Tag Archive for: intended

Quantum Tech Intended for National Security Is Testing U.S. Alliances

/in


The Australian physicist shook the heavy metal box that resembled a beer cooler but held a quantum sensor. A computer screen showed that the cutting-edge device — with lasers manipulating atoms into a sensitive state — continued functioning despite the rattling.

He and his team had built a hard-to-detect, super-accurate navigation system for when satellite GPS networks are jammed or do not work that was robust and portable enough to be used outside a lab. It could potentially guide military equipment, from submarines to spacecraft, for months with a minuscule risk of directional error — a significant improvement over what is available today.

“The fact that we can do that is probably a wild, insane surprise,” said Russell Anderson, the head of quantum sensing at Q-CTRL, a start-up that recently signed a deal with Australia’s Department of Defense to develop and field-test its quantum sensor technology.

The global race to develop quantum technologies of all kinds has accelerated as governments pour investment into the industry and scientists make rapid technical advances. But to maintain an edge over China — which takes a centralized approach to tech development — the United States is considering tougher export controls for quantum. And allies say more limits, on top of those already in place, could stifle momentum because the strength of the American model of tech development comes from its openness, combining pools of public research money with private investment to support scientists from many countries.

For the United States and its allies, the challenge is clear: how to balance protectionism and cooperation in a transformative field where talent is scarce and less concentrated in the United States, making interdependence inevitable and increasingly necessary.

“The world has changed, and the pace of technology is much faster than it used to be,” said John Christianson, a military fellow at the Center for Strategic and International Studies in Washington, who co-authored a recent report on AUKUS, the 2021 security agreement among the United States, Britain and Australia. “We can’t just rely on Americans always having the best stuff.”

Secretary of State Antony…

Source…

Android’s Design Leaks Some VPN Traffic Data, Google Calls It “Intended Behavior”

/in


Android devices with a VPN purposefully leak some traffic, including IP addresses and DNS/HTTP(S) requests, when connecting to a wireless network. According to a security audit by Mullvad VPN, leaking a small amount of data is inherent to the mobile operating system, something that third-party VPNs cannot prevent or control.

The Europe-based VPN service provider said that enabling Always-on VPN and Block connections without VPN doesn’t help either. Mullvad VPN noted that the bug (Google argues it is a feature) is built into Android.

“We have looked into the feature request you have reported and would like to inform you that this is working as intended,” a Google engineer told Mullvad VPN on the search giant’s issue tracker page. “ We do not think such an option would be understandable by most users, so we don’t think there is a strong case for offering this.”

Let us see how VPNs on Android function.

When an Android device connects to a public network, it performs certain checks before successfully establishing a connection. To perform these checks, Mullvad VPN discovered that Android sends data outside the secure tunnel that shields users from the internet.

Block connections without VPN is an Android setting designed to prevent this, which may happen during connectivity checks. Split tunneling can also leak a part of the traffic over the underlying network, Google pointed out.

“We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal [a webpage usually displayed after a device connects to a new public network] on the network, the connection will be unusable until the user has logged in to it,” Mullvad VPN wrote.

See More: Built-in iOS VPNs Leaking Traffic Data From Over Two Years Ago

“So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models,” the company added.

Indeed, because the small amount of data that the OS leaks includes DNS lookups, HTTP(S) and possibly NTP traffic, and the user IP address (as metadata), precisely what users intend to…

Source…

Homeland Security Warns of Cyberattacks Intended to Kill People

/in


Homeland Security Secretary Alejandro Mayorkas is warning that the next cyberattack could end up killing people — a dangerous and imminent shift from ransomware to “killware.”

In an interview with USA Today, Mayorkas noted that the Colonial Pipeline ransomware attack in April, which shut down much of the gas supply along the East Coast, was distracting from a far more egregious hack.

“And that is an attempted hack of a water treatment facility in Florida, and the fact that that attack was not for financial gain but rather purely to do harm,” he told the newspaper.

The hack almost led to the contamination of much of the water supply in Oldsmar, Florida, with a remote hacker attempting to increase the amount of sodium hydroxide 100 fold. The chemical, more commonly known as lye, is lethal at higher undiluted concentrations.

“The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity poses to public health and safety,” Mayorkas told USA Today. “The attacks are increasing in frequency and gravity, and cybersecurity must be a priority for all of us.”

Thanks to the rise of internet-connected devices all across America, hackers have far more potential weaknesses to exploit.

Eventually, cyber attackers could end up posing a very real threat. In a July report, security firm Gartner warned that “cyber attackers will have weaponized operational technology environments to successfully harm or kill humans” by 2025.

Even more worrying than the Oldsmar incident is the potential of hackers targeting hospitals. Such an attack could lead to patients suffering grave long-term consequences to their health and even risk dying.

Worse yet, private healthcare providers are often not reporting ransomware hacks to the government, according to USA Today.

Earlier this month, a woman sued a hospital after it failed to report a ransomware attack that reportedly led to the death of her newborn child. Hackers gained control over the Springhill Medical Center in Alabama back in 2019. The hospital never acknowledged the attack, according to The Wall Street Journal.

According to Gartner’s report, it will soon make financial sense to…

Source…