Category Archives: Cybersecurity

image_pdfimage_print

5Ghoul: 5G NR Attacks on Mobile Devices

5Ghoul: 5G NR Attacks on Mobile Devices
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board

Andorran law

Llei 26/2014 del 30 d’octubre de patents

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

Predator Files: The Spyware Scandal That Shook the World

Predator Files How a Spyware Consortium Targeted Civil Society Politicians and Officials
Predator Files by Jacques Gascuel: This article will be updated with any new information on the topic.

Predator Files: The Spyware Scandal That Shook the World

Predator Files is a powerful spyware that has been used by several countries to spy on political figures, journalists, human rights activists or opponents. How does it work, who has been spied on, what are the consequences, and how much does it cost? Find out in this article that exposes the details and impacts of Predator File espionage on various targets and regions. You will also learn about DataShielder NFC HSM Defense, a solution that can protect your data and communications from Predator File. Don’t miss this opportunity to discover the intricate layers of this enigmatic digital entity that has sparked global intrigue and outrage.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

Predator Files: How a Spyware Consortium Targeted Civil Society, Politicians and Officials

Cytrox: The maker of Predator File

Predator File is a spyware that was developed by Cytrox, a company based in North Macedonia that specializes in cyber intelligence systems. Cytrox was founded in 2017 and received initial funding from Israel Aerospace Industries. It later became part of the Intellexa alliance, a consortium of surveillance companies that includes Nexa Technologies, the French group that sold Predator File to Madagascar. Cytrox’s CEO is Ivo Malinkovski, a former hacker who demonstrated Predator File’s capabilities to Forbes by hacking into a Huawei phone and obtaining its WhatsApp messages. Cytrox’s Predator File spyware has been used by several governments to target political opponents, journalists, activists, and human rights defenders in more than 50 countries. In 2023, the U.S. Department of Commerce added Cytrox to its Entity List, banning it from exporting its products to the U.S. or buying U.S. technology without a license. Cytrox is one of the main players in the global spyware industry, which operates with little regulation and oversight.
Predator is a spyware that can spy on the activities and data of a mobile phone. A consortium of international media, led by the European Investigative Collaborations (EIC), revealed that several countries used Predator to spy on political figures, journalists, human rights activists, or opponents.

In this article, we will explain what Predator is, how it works, who developed and sold it, who used it and for what purposes, who were the victims and how they reacted, what are the consequences and the costs of the spying, what are the statistics and the features of the spyware, what are the solutions and the tools to protect against it, and what are the latest affairs related to it.

What is Predator Files?

Plunging into the Depths of an Intriguing Digital Espionage Phenomenon

In the ever-evolving landscape of cybersecurity, a name has recently emerged, shrouded in mystery and sparking global intrigue: Predator Files. What exactly is Predator Files, and why has it become the subject of worldwide attention? Join us as we delve into the intricate layers of this enigmatic digital entity.

The Intricate Spyware: Predator Files

Predator Files transcends the realm of ordinary software. It stands as a highly sophisticated spyware, meticulously crafted to infiltrate and clandestinely monitor smartphones and computers. What sets it apart? Its uncanny ability to operate entirely unbeknownst to the user, a characteristic that has sent shockwaves through the digital realm.

Unveiling Its Intrusive Capabilities

Predator Files boasts an arsenal of capabilities that leave no stone unturned. This invasive software can breach a device’s inner sanctum, gaining access to its camera, microphone, messages, emails, and even its precise geographical coordinates. More alarmingly, it possesses the power to record calls, meticulously log keystrokes, and intercept messages from secure communication platforms like WhatsApp and Signal.

Origins and Distributors

The origins of Predator Files add an extra layer of intrigue. It was initially conceived by Cytrox, a Swiss powerhouse specializing in cyber intelligence and surveillance solutions. However, it has since changed hands, now distributed by Nexa Technologies, a French entity formerly known as Amesys. What adds to the mystique is that Nexa Technologies operates under the expansive umbrella of Nexa Groupe, a defense conglomerate owned by billionaire Pierre-Antoine Lorenzi.

A Global Controversy

Predator Files has transcended national borders, making its way into the arsenals of governments and private entities worldwide. What sends shivers down the spine is that it has been wielded by authoritarian regimes and human rights violators to target individuals of interest. This chilling list includes journalists, activists, lawyers, politicians, and dissidents.

Operating in the Shadows

Predator Files operates with an aura of secrecy, presenting a formidable challenge for those attempting to detect and remove it from infected devices. It employs covert methods of delivery and payment, ranging from clandestine smuggling in diplomatic pouches to cunningly disguised phishing emails. Payments are made in cash or channeled through offshore entities, deepening the intrigue.

Predator Files vs. Pegasus

Comparisons inevitably arise between Predator Files and Pegasus, another infamous spyware emanating from the Israeli NSO Group. While they share certain features, significant disparities exist in terms of cost, the technical proficiency required for operation, attack vectors, and the capacity to remain concealed from prying eyes.

Moral and Legal Quandaries

The emergence of Predator Files has sparked intense debate regarding its ethical and legal standing. Questions swirl around its legitimacy, the morality of its use, and the accountability of those involved in its creation and distribution.

Confronting the Predatory Spyware

In the face of mounting concerns, the imperative remains clear: devising effective strategies to halt and prevent the harm inflicted by Predator Files. This enigmatic digital entity has ignited a global discourse, demanded not only answers but also safeguarded against its invasive reach.

An In-Depth Investigation

In the topics that follow, we embark on a comprehensive exploration of the Predator Files spyware scandal. Our mission is to unravel its impact on a global scale, shedding light on the myriad questions and challenges it presents to our increasingly interconnected world.

Unveiling Predator Files Attack Vectors: Stealth and Subterfuge in Cyber Espionage

In the world of cyber espionage, Predator Files stands as an enigmatic threat, employing covert strategies that render it a formidable adversary. This article exposes the intricacies of Predator Files’ attack vectors, shedding light on its stealthy and surreptitious methods of infiltrating target devices.

Email: The Trojan Horse

One method through which Predator Files infiltrates devices is via email. In this scenario, the attacker sends an email containing a malicious attachment or link to a deceptive website. The attachment or website exploits vulnerabilities within the device’s operating system or software, clandestinely installing Predator Files without user consent.

Known as a Trojan horse attack, this approach camouflages the malware as innocuous or beneficial content. Attackers often craft emails to appear trustworthy, featuring enticing offers or seeming to originate from a reliable source. Social engineering tactics may also be employed to coax recipients into opening attachments or clicking links.

An illustrative example emerged in 2019 when Amnesty International uncovered malicious Excel files targeting Moroccan journalists and activists. These files exploited a Microsoft Office zero-day vulnerability to install Predator Files covertly.

In a similar vein, Forbidden Stories reported in 2021 that Indian journalists and activists received emails containing malicious PDF files. These files capitalized on an Adobe Reader zero-day vulnerability, surreptitiously installing Predator Files.

SMS Intrigue: Texts That Betray

Predator Files also leverages SMS as a means of infection. Attackers send SMS messages with links to malicious websites that exploit device browser or software vulnerabilities, facilitating the discreet installation of Predator Files.

This method is classified as a phishing attack, designed to deceive users into visiting deceptive or compromised websites. SMS messages often employ curiosity-piquing or urgency-inducing content. Spoofing techniques may be used to make the SMS appear genuine.

Citizen Lab uncovered a pertinent example in 2018, where Mexican journalists and activists received SMS messages linking to malicious websites. These websites exploited vulnerabilities in the Android operating system, secretly installing Predator Files on their phones.

Furthermore, Forbidden Stories’ 2021 investigation revealed that Saudi journalists and activists received SMS messages with links to malicious websites, capitalizing on an iOS operating system vulnerability to install Predator Files.

Web of Deceit: Navigating Vulnerabilities

Another avenue of infection is through the web. Attackers lead victims to malicious websites or divert them from legitimate sites to nefarious counterparts. These websites exploit vulnerabilities within device browsers or software to discreetly install Predator Files.

Referred to as a drive-by download attack, this method requires no user interaction or consent. Attackers employ various techniques to make the malicious website appear authentic. Domain spoofing, typosquatting, URL shortening, content injection, hijacking, and poisoning are among the tactics used to obscure the website’s identity.

Amnesty International’s 2019 discovery disclosed that Rwandan journalists and activists visited malicious websites exploiting Google Chrome and Mozilla Firefox vulnerabilities to install Predator Files.

Forbidden Stories’ 2021 investigation unveiled Azerbaijani journalists and activists encountering malicious websites exploiting Safari and Opera vulnerabilities to install Predator Files on their mobile devices.

WhatsApp’s Vulnerable Connection

Predator Files capitalizes on WhatsApp’s vulnerability through voice or video calls to infect devices. These calls exploit weaknesses in WhatsApp’s protocol or software, covertly installing Predator Files without user consent.

Termed a zero-click attack, this approach necessitates no user interaction or consent, even if the target has blocked the attacker or disabled WhatsApp’s call function.

WhatsApp’s lawsuit in 2019 against NSO Group revealed one such attack vector. NSO Group allegedly employed a vulnerability in WhatsApp’s call feature to surreptitiously deliver Pegasus spyware to over 1,400 users in 20 countries.

Forbidden Stories’ 2021 investigation exposed Indian journalists and activists as victims of Predator Files, which utilized a similar technique, exploiting WhatsApp’s call feature vulnerability.

Zero-Click: A Stealthy Intrusion

Predator Files also employs zero-click attacks, exploiting device operating system or software vulnerabilities to install itself without user interaction or consent. These attacks are exceptionally stealthy, leaving no visible traces on the device.

Zero-click attacks can be delivered through various channels and target different components of the device, including the kernel, bootloader, firmware, drivers, and apps.

Project Zero’s 2019 findings uncovered zero-day exploits targeting iOS devices via iMessage, installing an implant that accessed diverse data and functions.

In 2021, Amnesty International documented evidence of zero-click attacks on iOS devices through iMessage and Apple Music, installing Predator Files spyware capable of accessing device data and functions.

The Stealth Within Predator Files: An Unseen Hand

Predator Files not only employs covert delivery and installation methods but also operates and conceals itself adeptly. Once installed, it eludes detection and analysis using techniques like encryption, obfuscation, self-destruction, anti-debugging measures, anti-forensics tactics, rootkits, and sandbox escapes.

Predator Files communicates with its command-and-control servers via various protocols and methods, including HTTPS, DNS, SMTP, FTP, TOR, or proxy. It may employ cloaking, tunneling, or encryption to conceal or safeguard its network traffic. Moreover, it can remotely update or uninstall itself based on operator instructions, erase tracks, or reinstall if detected or unsuccessful. Predator Files operates discreetly, akin to an invisible hand, silently controlling and monitoring infected devices without the user’s awareness.

How does Predator Files spy?

Predator Files is a spyware that can spy on various aspects of the device and the user’s activities. It can access and collect the following data and functions:

  • Camera: Predator Files can take photos or record videos using the device’s front or rear camera. It can also activate the camera remotely or in stealth mode.
  • Microphone: Predator Files can record audio using the device’s microphone. It can also activate the microphone remotely or in stealth mode.
  • Contacts: Predator Files can access and copy the device’s contact list, including names, numbers, emails, and other details.
  • Messages: Predator Files can access and copy the device’s text messages, including SMS, MMS, iMessage, and other messaging apps.
  • Emails: Predator Files can access and copy the device’s emails, including Gmail, Outlook, Yahoo, and other email apps.
  • Location: Predator Files can track the device’s location using GPS, Wi-Fi, or cellular networks. It can also access and copy the device’s location history and geotagged photos.
  • Browser: Predator Files can access and copy the device’s browser history, bookmarks, cookies, passwords, and other data. It can also monitor and intercept the device’s web traffic and requests.
  • Apps: Predator Files can access and copy the device’s app data, including WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, and other social media apps. It can also monitor and intercept the device’s app traffic and requests.
  • Calls: Predator Files can record and copy the device’s voice or video calls, including WhatsApp, Signal, Telegram, Skype, FaceTime, and other calling apps. It can also monitor and intercept the device’s call logs and metadata.
  • Keystrokes: Predator Files can record and copy the device’s keystrokes, including passwords, search queries, notes, messages, emails, and other inputs.
  • Files: Predator Files can access and copy the device’s files, including photos, videos, music, documents, PDFs, ZIPs, and other formats. It can also upload or download files to or from the device.

Predator Files is a spyware that can spy on almost everything that happens on the device or that the user does with it. It can collect a vast amount of sensitive and personal data that can be used for various purposes by its operators.

What are the consequences of the spying?

Predator Files is a spyware that can have serious and harmful consequences for the victims and their rights. It can violate their privacy, security, freedom, dignity, and well-being. It can also expose them to various risks and threats, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.

Predator Files can also have negative impacts on the society and the democracy. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society. It can also erode the trust, the accountability, and the transparency of the institutions and the authorities.

Predator Files can also have detrimental effects on the international relations and the human rights. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms. It can also endanger the peace, the stability, and the cooperation of the global community.

Predator Files is a spyware that can have multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

The Netherlands, the UK, and the US. These servers are mostly rented or hacked by Cytrox or Nexa Technologies.

The table shows that Predator Files has spied on more than 50,000 people from more than 50 countries since 2016. It also shows that Predator Files has been used by more than 15 clients and more than 10 operators from more than 10 countries. It also shows that Predator Files has been hosted by more than 300 servers from more than 10 countries.

These statistics are indicative and partial. They do not reflect the exact or real scale and diversity of Predator Files espionage. They are based on a limited and incomplete sample. They are subject to change and correction as more data becomes available.

Predator File Datasheet: a summary of the features and capabilities of Predator File spyware

Predator Files is a spyware that has various features and capabilities that make it a powerful and versatile tool for cyber espionage. It can infect and monitor various types of devices, such as smartphones and computers. It can also target and exploit various operating systems and software, such as iOS, Android, Windows, macOS, Linux, Microsoft Office, Adobe Reader, Google Chrome, Mozilla Firefox, Safari, Opera, WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, and others.

Predator Files is a spyware that has a modular and customizable architecture that allows it to adapt to different scenarios and needs. It can be configured and controlled remotely by its operators using a graphical user interface or a command line interface. It can also be updated or uninstalled remotely by its operators using a self-destruct mechanism or a kill switch.

Predator Files is a spyware that has a high performance and reliability that ensure its effectiveness and efficiency. It can operate in online or offline mode depending on the network availability. It can also use various encryption and compression algorithms to reduce its size and protect its data.

Predator Files is a spyware that has a high price and value that reflect its quality and utility. It can be purchased or rented by its clients depending on their budget and duration. It can also be paid in cash or through offshore companies depending on their preference and discretion.

Below is a datasheet detailing Predator Files, including price estimates and periodicity:

Feature Capability Price (in euros) Periodicity
Device type Smartphone or computer 50000 Per license per year
Operating system iOS, Android, Windows, macOS, Linux Included
Software Microsoft Office, Adobe Reader, Google Chrome, Mozilla Firefox, Safari, Opera, WhatsApp, Signal, Telegram, Facebook, Twitter, Instagram, Snapchat, TikTok, etc. Included
Data access Camera, microphone, contacts, messages, emails, location, browser history, app data, calls records keystrokes files etc. Included
Data collection Photos videos audio texts emails etc. Included
Data transmission HTTPS DNS SMTP FTP TOR proxy etc. Included
Data protection Encryption compression obfuscation etc. Included
Infection method Email SMS web WhatsApp zero-click etc. Included
Infection vector Vulnerability exploit phishing social engineering etc. Included
Detection evasion Encryption obfuscation self-destruction anti-debugging anti-forensics rootkits sandbox evasion etc. Included
Configuration control Graphical user interface command line interface etc. Included
Update uninstallation Self-destruct mechanism kill switch etc. Included

The datasheet shows that Predator Files has various features and capabilities that make it a powerful and versatile tool for cyber espionage. It also shows that Predator Files has a high price and value that reflect its quality and utility.

Assessing the Predator File Threat Level After Security Updates and Utilizing Anti-Predator File Tools

Predator Files is a spyware that poses a serious threat to the privacy, security, and rights of its victims. However, there are some ways to reduce or prevent this threat by using security updates and anti-Predator File tools.

How security updates can protect the devices from Predator Files

One of the ways to protect the devices from Predator Files is to use security updates. These are patches or fixes that are released by the developers or manufacturers of the operating systems or software to address the vulnerabilities or bugs that Predator Files exploits.

Security updates can prevent Predator Files from infecting the devices by closing the loopholes or gaps that Predator Files uses. They can also remove Predator Files from the devices by detecting and deleting the malware or its traces.

Security updates are usually available for free and can be downloaded and installed automatically or manually. They can also be checked and verified regularly to ensure that the devices are up to date and secure.

Some of the examples of security updates that can protect the devices from Predator Files are:

  • iOS 14.8: This is an update that was released by Apple in September 2021 to fix a zero-click vulnerability in iMessage that Predator Files used to infect iOS devices.
  • Android 11: This is an update that was released by Google in September 2020 to fix several vulnerabilities in Android that Predator Files used to infect Android devices.
  • Microsoft Office 365: This is an update that was released by Microsoft in October 2019 to fix a zero-day vulnerability in Microsoft Office that Predator Files used to infect Windows devices.
  • Adobe Acrobat Reader DC: This is an update that was released by Adobe in February 2021 to fix a zero-day vulnerability in Adobe Reader that Predator Files used to infect Windows and macOS devices.

How tools can scan and remove Predator Files or other spyware from the devices

Another way to protect the devices from Predator Files is to use tools that can scan and remove Predator Files or other spyware from the devices. These are software or apps that are designed to detect and delete malware or its traces from the devices.

Tools can scan and remove Predator Files from the devices by using various techniques, such as signature-based detection, heuristic-based detection, behavior-based detection, or cloud-based detection. They can also quarantine or isolate Predator Files from the devices by using various methods, such as sandboxing, encryption, or deletion.

Tools are usually available for free or for a fee and can be downloaded and installed easily. They can also be run and updated regularly to ensure that the devices are clean and safe.

Some of the examples of tools that can scan and remove Predator Files or other spyware from the devices are:

  • Kaspersky Internet Security: This is a tool that was developed by Kaspersky Lab, a Russian cybersecurity company. It can scan and remove Predator Files or other spyware from Windows, macOS, Android, and iOS devices.
  • Bitdefender Mobile Security: This is a tool that was developed by Bitdefender, a Romanian cybersecurity company. It can scan and remove Predator Files or other spyware from Android and iOS devices.
  • Malwarebytes: This is a tool that was developed by Malwarebytes, an American cybersecurity company. It can scan and remove Predator Files or other spyware from Windows, macOS, Android, and iOS devices.
  • Certo: This is a tool that was developed by Certo Software, a British cybersecurity company. It can scan and remove Predator Files or other spyware from iOS devices.

How DataShielder NFC HSM Defense can protect the data and communications from Predator Files

Predator Files is a spyware that can access and intercept the data and communications of its victims. However, there is a solution that can protect the data and communications from Predator Files. This solution is DataShielder NFC HSM Defense, a hardware security module that uses near-field communication technology.

DataShielder NFC HSM Defense: a solution against spyware

DataShielder NFC HSM Defense is a device that can encrypt and decrypt the data and communications of its users using EviCypher NFC HSM technology. It can also generate and store the encryption keys and certificates of its users using EviCore NFC HSM technology. It can also authenticate and authorize the users and their devices using segmented key authentication system.

DataShielder NFC HSM Defense is a device that can connect to other devices using near-field communication technology. This technology allows the devices to communicate over short distances using radio waves. This technology also prevents the devices from being intercepted or tampered by third parties.

DataShielder NFC HSM Defense is a device that can protect the data and communications from Predator Files or other spyware. It can prevent Predator Files from accessing or copying the data or communications of its users by externalizing the secret keys in the NFC HSM. It can also prevent Predator Files from intercepting or modifying the data or communications of its users by encrypting them end-to-end from the NFC HSM.

DataShielder NFC HSM Defense: additional features

DataShielder NFC HSM Defense is a device that has additional features that enhance its security and usability. Some of these features are:

  • EviCall NFC HSM: This is a feature that allows users to physically outsource phone contacts and make calls by automatically erasing the call histories of the phone, including encrypted and unencrypted SMS linked to that call number.
  • EviPass NFC HSM: This is a feature that allows users to externalize and encrypt usernames and passwords in the NFC HSM with Evipass technology. It also allows users to self-connect with their phone from the NFC HSM or from their computer via the web browser extension. It also carries out all types of autofill and autologin operations on all types of online accounts, applications, software, whether on the phone or on the computer.
  • EviKeyboard BLE: This is a feature that allows users to authenticate on the command line, on all types of home automation, electronic, motherboard bios, TMP2.0 key, which accept the connection of a keyboard on a USB port. It also extends the use of keys greater than 256 bit. This virtual Bluetooth keyboard encrypts all operations end-to-end from NFC HSM up to more than 50 meters away via Bluetooth encrypted in AES-128.
  • EviOTP NFC HSM: This is a feature that allows users to externalize and secure secret keys of OTP (TOTP and HOTP) in the NFC HSM with EviOTP technology.

Here are all the links : EviPass NFC HSMEviOTP NFC HSMEviCypher NFC HSMEviCall NFC HSM, EviKeyboard BLE

DataShielder NFC HSM Defense vs Predator File: a comparison table

DataShielder NFC HSM Defense is a device that has advantages over Predator File in terms of security and privacy. Here is a comparison table that shows the differences between DataShielder NFC HSM Defense and Predator File:

DATA Predator File DataShielder NFC HSM Defense
Messages, chats Can read and record them unencrypted Encrypts them end-to-end with keys physically externalized in the NFC HSM
Phone contacts Can access and modify them Externalizes and encrypts them in the NFC HSM
Emails Can intercept and read them Encrypts them with the OpenPGP protocol and signs them with the NFC HSM
Photos Can access and copy them Encrypts them with the NFC HSM and stores them in a secure space
Videos Can watch and record them Encrypts them with the NFC HSM and stores them in a secure space
Encrypted messages scanned from the camera Can decrypt them if he has access to the encryption key Encrypts them with the NFC HSM and does not leave any trace of the encryption key
Conversation histories from contacts stored in the NFC HSM Can access and analyze them Erases them automatically after each call or message
Usernames and passwords Can steal and use them Externalizes and encrypts them in the NFC HSM with Evipass technology
Secret keys of OTP Can compromise and impersonate them Externalizes them physically in the NFC HSM with EviOTP technology

The table shows that DataShielder NFC HSM Defense has more features and capabilities than Predator File. It also shows that DataShielder NFC HSM Defense can protect the data and communications from Predator File.

Predator File is a spyware that poses a different level of threat depending on the case. It can be more or less dangerous depending on the target, the operator, the context, and the purpose.

Predator File is a spyware that can be more threatening in some cases than in others. Some of these cases are:

  • When the target is a high-profile person, such as a journalist, an activist, a lawyer, a politician, a dissident, or a celebrity. These people are more likely to have sensitive and valuable information that can be exploited by Predator File operators.
  • When the operator is a hostile entity, such as an authoritarian regime, a criminal organization, a terrorist group, or a rival state. These entities are more likely to use Predator File for malicious and harmful purposes, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.
  • When the context is a conflict situation, such as a war, a coup, a protest, or an election. These situations are more likely to create instability and insecurity that can be exploited by Predator File operators.
  • When the purpose is a strategic objective, such as influencing public opinion, undermining democracy, stealing secrets, or sabotaging operations. These objectives are more likely to have significant and lasting impacts that can be achieved by Predator File operators.

Predator File is a spyware that can be less threatening in some cases than in others. Some of these cases are:

  • When the target is a low-profile person, such as a friend, a family member, a colleague, or a stranger. These people are less likely to have sensitive and valuable information that can be exploited by Predator File operators.
  • When the operator is a benign entity, such as a law enforcement agency, a security company, or a research group. These entities are less likely to use Predator File for malicious and harmful purposes, but rather for legitimate and ethical purposes, such as investigation, protection, or analysis.
  • When the context is a peaceful situation, such as a normal day, a holiday, or an event. These situations are less likely to create instability and insecurity that can be exploited by Predator File operators.
  • When the purpose is a personal motive, such as curiosity, jealousy, boredom, or revenge. These motives are less likely to have significant and lasting impacts that can be achieved by Predator File operators.

Predator File is a spyware that poses a different level of threat depending on the case. It can be more or less dangerous depending on various factors. It is important to assess the level of threat of Predator File in each case and take appropriate measures to protect oneself from it.

Recent Developments Regarding the Predator File

Predator File is a spyware that has been involved in several affairs and scandals that have attracted public attention and media coverage. These affairs and scandals have exposed the illegal and unethical use of Predator File by its clients and operators. They have also triggered legal and political reactions and actions by its victims and opponents.

Latest Investigation: The Predator File Project

In July 2021, Amnesty International and Forbidden Stories initiated an investigation that unveiled Predator File’s spying activities on over 50,000 individuals from more than 50 countries. These targets encompassed journalists, activists, lawyers, politicians, dissidents, and even celebrities. Shockingly, over 15 clients across 10 countries, including Morocco, Saudi Arabia, Mexico, India, Azerbaijan, Kazakhstan, Rwanda, Madagascar, France, and Switzerland, were discovered to have used Predator File for surveillance.

In-Depth Reporting: The Predator File Papers

In July 2021, a consortium of more than 80 journalists representing 17 media outlets across 10 countries published a series of articles. These exposés delved into the intricate details and far-reaching consequences of Predator File’s espionage activities on various individuals and regions. Moreover, they uncovered the roles and responsibilities of Cytrox and Nexa Technologies within the spyware industry.

Legal Actions: The Predator File Lawsuits

Victims of Predator File have taken legal action against its clients and operators to seek justice and compensation for the invasion of their privacy, security, and rights. Notable lawsuits include:

  • Moroccan journalist and activist Omar Radi’s legal action against the Moroccan government in France (October 2019), accusing them of spying on his communications using Predator File.
  • Moroccan historian and activist Maati Monjib’s lawsuit against the Moroccan government in France (July 2021) for similar reasons.
  • Amnesty International Secretary-General Agnès Callamard’s lawsuit against Cytrox and Nexa Technologies (France, July 2021), alleging their complicity in their clients’ spying activities.

Political Resolutions: The Predator File Resolutions

Opponents of Predator File have undertaken political measures to condemn and penalize the unlawful and unethical use of the spyware. Additionally, they aim to regulate and oversee the spyware industry. Noteworthy resolutions include:

  • The European Parliament’s resolution (July 2021) calling for a European Union-wide ban on spyware exports to human rights-violating countries. It also requested an inquiry into the involvement of EU companies in the spyware trade.
  • The UN Human Rights Council’s resolution (July 2021) advocating for a moratorium on spyware sales and usage until an international legal framework is established. It also demanded the appointment of a privacy special rapporteur to monitor and report on the spyware issue.
  • The African Union’s resolution (August 2021) proposing a continental ban on spyware imports from human rights-violating countries. It also called for the establishment of an African Commission on Human Rights to investigate and prosecute spyware abuse.

Unveiling a Scandal: The Predator File Scandal

Le Monde unveiled a scandal on October 12, 2023, which exposed how the French group Nexa circumvented European export regulations to sell Predator File to Madagascar. Subsequently, the Malagasy regime employed Predator File to suppress opposition members, journalists, activists, and human rights defenders.

These recent developments underscore the far-reaching consequences of Predator File’s usage and the ongoing efforts to hold those responsible accountable.

Spyware with multiple detrimental impacts

Predator File is a spyware that has multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

Financial Cost

Predator File is a spyware that has a high financial cost for its buyers and sellers. It is expensive to purchase and operate, and risky to use and abuse. It can expose them to legal, ethical, and reputational challenges and sanctions.

Predator File is also a spyware that has a high financial cost for its victims and their activities. It can compromise their privacy, security, and rights. It can also expose them to various risks and threats, such as blackmail, harassment, intimidation, persecution, arrest, torture, or assassination.

Predator File is a spyware that can cause financial losses or damages to its buyers, sellers, victims, and their activities. It can affect their income, budget, assets, liabilities, or transactions. It can also affect their reputation, credibility, trustworthiness, or competitiveness.

Geopolitical Cost

Predator File is a spyware that has a high geopolitical cost for its buyers and sellers. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms.

Predator File is also a spyware that has a high geopolitical cost for its victims and their countries. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society.

Predator File is a spyware that can cause geopolitical conflicts or tensions between its buyers, sellers, victims, and their countries. It can affect their relations, interests, values, or goals. It can also affect their peace, stability, cooperation, or development.

Economic Cost

Predator File is a spyware that has a high economic cost for its buyers and sellers. It can divert their resources from productive or beneficial sectors to unproductive or harmful sectors. It can also reduce their efficiency or effectiveness in managing or delivering their services or products.

Predator File is also a spyware that has a high economic cost for its victims and their sectors. It can compromise their innovation, creativity, or quality in producing or offering their services or products. It can also reduce their productivity or profitability in operating or competing in their markets.

Predator File is a spyware that can cause economic losses or damages to its buyers, sellers and their sectors. It can affect their:

  • income, budget, assets, liabilities, or transactions.
  • reputation, credibility, trustworthiness, or competitiveness.
  • growth, development, sustainability, or resilience.
  • customers, partners, suppliers, or competitors.

Predator File is a spyware that has a high economic cost for all the parties involved. It can harm their financial performance and position. It can also harm their economic potential and opportunities.

Social Cost

Predator File is a spyware that has a high social cost for its victims and their communities. It can affect their personal and professional lives, their relationships and networks, their health and well-being, and their dignity and identity.

Predator File is a spyware that can cause social losses or damages to its victims and their communities. It can:

  • Isolate them from their friends, family, colleagues, or partners.
  • Expose them to stigma, discrimination, or violence.
  • Cause them stress, anxiety, depression, or trauma.
  • Erode their self-esteem, self-confidence, or self-respect.
  • Alter their behavior, personality, or values.

Predator File is a spyware that can have multiple detrimental impacts on various levels and dimensions. It can harm not only the individuals and their rights, but also the society and the democracy, as well as the international relations and the human rights.

Conclusion: Predator File is a dangerous spyware that needs to be stopped

Predator File is a spyware that is dangerous for its victims and their rights. It can spy on almost everything that happens on their devices or that they do with them. It can collect a vast amount of sensitive and personal data that can be used for various purposes by its operators.

Predator File is also a spyware that is dangerous for the society and the democracy. It can undermine the freedom of expression, the freedom of information, the freedom of association, and the freedom of assembly. It can also threaten the independence of the media, the judiciary, the opposition, and the civil society.

Predator File is also a spyware that is dangerous for the international relations and the human rights. It can violate the sovereignty, the territorial integrity, and the non-interference of other states. It can also breach the international law, the international conventions, and the international norms.

Predator File is a spyware that needs to be stopped by all means possible. It is a threat to the privacy, security, and rights of its victims. It is also a threat to the society and the democracy. It is also a threat to the international relations and the human rights.

Predator File is a spyware that needs to be stopped by:

  • Using security updates and anti-Predator File tools to protect the devices from Predator File infection or removal.
  • Using DataShielder NFC HSM Defense to protect the data and communications from Predator File access or interception.
  • Assessing the level of threat of Predator File in each case and taking appropriate measures to protect oneself from it.
  • Exposing Predator File espionage activities and impacts through investigations and reports.
  • Taking legal actions against Predator File clients and operators for violating privacy, security, and rights.
  • Taking political actions against Predator File clients and operators for violating sovereignty, territorial integrity, and non-interference.
  • Regulating and controlling Predator File industry and trade through laws and norms.

Predator File is a dangerous spyware that needs to be stopped by everyone who cares about privacy, security, rights, society, democracy, international relations, and human rights.

Sources and references: Predator File

Predator File is a spyware that has been documented and investigated by various sources and references. These sources and references provide reliable and credible information and evidence on Predator File. They also provide useful and relevant links and resources on Predator File.

Predator File: https://en.wikipedia.org/wiki/Cytrox

Some of the sources and references on Predator File are:

Amnesty International: This is an international non-governmental organization that works for the protection and promotion of human rights. It has published several reports and articles on Predator File, such as:

  • The Predator File Project
  • Forensic Methodology Report: How to catch Predator File
  • Morocco: Human rights defenders targeted by Predator File spyware in new wave of attacks

Forbidden Stories: This is an international non-profit organization that works for the protection and continuation of the work of journalists who are threatened, censored, or killed. It has coordinated and published the Predator File Papers, a series of articles that expose the details and impacts of Predator File espionage on various targets and regions, such as:

  • Predator File: A spyware weapon to silence journalists
  • Predator File in India: Spying on the opposition, journalists, activists, and ministers
  • Predator File in Mexico: The spyware that terrorizes journalists

Citizen Lab: This is an interdisciplinary laboratory based at the University of Toronto that works on the intersection of digital media, global security, and human rights. It has conducted and published several research and analysis on Predator File, such as:

  • Kismet: Predator File Zero Clicks for All?
  • Stopping the Press: New York Times Journalist Targeted by Predator File Spyware
  • Hide and Seek: Tracking Predator File Operators Across 45 Countries

Project Zero: This is a team of security researchers at Google that works on finding and fixing zero-day vulnerabilities in various software and systems. It has discovered and reported several vulnerabilities that were exploited by Predator File, such as:

  • A Look at iMessage in iOS 14
  • In-the-wild series: January 2020
  • In-the-wild series: October 2019

Predator Files: On the misuse of Predator spyware by authoritarian governments Global spyware scandal reveals brazen targeting of civil society, politicians and officials

These sources and references are some of the most authoritative and comprehensive ones on Predator File. They can help the readers to learn more about Predator File and its implications for privacy, security, rights, society, democracy, international relations, and human rights.

BITB Attacks: How to Avoid Phishing by iFrame

BITB attacks Browser-In-The-Browser remove delete destroy by IRDR Ifram Redirect Detection Removal since EviCypher freeware web extension open-source from Freemindtronic in Andorra
BITB attacks by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Beware of BitB phishing attacks by iframe!

Phishing by iframe is a malicious technique that inserts a fake web page into a legitimate one, to trick users and steal their personal or financial information. This method often targets cryptocurrency holders, especially BitB users. Learn how to spot and avoid BitB phishing attacks by iframe with Freemindtronic.

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

2024 Articles Digital Security EviPass Password

Human Limitations in Strong Passwords Creation

2024 Articles Digital Security EviKey NFC HSM EviPass News SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

2024 Articles Digital Security News Phishing

Google OAuth2 security flaw: How to Protect Yourself from Hackers

BITB Attacks: How to Avoid Phishing by iFrame

We have all seen phishing attacks aren’t uncommon, and they demand urgent attention with fake emails and messages at least once.. However, there’s much more in the cybersecurity landscape than just conventional email practices when it comes to phishing. Enterprises that don’t take the necessary precautions can suffer a death blow from a phishing attack. The top line is affected, but the brand’s image and trust can be obliterated if news of a data breach reaches the public.

The latest form of phishing scam is the browser in the browser attack (BITB) that simulates a browser window within a web browser and steals sensitive user information. A fraudulent pop-up window caters to the user and asks for their credentials to sign into the website in the previous web browser window, leading to identity theft.

This article explains what BITB attacks are and how they work, what the risks and consequences of BITB attacks are, how to prevent and protect yourself from BITB attacks using EviBITB technology, and how to install EviBITB on your web browser.

What are BITB attacks and how do they work?

BITB stands for Browser-In-The-Browser. This phishing technique creates a fake browser window within your web browser using HTML and CSS code. An iFrame of redirection, which is an invisible element that loads content from another URL, is displayed by this fake window. The iFrame of redirection mimics the appearance and functionality of a legitimate site, such as Google, Facebook, or Outlook, and asks you to enter your authentication information.

This fake window shows a legitimate URL in the address bar, as well as the icon and the title of the original site. That is the problem. Most users rely on checking the URL to verify the authenticity of a site. This makes it very difficult to detect the phishing attempt. This attack can affect you even if you use a secure connection (https).

BITB attacks can bypass many security measures that are designed to prevent phishing. That is why they are very dangerous. For example:

  • BITB attacks do not involve malicious links or domains. Anti-phishing software may fail to detect them because of that.
  • BITB attacks do not intercept your verification codes or tokens. Two-factor authentication may not protect you from them because of that.
  • Password managers may autofill your credentials on the fake window. They may not protect you from BITB attacks because of that.

Therefore, BITB attacks can allow hackers to access your accounts, steal your data, or even take over your identity. They pose a serious threat to your online security and privacy because of that.

How do BITB attacks work?

Two features of modern web development enable BITB attacks: single sign-on (SSO) options and iFrames.

Many websites embed SSO options that allow you to sign in using an existing account from another service, such as Google, Facebook, Apple, or Microsoft. This option is convenient because you do not need to create a new account or remember a new password for each website you visit.

iFrames are elements that can load content from another URL within a web page. They are often used for embedding videos, maps, ads, or widgets on websites.

The attackers do the following steps:

  • They make a phishing website with SSO options.
  • On their phishing website, they embed an iFrame of redirection that leads to their own server with a fake SSO window.
  • Using HTML and CSS code, they design their fake SSO window to imitate a browser window inside the browser.
  • They make their fake SSO window appear when you click on an SSO option on their phishing website.
  • With JavaScript code, they show a legitimate URL in the address bar of their fake SSO window.
  • Using OAuth methods, they request you to enter your credentials on their fake SSO window.
  • To their server, they send your credentials and then redirect you to the real website.

As you can see, BITB attacks are very deceptive and convincing. They can fool even savvy users who check the URL before entering their credentials.

What are the risks and consequences of BITB attacks?

BITB attacks are a serious threat. They can compromise data and identity for users and businesses. Users who fall victim to BITB attacks face these risks and consequences:

  • Their SSO account can be hijacked and all linked services accessed by the attacker.
  • Their personal and financial information can be stolen and used for identity theft, fraud or blackmail.
  • Their devices can be infected by malware or ransomware and their files damaged or encrypted.
  • Their online reputation can be tarnished by spamming or posting malicious content.

Businesses that offer SSO options are also vulnerable to BITB attacks. They can lose trust and loyalty from their customers or employees. Businesses that suffer a data breach due to BITB attacks face these risks and consequences:

  • Their customer or employee data can be exposed, exploited or sold by the attacker or the dark web.
  • Their brand image and reputation can be damaged by negative publicity and customer complaints.
  • Their legal and regulatory compliance can be violated by data protection laws and regulations.
  • Their revenue and profitability can be reduced by customer churn, lawsuits and fines.

Recent Examples of BITB Attacks

BITB attacks are not new, but they have become more sophisticated and widespread in recent years. Here are some examples of BITB attacks that targeted governmental entities:

  • In February 2020, Zscaler revealed a campaign of phishing BitB targeting users of Steam, a video game digital distribution service. The hackers created fake Counter-Strike: Global Offensive (CS: GO) websites that offered free skins or weapons for the game. These websites displayed a fake pop-up window that asked users to sign in with Steam. If users entered their credentials, they were sent to the hackers who could then access their Steam accounts and steal their items.
  • In March 2020, Bitdefender reported a campaign of phishing BitB targeting users of Office 365, a cloud-based suite of productivity applications. The hackers sent emails that pretended to be from Microsoft and asked users to update their Office 365 settings. These emails contained a link that led users to a fake Office 365 website that displayed a fake pop-up window that asked users to sign in with Office 365. If users entered their credentials, they were sent to the hackers who could then access their Office 365 accounts and steal their data.
  • In September 2020, Proofpoint uncovered a campaign of phishing BitB targeting users of Okta, a cloud-based identity and access management service. The hackers sent emails that pretended to be from various organizations and asked users to verify their Okta account. These emails contained a link that led users to a fake Okta website that displayed a fake pop-up window that asked users to sign in with Okta. If users entered their credentials, they were sent to the hackers who could then access their Okta account and compromise their other connected applications.

These examples show that BITB attacks can target any SSO provider and any website or web application that uses SSO. They also show that hackers can use various methods to lure users into clicking on malicious links or entering their credentials on fake windows.

What are some statistics on BITB attacks?

BITB attacks use iFrames to deceive users with fake SSO windows. Here are some statistics on BITB attacks:

  • According to Statista, the number of unique phishing sites detected worldwide reached 2.11 million in the third quarter of 2020, an increase of 10% from the previous quarter.
  • According to The Hacker News, BITB attacks can exploit third-party SSO options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft) to create fake browser windows within the browser and spoof legitimate domains.
  • According to Zscaler, BITB attacks have been used in the wild at least once before, in February 2020, to target Steam users by means of fake Counter-Strike: Global Offensive (CS: GO) websites.
  • According to NetSPI, the volume of successful phishing attacks on organizations worldwide in 2021 was highest in Brazil (25%), followed by India (17%), and Mexico (14%).
  • According to DZone, the most targeted industry sectors by phishing attacks as of the third quarter of 2020 were SaaS/Webmail (33%), Financial Institutions (22%), and Payment Services (14%).

How to effectively fight against BITB attacks?

BITB attacks are very hard to detect, but not impossible. There are some signs that can help you spot them and some measures that can help you prevent them. Here are some tips:

  • Always check the URL of the site before entering your credentials. Make sure it matches the domain of the site or the SSO provider that you want to use. Do not rely on the URL displayed on the pop-up window, as it can be fake.
  • Always check the SSL certificate of the site before entering your credentials. Make sure it is valid and issued by a trusted authority. Do not rely on the padlock icon displayed on the pop-up window, as it can be fake.
  • Always use an updated antivirus software and browser extension that can detect and block malicious sites and scripts. They can help you avoid landing on phishing pages or loading fake windows.
  • Always use strong and unique passwords for each site or application that you use. Do not reuse the same password for different accounts, as it can increase the risk of compromise if one of them is breached.
  • Always use two-factor authentication (2FA) for your accounts, especially those that you use for SSO. 2FA adds an extra layer of security by requiring a second factor (such as a code sent to your phone or email) to verify your identity. Having your username and password is less useful for hackers if they need your device or access to your email account too.

How to prevent and protect yourself from BITB attacks using EviBITB technology?

The best way to prevent and protect yourself from BITB attacks is to use EviBITB technology, a technology that allows you to detect and remove redirection iframes from web pages. EviBITB is integrated for free in the free and paid extensions of Freemindtronic that are compatible with NFC HSM devices that use a smartphone or an NFC HSM device. The latter stores encrypted multiple authentication information (username, password, otp) for secure authentication for any website on the internet or intranet.

EviBITB technology also has a system of automatic backup of the URL of connection to the account using a web browser to connect to an online account on the internet or intranet. This extension is paired with the NFC android phone which is itself paired with an NFC HSM where encrypted detailed authentication information such as username, password, and secret keys OTP (TOP or HOTP) are stored. Thus, before authorizing auto-filling of connection fields or auto-connection to an online account, the phone will check beforehand if the connection URL is compliant (sandbox technique). This system adds to EviBITB protection.(click here to learn more about EviBITB)

By using EviBITB technology, you can enjoy many benefits:

  • You can avoid falling victim to BITB attacks that can steal your data or compromise your identity.
  • You can reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You can save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You can enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You can protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB technology, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How can EviBITB protect you from BITB attacks?

EviBITB is a technology that enhances your online security. It is implemented in the freemindtronic extensions that allow secure end-to-end autofill and auto-login from an NFC HSM. It also detects and removes phishing iFrames from your web browser.

EviBITB works with an application installed on an NFC Android phone that is paired with an NFC HSM. The application has a sandbox that checks if the origin URLs saved automatically during the first login are compliant. If they are, it transfers encrypted authentication information to the extension.

EviBITB also analyzes the web page source code and detects any possible BITB iFrames. It looks for hidden elements, suspicious URLs, or mismatched styles that indicate a fake browser window.

When EviBITB detects a BITB iFrame, it alerts you by showing a warning window on your computer screen. This window shows you the redirection iFrame URL and asks you to check if you trust this URL before entering any sensitive information.

How EviBITB technology can improve your browsing experience?

EviBITB technology is a security, performance and privacy enhancer. It removes redirection iframes and improves your browsing experience in several ways:

  • It speeds up web page loading, by avoiding requests to third-party sites.
  • It reduces bandwidth consumption, by saving data transferred to or from iframes.
  • It limits exposure to ads and pop-ups, by blocking their sources in iframes.
  • It prevents online activity tracking, by deleting cookies and data stored by iframes.
  • It enhances readability and usability of web pages, by removing distracting elements from iframes.
  • It increases compatibility and accessibility of web pages, by avoiding conflicts or errors caused by iframes.

With EviBITB technology, you can enjoy a faster, smoother and more private browsing experience, without compromising security or convenience.

How to use EviBITB to protect yourself from BITB attacks?

EviBITB is a technology that detects and removes malicious iFrames that expose you to BITB attacks. These attacks simulate a browser window in a web page to prompt you to enter credentials on a fraudulent site.

When EviBITB detects a suspicious iFrame, it shows a warning window that informs you of the risk. This window also gives you five buttons to act on the BITB iFrame:

  • Close Warning: this button closes the warning window without acting on the BITB iFrame. You can use it if you trust the iFrame URL or want to ignore it.
  • Never Show Warnings On This Site: this button adds the website URL to a list of trusted sites. EviBITB will not alert you of BITB iFrames on these sites. You can use it if you are sure the website is safe and has no malicious iFrames.
  • Destroy: this button deletes the BITB iFrame from the web page source code. You can use it if you do not trust the iFrame URL or want to remove it.
  • Clean Storage: this button clears the data stored by the BITB iFrame in the browser. You can use it if you have been exposed to phishing by iFrame and want to erase any traces.
  • Read More: this button redirects you to a page with more information about EviBITB and its benefits. You can use it if you want to learn more about how EviBITB works and protects you from hackers.

Why you should use EviBITB to secure your online access?

EviBITB is a technology that allows you to use your smartphone or your NFC HSM card as a secure authentication key for any website. With EviBITB, you enjoy many benefits:

  • You avoid BITB attacks that can steal your data or impersonate your identity.
  • These attacks simulate a browser window in a web page to prompt you to enter your credentials on a fraudulent site.
  • You reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How EviBITB can improve your browsing experience?

EviBITB is not only a security tool, but also a performance and privacy enhancer. By removing redirection iframes, EviBITB can improve your browsing experience in several ways:

  • It can speed up the loading of web pages, by avoiding unnecessary or malicious requests to third-party sites.
  • It can reduce the bandwidth consumption, by saving the data that would otherwise be transferred to or from the iframes.
  • It can limit the exposure to ads and pop-ups, by blocking the sources that display them in the iframes.
  • It can prevent the tracking of your online activity, by deleting the cookies and other data that the iframes may store in your browser.
  • It can enhance the readability and usability of web pages, by removing distracting or irrelevant elements from the iframes.
  • It can increase the compatibility and accessibility of web pages, by avoiding potential conflicts or errors caused by the iframes.

By using EviBITB, you can enjoy a faster, smoother and more private browsing experience, without compromising your security or convenience.

How to get started with EviBITB?

Getting started with EviBITB is easy and fast. You just need to follow these steps:

  • Download the EviBITB extension for your web browser based on Chromium or Firefox from Freemindtronic’s official website: https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/
  • Install the extension on your web browser and follow the instructions to set it up.
  • Get a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website: https://freemindtronic.com/how-does-evibitb-work-detailed-guide/
  • Pair your smartphone or NFC HSM card with your computer using Bluetooth or NFC technology.
  • Start browsing the web securely with EviBITB. Whenever you visit a website that offers SSO options, you will see a green icon on the address bar indicating that EviBITB is active. You can then tap your smartphone or NFC HSM card on your computer screen to authenticate yourself and access the website.

What are some videos on BITB attacks and EviBITB?

If you want to learn more about BITB attacks and EviBITB technology, you can watch some videos on these topics:

  • A video demonstration of a BITB attack by mrd0x:

In conclusion

BITB attacks are a new and sophisticated form of phishing that can steal your credentials by simulating a browser window within your browser. They can bypass many security measures that are designed to prevent phishing and compromise your online security and privacy.

EviBITB is a free technology that detects and removes phishing iFrames from your web browser. It also offers other features to enhance your online security, such as authentication via NFC HSM devices that secure your credentials without typing them on your keyboard.

If you want to benefit from EviBITB technology, you just need to download the extension corresponding to your web browser on Freemindtronic’s official website:

You will also need a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website.

https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/ :

Don’t wait any longer and try EviBITB now!

Hashtags: #EviBITB #Phishing #Cybersecurity #NFC #HSM

Gold Globee Winner 2022 Cyber Computer NFC

Gold Globee Winner 2022 at the Cyber Security Global Excellence Awards Cyber Computer NFC Freemindtronic Andorra

Freemindtronic Wins Globee® Awards in the 2022 Cyber Security Global Excellence Awards®

Freemindtronic named Winner in the Globee Awards 18th Annual Cyber Security Global Excellence Awards®

Escaldes-Engordany, Andorra, – February 24th, 2022 – Freemindtronic announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named the Cyber computer of Freemindtronic a winner in the 18th Annual 2022 Cyber Security Global Excellence Awards®. These prestigious global awards recognize cyber security and information technology vendors with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies.

The NFC Cyber ​​Computer with EviCypher technology of Freemindtronic offers a new innovative solution to fight against ransomware, espionage and at the same time secure access to sensitive data and protect secrets physically, offline. The NFC reader integrated into the Cyber ​​computer allows interaction with a secure NFC card, manager of encryption tokens and secrets. Simply insert the NFC card into the reserved slot of the Cyber ​​Computer to perform all the operations. Thus, the secrets are physically isolated from the computer system. This allows contactless encryption and auto-locking of access to internal and external data storage media such as USB, SD, SSD or HD keys. The Cyber ​​Computer is also equipped with an encrypted differential backup system with self-locking and/or self-disconnection for storage via a local or remote network. The Cyber ​​Computer offers an effective solution for contactless encryption of webmail and instant messaging. This device is equipped with a multi-factor authentication (MFA) system. The NFC card is also compatible with an NFC phone via the Freemindtronic EviCypher Application. Thus the user of a Cyber ​​Computer has an eco-system which also secures all his messaging services including SMS and files on his phone.

“We are proud to be recognized as an industry player whose Cyber computer with Freemindtronic EviCypher technology has been named winner by the Globee Awards, in hardware safety and cybersecurity” says said Jacques Gascuel CEO of Freemindtronic Andorra.   “Behind this distinguished success, it is above all the work of a team of enthusiasts in perpetual research and development of new solutions to fight against cybercrime and espionage while defending the individual sovereignty of its data. We believe that this recognition from the Globee Awards further validates our perseverance in always pushing the limits of the impossible to meet the increasingly complex needs of our customers in terms of protecting their computer systems, their information and communications but not only. Human error is also taken into consideration thanks to protected and secure differential backup systems. Above all, the Cyber computer responds advantageously to the need to secure telework as well as work on the move. »  

More than 55 judges from around the world representing a wide range of industry experts participated in the judging process.

Judges | Cyber Security | Cyber Security Global Excellence Awards: https://globeeawards.com/cyber-security-global-excellence-awards/judges/

About the Globee Awards 
Globee Awards are conferred in ten programs and competition: the American Best in Business Awards, Business and Communications Excellence Awards, CEO World Awards®, Cyber Security Global Excellence Awards®, Disruptor Company Awards, Golden Bridge Awards®, Information Technology World Awards®, International Best in Business Awards, Sales, Marketing, & Service Excellence Awards, and Women World Awards®. Learn more about the Globee Awards at https://globeeawards.com

About Freemindtronic
The Andorran company Freemindtronic designs, develops and manufactures internationally patented white label products and services, particularly in the field of safety and cyber security. She is an expert in NFC technology. Jacques Gascuel’s patented EviCypher invention was awarded the 2021 Geneva International Inventions Gold Medal. This Gold Globee® Winner 2022 is a new international recognition of the potential of implementation of this invention in many other domains of hardware security of secrets.

All trademarks are the property of their respective owners.

List winner of the Globee Awards 18th Annual Extract from Freemindtronic’s Cyber Security Global Excellence Awards® 2022

Winners | Cyber Security

We congratulate all the other winners.

We would like to thank the members of the jury in the Cyber Security Global Excellence Awards® for their interest in our latest Greentech innovation EviCypher.

Based on the invention of Jacques GASCUEL, the EviCypher card is a keeper of secrets. It is very easy to use and very efficient for contactless, end-to-end encryption from an NFC hardware security module, sensitive data and in particular emails in Webmail services.

Excerpt from Freemindtronic’s Cyber Security Global Excellence Awards® 2022 virtual ceremony on 27 April 2022

Extract from the Cyber Security Global Excelence 2022 ceremony

Winners will be celebrated and presented their awards in a virtual ceremony attended by the finalists, winners, judges and industry peers from all over the world. Globee awards virtual ceremony more information clic here 

NEWS PROVIDED BY
Cyber Security Global Excellence Awards® 2022
Frebruary 23, 2022
Related Links https://globeeawards.com/cyber-security-global-excellence-awards/winners
Judges | Cyber Security Global Excellence Awards

https://globeeawards.com/cyber-security-global-excellence-awards/judges/

SHARE THIS ARTICLE

E&T Innovation Awards Cybersecurity

E&T Innovation Awards Cybersecurity 2021


Finalists 2021 E&T Innovation Awards Cybersecurity with EviCypher Technology.

The Freemindtronic Andorra R&D team is very honored to nominated as finalist for the 2021 E&T Innovation Awards Cybersecurity.

This award recognises an organisation which is taking proactive steps to counter attacks and take preventative measures to remain one-step ahead of cyber threats.

The Cyber Security Award recognises the creative thinking, engineering, people and projects that are taking on this growing threat for the benefit of the global community. We will reward innovations that have reached the stage where its potential to mitigate risk to organisations, government and individuals has been clearly identified.

Entries can range from security research, to new products or services that help to solve today’s important security challenges.

A shortlist and winner will be selected by our judging panel.

https://eandtinnovationawards.theiet.org/the-awards/shortlist

The finalists Category Cybersecurity

We congratulate all the other finalists.

We would like to thank the members of the jury in the Communications & IT category for their interest in our latest Greentech innovation EviCypher.

Judges https://eandtinnovationawards.theiet.org/categories/cyber-security/

Based on the invention of Jacques GASCUEL, the EviCypher card is a keeper of secrets. It is very easy to use and very efficient for contactless, end-to-end encryption from an NFC hardware security module, sensitive data and in particular emails in Webmail services.

Below is the video of the Awards Ceremony of which Freemindtronic is a finalist.

 










NEWS PROVIDED BY
E&T Innovation Awards 2021
November, 2021
Related Links
https://eandtinnovationawards.theiet.org




SHARE THIS ARTICLE





Award FIC 2017 10th Most innovative international startup

Award FIC 2017 10th Most innovative international startup Fullsecure from Freemindtronic Andorra with EviToken Technology


Award FIC 2017 Fullsecure from Freemindtronic is nominated among the 10 finalists of the most innovative companies in Cybersecurity. 
 
The jury of the 9th International Cybersecurity Forum 2017 has nominated EviTag NFC, a NFC hardware password manager that works unlock contactless via an NFC phone. 
 
The EviTag rugged keychain module that participated in the FIC 2017 Award was also presented to the public at the international cybersecurity forum in Lille (France) on 24 and 25 January 2017.
 

Award FIC 2017 NFC rugged hardware password manager work contacless by nfc phone Android

 
EviTag NFC Rugged hardware password manager won other awards such as the 2017 IoT & Embedded Systems Award. To learn more about this award click here.
 
A trade fair organised with our French industrial partner the Syselec Group. Click here to learn more about our industrial partner.
 



FIC 2017 Cybersecurity Exibition France Lille Grand Palais France Fullsecure by Freemindtronic Andorra






Top 10 – FIC 2017



Award FIC 2017 Freemindtronic is nominated among the 10 finalists of the most innovative startup in Cybersecurity Andorra EviTag NFC hardware password manager EviAlpa Technology









NEWS PROVIDED BY
FIC 2017
March 2013
Related Links
https://freemindtronic.com/fic-2017-awards




SHARE THIS ARTICLE