the past decade, and the secret surveillance court whose macroscopic oversight—even when brought to full bear against the program—scarcely takes issue with any quotidian abuses of its power.

Continue reading “A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise”

Taliban weighs using US mass surveillance plan, met with China’s Huawei

 

source: reuters.com  |  image: pixabay.com

 

KABUL, Sept 25 (Reuters) – The Taliban are creating a large-scale camera surveillance network for Afghan cities that could involve repurposing a plan crafted by the Americans before their 2021 pullout, an interior ministry spokesman told Reuters, as authorities seek to supplement thousands of cameras already across the capital, Kabul.

The Taliban administration — which has publicly said it is focused on restoring security and clamping down on Islamic State, which has claimed many major attacks in Afghan cities — has also consulted with Chinese telecoms equipment maker Huawei about potential cooperation, the spokesman said.

Continue reading “Taliban weighs using US mass surveillance plan, met with China’s Huawei”

A Tiny Blog Took on Big Surveillance in China—and Won

 

source: wired.com  |  image: pexels.com

 

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

 

AT A LOCATION he keeps secret, John Honovich was on his laptop, methodically scouring every link on a website for a conference half a world away. Hikvision, the world’s largest security camera manufacturer, was hosting the event—the 2018 AI Cloud World Summit—in its hometown of Hangzhou, a city of about 10 million people not far from Shanghai. Honovich, the founder of a small trade publication that covered video surveillance technology, wanted to find out what the latest Hikvision gear could do.

He zeroed in on one section of the conference agenda titled “Eco-Friendly, Peaceful, Relaxed” and found a description of an AI-powered system installed around Mount Tai, a historically sacred mountain in Shandong. A video showed Hikvision cameras pointed at tourists climbing the thousands of stone steps leading to the famous peak. Piano music played as a narrator explained, in Mandarin with English subtitles, that the cameras were there “to identify all visitors to ensure the safety of all.” The video cut to a shot of a computer screen, and Honovich hit pause. He saw a zoomed-in view of one visitor’s face. Below it was data that the camera’s AI had inferred. Honovich downloaded the video and took screenshots of the computer screen, for safekeeping. 

Later, with the help of a translator, he scrutinized every bit of text on that screen. One set of characters, the translator explained, suggested each visitor was automatically sorted into categories: age, sex, wearing glasses, smiling. When Honovich pointed at the fifth category and asked, “What’s this?” the translator replied, “minority.” Honovich pressed: “Are you sure?” The translator confirmed there was no other way to read it.

Continue reading “A Tiny Blog Took on Big Surveillance in China—and Won”

Ring Is in a Standoff With Hackers

source: wired.com  |  image: pixabay.com

WHAT’S MORE CONTROVERSIAL than a popular surveillance camera maker that has an uncomfortably cozy relationship with American police? When ransomware hackers claim to have breached that company—Amazon-owned camera maker Ring—stolen its data, and Ring responds by denying the breach.

But we’ll get to that.

Five years ago, police in the Netherlands caught members of Russia’s GRU military intelligence red-handed as they tried to hack the Organization for the Prohibition of Chemical Weapons in The Hague. The team had parked a rental car outside the organization’s building and hid a Wi-Fi snooping antenna in its trunk. Within the GRU group was Evgenii Serebriakov, who was caught with further Wi-Fi hacking tools in his backpack.

 

Ring Is in a Standoff With a Ransomware Gang

ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week that it had breached security camera maker Ring and threatened to dump the company’s data online if it doesn’t pay. “There’s always an option to let us leak your data …” the hackers wrote in a message to Ring on their leak site. Ring has so far responded with a denial, telling Vice’s Motherboard, “We currently have no indications of a ransomware event,” but it says it’s aware of a third-party vendor that has experienced one. That vendor, Ring says, doesn’t have access to any customer records. 

Meanwhile, ALPHV, which has previously used its BlackCat ransomware to target companies like Bandai Namco, Swissport, and hospital firm Lehigh Valley Health Network, stands by its claim to have breached Ring itself, not a third-party vendor. A member of the malware research group VX-Underground shared with WIRED screenshots of a conversation with an ALPHV representative who says that it’s still in “negotiations” with Ring.