Tag Archive for: solve

Police Banking on Phone-Hacking Tool to Solve Cold Case

/in


(TNS) — For years, a locked cellphone belonging to the suspect in a Pasadena, California, homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.


As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the mainstream in 2016 after a mass shooting in San Bernardino.

At the time, Apple was resisting the FBI’s demands that it help unlock the iPhone 5C belonging to the shooter, Syed Rizwan…

Source…

Pasadena police banking on phone-hacking tool to solve cold case murder

/in


An engineer shows devices and explains the technology developed by the Israeli firm Cellebrite's technology on November 9, 2016 in the Israeli city of Petah Tikva. It only takes a few seconds for an employee of Cellebrite's technology, one of the world's leading hacking companies, to take a locked smartphone and pull the data from it. / AFP / JACK GUEZ (Photo credit should read JACK GUEZ/AFP via Getty Images)

An engineer displays devices developed by the Israeli firm Cellebrite in 2016. It takes only a few seconds for an employee of Cellebrite, one of the world’s leading hacking companies, to take a locked smartphone and pull the data from it. (Jack Guez/ AFP via Getty Images)

For years, a locked cellphone belonging to the suspect in a Pasadena homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.

As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the…

Source…

Can Zero-Knowledge Cryptography Solve Our Password Problems?

/in


While multifactor authentication, single-sign-on infrastructure, and stronger password requirements have improved the security of most enterprise identity and access management (IAM) environments, the longevity of passwords continues to pose problems for businesses, especially in granting temporary access to contractors and third-party partners.

A variety of vendors are trying to solve this problem. Last week, for example, data-security firm Keeper Security announced one-time shared passwords that allow companies to grant third-party partners temporary access to data and resources without adding them to the company’s overall IT environment. The approach allows specific types of documents to be shared to a single user device, automatically removing access when the time expires.

The business case is all about securing access granted to contractors, says Craig Lurey, chief technology officer and co-founder of Keeper Security.

“We get asked constantly to allow short term, temporary access to third parties without requiring them to onboard as a licensed user,” he says. “With this new feature, there is not 20 steps anymore. It is just instant, but preserving that encryption, simplifying the secure-sharing process, and eliminating the need to send private information over text messages.”

Credential Theft Is Big Business

Supply chain breaches, stolen credentials, and the proliferation of software keys and secrets continue to undermine IT and data security. In March, secrets-detection firm GitGuardian found that developers leaked 50% more credentials, access tokens, and API keys in 2021, compared to 2020. Overall, 3 out of every 1,000 commits exposed a sensitive password, key, or credential, the company said at the time.

Failing to protect software secrets, user passwords, and machine credentials can lead to compromises of application infrastructure and development environments. Attackers have increasingly targeted identities and credentials as a way to gain initial access to corporate networks. Last week, for example, software security firm Sonatype discovered that at least five malicious Python packages attempt to exfiltrate secrets and environment variables for Amazon environments.

“It…

Source…

How to solve the ‘Metaworse’ problem

/in


In December last year, a 43-year-old woman donned her Oculus headset to enter ‘Horizon Worlds’, a virtual social media platform created by Meta, formerly known as Facebook. She was expecting to have some fun but it turned out to be a nightmare.

“Within 60 seconds of joining – I was verbally and sexually harassed – 3–4 male avatars, with male voices, essentially, but virtually gang raped my avatar and took photos,” she later wrote in a Medium post. “As I tried to get away they yelled – ‘don’t pretend you didn’t love it’ and ‘go rub yourself off to the photo’.”

Coined first by science-fiction novelist Neal Stephenson in the book ‘Snow Crash’ in 1992, the metaverse is a “3D virtual worlds focused on social connection”. People can access these virtual worlds with the help of a virtual or an augmented reality headset and interact with fellow users. In other words, people can ‘live’ as their own avatar in a virtual world, interact with others who similarly ‘live’ there.

The ‘virtual sexual harassment’ of the woman’s ‘avatar’ shows the dark side of the metaverse which tech giants are betting as the future of internet. While there is one part of the metaverse glowing with news reports such as the ‘first metaverse wedding’ by a Tamil Nadu couple, the other side, however, shows a rising number of cybercrimes.

In 2020, India reported an 11 per cent jump in cybercrime as per the National Crime Record Bureau (NCRB) data. The report ‘Crime in India 2020’ said about 50,035 cases were registered in that year under cybercrimes while the cases in 2019 were at 44,735.

Removing the ‘viruses’

Scams revolving around ‘infrastructures’ of the metaverse – cryptocurrencies and non-fungible token (NFT) – too are on the rise. As tech giants are starting to invest in the metaverse, the question experts are asking is if it will be safe. So how can that be achieved?

Vasundhara Shankar of Verum Legal, an expert on cyberlaw, says, “There is a looming and increased possibility of virtual harassment, identity theft and misrepresentation, breach of privacy, overwhelming and misleading advertisements, skewed and need for altered…

Source…