Tag Archives: Spies

Crypto Backdoors and Huawei

Note: If you didn’t know that I am against crypto backdoors before, let me just tell you up front, because that fact will be clear by the end.

The world works in the most mysterious ways.

The FBI has been trying to get phone makers (Apple especially) to install crypto backdoors into iPhones for them for years. What they call lawful access.

The scientists say that there is no way to do this in a way that would be secure. A way where only the good guys can access your stuff and the bad guys cannot.

Sometimes the universe demonstrates things in a way that scientists can’t.

The U.S. has been saying for a long time that the Chinese company Huawei – the world leader in 5G cellular technology – is bad and that they are closely connected to the Chinese military. All of this is likely true.

What they haven’t said is why and they are not really telling the whole truth now – likely because the whole truth is classified. They probably don’t want the Chinese to know what our spies know.

Huawei cell hardware has a crypto backdoor. Not necessarily because they wanted to put it in but more likely because cell providers in many countries are required to provide a backdoor. If Huawei didn’t build one in, they couldn’t sell their hardware.

What has come out now is that there is a concern that Huawei – AKA the Chinese government or Chinese military – may be able to use – or ABUSE that backdoor.

Of course they claim that they would NEVER do that. You believe them, don’t you?

While the U.S. isn’t publicly saying this, likely because some CIA source told them or something like that and as a result, it is considered highly classified. If the Chinese know what we know, they can probably figure out how we got it and from there, figure out who told us. At that point, the next step is a bullet in the head.

So it appears that this backdoor that the FBI so desperately wants is the reason while Huawei is such a threat. Bottom line, if we insert a backdoor into crypto, even for the best reasons, the bad guys will learn about it and figure out how to exploit it. Then we have the Huawei situation all over again.

Since the U.S. is pushing really, really hard to stop carriers from using Huawei hardware, probably with good reason – and we now know why – what is the impact on 5G rollout in the US?

For the large carriers in the core of major metropolitan cities – not much.

For smaller carriers and for the big carriers outside the high profile “gee, we better have 5G coverage here” locations, it means that the rollout of 5G in the U.S. will probably be much slower than would have been otherwise.

Given that almost no one has a 5G capable phone right now, that probably doesn’t matter much – right now.

But there is another use that seems to be garnering some attention and that is Internet of Things. If some IoT devices are dependent on 5G (like your self-driving car) and if the buyer or maker of the device ASSUMES that 5G coverage will be available, well, that is a problem (like the self-driving feature doesn’t work). Hopefully, manufacturers who assume people will have 5G will design their systems to fail safely (like shutting their device off if it can’t get 5G), but even that won’t make people happy.

Looking at 5G coverage today, here is a map from Verizon’s website for Denver. Notice it says AVAILABLE OUTDOORS. Likely, this is because the signal won’t penetrate walls, which means, that we all need to move into tents outside. The tan highlight says that 5G is available in PARTS of these neighborhoods. Granted they will build out more and likely in the next few years, more of downtown Denver will have coverage, but that doesn’t include anything outside downtown and it doesn’t cover indoors. For that you will need to buy a 5G cell simulator and have enough extra Internet bandwidth on your Internet connection to give you 5G speeds. You want gigabit 5G – you better have an extra gigabit of Internet bandwidth on your service that you are not using. And, you better hope that you carrier doesn’t have bandwidth caps.

Source: Ars Technica

Facebooktwitterredditlinkedinmailby feather

Security news for the Week Ending September 20, 2019

A New Trend?  Insurers Offering Consumers Ransomware Coverage

In what may be a new trend, Mercury Insurance is now offering individuals $50,000 of ransomware insurance in case your cat videos get encrypted.  The good news is that the insurance may help you get your data back in case of an attack.  The bad news is that  it will likely encourage hackers to go back to hacking consumers.  Source: The Register.

Security or Convenience Even Applies to Espionage

A story is coming out now that as far back as 2010  the Russians were trying to compromise US law enforcement (AKA the FBI) by spying on the spies.

The FBI was tracking what Russian agents were doing but because the FBI opted for small, light but not very secure communications gear, the Russians were able crack the encryption and listed in to us listening in to them.  We did finally expel some Russian spy/diplomats during Obama’s presidency, but not before they did damage.  Source: Yahoo

And Continuing the Spy Game – China Vs. Australia

Continuing the story of the spy game,  Australia is now blaming China for hacking their Parliament and their three largest political parties just before the elections earlier this year (sound familiar?  Replace China with Russia and Australia with United States).

Australia wants to keep the results of the investigation secret because it is more important to them not to offend a trade partner than to have honest elections (sound familiar?).  Source: ITNews .

The US Government is Suing Edward Snowden

If you think it is because he released all those secret documents, you’d be wrong.

It is because he published a book and part of the agreement that you sign if you go to work for the NSA or CIA is an agreement that you can’t publish a book without first letting them redact whatever they might want to hide.  He didn’t do that.

Note that they are not suing to stop the publication of the book – first because that has interesting First Amendment issues that the government might lose and they certainly do not want to set that precedent and secondly, because he could self publish on the net in a country – like say Russia – that would likely flip off the US if we told Putin to shut him down.  No, they just want any money he would get. Source: The Hacker News.

 

HP Printers Phone Home – Oh My!

An IT guy who was setting up an HP printer for a family member actually read all those agreements that everyone clicks on and here is what they said.

by agreeing to HP’s “automatic data collection” settings, you allow the company to acquire:

… product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies…

… information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product…

That seems like a lot of information that I don’t particularly want to share with a third party that is going to do who knows what with it.  Source: The Register.

Private Database of 9 Billion License Plate Events Available at a Click

Repo men – err, people – are always looking for cars that they need to repo.  So the created a tool.  Once they had that, they figured they might as well make some money off it.

As they tool around town, they record all the license plates that they can and upload the plate, photo, date, time and location to a database that currently has 9 billion records.

Then they sell that data to anyone who’s check will clear.  Want to know where your spouse is?  That will cost $20.  Want to get an alert any time they see the plate?  That costs $70.  Source: Vice.

Election Commission Says That It Won’t Decertify Voting Machines Running Windows 7

Come January 2020, for voting machines running Windows 7 (which is a whole lot of them) will no longer get security patches unless the city or county pays extra ($50 per computer in the first year and then $100 per computer in the second year) for each old computer.  Likely this means a whole lot of voting machines won’t get any more patches next year.

The nice folks in Washington would not certify a voting machine running an operating system that is not supported, but they won’t decertify one.  That, they say, would be inconvenient for manufacturers and cities.   I guess it is not so inconvenient for foreign nations to corrupt our elections.  Source: CyberscoopFacebooktwitterredditlinkedinmailby feather