image_pdfimage_print
Author Archives: FMTAD

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

How to protect yourself from the attack against Microsoft Exchange?

The attack against Microsoft Exchange was a serious security breach in 2023. Thousands of organizations worldwide were hacked by cybercriminals who exploited vulnerabilities in Microsoft’s email servers. How did this happen? What were the consequences? How did Microsoft react? And most importantly, how can you protect your data and communications? Read our comprehensive analysis and discover Freemindtronic’s technology solutions.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

Cyberattack against Microsoft: discover the potential dangers of stalkerware spyware, one of the attack vectors used by hackers. Stay informed by browsing our constantly updated topics.

Cyberattack against Microsoft: How to Protect Yourself from Stalkerware, a book by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides invaluable knowledge on how data encryption and decryption can prevent email compromise and other threats.

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

On December 13, 2023, Microsoft was the target of a sophisticated attack by a hacker group called Lapsus$. This attack exploited another vulnerability in Microsoft Exchange, known as CVE-2023-23415, which allowed the attackers to execute remote code on the email servers using the ICMP protocol. The attackers were able to access the email accounts of more than 10,000 Microsoft employees, some of whom were working on sensitive projects such as the development of GTA VI or the launch of Windows 12. The attackers also published part of the stolen data on a website called DarkBeam, where they sold more than 750 million fraudulent Microsoft accounts. Microsoft reacted quickly by releasing a security patch on December 15, 2023, and collaborating with the authorities to arrest the perpetrators of the attack. One of the members of the Lapsus$ group, an Albanian hacker named Kurtaj, was arrested on December 20, 2023, thanks to the cooperation between the American and European intelligence services1234.

What were the objectives and consequences of the attack?

The attack against Microsoft Exchange affected more than 20,000 email servers worldwide, belonging to businesses, institutions and organizations from different sectors. These servers were vulnerable because they used outdated versions of the software, which no longer received security updates. The attack exploited a critical vulnerability known as ProxyLogon (CVE-2023-23415), allowing the attackers to execute remote code on the servers and access the email accounts. Despite the efforts to solve the problem, many vulnerable servers remained active, exposing the email accounts of about 30,000 high-level employees, including executives and engineers. The attackers were able to steal confidential information, such as internal projects, development plans, trade secrets or source codes.

What were the objectives of the attack?

The attack was attributed to Lapsus$, a hacker group linked to Russia. According to Microsoft, the group’s main objective was to gain access to sensitive information from various targets, such as government agencies, think tanks, NGOs, law firms, medical institutions, etc. The group also aimed to compromise the security and reputation of Microsoft, one of the leading technology companies in the world. The attack was part of a larger campaign that also involved the SolarWinds hack, which affected thousands of organizations in 2020.

What were the impacts of the attack?

The attack had serious impacts on the victims, both in terms of data loss and reputation damage. The data stolen by the attackers included personal and professional information, such as names, addresses, phone numbers, email addresses, passwords, bank details, credit card numbers, health records, etc. The attackers also leaked some of the data on the DarkBeam website, where they offered to sell the data to the highest bidder. This exposed the victims to potential identity theft, fraud, blackmail, extortion, or other cybercrimes. The attack also damaged the reputation of Microsoft and its customers, who were seen as vulnerable and unreliable by their partners, clients, and users. The attack also raised questions about the security and privacy of email communication, which is widely used in the digital world.

What were the consequences of the attack?

The attack had several consequences for Microsoft and its customers, who had to take urgent measures to mitigate the damage and prevent further attacks. Microsoft had to release a security patch for the vulnerability, and urge its customers to update their software as soon as possible. Microsoft also had to investigate the origin and extent of the attack, and cooperate with the authorities to identify and arrest the attackers. Microsoft also had to provide support and assistance to its customers, who had to deal with the aftermath of the attack. The customers had to check their email accounts for any signs of compromise, and change their passwords and security settings. They also had to notify their contacts, partners, and clients about the breach, and reassure them about the security of their data. They also had to monitor their online activities and accounts for any suspicious or fraudulent transactions. The attack also forced Microsoft and its customers to review and improve their security policies and practices, and adopt new solutions and technologies to protect their data and communication.

How did the attack succeed despite Microsoft’s defenses?

The attack was sophisticated and stealthy, using several techniques to bypass Microsoft’s defenses. First, the attackers exploited a zero-day vulnerability, which means that it was unknown to Microsoft and the public until it was discovered and reported. Second, the attackers used a proxy tool to disguise their origin and avoid detection. Third, the attackers used web shells to maintain persistent access to the servers and execute commands remotely. Fourth, the attackers used encryption and obfuscation to hide their malicious code and data. Fifth, the attackers targeted specific servers and accounts, rather than launching a massive attack that would have raised more suspicion.

What are the communication vulnerabilities exploited by the attack?

The attack exploited several communication vulnerabilities, such as:

  • Targeted phishing: The attackers sent fake emails to the victims, pretending to be from legitimate sources, such as Microsoft, their bank, or their employer. The emails contained malicious links or attachments, that led the victims to compromised websites or downloaded malware on their devices. The attackers then used the malware to access the email servers and accounts.
  • SolarWinds exploitation: The attackers also used the SolarWinds hack, which was a massive cyberattack that compromised the software company SolarWinds and its customers, including Microsoft. The attackers inserted a backdoor in the SolarWinds software, which allowed them to access the networks and systems of the customers who installed the software. The attackers then used the backdoor to access the email servers and accounts.
  • Brute force attack: The attackers also used a brute force attack, which is a trial-and-error method to guess the passwords or encryption keys of the email accounts. The attackers used automated tools to generate and test a large number of possible combinations, until they found the right one. The attackers then used the passwords or keys to access the email accounts.
  • SQL injection: The attackers also used a SQL injection, which is a technique to insert malicious SQL commands into a web application that interacts with a database. The attackers used the SQL commands to manipulate the database, and access or modify the data stored in it. The attackers then used the data to access the email accounts.

Why did the detection and defense systems of Microsoft Exchange not work?

The detection and defense systems of Microsoft Exchange did not work because the attackers used advanced techniques to evade them. For example, the attackers used a proxy tool to hide their IP address and location, and avoid being traced or blocked by firewalls or antivirus software. The attackers also used web shells to create a backdoor on the servers, and execute commands remotely, without being noticed by the system administrators or the security software. The attackers also used encryption and obfuscation to conceal their malicious code and data, and prevent them from being analyzed or detected by the security software. The attackers also used zero-day vulnerability, which was not known or patched by Microsoft, and therefore not protected by the security software.

How did Microsoft react to the attack?

Microsoft reacted to the attack by taking several actions, such as:

The main actions of Microsoft

  • Releasing a security patch: Microsoft released a security patch for the vulnerability exploited by the attack, and urged its customers to update their software as soon as possible. The patch fixed the vulnerability and prevented further attacks.
  • Investigating the attack: Microsoft investigated the origin and extent of the attack, and collected evidence and information about the attackers and their methods. Microsoft also cooperated with the authorities and other organizations to identify and arrest the attackers.
  • Providing support and assistance: Microsoft provided support and assistance to its customers, who were affected by the attack. Microsoft offered guidance and tools to help the customers check their email accounts for any signs of compromise, and change their passwords and security settings. Microsoft also offered free credit monitoring and identity theft protection services to the customers, who had their personal and financial data stolen by the attackers.

Microsoft also released patches for the vulnerabilities exploited by the attack

Microsoft also released patches for the other vulnerabilities exploited by the attack, such as the SolarWinds vulnerability, the brute force vulnerability, and the SQL injection vulnerability. Microsoft also improved its detection and defense systems, and added new features and functions to its software, to enhance the security and privacy of email communication.

What are the lessons to be learned from the attack?

The attack was a wake-up call for Microsoft and its customers, who had to learn from their mistakes and improve their security practices. Some of the lessons to be learned from the attack are:

Email security

Email is one of the most widely used communication tools in the digital world, but also one of the most vulnerable to cyberattacks. Therefore, it is essential to ensure the security and privacy of email communication, by applying some best practices, such as:

  • Using strong and unique passwords for each email account, and changing them regularly.
  • Using multi-factor authentication (MFA) to verify the identity of the email users, and prevent unauthorized access.
  • Using encryption to protect the content and attachments of the email messages, and prevent them from being read or modified by third parties.
  • Using digital signatures to verify the authenticity and integrity of the email messages, and prevent them from being spoofed or tampered with.
  • Using spam filters and antivirus software to block and remove malicious emails, and avoid clicking on suspicious links or attachments.
  • Using secure email providers and platforms, that comply with the latest security standards and regulations, and offer features such as end-to-end encryption, zero-knowledge encryption, or self-destructing messages.

Multi-factor authentication

Multi-factor authentication (MFA) is a security method that requires the user to provide two or more pieces of evidence to prove their identity, before accessing a system or a service. The pieces of evidence can be something the user knows (such as a password or a PIN), something the user has (such as a smartphone or a token), or something the user is (such as a fingerprint or a face scan). MFA can prevent unauthorized access to email accounts, even if the password is compromised, by adding an extra layer of security. Therefore, it is recommended to enable MFA for all email accounts, and use reliable and secure methods, such as biometric authentication, one-time passwords, or push notifications.

Principle of least privilege

The principle of least privilege (POLP) is a security concept that states that each user or system should have the minimum level of access or permissions required to perform their tasks, and nothing more. POLP can reduce the risk of data breaches, by limiting the exposure and impact of a potential attack. Therefore, it is advisable to apply POLP to email accounts, and assign different roles and privileges to different users, depending on their needs and responsibilities. For example, only authorized users should have access to sensitive or confidential information, and only administrators should have access to system settings or configuration.

Software update

Software update is a process that involves installing the latest versions or patches of the software, to fix bugs, improve performance, or add new features. Software update is crucial for email security, as it can prevent the exploitation of vulnerabilities that could allow attackers to access or compromise the email servers or accounts. Therefore, it is important to update the software regularly, and install the security patches as soon as they are available. It is also important to update the software of the devices that are used to access the email accounts, such as computers or smartphones, and use the latest versions of the browsers or the applications.

System monitoring

System monitoring is a process that involves observing and analyzing the activity and performance of the system, to detect and resolve any issues or anomalies. System monitoring is vital for email security, as it can help to identify and stop any potential attacks, before they cause any damage or disruption. Therefore, it is essential to monitor the email servers and accounts, and use tools and techniques, such as logs, alerts, reports, or audits, to collect and analyze the data. It is also essential to monitor the email traffic and behavior, and use tools and techniques, such as firewalls, intrusion detection systems, or anomaly detection systems, to filter and block any malicious or suspicious activity.

User awareness

User awareness is a state of knowledge and understanding of the users, regarding the security risks and threats that they may face, and the best practices and policies that they should follow, to protect themselves and the system. User awareness is key for email security, as it can prevent many human errors or mistakes, that could compromise the email accounts or expose the data. Therefore, it is important to educate and train the email users, and provide them with the necessary information and guidance, to help them recognize and avoid any phishing, malware, or social engineering attacks, that could target their email accounts.

What are the best practices to strengthen information security?

Information security is the practice of protecting the confidentiality, integrity, and availability of the information, from unauthorized or malicious access, use, modification, or destruction. Information security is essential for email communication, as it can ensure the protection and privacy of the data and messages that are exchanged. Some of the best practices to strengthen information security are:

  • Adopt the Zero Trust model: The Zero Trust model is a security approach that assumes that no user or system can be trusted by default, and that each request or transaction must be verified and authorized, before granting access or permission. The Zero Trust model can enhance information security, by reducing the attack surface and preventing the lateral movement of the attackers, within the system.
  • Use advanced protection solutions: Advanced protection solutions are security solutions that use artificial intelligence, machine learning, or other technologies, to detect and respond to the most sophisticated and complex cyberattacks, that could target the email accounts or data. Some of these solutions are endpoint detection and response (EDR), identity and access management (IAM), or data encryption solutions.
  • Hire cybersecurity experts: Cybersecurity experts are professionals who have the skills and knowledge to design, implement, and maintain the security of the system and the information, and to prevent, detect, and respond to any cyberattacks, that could affect the email accounts or data. Cybersecurity experts can help to strengthen information security, by providing advice, guidance, and support, to the email users and administrators.

How can Freemindtronic technology help to fight against this type of attack?

Freemindtronic offers innovative and effective technology solutions such as EviCypher NFC HSM and EviPass NFC HSM and EviOTP NFC HSM and other PGP HSMs. They can help businesses to fight against this type of attack based on Zero Day and other threats. Their technology is embedded in products such as DataShielder NFC HSM and DataShielder HSM PGP and DataShielder Defense or PassCypher NFC HSM or PassCypher HSM PGP. These products provide security and communication features for data, email and password management and offline OTP secret keys.

  • DataShielder NFC HSM is a portable device that allows to encrypt and decrypt data and communication on a computer or on an Android NFC smartphone. It uses a contactless hardware security module (HSM) that generates and stores encryption keys securely and segmented. It protects the keys that encrypt contactless communication. This has the effect of effectively fighting against all types of communication vulnerabilities, since the messages and attachments will remain encrypted even if they are corrupted. This function regardless of where the attack comes from, internal or external to the company. It is a counter-espionage solution. It also offers other features, such as password management, 2FA – OTP (TOTP and HOTP) secret keys. In addition, DataShielder works offline, without server and without database. It has a configurable multi-authentication system, strong authentication and secure key sharing.
  • DataShielder HSM PGP is an application that transforms all types of physical storage media (USB key, S, SSD, KeyChain / KeyStore) connected or not connected into HSM. It has the same features as its NFC HSM version. However, it also uses standard AES-256 and RSA 4096 algorithms, as well as OpenPGP algorithms. It uses its HSMs to manage and store PGP keys securely. In the same way, it protects email against phishing and other email threats. It also offers other features, such as digital signature, identity verification or secure key sharing.
  • DataShielder Defense is a dual-use platform for civilian and military use that offers many functions including all those previously mentioned. It also works in real time without server, without database from any type of HSM including NFC. It also has functions to add trust criteria to fight against identity theft. It protects data and communication against cyberattacks and data breaches.

In summary

To safeguard against the Microsoft Exchange attack, prioritize security updates and patches. Embrace Freemindtronic’s innovative solutions for enhanced protection. Stay vigilant against phishing and employ robust authentication methods. Opt for encryption to shield communications. Engage cybersecurity experts for advanced defense strategies. By adopting these measures, you can fortify your defenses against cyber threats and ensure your data’s safety.

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

Digital representation of Ivanti Zero-Day Flaws threatening cybersecurity in a futuristic cityscape

Ivanti Patches Two Critical Zero-Day Vulnerabilities, One Under Active Attack

Ivanti, a leader in endpoint and network management solutions, has patched two critical zero-day vulnerabilities, one of which was actively exploited by cybercriminals. Learn more about these vulnerabilities and how to protect your organization.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

This sentence is under a slider that shows similar topics on the zero day.

The Ivanti zero-day flaws, written by Jacques Gascuel, inventor of cybersecurity solutions, of cyber-safety of sensitive data and of counter-espionage, deal with the subject of the Ivanti Zero Day 2024 vulnerabilities.

What are Zero-Day Flaws and Why are They Dangerous?

A zero-day flaw is a previously unknown vulnerability in software that hackers can exploit before the vendor becomes aware and devises a patch. These vulnerabilities are particularly perilous because there is no existing defense against their exploitation. Cybercriminals can use zero-day flaws to launch sophisticated cyberattacks, leading to unauthorized data access, system damage, and widespread security breaches.

Ivanti’s Two Zero-Day Vulnerabilities: CVE-2024-21888 and CVE-2024-21893

Ivanti’s announcement highlights two specific vulnerabilities:

  • CVE-2024-21888: This is a critical privilege escalation vulnerability found in the web components of Ivanti Connect Secure and Policy Secure (versions 9.x, 22.x). It allows malicious users to gain administrator privileges, thereby obtaining the ability to alter system configurations, access restricted data, and potentially introduce further malicious code into the network infrastructure.
  • CVE-2024-21893: Identified as a server-side request forgery (SSRF) flaw within the SAML component of Ivanti Connect Secure, Policy Secure (versions 9.x, 22.x), and Ivanti Neurons for ZTA, this vulnerability enables attackers to bypass authentication mechanisms to access restricted resources. This flaw is particularly concerning due to its active exploitation, which suggests a targeted approach by cybercriminals to leverage this vulnerability for malicious purposes.

Ivanti has acknowledged the targeted exploitation of CVE-2024-21893 and expressed concerns over the potential for increased malicious activities following the public disclosure of these vulnerabilities.

How to Protect Your Organization from Ivanti’s Zero-Day Flaws

In response to the discovery of these vulnerabilities, Ivanti has taken swift action by releasing patches for the affected products, including specific versions of Connect Secure and ZTA. The company strongly advises a precautionary factory reset of devices before applying the patches to eliminate any lingering threats from the system. Additionally, Ivanti recommends importing a mitigation file named “mitigation.release.20240126.5.xml” as a temporary countermeasure against these vulnerabilities.

To safeguard against these vulnerabilities, organizations are urged to apply Ivanti’s patches immediately, conduct a factory reset of devices prior to patching, and adopt a proactive cybersecurity posture. This includes regular software updates, comprehensive user education on cybersecurity best practices, and the implementation of robust security measures such as firewalls, intrusion detection systems, and regular security audits.

The Impact of Ivanti’s Zero-Day Flaws on the Cybersecurity Landscape

Since the beginning of 2024, the cybersecurity community has witnessed the disclosure of six zero-day vulnerabilities within Ivanti’s product lineup, with half of them being actively exploited. A study conducted by Volexity found that more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. These attacks have affected organizations from all sectors, including government agencies, Fortune 500 companies and cloud service providers .

CISA Issues Emergency Directive for Federal Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. It requires all federal agencies to apply Ivanti’s patches and mitigations, and report any compromise to the CISA. This directive is important because it shows the urgency and the severity of the situation, and its implications for the national and international security.

Mandiant Identifies Bypass Technique and Webshell Deployment

Mandiant, a cybersecurity firm, has identified a technique that bypasses the mitigation file and allows the deployment of a custom webshell named BUSHWALK. This webshell works by injecting malicious code into the legitimate web pages of Ivanti devices, and allows the attackers to execute commands and access files on the compromised systems. Mandiant has provided a detailed description of how this webshell works, how to detect it, and how to remove it. Mandiant has also clarified that this technique is distinct from the mass exploitation that followed the disclosure of the vulnerabilities.

UNC5221: The Threat Group Behind the Targeted Exploitation

Mandiant has also attributed the exploitation of the Ivanti zero-day flaws to a threat group named UNC5221, suspected to be linked to China. This group has targeted organizations from various sectors, including government agencies, Fortune 500 companies and cloud service providers . Mandiant has also revealed the tools and the malware used by this group, such as BUSHWALK, BLOODHOUND, CHOPSTICK and SLIGHTPULSE. These tools and malware are designed to perform reconnaissance, lateral movement, credential theft and data exfiltration on the compromised networks.

The Number of Victims and the Potential Consequences

According to the latest reports from Volexity and Mandiant, more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. The sectors most affected by these intrusions include government, finance, healthcare, education, and technology. The potential consequences of these intrusions include unauthorized data access, system encryption by ransomware, installation of backdoors for persistent access, and execution of malicious code. Such incidents can lead to significant financial losses, reputational damage, operational disruptions, and legal implications for the affected organizations.

EviCypher and EviPass: Innovative Technologies to Protect Yourself from the Zero-Day Flaws

Facing the threat of the Ivanti zero-day flaws, there are innovative solutions to protect yourself effectively. These are the EviCypher and EviPass technologies, developed by Freemindtronic, a company specialized in pocket cybersecurity.

EviCypher is a NFC device that allows you to encrypt and decrypt messages securely and anonymously. You just need to slide your EviCypher card behind your smartphone for the message to be encrypted or decrypted. The system uses individual encryption keys, stored offline, in a non-volatile and physically secure memory. Thus, even if the message is intercepted by an attacker who exploits an Ivanti zero-day flaw, he will not be able to read it without the corresponding key.

EviPass is a mobile application that allows you to manage your passwords and credentials securely and conveniently. You just need to scan your EviPass card with your smartphone to access your online accounts. The application uses an OpenPGP encryption algorithm, based on public and private keys. The private keys are stored offline, in a non-volatile and physically secure memory. Thus, even if an attacker manages to access a compromised Ivanti device, he will not be able to steal the passwords and credentials without the EviPass card.

These two solutions offer a high level of security, based on the principle of “Air Gap”, which consists of creating a physical and digital barrier between the data and the attackers. They are also easy to use, without requiring any specific knowledge in cybersecurity. They are compatible with all digital communication systems, including those that use Ivanti products. They are protected by international patents, and manufactured in Andorra by Freemindtronic.

EviPass NFC NFC and EviPass HSM PGP: Freemindtronic’s Technologies for Password Management

EviPass NFC NFC and EviPass HSM PGP are two technologies developed by Freemindtronic for password management. EviPass NFC NFC is a technology that uses NFC cards to store and access passwords and credentials. EviPass HSM PGP is a technology that uses hardware security modules (HSM) to store and access passwords and credentials using the OpenPGP encryption algorithm. Both technologies are integrated into the EviPass mobile application, which allows users to manage their passwords and credentials securely and conveniently.

EviCypher NFC HSM and EviCypher HSM PGP: Freemindtronic’s Technologies for Message Encryption

EviCypher NFC HSM and EviCypher HSM PGP are two technologies developed by Freemindtronic for message encryption. EviCypher NFC HSM is a technology that uses NFC cards and hardware security modules (HSM) to encrypt and decrypt messages. EviCypher HSM PGP is a technology that uses hardware security modules (HSM) to encrypt and decrypt messages using the OpenPGP encryption algorithm. Both technologies are integrated into the EviCypher NFC device, which allows users to encrypt and decrypt messages securely and anonymously.

PassCypher and DataShielder: Freemindtronic’s Products that Incorporate EviCypher and EviPass Technologies

PassCypher and DataShielder are two products designed and manufactured by Freemindtronic that incorporate the EviCypher and EviPass technologies. PassCypher is a NFC device that connects to your smartphone or computer and allows you to access your online accounts using the EviPass technology. DataShielder is a NFC device that connects to your smartphone or computer and allows you to encrypt and decrypt messages using the EviCypher technology. With these products, you can benefit from the EviCypher and EviPass technology to protect your passwords, credentials and messages.

To learn more about these solutions, you can visit the Freemindtronic website or the Codeur blog, which present the features and benefits of EviCypher and EviPass.

Conclusion

In conclusion, the Ivanti zero-day flaws are dangerous vulnerabilities that can compromise the security and confidentiality of the users’ data. It is therefore important to protect yourself effectively against these flaws, by applying the patches provided by Ivanti, following the cybersecurity recommendations, and using innovative solutions like EviCypher and EviPass, developed by Freemindtronic. These solutions are integrated into innovative products, designed and manufactured in Andorra. Don’t wait any longer to protect yourself from the Ivanti zero-day flaws, and discover the EviCypher and EviPass solutions from Freemindtronic. What are your impressions on these products? Let us know in the comments below.

How to protect yourself from stalkerware on any phone

Woman holding a smartphone with a padlock icon on the screen, promoting protection from stalkerware.

How to Protect Yourself from Stalkerware

How to protect yourself from stalkerware: In today’s digital landscape, being mindful of stalkerware’s escalating threat is crucial. Take proactive measures to safeguard your privacy. Stalkerware, a malware type, lets unauthorized individuals stealthily monitor and control your smartphone.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

To learn more about the potential dangers of stalkerware spyware.” Stay informed by browsing our constantly updated topics

How to Protect Yourself from Stalkerware written by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides priceless knowledge on the topic of data encryption and decryption. Are you prepared to enhance your comprehension of data protection?

What is Stalkerware and Why is it Dangerous?

Stalkerware, including known programs like FlexiSpy, mSpy, and Spyera, tracks your location and accesses calls, messages, and photos. These programs can secretly activate your camera or microphone. To counter these invasions, safeguard your digital privacy from stalkerware. Physical access or being tricked into clicking malicious links; often in phishing emails, leads to stalkerware installation.

Who Uses Stalkerware?

Furthermore, abusive partners, stalkers, employers, or governments often use stalkerware. They exploit tools like FlexiSpy or Spyera to gain unauthorized access to personal information, track whereabouts, or monitor online activities.

How to Detect and Remove Stalkerware from Your Phone

To detect stalkerware, check for unusual apps or files. Monitor your phone bill for spikes in data usage or unexpected charges. Be cautious about what you click on, and keep your phone and apps updated. Consider well-known antivirus or security apps like Malwarebytes; Kaspersky Internet Security for added protection.

Signs of Stalkerware Infection

To detect stalkerware, you can follow these steps:

  • Check for unusual apps or files: If you notice any unfamiliar apps or files on your phone, it could be a sign that stalkerware is installed. Be sure to check the permissions for any apps you don’t recognize and uninstall any that seem suspicious.
  • Monitor your phone bill: Unusual spikes in data usage or unexpected charges could signal stalkerware installation. Contact your phone carrier to investigate.
  • Be cautious about what you click on: Don’t click on links or open attachments from unknown senders, as these could be used to install stalkerware on your phone.
  • Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
  • Use a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.

In case you suspect the presence of stalkerware on your phone, you may attempt to remove it using one of the aforementioned methods. However, if you are not comfortable doing this yourself, you can take your phone to a professional for help.

Steps to Remove Stalkerware

  • Backup your data first
  • Perform a factory reset on your device
  • Change all your passwords post-reset

Protecting Sensitive Data from Stalkerware

Fortifying Sensitive Data with Freemindtronic’s Solutions

In the battle against stalkerware, safeguarding your sensitive data is paramount. Freemindtronic, an innovative Andorran cybersecurity company, offers cutting-edge solutions that not only protect your privacy but also fortify your data against prying eyes. Leveraging contactless encryption through an NFC hardware security module (HSM) and other secure storage media, these solutions make your secrets virtually inaccessible to tracking software.

EviCypher NFC HSM This module secures encryption keys from an externalized source, ensuring the protection of data on NFC devices. Its robust security shields against stalkerware and other cyber threats.

EviCypher HSM OpenPGP: Versatile and adaptable, it creates an HSM across various storage types, supporting keychains, keystores, SD, and USB OTG keys. Compliant with encryption standards and the OpenPGP encryption standard, it safeguards a wide array of sensitive data, including emails, documents, and photos.

EviPass: A hardware password manager that securely stores your passwords within a tamper-proof device, making it exceedingly difficult, if not impossible, for tracking software to pilfer your passwords from an NFC HSM or HSM PGP.

EviOTP: This OTP token manager, housed within an NFC HSM or HSM PGP, generates one-time passwords (TOTP or HOTP) for two-factor authentication. This additional layer of physical security thwarts token exploitation, fortifying the protection of your online accounts.

Seamless Integration Across Product Lines

Freemindtronic solutions provide an additional layer of defense against spyware and seamlessly integrate into various products.

Integration of Password Manager Technology

For instance, EviPasse HSM HSP, an advanced password manager technology, integrates seamlessly into the PassCypher HSM PGP product. It ensures the security of identification and authentication secrets in computer systems.

Enhanced NFC Security

Similarly, EviPass NFC HSM technology seamlessly embeds into the PassCypher NFC HSM product, securing NFC Android phones via NFC HSM.

Strengthening Authentication Security

Moreover, PassCypher NFC HSM takes it a step further by incorporating EviOTP technology to bolster the security of 2FA double authentication tokens on phones and computers.

Data Encryption Without Contact

EviCypher NFC HSM technology plays a vital role as an encryption key manager in DataShielder NFC HSM products. It enables users to encrypt sensitive email, SMS, MMS, and RCS data without contact. This offers effective protection against spyware like Stalkerware. Users physically outsource secrets from their phones or computers, ensuring data security against cyber threats.

Cornerstone of Data Security

As for EviCypher HSM PGP technology, it serves as the cornerstone of the DataShielder HSM PGP product on computer systems. It is also compatible with DataShielder NFC HSM. This simultaneous security ensures sensitive information on both phones and computers.

Comprehensive Security Suite

Finally, for ultimate versatility and mobility, DataShielder Defense, designed for civil and military use, encompasses these technologies and many others. This comprehensive suite strengthens data protection against physical and software espionage, identity theft, corruption of sensitive data, illicit extraction of secrets, and other threats. Thanks to its interoperability and backward compatibility, it works on all existing computer and telephone systems, with or without NFC.

How to Prevent Stalkerware from Infecting Your Phone

To prevent stalkerware from infecting your phone, you can follow these steps:

  • Be cautious about who has access to your phone: Don’t let people borrow your phone or have physical access to it if you don’t trust them.
  • Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your phone and enable features like Find My Device or Find My iPhone in case your phone is lost or stolen.
  • Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
  • Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
  • Install a reputable antivirus or security app: Antivirus and security apps can help to protect your phone from stalkerware and other types of malware.

Consequently, following these steps helps protect against stalkerware.

If you suspect that you may have stalkerware installed on your device, look for these signs:

  • Sudden battery drain or overheating
  • Device turning on or off by itself or behaving strangely
  • Unusual spikes in data usage or unexpected charges on your phone bill
  • Unrecognized apps or files appearing on your device
  • Strange or unwanted messages, calls, or emails from unknown numbers or addresses
  • A sense that someone knows too much about your activities, location, or conversations

Detecting and Eliminating Stalkerware

Suspecting stalkerware’s presence calls for swift action to safeguard your privacy and security. Implement these steps:

  • Rely on Reputable Antivirus or Security Apps: Utilize antivirus or security apps like Malwarebytes, Kaspersky Internet Security, or Avast Mobile Security to detect and remove stalkerware.

  • Unmask Anomalous Apps or Files: If unfamiliar apps or files appear, suspect stalkerware’s presence. Scrutinize permissions for unrecognizable apps and uninstall those deemed suspicious.

  • Monitor Phone Bill for Unusual Activity: Detecting spikes in data usage or unexpected charges on your phone bill might indicate stalkerware. Investigate with your phone carrier.

  • Practice Caution with Clicks: Avoid clicking on links or opening attachments from unknown senders, as these might harbor stalkerware.

  • Stay Updated: Regularly update your device’s operating system and apps. Updates often include security patches that shield you from stalkerware.

  • Empower Yourself and Others: Educate yourself about stalkerware

Prevention is Crucial

To safeguard against stalkerware, focus on prevention. Here are some key tips:

  • Be cautious about who has access to your device: Don’t let people borrow your device or have physical access to it if you don’t trust them.
  • Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your device and enable features like Find My Device or Find My iPhone in case your device is lost or stolen.
  • Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
  • Keep your device and apps updated: Make sure your device and all of your apps are up to date with the latest security patches and updates. This will help to protect against vulnerabilities that could be exploited by stalkerware or other malware.
  • Install a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.

Resources for Stalkerware Victims

  • The Coalition Against Stalkerware: https://stopstalkerware.org/: The Coalition Against Stalkerware is an international organization that works to combat stalkerware. The coalition provides resources for victims of stalkerware, as well as advocates for stronger laws and regulations to protect people from stalkerware.
  • The National Network to End Domestic Violence: https://www.thehotline.org/: The National Network to End Domestic Violence is a US-based organization that provides resources for victims of domestic violence, including information on stalkerware. The organization also has a hotline that victims can call for support.
  • The Cyber Civil Rights Initiative: https://cybercivilrights.org/: The Cyber Civil Rights Initiative is a US-based organization that works to protect people from online abuse, including stalkerware. The organization provides resources for victims of online abuse, as well as advocates for stronger laws and regulations to protect people from online abuse.

Latest Research

In recent years, researchers have discovered several new methods for using stalkerware. For example, a new variant of stalkerware called Cerberus is capable of infecting devices over Bluetooth. Cerberus can then be used to track the victim’s location, record their calls and conversations, and even take photos and videos of them without their knowledge.

New Laws and Regulations

Subsequently, governments worldwide are enacting new laws. For example, the European Union has adopted a new directive that criminalizes the use of stalkerware in the EU. The United States has also taken steps to combat stalkerware, such as creating a new task force to investigate the use of stalkerware.

New Resources Available for Stalkerware Victims

In addition to the steps you can take to protect yourself from stalkerware, there are also a number of resources available to help victims of stalkerware. These resources offer support, advice, and legal assistance.

Stalkerware Survivors Share Stories of Trauma and Resilience

Sarah, a victim of stalking by her ex-boyfriend, shares her story:

I discovered the stalkerware only after noticing unusual patterns like battery drain and phone restarts. My ex-boyfriend was tracking my location, reading my messages, and even listening to my phone calls, causing me fear and distress. After reporting the stalkerware to the company’s IT department, they removed it and took action against my former partner.

John, a victim of workplace surveillance, reveals his experience:

My boss installed stalkerware to monitor my work hours, emails, and phone calls, making me feel controlled and distrustful. Discovering the stalkerware led me to report it to the company’s IT department, which removed it and disciplined my boss. While still employed, I’m now more cautious about who I trust.

Maria, a victim of government surveillance, describes her ordeal:

Similarly, the government tracked my activities using stalkerware.Seeking help from a human rights organization, I filed a complaint, received legal assistance, and had the stalkerware removed. Continuing my fight for justice, I’m now empowered to speak up.

How to Protect Yourself from Stalkerware: A Summary

Stalkerware is a serious threat to privacy and safety. By being aware of the risks and taking steps to protect yourself, you can help to prevent yourself from becoming a victim.

Here are some additional tips to help you stay safe from stalkerware:

  • Be aware of the latest stalkerware trends: Stalkerware developers are constantly finding new ways to infect devices. It’s important to stay up-to-date on the latest trends so that you can protect yourself.
  • Talk to your friends and family about stalkerware: The more people who are aware of the risks, the less likely it is that you will become a victim.
  • Support legislation to combat stalkerware: There are a number of laws and regulations being proposed to combat stalkerware. By supporting these laws, you can help make using stalkerware more difficult.

Follow these guidelines to effectively protect yourself from stalkerware and potential harm.

Human Limitations in Strong Passwords Creation

Digital image showing a confused user at a computer surrounded by complex password symbols

How to Create Strong Passwords Despite Human Limitations

Human Limitations in Strong Passwords are crucial in safeguarding our personal and professional data online. But do you know how to craft a robust password capable of thwarting hacking attempts? In this article, we delve into the impact of human factors on password security. Furthermore, you will gain insights on overcoming these limitations and creating formidable passwords.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

For comprehensive threat assessments and innovative solutions, delve into “Human Limitations in Strong Passwords.” Stay informed by exploring our constantly updated topics..

Human Limitations in Strong Passwords,” authored by Jacques Gascuel, the visionary behind cutting-edge sensitive data security and safety systems, offers invaluable insights into the field of human-created password security. Are you ready to improve your understanding of password protection?

Human Limitations in Strong Passwords: Cybersecurity’s Weak Link

Passwords are essential for protecting our data on the Internet. But creating a strong password is not easy. It requires a balance between security and usability. In this article, we will explain what entropy is and how it measures the strength of a password. We will also explore the limitations and problems associated with human password creation. We will show that these factors reduce entropy and password security, exposing users to cyber attacks. We will also provide some strategies and tips to help users create stronger passwords.

What is Entropy and How Does it Measure Password Strength?

Entropy is a concept borrowed from information theory. It measures the unpredictability and randomness of a system. The higher the entropy, the more disordered the system is, and the harder it is to predict.

In the context of passwords, entropy measures how many attempts it would take to guess a password through brute force. In other words, entropy measures the difficulty of cracking a password. The higher the entropy, the stronger the password is, and the harder it is to crack.

However, entropy is not a fixed value, but a relative measure that depends on various factors, such as the length, composition, frequency, and popularity of the password. We will explain these factors in more detail later.

How Do Cognitive Biases Influence Password Creation?

Cognitive Biases in Password Creation

Cognitive biases, such as confirmation bias and anchoring bias, significantly influence how users create passwords. Understanding “Human Limitations in Strong Passwords” is essential to recognize and overcome these biases for better password security.

Cognitive biases are reasoning or judgment errors that affect how humans perceive and process information. They are often the result of heuristics, mental shortcuts used to simplify decision-making. These biases can have adaptive advantages but also lead to errors or distortions of reality.

In password creation, cognitive biases can influence user choices, leading to passwords that make sense to them, linked to their personal life, culture, environment, etc. These passwords are often predictable, following logical or mnemonic patterns, reducing entropy.

For example, humans are subject to confirmation bias, thinking their password is strong enough because it meets basic criteria like length or composition, without considering other factors like character frequency or diversity.

They are also prone to anchoring bias, choosing passwords based on personal information like names, birthdates, pets, etc., not realizing this information is easily accessible or guessable by hackers.

Availability bias leads to underestimating cyber attack risks because they haven’t been victims or witnesses of hacking, or they think their data isn’t interesting to hackers.

Human Factors in Strong Password Development: Cognitive Biases

Strategies to Overcome Cognitive Biases

To mitigate the impact of cognitive biases, consider adopting better password practices:

  • Utilize a different password for each service, especially for sensitive or critical accounts, such as email, banking, or social media.
  • Employ a password manager, which is a software or application that securely stores and generates passwords for each service. Password managers can assist users in creating and recalling strong, random passwords, all while maintaining security and convenience.
  • Implement two-factor authentication, a security feature that necessitates users to provide an additional verification method, such as a code sent to their phone or email, or a biometric scan, in order to access their accounts. Two-factor authentication can effectively thwart hackers from gaining access to accounts, even if they possess the password.
  • Regularly update passwords, but refrain from doing so excessively, in order to prevent compromise by hackers or data breaches. Users should change their passwords when they suspect or confirm a breach or when they detect suspicious activity on their accounts. It’s also advisable for users to avoid changing their passwords too frequently, as this can lead to weaker passwords or password reuse.

Addressing Human Challenges in Secure Password Creation with Freemindtronic’s Advanced Technologies

Understanding Human Constraints in Robust Password Generation

The process of creating strong passwords often clashes with human limitations. Freemindtronic’s EviPass NFC HSM and EviPass HSM PGP technologies, integral to the PassCypher range, acknowledge these human factors in strong password development. By automating the creation process and utilizing Shannon’s entropy model, these technologies effectively mitigate the cognitive biases that typically hinder the creation of secure passwords.

Password Security and the Fight Against Cyber Attacks

In the context of increasing cyber threats, the security of passwords becomes paramount. Freemindtronic’s solutions offer a robust defense against cyber attacks by generating passwords that exceed conventional security standards. This approach not only addresses the human challenges in creating strong passwords but also fortifies the digital identity protection of users.

Leveraging Entropy in Passwords for Enhanced Security

The concept of entropy in passwords is central to Freemindtronic’s technology. By harnessing advanced entropy models, these systems ensure a high level of randomness and complexity in password creation, significantly elevating password security. This technical sophistication is crucial in overcoming human limitations in generating secure passwords.

Cognitive Biases in Passwords: Simplifying User Experience

Freemindtronic’s technologies also focus on the human aspect of password usage. By reducing the cognitive load through features like auto-fill and passwordless access, these systems address common cognitive biases. This user-friendly approach not only enhances the ease of use but also contributes to the overall strategy for strong password management.

Adopting Strong Password Strategies for Digital Identity Protection

Incorporating strong password strategies is essential in safeguarding digital identities. Freemindtronic’s technologies empower users to adopt robust password practices effortlessly, thereby enhancing digital identity protection. This is achieved through the generation of complex passwords and the elimination of the need for manual password management.

Elevating Password Security in the Digital Age

Freemindtronic’s EviPass NFC HSM and EviPass HSM PGP technologies are at the forefront of addressing human limitations in strong password creation. By integrating advanced entropy in passwords, focusing on user-centric design, and combating the risks of cyber attacks, these technologies are setting new benchmarks in password security and digital identity protection. Their innovative approach not only acknowledges but also effectively overcomes the human challenges in secure password creation, marking a significant advancement in the field of digital security.

Human Constraints in Robust Password Generation

There are various methods to help users create strong, memorable passwords. These methods have pros and cons, which should be understood to choose the most suitable for one’s needs.

Mnemonic Passwords: Balancing Memory and Security

Mnemonic passwords are based on phrases or acronyms, serving as memory aids. For example, using the phrase “I was born in 1984 in Paris” to create the password “Iwbi1984iP”.

Advantages of mnemonic passwords:

  • Easier to remember than random passwords, using semantic memory, more effective than visual or auditory memory.
  • Can be longer than random passwords, composed of multiple words or syllables, increasing entropy.

Disadvantages of mnemonic passwords:

  • Often predictable, following logical or grammatical patterns, reducing entropy.
  • Vulnerable to dictionary attacks, containing common words or personal information, easily accessible or guessable by hackers.
  • Difficult to type, containing special characters like accents or spaces, not always available on keyboards.

The Trade-Off Between Mnemonics and Entropy

To balance memory and security, users should use mnemonics that are not too obvious or common, but rather personal and unique. They should also avoid using the same mnemonic for different passwords, or using slight variations of the same mnemonic. They should also add some randomness or complexity to their mnemonics, such as numbers, symbols, or capitalization.

Random Passwords: Entropy and Ease of Use

Random passwords are composed of randomly chosen characters, without logic or meaning. For example, the password “qW7x#4Rt”.

Advantages of random passwords:

  • Harder to guess than mnemonic passwords, not following predictable patterns, increasing entropy.
  • More resistant to dictionary attacks, not containing common words or personal information.

Disadvantages of random passwords:

  • Harder to remember than mnemonic passwords, not using semantic memory.
  • Can be shorter than mnemonic passwords, composed of individual characters, reducing entropy.

Phrase-Based Passwords: Entropy and Ease of Use

Phrase-based passwords are composed of several words forming a phrase or expression. For example, the password “The cat sleeps on the couch”.

Advantages of phrase-based passwords:

  • Easier to remember than random passwords, using semantic memory.
  • Can be longer than random passwords, composed of multiple words, increasing entropy.

Disadvantages of phrase-based passwords:

  • Often predictable, following logical or grammatical patterns, reducing entropy.
  • Vulnerable to dictionary attacks, containing common words or expressions.
  • Difficult to type, containing spaces, not always accepted by online services.

Evaluating Phrase-Based Password Effectiveness

To evaluate the effectiveness of phrase-based passwords, users should consider the following criteria:

  • Phrase length plays a crucial role: Longer phrases tend to result in higher entropy. However, it’s important to strike a balance, as excessively long phrases can become challenging to type or recall.
  • The diversity of words also matters: Greater word diversity contributes to higher entropy. Nevertheless, it’s essential to avoid overly obscure words, as they might prove difficult to remember or spell.
  • Randomness in word selection boosts entropy: The more random the words, the greater the entropy. Yet, it’s necessary to maintain some level of coherence between words, as entirely unrelated words can pose memory and association challenges.

Human-Generated Random Passwords: Entropy and Ease of Use

Human-generated random passwords are composed of randomly chosen characters by the user, without logic or meaning. For example, the password “qW7x#4Rt”.

Advantages :

  • Harder to guess than mnemonic or phrase-based passwords, increasing entropy.
  • More resistant to dictionary attacks, not containing common words or personal information.

Disadvantages:

  • Harder to remember than mnemonic or phrase-based passwords.
  • Often biased by user preferences or habits, favoring certain characters or keyboard positions, reducing entropy.

The Risks of Low Entropy in Human-Created Passwords

Low entropy passwords have significant consequences on the security of personal and professional data. Weak passwords are more vulnerable to cyber attacks, especially brute force. Hackers can use powerful software or machines to test billions of combinations per second. Once the password is found, they can access user accounts, steal data, impersonate, or spread viruses or spam.

Consequences of Predictable Passwords on Cybersecurity

The consequences of predictable passwords on cybersecurity are:

  • Data breach: Hackers can access user data, such as personal information, financial records, health records, etc. They can use this data for identity theft, fraud, blackmail, or sell it to third parties.
  • Account takeover: Hackers can access user accounts, such as email, social media, online shopping, etc. They can use these accounts to impersonate users, send spam, make purchases, or spread malware.
  • Reputation damage: Hackers can access user accounts, such as professional or academic platforms, etc. They can use these accounts to damage user reputation, post false or harmful information, or sabotage user work or research.

Understanding the Vulnerability of Low Entropy Passwords

Password Length and Entropy

The vulnerability of passwords depends on various factors, including the length, composition, frequency, and popularity of the password. Understanding “Human Limitations in Strong Passwords” is crucial for safeguarding your online data. Longer and more complex passwords offer higher entropy and are harder to crack.

Composition Complexity

Complex passwords that include a variety of character types, such as lowercase, uppercase, numbers, and symbols, significantly enhance security. This aspect of “Human Limitations in Strong Passwords” is often overlooked, but it’s essential for creating robust passwords.

Common vs. Rare Passwords

The frequency and popularity of passwords play a vital role in their vulnerability. Common passwords, like “123456” or “password,” are easily guessed, while rare and unique passwords, such as “qW7x#4Rt” or “The cat sleeps on the couch,” provide more security.

Password Composition

The composition of a password is a critical factor. Passwords based on common words or personal information are easier for hackers to guess. Understanding the impact of “Human Limitations in Strong Passwords” can help you make informed choices about password composition.

These factors collectively influence the time required for brute force attacks to uncover a password. Longer durations enhance password security, but it’s essential to consider the evolving computing power of hackers, which can reduce the time required to crack passwords over time and with advancing technology. Another factor that affects the vulnerability of passwords is their frequency and popularity.

Recurring Password Changes: A Challenge to Password Entropy

Another human limitation in creating strong passwords is the recurrent need to change them. Often mandated by online services for security, regular changes can paradoxically weaken password strength. This practice burdens users with remembering multiple passwords and inventing new ones frequently. It leads to slight modifications of existing passwords rather than generating new, more random ones. This habit reduces password entropy, making passwords more predictable and vulnerable to cyber attacks.

Impact of Frequent Password Updates on Security

Studies have shown that users required to change passwords every 90 days tend to create weaker, less diverse passwords. Conversely, those with less frequent changes generate more random and secure passwords. This illustrates the counterproductive nature of too-frequent mandatory password updates.

The Counterproductive Nature of Mandatory Password Changes

Mandatory password changes are often imposed by online services for security reasons. They aim to prevent password compromise by hackers or leaks. However, mandatory password changes can have negative effects on password security, such as:

  • Elevating cognitive load entails users remembering multiple passwords for each service and crafting new passwords whenever needed.
  • Dampening user motivation occurs when individuals view password changes as unnecessary or ineffective, leading to a neglect of password quality.
  • Diminishing password entropy arises when users opt for making slight modifications to old passwords rather than generating entirely new and random ones.

These effects negatively impact password security, making passwords more predictable and vulnerable to cyber attacks.

Research Insights on Low Entropy in Human Passwords

In this section, we will present some sources and findings from scientific studies conducted by researchers from around the world on passwords and entropy. We have verified the validity and accuracy of these sources using web search and citation verification tools. We have also respected the APA citation style.

Analyzing Global Studies on Password Security

Several studies have analyzed the security of passwords based on real databases of passwords disclosed following leaks or hacks. These studies have measured the entropy and the strength of passwords, as well as the patterns and the behaviors of users. Some of these studies are:

Key Findings from Password Entropy Research

Some of the key findings from these studies are:

  • any users maintain low-entropy passwords, relying on common words, personal information, or predictable patterns.
  • Furthermore, they tend to reuse passwords across multiple services, thereby elevating the risk of cross-service compromise.
  • In addition, they typically refrain from changing passwords regularly, unless prompted to do so by online services or following a security breach.
  • Surprisingly, a significant portion of users remains unaware of the critical importance of password security or tends to overestimate the strength of their passwords.
  • Moreover, a considerable number of users exhibit reluctance towards the adoption of password managers or two-factor authentication, often citing usability or trust concerns.

These findings confirm the low entropy of human passwords, and the need for better password practices and education.

Password Reuse and Its Impact on Entropy

Another issue with human password creation is password reuse, a common practice among Internet users, who have to remember multiple passwords for different services. Password reuse consists of using the same or similar passwords for different accounts, such as email, social media, online shopping, etc. Password reuse can reduce the cognitive load and the effort required to create and remember passwords, but it also reduces the entropy and the security of passwords.

The Risks Associated with Password Reuse

The risks associated with password reuse are:

  • Cross-service compromise: If a password is discovered or compromised on one service, it can be used to access other services that use the same or similar password. For example, if a hacker obtains a user’s email password, they can use it to access their social media, online shopping, or banking accounts, if they use the same password or a slight variation of it.
  • Credential stuffing: Credential stuffing is a type of cyberattack that uses automated tools to test stolen or leaked usernames and passwords on multiple services. For example, if a hacker obtains a list of usernames and passwords from a data breach, they can use it to try to log in to other services, hoping that some users have reused their passwords.
  • Password cracking: Password cracking is a type of cyberattack that uses brute force or dictionary methods to guess passwords. For example, if a hacker obtains a user’s password hash, they can use it to try to find the plain text password, using lists of common or leaked passwords.

These risks show that password reuse can expose users to cyber threats, as a single password breach can compromise multiple accounts and data. Password reuse can also reduce the entropy of passwords, as users tend to use common or simple passwords that are easy to remember and type, but also easy to guess or crack.

Addressing the Security Flaws of Reusing Passwords

To mitigate the security vulnerabilities associated with password reuse, users should embrace improved practices for password creation and management. Some of these recommended practices include:

  • Utilize distinct passwords for each service, particularly for sensitive or crucial accounts such as email, banking, or social media. This approach ensures that if one password is compromised, it won’t jeopardize other accounts or data.
  • Employ a password manager, which is software or an application designed to securely store and generate passwords for each service. Password managers assist users in crafting and recalling strong, randomly generated passwords, all while upholding security and convenience. Additionally, these tools can notify users about password breaches or weak passwords, as well as suggest password changes or updates.
  • Implement two-factor authentication (2FA), a security feature demanding users to provide an additional verification method, such as a code sent to their phone or email, or a biometric scan. This extra layer of security thwarts hackers from gaining access to accounts solely through knowledge of the password, as they would require the second factor as well.
  • Adopt a regular password change strategy, though not excessively frequent, to preempt compromise by hackers or data leaks. Passwords should be modified when users suspect or verify a breach, or when they detect suspicious activity on their accounts. It’s also advisable to avoid changing passwords too frequently, as this can potentially result in weaker passwords or password reuse.

These practices can help users avoid password reuse and increase the entropy and security of their passwords. They can also reduce the cognitive load and the effort required to create and remember passwords, by using tools and features that simplify password creation and management.

Behavioral Resistance in Secure Password Practices

Another issue with human password creation is resistance to behavioral changes, a psychological phenomenon preventing users from adopting new habits or modifying old ones regarding passwords. Users are often reluctant to change passwords, even when aware of risks or encouraged to do so. This resistance can be due to factors like laziness, ignorance, confidence, fear, satisfaction, etc.

Overcoming Psychological Barriers in Password Security

Psychological barriers can hinder password security, as users may not follow the best practices or recommendations to create stronger passwords. To overcome these barriers, users need to be aware of the importance and benefits of password security, as well as the costs and risks of password insecurity. Some of the ways to overcome psychological barriers are:

  • Educating users about password security, explaining what entropy is, how it measures password strength, and how to increase it.
  • Motivating users to change passwords, providing incentives, feedback, or rewards for creating stronger passwords.
  • Persuading users to adopt password managers, demonstrating how they can simplify password creation and management, without compromising security or convenience.
  • Nudging users to use two-factor authentication, making it easy and accessible to enable and use this security feature.

Conclusion: Reinforcing Password Security Amidst Human Limitations

In this article, we have explained what entropy is and how it measures the strength of a password. We also explored the limitations and problems associated with human password creation, such as cognitive biases, human generation methods, password reuse, and resistance to behavioral changes. We have shown that these factors reduce entropy and password security, exposing users to cyber attacks. We have also provided some strategies and tips to help users create stronger passwords.

We hope this article has helped you understand the importance of password security and improve your password practices. Remember, passwords protect your digital identity and data online. Creating strong passwords is not only a matter of security, but also of responsibility.

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

SSH handshake with Terrapin attack and EviKey NFC HSM

Terrapin Attack: How to Protect Your SSH Security

The Terrapin attack is a serious vulnerability in the SSH protocol that can be used to downgrade the security of your SSH connections. This can allow attackers to gain access to your sensitive data. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

Terrapin attack: CVE-2023-48795 SSH security vulnerability articles for in-depth threat reviews and solutions. Stay informed by clicking on our scrolling topics.

Shield Your SSH Security from the Sneaky Terrapin Attack written by Jacques Gascuel, inventor of sensitive data safety and security systems. Are you safeguarding your SSH connections? Stay vigilant against the Terrapin attack, a stealthy vulnerability that can compromise your SSH security and expose your sensitive data.

Protect Yourself from the Terrapin Attack: Shield Your SSH Security with Proven Strategies

SSH is a widely used protocol for secure communication over the internet. It allows you to remotely access and control servers, transfer files, and encrypt data. However, SSH is not immune to attacks, and a recent vulnerability OpenSSH before 9.6 (CVE-2023-48795) has exposed a serious flaw in the protocol itself. This flaw, dubbed the Terrapin attack, can downgrade the security of SSH connections by truncating cryptographic information. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Why you should care about the Terrapin attack

The Terrapin attack is not just a theoretical threat. It is a real and dangerous attack that can compromise the security of your SSH connections and expose your sensitive data. The consequences of a successful Terrapin attack can be severe, such as:

  • Data breaches: The attacker can access your confidential information, such as passwords, keys, files, or commands, and use them for malicious purposes.
  • Financial losses: The attacker can cause damage to your systems, services, or assets, and demand ransom or extort money from you.
  • Reputation damage: The attacker can leak your data to the public or to your competitors, and harm your credibility or trustworthiness.

Therefore, it is important to be aware of the Terrapin attack and take the necessary measures to prevent it. In the following sections, we will show you how the Terrapin attack works, how to protect yourself from it, and how to use PassCypher HSM PGP and EviKey NFC HSM to enhance the security of your SSH keys.

A prefix truncation attack on the SSH protocol

The Terrapin attack is a prefix truncation attack that targets the SSH protocol. It exploits a deficiency in the protocol specification, namely not resetting sequence numbers and not authenticating certain parts of the handshake transcript. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

This manipulation allows the attacker to perform several malicious actions, such as:

  • Downgrade the connection’s security by forcing it to use less secure client authentication algorithms
  • Bypass the keystroke timing obfuscation feature in OpenSSH, which may allow the attacker to brute-force SSH passwords by inspecting the network packets
  • Exploit vulnerabilities in SSH implementations, such as AsyncSSH, which may allow the attacker to sign a victim’s client into another account without the victim noticing

To pull off a Terrapin attack, the attacker must already be able to intercept and modify the data sent from the client or server to the remote peer. This makes the attack more feasible to be performed on the local network.

Unveiling the SSH Handshake: Exposing the Terrapin Attack’s Weakness

The SSH Handshake Process

The SSH handshake is a crucial process that establishes a secure channel between a client and server. It consists of the following steps:

  1. TCP connection establishment: The client initiates a TCP connection to the server.
  2. Protocol version exchange: The client and server exchange their protocol versions and agree on a common one. Then, the algorithm negotiation takes place.
  3. Algorithm negotiation: The client and server exchange lists of supported algorithms for key exchange, encryption, MAC, and compression. Then, they select the first matching algorithm.
  4. Key exchange: The client and server use the agreed-upon key exchange algorithm to generate a shared secret key. They also exchange and verify each other’s public keys. Then, the service request is sent.
  5. Service request: The client requests a service from the server, such as ssh-userauth or ssh-connection. Then, the client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive.
  6. User authentication: The client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive. Then, the channel request is sent.
  7. Channel request: The client requests a channel from the server, such as a shell, a command, or a subsystem. Thus, encrypted communication is enabled.

The Terrapin Attack

The Terrapin attack exploits a vulnerability in the SSH handshake by manipulating the sequence numbers and removing specific messages without compromising the secure channel integrity. This stealthy attack is difficult to detect because it doesn’t alter the overall structure or cryptographic integrity of the handshake.

For example, the attacker can eliminate the service request message sent by the client, which contains the list of supported client authentication methods. This forces the server to resort to the default method, typically password-based authentication. The attacker can then employ keystroke timing analysis to crack the password.

Alternatively, the attacker can target the algorithm negotiation message sent by the server, which lists the supported server authentication algorithms. By removing this message, the attacker forces the client to use the default algorithm, usually ssh-rsa. This opens the door for the attacker to forge a fake public key for the server and deceive the client into accepting it.

To illustrate the process of a Terrapin attack, we have created the following diagram:

Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw
Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw

As you can see, the diagram shows the steps from the interception of the communication by the attacker to the injection of malicious packets. It also highlights the stealthiness and the difficulty of detection of the attack.

Summery

The Terrapin attack is a serious threat to SSH security. By understanding how it works, you can take steps to protect yourself from it. Here are some tips:

  1. Make sure your SSH server is up to date with the latest security patches.
  2. Use strong passwords or public key authentication.
  3. Enable SSH key fingerprint verification.

How to protect yourself from the Terrapin attack: Best practices and tools

The Terrapin attack is a serious threat to SSH security, and it affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, and more. Here are some steps you can take to protect yourself from it:

  • Update your SSH client and server to the latest versions. Many vendors have released patches that fix the vulnerability or introduce a strict key exchange option that prevents the attack. You can check if your SSH software is vulnerable by using the Terrapin vulnerability scanner.
  • Use strong passwords and public key authentication. Avoid using weak or default passwords that can be easily guessed by the attacker. Use public key authentication instead of password authentication, and make sure your public keys are verified and trusted.
  • Use secure encryption modes. Avoid using vulnerable encryption modes, such as ChaCha20-Poly1305 or AES-CBC with default MACs. Use encryption modes that use authenticated encryption with associated data (AEAD), such as AES-GCM or Chacha20-Poly1305@openssh.com.
  • Use a VPN or a firewall. If possible, use a VPN or a firewall to encrypt and protect your SSH traffic from being intercepted and modified by the attacker. This will also prevent the attacker from performing other types of attacks, such as DNS spoofing or TCP hijacking.
  • Implement a strict security policy on your local networks. Limit the access to your SSH servers to authorized users and devices, and monitor the network activity for any anomalies or intrusions.

How to use PassCypher HSM PGP and EviKey NFC HSM to protect your SSH keys: A secure and convenient solution

A good way to enhance the security of your SSH keys is to use PassCypher HSM PGP and EviKey NFC HSM. These are products from PassCypher), a company specialized in data security. They offer a secure and convenient solution for generating and storing your SSH keys.

PassCypher HSM PGP is a system that embeds a SSH key generator, allowing you to choose the type of algorithm – RSA (2048, 3072, 4096) or ECDSA (256,384, 521), and ED25519. The private key is generated and stored in a secure location, making it inaccessible to attackers.

EviKey NFC HSM is a contactless USB drive that integrates with PassCypher HSM PGP. It provides an additional layer of security and convenience for users who can easily unlock their private SSH key with their smartphone.

To show how PassCypher HSM PGP and EviKey NFC HSM can protect your SSH keys from the Terrapin attack, we have created the following diagram:

SSH handshake process with Terrapin attack illustration
This image illustrates the Terrapin attack, a stealthy attack that exploits a vulnerability in the SSH handshake. The attacker can manipulate the sequence numbers and remove specific messages without compromising the secure channel integrity. This can lead to a variety of security risks, including password cracking and man-in-the-middle attacks.

As you can see, the diagram shows how this solution effectively protects your SSH keys from the Terrapin attack. It also shows the benefits of using a contactless USB drive, such as:

  • Enhanced security: The private key is physically externalized and protected with a contactless authentication mechanism.
  • Convenience: Easy unlocking with a smartphone.
  • Ease of use: No additional software required.
  • Industrial-grade security: Equivalent to SL4 according to the standard IEC 62443-3-3.

Safeguarding Your SSH Keys with a Contactless USB Drive: A Comprehensive Guide

If you’re seeking a comprehensive guide to securely store your SSH keys using a contactless USB drive, look no further than this detailed resource: [Link to the article ([https://freemindtronic.com/how-to-create-an-ssh-key-and-use-a-nfc-hsm-usb-drive-to-store-it-securely/])]

This guide meticulously walks you through the process of:

  1. Generating an SSH key pair leveraging PassCypher HSM PGP
  2. Protecting the private SSH key within the EviKey NFC HSM USB drive
  3. Unlocking the private SSH key employing your smartphone
  4. Establishing a secure connection to an SSH server using the EviKey NFC HSM USB drive

Alongside step-by-step instructions, the guide also includes illustrative screenshots. By adhering to these guidelines, you’ll effectively safeguard and conveniently manage your SSH keys using a contactless USB drive.

Statistics on the Terrapin attack: Facts and figures

Statistics on the Terrapin attack: Facts and figures

The Terrapin attack is a serious cybersecurity threat that affects SSH connections. We have collected some statistics from various sources to show you the scale and impact of this attack. Here are some key facts and figures:

  • The Shadowserver Foundation reports that nearly 11 million SSH servers exposed on the internet are vulnerable to the Terrapin attack. This is about 52% of all IPv4 and IPv6 addresses scanned by their monitoring system.
  • The most affected countries are the United States (3.3 million), China (1.3 million), Germany (1 million), Russia (704,000), Singapore (392,000), Japan (383,000), and France (379,000).
  • The Terrapin attack affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, Dropbear, libssh, and more. You can see the complete list of known affected implementations here).
  • You can prevent the Terrapin attack by updating your SSH software to the latest version, using secure encryption modes, and enabling strict key exchange. You can also use the Terrapin vulnerability scanner, available on GitHub, to check your SSH client or server for vulnerability.
  • A team of researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany discovered and disclosed the Terrapin attack. They published a detailed paper and a website with the technical details and the implications of the attack. Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It lets hackers break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to do the following:

  • Update your SSH software to the latest version
  • Use two-factor authentication
  • Store your SSH keys securely
  • Use PassCypher HSM PGP and EviKey NFC HSM

Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It allows hackers to break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to update your SSH software, use two-factor authentication, store your SSH keys securely, and use PassCypher HSM PGP and EviKey NFC HSM. If you found this article useful, please feel free to share it with your contacts or leave us a comment.

Telegram and the Information War in Ukraine

Telegram and the information war in Ukraine
Telegram and the Information War in Ukraine written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

How Telegram Shapes the Information War in Ukraine

In this article, we explore how Telegram and Ukraine’s information warfare are intertwined. We look at how the messaging app is influencing the Russia-Ukraine conflict, and how it can be used for good or evil. We also discuss the benefits and risks of using Telegram, as well as how security and freedom of expression can be enhanced with EviCypher NFC HSM technology.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

How Telegram Influences the Conflict between Russia and Ukraine

Telegram and the information war in Ukraine are closely related. Telegram is a messaging app that offers users a secure and confidential way to communicate, thanks to its end-to-end encryption system. It has a large user base around the world, especially in Eastern Europe, where it plays a vital role in the information war between Russia and Ukraine.

Telegram’s Usage in Ukraine: Updated Statistics

Popularity and Download Trends

According to the report of the research company SimilarWeb, Telegram is the second most downloaded messaging app in Ukraine, after Viber, with 3.8 million downloads in 2021. It is also the fourth most used app in terms of time spent, with an average of 16 minutes per day. Telegram has about 10 million active users in Ukraine, which is almost a quarter of the country’s population.

Telegram’s Role in Ukrainian Media Landscape

Telegram is particularly appreciated by Ukrainians for its channel functionality, which allows to broadcast messages to a large audience. Some of these channels have become influential but controversial sources of information, as their owners and sources are often unknown. Among the most popular channels in Ukraine, we can mention:

  • @Zelenskyi, the official channel of President Volodymyr Zelensky, which has more than 2 million subscribers. It publishes announcements, speeches, interviews and videos of the head of state. It was created in 2019, during Zelensky’s election campaign, who was then an actor and a comedian.
  • @NashyGroshi, the channel of the journalistic project “Our Money”, which has more than 1.5 million subscribers. It publishes investigations, reports and analyses on corruption, abuse of power, political scandals and judicial cases in Ukraine. It was created in 2008, by journalist Denys Bihus, who received several awards for his work.
  • @Resident, the channel of blogger and activist Anatoliy Shariy, which has more than 1.3 million subscribers. It publishes comments, criticisms and sarcasms on the political and social news in Ukraine. He is known for his pro-Russian, anti-European and anti-government positions. He is currently in exile in Spain, where he is wanted by the Ukrainian justice for high treason and incitement to hatred.

These channels illustrate the diversity and complexity of the Ukrainian media landscape, which is marked by the conflict with Russia, the democratic transition, the fight against corruption and the polarization of society. They are also a reflection of the issues and challenges related to the use of Telegram, which can be both a tool of communication, information and manipulation.

Oleksiy Danilov’s Stance on Telegram’s Usage in Ukraine

Concerns Over National Security

Oleksiy Danilov is the secretary of the National Security and Defense Council of Ukraine, the body responsible for coordinating and controlling the activities of the executive bodies in the fields of national security and defense. He is also the head of cybersecurity of the country, and in this capacity, he expressed his reservations about the use of Telegram by Ukrainians. In February 2022, he stated that some anonymous and manipulative Telegram channels represented a threat to national security, and that they should be de-anonymized and regulated. He particularly targeted the channel @Resident, which broadcasts pro-Russian and anti-Ukrainian comments, and which is suspected of being linked to the Russian intelligence services. He also criticized the channel @Zelenskyi, which according to him, is not controlled by the Ukrainian president, but by advisers who seek to influence his policy.

Debating Telegram’s Influence in Ukraine

These statements provoked mixed reactions in Ukraine. Some supported Danilov’s position, believing that it was necessary to fight against misinformation and propaganda that undermine the sovereignty and democracy of the country. Others denounced an attempt at censorship and an attack on freedom of expression, recalling that Telegram was one of the few spaces where Ukrainians could access independent and diverse information.

How Telegram Influences the Information War in Ukraine

The Benefits and Risks of End-to-End Encryption

Telegram is a messaging app that lets you send messages, photos, videos, documents, and make voice and video calls. Its privacy policy is based on data encryption and non-cooperation with authorities. You can also create groups and channels that can reach thousands or millions of users.

End-to-end encryption is a technology that makes sure only the people in a conversation can read the messages, not even the service provider. Telegram has this option, but it is not on by default. You have to choose it for each chat, by switching to the “secret chat” mode. However, Telegram’s encryption is not based on standard protocols, and security experts have found some flaws.

Anonymous Channels and Their Impact on the Ukrainian Conflict

The channels are spaces where an administrator can send messages to a large audience. They can be public or private, and they can have millions of followers. Some channels are influential but controversial sources of information, as their owners and sources are often unknown. The channels can spread misinformation, propaganda, fake news, or violence.

Telegram and Russian propaganda have a strong connection, as many pro-Russian channels use the app to influence the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to communicate and organize their actions against the Russian aggression.

Bots, Payment Services and Unique Usernames: A Double-Edged Sword

Bots are programs that interact with users. They offer services, information, or entertainment. Anyone can create them. They can be part of chats or channels. Bots can be helpful or harmful. They can collect personal data, send spam, or spread viruses.

Payment Services: Handy or Dishonest?

You can also use payment services via Telegram. These features use third-party platforms, such as Stripe or Apple Pay. They need bank or credit card information. Payment services can be handy or dishonest. They can steal sensitive data, scam users, or fund illegal activities.

Unique Usernames: Fun or Troublesome?

Another feature of Telegram is the unique usernames. They let users contact each other easily, without sharing their phone number. Users can create and change them at any time. Unique usernames can be fun or troublesome. They can enable harassment, identity theft, or account sale.

These features of Telegram raise issues of cybersecurity, privacy, end-to-end encryption, and application security. They can be used by bad actors, who want to harm Ukraine or its people. They can also be regulated by the authorities, who want to control the information or access the data of the users.

Telegram and the Information War in Ukraine: A Challenge

One of the main challenges of Telegram and the information war in Ukraine is to balance the freedom of expression and the protection of national security. Telegram and the Ukrainian conflict are closely intertwined. The app is used by both sides to communicate, inform, and influence. Telegram and Russian propaganda have a strong connection. Many pro-Russian channels use the app to sway the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to coordinate and organize their actions against the Russian aggression. Telegram and cybersecurity in Ukraine are also crucial. The app can be a source of threats or a tool of defense.

Telegram VS Other Messaging Apps: A Comparative Analysis

WhatsApp: Popular but Questionable Confidentiality

WhatsApp is the most popular messaging app in the world, with more than 2 billion users. It offers end-to-end encryption by default for all conversations, which guarantees the protection of data. However, it belongs to Facebook, which has a dubious reputation in terms of respect for privacy, and which has raised fears about the sharing of data with other applications of the group. WhatsApp is also subject to the requests of the authorities, who can demand access to the metadata, such as the phone number, the IP address or the location of the users.

Signal: High Security but Limited User Base

Signal is a messaging app that claims to be the most secure and confidential on the market. It also offers end-to-end encryption by default for all conversations, and it does not collect any personal data. It is developed by a non-profit organization, which does not depend on advertising or investors. It is recommended by personalities such as Edward Snowden or Elon Musk. Signal is however less popular than WhatsApp or Telegram, with about 50 million users. It also offers fewer features, such as file sharing, information channels, bots or payment services.

Telegram: Innovative but Security Concerns

Telegram is between these two apps, offering more features than Signal, but less security than WhatsApp. Telegram allows users to choose the level of encryption and privacy they want, by opting for the “secret chat” mode or the “normal chat” mode. Telegram also allows users to enjoy innovative services, such as channels, bots, payments or unique usernames. However, Telegram also presents risks, such as fakes news, inappropriate content, privacy breaches or cyberattacks. Telegram is therefore an app that offers advantages and disadvantages, and that requires vigilance and discernment from users.

Telegram’s Global Perception and Regulation

Russia: Origin and Opposition

Russia is the country of origin of Telegram, but also its main adversary. The Kremlin tried to block the app in 2018, invoking reasons of national security and fight against terrorism. It demanded that Telegram provide it with the encryption keys to access the messages of the users, which Pavel Durov refused. It then ordered the telecom operators to block access to Telegram, but this measure proved ineffective, as Telegram used cloud servers to bypass the blocking. Many Russian users also use VPNs or proxies to access the app. In 2020, the Kremlin finally lifted the ban on Telegram, acknowledging its failure and stating that the app had cooperated with the authorities to remove extremist content. However, some observers suspect that Telegram made concessions to the Kremlin to lift the blocking, such as collaborating with the Russian services or censoring some channels.

France: Striving for Digital Regulation

France is a country that wants to be at the forefront of the regulation of digital platforms, especially in terms of fighting online hate. It adopted in 2020 a law that obliges the platforms to remove illegal content, such as incitement to violence, discrimination or terrorism, within 24 hours, under penalty of financial sanctions. This law also applies to messaging apps, such as Telegram, which must set up reporting and moderation mechanisms for content. France recognizes the right of users to privacy and end-to-end encryption, but it also asks the service providers to cooperate with the law enforcement to access the encrypted data when needed. France is also a country where Telegram is used by radical groups, such as jihadists or yellow vests, who take advantage of the app to organize, mobilize or defend themselves.

Ukraine: Balancing Utility and Risks

Ukraine is a country that has an ambivalent attitude towards Telegram, recognizing its usefulness, but also its dangers. On the one hand, Telegram is a source of information and a tool of resistance for many Ukrainians, who face the threat of Russian aggression and the challenges of democratic transition. On the other hand, Telegram is also a vector of misinformation and propaganda, which can undermine the sovereignty and stability of the country. Ukraine does not have a specific law to regulate Telegram, but it has some legal provisions to protect national security and public order, which can be used to restrict or block the app if necessary. Ukraine also cooperates with international organizations, such as the EU or NATO, to counter the cyber threats and the hybrid warfare that target the country.

EviCypher NFC HSM: Enhancing Telegram’s Security

The Role of Contactless Encryption Technology

One of the main challenges of using Telegram is to ensure the security and confidentiality of the data exchanged, especially in a context of information war. To meet this challenge, a possible solution consists of using EviCypher NFC HSM technology, which is a contactless encryption technology developed by Freemindtronic, an Andorran company specializing in the design of counter-espionage solutions implementing in particular contactless security with NFC technology. EviCypher NFC HSM uses two types of encryption algorithms for data:

  • Symmetric encryption in AES-256 for data such as texts (messages), thanks to its sub-technology EviCrypt. It uses a unique key, which is randomly generated and segmented into several parts. This key is used to encrypt and decrypt messages with the AES 256-bit algorithm.
  • Asymmetric encryption in RSA-4096 for symmetric encryption keys. It uses a pair of keys, which is generated and used from the NFC HSM device and which is based on the RSA 4096-bit algorithm. This pair of keys is used to share the symmetric key of at least 256 bits between the NFC HSM devices remotely, by encrypting the symmetric key with the public key of the recipient and decrypting the symmetric key with the private key of the recipient. The symmetric key is then stored and re-encrypted in the NFC HSM device of the recipient, with the trust criteria imposed by the sender if he has encapsulated them in the shared encryption key.

Practical Applications of EviCypher NFC HSM

EviCypher NFC HSM is a technology that uses hardware security modules (HSM) to store and use encrypted secrets. It allows contactless encryption with the NFC communication protocol. You can integrate the NFC HSM into various media, such as a card, a sticker, or a key ring. Then, you can pair it with an NFC phone, tablet, or computer. This way, you can encrypt everything before using any messaging service, including Telegram. EviCypher NFC HSM also has anti-cloning, anti-replay, and counterfeit detection mechanisms. It is part of the DataShielder product range, which offers serverless and databaseless encryption solutions.

Telegram and the Ukrainian conflict

EviCypher NFC HSM is compatible with Telegram, a messaging app that influences the information war between Russia and Ukraine. It offers more security and confidentiality than Telegram’s end-to-end encryption, which is not based on recognized standards. It also gives you more flexibility and control than Telegram’s secret chat mode, as you can choose the trust criteria for the encryption keys. Moreover, it is more convenient and simple than Telegram’s normal chat mode, as you can encrypt and decrypt messages with a simple gesture.

Telegram and cybersecurity in Ukraine

EviCypher NFC HSM is a useful technology with Telegram, as it enhances the security and confidentiality of the data exchanged, especially in a context of information war. It is also a universal technology, as you can use it with any other messaging app, such as WhatsApp, Signal, Messenger, etc. It is also an innovative technology, as it uses the NFC communication protocol to perform contactless encryption, without requiring any connection or installation.

Concluding Insights on Telegram’s Role in Ukraine

In this article, we have seen how Telegram plays a vital role in the information war between Russia and Ukraine, and what issues and challenges there are in using this messaging app. We have also seen how the technology EviCypher NFC HSM can be a useful solution to enhance the security and confidentiality of the data exchanged with Telegram. We hope that this article has been informative and interesting for you, and that it has helped you to better understand the situation of Telegram in Ukraine and in other countries. Thank you for reading.

Overview of Cited Sources

Here are the sources of the article, which are valid, reliable, relevant and if possible official links that allow to justify and verify the statements made in this article:

  • [Liga.net]: the news site that published the interview of Oleksiy Danilov on November 2, 2023, in which he expresses his concerns about Telegram.
  • [NV.ua]: the news site that reported the statement of Oleksiy Danilov, who alerted the nation to the critical vulnerabilities of Telegram, on November 2, 2023.
  • [RT – Pravda]: the Ukrainian news site that related the remarks of Oleksiy Danilov, who answered the questions of journalists during a press conference on November 3, 2023.
  • [Number of Telegram Users in 2023? 55 Telegram Stats (backlinko.com)]: an article that gives figures on the use of Telegram in the world and in Ukraine.
  • [NV.ua -NSDC]: the official website of the National Security and Defense Council of Ukraine, which published the press release of Oleksiy Danilov, who clarified his recent comments on Telegram, on November 15, 2023
  • [Ukrainians turn to encrypted messengers, offline maps and Twitter amid Russian invasion]: an article that describes how Ukrainians use Telegram and other digital tools to protect themselves and get informed in the face of the Russian aggression.
  • [Pravda – France 24]: the French news site that contains a video of the interview of Oleksiy Danilov with the journalist Gulliver Cragg, dated January 23, 2023.
  • [NFC HSM Technology – Freemindtronic]: an article that explains the NFC HSM technologies and how they work.
  • [EviCypher NFC HSM technology – Freemindtronic]: a page that contains articles and videos on the NFC HSM technologies.
  • [FAQ for the Technically Inclined – Telegram APIs]: a page that provides technical information about the Telegram APIs and the MTProto protocol.

Kismet iPhone: How to protect your device from the most sophisticated spying attack?

Kismet iPhone and Pegasus written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

Kismet iPhone and Pegasus: a deadly combo

Hackers can use Kismet iPhone to install Pegasus spyware on your iPhone. This spyware can access your data, activity, and conversations.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

Kismet iPhone: How to protect your device from the most sophisticated spying attack using Pegasus spyware

Do you own an iPhone? Do you think it is safe and private? You might be wrong. Hackers have created a clever attack called Kismet iPhone that can infect your device with Pegasus, the world’s most powerful spyware, without you noticing. This spyware can steal your personal data, track your activity, and listen to your conversations. In this article, we will tell you how Kismet iPhone works, who is behind it, and how you can protect yourself from it.

What is Kismet iPhone?

Kismet iPhone is the name of the attack that hackers use to install Pegasus, the spyware, on iPhones. Kismet iPhone uses a technique called “watering hole”. It consists of infecting websites visited by the targeted users. These websites contain malicious code that detects if the user has an iPhone and which model. If so, the malicious code redirects the browser to a server that exploits zero-day flaws in iOS and Safari. These flaws allow to install Pegasus without the user noticing. Pegasus then runs in the background and communicates with a command and control server.

What is Pegasus?

Pegasus is the name of the spyware that Kismet iPhone installs on iPhones. Pegasus is one of the most powerful spyware in the world, developed by NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. Pegasus can access almost everything on the infected iPhone, such as messages, photos, contacts, location, calls, passwords and even conversations near the microphone. Pegasus can also activate the camera and the microphone remotely, and record the screen. Pegasus can bypass encryption and security features of apps like WhatsApp, Signal, Telegram, and others.

Who is behind Kismet iPhone and Pegasus?

Kismet iPhone and Pegasus are the work of NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. NSO Group claims that its products are only used for legitimate purposes, such as fighting terrorism and crime. However, investigations have revealed that NSO Group has also targeted journalists, activists, lawyers, politicians and dissidents, violating their privacy and rights. NSO Group has been accused of being involved in the murder of Jamal Khashoggi, a Saudi journalist, and the hacking of Jeff Bezos, the founder of Amazon.

Examples of victims of Kismet iPhone and Pegasus

According to a report by Citizen Lab, a research group at the University of Toronto, Kismet iPhone and Pegasus have been used to spy on at least nine Bahraini activists between June 2020 and February 2021. The activists were members of the Bahrain Center for Human Rights, the Bahrain Institute for Rights and Democracy, and the European Center for Constitutional and Human Rights. They received text messages containing malicious links that attempted to infect their iPhones with Pegasus.

Another report by Amnesty International and Forbidden Stories, a non-profit media organization, revealed that Kismet iPhone and Pegasus have been used to target more than 50,000 phone numbers of people from various countries and professions. Among them were journalists, human rights defenders, lawyers, politicians, business executives, religious leaders, and celebrities. Some of the prominent names on the list were French President Emmanuel Macron, Pakistani Prime Minister Imran Khan, Indian opposition leader Rahul Gandhi, Moroccan journalist Omar Radi, and Mexican journalist Cecilio Pineda Birto.

A third report by The Guardian, a British newspaper, exposed that Kismet iPhone and Pegasus have been used to spy on the civil rights movement in the United States. The report found that at least 15 people who were close to the Black Lives Matter activist DeRay Mckesson had their phones hacked with Pegasus in 2016. The report also found that Alaa Mahajna, a lawyer who represented the family of George Floyd, had his phone hacked with Pegasus in 2020.

These examples show that Kismet iPhone and Pegasus are not only used to spy on criminals and terrorists, but also on innocent people who exercise their rights to freedom of expression, association, and assembly.

How to protect yourself from Kismet iPhone and Pegasus?

To protect yourself from Kismet iPhone and Pegasus, you need to update your iPhone with the latest version of iOS. Apple fixed the zero-day flaws exploited by Kismet iPhone in September 2020, making the attack ineffective. You also need to avoid clicking on suspicious links or visiting unsecured websites, which could be infected by malicious code. You need to use a VPN (virtual private network) to encrypt your internet connection and prevent potential spies from seeing your online activity. You can check if your iPhone has been infected by Pegasus by using a tool developed by Amnesty International, called MVT (Mobile Verification Toolkit).

Sources and downloads

If you want to learn more about the zero-day flaws used by Kismet iPhone and Pegasus, and how Apple fixed them, you can check the following sources:

If you want to check if your iPhone has been infected by Pegasus, you can download the following application:

  • MVT (Mobile Verification Toolkit)MVT (Mobile Verification Toolkit): this open source software allows you to analyze your iPhone and detect traces of Pegasus. It is available for Windows, Mac and Linux, and requires some technical knowledge to use it. You can follow the user guide on the official project site.

Conclusion

Kismet iPhone and Pegasus are two of the most sophisticated and dangerous cyberattacks that target iPhone users. They can compromise your device and your data, without you being aware of it. To protect yourself from these attacks, you need to keep your iPhone updated, be careful with what you click and visit online, and use a VPN. You can also use a tool to detect if your iPhone has been infected by Pegasus. If you want to know more about Pegasus, the most powerful spyware in the world, you can read our dedicated article here: Pegasus: the cost of spying with one of the most powerful spyware in the world

However, you should know that the zero-day risk is always present, and that the economic stakes are huge for the companies that exploit these flaws to spy on their competitors or their adversaries. That is why Freemindtronic has specialized in counter-espionage tecnologiescounter-espionage tecnologies, which allow you to protect your data and your privacy against malicious intrusions. If you are interested in these solutions, you can visit our Freemindtronic website and discover the different technologies of counter espionage.

5Ghoul: 5G NR Attacks on Mobile Devices

5Ghoul: 5G NR Attacks on Mobile Devices
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board

Andorran law

Llei 26/2014 del 30 d’octubre de patents

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

The American Intelligence: How It Works

The American Intelligence How It Works : Section 702
Learn more about the American Intelligence written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

The American intelligence: a paradox

The American intelligence is powerful and influential, but also faces limits and challenges. Discover how it works, what are its consequences, and how to protect yourself from it.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board

Andorran law

Llei 26/2014 del 30 d’octubre de patents

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

The American Intelligence: How It Works, Its Limits and Consequences

The American intelligence is one of the most powerful and influential in the world. It has a vast network of agencies, resources, and allies that enable it to collect, analyze, and act on information of strategic interest. However, the American intelligence also faces challenges and criticisms, both internally and externally. In this article, we will explore how the American intelligence works, what are its limits, and what are the consequences of its actions for the global security and privacy.

How the American Intelligence Works

The American intelligence is composed of 18 agencies that form the Intelligence Community (IC). These agencies are divided into two categories: the civilian agencies, which are under the supervision of the Director of National Intelligence (DNI), and the military agencies, which are under the supervision of the Secretary of Defense.

The main civilian agencies are:

  • The Central Intelligence Agency (CIA), which is responsible for collecting, analyzing, and disseminating foreign intelligence, as well as conducting covert operations and paramilitary activities.
  • The National Security Agency (NSA), which is responsible for collecting, processing, and disseminating signals intelligence (SIGINT), as well as conducting cyber operations and protecting the US government’s communications and information systems.
  • The Federal Bureau of Investigation (FBI), which is responsible for collecting, analyzing, and disseminating domestic intelligence, as well as conducting counterintelligence, counterterrorism, and law enforcement activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for collecting, analyzing, and disseminating geospatial intelligence (GEOINT), which includes imagery, maps, and other geographic information.
  • The National Reconnaissance Office (NRO), which is responsible for designing, launching, and operating reconnaissance satellites and other space-based systems that provide intelligence to the IC and the Department of Defense (DoD).
  • The Office of the Director of National Intelligence (ODNI), which is responsible for overseeing, coordinating, and integrating the activities of the IC, as well as providing strategic guidance and support to the DNI.

The main military agencies are:

  • The Defense Intelligence Agency (DIA), which is responsible for providing military intelligence to the DoD and the IC, as well as conducting human intelligence (HUMINT), counterintelligence, and defense attaché activities.
  • The National Security Agency/Central Security Service (NSA/CSS), which is responsible for providing SIGINT and cyber support to the DoD and the IC, as well as conducting information assurance and cryptologic activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for providing GEOINT support to the DoD and the IC, as well as conducting geospatial analysis and mapping activities.
  • The National Reconnaissance Office (NRO), which is responsible for providing space-based intelligence support to the DoD and the IC, as well as conducting satellite reconnaissance and surveillance activities.
  • The Military Intelligence Corps (MI), which is responsible for providing tactical and operational intelligence to the Army and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Office of Naval Intelligence (ONI), which is responsible for providing maritime intelligence to the Navy and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Marine Corps Intelligence Activity (MCIA), which is responsible for providing intelligence to the Marine Corps and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Air Force Intelligence, Surveillance, and Reconnaissance Agency (AFISRA), which is responsible for providing intelligence to the Air Force and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.

The American intelligence works by collecting information from various sources, such as human sources, signals, images, open sources, and others. It then analyzes this information to produce intelligence products, such as reports, assessments, briefings, and forecasts. These products are then disseminated to the relevant consumers, such as the President, the Congress, the military, the policy makers, and the allies. The American intelligence also acts on the information it collects, by conducting operations, such as covert actions, cyber attacks, drone strikes, and special operations.

The Limits of the American Intelligence

The American intelligence, despite its capabilities and resources, is not omnipotent or infallible. It faces several limits and challenges, such as:

  • Legal and ethical limits: The American intelligence is bound by the laws and regulations of the US and the international community, as well as by the values and principles of the American democracy. It must respect the rights and liberties of the American citizens and the foreign nationals, as well as the sovereignty and interests of the other countries. It must also abide by the oversight and accountability mechanisms of the executive, the legislative, and the judicial branches, as well as the public opinion and the media. The American intelligence must balance its need for secrecy and effectiveness with its duty for transparency and legitimacy.
  • Technical and operational limits: The American intelligence is limited by the availability and reliability of the information it collects, as well as by the accuracy and timeliness of the analysis it produces. It must deal with the challenges of information overload, data quality, data security, data privacy, and data sharing. It must also cope with the threats and risks of cyber attacks, counterintelligence, deception, and denial. The American intelligence must balance its need for innovation and adaptation with its need for standardization and coordination.
  • Strategic and political limits: The American intelligence is limited by the complexity and uncertainty of the global environment, as well as by the diversity and dynamism of the actors and issues it faces. It must deal with the challenges of globalization, multipolarity, regionalization, and fragmentation. It must also cope with the threats and opportunities of terrorism, proliferation, rogue states, failed states, and emerging powers. The American intelligence must balance its need for anticipation and prevention with its need for reaction and intervention.

The Consequences of the American Intelligence

The American intelligence has significant consequences for the global security and privacy, both positive and negative, such as:

  • Positive consequences: The American intelligence contributes to the protection and promotion of the national security and interests of the US and its allies, as well as to the maintenance and enhancement of the international peace and stability. It provides valuable information and insights to the decision makers and the operators, as well as to the public and the media. It also conducts effective operations and actions to deter, disrupt, or defeat the adversaries and the threats. The American intelligence plays a key role in the global intelligence cooperation and coordination, as well as in the global governance and leadership.
  • Negative consequences: The American intelligence also poses risks and challenges to the security and privacy of the US and its allies, as well as to the international order and norms. It may collect, analyze, or disseminate information that is inaccurate, incomplete, or biased, leading to errors, failures, or controversies. It may also conduct operations or actions that are illegal, unethical, or counterproductive, leading to violations, scandals, or backlashes. The American intelligence may face competition or conflict with the other intelligence services or actors, as well as with the other stakeholders or interests.

Section 702 of FISA: A Surveillance Without Control

  • On July 17, 2008, the US Congress passed section 702 of the FISA (Foreign Intelligence Surveillance Act), which authorizes the US intelligence agencies to collect the electronic communications of non-Americans located abroad, without a warrant from the FISA judge.
  • On January 19, 2018, the US Congress extended section 702 of FISA until December 31, 2023, without making any substantial changes.
  • On March 22, 2023, the US Congress extended section 702 of FISA again until April 19, 2024, without making any significant changes.
  • On December 16, 2023, the US Congress approved the National Defense Authorization Act (NDAA), which included a four-month extension of section 702 of FISA, avoiding its expiration at the end of the year.

The Violation of the Right to Privacy

  • On June 5, 2013, the whistleblower Edward Snowden revealed the existence of the PRISM program, which allowed the US intelligence agencies to access the data of the users of the main electronic service providers, such as Google, Facebook, Microsoft or Apple.
  • On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor, an agreement that allowed the transfer of personal data between the European Union and the United States, considering that it did not offer an adequate level of protection.
  • On July 16, 2020, the CJEU invalidated the Privacy Shield, the successor of the Safe Harbor, for the same reasons, considering that the risk of interference by the US intelligence services in the transferred data was incompatible with the respect of the fundamental rights of the persons concerned.
  • On July 31, 2023, the CJEU issued a ruling that confirmed the invalidity of the Privacy Shield and imposed strict conditions for the transfer of personal data to third countries, especially the United States, under the standard contractual clauses (SCCs) or the binding corporate rules (BCRs).

The Legal and Political Consequences

  • On October 24, 2013, the European Parliament adopted a resolution that condemned the massive surveillance activities of the US intelligence services and called for the suspension of the cooperation agreements on security and counter-terrorism.
  • On October 23, 2015, the European Parliament adopted another resolution that requested the creation of an independent international tribunal to examine the complaints of the European citizens regarding the surveillance of the US intelligence services.
  • On September 14, 2018, the European Parliament adopted a third resolution that called for the suspension of the Privacy Shield, due to the non-compliance of the commitments made by the United States on the protection of personal data.
  • On August 31, 2023, the European Parliament adopted a fourth resolution that asked the European Commission to propose a new legislation on the protection of personal data in the context of cross-border data flows, which would guarantee a level of protection equivalent to that of the general data protection regulation (GDPR).

Sources:

Congress passes temporary extension of FISA Section 702 surveillance program – Axios:

The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield:

FISA Section 702: What it is and why Congress is debating it – NBC News

New technologies and products that limit the possibilities of intelligence

Facing the capabilities of collection and analysis of the American intelligence, which threaten the privacy and sovereignty of individuals and countries, there are new technologies and products that allow to limit the possibilities of intelligence. These technologies and products use techniques of encryption, cryptography, blockchain or NFC to protect personal data and electronic communications. They offer an alternative to traditional solutions, which are often vulnerable to attacks or interceptions by the American intelligence. Among these technologies and products, we can mention:

  • EviCypher NFC HSM and EviCypher HSM OpenPGP, which are patented technologies in the United States in the field of cybersecurity developed by Freemindtronic SL Andorra, used in counter-espionage products such as DataShielder Defense. They allow to encrypt and decrypt data without contact, thanks to hardware security modules that use NFC technology. They offer compatibility with OpenPGP standards, operating without server, without database, with a very high level of flexibility from different removable, fixed and online and offline storage media including NFC HSM.
  • DataShielder DefenseDataShielder Defense, which is a counter-espionage product developed by Freemindtronic SL Andorra, which uses EviCore NFC HSM and EviCore HSM OpenPGP technologies to encrypt and decrypt all types of data and communication services. This product protects sovereign communications, by preventing the American intelligence from accessing personal, professional or state secrets. It also guarantees the sovereignty of users, by making their data anonymous and inviolable.
  • Signal, which is an instant messaging application that uses the Signal protocol, which is an end-to-end encryption protocol that ensures the confidentiality and integrity of messages. This application allows to communicate anonymously and securely, by avoiding the surveillance or censorship of the American intelligence.
  • Tor, which is a decentralized network that uses volunteer relays to route Internet traffic anonymously and encrypted. This network allows to browse the web without leaving traces, by hiding the IP address and location of users. It also allows to access hidden websites, which are not indexed by search engines.

These technologies and products represent examples of innovative solutions that limit the possibilities of the American intelligence and preserve the individual and collective sovereignty. They also illustrate the issues and challenges related to the use of digital technologies in the field of intelligence.

Conclusion

The American intelligence is a complex and dynamic phenomenon that has a significant impact on the world. It has many strengths and weaknesses, as well as many opportunities and threats. It has many achievements and failures, as well as many benefits and costs. It is a source of both security and insecurity, both privacy and surveillance. It is a subject of both admiration and criticism, both cooperation and confrontation. The American intelligence is a paradox that requires a careful and balanced approach.