• chevron_right

      Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

      news.movim.eu / Schneier · Tuesday, 20 December, 2022 - 23:04

    They’re using commercial phones, which go through the Ukrainian telecom network :

    “You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.”

    […]

    “Security has always been a mess, both in the army and among defence officials,” the source said. “For example, in 2013 they tried to get all the staff at the ministry of defence to replace our iPhones with Russian-made Yoto smartphones.

    “But everyone just kept using the iPhone as a second mobile because it was much better. We would just keep the iPhone in the car’s glove compartment for when we got back from work. In the end, the ministry gave up and stopped caring. If the top doesn’t take security very seriously, how can you expect any discipline in the regular army?”

    This isn’t a new problem and it isn’t a Russian problem. Here’s a more general article on the problem from 2020.

    • chevron_right

      Using Pupil Reflection in Smartphone Camera Selfies

      news.movim.eu / Schneier · Tuesday, 3 May, 2022 - 16:17

    Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used:

    For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both hands, just the left, or just the right in portrait mode, and the same options in horizontal mode.

    It’s not a lot of information, but it’s a start. (It’ll be a while before we can reproduce these results from Blade Runner .)

    Research paper .

    • chevron_right

      Samsung Encryption Flaw

      Bruce Schneier · news.movim.eu / Schneier · Wednesday, 2 March, 2022 - 20:45 · 1 minute

    Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones.

    From the abstract:

    In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

    Here are the details:

    As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA. In v15 and v20-s9 blobs, the salt is a deterministic function that depends only on the application ID and application data (and constant strings), which the Normal World client fully controls. This means that for a given application, all key blobs will be encrypted using the same key. As the blobs are encrypted in AES-GCM mode-of-operation, the security of the resulting encryption scheme depends on its IV values never being reused.

    Gadzooks. That’s a really embarrassing mistake. GSM needs a new nonce for every encryption. Samsung took a secure cipher mode and implemented it insecurely.

    News article .

    • chevron_right

      Mathias Poujol-Rost ✅ · Saturday, 4 December, 2021 - 14:16

      Contact publication

    Dans les smartphones des collégiens

    • Dans les smartphones des collégiens

      Scènes de torture, débats enflammés sur le blasphème, obsession pour la répression de la minorité ouïghoure en Chine : en passant presque trois mois avec des collégiens français, je ne pensais pas découvrir de telles choses dans leurs smartphones sur leurs pratiques informationnelles. Et être si loin d’eux.

    • chevron_right

      Mathias Poujol-Rost ✅ · Thursday, 18 November, 2021 - 10:25 edit

      Contact publication

    FairTEC (@fairtecEU@mastodon.social)

    • FairTEC (@fairtecEU@mastodon.social)

      Who are the different organisations that make FairTEC? The fact is, the longer you keep your smartphone, the smaller it's environmental footprint. Fairphone is challenging the industry by creating smartphones that are sustainable, ethical and built to last. Fairphone is a proud FairTEC member. Find their offering at www.fairtec.io #partofFairTEC Discover more: https://bit.ly/2LrI82r

    • chevron_right

      Google Pixel 6 leak shows off distinctive new design

      Ron Amadeo · news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 16:37

    • Renders of the Pixel 6. Get a load of that camera bar. [credit: Jon Prosser ]

    The Pixel 6 promises to be a landmark device for Google, as it is expected to mark the debut of the Google-developed "Whitechapel" SoC , instead of the Qualcomm chips the search giant has shipped in all of its previous devices. To go along with the revamped insides, it appears the outside is seeing some major design changes, too—if the newest leak is to be believed.

    This first look at the Pixel 6 design comes to us from YouTuber Jon Prosser. Prosser claims he was sent live, hands-on images of the device, and while he isn't sharing the actual images, he teamed up with a render artist to depict the device based on those images.

    Prosser's track record when it comes to Google leaks is not the greatest. Just last month he claimed the Pixel 5a was " canceled ," but that assertion was publicly shot down by Google. This leak has a bit more believability to it, as it was also backed up by Android Police's Max Weinbach, though he says the colors aren't accurate.

    Read 3 remaining paragraphs | Comments

    index?i=zEsybd4cukU:xQmyz7AeXIQ:V_sGLiPBpWUindex?i=zEsybd4cukU:xQmyz7AeXIQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Apple invests $45 million more in Gorilla Glass-maker Corning

      Samuel Axon · news.movim.eu / ArsTechnica · Monday, 10 May, 2021 - 21:19

    • Corning's glass products, close up. [credit: Apple ]

    Apple has invested an additional $45 million in US-based Corning Incorporated, the maker of Gorilla Glass, the companies announced today.

    A news release from Apple says the investment will help "expand Corning's manufacturing capacity in the US" and "drive research and development into innovative new technologies that support durability and long-lasting product life."

    The investment will come out of Apple's $5 billion Advanced Manufacturing Fund, which was established in 2017 to invest in manufacturing jobs and infrastructure in the United States related to Apple's products like the iPhone.

    Read 6 remaining paragraphs | Comments

    index?i=AoRCZN_nXGU:MeqZKpGddvk:V_sGLiPBpWUindex?i=AoRCZN_nXGU:MeqZKpGddvk:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA