Category Archives: Digital Security

Digital security is the process of protecting your online identity, data, and other assets from intruders, such as hackers, scammers, and fraudsters. It is essential for trust in the digital age, as well as for innovation, competitiveness, and growth. This field covers the economic and social aspects of cybersecurity, as opposed to purely technical aspects and those related to criminal law enforcement or national and international security.

In this category, you will find articles related to digital security that have a direct or indirect connection with the activities of Freemindtronic Andorra or that may interest the readers of the article published in this category. You will learn about the latest trends, challenges, and solutions in this field, as well as the best practices and recommendations from experts and organizations such as the OECD. You will also discover how to protect your personal data from being used and sold by companies without your consent.

Whether you are an individual, a business owner, or a policy maker, you will benefit from reading these articles and gaining more knowledge and awareness about this topic and its importance for your online safety and prosperity. Some of the topics that you will find in this category are:

  • How to prevent and respond to cyberattacks
  • How to use encryption and cryptography to secure your data
  • How to manage risks and vulnerabilities
  • How to comply with laws and regulations
  • How to foster a culture of security in your organization
  • How to educate yourself and others about this topic

We hope that you will enjoy reading these articles and that they will inspire you to take action to improve your security. If you have any questions or feedback, please feel free to contact us.

image_pdfimage_print
Articles, Digital Security

ZenRAT: The malware that hides in Bitwarden and escapes antivirus software

Posted on by FMTAD
ZenRAT The-malware-that hides in Bitwarden-and escapes antivirus-software edit by freemindtronic from Andorra
27
Sep
ZenRAT Malware  by Jacques Gascuel: This article will be updated with any new information on the topic.

***

**

How this malware hides in Bitwarden and escapes antivirus software to steal your information

ZenRAT is a new malicious software that targets Windows users and hides in fake installation packages of Bitwarden, a popular and secure password manager. This remote access trojan (RAT) was discovered by Proofpoint, a company specialized in cybersecurity. ZenRAT aims to steal sensitive information from users, such as their credentials, passwords, IP addresses or browser data.

How does ZenRAT hide in Bitwarden?

ZenRAT uses a social engineering technique to trick users and make them download a fake installation package of Bitwarden. The malicious website that hosts the file looks very similar to the official Bitwarden website, but it uses a different domain name. The downloaded file contains an executable named ZenRAT, which installs discreetly on the victim’s computer and starts collecting and sending their personal information to a command and control server.

ZenRAT hides in Bitwarden to take advantage of its popularity and credibility, as it is used by millions of users worldwide. By imitating the website and logo of Bitwarden, ZenRAT hopes to attract users who are looking for downloading or updating this software, and to convince them that they are on the official website. Thus, ZenRAT can induce users to install the malicious file without suspicion.

This identity theft technique is commonly used by cybercriminals to spread malware under the guise of legitimate applications. Users should therefore be careful to only download software from a reliable source, and to check the domain name of the website. They should also be wary of advertisements in search engine results, which can be a major vector of infection.

What are the technical means used by ZenRAT to achieve its goals and protect itself?

ZenRAT uses several technical means to achieve its goals and protect itself from protection systems. Among these means, we can mention:

  • Encryption: It encrypts the data it steals and sends to the command and control server, using an AES algorithm with a randomly generated key. Thus, ZenRAT makes it harder to detect and analyze its network traffic by antivirus or firewall software.
  • Polymorphism: ZenRAT changes its appearance and behavior regularly, using techniques such as packing, obfuscation or mutation. Thus, ZenRAT escapes the static signatures of antivirus or intrusion detection software.
  • Geofencing: It checks the geographical location of the infected computer, using the IP address or browser data. If the computer is located in an area that does not interest the hacker, such as Russia or China, ZenRAT stops and uninstalls itself. Thus, ZenRAT reduces the risk of being discovered or analyzed by security researchers.
  • Anti-virtualization: ZenRAT detects if the infected computer is a virtual machine or a sandbox, using indicators such as the name of the CPU, GPU, RAM or hard disk. If so, ZenRAT stops and uninstalls itself. Thus, ZenRAT avoids being studied or neutralized by security experts.
  • QR codes: Malware Rat uses QR codes to communicate with its command and control server, using a dedicated mobile application. Thus, ZenRAT bypasses network filters or proxies that could block its traffic. The QR codes contain encrypted and compressed data, which are decoded and executed by the malware on the infected computer.
  • Password generator: ZenRAT uses a password generator to create random and strong passwords, which it uses to access online accounts of users. Thus, ZenRAT increases its chances of succeeding in brute force or dictionary attacks, and makes it more difficult for users to change or reset their passwords.

These technical means show that ZenRAT is a sophisticated and adaptable malware, which can circumvent or resist various forms of defense. They also testify to the malicious intent of the hacker, who seeks to maximize his impact and minimize his traceability.

Why is RAT a serious threat?

ZenRAT is a serious threat for the security and privacy of Internet users, because it steals personal and confidential information, which can be used to access sensitive services, identify and track users, analyze their habits and preferences, or inject malicious advertisements or spyware. It uses various technical means to spread and hide itself, and it escapes antivirus and security software.

ZenRAT has not yet been widely studied or detected by antivirus or security software. According to Proofpoint, the detection rate of the malicious file on VirusTotal was less than 10% at the time of their analysis. Other sources confirm that ZenRAT is a little-known and rare malware. It is therefore important to be vigilant and only download software from a reliable source, checking the domain name of the website.

ZenRAT is also a malware that specifically targets Windows users, who represent the majority of operating systems in the world. According to StatCounter, Windows had a market share of 72% in September 2023. This means that ZenRAT can potentially infect more than a billion Windows computers worldwide. Moreover, ZenRAT attacks Bitwarden users, a password manager that has more than 25 million users worldwide. By stealing their passwords, ZenRAT can access their online accounts and compromise their security.

Here is a summary table of the main characteristics of ZenRAT:

Attribute Details
Name ZenRAT
Type Remote Access Trojan (RAT)
Platform Windows
Infection Method Fake Bitwarden installation packages
Objective Steal sensitive user information
Technical Means Encryption, polymorphism, geofencing, anti-virtualization, QR codes, password generator
Detection Rate Below 10% on VirusTotal
Main Source Proofpoint1
Associated Threats Typosquatting, phishing, credential theft
Targeted Service Bitwarden password manager
Date of Discovery August 2023
Malicious Email Campaigns Several, targeting organizations across various sectors
Associated Malicious Domains bitwariden[.]com, crazygameis[.]com, obsproject[.]com, geogebraa[.]com
Dedicated Mobile Application ZenRAT Scanner
Fake Installers Bitwarden-Installer-version-2023-7-1.exe, CertificateUpdate-version1-102-90
Signed by Falsely claimed to be signed by Tim Kosse
Copy of Executable Location ApplicationRuntimeMonitor.exe stored in C:Users[username]AppDataRoamingRuntime Monitor
Collected Data CPU Name, GPU Name, OS Version, Installed RAM, IP Address & Gateway, Installed Antivirus, Installed Applications
C2 Communication Server IP: 185[.]186.72.14. Custom C2 protocol used
Unique Features Checks: IsBlockedRegion, IsMutex, IsSmallDisk, IsDetectVM. Logs sent in plain text to C2 server
Indicators of Compromise Several IP addresses and domains, as well as a list of SHA256 for associated files

ZenRAT is therefore a malicious software that attacks strategically Windows operating systems, hiding in fake installation packages of Bitwarden. It uses various technical means to spread and hide itself, and aims to steal sensitive information from users. It represents a serious threat for the security and privacy of Internet users.

Articles, Crypto Currency, Digital Security, EviSeed, EviVault Technology, News

Enhancing Crypto Wallet Security: How EviSeed and EviVault Could Have Prevented the $41M Crypto Heist

Posted on by FMTAD
Crypto Wallet Security enhancing crypto wallet security how EviSeed and EviVault could have prevented the $41m crypto Heist crypto Lazarus APT38 BNP MATIC Heist
11
Sep

Crypto Wallet Security by Jacques Gascuel: This article will be updated with any new information on the topic.  

How EviSeed and EviVault Could Thwart a $41 Million Crypto Heist

Imagine waking up one day to discover that your crypto wallet has been hacked. As a result, all your funds are gone. Unfortunately, this is exactly what happened to more than 50,000 StakeCube users who were staking cryptocurrencies. They lost a massive $41 million in a cyberattack by North Korean hackers. In this article, we will demonstrate how EviSeed and EviVault technologies, developed by Freemindtronic, could have thwarted this theft.

EviSeed and EviVault NFC HSM Technologies could have prevented the $41 million crypto theft by North Korean hackers.

Cryptocurrencies have gained immense popularity, but they have also become increasingly vulnerable to theft. Hackers actively search for vulnerabilities in cryptocurrency storage and exchange platforms, leading to them stealing millions of dollars from users. North Korean hackers recently stole $41 million from the Stake platform, resulting in a high-profile case. In this article, we explore how EviSeed and EviVault NFC HSM technologies could have prevented this theft.

The Significance of Mnemonic Phrases and Private Keys

Before delving into the advantages offered by EviSeed and EviVault, let’s first understand the significance of mnemonic phrases and private keys in cryptocurrency wallet security.

Understanding Mnemonic Phrases and Private Keys’ Role in Cryptocurrency Wallet Security

A mnemonic phrase consists of words used to generate and restore your private key, granting access to your cryptocurrency wallet and enabling transactions.Typically composed of 12, 18, or 24 words selected from a standardized list known as BIP39, a mnemonic phrase might look like:

apple, banana, lemon, orange, strawberry, kiwi, pineapple, mango, melon, watermelon, cherry, plum.

This mnemonic phrase is of utmost importance as it represents the sole means of recovering your cryptocurrency wallet in case of loss or theft of the storage device (e.g., smartphone, computer, USB key). Users must meticulously back it up and should never share it with anyone.

A private key, on the other hand, consists of a sequence of numbers and letters corresponding to the mnemonic phrase. It is employed for signing transactions and confirming ownership of the cryptocurrency wallet. A private key example is:

Securing Cryptocurrency Wallets

Now that we’ve examined the importance of mnemonic phrases and private keys, let’s discuss the risks associated with traditional backup methods and how EviSeed and EviVault technologies provide enhanced security solutions.

The Risks of Traditional Backup Methods for Mnemonic Phrases and Private Keys

Nevertheless, these methods have several drawbacks when it comes to cryptocurrency wallet security. Most cryptocurrency users choose to back up their mnemonic phrases and private keys using paper or metal media:

  • Impracticality: Manually writing or engraving mnemonic phrases and private keys can be tedious and prone to errors.
  • Inefficiency: Retrieving a cryptocurrency wallet or making transactions requires typing or memorizing the mnemonic phrase and private key, which can be time-consuming and cumbersome.
  • Lack of Durability: Paper and metal supports degrade over time, can be lost, damaged, or susceptible to environmental factors like fire, water, and physical harm.
  • Vulnerability: Physical and logical attacks are potential risks. For instance, if someone finds the support containing the mnemonic phrase and private key, they can access the cryptocurrency wallet and transfer funds to another address. If the support is connected to the internet, it can be infected with malware capable of stealing the mnemonic phrase and private key.

Why is Crypto Wallet Security Important?

Crypto wallet security involves protecting your crypto assets from unauthorized access, theft, or loss. Crypto wallet security involves two main components: your mnemonic phrase and your private key. Your mnemonic phrase is a sequence of words that is used to generate and restore your private key, which is the key that allows you to access your crypto wallet and make transactions. The mnemonic phrase and the private key are very important, because they are the only way to recover your crypto wallet in case of loss or theft of the support on which it is stored (smartphone, computer, USB key, etc.). You must therefore backup them carefully and never disclose them to anyone.

Crypto wallet security is important because cryptocurrencies are valuable and vulnerable to attacks. Hackers can exploit vulnerabilities in platforms storing and exchanging cryptocurrencies, employ phishing, malware, or social engineering to deceive users into disclosing their mnemonic phrases or private keys. If hackers get access to these keys, they can transfer the funds to their own addresses and make them untraceable. Therefore, you need to choose reliable and secure backup solutions for your mnemonic phrases and private keys, such as EviSeed and EviVault.

Enhancing Crypto Wallet Security with EviSeed

Now let’s find out how EviSeed technology enhances the security of the crypto wallet. It offers a secure alternative to traditional backup methods.

Simplicity and Automation for Enhanced Crypto Wallet Security

EviSeed simplifies crypto wallet creation, completing all tasks within seconds. It efficiently manages and encrypts mnemonic phrases and their corresponding private keys within the NFC HSM. This automation extends to generating public keys and addresses, ensuring robust Crypto Wallet Security. Importantly, this process occurs offline, shielding sensitive data from exposure. Users can effortlessly monitor their balances using their paired Android NFC smartphones.

Rigorous Security Measures: Protecting Your Crypto Wallet Security

EviSeed employs cutting-edge AES-256 post-quantum encryption in conjunction with key segmentation. Even if malicious actors gain physical access to the NFC HSM, decrypting the mnemonic phrase remains an insurmountable challenge without access to encryption keys and corresponding segments. The device features five segmented encryption keys, bolstered by up to four additional authentication criteria for each wallet, significantly enhancing Crypto Wallet Security. These criteria encompass geographic zones, fingerprints, BSSIDs (Wi-Fi network identifiers), and UIDs of paired Android NFC smartphones.

Multi-Layered Protection: Safeguarding Your Crypto Wallet Security

Access to the NFC HSM is exclusively possible via the Freemindtronic application, seamlessly integrating EviSeed technology for added security, reinforcing your Crypto Wallet Security. In the unlikely event of theft, attackers would require knowledge of all unique authentication criteria to decrypt the private key. Moreover, EviSeed generates an encrypted QR code containing your mnemonic phrase. This QR code can be printed, shared, sent, or used for backup between NFC HSMs, employing RSA 4096 encryption, further enhancing your Crypto Wallet Security. EviSeed also enables hassle-free crypto wallet creation, including an automatic backup of BIP39 seed phrases within NFC HSMs, alongside your private key. The technology effortlessly generates public keys and addresses, allowing you to conduct operations securely, all while maintaining the confidentiality of your seed phrase and private key.

Unmatched Durability for Uncompromising Crypto Wallet Security

NFC HSM devices used by EviSeed are engineered for resilience, with military-grade coatings that protect against water, extreme temperatures ranging from -40°C to +120°C, shocks, and scratches. These devices boast an impressive lifespan, powered by energy recovery from the paired Android smartphone’s NFC signal, ensuring long-term Crypto Wallet Security.

By integrating EviSeed NFC HSM technology into their crypto security strategy, users can significantly bolster the safety of their assets, mitigating the vulnerabilities associated with conventional backup methods, and fortifying their Crypto Wallet Security.

How EviVault NFC HSM Enhances Crypto Wallet Security

Now, let’s explore the remarkable capabilities of EviVault NFC HSM and how it elevates crypto wallet security to unprecedented levels.

A Distinctive Approach to Safeguarding Crypto Wallets

EviVault NFC HSM stands apart as a distinct technology from EviSeed NFC HSM. Its primary objective is to secure cryptocurrency-derived private keys physically and offline, all within a lightning-fast process of fewer than four seconds. This is achieved by scanning the QR code of the derived private key, ensuring swift and robust Crypto Wallet Security.

Error-free backup and storage

EviVault simplifies the process further by allowing users to securely record the BIP39-generated recovery phrase, and automatically store it encrypted in an NFC HSM. The user can easily select without using the keyboard assisted by automatic error control system. This has the effect of further strengthening the security of the cryptographic wallet by preventing the backup process in case of error. Thus, all these protection mechanisms are airtight to physical, logical or online threats.

Streamlined Security for Crypto Wallets

EviVault introduces a series of advantages over conventional methods that enhance Crypto Wallet Security comprehensively:

  • Simplicity: Users no longer need to manually enter the derived private key. The cumbersome practice of writing, engraving, or copying private keys in plain text, which can be susceptible to malicious third parties, becomes obsolete. Instead, users can swiftly scan the encrypted QR code of the derived private key, created by EviSeed technology, and store it securely within an EviVault NFC HSM in under four seconds.
  • Efficiency: Gone are the days of memorizing or typing private keys, or risking exposure by storing them in unencrypted forms. By merely passing their Android NFC smartphone paired with the NFC HSM under the NFC antenna, users can view the private key or its compressed/uncompressed public address. The technology even allows for secure sharing of private keys and encrypted public addresses via a pair of RSA 4096 keys, all without exposing sensitive data to the user’s phone or computer.
  • Durability: EviVault stands out with its robust design, devoid of connectors, screens, batteries, buttons, or any other wear-prone components. It offers a lifetime of service, powered by energy recovery from the paired Android smartphone’s NFC signal. Furthermore, EviVault NFC HSM devices, like their EviSeed counterparts, exhibit resistance to water, extreme temperatures ranging from -40°C to +120°C, shocks, and scratches, thanks to a military-grade component coating, ensuring top-tier Crypto Wallet Security in harsh environments.
  • Unyielding Security Measures: EviVault incorporates EviCore NFC HSM technology, featuring post-quantum AES-256 encryption and advanced key segmentation. Even if potential attackers gain physical access to the NFC card, decrypting the private key remains an insurmountable task without access to the encryption keys and corresponding segments, each exceeding 256 bits in complexity. Additionally, users can bolster Crypto Wallet Security by adding up to four segmented authentication criteria for each wallet, including geographical zones, fingerprints, BSSIDs (Wi-Fi network identifiers), or UIDs of paired Android NFC smartphones. Access to the NFC card remains exclusive through the Freemindtronic application, which incorporates EviVault technology, fortifying Crypto Wallet Security with an additional layer of protection.

Incorporating EviSeed or EviVault NFC HSM technology into their crypto security strategy empowers cryptocurrency users to elevate the security of their holdings significantly. These technologies not only eliminate vulnerabilities associated with conventional backup methods but also provide formidable protection against both physical and digital threats, ensuring unparalleled Crypto Wallet Security in today’s dynamic digital landscape.

Summary of Enhanced Cryptocurrency Security

The Crucial Role of Crypto Wallet Security

In summary, EviSeed and EviVault NFC HSM technologies offer innovative solutions to enhance cryptocurrency wallet security, safeguarding digital assets from physical and digital threats.

Protecting Your Investments

Given the increasing adoption of cryptocurrencies, it’s essential to invest in secure storage solutions such as EviSeed and EviVault for effective investment protection.

How a Flaw in the Unencrypted Private Key Backup System Allowed the North Korean Hackers to Steal $41 Million in Crypto from StakeCube and How EviSeed and EviVault Could Have Prevented It

March 2023 witnessed a group of North Korean hackers, Lazarus, or APT38. They stole $41 million in cryptocurrencies from StakeCube, an online casino and betting platform. These hackers took advantage of a flaw in the backup system; it stored unencrypted private keys on a centralized and insecure server. These attackers copied the private keys of more than 50,000 users from the server. Subsequently, they transferred the funds to their own addresses using these keys. These attackers evaded detection for several months with great organization and methodology. These attackers also concealed and laundered the stolen funds to make them hard to trace.

This incident emphasizes the significance of cryptocurrency wallet security and the necessity to select dependable and secure backup solutions for private keys and mnemonic phrases. In this article, we will show you how EviSeed and EviVault, two technologies developed by Freemindtronic, can help you protect your crypto assets from hackers.

Lazarus-affiliated North Korean hackers are renowned for their sophisticated attacks. In the case of the StakeCube theft, they demonstrated a high level of organization and methodology. However, EviSeed and EviVault’s advanced security features could have acted as formidable barriers, enhancing crypto wallet security.

  • Advanced encryption: EviSeed uses post-quantum AES-256 encryption, which makes it virtually impossible for hackers to decrypt the mnemonic phrases and private keys stored, even if they physically access the device.
  • Key segmentation: EviSeed’s key segmentation would have added another layer of protection. Without knowledge of the encryption keys and corresponding segments, which are greater than 256 bits, attackers couldn’t access the private keys.
  • Authentication criteria: Users can set up to four additional segmented authentication criteria for each wallet, including geographic zones, fingerprints, BSSID (Wi-Fi network identifiers) or UID of paired Android NFC smartphones. This would have made it extremely challenging for hackers to gain access.
  • Offline storage: EviSeed works offline, ensuring that mnemonic phrases and private keys are never exposed to the internet, a common entry point for hackers.

Cyber-Attack-Proof Crypto Wallet Security via EviVault

Cryptocurrencies are valuable digital assets that need protection from hackers or accidents. But how can you secure your crypto wallet effectively and easily? The answer is EviVault NFC HSM, an innovative solution that uses NFC technology to encrypt and backup your private keys.

You know how difficult it can be to back up and encrypt your private keys with traditional methods. This is also where the EviVault NFC HSM technology comes in. Let’s take a look at how EviVault improves crypto wallet security against potential threats, such as North Korean hackers. In the context of protecting your digital assets, we will discover how EviVault combines several protection measures:

  • Fortifying Physical Security: EviVault’s resolute physical security measures would have posed an insurmountable challenge to hackers. The private keys, nestled within the NFC card, would remain impenetrable.
  • Rampart of Encryption and Key Segmentation: EviVault would have placed attackers in a cryptographic deadlock. It employs post-quantum AES-256 encryption and meticulous key segmentation. Decrypting the private keys would become an exercise in futility.
  • Enhancing Authentication Criteria: EviVault introduces a layer of complexity by incorporating additional authentication criteria, such as geographic zones and fingerprints. These sophisticated layers would have further confounded hackers, rendering their attempts futile.
  • EviCore Integration: An Extra Layer of Security Access to the NFC card is exclusively governed by the Freemindtronic application, intricately woven with EviVault technology. This integration bestows an added layer of security. It ensures that even if the NFC HSM were stolen, attackers would be stymied by the intricate web of authentication criteria required to decrypt the private key.

We can’t rewrite history or reverse the result of the Stake hack, but it’s clear that EviSeed and EviVault NFC HSM technologies are strong advocates. These are indispensable tools to strengthen the security of the crypto wallet in today’s digital landscape. They act as your shield against potential threats. Note that the Keepser product an NFC Cold Wallet embedding EviVault NFC HSM technology from Freemindtronic click here to learn more.

Official Sources

To support the information presented in this article, we have used the following official sources:

  • [FBI press release] that attributes the theft to Lazarus, a North Korean state-sponsored cybercrime unit.
  • [IMF report] that analyzes the risks and challenges related to crypto-assets and proposes recommendations to strengthen supervision and international cooperation.
  • [Stake.com official website], the online casino and betting platform victim of the theft, that explains how the theft occurred and how they plan to reimburse their users.
  • [Freemindtronic official website], the company that developed EviSeed and EviVault technologies, that presents the benefits and features of these secure backup solutions for private keys and mnemonic phrases.
Articles, Digital Security, News

How to Recover and Protect Your SMS on Android

Posted on by FMTAD
Recover and protect your SMS and secure by EviCypher NFC HSM Technology by Freemindtronic from Andorra
31
Aug

Recover and protect your SMS hack by Jacques Gascuel: This article will be updated with any new information on the topic.  

Guard Your SMS: Protect & Recover Android Texts

SMS are one of the most common ways of communication in the digital world. They can contain important information, such as personal messages, bank details, verification codes, and more. However, Various factors such as accidental deletion, device malfunction, virus attack, or theft can cause the loss, deletion, or compromise of SMS.

Recover and Protect Your SMS on Android: A Complete Guide

First of all, SMS are a popular communication tool on Android smartphones. They allow you to share information, emotions, memories with your loved ones or professional contacts. But what if you lose your SMS by accident or maliciously? How can you recover and protect them?

In the following sections, we will show you how to restore your permanently deleted SMS on Android with different methods, such as Google Drive backup, Samsung Messages trash or third-party apps.

Moreover, we will address the recovery of SMS that are supposed to be permanently deleted or inaccessible intentionally. Malicious people recovering these SMS can cause significant harm or even be vital. That’s why, we will show you how to secure your sensitive SMS even in case of recovery, interception or unauthorized access with EviCypher NFC HSM technology, developed by Freemindtronic, an Andorran company specialized in NFC security.

Finally, as an inventor of counter-espionage, security and cybersecurity solutions at Freemindtronic, the illicit recovery of sensitive data such as SMS often has serious consequences. We are also the first to introduce you to this innovative technology, which allows you to encrypt your SMS with your own encryption keys stored in a secure NFC device. By following this guide, you will be able to recover and protect your SMS on Android easily and effectively, while preserving your privacy, avoiding fraud and backing up your data.

Why Recover Your Deleted SMS on Android?

You may have deleted an important SMS on your Android smartphone by mistake. Or maybe you deleted an SMS on purpose, but regretted it later. Or maybe you lost your SMS because of a bug, a virus or a theft of your phone.

In all these cases, you can try to recover your deleted SMS with different methods. This can help you find useful information, precious emotions or unforgettable memories. It can also prevent problems or misunderstandings with your interlocutors.

However, these methods are not guaranteed to work and may have some drawbacks. For example, some of them may require you to reset your phone to factory settings, which erases all your data. Others may require root access to your phone, which voids your warranty and exposes your phone to security risks.

Below, here are some of the methods you can use to recover your permanently deleted SMS on Android.

Method 1: Recover Deleted SMS from Google Drive Backup

One of the simplest methods to recover permanently deleted SMS on an Android smartphone is to restore them from a Google Drive backup. Google Drive is an online storage service that lets you backup your data, including your messages, contacts, photos and more.

To use this method, you must have enabled Google Drive backup on your phone before deleting your messages. You must also have a backup that contains the messages you want to recover. Finally, you must reset your phone to factory settings and restore it from the backup.

Here are the steps to follow:

  • Backup all the important files on your phone that are not in the Google Drive backup.
  • Go to Settings > System > Reset options > Erase all data (factory reset).
  • Follow the instructions on the screen to complete the reset process.
  • When your phone restarts, sign in with the Google account you used to make the backup.
  • Choose to restore your phone from the Google Drive backup that contains your messages.
  • Wait for the restoration to finish and check if your messages are back.

Method 2: Recover Deleted SMS from Samsung Messages Trash

If you have a Samsung smartphone and use the default Samsung Messages app, you may be able to recover deleted SMS from the trash. This is a feature that stores your deleted messages for 30 days before erasing them permanently.

To use this method, you must have enabled the Trash option in the Samsung Messages settings before deleting your messages. You must also act quickly, as the messages will be erased after 30 days.

Here are the steps to follow:

  • Open the Samsung Messages app and tap on the three-dot menu icon in the top right corner of the screen.
  • Tap on Settings > Trash.
  • Select the conversation that contains the messages you want to recover.
  • Tap on Restore and confirm your choice.
  • Check if your messages are back in the conversation.

Method 3: Recover Deleted SMS with Third-Party Apps

If none of the above methods work for you, you may still have a chance to recover deleted SMS with third-party apps. These are apps that scan the memory of your phone and try to find and restore all the deleted data, including messages.

However, these apps are not guaranteed to work and may have some drawbacks. For example, some of them may require root access to your phone, which can void your warranty and expose your phone to security risks. Some of them may also charge you fees or display ads. Moreover, some of them may not be compatible with your phone model or Android version.

Therefore, before using a third-party app, make sure to read carefully its reviews, ratings, features, permissions and terms of use. Also backup all the important data on your phone before using an app that can modify or erase them.

Some of the popular third-party apps to recover deleted SMS on Android are:

  • FoneDog Android Data Recovery: This app claims to recover deleted text messages on Android without root. It also supports the recovery of other types of data, like contacts, photos, videos, WhatsApp messages, etc. It offers a free trial version and a paid version.
  • Dr.Fone – Data Recovery (Android): This app claims to be the world’s first Android data recovery software. It supports the recovery of various types of data on Android devices with or without root. It also offers other features, like backup and restore, screen unlock, system repair, etc. It offers a free trial version and a paid version.
  • SMS Backup & Restore: This app is not a recovery app per se, but a backup and restore app. It lets you backup your SMS and call logs on your phone, Google Drive, Dropbox or email. It also lets you restore them on your phone or another phone. It is a free app with ads and in-app purchases.

Statistics on Data Leaks by SMS or RCS

SMS and RCS are widely used communication channels, both for personal and professional exchanges. However, they are not immune to data leaks, which can have serious consequences for users and businesses. To illustrate these risks, here are some statistics:

  • A study by Thales found that 45% of businesses suffered a data breach or failed an audit involving data and applications in the cloud in 2021, up from 35% in 2020.
  • Employee errors were the biggest threat to sensitive or confidential data within their organizations in 2021, according to 47% of respondents in a study by Varonis. This means that employees can delete or send by mistake SMS containing sensitive or confidential data to unauthorized recipients.
  • Infobip reported that 60% of consumers read their SMS within 5 minutes of receiving them. This means that an SMS sent by mistake or intercepted by a third party can be read very quickly and cause harm to its recipient.
  • CM.com revealed that 75% of consumers use SMS to communicate with businesses. This implies that SMS often contain personal or professional information that can be exploited by hackers or competitors.
  • Juniper Research expects the number of RCS messages sent per year to reach 1.9 trillion in 2023. This represents an opportunity for businesses to offer enriched experiences to their customers, but also a challenge to protect these messages from data leaks.

These statistics show that SMS and RCS are popular but vulnerable communication vectors. It is therefore essential to protect your messages from malicious recovery attempts, using a technology like EviCypher NFC HSM. By following this guide, you will learn how to recover and protect your SMS on Android with EviCypher NFC HSM technology.

Real examples of data leaks by SMS or RCS

To illustrate the potentially serious consequences of a data leak by SMS or RCS, here are some real examples from the news. These examples show how important it is to recover and protect your SMS on Android devices. You never know who might try to access your messages and what they might do with them.

  • In 2018, Uber’s CEO, Dara Khosrowshahi, accidentally sent an SMS to a Wall Street Journal reporter instead of a board member. The SMS contained confidential information about Uber’s strategy in Asia and its relationship with SoftBank. The reporter published the SMS in his article, which caused embarrassment and a loss of credibility for Uber. If Uber had used EviCypher NFC HSM technology to recover and encrypt their SMS, they could have avoided this situation.
  • In 2019, François de Rugy, the French Minister of Ecological and Solidarity Transition, was forced to resign after the revelation of his lavish expenses. Among the evidence that incriminated the minister, there were SMS that he had sent to his wife and that were recovered by the magazine Mediapart. The SMS showed that the minister boasted of having organized lavish dinners at the taxpayer’s expense.
  • In 2020, US President Donald Trump was accused of pressuring Ukrainian President Volodymyr Zelensky to investigate his political rival Joe Biden. One of the key pieces of evidence in the impeachment case was an SMS sent by Gordon Sondland, the US ambassador to the European Union, to Bill Taylor, the US chargé d’affaires in Ukraine. The SMS said: “The president has been clear: no quid pro quo of any kind”. This SMS was interpreted as an attempt to conceal the blackmail exerted by Trump on Zelensky.
  • In 2021, the Indian government was accused of spying on journalists, activists and political opponents with the Pegasus spyware. This software allowed infiltrating smartphones and accessing messages, calls, photos and location of the targets. To infect smartphones, the software sent SMS or missed calls containing a malicious link to infiltrate smartphones. Several victims claimed to have received suspicious SMS before their phones were hacked.
  • In 2021, Orange, the French telecommunications group, was victim of a cyberattack that exposed the personal data of 15 million customers. The hackers exploited a flaw in Orange’s platform for sending promotional SMS, which contained information such as names, first names, dates of birth, phone numbers and email addresses of customers. Orange said it had fixed the flaw and filed a complaint against the perpetrators of the attack.
  • In 2021, Signal, the secure messaging service, revealed that Cellebrite, an Israeli company specialized in extracting data from smartphones, was able to decrypt SMS and RCS messages stored on Android devices. Cellebrite sells its tools to law enforcement and government agencies around the world, which poses risks for users’ privacy and security. Signal claimed to have found several flaws in Cellebrite’s software, which would allow compromising its data and analysis.
  • In 2021, WeChat, the Chinese social network, was accused of collecting and sharing user data with the Chinese government. Among the data collected, there were SMS and RCS messages sent and received by users on their Android smartphones. WeChat denied these accusations, but several countries such as India, the United States or Australia have banned or restricted the use of the app for national security reasons.

These examples show how important it is to recover and protect your SMS on Android devices. You never know who might try to access your messages and what they might do with them. That’s why we recommend using EviCypher NFC HSM technology to encrypt your SMS with your own encryption keys stored in a secure NFC device. This way, you can prevent any unauthorized access or interception of your sensitive messages. By following this guide, you will be able to recover and protect your SMS on Android easily and effectively.

How to recover and protect your calls, SMS, MMS and RCS on Android

You may wonder if someone can intercept and listen to your calls, SMS, MMS and RCS on your Android device. The answer is yes, it is possible, but it requires some skills and tools that are not easily accessible to the average user. However, you should be aware of the risks and the methods that hackers, companies or governments can use to spy on your communications. In this section, we will show you how to recover and protect your calls, SMS, MMS and RCS on Android with EviCypher NFC HSM technology.

An IMSI-catcher can capture your signals

An IMSI-catcher is a device that pretends to be a cell tower and captures the signals of nearby phones. It can collect information such as phone numbers, locations, contacts and messages of the targeted phones. It can also redirect or block calls, SMS, MMS and RCS, or modify their content. An IMSI-catcher can be small or large, hidden in a car or a backpack, or cover a wider area.

A data extraction tool can access your memory

A data extraction tool is a software or a hardware tool that can extract data from smartphones, such as Cellebrite, XRY or GrayKey. These tools can connect to a phone via USB or Bluetooth and access its memory, where calls, SMS, MMS and RCS are stored. They can also bypass the phone’s encryption or password protection, and recover deleted data. Law enforcement and government agencies often use these tools, but they can also fall into the wrong hands.

A spy app or a malware can monitor your activities

A spy app or a malware is a program that can be installed on a phone remotely or physically. It can run in the background and monitor all the activities of the phone, including calls, SMS, MMS and RCS. It can also record audio, take screenshots, track location and send all the data to a remote server or an email address. Some examples of spy apps or malware are mSpy, FlexiSPY, Pegasus or NSO Group.

EviCypher NFC HSM technology can encrypt your messages

These are some of the ways that someone can intercept and listen to your calls, SMS, MMS and RCS on your Android device. They are not easy to detect or prevent, but you can take some measures to protect yourself. For example, you can use encrypted apps like Signal or WhatsApp for your communications, avoid clicking on suspicious links or attachments in your messages, update your phone’s software regularly and use a strong password or biometric authentication for your phone. You can also use EviCypher NFC HSM technology to recover and protect your calls, SMS, MMS and RCS on Android with your own encryption keys stored in a secure NFC device. This way, you can prevent any unauthorized access or interception of your sensitive messages.

Why Protect Your Sensitive SMS with EviCypher NFC HSM?

You may have SMS that have a sensitive nature on your Android smartphone. They may be personal, professional or confidential messages that you do not want anyone else to read. But did you know that these messages can be recovered by malicious people who want to spy on your privacy, steal your personal or professional information, or blackmail you?

Indeed, there are data recovery methods that allow you to scan the memory of your phone and find and restore all the deleted data, including messages. These methods can be used by malicious people who have access to your phone or your Google Drive backup.

That is why it is important to protect your sensitive SMS with EviCypher NFC HSM, a technology that allows you to encrypt your messages with your own encryption keys. Thus, even if someone succeeds in recovering your deleted messages, they will not be able to read them without having access to your keys.

How Does EviCypher NFC HSM Work?

EviCypher NFC HSM is based on EviCore NFC HSM, which is a hardware security module that combines hardware encryption and NFC communication protocols to protect your keys and secrets. EviCypher NFC HSM allows you to store, manage, share and use encryption keys for various web services, such as email, online storage, cryptocurrency wallets, etc. It also allows you to encrypt and decrypt your SMS with your own keys.

EviCypher NFC HSM works with any Android smartphone with NFC capability. You can use different types of NFC devices, such as cards, stickers, keychains, etc. These devices are battery-free and powered by the NFC signal from your phone.

To use EviCypher NFC HSM to encrypt your SMS, you need to install the Freemindtronic (FMT) app on your phone and pair it with the NFC device that contains your encryption keys. Then, you can use the app to encrypt and decrypt your SMS with a simple gesture.

Here are the steps to follow:

  • Download and install the FMT app from the Google Play Store or the Apple App Store.
  • Launch the app and follow the instructions to create your account and set up your security settings.
  • Tap on the NFC icon in the app and select the option to pair a new NFC device.
  • Bring your phone close to the NFC device that contains your encryption keys. The app will detect the device and ask you to confirm the pairing.
  • Once the pairing is done, you can see your encryption keys in the app. You can also create, import or export new keys if you want.
  • To encrypt an SMS, open the FMT app and tap on the SMS icon. Select the contact you want to send an encrypted SMS to. Type your message and tap on the lock icon. The app will ask you to bring your phone close to the NFC device to encrypt your message with your key. Then, tap on the send icon to send your encrypted SMS.
  • To decrypt an SMS, open the FMT app and tap on the SMS icon. Select the contact you received an encrypted SMS from. Tap on the encrypted message and tap on the unlock icon. The app will ask you to bring your phone close to the NFC device to decrypt your message with your key. Then, you can read your decrypted SMS.

Click [here] to learn how EviCypher NFC HSM technology works.
Then click [here] to learn more about EviCypher NFC HSM technology.

What Are the Benefits of EviCypher NFC HSM?

Using EviCypher NFC HSM offers several benefits to protect your SMS:

  • It is easy to use and contactless. You do not need to type or remember passwords or codes. You just need to bring your phone close to the NFC device.
  • It is secure and anonymous. Your encryption keys are never stored or transmitted online. They are only stored in the NFC device and used in the volatile memory of your phone. No one can access or trace them without having physical access to the device.
  • It is flexible and versatile. You can use different encryption keys for different purposes and share them with other people securely. You can also use EviCypher NFC HSM for other web services besides SMS.

In conclusion

In this article, you have learned how to recover and protect your SMS on Android. You have discovered different methods to restore your messages erased by mistake or maliciously, as well as the risks and limitations of these methods. You have also understood how to secure your sensitive messages with EviCypher NFC HSM, an innovative technology that allows you to encrypt your messages with your own encryption keys. Finally, you have learned some statistics and examples that show the importance of protecting your personal or professional data from data leaks by SMS or RCS.

We hope this article has helped you to recover and protect your SMS on Android with ease. By using EviCypher NFC HSM technology, you can recover and encrypt your SMS with your own encryption keys stored in a secure NFC device. This way, you can prevent any unauthorized access or interception of your sensitive messages. If you have any questions or feedback, please feel free to contact us

 

Articles, Crypto Currency, Digital Security, News

Coinbase blockchain hack: How It Happened and How to Avoid It

Posted on by FMTAD
Coinbase Blockchain Hack 2023 How it happened and how to avoid it
21
Aug

Coinbase blockchain hack by Jacques Gascuel: This article will be updated with any new information on the topic.  

The Crypto Nightmare

Imagine waking up one day and finding out that your hard-earned cryptocurrencies have been stolen by hackers who exploited a flaw in the blockchain platform you trusted. That’s what happened to thousands of users of Coinbase, one of the largest and most popular crypto platforms in the world, in August 2023. In this article, we will explain how this hack occurred, what were its consequences.

How to Prevent Coinbase Blockchain Hack with EviVault NFC HSM Technology

What happened to Coinbase Chain?

The hack and its consequences

On August 5, 2023, Coinbase announced that it had been the victim of a massive hack that compromised its decentralized blockchain, resulting in the loss of more than $200 million worth of cryptocurrencies. The hackers exploited a flaw in the consensus protocol of the chain, which used a proof-of-stake (PoS) mechanism. By creating fake proofs of stake, the hackers controlled more than 51% of the computing power of the network. This allowed them to alter the transaction history and steal the funds from the users.

This hack is one of the largest and most sophisticated in the history of cryptocurrencies. It exposes the risks and challenges associated with the security of decentralized blockchains, which rely on the trust of the users and the verification of the transactions by the nodes of the network. Some experts say the hack of Coinbase Chain could damage the reputation and credibility of Coinbase, as well as the confidence of the investors and regulators in cryptocurrencies in general.

The response and the apology

Coinbase reacted quickly and took steps to stop the hack, identify the culprits, reimburse the victims and improve the security of its blockchain. Coinbase promised to reimburse all the users affected by the hack within 30 days and to strengthen the security of its decentralized blockchain. The company also apologized to its customers and to the crypto community for this incident.

Coinbase also announced that it would launch a bug bounty program to reward anyone who finds and reports vulnerabilities in its systems or products. The company said that it would pay up to $1 million for critical bugs that could compromise its platform or users’ funds. Coinbase also encouraged its users to enable two-factor authentication (2FA) and use hardware wallets or cold storage devices to protect their cryptocurrencies.

What is proof-of-stake (PoS) and how was it hacked?

The concept of PoS

Proof-of-stake (PoS) is a type of consensus mechanism or protocol that uses the amount of stake (or value) held in the system to determine consensus. In essence, a consensus protocol is what controls the laws and parameters governing the behavior of blockchains. Think of consensus as a ruleset that each network participant adheres to.

In PoS, the nodes of the network commit “stakes” of tokens for a set period of time in exchange for a chance at being selected to produce the next block of transactions. The selection process is usually random, but weighted by the size of the stake. The more tokens a node stakes, the higher its probability of being chosen as a block producer. The block producer then validates the transactions and broadcasts them to the rest of the network. The other nodes check the validity of the block and vote on whether to accept it or not. If a majority of nodes agree on the block, it is added to the blockchain and the block producer receives a reward in the form of transaction fees or newly minted tokens.

The advantages of PoS

PoS is designed to be more secure, efficient, and scalable than proof-of-work (PoW), which is another type of consensus mechanism that requires nodes to solve complex mathematical problems to produce blocks. PoW consumes a lot of energy and computing power, which makes it vulnerable to attacks and environmental issues. PoS, on the other hand, relies on economic incentives rather than computational resources, which makes it more eco-friendly and resistant to attacks.

The vulnerability of PoS

However, PoS is not immune to hacking, as demonstrated by the recent incident involving Coinbase Chain, a decentralized blockchain project launched by Coinbase, one of the largest and most popular cryptocurrency platforms in the world. According to a report published by Coinbase, hackers exploited a flaw in the consensus protocol of Coinbase Chain, which used a PoS mechanism. By creating fake proofs of stake, they controlled more than 51% of the computing power of the network. This allowed them to alter the transaction history and steal funds from users.

The flaw in Coinbase Chain’s consensus protocol was related to how it handled forks, which are splits in the blockchain caused by conflicting versions of blocks. Normally, when a fork occurs, the network follows the longest chain, which is assumed to be the most valid one. However, in Coinbase Chain’s case, the hackers created a longer chain by generating fake proofs of stake and tricking the network into accepting their version of blocks. This way, they reversed or modified previous transactions and double-spent their coins.

This hack shows that PoS is not foolproof and that it requires careful design and implementation to ensure its security and reliability. It also highlights the importance of using trusted and tested platforms and protocols for building decentralized applications and smart contracts on blockchains.

What are the statistics of crypto hacks?

The trends: DeFi frauds rise while overall crime drops

Coinbase blockchain hack is not an isolated case. Crypto hacks have been happening since the inception of cryptocurrencies, and they have caused significant losses for investors, traders, and platforms. According to a report by CipherTrace, a blockchain analytics firm, crypto-related crime dropped by 57% in 2020 compared to 2019, but still amounted to $1.9 billion in losses.

However, while overall crime decreased, one sector saw a surge in frauds: decentralized finance (DeFi). DeFi is a term that refers to various financial applications that run on blockchains without intermediaries or central authorities. DeFi platforms offer services such as lending, borrowing, trading, investing, and staking cryptocurrencies. DeFi has grown rapidly in popularity and value in recent years, reaching over $100 billion in total value locked (TVL) as of August 2021.

However, DeFi also poses significant risks and challenges for users and regulators. DeFi platforms are often unregulated, unaudited, and vulnerable to hacking, exploitation, or manipulation. According to CipherTrace, DeFi-related hacks accounted for 45% of all crypto thefts in 2020, totaling $129 million. In 2021, this trend has continued, with DeFi hacks reaching $361 million in the first half of the year. Some of the most common types of DeFi hacks are:

  • Flash loan attacks: A flash loan is a type of loan that allows users to borrow large amounts of crypto without collateral for a very short period of time (usually one transaction). Hackers can use flash loans to manipulate prices or liquidity on DeFi platforms and profit from arbitrage or liquidation opportunities.
  • Reentrancy attacks: A reentrancy attack is a type of attack that exploits a vulnerability in a smart contract that allows an attacker to repeatedly call a function before it finishes executing. This can result in multiple withdrawals or transfers of funds from the contract without proper checks or balances.
  • Oracle attacks: An oracle is a service that provides external data to smart contracts on blockchains. For example, an oracle can provide price information for different assets or currencies. Hackers can manipulate or compromise oracles to feed false or inaccurate data to smart contracts and cause them to execute malicious actions or transactions.

The examples: some of the biggest crypto hacks in history

Coinbase blockchain hack is one of the largest and most sophisticated crypto hacks in history, but it is not the only one. Here are some other examples of notorious crypto hacks that have occurred over the years:

The following table shows some of the biggest crypto hacks in history, based on the amount stolen and the date of occurrence:

Platform Date Amount stolen Type of hack
Mt.Gox 2014 850,000 Bitcoins ($450 million) Unknown
DAO 2016 3.6 million Ether ($60 million) Reentrancy attack
Bitfinex 2016 120,000 Bitcoins ($72 million) Security breach
Coincheck 2018 523 million NEM ($530 million) Security breach
Binance 2019 7,000 Bitcoins ($40 million) Security breach
KuCoin 2020 $281 million Security breach
Poly Network 2021 $610 million Exploit

The latest news on the Coinbase blockchain hack

Since the announcement of the hack, there have been some developments and updates on the situation. Here are some of the latest news on the Coinbase blockchain hack:

  • Hackers return some of the stolen funds: Hours after the hack, the attackers started returning some of the funds – first in small amounts and then in millions. They started sending back small transfers totalling a few dollars to the online wallets controlled by Poly – but then began making much larger deposits, totalling hundreds of millions. The reason for this is unclear, but some speculate that it could be due to pressure from law enforcement, remorse, or fear of being tracked.
  • Coinbase identifies the perpetrators: Coinbase claimed that it had identified the perpetrators of the hack, whom it called “brigands” and that it intended to sue them. The company did not disclose their identities or locations, but said that it was working with authorities to bring them to justice. Coinbase also said that it had evidence that the hackers were not affiliated with any state or organization.
  • Coinbase launches a bug bounty program: Coinbase announced that it would launch a bug bounty program to reward anyone who finds and reports vulnerabilities in its systems or products. The company said that it would pay up to $1 million for critical bugs that could compromise its platform or users’ funds. Coinbase also encouraged its users to enable two-factor authentication (2FA) and use hardware wallets or cold storage devices to protect their cryptocurrencies.

These are some of the latest news on the Coinbase blockchain hack. We will keep you updated on any further developments as they happen.

How could this hack have been prevented?

The solution: EviVault NFC HSM

One of the possible ways to prevent this type of hack is to use a technology developed by Freemindtronic, an Andorran company specialized in NFC security solutions. This technology is called EviVault NFC HSM, and it allows for physical offline secure storage of blockchain private keys, cryptocurrencies, wallets, Bitcoin, Ethereum, NFTs, Smart Contracts.

EviVault NFC HSM uses NFC (Near Field Communication) technology to communicate with an Android smartphone and allows access to cryptographic assets with a simple gesture. EviVault NFC HSM is protected by two patents by Jacques Gascuel: wireless access control and segmented key authentication. It integrates EviCore HFC HSM technology developed by Freemindtronic and compatible with EviCore HSM technology.

EviVault NFC HSM comes in different shapes and formats, such as EviTag NFC keychain, EviCard PVC or PCB card, EviPins or EviCard 2 Gen card with two NFC chips on PCB. The latter can store up to 200 blockchain private keys with automatic public address generator. It supports all private keys and derived blockchain keys. And it allows managing with public addresses Bitcoin BTC Ethereum Cash ECASH Namecoin NMC Bitcoin cash BCH Ethereum Classic ETC ReddCoin RDD Bitcoin Gold BTG Ethereum Gold ETG Ripple XRP Dash DASH Ethereum lite ELITE Solar Coin SLR Digibyte DGB Feather Coin FTC Stellar XLM Dogecoin DOGE IOTA Verge XVG Ethereum ETH Litecoin LTC TRON TRX Cardano ADA Polkadot DOT Binance Coin BNB.

EviVault NFC HSM is the ultimate solution to protect all cryptographic asset keys from hackers, theft or loss. Its private keys are stored in EviVault’s EPROM memory, encrypted by an AES 256-bit algorithm. EviVault NFC HSM also benefits from a patented contactless access control system that allows defining two distinct access profiles: administrator and users, without allowing them to access each other’s secrets without their authorization. EviVault NFC HSM also has a patented segmented key authentication system that allows defining up to 9 trust criteria for encrypting its secrets, such as geolocation, BSSID, password or fingerprint.

By using EviVault NFC HSM technology, coinbase users could have secured their funds by storing them in an offline NFC device that offers a high level of protection and encryption for their keys and secrets. They could have avoided the risk of hacking, theft or loss of their cryptocurrencies, and have full control over their digital assets without depending on a centralized platform. They could also enjoy ease of use and speed of transaction thanks to NFC technology, which allows communicating with their Android smartphone and accessing their cryptographic assets with a simple gesture. EviVault NFC HSM is therefore a revolutionary technology for the security of coinbase and cryptocurrencies in general.

Click [here] for more information on EviVault NFC HSM Technology
Click [here] for more information on EviCore NFC HSM Technology

The alternative: EviSeed NFC HSM

Another technology that can provide security against this hacking of Coinbase is EviSeed NFC HSM, also developed by Freemindtronic. EviSeed NFC HSM is a technology that lets you store your crypto seed phrase in a simple, efficient and durable way. A seed phrase is a sequence of words, usually 12 or 24, that serves as a recovery key for your crypto wallet. If you lose your seed phrase, you lose access to your funds. If someone steals it, they can access your wallet and divert your funds.

EviSeed uses the standards of the BIP (Bitcoin Improvement Proposal) formats, especially the BIP39, to generate, enter or scan seed phrases without error thanks to a checksum control. EviSeed allows you to back up your seed phrases encrypted with your own encryption keys that can be segmented according to an implementation of the invention patent on segmented key authentication. You can use any type of fixed or removable media to store your seed phrases, including Freemindtronic’s NFC HSM devices, which are contactless hardware security modules. EviSeed also generates a QR code containing your encrypted seed phrase, which you can print, share, send or save between NFC HSMs by scanning the QR code encrypted in RSA 4096.

EviSeed offers you several advantages over traditional methods of storing seed phrases, such as paper, metal or digital media. EviSeed is simple: you don’t need to write or engrave your seed phrase, just scan it with the EviSeed app and transfer it to the media of your choice. EviSeed is efficient: you don’t need to memorize or type your seed phrase, just scan it with your smartphone to restore your wallet. EviSeed is durable: the media you choose to store your seed phrase can be resistant to water, fire, shocks and scratches. It does not deteriorate over time.

By using EviSeed NFC HSM technology, coinbase users could have backed up their seed phrases securely and conveniently. They could have restored their wallets easily in case of loss or theft of their devices. They could have also protected their seed phrases from physical or digital attacks thanks to the encryption and segmentation features of EviSeed.

Click [here] for more information on EviSeed NFC HSM

In conclusion

The hack of Coinbase’s decentralized blockchain was a major event that exposed the vulnerabilities and challenges of decentralized platforms. The hackers exploited a flaw in the proof-of-stake consensus protocol of Coinbase Chain and stole more than $200 million worth of cryptocurrencies from the users. Coinbase reacted quickly and took steps to stop the hack, identify the culprits, reimburse the victims and improve the security of its blockchain.

However, this hack could have been prevented by using EviVault NFC HSM technology, which allows for physical offline secure storage of blockchain private keys and cryptocurrencies. EviVault NFC HSM is a patented technology developed by Freemindtronic that offers a high level of protection and encryption for cryptographic asset keys, as well as ease of use and speed of transaction thanks to NFC technology.

This article shows that proof-of-stake is not foolproof and that it requires careful design and implementation to ensure its security and reliability. It also highlights the importance of using trusted and tested platforms and protocols for building decentralized applications and smart contracts on blockchains. Moreover, it demonstrates that EviVault NFC HSM is a revolutionary technology for the security of coinbase and cryptocurrencies in general.

Therefore, we recommend that coinbase users adopt EviVault NFC HSM technology to protect their funds from hacking, theft or loss. We also suggest that coinbase developers review their consensus protocols and implement best practices to prevent future attacks. Finally, we urge coinbase regulators and policymakers to establish clear standards and guidelines for ensuring the safety and integrity of decentralized platforms.

Articles, Compagny spying, Digital Security, Industrial spying, Military spying, Spying

Protect yourself from Pegasus spyware with EviCypher NFC HSM

Posted on by FMTAD
Protect yourself from Pegasus Spyware with EviCypher NFC HSM and EviCore NFC HSM by Freemindtronic technology from Andorra
02
Aug

Pegasus Spyware Protection by Jacques Gascuel: This article will be updated with any new information on the topic.  

Pegasus spyware protection

Pegasus is a spyware that can hack your phone and spy on your confidential information. It has been used to attack sensitive people like journalists or politicians. Freemindtronic, an Andorran company specialized in NFC security, anti-spy and counter-espionage, offers you EviCypher NFC HSM, a device that allows you to store and manage your keys and secrets securely. With EviCypher NFC HSM, you can encrypt and decrypt your data, sign and verify your documents, authenticate and control your access, without fear of Pegasus or any other spyware accessing your data.

How to protect yourself from Pegasus spyware with EviCypher NFC HSM

Pegasus Spyware: what it is, how it works, and how to protect yourself with EviCypher NFC HSM. In this article, we will tell you about Pegasus spyware. A global investigation revealed its misuse by governments and intelligence agencies. They target and spy on personalities around the world. We will explain what Pegasus is, how it works, who developed and sold it, and how it violated human rights, free speech, and democracy. We will also give you tips to protect yourself from this malware with EviCypher NFC HSM technology. It uses a contactless hardware security module (NFC HSM). That is, an innovative security device that lets you encrypt your data and communications on your mobile phone with your own keys that you created and stored offline.

What is Pegasus spyware and how does it work?

The features and capabilities of Pegasus spyware

Pegasus spyware is a malware that can hack your phone and access your data, calls, location, camera, and microphone. It can use security flaws in Android and iOS: silent installation. Spyware activation: missed call or hidden message.

Once installed on a phone, Pegasus spyware gains full access to SMS messages, emails, photos, contacts, calendar, GPS data, logs, and any apps and data the phone contains. In fact, the spyware can even gain access to encrypted data and messages by intercepting them prior to the encryption process. Pegasus spyware can transmit all this information to a remote server controlled by the attacker. Pegasus spyware can also self-destruct or hide its traces if it detects any attempt to detect or remove it.

The developer and seller of Pegasus spyware

NSO Group, an Israeli company founded in 2010 by ex-members of Unit 8200, develops Pegasus spyware. The Israeli military’s cyber intelligence unit. NSO Group sells its product only to government and law enforcement agencies: rescue and crime-fighting purposes. However, accusations against NSO Group: spyware sales to authoritarian regimes and human rights abusers.

How Pegasus spyware has been used to target and spy on people around the world

The Pegasus Project: a global investigation into Pegasus spyware

July 2021: seventeen media outlets exposed Pegasus spying on leaders, activists, journalists and dissidents, leading to “global human rights violations.

The Pegasus Project was led by Forbidden Stories, a Paris-based nonprofit journalism organization, and Amnesty International’s Security Lab, which analyzed the phones of the victims. They revealed that NSO Group’s clients selected over 50,000 phone numbers for surveillance since 2016.

The high-profile targets of Pegasus spyware

NSO Group’s clients selected phone numbers of three presidents (Macron, Ramaphosa and Salih), 10 prime ministers (Khan, Madbouly, El Othmani, Modi, Orbán, bin Daghr, Hariri, Bedoui, Sagintayev and Michel) and one king (Mohammed VI).

The investigation also found at least 180 journalists from 20 countries targeted by Pegasus spyware. They included reporters from CNN , NYT , WSJ , Guardian , Al Jazeera , Le Monde , FT , WP , Reuters , Bloomberg , AP.

Furthermore , the investigation showed evidence of Pegasus spyware infections or attempts on at least 37 phones of journalists , activists , and executives from 10 countries. They were from India , Mexico , France , Morocco , Hungary , Azerbaijan , Bahrain , Saudi Arabia , UAE , and Rwanda.

Some of the other countries and people that have been reportedly targeted by Pegasus spyware are:

  • Azerbaijan: to spy on opposition politicians such as Ali Karimli and journalists such as Khadija Ismayilova in 2019
  • Bahrain: to spy on activists such as Nabeel Rajab and Moosa Abd-Ali Ali in 2020
  • Hungary: to spy on journalists such as Szabolcs Panyi and politicians such as Bernadett Szél in 2019
  • Kazakhstan: to spy on journalists such as Aigul Utepova and activists such as Serikzhan Bilash in 2020
  • UAE: to spy on Princess Latifa, the daughter of Dubai’s ruler who tried to escape in 2018
  • USA: to spy on Jeff Bezos, the founder and CEO of Amazon, who had his phone hacked by Pegasus spyware in 2018 after he received a WhatsApp message from Mohammed bin Salman, the crown prince of Saudi Arabia

These cases show that Pegasus spyware has been used to violate human rights, free speech, and democracy around the world. The victims of Pegasus spyware have faced harassment, intimidation, arrest, torture, or assassination because of their work or opinions.

The latest news on Pegasus and its consequences

Since we published our article, there have been several important developments regarding Pegasus and its impact on the security and privacy of mobile phone users. Here is a summary of the latest news on Pegasus, sorted by descending chronological order:

Algeria launches an investigation into allegations related to Pegasus spyware

On July 21, 2023, Hindustan Times reported that Algeria had launched an investigation into allegations related to Pegasus spyware. The Algerian attorney general announced that he would open an investigation into the allegations that Pegasus spyware had been used to spy on Algerian personalities, including President Abdelmadjid Tebboune and Army Chief of Staff Saïd Chengriha. According to an investigation conducted by the Forbidden Stories consortium and Amnesty International, and published by several international media outlets, Algeria was among the 50 countries whose phone numbers had been selected as potential targets by NSO Group’s clients, who are mainly governments and intelligence agencies. The investigation revealed that more than 600 Algerian personalities had been targeted by Pegasus between 2017 and 2021, including ministers, diplomats, journalists, activists, political opponents and civil society members. The investigation also suggested that Morocco was the main user of Pegasus in North Africa, and that it had spied on its Algerian neighbors for geopolitical and security reasons. The Algerian attorney general said that he would conduct a “thorough and serious” investigation into this matter, and that he would cooperate with the judicial authorities of the countries concerned. He also said that Algeria condemned “firmly” any violation of its national sovereignty and the privacy of its citizens.

This case shows that Pegasus poses a threat to the sovereignty and security of African countries, which are often victims of foreign interference. It also shows that Algeria takes seriously the protection of its citizens from illegal spying. We applaud the initiative of the Algerian attorney general to open an investigation on this subject.

The Spanish investigation into Pegasus spyware is closed due to “total lack of cooperation” from Israel

On July 10, 2023, The Times of Israel revealed that the Spanish investigation into Pegasus spyware had been closed due to “total lack of cooperation” from Israel. A Spanish judge was investigating the alleged hacking of phones of Spanish ministers with Pegasus spyware, made by the Israeli company NSO Group. The judge had asked four times the Israeli government to provide him with information on the software and to allow him to interrogate NSO Group’s CEO, but he never received a response. The judge therefore decided to close provisionally the case, citing the “total lack of cooperation” from Israel, which prevented the investigation from progressing. The judge indicated that the only possible recourse was diplomatic pressure, to urge Israel to respect its obligations under international treaties.

This case shows that Pegasus raises a legal and ethical problem, which requires international cooperation to enforce law and justice. It also shows that Israel displays a lack of transparency and accountability on its activities related to Pegasus spyware. We regret Israel’s attitude, which hinders the Spanish investigation and which does not respect its international commitments.

The FBI used Pegasus spyware to spy on iPhones, in violation of the US ban

On August 1st, 2023, Mac4Ever revealed that the FBI had used Pegasus spyware to spy on iPhones, in violation of the ban imposed by the US government in November 2021. According to the information published by The New York Times and The Guardian, the FBI had acquired Pegasus spyware in 2019, under Trump’s administration, for 9 million dollars. The bureau had tried to access data from some iPhones, including those of US officials in Uganda, without their consent or knowledge. The FBI had also used another product from NSO Group, Landmark, which allows locating phones through flaws in cellular networks. This product had been used by a subcontractor of the FBI to track drug traffickers in Mexico, without informing the FBI of the origin of the product. The FBI had terminated the contract with the subcontractor and opened an internal investigation into this matter.

This case shows that Pegasus represents a danger for the privacy and human rights of mobile phone users, including in the US. It also shows that the FBI acted in contradiction with US foreign policy and national security, which placed NSO Group on a blacklist in November 2021. It finally shows that the FBI was deceived by a subcontractor who provided it with an illegal and insecure product. We denounce the use of Pegasus spyware by the FBI and we demand an independent investigation into this case.

By summarizing the latest news on Pegasus and its consequences, we show that the threat is still present and that it is urgent to protect yourself from this spyware with Evicypher NFC HSM.

How to detect and remove Pegasus spyware?

Pegasus is a malicious software that can hack your phone and access your data, calls, location, camera and microphone. It can use security flaws in Android and iOS to install silently and activate by a missed call or a hidden message.

If you suspect that you have Pegasus spyware on your phone, you can use a tool called MVT (Mobile Verification Toolkit) to scan your phone and check for traces of infection. MVT is a free tool developed by Amnesty International’s Security Lab. It works for both iOS and Android phones, but it requires some technical skills and a computer to run it.

To use MVT, you need to follow these steps:

  • Back up your phone to a computer using iTunes (for iOS) or ADB (for Android)
  • Download and install MVT on your computer using Python
  • Download the Indicators of Compromise (IOC) file from Amnesty International’s GitHub repository
  • Run MVT on your computer and point it to the backup of your phone and the IOC file
  • Read the analysis report and look for signs of infection
  • If MVT finds evidence of Pegasus spyware on your phone, you should take immediate action to remove it and protect yourself. Here are some recommendations:
    • Erase your phone and restore it to factory settings
    • Change all your passwords and enable two-factor authentication
    • Contact a trusted expert or organization for further assistance
    • Report the incident to the authorities or the media

You can find more detailed instructions on how to use MVT and what to do if you are infected on Amnesty International’s website or on The Verge’s guide. You can also use iMazing’s spyware detection tool for iOS devices, which is easier to use than MVT but less comprehensive.

Pegasus is a serious threat to your privacy and security. You should be aware of the risks and take precautions to protect yourself. EviCypher NFC HSM is a powerful solution that can help you encrypt your data and your communications on your mobile phone with your own keys. You can also use MVT or iMazing’s tool to detect and remove Pegasus spyware if you think you are infected. Stay safe and vigilant!

How EviCypher NFC HSM can protect you from Pegasus spyware

EviCypher NFC HSM: features and capabilities

EviCypher NFC HSM Technology: encryption via a Contactless Hardware Security Module (NFC HSM) designed and manufactured by Freemindtronic, an Andorrane R&D company in cyber, safety, security and anti spy.

EviCypher NFC HSM: store your keys and secrets in a contactless NFC device, like a card, sticker, or keychain. The Android phone’s NFC signal powers the device and serves as the terminal and UI. The device can store up to 200 secrets in its EEPROM memory.

The device: patented wireless access control system for two access profiles: administrator and users. Share your secrets without compromising your privacy. Patented authentication system by segmented key for up to 9 trust criteria to encrypt your secrets, such as geolocation, BSSID, password, or fingerprint.

Evicypher NFC HSM: Use your secrets without constraint with different Android NFC phone and all types of computers via extensions for web browser and web courier and open source Thunderbird. Share your secrets safely and with confidence offline and in Gap air. That is to say physically isolated from networks. In addition, you can share your secrets proximity by Bluetooth ADHOC or via a simple QR code encrypted in RSA 4096. You can thus encrypt or oversee all your favorite email types from your NFC HSM. It is contactless encryption between human being, without leaving any traces of your secrets in your phones or computers.

Products and services based on EviCypher NFC HSM technology

EviCypher NFC HSM: based on EviCore NFC HSM Technology, one of Freemindtronic’s white label products and services with patented technologies. Only available under patent license for white label products integration.

Evicypher NFC HSM: double-use version for civil and defense purposes , with reinforced security for your secrets , using more hidden and/or shared trust criteria , unknown to the user , preventing physical or legal threats from obtaining them . This version: for sovereign entities , like armed forces or secret services , needing more protection against espionage threats like PEGASUS spy software.

How to get and use EviCypher NFC HSM

Anonymously, with Freemindtronic Install on your NFC Android phone, create and store your secrets in an NFC HSM. Define your access profiles and trust criteria for each secret. Use your unlimited secrets with different NFC Android phones. Use your usual communications without changing your habits, email, webmail, chat, SMS, instant messaging, to encrypt them without contact just by passing the NFC HSM from Freemindtronic under the NFC antenna of your phone. Share your secrets with others who also have NFC HSM compatible with EviCypher NFC HSM technology.

To use EviCypher NFC HSM: Android phone with NFC and Freemindtronic app [here]. NFC device compatible with EviCore NFC HSM technology, such as Datashielder product with EviCypher NFC HSM and EviPass NFC HSM technologies. You will have the choice of different models and designs manufactured by Freemindtroic the Freemindtronic website click [here] to find out more.

EviCypher NFC HSM is a technology that allows you to fight against Pegasus spyware by securing your keys and secrets with hardware encryption and NFC. With EviCypher NFC HSM, you benefit from an innovative, practical and flexible solution for your personal or professional needs.

If you are interested in obtaining Evicypher NFC HSM technology and using it for your personal or professional needs, you can contact Freemindtronic by clicking [here]. You can also consult on the site how Evicypher NFC HSM technology works by clicking [here].

Conclusion and recommendations

Pegasus spyware: a privacy and human rights threat needing urgent action and regulation. Amnesty International calls for a global moratorium on surveillance technology sales and use until a human rights-compliant framework exists.

Evicypher NFC HSM: A technology to help you protect yourself from spyware like Pegasus with contactless encryption from a NFC HSM device without ever keeping clear data in the phone and/or computer with the possibility of deciphering the encrypted messages in AES256 Post quantum in GPA air via an QR code encrypted in RSA-4096 from the NFC HSM. Freemindtronic, a research and development company of safety, security, cyber security and andorran spying solution, which develops and offers various NFC HSM format and services available under white brand license with patented technologies.

Evicypher NFC HSM: Use your secrets without constraint with various NFC Android phones and all types of computers via extensions for web browser and web mail and Thunderbird source. Share your secrets safely and with confidence offline and in Gap Air. That is to say physically isolated from networks. In addition, you can share your secrets by Bluetooth Adhoc proximity or via a simple QR code encrypted in RSA 4096. You can quantify in seconds all your texts and parts attached for all your favorite messaging from your NFC HSM. It is contactless encryption between humans, without leaving traces of your secrets in your phones or computers.

Articles, Digital Security, EviCypher Technology

Protect US emails from Chinese hackers with EviCypher NFC HSM?

Posted on by FMTAD
Protect your emails from Chinese hackers How to protect your emails from Chinese hackers with EviCypher NFC HSM technology
31
Jul

Protect your emails from Chinese hackers by Jacques Gascuel: This article will be updated with any new information on the topic.  

Protéger les e-mails américains contre les pirates chinois avec la technologie HSM NFC EviCypher

Les courriels et les pièces jointes des institutions américaines font l’objet d’une attaque sans précédent qui proviendrait de pirates chinois. Comment la technologie HSM NFC EviCypher d’Andorre, développée par Freemindtronic, peut-elle les chiffrer sans contact et prévenir la corruption ? Dans cet article, vous découvrirez pourquoi les pirates ne peuvent pas lire les emails et leurs pièces jointes qui sont exfiltrés, notamment ceux du gouvernement américain qui utiliserait cette technologie qui stocke physiquement les clés de chiffrement à l’extérieur. Ainsi, seuls les utilisateurs autorisés qui disposent d’un HSM NFC Freemindtronic avec la bonne clé peuvent les déchiffrer.

How EviCypher NFC HSM technology can protect emails from Chinese hackers

The Chinese hack on US emails: what happened and why it matters

In July 2023, a massive cyberattack targeted email accounts belonging to US government officials, as well as private organizations and universities. The hackers, suspected of being linked to the Chinese government, exploited a vulnerability in Microsoft’s cloud service, called Exchange Server, which allows users to access their emails via the web.

According to Microsoft, the attack affected more than 30,000 organizations in the US and thousands of others around the world. The hackers used a technique called “web shell”, which involves installing malicious software on the compromised servers, giving them remote access to the data and systems of the victims.

Among the victims were the State Department, the Defense Department, the Justice Department, the Energy Department, NASA, FAA, as well as defense companies, NGOs, media and academic institutions. The hackers were able to access the emails and the attachments of the hacked accounts as well as other information stored in their email account such as contacts and calendars.

Microsoft described the attack as “highly sophisticated and targeted” and attributed responsibility to a group named Hafnium which it describes as “a state-sponsored actor backed by China”. The Chinese government denied any involvement and accused Microsoft of “slandering” China.

Microsoft released security patches to fix the vulnerability patches to fix the vulnerability and advised all Exchange Server users to apply them immediately. It also collaborated with US authorities to investigate the incident and help the victims recover from the attack.

The attack raised concerns about the security of cloud computing, which is increasingly used by public and private organizations to store and manage their data. Cloud computing offers benefits such as cost reduction, flexibility and efficiency.

How EviCypher NFC HSM technology could have prevented the Chinese hack on US emails

If you want to protect your emails from Chinese hackers or any other cyber threats, you should consider using EviCypher NFC HSM Technology. It is a technology patented especially in the United States that allows you to store and use your cryptographic keys in a contactless device. It is a simple, efficient and durable solution for securing your data and secrets. In this section, we will explain how EviCypher NFC HSM works, what are its main features and benefits, and how it can help you protect your privacy and security.

What is EviCypher NFC HSM and how does it work?

EviCypher NFC HSM is a technology developed by Freemindtronic, an Andorran company specialized in NFC security. It is based on EviCore NFC HSM, which is a hardware security module that combines hardware encryption and NFC communication protocols to protect your keys and secrets.

With EviCypher NFC HSM, you can store your keys and secrets in a contactless device, such as a card, a sticker or a keychain. The device is powered by the NFC signal of the Android phone. This phone serves as terminal and user interface. The data stored in memory are encrypted contactlessly from the EviCypher NFC HSM application that performs encryption and decryption operations using advanced algorithms, such as AES 256 bits and RSA 4096 bits.

EviCypher NFC HSM also implements anti-cloning and anti-replay mechanisms to prevent unauthorized access or duplication of your secrets. The device has a patented power monitoring and protection device with black box. This device ensures the integrity and availability of the device. The device also has a patented wireless access control system that allows you to define two distinct access profiles: administrator and users, without allowing them to access each other’s secrets without their authorization. The device also has a patented segmented key authentication system that allows you to define up to 9 trust criteria for encrypting your secrets, such as geolocation, BSSID, password or fingerprint.

How EviCypher NFC HSM could have prevented the Chinese hack on US emails?

If the US government had used EviCypher NFC HSM technology with EviCore NFC HSM technology, the Chinese attack would have had no impact. Indeed, even if the hackers had succeeded in exploiting Microsoft Exchange Server’s vulnerability, they would not have been able to access emails and attachments of accounts protected by EviCypher NFC HSM. They would need the corresponding NFC device to decrypt data. Moreover, they would not have been able to clone or replay the NFC signal because EviCypher NFC HSM uses protection techniques against these attacks. Finally, they would not have been able to bypass access control or trust criteria because EviCypher NFC HSM allows you to define custom profiles and parameters for each user.

By using EviCypher NFC HSM, you can encrypt and decrypt your data with your own keys, without relying on any third-party service or provider. You can also use different encryption algorithms, such as AES 256 bits and RSA 4096 bits, to ensure the highest level of security for your data. In addition, you can share and exchange your keys with other users who have EviCypher NFC HSM devices, using secure NFC communication protocols.

How to protect your emails and messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM with different messaging applications, such as:

Webmail services: how to protect your emails and attachments with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your emails and attachments stored in webmail services. For example: Gmail, Yahoo Mail, Proton Mail, Outlook, Roundcube Webmail, HCL Domino Webmail and others. To do this, you need to install the EviCypher Webmail extension on your web browser based on Chromium, such as Chrome. The extension will automatically add buttons to encrypt and decrypt your messages via the NFC device.

Instant messaging services: how to protect your messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your messages sent or received from instant messaging services. For example: WhatsApp, Telegram, Signal, Facebook Messenger, Skype and others. To do this, you need to install the EviCypher IM extension on your web browser based on Chromium, such as Chrome. The extension will automatically add buttons to encrypt and decrypt your messages via the NFC device.

SMS: how to protect your SMS messages with EviCypher NFC HSM?

You can use EviCypher NFC HSM to encrypt and decrypt your SMS messages sent or received from your Android phone. To do this, you need to install the EviCypher SMS application on your phone. The application will automatically encrypt and decrypt your SMS messages via the NFC device.

Statistics on email attacks against the US

According to a report by Proofpoint, a cybersecurity company, email is the most common vector for cyberattacks against the US. The report states that in 2022, more than 80% of organizations in the US faced at least one email-based attack, such as phishing, malware or ransomware. The report also reveals that the US is the most targeted country by email threats, accounting for 36% of all global attacks. The report also identifies China as one of the top sources of email attacks, along with Russia, Iran and North Korea.

The report also highlights the impact of email attacks on the US economy and security. The report estimates that email attacks cost US organizations more than $20 billion in 2022, due to data breaches, business disruptions, reputational damage and legal fees. The report also warns that email attacks pose a serious threat to the US national security, as they can compromise sensitive information, disrupt critical infrastructure and undermine public trust.

The report recommends that US organizations adopt a comprehensive and proactive approach to email security, which includes:

  • Educating employees on how to recognize and avoid email threats
  • Implementing advanced email security solutions that can detect and block malicious emails
  • Encrypting sensitive data and using strong passwords
  • Backing up data regularly and having a recovery plan in case of an attack
  • Reporting any suspicious or malicious email activity to authorities

What is EviCore HSM OpenPGP and how does it protect your emails from Chinese hackers?

EviCore HSM OpenPGP is a technology that transforms your Android or iPhone into a hardware security module (HSM) for encrypting and storing your cryptographic keys. It leverages the highly secure OpenPGP standard, known for its use by whistleblowers, journalists, activists and privacy advocates.

With EviCore HSM OpenPGP, you can generate and manage your own keys on your phone, without relying on any third-party service or provider. You can also encrypt and decrypt your messages with your own keys, using the EviCypher HSM OpenPGP application that supports various messaging applications, such as email, webmail, SMS, RCS and more.

EviCore HSM OpenPGP also implements anti-cloning and anti-replay mechanisms to prevent unauthorized access or duplication of your keys. The application also has a patented wireless access control system via an NFC HSM EviBadge NFC HSM that allows you to authenticate and encrypt with segmented keys the OpenPGP encryption keys or any other types of keys stored in the phone. It is also possible to add trust criteria that allow you to define up to 7 trust criteria for encrypting messages (email, webmail, SMS, MMS, RCS and others) such as geolocation, BSSID, password, fingerprint, facial recognition, segmented keys between two distinct parties.

By using EviCore HSM OpenPGP, you can protect your emails from Chinese hackers or any other cyber threats. You can also use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.

What are the advantages of EviCore HSM OpenPGP?

EviCore HSM OpenPGP offers several advantages over other encryption solutions, such as:

  • Simplicity: You don’t need any additional hardware or software to use EviCore HSM OpenPGP. You only need your phone and the EviCypher HSM OpenPGP application.
  • Efficiency: You can encrypt and decrypt your messages with a single tap on your phone screen. You don’t need to enter any passwords or codes to access your keys.
  • Durability: You can store your keys securely on your phone memory, export them, import them, back them up on a cloud service or an external storage device. You can also use NFC HSM devices to add other trust criteria with segmented keys stored in the device.
  • Compatibility: You can use EviCore HSM OpenPGP with different messaging applications, such as email, webmail, SMS, RCS and more. You can also use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.
  • Security: You can protect your keys and messages from hackers, malware and physical theft. You can also control who can access your keys and messages by defining access profiles and trust criteria.

How EviCypher HSM Technology is protected by patents

EviCypher HSM technology is protected by several patents issued by various countries, including the US. Some of these patents are:

  • US20210136579: A method for securing data using a contactless device that stores cryptographic keys and performs encryption and decryption operations via NFC communication with an Android phone.
  • US20100188785: A method for protecting a contactless device from cloning or replay attacks by using a power monitoring and protection device with black box that detects any abnormal power consumption or interruption.
  • US20180336335: A method for authenticating a contactless device by using a segmented key authentication system that allows defining up to 9 trust criteria for encrypting secrets, such as geolocation, BSSID, password or fingerprint.

These patents demonstrate the innovation and originality of EviCypher HSM Technology, as well as its compliance with the US intellectual property laws. These patents also provide legal protection for EviCypher NFC HSM Technology and EviCypher HSM OpenPGP against any potential infringement or imitation by competitors.

Conclusion

EviCore HSM OpenPGP is a new technology that allows you to turn your phone into a hardware security module for encrypting and storing your cryptographic keys. It is based on the OpenPGP standard, which is widely used for secure communication and data protection. By using EviCore HSM OpenPGP, you can protect your emails from Chinese hackers or any other cyber threats. You can also use it with different messaging applications, such as email, webmail, SMS, RCS and more. Moreover, you can use it with EviCypher NFC HSM devices, which allow you to encrypt and decrypt data in air gap mode.

We hope this article has helped you understand how EviCore HSM OpenPGP works and what are its advantages. If you are interested in learning more about this technology or ordering your own device, please visit the official website of Freemindtronic, the company that developed it. You can also watch this video that explains how EviCore HSM OpenPGP works and how to use it with different messaging applications.

Thank you for reading this article. We hope you have learned something new and useful about how to protect your emails from Chinese hackers with EviCypher NFC HSM technology. If you have any questions or feedback, please feel free to leave a comment below. We would love to hear from you.

If you enjoyed this article and found it helpful, please share it with your friends and family who might be interested in protecting their emails from Chinese hackers or any other cyber threats. Stay safe and secure with EviCypher NFC HSM technology!

Original source: https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/

Articles, Digital Security, EviVault Technology, NFC HSM technology, Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

Posted on by FMTAD
EviVault NFC HSM and EviCore NFC HSM Embedded ISO 15693 VS Flipper Zero
04
Jul

EviVault NFC HSM vs Flipper Zero by Jacques Gascuel: This article will be updated with any new information on the topic.  

Unveiling the Encounter: EviVault NFC HSM vs Flipper Zero

This article examines the encounter between EviVault NFC HSM and Flipper Zero. While EviVault NFC HSM securely stores your blockchain keys offline, Flipper Zero serves as a device to test the security of wireless systems and NFC tags. The crucial question remains: Can Flipper Zero break through the defenses of EviVault NFC HSM and access your cryptocurrencies keys? The resounding answer is no, and we will explore the compelling reasons behind this assertion.

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

EviVault NFC HSM vs Flipper Zero: this is the question that this article will answer. EviVault NFC HSM is a technology that securely stores your blockchain keys offline. Flipper Zero is a device that tests the security of wireless systems and NFC tags. Can Flipper Zero compromise EviVault NFC HSM and access your cryptocurrencies keys? The answer is no, and this article will explain why.

EviVault NFC HSM vs Flipper Zero is a topic that interests many crypto enthusiasts and security experts. Moreover, it sparks curiosity about the comparison between these two technologies. EviVault NFC HSM is a technology that allows offline physical secure storage of blockchain private keys, cryptocurrencies, wallets, Bitcoin, Ethereum, NFTs, Smart Contracts. Freemindtronic, a company from Andorra that specializes in NFC security solutions, developed it. EviVault NFC HSM uses the EviCore NFC HSM technology, which offers a high level of protection and encryption for your keys and secrets. It also works with Freemindtronic’s NFC HSM devices, which are contactless devices that can store and use your crypto keys and secrets. You can learn more about this technology here: https://freemindtronic.com/evicore-nfc-hsm-the-technology-by-freemindtronic/.

Flipper Zero is a versatile tool for testing the security and cybersecurity of systems, especially for pentesters. However, it can be used for malicious purposes, such as by cybercriminals to hack into digital systems, such as radio protocols, access control systems, hardware and more. At first glance, one might think that Flipper Zero is capable of compromising EviVault NFC HSM by reading or cloning its secrets without contact. However, this is not the case because EviVault NFC HSM has several security mechanisms that prevent any attempt of physical or logical attack.

In this article, we will explain how EviCore NFC HSM can resist effectively to the attacks of pentest tools like Flipper Zero and how it protects your blockchain assets from end to end, focusing on the device level.

How EviCore NFC HSM protects and encrypts your secrets with a secure element

First of all, EviCore NFC HSM is a proprietary technology that uses an NFC HSM to store and protect your secrets. It uses a proprietary protocol called EVI (Encrypted Virtual Interface) based on the ISO 15693 standard (https://www.st.com/resource/en/datasheet/m24lr64e-r.pdf or (https://www.st.com/resource/en/datasheet/st25dv64kc.pdf).

EVI ensures the proper functioning of reading and writing encrypted secrets with an intelligent system of error monitoring for write errors or reading from the secure EEPROM memory. You can find more information about the security standards and algorithms used by EVI here: https://freemindtronic.com/evicore-nfc-hsm-security-information-standards-algorithms-regulatory.

Moreover, EviCore NFC HSM uses other specific encryption algorithms such as AES CTR SHA 256 bits to encrypt and protect your secrets by segmented keys. Meanwhile EVI protects the keys used to access the RF NFC memories with a very strong secret code via AES ECB 128. This secret code prevents unauthorized reading or modification of keys. EVI makes the NFC and RF memories safer to combat invasive or non-invasive attacks from pentest tools like Flipper Zero.

EviCore NFC HSM: a fortress for your secrets EviVault NFC HSM vs Pentester

The NFC HSM EviCore, developed by Freemindtronic, is a technology protected by three patents of invention in their implementation. It is incomparable. It uses its innovative Encrypted Virtual Interface (EVI) protocol to ensure unparalleled security of confidential data in the duel EviVault NFC HSM vs Flipper Zero. This technology, compliant with the ISO 15693 standard, constitutes a multi-layer defense for your information. Seamlessly integrated within it are advanced features such as encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting, and comprehensive black box management.

The Interaction between EVI and the NFC HSM: Securing Secrets in the EviVault NFC HSM vs Flipper Zero Duel

EVI, the Machine-to-Machine (MtoM) interface, collaborates with NFC HSM chips to ensure secure management of encrypted data read and write operations without risk of physical and digital errors. Thus, EVI monitors errors in reading/writing secure EEPROM memory through a sophisticated error tracking system that includes user errors of NFC HSM. In addition, it independently manages various cryptographic tasks such as encryption, decryption, signing, verification, and key generation of access codes to EEPROM memories. It thus strengthens the level of security, resilience and security of encrypted secrets. These are encrypted with other EviCore NFC HSM algorithms. This already constitutes two lines of defense against invasive or non-invasive attacks.

The Importance of External Elements in the EviVault NFC HSM vs Flipper Zero Duel

The encryption methodology of EviCore NFC HSM allows each segment to have a different physical origin in the duel EviVault NFC HSM vs Flipper Zero. This means that it can come from an external element to the NFC HSM, such as a geographic location and/or a password or fingerprint reading and/or a segmented QR code key exceeding 256 bits and/or BSSID and/or an NFC Android phone identifier. In fact, these elements serve as physical origin trust criteria, thus strengthening the validation process to access the secrets stored in the NFC HSM. Thus, this patented technology constitutes a third line of defense against various types of attacks, whether in proximity or at a distance, thanks in particular to encryption by encapsulations including these criteria freely defined by the user.

Superior Encryption and Deterrence against Unauthorized Access in the EviVault NFC HSM vs Flipper Zero Duel

Using high-quality encryption algorithms such as AES CTR SHA 256 bits considered post-quantum, the EviCore NFC HSM technology ensures that secrets remain inaccessible to unauthorized entities in the long term against pentest tools such as in the duel EviVault NFC HSM vs Flipper Zero. In addition, EVI protects the keys of NFC RF memories using AES ECB 128, preventing any unauthorized reading or modification. Thus, with this post-quantum encryption of secrets stored in the NFC HSM, it constitutes the fourth line of defense against attacks, especially invasive ones via pentest tools such as Flipper Zero.

Comprehensive Defense against Cyber Threats in the EviVault NFC HSM vs Flipper Zero Duel

EviCore NFC HSM provides a comprehensive defense strategy against both physical and logical attacks in the EviVault NFC HSM vs Flipper Zero duel. Its defenses include countermeasures against tampering, cloning, side-channel analysis, and reverse engineering. As the battle between EviVault NFC HSM and Flipper Zero intensifies, EviCore NFC HSM remains steadfast in protecting your secrets and ensuring a resilient defense against emerging cyber threats.

The EviCore NFC HSM technology operates without batteries and is activated on-demand, optimizing energy usage by leveraging the NFC signal of an Android phone. This unique feature not only showcases the system’s efficiency but also its environmentally friendly design. With EviCore NFC HSM technology, you get the peace of mind offered by patented and unparalleled security in the security and safety of sensitive data such as blockchain and cryptocurrency private keys in the face of perpetually evolving challenges via pentest tools that are freely accessible and very useful for testing, especially the duality EviVault NFC HSM vs Flipper Zero.

How Flipper Zero reads and emulates NFC cards

Flipper Zero has a Reading NFC cards function that allows it to read, save and emulate NFC cards. An NFC card is a transponder that operates at 13.56 MHz and has a unique number (UID) as well as a part of rewritable memory for storing data. Depending on the card type, memory can be segmented into sectors, pages, applications, etc. When near a reader, the NFC card transmits the requested data.

Flipper Zero can read different types of NFC cards according to their standard and protocol:

  • NFC cards type A: MIFARE Classic®, MIFARE Ultralight® & NTAG®, MIFARE® DESFire®
  • NFC cards type B: Calypso®, CEPAS
  • NFC cards type F: FeliCa™
  • NFC cards type V: ICODE® SLIX
  • Unknown cards: cards not recognized by Flipper Zero

Flipper Zero can also emulate NFC cards by using the data saved in its memory. To do this, you have to select a card from the Saved list then press Emulate. Flipper Zero will then behave like an NFC card and can communicate with a compatible reader.

Flipper Zero can therefore communicate with EviCore NFC HSM technology using the ISO 15693 standard which is supported by the ST25R3916 component it uses. However as we have seen previously this communication is limited and secured by EviVault NFC HSM protection mechanisms. Moreover Flipper Zero can emulate an ISO 15693 card even if the emulator has limitations. Indeed, the ST25R3916 component used by Flipper Zero allows emulation according to the ISO 15693 standard via RFLA (RF/NFC Abstraction Layer). However this emulation has limits to be able to test the NFC HSM of Freemindtronic. This excludes, for example, the possibility of testing the security and carrying out malicious attacks by emulating an ISO 15693 64Kb NFC chip used by the NFC HSMs used by the EviVault NFC HSM technology.

If you want to know more about Flipper Zero’s Reading NFC cards function and its emulation possibilities you can check out the following links:

Flipper Zero’s Capabilities and Limitations in Attacking EviVault NFC HSM

Flipper Zero’s Support of NFC-V Protocol and Emulation

A New Feature in Firmware 0.85.2

Flipper Zero is a multifunctional gadget for hackers that supports NFC technology. It can read, write, clone, and emulate NFC cards using a built-in 13.56 MHz NFC module. Flipper Zero uses a ST25R3916 NFC controller and a RFAL library to handle high-frequency protocols (NFC) and facilitate the development of NFC applications.

Flipper Zero supports the NFC-V (ISO15693) protocol since the firmware version 0.85.2. This protocol is used by some NFC tags, such as transport cards or electronic labels. With this feature, Flipper Zero can read and emulate these tags, which can be useful for testing their security or having fun with them.

The NFC-V protocol is a contactless protocol that operates at 13.56 MHz and allows data transfer at a distance of a few centimeters, with a maximum speed of 26.48 kbit/s. The NFC-V protocol is based on the ISO15693 standard, which defines the physical and logical characteristics of NFC tags. The NFC-V tags are recognized by the NFC Forum as type 5 tags.

To use the NFC-V protocol with Flipper Zero, you need to select the “NFC” option in the main menu, then choose the “NFC-V” mode. Then you need to bring the Flipper Zero close to an NFC-V tag to detect it and display its information. You can then choose to perform different actions on the tag, such as:

  • Read: to read the content of the tag and display it on the screen of Flipper Zero. The tag can contain up to 256 blocks of 4 bytes each.
  • Write: to write data on the tag, by choosing the page and the bytes to modify. The writing can be protected by a password.
  • Clone: to copy the content of the tag into the internal memory of Flipper Zero. Flipper Zero can store up to 8 cloned tags.
  • Emulate: to make the reader believe that Flipper Zero is the original tag. Flipper Zero can emulate any cloned tag.

A Potential Threat for EviVault NFC HSM

This feature also introduces a potential threat for EviVault NFC HSM, as Flipper Zero can now emulate an NFC-V card and try to access its data or functions. However, this threat is not very serious, as EviVault NFC HSM has strong security mechanisms that prevent unauthorized access or tampering.

EviVault NFC HSM is a hardware security module that uses NFC technology to store and manage cryptographic keys. It is designed to protect sensitive data and transactions from unauthorized access or tampering. It can be used as a secure element for authentication, encryption, digital signature, or blockchain applications.

EviVault NFC HSM uses encryption, authentication, protection against cloning and replay, and other techniques to ensure that only authorized devices can interact with it. Even if Flipper Zero can emulate an NFC-V card, it cannot decrypt or modify its data, nor perform any cryptographic operations on it.

Therefore, Flipper Zero’s support of NFC-V emulation does not compromise EviVault NFC HSM’s security or confidentiality.

Documentation

If you want to learn more about Flipper Zero’s support of NFC-V protocol and emulation, you can consult the following documentation:

Flipper Zero’s Lack of Support for Energy Harvesting and Password Protection

Two Features of M24LR64E-R and ST25DV64KC Chips

The M24LR64E-R and ST25DV64KC are dynamic NFC/RFID chips with 64-Kbit EEPROM, energy harvesting, I2C bus and RF ISO 15693 interface. They are used by Freemindtronic for their EviVault NFC HSM products. They have two features that Flipper Zero does not support: energy harvesting and password protection.

Energy harvesting is a function that allows the chip to harvest energy from the RF field and use it to power external components. This can be useful for low-power applications or battery-less devices. The chip has an analog pin for energy harvesting and four sink current configurable ranges.

Password protection is a function that allows the chip to protect its data from unauthorized access or modification by using passwords. The chip has three 64-bit passwords in RF mode and one 64-bit password in I2C mode. The passwords can be used to protect one to four configurable areas of memory in read and/or write mode.

Two Limitations for Flipper Zero in Attacking EviVault NFC HSM

Flipper Zero cannot take advantage of these two features for several reasons:

  • Flipper Zero cannot emulate a tag NFC 15693 with a memory of 64-Kbit, because it does not have enough internal memory to store the content of the tag. It cannot therefore pretend to be the original tag and try to access its data or functions.
  • Flipper Zero cannot clone a tag NFC 15693 with a memory of 64-Kbit, because it does not have enough internal memory to copy the content of the tag. It cannot therefore create a duplicate of the tag and modify it at will.
  • Flipper Zero cannot write on a tag NFC 15693 protected by a password, because it does not know the password. It cannot therefore modify the data of the tag or make them inaccessible.
  • Flipper Zero cannot benefit from the energy harvesting function of the M24LR64E-R and ST25DV64KC chips, because it does not have an analog pin to harvest energy. It cannot therefore power external components with the energy of the tag.

These limitations further reduce Flipper Zero’s capabilities in attacking EviVault NFC HSM. While Flipper Zero can interact with NFC-V devices used by NFC HSM, it cannot emulate them, clone them, write on them. EviVault NFC HSM’s robust security mechanisms ensure that Flipper Zero cannot compromise its security or confidentiality.

Documentation

If you want to learn more about the M24LR64E-R and ST25DV64KC chips and their features, you can consult the following documentation:

Conclusion

In this article, we analyzed how Flipper Zero can test the security of or attack EviVault NFC HSM technology through malicious use. This technology enables secure offline physical storage of blockchain private keys, cryptocurrency wallets, NFTs, and smart contracts. It uses EviCore NFC HSM technology that offers a high level of protection and encryption for your keys and secrets. It also works with Freemindtronic’s NFC HSM devices that are contactless devices that can store and use your cryptocurrency keys and secrets. Flipper Zero is a tool that can read, write, clone and emulate NFC cards using a built-in NFC module. It supports the NFC-V (ISO15693) protocol since June 2023, which allows it to interact with the M24LR64E-R and ST25DV64KC chips used by EviVault NFC HSM. However, Flipper Zero cannot compromise EviVault NFC HSM, because it has robust security mechanisms that prevent unauthorized access or modification of its data or functions. These mechanisms include encryption, authentication, protection against cloning and replay, energy harvesting and password protection. Therefore, EviVault NFC HSM is a reliable and innovative solution for offline storage and use of cryptocurrency keys without risk of hacking or loss.

It is understood that to perform this type of invasive or non-invasive proximity test or attack, you must first physically obtain an NFC HSM with blockchain or cryptocurrency private keys stored via EviVault NFC HSM.

Since it is not possible to emulate a NFC-V NFC HSM of 64 KB iso 15963. That it is not possible to guess the decryption keys encrypted in AES considered post-quantum. In addition, encryption keys are segmented to annoy blockchain and cryptocurrency privates. EviVAult NFC HSM technology allows you to securely store physical offline blockchain private keys as well as their public addresses and public keys. You can use them contactlessly on Android NFC phone or all computers such as Microsoft Windows, Linux and iOS Apple. It also protects them from environmental hazards by using NFC chips coated with defense-grade resin.

To acquire products using EviVault NFC HSM technology, simply check that the product includes this technology. If in doubt, contact Freemindtronic by clicking here.

Comparison table of EviVault NFC HSM and Flipper Zero features

It might be useful to add this table of main features of EviVault NFC HSM and Flipper Zero to show the communication links that allow Flipper Zero to communicate with EviCore NFC HSM technology. Here is the table formatted with the features of EviVault NFC HSM and Flipper Zero.

Feature EviVault NFC HSM Flipper Zero
Encryption algorithm AES 256 bits and RSA 4096 None
Authentication mechanism Segmented key with 9 trust criteria None
Protection against cloning and replay Yes No
Power security device and black box Yes No
Wireless access control system Yes No
Memory size 64 KB EEPROM 1024 KB Flash
Memory encryption Yes No
Memory access lockout Yes No
Frequencies below 1 MHz 13.56 MHz ± 7 kHz 13.56 MHz / 125 kHz (LF) and (HF)
NFC standard
  • ISO 15693 and compatible ISO 18000-3 mode 1
  • 423 kHz and 484 kHz
  • 53 kbit/s data rate
 NFC-A / ISO14443A, NFC-B / ISO14443B, NFC-F / FeliCa™, NFC-V / ISO15693, NFC-A / ISO14443A, NFC-F / FeliCa™ in card emulation, compliant with MIFARE Classic®
Sub-GHz frequencies None 315 MHz, 433 MHz, 868 MHz and 915 MHz
Bluetooth Yes: Protected by RSA 4096 for Freemindtronic’s Android NFC application and by AES-128 CBC from EviKeyboard BLE Bluetooth LE 5.0
Wifi Yes: Protected by RSA 4096 for Freemindtronic’s Android NFC application and unique ECC key for one-time use with the NFC HSM Browser extension Yes, optional
Infrared transmitter None Yes
RFID reader-emulator None EM-4100 and HID Prox cards only
NFC reader-emulator None Yes, but without encryption or authentication
Anti-counterfeiting Yes, by unique signature of 128 bits and access to segmented key None
iButton reader-emulator None Yes
GPIO connectors None 18
Man-in-the-middle attack by intercepting the NFC signal Secure Yes

Note that this table shows the differences between the features of EviVault NFC HSM and Flipper Zero when used to attack EviVault NFC HSM.

Articles, Cryptocurrency, Digital Security, Technical News

Securing IEO STO ICO IDO and INO: The Challenges and Solutions

Posted on by FMTAD
Securing IEO STO ICO IDO INO the challenges and solutions EviCore NFC HSM by Freemindtronic
14
Jun

  Securing IEO STO ICO IDO and INO by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Enhancing Security: Securing IEO STO ICO IDO and INO

Cryptocurrencies are digital assets that can be used to buy goods and services, invest in projects, or trade on online platforms. In this article, we will explore the importance of securing IEOs, STOs, ICOs, IDOs, and INOs and how you can protect your investments using EviCore NFC HSM technology.

Discover our other articles on digital security

Securing IEO STO ICO IDO and INO: How to Protect Your Crypto Investments

Cryptocurrencies are digital assets that can be used to purchase goods and services, invest in projects, or trade on online platforms. They are built on blockchain technology, which is a decentralized system that records and verifies transactions without intermediaries. However, to securely and conveniently store your private keys and seed phrases, thus ensuring the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that stores your private keys and seed phrases. These pieces of data enable you to access and control your funds on the blockchain

But how can you securely and conveniently store your private keys and seed phrases in Securing IEO STO ICO IDO and INO? How can you prevent losing them or falling victim to hackers or scammers? And how can you participate in various forms of cryptocurrency crowdfunding, such as ICOs, IEOs, STOs, IDOs, and INOs, without risking your funds?

In this article, we will address these questions and explain how to protect your private keys and starter phrases using NFC (Near Field Communication) HSM. We will also compare different cryptocurrency crowdfunding models and show how to store your private keys and starter phrases with EviCore NFC HSM technology for each of these models.

By reading this article, you will learn:

  • What ICOs, IEOs, and STOs are and how to participate in Securing IEO STO ICO IDO and INO.
  • The significance of seed phrases and private keys in Securing IEO STO ICO IDO and INO.
  • The features and functionality of EviCore HSM technology in Securing IEO STO ICO IDO and INO.
  • How to securely store your seed phrases and private keys using EviCore NFC HSM technology across various use cases in Securing IEO STO ICO IDO and INO.

If you have an interest in cryptocurrencies and want to understand how to secure your funds with EviCore HSM technology in Securing IEO STO ICO IDO and INO, please continue reading!

What are ICOs, IEOs, STOs, IDOs and INOs?

Cryptocurrencies are virtual digital assets that rely on blockchain technology, a decentralized and encrypted ledger that records all transactions conducted on the network. Cryptocurrencies enable their user community to engage in transactions without the use of traditional currencies and also fund innovative projects through cryptocurrency fundraisers.

A cryptocurrency fundraiser involves issuing tokens in exchange for cryptocurrencies. Tokens are digital units that represent a right or value associated with the funded project. There are various types of cryptocurrency fundraisers based on factors such as the nature of the tokens issued, the platform used for transactions, the involvement of trusted third parties, and the level of regulatory oversight. Let’s take a closer look at the main types of cryptocurrency fundraisers in Securing IEO STO ICO IDO and INO:

ICO (Initial Coin Offering)

An ICO is a fundraising operation in which a company issues tokens that investors subscribe to mainly with cryptocurrencies. These tokens can have different functions, depending on the project funded:

  • Utility tokens, which give access to a service or a platform developed by the company.
  • Governance tokens, which allow holders to participate in the strategic decisions of the project.
  • Security tokens, which represent a share of the capital or the revenues of the company.

An ICO usually takes place in several stages:

  • The presale, where investors can buy the tokens at a discounted price, often with a minimum amount required.
  • The public sale, where the tokens are made available to the general public, often with a maximum amount to be raised.
  • The distribution, where the tokens are sent to investors on their wallets..

The advantages of an ICO for investors are:

  • The possibility to support innovative and promising projects.
  • The possibility to benefit from a high capital gain if the project succeeds and the value of the tokens increases.
  • The possibility to diversify your portfolio with digital assets.

The disadvantages of an ICO for investors are:

  • The risk of losing all or part of your investment if the project fails or if the tokens lose their value.
  • The risk of falling for a scam or a fraud, as ICOs are poorly regulated and controlled. The risk of not being able to resell your tokens easily, as there is not always a liquid secondary market.Depending on the country where the ICO takes place, there may be rules to follow, especially in terms of investor protection, anti-money laundering or taxation. Therefore, it is advisable to check the legal status and the compliance of the ICO before investing. Some countries have banned or restricted ICOs, while others have issued guidelines or regulations to ensure their transparency and security.

IEO (Initial Exchange Offering)

An IEO is a fundraising operation in which a company issues tokens on a cryptocurrency exchange platform. The exchange acts as an intermediary between the company and investors, providing security, liquidity, and visibility for the token sale. Investors can purchase tokens using cryptocurrencies or fiat money, depending on the exchange.

An IEO typically involves a single stage:

  • Public sale: Tokens are sold on the exchange platform within a limited time frame and at a fixed price.

Advantages of IEOs for investors include:

  • Enhanced security, liquidity, and visibility compared to ICOs.
  • Access to vetted and quality projects that have been approved by the exchange.
  • Ability to trade tokens immediately after the sale on the same exchange.

Disadvantages of IEOs for investors include:

  • Dependence on a centralized intermediary that controls the token sale process and charges fees.
  • Need to comply with stricter rules and regulations imposed by the exchange and jurisdiction.
  • Risk of missing out on opportunities due to high demand and limited token supply.

STO (Security Token Offering)

An STO is a fundraising operation in which a company issues tokens that represent securities, such as shares or bonds. These tokens are backed by real assets, and investors can purchase them using cryptocurrencies or fiat money, depending on the platform.

STOs typically involve one or more stages:

  • Private sale: Accredited investors can buy tokens at a discounted price, often with a minimum investment requirement.
  • Public sale: Qualified investors can purchase tokens at a fixed price, often with a maximum fundraising amount.

Advantages of STOs for investors include:

  • Opportunity to invest in regulated and compliant projects that offer legal protection and transparency.
  • Potential for real value and returns from the underlying assets of the company.
  • Access to new markets and opportunities that were previously reserved for institutional investors.

Disadvantages of STOs for investors include:

  • Need for accreditation or qualification based on strict criteria set by regulators and platforms.
  • Lack of liquidity and availability compared to utility tokens or cryptocurrencies.
  • Complexity and cost associated with issuing and managing security tokens on blockchain platforms.

IDO (Initial Dex Offering)

An IDO is a fundraising operation in which a company issues tokens on a decentralized protocol for exchanging cryptocurrencies, known as a DEX (Decentralized Exchange). Investors can purchase tokens directly on the DEX without going through a centralized platform or intermediary.

Advantages of IDOs for investors include:

  • Speed and simplicity of the process, as it does not require identity verification or prior fund deposits.
  • Transparency and security of transactions, as they are conducted on the blockchain without reliance on a trusted third party.
  • Liquidity and accessibility of tokens, which are immediately available on the secondary market and can be exchanged for other cryptocurrencies.

Disadvantages of IDOs for investors include:

  • Technical and operational risks associated with decentralized protocols that may have vulnerabilities or bugs.
  • Regulatory and legal risks due to the lack of a clear and harmonized legal framework for cryptocurrency fundraisers.
  • Volatility and speculation risks arising from high demand and limited token supply.

INO (Initial NFT Offering)

An INO is a fundraising operation in which a company issues non-fungible tokens, called NFTs (Non-Fungible Tokens). NFTs are unique and indivisible digital assets that can represent works of art, collectibles, virtual or real goods. Investors can purchase NFTs using cryptocurrencies on specialized platforms.

Advantages of INOs for investors include:

  • Support for creative and original projects that leverage the blockchain’s potential to create value.
  • Possibility to benefit from exclusive and inalienable ownership rights over NFTs, certified by the blockchain and immune to duplication or falsification.
  • Opportunity to resell NFTs on a growing and demanding secondary market.

Disadvantages of INOs for investors include:

  • Risk of overvaluation and speculative bubbles due to the current frenzy around NFTs and their artificial scarcity.
  • Potential for counterfeiting and plagiarism, as effective legal protection for copyrights and trademarks is lacking.
  • Environmental and ethical concerns related to the high energy consumption and negative externalities generated by the blockchain.

Comparison Table of Different Cryptocurrency Crowdfunding Models

Below is a comprehensive table comparing different crowdfunding models in cryptocurrency:

Crowdfunding model Definition Advantages Disadvantages
ICO Fundraising in cryptocurrency by issuing tokens that can have various functions Support innovative projects, benefit from high potential gain, diversify portfolio Risk losing investment, fall for scam, not be able to resell tokens easily, face regulatory uncertainty
IEO Fundraising in cryptocurrency by issuing tokens on an exchange platform that acts as a trusted intermediary Benefit from better security, liquidity and visibility than ICOs, access a wider pool of investors and projects Depend on a centralized intermediary, pay higher fees, comply with stricter rules, face platform risk
STO Fundraising in cryptocurrency by issuing tokens that represent securities such as shares or bonds Invest in regulated and compliant projects, benefit from real value and returns, access new markets and opportunities, reduce intermediation costs Be accredited or qualified, face lack of liquidity and availability, deal with complexity and cost, follow different regulations depending on jurisdictions
IDO Fundraising in cryptocurrency by issuing tokens on a decentralized exchange protocol that eliminates intermediaries Enjoy speed and simplicity of the process, ensure transparency and security of transactions, access liquidity and accessibility of tokens Face technical and operational risk, cope with regulatory and legal risk, deal with volatility and speculation
INO Fundraising in cryptocurrency by issuing non-fungible tokens that represent unique and indivisible digital assets Support creative and original projects, benefit from exclusive and inalienable ownership of NFTs, resell NFTs on a growing and demanding market Deal with overvaluation and speculative bubble, encounter counterfeiting and plagiarism issues, consider environmental and ethical impact

Comprehensive Table of Blockchains Supporting ICOs, IEOs, STOs, IDOs, and INOs

Here is a table showcasing the support for ICOs, IEOs, STOs, IDOs, and INOs across different blockchains, focusing on Securing IEO STO ICO IDO and INO:

Blockchain ICO support IEO support STO support IDO support INO support BIP32 support BIP39 support BIP44 support
Ethereum Yes Yes Yes Yes Yes Yes Yes Yes
Binance Smart Chain (BSC) Yes Yes Yes Yes Yes Yes Yes Yes
Cardano (ADA) No No No Yes No Yes Yes Yes
Solana (SOL) Yes Yes No No No Yes No Yes
Avalanche (AVAX) Yes Yes Yes No No Yes Yes No
Cosmos (ATOM) Yes Yes Yes Yes Yes Yes Yes No
Algorand (ALGO) Yes Yes Yes Yes Yes Yes Yes No
Stellar (XLM) Yes No Yes No No Yes Yes Yes

What are seed phrases and private keys?

Seed phrases and private keys are essential for accessing and controlling your funds in cryptocurrency. If they are lost or stolen, you may permanently lose access to your cryptocurrencies.

Seed phrase

A seed phrase, also known as a secret phrase, is a sequence of words, typically consisting of 12 or 24 words, that allows you to restore your crypto wallet in case of loss or theft. These words are selected in a specific order from a dictionary containing thousands of words. The seed phrase is essentially a more human-readable representation of a private key and can generate an unlimited number of public-private key pairs.

The public key is the address to which you can receive cryptocurrencies on the blockchain, similar to an IBAN for a bank account. The private key enables you to control the funds associated with a public key and initiate transactions from that address. Public and private keys are always generated as pairs.

The seed phrase is crucial for accessing your wallet and funds, and it must be kept secure and confidential. If lost or stolen, there is no way to recover it or block access to your funds.

Private key

A private key is a string of random letters and numbers generated by your wallet when it is created. It is used for encrypting and decrypting data using public-key cryptography. The private key grants access to your funds and enables you to initiate transactions on the blockchain.

A private key looks like this: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

You should never share your private key with anyone or store it digitally or online. If your private key is lost or stolen, you will lose access to your funds permanently.

How to Secure Your Funds in Securing IEO STO ICO IDO and INO

To participate in an ICO, IEO, STO, IDO, or INO and ensure the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that is compatible with the tokens being issued and the accepted cryptocurrency. There are different types of wallets available, each offering varying levels of security and convenience.

Online Wallets (Web Wallets): These wallets are accessible through a web browser. While they are easy to use, they are susceptible to hacking and theft. It is important to choose a reputable and secure online wallet.

Mobile Wallets: These wallets are installed on smartphones and provide convenience for daily transactions. However, they are vulnerable to malware and the risk of losing the phone. Ensure you have proper security measures in place for your mobile wallet, such as enabling device passcodes and biometric authentication.

Software Wallets: These wallets are downloaded and installed on a computer. They offer greater security compared to online or mobile wallets, but their reliability depends on the security of the hardware and software. Keep your computer updated with the latest security patches and use reputable wallet software.

Hardware Wallets: These physical devices are specifically designed for storing private keys. They provide the highest level of security by isolating private keys from the internet. Hardware wallets, such as Ledger or Trezor, are recommended for secure storage of your private keys in Securing IEO STO ICO IDO and INO.

Regardless of the type of wallet you choose, there are some basic rules to follow to secure your funds in Securing IEO STO ICO IDO and INO:

  1. Never share your seed phrase or private key with anyone, and avoid storing them digitally or online.
  2. Make a backup copy of your seed phrase or private key on a physical medium such as paper, metal, or plastic. Store them in secure locations.
  3. Use a strong password and PIN code to protect your wallet from unauthorized access.
  4. Regularly update your wallet software to fix any bugs or vulnerabilities.
  5. Utilize reputable antivirus and firewall software to protect your device from malware and hackers.

By following these security practices, you can significantly reduce the risk of losing your funds and ensure the safety of your investments in Securing IEO STO ICO IDO and INO.

Now, let’s explore how you can enhance the security and simplicity of your cryptocurrency transactions by using EviCore NFC HSM technology.

EviCore NFC HSM is a solution that safeguards your seed phrases and private keys in cryptocurrency using Near Field Communication (NFC) technology. With EviCore NFC HSM, you can store your seed phrases and private keys in an encrypted NFC tag or card, protected by a segmented key. This tag or card allows you to restore your wallet on any NFC-compatible device without exposing your sensitive data to the internet.

EviCore NFC HSM is compatible with major cryptocurrency wallets such as Ledger, Trezor, Metamask, Trust Wallet, and more. It also works seamlessly with popular cryptocurrency exchange platforms like Binance, Coinbase, and Kraken. This ensures optimal security and ease of managing your funds in cryptocurrency.

Here’s a step-by-step guide on how to use EviCore NFC HSM to secure your seed phrases and private keys in cryptocurrency:

  1. Download the application that incorporates the EviCore NFC HSM technology on your NFC-compatible Android smartphone.
  2. Pair the NFC HSM device with your smartphone using the unique pairing key.
  3. Translate to English: Add the seed phrase by simply clicking on the multi-language BIP39 words provided during the creation of your secure cryptocurrency wallet, without typing anything on the keyboard, as EviCore NFC HSM performs real-time checksum verification of the seed phrase before securely encrypting and storing it in the NFC device.
  4. You can also add the private key derived from the seed phrase without entering or scanning its QR code through the Android NFC application, which will automatically encrypt and store it in the NFC device in less than 5 seconds. You just need to indicate beforehand which blockchain your derived key belongs to before the registration pro

By utilizing EviCore NFC HSM, you can secure your seed phrases and private keys with maximum security and unparalleled ease of use. You no longer need to worry about losing or having your sensitive data stolen, as you can store them in a physical device that can be carried with you wherever you go. Additionally, you can securely share your seed phrases and private keys with others using encrypted RSA-4096 public keys or segmented key authentication, making it easier to transmit funds to your heirs.

EviCore NFC HSM technology is the ideal solution for securing your seed phrases and private keys in cryptocurrency, enabling you to fully embrace the opportunities offered by cryptocurrencies while minimizing unnecessary risks. If you’re interested in this innovative solution, visit Freemindtronic’s website or contact them for more information.

Additionally, if you’re seeking an alternative method to secure your crypto fundraising, you may consider EviCore HSM OpenPGP technology. This technology transforms your Android or iPhone into a hardware security module (HSM) for encrypting and storing your crypto keys. It leverages the highly secure OpenPGP standard, known for its reliability and security. To learn more about this technology and how it can help you safely fund your blockchain project, you can refer to this article link

Conclusion

In this article, we have provided insights into participating in various forms of cryptocurrency crowdfunding, including ICOs, IEOs, STOs, IDOs, and INOs. We have emphasized the importance of securing your seed phrases and private keys in Securing IEO STO ICO IDO and INO and introduced EviCore NFC HSM technology as a solution. By adopting EviCore NFC HSM, you can enhance the security and simplicity of your cryptocurrency transactions while mitigating risks. We hope this article has been informative and valuable to you. Should you have any questions or comments, feel free to leave them below.

Thank you for reading, and happy investing in Securing IEO STO ICO IDO and INO!

Digital Security, EviToken Technology, Technical News

EviCore NFC HSM Credit Cards Manager | Secure Your Standard and Contactless Credit Cards

Posted on by FMTAD
NFC Hardware Wallet Credit Card Manager PCI DSS Compliant EviToken Technology working contactless by nfc phone online autofill payment from Freemindtronic Andorra
14
Jun

EviCore NFC HSM Credit Cards Manager by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Discover EviCore NFC HSM: the revolutionary technology to secure your financial secrets

EviCore NFC HSM is a patented technology that allows you to store and manage your financial secrets in a secure electronic safe. With EviCore NFC HSM, you benefit from wireless access control, segmented key authentication and protection against cyberattacks. Find out how EviCore NFC HSM can enhance your financial security in this article.

Discover our other articles on digital security

EviCore NFC HSM Credit Cards Manager is a powerful solution designed to secure and manage both standard and contactless credit cards. In this article, we will explore the features, benefits, and compliance of EviCore NFC HSM Credit Cards Manager in protecting your valuable payment cards

Standard and contactless credit cards are convenient and fast ways to pay for goods and services. They use NFC (Near Field Communication) technology to communicate with a compatible contactless card reader. You just have to tap or bring your card close to the reader, and the transaction is done in seconds.

However, standard and contactless credit cards also pose security risks. For example, someone could use an NFC scanner to read your card information remotely or use a fake reader to capture your card data. Moreover, if you lose your card or if it is stolen, someone could use it to make unauthorized purchases without your PIN or signature.

Fortunately, there is a solution that can help you protect your standard and contactless credit cards from these threats. It is called Credit Cards Manager. It is a function of EviCore NFC HSM or EviCore HSM OpenPGP technology that allows you to manage your standard and contactless credit cards securely. It uses NFC technology to communicate with your computer or mobile device. You can store up to 200 credit cards in the memory of Freemindtronic’s NFC HSM device or in the secure keystore of phones encrypted via EviCore. The number of records depends on the types of products developed with these technologies and the amount of information to be stored encrypted. You can also select the card you want to use for each transaction. The Credit Cards Manager function relies on EviBank technology, dedicated to securing payment systems including bank cards.

Exploring EviCore NFC HSM Credit Cards Manager

Credit Cards Manager is a function of EviCore NFC HSM or EviCore HSM OpenPGP technology that allows you to manage your standard and contactless credit cards securely. It uses NFC technology to communicate with your computer or mobile device.

You can store up to 200 credit cards in the memory of Freemindtronic’s NFC HSM device or in the secure keystore of phones encrypted via EviCore. The number of records depends on the types of products developed with these technologies and the amount of information to be stored encrypted.

You can also select the card you want to use for each transaction. The Credit Cards Manager function relies on EviBank technology, dedicated to securing payment systems including bank cards.

These technologies are available under patent license from Freemindtronic. They are compatible with various formats of Freemindtronic’s NFC HSM device (link). These technologies can be embedded in products designed and developed on demand in white label for Freemindtronic’s partners such as Fullsecure and Keepser.

In this article, we will focus on using Credit Cards Manager with an NFC HSM device in the form of a secure electronic card (NFC HSM Card). It is a hardware security module (HSM) that uses a highly secure and encrypted AES-256 post-quantum NFC eprom memory to protect and manage secrets (including digital keys such as an RSA-4096 key, AES-256 key, and ECC key), perform encryption and decryption functions, strong authentication, and other cryptographic functions.

What are the Benefits of using Credit Cards Manager?

Credit Cards Manager offers several benefits for managing standard and contactless credit cards, such as:

  1. Authenticator Sandbox function for anti-phishing protection and smart login: The Authenticator Sandbox function offers advanced protection against phishing attempts by securely filling in credit card information on websites. It verifies the authenticity of websites and ensures that sensitive data is only automatically filled in on reliable and verified platforms. It also intelligently automates the process of filling in credit card information and logging into original websites.
  2. Secure manager for credit cards: The Credit Cards Manager function uses the NFC HSM Card device to physically protect bank cards and verify their validity before authorizing their encrypted storage in the device’s memory. It also allows users to customize access levels for each stored card and define geographic access limitations.
  3. Battery-free operation and longevity: The NFC HSM Card device operates without a battery, using the NFC signal from smartphones for power. This energy-efficient design ensures that the device retains stored data for up to 40 years without maintenance or external power sources. The device also has an intelligent OCR scanner for credit cards that is compatible with all bank cards in the world. It helps the user fill in the information fields of the card to be stored encrypted in AES-256 post-quantum in the device. It also prevents keyloggers and spyware from accessing card information on the phone.
  4. COVID contactless security and compliance: Credit Cards Manager helps you avoid physical contact with your bank cards and payment terminals, reducing the risk of COVID-19 transmission. You can make secure contactless payments online, without needing your bank cards with or without NFC technology. You can also use auto-filling remotely via the local network or by sharing a connection via your phone. This feature improves convenience and protects your health.
  5. NFC contactless security and compliance: Credit Cards Manager protects your bank cards from being scanned or read by malicious NFC devices. The NFC HSM Card device shields other credit cards from being detected by an NFC scanner when they are juxtaposed to the device. The device uses an anti-collision system that prevents other cards from being read by the NFC reader of the bank card. It also has a copper ground plane that short-circuits the NFC signals of credit cards when they are juxtaposed on or under the NFC HSM CARD. This is an effective physical protection of cards against all risks of attempted remote non-invasive attack.
  6. Air gap security: Credit Cards Manager uses air gap security, physically isolating itself from computer networks. This ensures that the encrypted data of the NFC HSM Card device is stored exclusively in its non-volatile memory, preventing unauthorized access. By protecting itself from remote attacks, Credit Cards Manager strengthens protection against cyber threats. The use of information is encrypted end-to-end from the NFC HSM Card. All communication protocols are automatically encrypted from the NFC device. The sharing of bank card information contained encrypted in the device’s memory can be shared in air gap via a QR Code encrypted in RSA-4096 generated and managed from the NFC HSM CARD device. This sharing can also be shared encrypted in NFC Beam or in proximity between NFC Android phones.
  7. Protection against fraudulent use: Credit Cards Manager ensures that your bank card information is not stored on computer systems, phones, or online shopping sites. This protects your privacy and anonymity. The encrypted data is transmitted securely to the computer system, protecting it from potential threats and unauthorized access. You can also erase sensitive data such as the CCV of bank cards since saved in the NFC HSM Card devices. Advantageously, the CVV physically erased from the bank card secures it from the risk of illicit use, especially online.

The Benefits of Using Credit Cards Manager

Benefits Features
Authenticator Sandbox function for anti-phishing protection and smart login
  • Advanced protection against phishing attempts by securely filling in credit card information on websites.
  • Verification of website authenticity and automatic filling of sensitive data only on reliable and verified platforms.
  • Intelligent automation of credit card information filling and login process to original websites.
Secure manager for credit cards
  • Physical protection of bank cards and verification of their validity before authorizing their encrypted storage in the device’s memory.
  • Customization of access levels for each stored card and definition of geographic access limitations.
Battery-free operation and longevity
  • Use of smartphone NFC signal for power, without battery or external power sources.
  • Retention of stored data for up to 40 years without maintenance.
  • Intelligent OCR scanner for credit cards compatible with all bank cards in the world.
  • Protection against keyloggers and spyware on the phone.
COVID contactless security and compliance
  • Avoidance of physical contact with bank cards and payment terminals, reducing COVID-19 transmission risk.
  • Secure contactless payments online, without needing bank cards with or without NFC technology.
  • Auto-filling remotely via local network or phone connection.
  • Improved convenience and health protection.
NFC contactless security and compliance
  • Protection of bank cards from being scanned or read by malicious NFC devices.
  • Shielding of other credit cards from being detected by an NFC scanner when juxtaposed to the device.
  • Anti-collision system and copper ground plane to prevent other cards from being read by the NFC reader of the bank card.
  • Effective physical protection of cards against all risks of attempted remote non-invasive attack.
Air gap security
  • Physical isolation from computer networks, preventing unauthorized access to encrypted data of the device.
  • Protection against remote attacks, strengthening protection against cyber threats.
  • End-to-end encryption of information from the NFC HSM Card.
  • Sharing of encrypted bank card information in air gap via QR Code, NFC Beam or proximity between NFC Android phones.
Protection against fraudulent use
  • Guarantee that bank card information is not stored on computer systems, phones or online shopping sites.
  • Protection of privacy and anonymity.
  • Secure transmission of encrypted data to computer system, protecting it from potential threats and unauthorized access.
  • Possibility to erase sensitive data such as CCV from NFC HSM Card devices.

Managing Standard and Contactless Credit Cards with EviCore NFC HSM Credit Cards Manager

To use Credit Cards Manager, follow these steps:

  1. Download the Freemindtronic app compatible with EviCore NFC HSM technology on your NFC phone and the extension if you want to use it on your computer as well.
  2. Connect the NFC HSM Card device to your computer or mobile device via NFC technology.
  3. Register your credit cards in the application using the intelligent OCR scanner or by manually entering the card information.
  4. Select the credit card you want to use for each transaction and confirm the various trust criteria that you have added, such as a password, PIN code, geozone, or fingerprint.
  5. Enjoy secure contactless payments and online shopping with the NFC HSM Card device and the Authenticator Sandbox.

Section Break: Why is Credit Cards Manager Compliant with PCI DSS?

Credit Cards Manager is compliant with PCI DSS because it meets the requirements of the Payment Card Industry Data Security Standard (PCI DSS). This cybersecurity standard applies to any entity that stores, processes, or transmits cardholder data, such as credit card numbers. The PCI DSS aims to protect cardholder data from unauthorized access, fraud, and theft.

The PCI DSS includes 12 requirements for compliance, organized into six related groups called control objectives:

  1. Build and maintain a secure network and systems.
  2. Protect cardholder data.
  3. Maintain a vulnerability management program.
  4. Implement strong access control measures.
  5. Regularly monitor and test networks.
  6. Maintain an information security policy.

Credit Cards Manager complies with these requirements by implementing various features and security measures, such as the secure manager for credit cards, battery-free operation and longevity, COVID contactless security and compliance, air gap security, and protection against fraudulent use. By following PCI DSS, Credit Cards Manager demonstrates adherence to best practices for data security and the protection of cardholder data.

In conclusion, Credit Cards Manager is a secure and compliant solution for managing your standard and contactless credit cards. With its advanced features, robust security measures, and powerful Authenticator Sandbox function, it offers enhanced data protection and convenience. Secure your credit cards with Credit Cards Manager today.

References

2023, Articles, Digital Security, Technical News

Remote activation of phones by the police: an analysis of its technical, legal and social aspects

Posted on by FMTAD
Remote activation of phones by the police
11
Jun

Remote activation of phones by the police by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

How does remote activation of phones by the police work?

An article of the bill on justice 2023-2027 raises controversy. It allows remote activation of mobile phones and capture of images or sound without the owner’s consent, for cases of organized crime or terrorism. How does this intelligence technique work? What are the conditions to use it? What are its advantages and disadvantages? What is the situation in other countries? We explain everything in this article.

Discover our other articles on digital security

What is the new bill on justice and why is it raising concerns about privacy?

The bill on justice is a legislative project. It aims to modernize and simplify justice in France. It covers civil, criminal, administrative and digital justice. It also strengthens the investigation and prosecution of serious offenses, such as terrorism and organized crime.

One measure authorizes remote activation of phones by the police for some investigations. Article 3 “An unfailing commitment to better prevent radicalization and fight against terrorism” of the bill includes this measure. It modifies article 706-102-1 of the code of criminal procedure. This article defines how to activate remotely any electronic device that can emit, transmit, receive or store data.

This measure raises privacy concerns because it lets the police access personal or professional data in phones without the owners’ or possessors’ consent or knowledge. It also lets the police locate, record or capture sounds and images from phones without notification or justification. This measure may violate fundamental rights and freedoms, such as privacy, confidentiality, dignity, presumption of innocence and right to a fair trial.

What is remote activation of phones and how does it work?

Remote activation of phones by the police is an intelligence technique that allows law enforcement agencies to access data or record sounds and images from phones without the consent or knowledge of the phone users. This technique can be used for criminal investigations or national security purposes.

To remotely activate phones, law enforcement agencies need three factors: compatibility, connectivity, and security of the phones. They need to be compatible with the software or hardware that enables remote activation. They need to be connected to a network or a device that allows remote access. They need to have security flaws or vulnerabilities that can be exploited or bypassed.

Law enforcement agencies can remotely activate phones by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones. Exploiting vulnerabilities means taking advantage of security flaws or weaknesses in the phone’s operating system, applications, or protocols. Installing malware means putting malicious software on the phone that can perform unauthorized actions or functions. Using spyware means employing software or hardware that can monitor or control the phone’s activity or data.

By remotely activating phones, law enforcement agencies can access data such as contacts, messages, photos, videos, location, browsing history, or passwords. They can also record sounds and images such as conversations, ambient noises, or camera shots. They can do this in real time or later by retrieving the data from the phone’s memory or storage.

What is the French bill on remote activation of phones by the police and what are its implications?

The French bill on remote activation of phones by the police is a legislative text that was promulgated on 25 May 2021. It is part of the justice orientation and programming bill for 2023-2027, which aims to modernize the justice system and reinforce its efficiency and independence.

The bill introduces a new article in the code of criminal procedure, which allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the sole purpose of locating it in real time. This measure can be applied for crimes or misdemeanors punishable by at least five years’ imprisonment, a fairly broad criterion.

The bill also allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the purpose of recording sounds and images from it. This measure can be applied only for crimes relating to organized crime and terrorism.

These measures cannot concern parliamentarians, journalists, lawyers, magistrates and doctors, nor the defendants when they are in the judge’s office or with their lawyer.

The bill also specifies that the remote activation of an electronic device must be done in a way that does not alter its functioning or data, and that the data collected must be destroyed within six months after their use.

The bill aims to provide law enforcement agencies with more tools and information to prevent, investigate and prosecute crimes, especially in cases where phones are encrypted, hidden or destroyed. It also aims to harmonize the French legislation with other countries that have used or considered this technique, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom.

However, the bill also raises ethical and social challenges, as it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It may undermine the right to respect for private life and the right to a fair trial, which are guaranteed by the European Convention on Human Rights and the French Constitution. It may also expose law enforcement agencies to legal or technical challenges or dangers, such as encryption technologies that can prevent or hinder remote activation. It may also create distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The bill has been criticized by several actors, such as lawyers, human rights defenders, digital rights activists, journalists and academics. They have denounced its lack of proportionality, necessity and oversight. They have also questioned its effectiveness and legitimacy. They have called for its withdrawal or amendment.

The bill is still subject to constitutional review by the Constitutional Council before its final promulgation.

How did the Senate vote on the bill and where to find the official sources?

The Senate adopted this measure on October 20, 2021, with some amendments. The Senate voted in favor of this measure by 214 votes against 121. The Senate also added some safeguards to this measure, such as limiting its duration to four months renewable once and requiring prior authorization from an independent judge.

The National Assembly still has to examine the bill before adopting it definitively. The National Assembly may approve, reject or modify this measure. The final text may differ from the one that the Senate voted.

The examination of the bill by the National Assembly will start on December 6, 2021. You can follow the progress of the bill on the website of the National Assembly. You can also find the official text of the bill and the report of the Senate on their respective websites. You can also consult the website of the Ministry of Justice for more information on the bill and its objectives.

What are the benefits and risks of remote activation of phones?

This technique can affect citizens’ and suspects’ behavior in different ways.

On one hand, it can deter people from serious offenses. It exposes them to a higher risk of detection and identification. It reduces their incentives for criminal activities.

On the other hand, it can also make people more cautious or paranoid. It increases their uncertainty and fear. It leads them to avoid electronic devices, encrypt their communications, or use countermeasures such as jamming devices.

This technique can also impact public safety and security positively and negatively.

On one hand, it can improve the efficiency and effectiveness of law enforcement agencies. It provides them with more information and evidence. It helps them prevent, investigate and prosecute crimes.

On the other hand, it can also pose risks for human rights and civil liberties. It allows intrusive and covert surveillance. It violates privacy, confidentiality and dignity. It can also be subject to abuse, misuse or error by law enforcement agents or hackers.

Finally, it can create a feeling of insecurity and mistrust towards institutions, which can access personal or professional data in phones. It can also harm respect for presumption of innocence by placing permanent suspicion on people targeted by this technique. It can also infringe on protection of journalistic sources or right to information by discouraging whistleblowers or witnesses from speaking freely. It can finally encourage people concerned to adopt avoidance or circumvention strategies, such as changing phones regularly, using encrypted applications or switching to airplane mode.

These strategies can reduce the actual effectiveness of this technique for preventing terrorism and organized crime.

What are the arguments in favor of remote activation of phones?

Some people support this technique because they think it has several advantages for law enforcement and public security.

How can remote activation of phones violate privacy and data protection?

One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.

Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.

For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.

How can remote activation of phones improve access to justice and evidence?

Another argument in favor of this technique is that it can improve access to justice and evidence for law enforcement agencies and victims of crimes. Justice and evidence ensure the rule of law and the protection of rights.

Remote activation of phones improves access to justice and evidence by letting law enforcement agencies obtain information that is otherwise inaccessible or difficult to obtain. It also lets law enforcement agencies obtain information that is more reliable and accurate than other sources. It also lets law enforcement agencies obtain information that is timelier and more relevant than other sources.

For example, remote activation of phones could help the police access data that is encrypted or password-protected on a device or a communication. It could also help the police access data that is authentic and verifiable on a device or a communication. It could also help the police access data that is up-to-date and pertinent on a device or a communication.

What are the arguments against remote activation of phones?

Some people oppose this technique because they think it has several disadvantages for human rights and civil liberties.

How can remote activation of phones violate privacy and data protection?

One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.

Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.

For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.

How can remote activation of phones undermine the presumption of innocence and the right to a fair trial?

Another argument against this technique is that it can undermine the presumption of innocence and the right to a fair trial for individuals and groups. The presumption of innocence and the right to a fair trial are fundamental rights recognized by international standards and laws. They ensure justice and accountability.

Remote activation of phones undermines the presumption of innocence and the right to a fair trial by letting law enforcement agencies access data that they can use against individuals or groups without any legal basis or due process. It also lets law enforcement agencies access data that they can manipulate or falsify by law enforcement agents or hackers. It also lets law enforcement agencies access data that individuals or groups can challenge or contest.

For example, remote activation of phones could let the police access data that they can incriminate individuals or groups without any warrant or authorization from a judge. It could also let the police access data that they can alter or corrupt by law enforcement agents or hackers. It could also let the police access data that individuals or groups can dispute or refute.

How can remote activation of phones create a risk of abuse and misuse by the authorities?

Another argument against this technique is that it can create a risk of abuse and misuse by the authorities for individuals and groups. Abuse and misuse are illegal or unethical actions that violate rights and obligations. They damage trust and legitimacy.

Remote activation of phones creates a risk of abuse and misuse by the authorities by letting law enforcement agencies access data that they can use for purposes other than those authorized or intended. It also lets law enforcement agencies access data that they can share or disclose to third parties without any oversight or control. It also lets law enforcement agencies access data that they can retain or store for longer than necessary or permitted.

For example, remote activation of phones could let the police access data that they can use for political, personal, commercial, or other interests on a device or a communication. It could also let the police access data that they can transfer or leak to other agencies, organizations, media, or individuals on a device or a communication. It could also let the police access data that they can keep or archive for indefinite periods on a device or a communication.

What are the alternatives and safeguards for remote activation of phones?

Some people suggest that there are alternatives and safeguards for remote activation of phones that can balance security and privacy.

What are the existing legal tools to access phone data with judicial authorization?

One of the alternatives for remote activation of phones is to use existing legal tools to access phone data with judicial authorization. Judicial authorization is a legal requirement that ensures respect for rights and obligations. An independent and impartial judge grants it after evaluating the necessity and proportionality of the request.

Existing legal tools to access phone data with judicial authorization include search warrants, wiretaps, geolocation orders, data requisitions, and international cooperation agreements. These tools let law enforcement agencies obtain information from phones in a lawful and transparent manner. They also provide legal protection and recourse for individuals and groups.

For example, search warrants let law enforcement agencies physically seize phones and extract data from them with judicial authorization. Wiretaps let law enforcement agencies intercept calls and messages from phones with judicial authorization. Geolocation orders let law enforcement agencies track the location of phones with judicial authorization. Data requisitions let law enforcement agencies request data from phone operators or service providers with judicial authorization. International cooperation agreements let law enforcement agencies exchange data with foreign authorities with judicial authorization.

What are the principles and conditions for remote activation of phones according to the bill?

One of the safeguards for remote activation of phones is to follow the principles and conditions for remote activation of phones according to the bill. The bill on justice sets some rules and limits for this technique to prevent abuse and misuse.

The principles and conditions for remote activation of phones according to the bill include:

  • The technique can only be used for terrorism and organized crime investigations.
  • An independent judge who authorizes it must supervise the technique. The technique can only last for four months renewable once.
  • The technique must respect necessity, proportionality, subsidiarity, and legality.
  • Parliament and independent authorities must oversee and control the technique.
  • Experts and stakeholders must evaluate and review the technique.

These principles and conditions aim to ensure a reasonable and accountable use of this technique. They also aim to protect the rights and interests of individuals and groups.

What are the possible ways to limit or challenge remote activation of phones?

Another safeguard for remote activation of phones is to use possible ways to limit or challenge remote activation of phones by individuals or groups. These ways can help protect rights and interests, as well as ensure accountability and transparency.

Some of the possible ways to limit or challenge remote activation of phones are:

  • Using encryption technologies:

    Encryption technologies can make data on phones unreadable or inaccessible to law enforcement agencies, even if they remotely activate them. Encryption technologies can also protect communications from law enforcement agencies’ interception or recording. For example, using end-to-end encryption apps, such as Signal or WhatsApp, can prevent law enforcement agencies from accessing messages or calls on phones.

  • Using security features:

    Security features can prevent law enforcement agencies from installing or activating software or applications on phones that enable remote activation. Security features can also detect or remove software or applications that enable remote activation. For example, using antivirus software, firewalls, passwords, biometrics, or VPNs can prevent law enforcement agencies from accessing phones.

  • Using legal remedies:

    Legal remedies can let individuals or groups contest or oppose remote activation of phones by law enforcement agencies. Legal remedies can also let individuals or groups seek compensation or redress for damages caused by remote activation of phones. For example, using judicial review, administrative appeals, complaints, lawsuits, or human rights mechanisms can challenge law enforcement agencies’ actions or decisions regarding remote activation of phones.

How does this technique compare with other countries?

Law enforcement agencies in other countries, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom, have used or considered remote activation of phones by the police. This technique is not new or unique. However, the legal framework, the technical methods, and the ethical and social implications of this technique vary from country to country..

How does remote activation of phones by the police work in different countries?

Remote activation of phones by the police is an intelligence technique that varies from country to country. It depends on the legal framework, the technical methods and the ethical issues of each country. Here are some examples of how it works in different countries.

  • In the United States, this technique is known as “roving bugs” or “mobile device tracking”. The Foreign Intelligence Surveillance Act (FISA) authorizes it for national security purposes and Title III of the Omnibus Crime Control and Safe Streets Act for criminal investigations. It requires a court order based on probable cause and limited in scope and duration. It can locate or record sounds and images from phones. It can be done by installing malware or exploiting vulnerabilities on phones.
  • In Germany, this technique is known as “Quellen-TKÜ” or “source telecommunications surveillance”. The Code of Criminal Procedure and the Telecommunications Act regulate it for criminal investigations and the Federal Intelligence Service Act for national security purposes. It requires a court order based on reasonable suspicion and proportionality. It can intercept communications from phones. To do so, it installs software or uses spyware on phones.
  • In Italy, this technique is known as “Trojan horse” or “spyware”. The Code of Criminal Procedure and the Data Protection Code regulate it for criminal investigations. It requires a court order based on serious indications of guilt and necessity. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
  • In Israel, this technique is known as “IMSI catchers” or “stingrays”. The Wiretapping Law and the Privacy Protection Law regulate it for criminal investigations and the Security Service Law for national security purposes. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
  • In Canada, this technique is known as “cell site simulators” or “IMSI catchers”. The Criminal Code and the Charter of Rights and Freedoms regulate it for criminal investigations. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
  • In China, this technique is known as “network interception” or “remote control”. The Criminal Procedure Law and the Cybersecurity Law regulate it for criminal investigations and national security purposes. It does not require a court order but only an approval from a higher authority. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
  • In France, real-time geolocation is regulated by the Criminal Procedure Code and the Intelligence Law for criminal and national security investigations. Article 706-102-1 of the Criminal Procedure Code allows police officers and agents to use a technical device to access, record, store and transmit computer data without the consent of the persons concerned. This requires a court order based on serious reasons and proportionality. Article 230-32 of the Criminal Procedure Code states that “Any technical means for real-time location, throughout the national territory, of a person, without his consent, a vehicle or any other object, without the consent of its owner or possessor, may be used if this operation is required by necessity: “. This also requires a court order based on serious reasons and proportionality.
  • In the United Kingdom, this technique is known as “equipment interference” or “hacking”. The Investigatory Powers Act regulates it for criminal investigations and national security purposes. It requires a warrant based on necessity and proportionality. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.

How does remote activation of phones by the police raise ethical and social challenges?

Remote activation of phones by the police raises ethical and social challenges in different contexts and situations because it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy.

Security versus privacy

On one hand, remote activation of phones by the police can enhance security by providing law enforcement agencies with more information and evidence to prevent, investigate, and prosecute crimes. It can also deter criminals from using phones to plan or commit crimes.

On the other hand, remote activation of phones by the police can undermine privacy by letting law enforcement agencies access personal or professional data without consent or knowledge. It can also violate human rights and civil liberties by letting law enforcement agencies monitor or record sounds and images without notification or justification.

Effectiveness versus legitimacy

On one hand, remote activation of phones by the police can be effective by increasing the chances of finding relevant information or evidence on phones that may be encrypted, hidden, or destroyed. It can also be efficient by reducing the costs and risks of physical surveillance or interception.

On the other hand, remote activation of phones by the police can be illegitimate by violating the legal framework, the technical methods, or the oversight and control mechanisms that regulate this technique in each country. It can also be counterproductive by creating distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The ethical and social challenges of remote activation of phones by the police depend on the legal framework, the technical methods, and the oversight and control mechanisms that regulate this technique in each country. They also depend on the cultural and political values, the public opinion, and the media coverage that shape the perception and acceptance of this technique in each country.

Some of the ethical and social challenges of remote activation of phones by the police are how to :

  • balance security and privacy in the use of this technique?
  • ensure compliance with fundamental rights and freedoms in the use of this technique?
  • prevent abuse, misuse, or error in the use of this technique?
  • provide legal protection and recourse for individuals or groups affected by this technique?
  • ensure accountability and transparency in the use of this technique?
  • evaluate the effectiveness and legitimacy of this technique?
  • foster trust and cooperation between law enforcement agencies and phone users in the use of this technique?

What is the impact of encryption technologies on this technique?

Encryption technologies are methods or systems that make data unreadable or inaccessible to unauthorized parties. Encryption technologies can have a significant impact on remote activation of phones by the police, as they can make this technique more difficult, risky, or controversial.

How can encryption technologies make remote activation of phones by the police more difficult or impossible?

Encryption technologies can make remote activation of phones by the police more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them. Encryption technologies can also protect phones from malware or spyware that enable remote activation.

For example, end-to-end encryption, which some apps such as Signal or WhatsApp use, can prevent law enforcement agencies from intercepting or reading messages or calls on phones, as only the sender and the receiver have the keys to decrypt them. Device encryption, which some operating systems such as iOS or Android use, can prevent law enforcement agencies from extracting or viewing data on phones, as they require a password or a biometric authentication to unlock them.

How can encryption technologies make remote activation of phones by the police more risky or harmful?

Encryption technologies can make remote activation of phones by the police more risky or harmful by exposing law enforcement agencies to legal or technical challenges or dangers. Encryption technologies can also harm phone users by compromising their security or privacy.

For example, breaking encryption, which law enforcement agencies sometimes do to access data or communications on phones, can expose them to legal challenges, as it may violate laws or regulations that protect encryption or privacy. It can also expose them to technical dangers, as it may weaken the security of phones or networks and create vulnerabilities for hackers or criminals. Hacking encryption, which law enforcement agencies sometimes do to install malware or spyware on phones, can harm phone users by compromising their security or privacy, as it may allow unauthorized access to their data or functions.

How can encryption technologies make remote activation of phones by the police more controversial or unacceptable?

Encryption technologies can make remote activation of phones by the police more controversial or unacceptable by raising ethical and social issues or debates. Encryption technologies can also create conflicts or tensions between law enforcement agencies and phone users or providers.

For example, undermining encryption, which law enforcement agencies sometimes request to facilitate remote activation of phones, can raise ethical and social issues or debates, as it may affect human rights and civil liberties, such as privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers. They may have different interests or values regarding encryption and security.

How does EviCore NFC HSM technology developed by Freemindtronic offer a high level of protection for phone users?

Remote activation of phones by the police can be facilitated by exploiting security flaws, installing malware, or requesting backdoors in encryption technologies. However, some encryption technologies may be resistant to these measures and offer a higher level of protection for phone users. One of them is the EviCore NFC HSM technology developed by Freemindtronic.

This technology lets users create their own encryption keys in a random way and store them in a physical device that communicates with the phone via NFC (Near Field Communication). The device also lets users define their own trust criteria that must be met to use the keys or their segments. The encryption is done in post-quantum AES-256 mode from either a device compatible with the EviCore NFC HSM technology or from an encrypted enclave in the phone created in the Key chain (Apple) or the Key store (Android) via the EviCore HSM OpenPGP technology. The encryption keys are segmented and superior to 256 bits. Moreover, they are physically externalized from computer systems. Everything is designed by Freemindtronic to effectively fight against espionage and corruption of telephone, computer, communication and information systems. Finally, without a server, without a database, even in air gap and airplane mode works EviCore NFC HSM or EviCore HSM OpenPGP technology. Everything is designed to work in volatile memory to leave no trace in telephone and computer systems.

This technology offers a high level of security and privacy for phone users who want to protect their data from unauthorized access, including by the police. It also offers a high level of performance and usability for phone users who want to encrypt or over-encrypt all types of messaging in the world, including SMS and MMS. It also works with other applications that use encryption, such as email, cloud storage or blockchain.

Furthermore, this technology is designed to be totally anonymous, autonomous, unconnected, without a database, without collecting any information of any kind on the identity of the user, nor on the hardware, nor on the terminals used. The technology is designed to be totally isolated and totally independent of the security of the terminal used whether it is connected or not. Freemindtronic does not keep the unique pairing keys for each NFC HSM device. And even if it did, the user at installation will automatically generate segmented complementary keys for encryption with administrator and user passwords. Each NFC device has a unique 128-bit signature dedicated to fighting against counterfeiting of NFC devices. It is also used as a key segment. The secret stored in eprom memories or in enclaves of the phone and/or computer can be individually secured by other segmented keys characterized by additional trust criteria such as a geozone, a random hexadecimal code via an existing or generated QR code or Bar Code via EviCore HSM. It is therefore physically impossible for Freemindtronic but under judicial assignment to decrypt data encrypted via EviCore HSM technologies even with a quantum computer.

Conclusion

Remote activation of phones by the police is an intelligence technique. It aims to fight terrorism and crime by accessing data or sounds and images from phones without consent or knowledge. Law enforcement agencies in various countries have used or considered this technique. For example, France, the United States, Germany, Italy, Israel, Canada, China, and the United Kingdom. However, this technique raises technical, legal, ethical, and social challenges. They need to be addressed.

On the technical side, remote activation of phones by the police depends on three factors: compatibility, connectivity, and security of the phones. It can be done by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones.For example, EviCore NFC HSM technology developed by Freemindtronic protects data and communications on phones from remote activation by the police. Encryption technologies can make this technique more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them.

On the legal side, remote activation of phones by the police requires a legal framework that regulates its use and scope. Laws or regulations can authorize it and specify the conditions and criteria for its application. Legal remedies can also challenge it and contest or oppose its validity or legality.

On the ethical side, remote activation of phones by the police involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It can enhance security by providing more information and evidence to law enforcement agencies to prevent, investigate, and prosecute crimes. It can also undermine privacy by letting law enforcement agencies access personal or professional data without notification or justification.

On the social side, remote activation of phones by the police raises issues or debates that affect human rights and civil liberties. For example, privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers, as they may have different interests or values regarding encryption and security.

Therefore, remote activation of phones by the police is a complex and controversial technique that requires a careful and balanced approach that respects the rights and interests of all parties involved. The French bill on remote activation of phones by the police and the EviCore NFC HSM Open PGP technology developed by Freemindtronic illustrate the complex and evolving relationship between intelligence and encryption in the digital age. They raise questions about finding a balance. It is between security and privacy, between public interest and individual rights, between innovation and regulation.

: According to Okta, privacy is the right to control how your information is viewed and used, while security is protection from threats or dangers (https://www.okta.com/identity-101/privacy-vs-security/).

: According to Carnegie Endowment for International Peace, finding a balance between security and privacy requires addressing technical, legal, and social questions (https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573).

: According to Springboard, finding a balance between innovation and regulation requires cooperation among stakeholders and respect for human rights (https://www.springboard.com/blog/cybersecurity/privacy-vs-security-how-to-balance-both/).

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.
More info Accept