Tag Archive for: statement

Nothing’s iMessage app wasn’t its only security lapse (Update: Statement)


Nothing Phone 2 Essential Glyph Light On

C. Scott Brown / Android Authority

TL;DR

  • Nothing’s CMF Watch app encrypted emails and passwords suboptimally, allegedly allowing for decryption using the same decryption keys.
  • The issue was partially fixed, as the encryption method of the passwords was updated, but not that of emails.
  • Nothing claims it is currently working to resolve the issues.

Update, December 4, 2023 (12:45 PM ET): Nothing has now provided a comment to Android Authority about the issues. A spokesperson for the company states:

CMF takes privacy issues very seriously and the team is investigating security concerns regarding the Watch app. We rectified initial credential concerns earlier in the year and are currently working to resolve the issues raised. As soon as this next fix is complete, we will roll out an OTA update to all CMF Watch Pro users. Security reports can now be more easily submitted via https://intl.cmf.tech/pages/vulnerability-report

Original article, December 4, 2023 (3:29 AM ET): Nothing has had some good success with the Nothing Phone 2, considering the novelty of the phone and the nascent brand image. To win over some of the iPhone audience, Nothing partnered with Sunbird to launch an iMessage-for-Android app called Nothing Chats. The app lasted about a day in the wild before being pulled down due to glaring security oversights. But there seem to be more skeletons in Nothing’s closet, as two more vulnerabilities have emerged.

Android developer and reverse engineer Dylan Roussel posted on X that he found two vulnerabilities centered around Nothing. The first was found in September in the CMF Watch app, which was built in partnership with a company called Jingxun. The CMF Watch app encrypted email usernames and passwords, but the encryption method allegedly left the door open for decrypting the same with the same decryption keys, defeating the purpose of encryption.

Nothing/Jingxun fixed this vulnerability, but curiously, only for the password. You could still allegedly decrypt the email that is used as the username.

The second vulnerability has not been publicly detailed, but it relates to Nothing’s internal data. Nothing was informed of the same in August, but it hasn’t been fixed…

Source…

AUKUS Defense Ministers Meeting Joint Statement > U.S. Department of Defense > Release


Secretary of Defense Lloyd J. Austin III hosted the Honourable Richard Marles MP, Deputy Prime Minister and Minister for Defence, Australia, and the Right Honourable Grant Shapps, Secretary of State for Defence, United Kingdom, at the Defense Innovation Unit Headquarters in California today to discuss the AUKUS enhanced defense and security partnership.

For more than a century, the three nations have stood shoulder-to-shoulder, along with other allies and partners, to help sustain peace, stability and prosperity around the world. The Secretaries and Deputy Prime Minister acknowledged that, in the face of an evolving security environment, AUKUS presents a generational opportunity to modernize and enhance longstanding partnerships and cooperation to address global security challenges and contribute to stability and prosperity in the Indo-Pacific region and beyond. The Secretaries and Deputy Prime Minister reaffirmed that at the core of this partnership is the shared resolve to bolster security and stability and ensure that the Indo-Pacific remains a region free from coercion and aggression.

For Australia’s acquisition of conventionally armed, nuclear-powered submarines (Pillar I), AUKUS partners are collaborating to deliver this capability at the earliest possible date while upholding the highest nuclear non-proliferation standard. For Advanced Capabilities (Pillar II), AUKUS partners are substantially deepening cooperation on a range of security and defense capabilities, making sure that each nation has the capabilities needed to defend against rapidly evolving threats. Through these efforts, AUKUS contributes to integrated deterrence by pursuing layered and asymmetric capabilities that promote increased security and stability.

The Secretaries and Deputy Prime Minister reaffirmed the three nations’ commitment to maximize the strategic and technological advantage of AUKUS by combining national strengths and pooling resources to deliver game-changing capabilities. They agreed that advancing AUKUS requires continued commitment to streamlining defense trade controls and information-sharing while minimizing policy and financial barriers across public and private…

Source…

NCSC statement following exploitation of Unitronics… – National Cyber Security Centre



NCSC statement following exploitation of Unitronics…  National Cyber Security Centre

Source…

Embassy of China in Canada Issues a Statement on U.S Cyber Espionage Campaigns Against Japan


I just came across to a statement issued by the Embassy of China in Canada on the U.S cyber espionage campaigns launched against Japan.

What’s so special about this statement? First it does quite Wikileaks which is a bit of an outdated approach including the actual source to shed more light into a bigger problem and issue for China that the press statement on the Web site of the Chinese Embassy in Canada mentions. In this specific case the statement implies the use of the so called “hunt-forward” missions which could really mean big trouble for China if the U.S somehow manages to secure a deal with a neighbouring country next to China which could really mean big trouble for China as the U.S will then attempt to establish the foundation for a successful cyber attacks and possibly information operations interception campaigns used managed and operated by China including its partners and allies where to ultimate goal would be to measure their true capabilities and set the foundation for a successful cyber situational awareness campaign in terms of cyber attacks and the true state of China’s true cyberspace operations and cyber attack capabilities including the capabilities of some of its neighbouring countries.

The so called Hunt Forward Operations also known as (HFOs) are an early warning system for cyber situational awareness that could improve the true state of the visibility of the actual country that’s doing these missions in this specific case the U.S could really learn a lot about new tactics and techniques courtesy of the attackers based in the specific country where it’s hosting its mission which could be really bad news for China in terms of having the U.S deploy hunt forward missions in its neighbouring countries where the U.S could really get a better picture of China’s understanding and actual applicability of basic cyber warfare principles and concepts in action including the “know-how” of its neighbouring countries.

Despite the fact that the U.S is willing to share its knowledge and understanding of cyber attacks “know-how” with the host country of a hunt forward mission it could also learn a lot about the cyber attacks that originate from the…

Source…