Category Archives: Industrial spying

image_pdfimage_print

Are fingerprint systems really secure? How to protect your data and identity against BrutePrint

Fingerprint Systems Really Secure - How to Protect Your Data and Identity
Fingerprint Systems Really Secure by Jacques Gascuel: This article will be updated with any new information on the topic.

Fingerprint Security

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised.

Fingerprint Biometrics: An In-Depth Exploration of Security Mechanisms and Vulnerabilities

It is a widely recognized biometric authentication system for identity verification. In this overview of fingerprint authentication systems, we will explore comprehensively to understand the complex world of fingerprint biometrics. Our goal is to provide a detailed exploration of these systems, their inner workings, vulnerabilities, and countermeasures.

Demystifying Fingerprint Systems: A Thorough Examination

Two fundamental components make up these systems: the fingerprint sensor and the comparison algorithm.:

The Fingerprint Sensor: Where Biometric Data Begins

These systems rely on an essential component: the fingerprint sensor. It captures the finger image and converts it into a digital format. Different types of sensors exist, each with their advantages and disadvantages:

  1. Optical sensors: They use light and a camera to create a high-resolution image.
  2. Capacitive sensors: They use an array of small capacitors to measure the differences in electrical charge between the ridges and valleys.
  3. Ultrasonic sensors: They use sound waves to create a three-dimensional image.
  4. Thermal sensors: They detect the heat emitted by the finger to generate an image.

The Comparison Algorithm: The Gatekeeper of Access

The comparison algorithm is a critical software component that analyzes the captured fingerprint image. Its role is vital:

  • Image Analysis: The algorithm scrutinizes the fingerprint image, extracting its unique features.
  • Template Comparison: It then compares these features to one or more stored templates, serving as reference fingerprints for authorized users.
  • Threshold Criteria: Access is granted if the algorithm determines a significant similarity between the captured image and a stored template, surpassing a predefined threshold. If not, the system considers the fingerprint invalid and denies access.

Fingerprint System Vulnerabilities and Attack Techniques

First, before evaluating attack techniques against fingerprinting systems, let’s explore different attack types, techniques, motivations, and strategies. In our thorough analysis of fingerprint system vulnerabilities, we must acknowledge numerous attack techniques employed by various actors. These techniques, driven by diverse motivations ranging from personal gain to malicious intent, illuminate the complexities of fingerprint system security. We’ve identified a total of twenty-five (25) distinct attack types, categorized into five groups in this study: “Electronic Devices for Biometric Attacks,” “Additional Fingerprint Attacks,” “Advanced Attacks,” “Attacks on Lock Patterns,” and “Attacks on Fingerprint Sensors.”

Attacks on Fingerprint Sensors

Fingerprint sensors, a common biometric authentication method, are vulnerable to several attack types and techniques update 23 february 2024:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Residual Fingerprint Attack Recovers the smartphone owner’s fingerprint left on surfaces, reproducing it. Identity theft, unauthorized access, or malicious purposes. Exploits traces of fingerprints on surfaces using materials like gelatin, silicone.
Code Injection Attack Injects malicious code to bypass fingerprint sensor security. Compromises device security for data theft or illicit activities. Exploits software vulnerabilities for unauthorized access to biometric data.
False Acceptance Attack The system accepts a fingerprint that doesn’t belong to the authorized user. Identity theft, unauthorized access, or malicious intentions. Can occur due to poor sensor quality, a high tolerance threshold, or similarity between different individuals’ fingerprints.
False Rejection Attack The system rejects a fingerprint that belongs to the authorized user. Identity theft, unauthorized access. Can occur due to poor sensor quality, a low tolerance threshold, environmental changes, or alterations to the user’s fingerprint.
Substitution Attack Tricks the system with an artificial fingerprint. Identity theft or unauthorized access. Can be done using materials like gelatin, silicone, latex, or wax.
Modification Attack Tricks the system with a modified fingerprint. Identity theft or to conceal the user’s identity. Can be done using techniques like gluing, cutting, scraping, or burning.
Impersonation Attack Tricks the system with another user’s fingerprint, either with their consent or by force. Identity theft using force, threats, bribery, or seduction. Uses the fingerprint of another user who has given consent or has been coerced into doing so.
Adversarial Generation Attack Tricks the system with images of fingerprints generated by an adversarial generative adversarial network (GAN). Bypasses liveness detection methods based on deep learning. Mimics the appearance of real fingerprints.
Acoustic Analysis Attack Tricks the system by listening to the sounds emitted by the fingerprint sensor during fingerprint capture. Can reconstruct the fingerprint image from acoustic signals. Use noise cancellation techniques, encrypt acoustic signals, or use liveness detection methods
Partial Print Attack Tricks the system with a partial fingerprint from the registered fingerprint. Increases the false acceptance rate by exploiting the similarity between partial prints of different users. Can use a portion of the registered fingerprint.
Privilege Escalation Attack Exploits vulnerabilities in the operating system or application to obtain higher privileges than those granted by fingerprint authentication Can access sensitive data, manipulate system files, perform unauthorized actions, or bypass security measures Use strong passwords, enforce multi-factor authentication, limit user privileges, patch system vulnerabilities, monitor user activities, and audit logs
Spoofing Attack Imitates a legitimate fingerprint or identity to deceive the system or the user Can gain access, steal information, spread malware, or impersonate someone. Use liveness detection methods, verify the authenticity, avoid trusting unknown sources, and report spoofing attempts
PrintListener: Side-channel Attack Utilizes acoustic signals from finger friction on touchscreens to replicate fingerprints Gain unauthorized access to devices and services protected by fingerprint authentication Implement noise interference, use advanced fingerprint sensors resistant to acoustic analysis, enable multifactor authentication, regularly update security protocols

For more information on new attack type “PrintListener” (a specific acoustic analysis attack), readers are encouraged to explore the detailed article at https://freemindtronic.com/printlistener-technology-fingerprints/.
These attacks expose vulnerabilities in fingerprint sensor technology and underline the need for robust security measures.

Attacks on Lock Patterns (For Lock Screen Authentication)

Lock patterns, often used on mobile devices for screen unlocking, are susceptible to various attack techniques:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Brute Force Attack Attempts all possible lock pattern combinations. Gains unauthorized device access. Systematically tests different pattern combinations.
Replica Fingerprint Attack Uses a 3D printer to create a replica fingerprint. Unauthorized access or identity theft. Produces a replica for sensor authentication.
Sensor Vulnerabilities Exploits sensor technology vulnerabilities. Compromises device security for malicious purposes. Identifies and exploits sensor technology weaknesses.
BrutePrint Attack Intercepts messages, emulating the fingerprint sensor. Gains unauthorized access, often with hardware components. Exploits communication protocol vulnerabilities.

These attacks target the vulnerabilities in lock pattern authentication and underscore the importance of strong security practices.

Advanced Attacks

Advanced attacks employ sophisticated techniques and technologies to compromise fingerprint systems:

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Presentation Attack Presents manipulated images or counterfeit fingerprints. Espionage, identity theft, or malicious purposes. Crafts counterfeit fingerprints or images to deceive sensors.
Rapid Identification Attack Uses advanced algorithms to swiftly identify fingerprints. Corporate espionage, financial gain, or enhanced security. Quickly identifies fingerprints from extensive datasets.
Digital Footprint Attack Collects and analyzes the online data and activity of the target, using open source intelligence tools or data brokers Can obtain personal information, preferences, habits, or vulnerabilities of the target. Use privacy settings, delete unwanted data, avoid oversharing, and monitor online reputation

These advanced attacks leverage technology and data to compromise fingerprint-based security.

Network-Based Attacks

Network-based attacks are those that target the communication or data transmission between the device and the fingerprint authentication system. These attacks can compromise the integrity, confidentiality, or availability of the biometric data or the user session. In this section, we will discuss four types of network-based attacks: phishing, session hijacking, privilege escalation, and spyware.

ATTACK TYPE TECHNIQUE MOTIVATIONS STRATEGIES
Phishing Attack Technique: Phishing attacks involve sending fraudulent messages to victims, enticing them to click on a link or download an attachment. These malicious payloads may contain code designed to steal their fingerprints or redirect them to a fake website requesting authentication. Motivations: Phishing attacks are motivated by the desire to deceive and manipulate users into revealing their fingerprint data or login credentials. Strategies: Phishing attackers employ various tactics, such as crafting convincing emails, spoofing legitimate websites, and using social engineering to trick users.
Session Hijacking Attack Technique: Session hijacking attacks aim to intercept or impersonate an authenticated user’s session, exploiting communication protocol vulnerabilities or using spyware. Motivations: Session hijacking is typically carried out to gain unauthorized access to sensitive information or systems, often for financial gain or espionage. Strategies: Attackers employ packet sniffing, session token theft, or malware like spyware to compromise and take control of active user sessions.
Spyware Attack Technique: Spyware attacks infect the device with spyware to capture fingerprint data. Motivations: Spyware attacks are driven by the objective of illicitly obtaining biometric data for malicious purposes, such as identity theft or unauthorized access. Strategies: Attackers use spyware to secretly record and transmit fingerprint information, often through backdoors or covert channels, without the victim’s knowledge.
Predator Files Infects Android phones with a spyware application that can access their data, including fingerprint information. Sold to multiple governments for targeting political opponents, journalists, activists, and human rights defenders in over 50 countries. Use spyware detection and removal tools, update system software, avoid downloading untrusted applications, and scan devices regularly

As we can see from the table above, network-based attacks pose a serious threat to fingerprint authentication systems and users’ privacy and security. Therefore, it is essential to implement effective countermeasures and best practices to prevent or mitigate these attacks. In the next section, we will explore another category of attacks: physical attacks.

Electronic Devices for Biometric Attacks

Some electronic devices are designed to target and compromise fingerprint authentication systems. Here are some notable examples:

Device Description Usage STRATEGIES
Cellebrite UFED A portable device capable of extracting, decrypting, and analyzing data from mobile phones, including fingerprint data. Used by law enforcement agencies worldwide. Used by law enforcement agencies to access digital evidence on mobile phones. Applies substances to damage or obscure sensor surfaces.
GrayKey A black box device designed to unlock iPhones protected by passcodes or fingerprints using a “brute force” technique. Sold to law enforcement and government agencies for investigative purposes. Sold to law enforcement and government agencies for investigative purposes to unlock iPhones. Use strong passwords, enable encryption, disable USB access, and update system software.
Chemical Attacks Alters or erases fingerprints on sensors. Prevents identification or creates false identities. Use fingerprint enhancement techniques, verify the authenticity, and use liveness detection methods

These devices pose a high risk to biometric systems because they can allow malicious actors to access sensitive information or bypass security measures. They are moderate to high in ease of execution because they require physical access to the target devices and the use of costly or scarce devices. Their historical success is variable because it depends on the quality of the devices and the security of the biometric systems. They are currently relevant because they are used by various actors, such as government agencies, law enforcement, or hackers, to access biometric data stored on mobile phones or other devices. This comprehensive overview of attack types, techniques, motivations, and strategies is crucial for improving biometric authentication system security.

BrutePrint: A Novel Attack on Fingerprint Systems on Phones

Fingerprint systems on phones are not only vulnerable to spoofing or data breach attacks; they are also exposed to a novel attack called BrutePrint. This attack exploits two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. BrutePrint allows attackers to bypass the attempt limit and liveness detection mechanisms of fingerprint systems on phones. It also enables them to perform unlimited brute force attacks until finding a matching fingerprint.

How BrutePrint Works

Fingerprint Systems Really Secure : BrutePrint

BrutePrint works by hijacking the fingerprint images captured by the sensor. It applies neural style transfer (NST) to generate valid brute-forcing inputs from arbitrary fingerprint images. BrutePrint also exploits two vulnerabilities in the SFA framework:

  • Cancel-After-Match-Fail (CAMF): this vulnerability allows attackers to cancel the authentication process after a failed attempt. It prevents the system from counting the failed attempts and locking the device.
  • Match-After-Lock (MAL): this vulnerability allows attackers to infer the authentication results even when the device is in “lock mode”. It guides the brute force attack.To perform a BrutePrint attack, attackers need physical access to the phone, a database of fingerprints, and a custom-made circuit board that costs about 15 dollars. The circuit board acts as a middleman between the sensor and the application. It intercepts and manipulates the fingerprint images.

How to Prevent BrutePrint

BrutePrint is a serious threat to phone users who rely on fingerprint systems to protect their devices and data. It shows that fingerprint systems on phones are not as secure as they seem. They need more robust protection mechanisms against brute force attacks. Some of the possible ways to prevent BrutePrint are:

  • Updating the phone’s software: this can help fix the vulnerabilities exploited by BrutePrint and improve the security of the SFA framework.
  • Using multifactor authentication: this can increase the level of security and reduce the risks of spoofing or brute force attacks. It combines fingerprint authentication with another factor, such as a password, a PIN code, a pattern lock screen ,or other trust criteria that allows patented segmented key authentication technology developed by Freemindtronic in Andorra .
  • Use of DataShielder HSM solutions: these are solutions developed by Freemindtronic in Andorra that allow you to create HSM (Hardware Security Module) on any device, without a server or database, to encrypt any type of data. DataShielder HSM solutions also include EviSign technology, which enables advanced electronic signing of documents. DataShielder HSM solutions are notably available in Defense versions, which offer a high level of protection for civil and/or military applications.

Assessing Attack Techniques: Ease of Execution and Current Relevance

In our pursuit of understanding fingerprint system vulnerabilities, it is crucial to assess not only the types and forms of attacks but also their practicality and current relevance. This section provides an in-depth evaluation of each attack technique, considering factors such as the ease of execution, historical success rates, and their present-day applicability.

Attack Techniques Overview

Let’s analyze the spectrum of attack techniques, considering their potential danger, execution simplicity, historical performance, and present-day relevance.

Attack Type Level of Danger Ease of Execution Historical Success Current Relevance
Residual Fingerprint Attack Medium Moderate Variable Ongoing
Code Injection Attack High Moderate Variable Still Relevant
Acoustic Analysis Attack Medium Low Fluctuating Ongoing Concerns
Brute Force Attack High Low Variable Contemporary
Replica Fingerprint Attack Medium Moderate Fluctuating Still Relevant
Sensor Vulnerabilities High Moderate Variable Ongoing Significance
BrutePrint Attack High High Variable Continues to Pose Concerns
Presentation Attack High Moderate Diverse Still Pertinent
Rapid Identification Attack High Low Variable Ongoing Relevance
Digital Footprint Attack High Low Fluctuating Currently Pertinent
Chemical Attacks High Low Variable Ongoing Relevance
Phishing Attack High Moderate Variable Modern Threat
Session Hijacking Attack High Low Variable Ongoing Relevance
Privilege Escalation Attack High Low Variable Remains Significant
Adversarial Generation Attack High Moderate Variable Still in Use
Acoustic Analysis Attack (Revisited) Medium Low Fluctuating Ongoing Concerns
Partial Print Attack Medium Low Variable Currently Relevant
Electronic Devices for Biometric Attacks High Moderate to High Variable Currently Relevant
PrintListener (Specific Acoustic Analysis Attack) High Moderate Emerging Highly Relevant

Understanding the Evaluation:

  • Level of Danger categorizes potential harm as Low, Moderate, or High.
  • Ease of Execution is categorized as Low, Medium, or High.
  • Historical Success highlights fluctuating effectiveness.
  • Current Relevance signifies ongoing concerns in contemporary security landscapes.

By assessing these attack techniques meticulously, we can gauge their practicality, historical significance, and continued relevance.

The type of attack by electronic devices for biometric systems is very dangerous because it can allow malicious actors to access sensitive information or bypass the protections of biometric systems. Its ease of execution is moderate to high, as it requires physical access to target devices and the use of expensive or difficult-to-obtain devices. Its historical success is variable because it depends on the quality of the devices used and the security measures implemented by the biometric systems. It is currently relevant because it is used by government agencies, law enforcement or hackers to access biometric data stored on mobile phones or other devices.

Statistical Insights into Fingerprint Systems

Fingerprint systems have found wide-ranging applications, from law enforcement and border control to banking, healthcare, and education. They are equally popular among consumers who use them to unlock devices or access online services. However, questions linger regarding their reliability and security. Let’s delve into some pertinent statistics:

According to Acuity Market Intelligence, 2018 saw more than 1.5 billion smartphones equipped with fingerprint sensors, constituting 60% of the global market.

The IAFIS Annual Report of 2020 revealed that more than 1.3 billion fingerprint records were stored in national and international databases in 2019.

According to the National Institute of Standards and Technology (NIST), the average false acceptance rate of fingerprint systems in 2018 was 0.08%, marking an 86% decrease compared to 2013.

These statistics shed light on the widespread adoption of fingerprint systems and their improved accuracy over time. Nevertheless, they also underline that these systems, while valuable, are not without their imperfections and can still be susceptible to errors or manipulation.

Real-World Cases of Fingerprint System Corruption: Phone Cases

Fingerprint system corruption can also affect phone users, who rely on fingerprint sensors to unlock their devices or access online services. However, these sensors are not foolproof and can be bypassed or exploited by skilled adversaries. These attacks can result in device theft, data breaches, or other security issues.

Here are some examples of fingerprint system corruption that involve phones:

  • German hacker Jan Krissler, alias Starbug, remarkably unlocked the smartphone of the German Defense Minister Ursula von der Leyen in 2014 using a high-resolution photo of her thumb taken during a press conference. He employed image processing software to enhance the photo’s quality and created a counterfeit fingerprint printed on paper.
  • A terrorist attack at the Istanbul airport killed 45 people and injured more than 200 in 2016. The investigators found that the three suicide bombers used fake fingerprints to enter Turkey and avoid security checks. They copied the fingerprints of other people from stolen or forged documents.
  • Researchers from Tencent Labs and Zhejiang University discovered in 2020 that they could bypass a fingerprint lock on Android smartphones using a brute force attack, that is when a large number of attempts are made to discover a password, code or any other form of security protection.
  • Experts from Cisco Talos created fake fingerprints capable of fooling the sensors of smartphones, tablets and laptops as well as smart locks in 2020, but it took them a lot of effort.
  • A case of identity theft was discovered in France in 2021, involving the use of fake fingerprints to obtain identity cards and driving licenses. The suspects used silicone molds to reproduce the fingerprints of real people, and then glued them on their fingers to fool the biometric sensors.
  • Researchers from the University of Buffalo developed a method in 2021 to create artificial fingerprints from images of fingers. These fingerprints can fool the sensors of smartphones, but also more advanced biometric systems, such as those used by police or airports.
  • A report by Kaspersky revealed in 2021 that banking apps on smartphones are vulnerable to attacks by falsified fingerprints. Attackers can use malware to intercept biometric data from users and use them to access their accounts.

These cases highlight the significant threats posed by fingerprint system corruption to phone users. Therefore, it is important to protect these systems against external and internal threats while integrating advanced technologies to enhance security and reliability.

DataShielder HSM: A Counter-Espionage Solution for Fingerprint System Security

You have learned in the previous sections that fingerprint systems are not foolproof. They can be corrupted by attacks that expose your secrets and sensitive data. To prevent malicious actors from capturing them, you need an effective and reliable encryption solution, even if your phone is compromised.

Freemindtronic, the leader in NFC HSM technologies, designed, developed, published and manufactured DataShielder HSM in Andorra. It is a range of solutions that you need. You can use either EviCore NFC HSM or EviCore HSM OpenPGP technology with DataShielder HSM. It lets you encrypt your data with segmented keys that you generate randomly yourself. The key segments are securely encrypted and stored in different locations. To access your secrets and your sensitive data encrypted in AES 256 quantum, you need to bring all segments together for authentication.

DataShielder HSM has two versions: DataShielder NFC HSM for civil and military use, and DataShielder NFC HSM Defense for sovereign use. DataShielder NFC HSM Defense integrates two technologies: EviCore NFC HSM and EviCore HSM OpenPGP. They allow you to create a hardware security module (HSM) without contact on any medium, without server, without database, totally anonymous, untraceable and undetectable.

DataShielder HSM is a user-friendly and compatible solution with all types of phone, with or without NFC, Android or Apple. It can be used for various purposes, such as securing messaging services, encrypting files or emails, signing documents or transactions, or generating robust passwords.

DataShielder HSM is a counter-espionage solution that enhances the security of fingerprint systems. It protects your data and secrets from unauthorized access, even if your fingerprint is compromised.

Current Trends and Developments in Fingerprint Biometrics

Fingerprint biometrics is a constantly evolving field. It seeks to improve the performance, reliability and security of existing systems. But it also develops new technologies and applications. Here are some current or expected trends and developments in this field.

  • Multimodality: it consists of combining several biometric modalities (fingerprint, face, iris, voice, etc.) to increase the level of security and reduce the risks of error or fraud. For example, some smartphones already offer authentication by fingerprint and facial recognition.
  • Contactless biometrics: it consists of capturing fingerprints without the need to touch a sensor. This technique avoids the problems related to the quality or contamination of fingerprints. And it improves the comfort and hygiene of users. For example, some airports already use contactless scanners to verify the identity of travelers.
  • Behavioral biometrics: it consists of analyzing the behavior of users when they interact with a biometric system. For instance, the way they place their finger on the sensor or the pressure they exert. This technique adds a dynamic factor to identification. And it detects attempts of impersonation or coercion. For example, some banking systems already use behavioral biometrics to reinforce the security of transactions.

Standards and Regulations for Fingerprint Systems

The use of fingerprint systems is subject to standards and regulations. They aim to ensure the quality, compatibility and security of biometric data. These standards and regulations can be established by international, national or sectoral organizations. Here are some examples of standards and regulations applicable to fingerprint systems.

  • The ISO/IEC 19794-2 standard: it defines the format of fingerprint data. It allows to store, exchange and compare fingerprints between different biometric systems. It specifies the technical characteristics, parameters and procedures to be respected to ensure the interoperability of systems.
  • The (EU) 2019/1157 regulation: it concerns the strengthening of the security of identity cards and residence permits issued to citizens of the European Union and their relatives. It provides for the mandatory introduction of two fingerprints in a digital medium integrated into the card. It aims to prevent document fraud and identity theft.
  • The Data Protection Act: it regulates the collection, processing and storage of personal data, including biometric data. It imposes on data controllers to respect the principles of lawfulness, fairness, proportionality, security and limited duration of data. It guarantees to data subjects a right of access, rectification and opposition to their data.

Examples of Good Practices for Fingerprint System Security

Fingerprint systems offer a convenient and effective way to authenticate people. But they are not without risks. It is important to adopt good practices to strengthen the security of fingerprint systems and protect the rights and freedoms of users. Here are some examples of good practices to follow by end users, businesses and governments.

  • For end users: it is recommended not to disclose their fingerprints to third parties, not to use the same finger for different biometric systems, and to check regularly the state of their fingerprints (cuts, burns, etc.) that may affect recognition. It is also advisable to combine fingerprint authentication with another factor, such as a password or a PIN or other trust criteria that allows the patented segmented key authentication technology developed by Freemindtronic in Andorra.
  • For businesses: it is necessary to comply with the applicable regulation on the protection of personal data, and to inform employees or customers about the use and purposes of fingerprint systems. It is also essential to secure biometric data against theft, loss or corruption, by using encryption, pseudonymization or anonymization techniques.
  • For governments: it is essential to define a clear and consistent legal framework on the use of fingerprint systems, taking into account ethical principles, fundamental rights and national security needs. It is also important to promote international cooperation and information exchange between competent authorities, in compliance with existing standards and conventions.

Responses to Attacks

Fingerprint systems can be victims of attacks aimed at bypassing or compromising their operation. These attacks can have serious consequences on the security of people, property or information. It is essential to know how to react in case of successful attack against a fingerprint system. Here are some recommendations to follow in case of incident.

  • Detecting the attack: it consists of identifying the type, origin and extent of the attack, using monitoring, auditing or forensic analysis tools. It is also necessary to assess the potential or actual impact of the attack on the security of the system and users.
  • Containing the attack: it consists of isolating the affected system or the source of the attack, by cutting off network access, disabling the biometric sensor or blocking the user account. It is also necessary to preserve any evidence that may facilitate investigation.
  • Notifying the attack: it consists of informing competent authorities, partners or users concerned by the attack, in compliance with legal and contractual obligations. It is also necessary to communicate on the nature, causes and consequences of the attack, as well as on the measures taken to remedy it.
  • Repairing the attack: it consists of restoring the normal functioning of the fingerprint system, by eliminating the traces of the attack, resetting the settings or replacing the damaged components. It is also necessary to revoke or renew the compromised biometric data, and verify the integrity and security of the system.
  • Preventing the attack: it consists of strengthening the security of the fingerprint system, by applying updates, correcting vulnerabilities or adding layers of protection. It is also necessary to train and raise awareness among users about good practices and risks related to fingerprint systems.

Next Steps for Fingerprint Biometrics Industry

Fingerprint biometrics is a booming field, which offers many opportunities and challenges for industry, society and security. Here are some avenues for reflection on the next steps for this field.

  • Research and development: it consists of continuing efforts to improve the performance, reliability and security of fingerprint systems, but also to explore new applications and technologies. For example, some researchers are working on artificial fingerprints generated by artificial intelligence, which could be used to protect or test biometric systems.
  • Future investments: it consists of supporting the development and deployment of fingerprint systems, by mobilizing financial, human and material resources. For example, according to a market study, the global market for fingerprint systems is expected to reach 8.5 billion dollars in 2025, with an average annual growth rate of 15.66%.
  • Expected innovations: it consists of anticipating the needs and expectations of users, customers and regulators, by offering innovative and adapted solutions. For example, some actors in the sector envisage creating fingerprint systems integrated into human skin, which could offer permanent and inviolable identification.

Conclusion

Fingerprint systems are a convenient and fast way to authenticate users, based on their unique fingerprint patterns. They have many applications in device protection and online service access. However, these systems are not immune to attacks by skilled adversaries, who can manipulate and exploit them. These attacks can lead to unauthorized access, data breaches, and other security issues.

To prevent these threats, users need to be vigilant and enhance security with additional factors, such as PINs, passwords, or patterns. Moreover, regular system updates are crucial to fix emerging vulnerabilities.

Fingerprint systems are still a valuable and common form of authentication. But users must understand their weaknesses and take steps to strengthen system integrity and data protection. One of the possible steps is to use DataShielder HSM solutions, developed by Freemindtronic in Andorra. These solutions allow creating HSM (Hardware Security Module) on any device, without server or database, to encrypt and sign any data. DataShielder HSM solutions also include EviSign technology, which allows electronically signing documents with a legally recognized value. DataShielder HSM solutions are available in different versions, including Defense versions, which offer a high level of protection for civil and military applications.

Protect yourself from Pegasus spyware with EviCypher NFC HSM

Protect yourself from Pegasus Spyware with EviCypher NFC HSM and EviCore NFC HSM by Freemindtronic technology from Andorra

Pegasus Spyware Protection by Jacques Gascuel: This article will be updated with any new information on the topic.  

Pegasus spyware protection

Pegasus is a spyware that can hack your phone and spy on your confidential information. It has been used to attack sensitive people like journalists or politicians. Freemindtronic, an Andorran company specialized in NFC security, anti-spy and counter-espionage, offers you EviCypher NFC HSM, a device that allows you to store and manage your keys and secrets securely. With EviCypher NFC HSM, you can encrypt and decrypt your data, sign and verify your documents, authenticate and control your access, without fear of Pegasus or any other spyware accessing your data.

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

How to protect yourself from Pegasus spyware with EviCypher NFC HSM

Pegasus Spyware: what it is, how it works, and how to protect yourself with EviCypher NFC HSM. In this article, we will tell you about Pegasus spyware. A global investigation revealed its misuse by governments and intelligence agencies. They target and spy on personalities around the world. We will explain what Pegasus is, how it works, who developed and sold it, and how it violated human rights, free speech, and democracy. We will also give you tips to protect yourself from this malware with EviCypher NFC HSM technology. It uses a contactless hardware security module (NFC HSM). That is, an innovative security device that lets you encrypt your data and communications on your mobile phone with your own keys that you created and stored offline.

What is Pegasus spyware and how does it work?

The features and capabilities of Pegasus spyware

Pegasus spyware is a malware that can hack your phone and access your data, calls, location, camera, and microphone. It can use security flaws in Android and iOS: silent installation. Spyware activation: missed call or hidden message.

Once installed on a phone, Pegasus spyware gains full access to SMS messages, emails, photos, contacts, calendar, GPS data, logs, and any apps and data the phone contains. In fact, the spyware can even gain access to encrypted data and messages by intercepting them prior to the encryption process. Pegasus spyware can transmit all this information to a remote server controlled by the attacker. Pegasus spyware can also self-destruct or hide its traces if it detects any attempt to detect or remove it.

The developer and seller of Pegasus spyware

NSO Group, an Israeli company founded in 2010 by ex-members of Unit 8200, develops Pegasus spyware. The Israeli military’s cyber intelligence unit. NSO Group sells its product only to government and law enforcement agencies: rescue and crime-fighting purposes. However, accusations against NSO Group: spyware sales to authoritarian regimes and human rights abusers.

How Pegasus spyware has been used to target and spy on people around the world

The Pegasus Project: a global investigation into Pegasus spyware

July 2021: seventeen media outlets exposed Pegasus spying on leaders, activists, journalists and dissidents, leading to “global human rights violations.

The Pegasus Project was led by Forbidden Stories, a Paris-based nonprofit journalism organization, and Amnesty International’s Security Lab, which analyzed the phones of the victims. They revealed that NSO Group’s clients selected over 50,000 phone numbers for surveillance since 2016.

The high-profile targets of Pegasus spyware

NSO Group’s clients selected phone numbers of three presidents (Macron, Ramaphosa and Salih), 10 prime ministers (Khan, Madbouly, El Othmani, Modi, Orbán, bin Daghr, Hariri, Bedoui, Sagintayev and Michel) and one king (Mohammed VI).

The investigation also found at least 180 journalists from 20 countries targeted by Pegasus spyware. They included reporters from CNN , NYT , WSJ , Guardian , Al Jazeera , Le Monde , FT , WP , Reuters , Bloomberg , AP.

Furthermore , the investigation showed evidence of Pegasus spyware infections or attempts on at least 37 phones of journalists , activists , and executives from 10 countries. They were from India , Mexico , France , Morocco , Hungary , Azerbaijan , Bahrain , Saudi Arabia , UAE , and Rwanda.

Some of the other countries and people that have been reportedly targeted by Pegasus spyware are:

  • Azerbaijan: to spy on opposition politicians such as Ali Karimli and journalists such as Khadija Ismayilova in 2019
  • Bahrain: to spy on activists such as Nabeel Rajab and Moosa Abd-Ali Ali in 2020
  • Hungary: to spy on journalists such as Szabolcs Panyi and politicians such as Bernadett Szél in 2019
  • Kazakhstan: to spy on journalists such as Aigul Utepova and activists such as Serikzhan Bilash in 2020
  • UAE: to spy on Princess Latifa, the daughter of Dubai’s ruler who tried to escape in 2018
  • USA: to spy on Jeff Bezos, the founder and CEO of Amazon, who had his phone hacked by Pegasus spyware in 2018 after he received a WhatsApp message from Mohammed bin Salman, the crown prince of Saudi Arabia

These cases show that Pegasus spyware has been used to violate human rights, free speech, and democracy around the world. The victims of Pegasus spyware have faced harassment, intimidation, arrest, torture, or assassination because of their work or opinions.

The latest news on Pegasus and its consequences

Since we published our article, there have been several important developments regarding Pegasus and its impact on the security and privacy of mobile phone users. Here is a summary of the latest news on Pegasus, sorted by descending chronological order:

Algeria launches an investigation into allegations related to Pegasus spyware

On July 21, 2023, Hindustan Times reported that Algeria had launched an investigation into allegations related to Pegasus spyware. The Algerian attorney general announced that he would open an investigation into the allegations that Pegasus spyware had been used to spy on Algerian personalities, including President Abdelmadjid Tebboune and Army Chief of Staff Saïd Chengriha. According to an investigation conducted by the Forbidden Stories consortium and Amnesty International, and published by several international media outlets, Algeria was among the 50 countries whose phone numbers had been selected as potential targets by NSO Group’s clients, who are mainly governments and intelligence agencies. The investigation revealed that more than 600 Algerian personalities had been targeted by Pegasus between 2017 and 2021, including ministers, diplomats, journalists, activists, political opponents and civil society members. The investigation also suggested that Morocco was the main user of Pegasus in North Africa, and that it had spied on its Algerian neighbors for geopolitical and security reasons. The Algerian attorney general said that he would conduct a “thorough and serious” investigation into this matter, and that he would cooperate with the judicial authorities of the countries concerned. He also said that Algeria condemned “firmly” any violation of its national sovereignty and the privacy of its citizens.

This case shows that Pegasus poses a threat to the sovereignty and security of African countries, which are often victims of foreign interference. It also shows that Algeria takes seriously the protection of its citizens from illegal spying. We applaud the initiative of the Algerian attorney general to open an investigation on this subject.

The Spanish investigation into Pegasus spyware is closed due to “total lack of cooperation” from Israel

On July 10, 2023, The Times of Israel revealed that the Spanish investigation into Pegasus spyware had been closed due to “total lack of cooperation” from Israel. A Spanish judge was investigating the alleged hacking of phones of Spanish ministers with Pegasus spyware, made by the Israeli company NSO Group. The judge had asked four times the Israeli government to provide him with information on the software and to allow him to interrogate NSO Group’s CEO, but he never received a response. The judge therefore decided to close provisionally the case, citing the “total lack of cooperation” from Israel, which prevented the investigation from progressing. The judge indicated that the only possible recourse was diplomatic pressure, to urge Israel to respect its obligations under international treaties.

This case shows that Pegasus raises a legal and ethical problem, which requires international cooperation to enforce law and justice. It also shows that Israel displays a lack of transparency and accountability on its activities related to Pegasus spyware. We regret Israel’s attitude, which hinders the Spanish investigation and which does not respect its international commitments.

The FBI used Pegasus spyware to spy on iPhones, in violation of the US ban

On August 1st, 2023, Mac4Ever revealed that the FBI had used Pegasus spyware to spy on iPhones, in violation of the ban imposed by the US government in November 2021. According to the information published by The New York Times and The Guardian, the FBI had acquired Pegasus spyware in 2019, under Trump’s administration, for 9 million dollars. The bureau had tried to access data from some iPhones, including those of US officials in Uganda, without their consent or knowledge. The FBI had also used another product from NSO Group, Landmark, which allows locating phones through flaws in cellular networks. This product had been used by a subcontractor of the FBI to track drug traffickers in Mexico, without informing the FBI of the origin of the product. The FBI had terminated the contract with the subcontractor and opened an internal investigation into this matter.

This case shows that Pegasus represents a danger for the privacy and human rights of mobile phone users, including in the US. It also shows that the FBI acted in contradiction with US foreign policy and national security, which placed NSO Group on a blacklist in November 2021. It finally shows that the FBI was deceived by a subcontractor who provided it with an illegal and insecure product. We denounce the use of Pegasus spyware by the FBI and we demand an independent investigation into this case.

By summarizing the latest news on Pegasus and its consequences, we show that the threat is still present and that it is urgent to protect yourself from this spyware with Evicypher NFC HSM.

How to detect and remove Pegasus spyware?

Pegasus is a malicious software that can hack your phone and access your data, calls, location, camera and microphone. It can use security flaws in Android and iOS to install silently and activate by a missed call or a hidden message.

If you suspect that you have Pegasus spyware on your phone, you can use a tool called MVT (Mobile Verification Toolkit) to scan your phone and check for traces of infection. MVT is a free tool developed by Amnesty International’s Security Lab. It works for both iOS and Android phones, but it requires some technical skills and a computer to run it.

To use MVT, you need to follow these steps:

  • Back up your phone to a computer using iTunes (for iOS) or ADB (for Android)
  • Download and install MVT on your computer using Python
  • Download the Indicators of Compromise (IOC) file from Amnesty International’s GitHub repository
  • Run MVT on your computer and point it to the backup of your phone and the IOC file
  • Read the analysis report and look for signs of infection
  • If MVT finds evidence of Pegasus spyware on your phone, you should take immediate action to remove it and protect yourself. Here are some recommendations:
    • Erase your phone and restore it to factory settings
    • Change all your passwords and enable two-factor authentication
    • Contact a trusted expert or organization for further assistance
    • Report the incident to the authorities or the media

You can find more detailed instructions on how to use MVT and what to do if you are infected on Amnesty International’s website or on The Verge’s guide. You can also use iMazing’s spyware detection tool for iOS devices, which is easier to use than MVT but less comprehensive.

Pegasus is a serious threat to your privacy and security. You should be aware of the risks and take precautions to protect yourself. EviCypher NFC HSM is a powerful solution that can help you encrypt your data and your communications on your mobile phone with your own keys. You can also use MVT or iMazing’s tool to detect and remove Pegasus spyware if you think you are infected. Stay safe and vigilant!

How EviCypher NFC HSM can protect you from Pegasus spyware

EviCypher NFC HSM: features and capabilities

EviCypher NFC HSM Technology: encryption via a Contactless Hardware Security Module (NFC HSM) designed and manufactured by Freemindtronic, an Andorrane R&D company in cyber, safety, security and anti spy.

EviCypher NFC HSM: store your keys and secrets in a contactless NFC device, like a card, sticker, or keychain. The Android phone’s NFC signal powers the device and serves as the terminal and UI. The device can store up to 200 secrets in its EEPROM memory.

The device: patented wireless access control system for two access profiles: administrator and users. Share your secrets without compromising your privacy. Patented authentication system by segmented key for up to 9 trust criteria to encrypt your secrets, such as geolocation, BSSID, password, or fingerprint.

Evicypher NFC HSM: Use your secrets without constraint with different Android NFC phone and all types of computers via extensions for web browser and web courier and open source Thunderbird. Share your secrets safely and with confidence offline and in Gap air. That is to say physically isolated from networks. In addition, you can share your secrets proximity by Bluetooth ADHOC or via a simple QR code encrypted in RSA 4096. You can thus encrypt or oversee all your favorite email types from your NFC HSM. It is contactless encryption between human being, without leaving any traces of your secrets in your phones or computers.

Products and services based on EviCypher NFC HSM technology

EviCypher NFC HSM: based on EviCore NFC HSM Technology, one of Freemindtronic’s white label products and services with patented technologies. Only available under patent license for white label products integration.

Evicypher NFC HSM: double-use version for civil and defense purposes , with reinforced security for your secrets , using more hidden and/or shared trust criteria , unknown to the user , preventing physical or legal threats from obtaining them . This version: for sovereign entities , like armed forces or secret services , needing more protection against espionage threats like PEGASUS spy software.

How to get and use EviCypher NFC HSM

Anonymously, with Freemindtronic Install on your NFC Android phone, create and store your secrets in an NFC HSM. Define your access profiles and trust criteria for each secret. Use your unlimited secrets with different NFC Android phones. Use your usual communications without changing your habits, email, webmail, chat, SMS, instant messaging, to encrypt them without contact just by passing the NFC HSM from Freemindtronic under the NFC antenna of your phone. Share your secrets with others who also have NFC HSM compatible with EviCypher NFC HSM technology.

To use EviCypher NFC HSM: Android phone with NFC and Freemindtronic app [here]. NFC device compatible with EviCore NFC HSM technology, such as Datashielder product with EviCypher NFC HSM and EviPass NFC HSM technologies. You will have the choice of different models and designs manufactured by Freemindtroic the Freemindtronic website click [here] to find out more.

EviCypher NFC HSM is a technology that allows you to fight against Pegasus spyware by securing your keys and secrets with hardware encryption and NFC. With EviCypher NFC HSM, you benefit from an innovative, practical and flexible solution for your personal or professional needs.

If you are interested in obtaining Evicypher NFC HSM technology and using it for your personal or professional needs, you can contact Freemindtronic by clicking [here]. You can also consult on the site how Evicypher NFC HSM technology works by clicking [here].

Conclusion and recommendations

Pegasus spyware: a privacy and human rights threat needing urgent action and regulation. Amnesty International calls for a global moratorium on surveillance technology sales and use until a human rights-compliant framework exists.

Evicypher NFC HSM: A technology to help you protect yourself from spyware like Pegasus with contactless encryption from a NFC HSM device without ever keeping clear data in the phone and/or computer with the possibility of deciphering the encrypted messages in AES256 Post quantum in GPA air via an QR code encrypted in RSA-4096 from the NFC HSM. Freemindtronic, a research and development company of safety, security, cyber security and andorran spying solution, which develops and offers various NFC HSM format and services available under white brand license with patented technologies.

Evicypher NFC HSM: Use your secrets without constraint with various NFC Android phones and all types of computers via extensions for web browser and web mail and Thunderbird source. Share your secrets safely and with confidence offline and in Gap Air. That is to say physically isolated from networks. In addition, you can share your secrets by Bluetooth Adhoc proximity or via a simple QR code encrypted in RSA 4096. You can quantify in seconds all your texts and parts attached for all your favorite messaging from your NFC HSM. It is contactless encryption between humans, without leaving traces of your secrets in your phones or computers.

Ommic case: How a French company allegedly handed over military secrets to China and Russia

Ommic case: The story of a French semiconductor company accused of spying for China and Russia

Ommic case by Jacques Gascuel: This article will be updated with any new information on the topic.  

Ommic case: A scandal of military industrial espionage

Ommic, a French semiconductor company, suspected of spying for China and Russia. Alleged delivery of military material and processes for radars, missiles or drones. Economic and political consequences for France and Europe. Questions about the protection and control of dual-use technologies. Article on the Ommic case, the technological secrets, the measures taken by the French government and other cases of military industrial espionage in the world.

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

Ommic case: The story of a French semiconductor company accused of spying for China and Russia

The Ommic case is a scandal of industrial espionage that involves a French company specialized in the manufacture of high-tech semiconductors. According to the charges brought by the French justice, Ommic would have delivered to China and Russia material and processes sensitive to the military, used in particular by the French army. The French general manager of the company, as well as three other people, were indicted in March 2023 for “delivery to a foreign power of processes, documents or files likely to harm the fundamental interests of the Nation”. The French state took temporary control of the company and seized several tens of millions of euros. In June 2023, Ommic was sold to an American owner and changed its name to Macom. This case raises questions about the protection of French technological know-how and the risks associated with the transfer of strategic technologies to foreign powers.

What is Ommic?

Ommic, located near Paris in Limeil-Brévannes, has a history of more than 40 years in material science, semiconductor wafer processing and monolithic microwave integrated circuit (MMIC) design. Its differentiated manufacturing capabilities include several semiconductor processes and products qualified by the European Space Agency (ESA). Ommic uses notably gallium arsenide (GaAs) and gallium nitride (GaN) technologies, which allow to produce high-performance electronic components for high-frequency applications. Ommic counts among its customers major players in the space sector, such as Thales Alenia Space or Airbus Defence and Space.

Why did Macom buy Ommic?

Macom is an American supplier of semiconductor products for the telecommunications, industrial and defense and data center sectors. Macom announced in February 2023 that it had entered into a definitive agreement to acquire the assets and operations of Ommic for approximately 38.5 million euros. Macom sees Ommic’s high-frequency MMIC product portfolio and design capability as an aid to address microwave applications on target markets. Macom also said that acquiring Ommic should allow it to focus more on European markets and expand its wafer production capacity.

What are the technological secrets delivered by Ommic?

According to the information revealed by the French press, Ommic would have delivered to China and Russia material and processes sensitive to the military, which could have been used to manufacture radars, missiles or drones. These would include machine tools capable of engraving GaN wafers, a highly sought-after technology for its performance in terms of power, efficiency and thermal resistance. Ommic would also have transmitted digital files containing integrated circuit plans, source codes or algorithms. These technological secrets would have an estimated value of several hundred million euros.

What are the consequences of the Ommic case?

The Ommic case had legal, economic and political consequences. On the legal level, four people were indicted and placed under judicial control. They face 15 years in prison and 225 000 euros fine.

On the economic level, the French state took temporary control of the company. It also seized several tens of millions of euros. Moreover, it launched an audit to assess the damage to national defense. Additionally, it strengthened the security and competitiveness of the French semiconductor industry.

On the political level, the Ommic case provoked contrasting reactions. Some denounced a national betrayal and a threat to technological sovereignty. Others minimized the scandal and welcomed the takeover by Macom. The French government affirmed its vigilance and reminded that France had other leading players in this field.

The Ommic case also had implications for the world of semiconductors. This is a strategic sector for many applications. The case revealed the vulnerability of some European companies to foreign espionage and competition. The case also highlighted the importance of protecting intellectual property rights and preventing technology transfers. The case also raised questions about Macom’s role and responsibility.

How did Macom react to the Ommic case?

Macom reacted to the Ommic case by expressing its support for the French authorities and its commitment to comply with all applicable laws and regulations. Macom stated that it was not aware of any wrongdoing by Ommic or its employees before or during the acquisition process. Macom also stated that it had conducted a thorough due diligence on Ommic’s business and operations before closing the deal. Macom said that it was cooperating fully with the French authorities and that it was confident that it would be able to demonstrate its good faith and integrity.

Macom also tried to reassure its customers and partners about its ability to continue to provide high-quality products and services based on Ommic’s technologies. Macom said that it had taken steps to ensure the continuity of Ommic’s operations and to preserve its know-how and expertise. Macom also said that it had implemented strict security measures to protect Ommic’s intellectual property and trade secrets from unauthorized access or disclosure.

Macom also emphasized the strategic value of acquiring Ommic for its growth and innovation objectives. Macom said that Ommic’s high-frequency MMIC product portfolio and design capability were complementary to its own offerings and would enable it to address microwave applications on target markets. Macom also said that acquiring Ommic would allow it to focus more on European markets and to expand its wafer production capacity.

Are these measures enough to ensure the security and competitiveness of France in the field of semiconductors?

According to experts, these measures are necessary but not sufficient. It would also be necessary to strengthen European cooperation, which is essential to cope with global competition, especially from China and the United States. It would also be necessary to anticipate technological changes and market needs, which are constantly changing. It would finally be necessary to develop a coherent and ambitious industrial and commercial strategy, which values the assets and specificities of France.

What are the challenges and opportunities that arise for the future?

The challenges are numerous, but so are the opportunities. The field of semiconductors is indeed a key sector for many applications, such as aeronautics, automotive, space, health or digital. The global demand is strong and should continue to grow in the coming years. France has recognized skills and innovative players in this field, who can differentiate themselves by their quality, reliability or performance. France can therefore play a major role in the development and dissemination of tomorrow’s technologies.

What are some other examples of military industrial espionage cases in the world?

Military industrial espionage is the practice of spying on or stealing information from other countries or companies that are involved in the development, production, or sale of military equipment, technology, or services. Military industrial espionage can have serious consequences for national security, economic competitiveness, and international relations.

There are many examples of military industrial espionage cases in the world, involving different actors, methods, and targets. Here are some of them:

  • In 2019, a former engineer at Raytheon, a US defense contractor, was arrested and charged with exporting sensitive missile technology to China. Wei Sun, a Chinese-born US citizen, admitted that he took a laptop containing classified information about Raytheon’s products to China without authorization. He also admitted that he shared some of the information with Chinese professors and students at a university in China1.
  • In 2018, a former employee of the French aerospace company Thales was convicted of spying for China. Henri Dumoulin, a French citizen, was accused of passing confidential documents about radar systems and missile guidance to Chinese intelligence agents. He was sentenced to six years in prison and fined 40,000 euros2.
  • In 2017, a former employee of the German engineering company Siemens was found guilty of selling trade secrets to Russia. Evgeny Kaspersky, a Russian citizen, worked as a software developer at Siemens and had access to the source code of a software used to control gas turbines. He copied the code and sold it to a Russian company that was linked to the Russian military. He was sentenced to two years and nine months in prison3.
  • In 2016, a former employee of the British defense company BAE Systems was arrested and charged with attempting to sell jet fighter secrets to Iran. Simon Finch, a British citizen, worked as a software engineer at BAE Systems and had access to sensitive information about the Typhoon fighter jet. He allegedly tried to sell the information to Iranian officials through an encrypted messaging app. He was later acquitted after claiming that he acted out of frustration over his treatment by BAE Systems.

How to prevent and combat military industrial espionage?

Military industrial espionage is a widespread and dangerous phenomenon for the security and competitiveness of countries and companies involved in the military industry. It involves spying or stealing sensitive information or technology for military purposes. Therefore, it is important to implement effective measures to prevent and combat this type of espionage. These measures may include:

  • Strengthening the protection and control of classified or proprietary information and technology.
  • Enhancing the awareness and education of employees and contractors about the risks and responsibilities.
  • Increasing the cooperation and coordination among national and international authorities and partners.
  • Prosecuting and sanctioning those who engage in or facilitate military industrial espionage.

The Ommic case is not an isolated case of military industrial espionage in the world. There are many cases where countries or companies have tried to appropriate or transfer sensitive information or technology. Some of these technologies are dual-use, meaning that they can have both civilian and military applications. This is the case for data encryption and messaging.

The complexity and dynamics of industrial espionage with a military character

Industrial espionage with a military character is a complex and dynamic phenomenon, which evolves according to technological advances, geopolitical power relations and the strategies of the actors involved. It poses significant challenges for the security and competitiveness of countries and companies that are victims or targets of this practice. It therefore requires constant vigilance and continuous adaptation to prevent and combat this threat.

The Ommic case is a concrete and recent example of industrial espionage with a military character that illustrates one of the methods that this practice can take. It also shows the flaws and risks associated with dual-use technologies, i.e. technologies that can have both civilian and military applications. It invites us to think about the future prospects and challenges posed by industrial espionage with a military character in an increasingly connected and competitive world.

Conclusion: The Ommic case and the challenges of industrial espionage with a military character

Industrial espionage with a military character is a complex and dynamic phenomenon, which evolves according to technological advances, geopolitical power relations and the strategies of the actors involved. It poses significant challenges for the security and competitiveness of countries and companies that are victims or targets of this type of espionage. It therefore requires constant vigilance and continuous adaptation to prevent and combat this threat.

In this article, we have presented the Ommic case, a scandal of industrial espionage with a military character that involves a French company specialized in the manufacture of high-performance electronic components for high-frequency applications. We have explained the facts, the actors, the stakes and the consequences of this case. We have also shown how this case illustrates one form of industrial espionage with a military character by transfer, according to the means and methods used. In the next article, we will address other methods such as infiltration, surveillance, hacking, subversion.

In the next article, we will also talk about the counter-espionage technologies such as those designed, developed and manufactured by Freemindtronic, which include innovative digital security solutions based on quantum cryptography. These solutions allow to protect sensitive data from theft, falsification or corruption, using unbreakable encryption keys and tamper-proof transactions.

We will explain how these solutions can help countries and companies to protect themselves from attacks of industrial espionage with a military character, using cutting-edge and environmentally friendly technologies.

If you want to learn more about how to protect your data and communication from industrial espionage with a military character, stay tuned for our next article on Freemindtronic’s innovative solutions based on quantum cryptography. 

KingsPawn A Spyware Targeting Civil Society

KingsPawn A Spyware

 

KingsPawn from QuaDream Spyware Threat

KingsPawn, a spyware developed and sold by QuaDream based on digital offensive technology to governments. Its spyware, named Reign, uses zero-click exploits to infiltrate the mobile devices of civil society victims. In this article you will learn how QuaDream works, who its Cyber victims and customers have been, and how to protect yourself from this type of dangerous spyware

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

To learn more about the potential dangers of KingsPawn spyware, read “QuaDream: Spyware That Targets Civil Society.” Stay informed by browsing our constantly updated topics

How to Secure Your Data from QuaDream’s KingsPawn Spyware,” written by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides priceless knowledge on the topic of data encryption and decryption. Are you prepared to enhance your comprehension of data protection?

QuaDream: KingsPawn spyware vendor shutting down in may 2023

QuaDream was a company that sold digital offensive technologies to governments. Its main product, Reign, was a spyware that used zero-click exploits to hack mobile devices. A few months after Pegasus, a similar spyware by NSO Group, Microsoft and Citizen Lab found QuaDream’s Reign / KingsPawn spyware and its victims worldwide.

However, in May 2023, QuaDream stopped its activitiesMay 2023, QuaDream stopped its activities, due to the Israeli government’s restrictions on its spyware export. QuaDream had developed other espionage technologies, such as ENDOFDAYS, that it sold to foreign governments, like Morocco, Saudi Arabia, Mexico, Ghana, Indonesia and Singapor.

QuaDream tried to sell its assets to other players, but the Israeli government blocked them It is unknown if the spyware KingsPawn is still active and used, or who controls it. Therefore, it is advised to be vigilant and protect your data with reliable security solutions.

How QuaDream’s Exploits KingsPawn her Spyware Work

According to Microsoft, QuaDream has an arsenal of exploits and malware that it calls KingsPawn. It includes a suspected exploit for iOS 14, named ENDOFDAYS, that seems to use invisible iCloud calendar invitations sent by the spyware operator to the victims. This exploit was deployed as a zero-day against iOS 14.4 and 14.4.2 versions, and maybe others.

The KingsPawn spyware is designed to exfiltrate data from the infected devices, such as contacts, messages, photos, videos, audio recordings, location data, browser information and app data. The malware communicates with command and control (C2) servers via encrypted protocols and uses evasion techniques to avoid detection.

How the KingsPawn spyware infects phones

The main infection vector of KingsPawn is the ENDOFDAYS exploit, which does not require any user interaction to execute. The spyware operator sends an invisible iCloud calendar invitation to the target’s phone number or email address. The invitation contains a malicious link that triggers the exploit when the phone processes the notification. The exploit then downloads and installs the KingsPawn malware on the device, without the user’s knowledge or consent.

The spyware operator can also use other methods to deliver the malicious link, such as phishing emails, SMS, social media messages, or fake websites. However, these methods require the user to click on the link, which reduces the chances of success.

KingsPawn Datasheet

The following table summarizes the main features and characteristics of the KingsPawn malware:

Feature Description
Name KingsPawn
Developer QuaDream
Platform iOS
Version 1.0
Size 2.5 MB
Permissions Full access to device data and functions
Capabilities Data exfiltration, audio recording, camera capture, location tracking, file search, keychain access, iCloud password generation, self-deletion
Communication Encrypted TCP and UDP protocols
C2 servers Multiple domains and IP addresses, some located in Israel, Bulgaria, Czech Republic, Hungary, Ghana, Mexico, Romania, Singapore, UAE, and Uzbekistan
Victims At least five civil society actors, including journalists, political opponents, and an NGO worker, in North America, Central Asia, Southeast Asia, Europe, and the Middle East
Customers Several governments, some with poor human rights records, such as Singapore, Saudi Arabia, Mexico, Ghana, Indonesia, and Morocco

How to Detect KingsPawn

KingsPawn is a stealthy and sophisticated malware that can evade most antivirus and security software. However, there are some signs and symptoms that can indicate a possible infection, such as:

  • Unusual battery drain or overheating of the device
  • Increased data usage or network activity
  • Unexpected pop-ups or notifications
  • Changes in device settings or behavior
  • Presence of unknown apps or files

If you notice any of these signs, you should scan your device with a reliable antivirus or security app, such as Malwarebytes or Norton. These apps can detect and remove KingsPawn and other malicious software from your device.

How to Protect Against KingsPawn

If you suspect that your device is infected by KingsPawn, you should take the following steps to remove it and protect your data:

  • Disconnect your device from the internet and any other networks
  • Backup your important data to a secure external storage
  • Perform a factory reset of your device to erase all data and settings
  • Restore your device from a clean backup or set it up as a new device
  • Update your device to the latest version of iOS and install security patches
  • Change your passwords and enable two-factor authentication for your online accounts
  • Avoid clicking on suspicious links or opening attachments from unknown sources
  • Use a reputable antivirus or security app to scan your device regularly

These steps will help you to get rid of KingsPawn and prevent it from infecting your device again. However, you should also be aware of the risks of using unsecured email services, such as iCloud web mail, which can be compromised by hackers or spyware. To protect your emails and other sensitive data, you should use a technology that encrypts your data with a hardware security module (HSM), such as EviCypher NFC HSM or DataShielder HSM PGP.

Who Are the Victims and Customers of QuaDream?

Citizen Lab, a research lab at the University of Toronto, identified at least five civil society victims of the spyware and exploits of QuaDream in North America, Central Asia, Southeast Asia, Europe and the Middle East. The victims include journalists, political opponents and a worker of a non-governmental organization (NGO). Citizen Lab did not reveal the names of the victims for security reasons, but one of them agreed to share his testimony anonymously:

I was shocked when I learned that my phone was infected by QuaDream. I had no idea tat they were targeting me. I work for a human rights NGO and I have been involved in several campaigns to denounce the abuses of authoritarian regimes. I fear that they have accessed my personal and professional data, and that they have compromised my contacts and sources.

Citizen Lab also detected QuaDream servers operated from Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates (UAE) and Uzbekistan. These countries could be potential or current customers of QuaDream, which sells its Reign platform to governments for law enforcement purposes. Media reports indicate that QuaDream sold its products to Singapore, Saudi Arabia, Mexico and Ghana, and offered its services to Indonesia and Morocco.

What Is the Link Between QuaDream and InReach?

QuaDream had a partnership with a Cypriot company called InReach, with which it is currently in legal dispute. The two companies accused each other of fraud, theft of intellectual property and breach of contract. Several key people associated with both companies have previous links with another surveillance provider, Verint, as well as with Israeli intelligence agencies.

Microsoft and Citizen Lab shared information about QuaDream with their customers, industry partners and the public, to improve the collective knowledge of how PSOAs (private sector offensive actors) operate and how they facilitate the targeting and exploitation of civil society. Microsoft calls for stricter regulation of PSOAs and increased protection of human rights in cyberspace.

Conclusion

QuaDream is a new spyware vendor that poses a serious threat to civil society. Its spyware, named Reign, uses zero-click exploits to infiltrate the mobile devices of civil society victims. QuaDream has sold its products to several governments, some of which have a poor record of human rights. QuaDream is also involved in a legal dispute with another company, InReach, over the ownership of the spyware technology. The international community should be aware of the dangers of QuaDream and other PSOAs, and take action to prevent their abuse.