Tag Archive for: Privacy

Quantum hacking is a looming privacy threat. Companies should start worrying now

/in


Now that everyone else has had a turn, quantum hackers are coming for your data.

Well, not quite yet. But they’re working on it.

Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.

For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.

Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”

That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.

It’s also perfect for stealing data.

Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.

How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about ‘How do we prepare for a post-quantum world?’”

In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.

Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”

To ward off quantum attacks, you fight fire with fire, right? Actually, no.

QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some…

Source…

The Privacy Danger Lurking in Push Notifications

/in


To send those notifications that awaken a device and appear on its screen without a user’s interaction, apps and smartphone operating system makers must store tokens that identify the device of the intended recipient. That system has created what US senator Ron Wyden has called a “digital post office” that can be queried by law enforcement to identify users of an app or communications platform. And while it has served as a powerful tool for criminal surveillance, privacy advocates warn that it could just as easily be turned against others such as activists or those seeking an abortion in states where that’s now illegal.

In many cases, tech firms don’t even demand a court order for the data: Apple, in fact, only demanded a subpoena for the data until December. That allowed federal agents and police to obtain the identifying information without the involvement of a judge until it changed its policy to demand a judicial order.

Europe’s sweeping Digital Markets Act comes into force next week and is forcing major “gatekeeper” tech companies to open up their services. Meta-owned WhatsApp is opening its encryption to interoperate with other messaging apps; Google is giving European users more control over their data; and Apple will allow third-party app stores and the sideloading of apps for the first time.

Apple’s proposed changes have proved controversial, but ahead of the March 7 implementation date the company has reiterated its belief that sideloading apps creates more security and privacy risks. It may be easier for apps on third-party apps stores, the company says in a white paper, to contain malware or try to access people’s iPhone data. Apple says it is bringing in new checks to try to make sure apps are safe.

“These safeguards will help keep EU users’ iPhone experience as secure, privacy-protecting, and safe as possible—although not to the same degree as in the rest of the world,” the company claims. Apple also says it has heard from EU organizations, such as those in banking and defense, which say they are concerned about employees installing third-party apps on work devices.

WhatsApp scored a landmark legal win this week against the notorious mercenary hacking firm NSO…

Source…

Privacy and Security on Android Redefined

/in


GrapheneOS: A Privacy-Focused Android OS with a Difference

The digital world is witnessing the rise of a new player in the mobile operating system space, GrapheneOS. Originally known as CopperheadOS, this custom Android-based operating system is making headlines with its steadfast focus on privacy and security improvements. After a brief stint as the Android Hardening project, it rebranded itself as GrapheneOS and has been going from strength to strength ever since.

Security and Privacy: DNA of GrapheneOS

GrapheneOS enhances the security of the Android operating system by mitigating vulnerabilities and providing granular control over system-level permissions. It also strengthens app sandboxing, which is a method of isolating applications from each other to prevent one from interfering with another. The goal is to contribute features to the open-source Android project without the conflicts of a traditional business model, embodying the ethos of a nonprofit organization.

The OS boasts features like protection against zero-day vulnerabilities, a type of computer-software vulnerability unknown to those who should be interested in its mitigation, by reducing the attack surface. It also provides toggles for network and sensors permissions, MAC randomization, and an LTE-only mode. Memory safety, a critical aspect of secure code, is also a focal point, using memory-safe languages and tooling to prevent exploitation of memory corruption bugs.

GrapheneOS Apps: Vanadium WebViewer and Secure Camera

GrapheneOS comes bundled with specific apps tailored for privacy and security enhancements. The Vanadium WebViewer, a browser developed in-house, is designed with security in mind, leveraging Android’s WebView for secure browsing. Secure Camera, another integral app, is a camera application designed to operate while the rest of the device’s sensors are disabled, providing an added layer of security.

Compatibility with Google Apps and Google Pixel

While Google apps and services are not preinstalled due to privacy reasons, users can still install them via a compatibility layer that restricts their privileges. GrapheneOS is primarily designed for Google Pixel smartphones due to their…

Source…

Internet Privacy and Cybersecurity: Why is it needed?

/in


The world continues to change in numerous ways due to the internet. The internet’s future is bright, with opportunities for study, communication, politics, and government across its spectrum. The issue that most people would be asking themselves right now, with 5G taking shape in many parts of the world, is how fast connectivity will affect their online privacy.

The capacity to manage how much of your information including browsing, financial, and possibly sensitive personal data that third parties can access and use when you go online is known as online privacy, often referred to as Internet privacy or digital privacy. Put differently, you have the right to choose the information you choose to reveal when browsing.

In actuality, web privacy is still a concern, and with high-speed connectivity, things can get worse. It’s widely acknowledged that threats like phishing, cyberbullying, and hacking persist despite laws that are more stringent in protecting internet users from unauthorised access to personal information and data.

When you use the internet, who can monitor your activities? Regretfully, almost everyone assuming, that is, that you do not take any steps to enhance your privacy. Unwanted tracking and third-party spying are rather widespread these days. Many parties, like ISPs, search engines, social networks, and websites that employ cookies to track users, have already been noted as being interested in your personal information. Your browsing history, location history, likes, comments, are among the data they gather.

Similar to search engines and webpages, mobile applications have access to a wealth of personal data. A certain quantity of your data is made available to an app when you install it on your smartphone. Furthermore, whereas certain permissions make sense (particularly if you trust the service provider), others could raise concerns about privacy. Certain apps have the ability to access your contacts, camera, microphone, and other installed apps.

Third-party monitoring is typically done for one very straightforward reason: Advertising. To distribute targeted advertisements, advertising organisations purchase client data. But the…

Source…