image_pdfimage_print
2024, Articles, Cyberculture, EviPass, Password

Human Limitations in Strong Passwords Creation

Posted on by FMTAD
Digital image showing a confused user at a computer surrounded by complex password symbols
22
Jan

How to Create Strong Passwords Despite Human Limitations

Human Limitations in Strong Passwords are crucial in safeguarding our personal and professional data online. But do you know how to craft a robust password capable of thwarting hacking attempts? In this article, we delve into the impact of human factors on password security. Furthermore, you will gain insights on overcoming these limitations and creating formidable passwords.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

For comprehensive threat assessments and innovative solutions, delve into “Human Limitations in Strong Passwords.” Stay informed by exploring our constantly updated topics..

Human Limitations in Strong Passwords,” authored by Jacques Gascuel, the visionary behind cutting-edge sensitive data security and safety systems, offers invaluable insights into the field of human-created password security. Are you ready to improve your understanding of password protection?

Human Limitations in Strong Passwords: Cybersecurity’s Weak Link

Passwords are essential for protecting our data on the Internet. But creating a strong password is not easy. It requires a balance between security and usability. In this article, we will explain what entropy is and how it measures the strength of a password. We will also explore the limitations and problems associated with human password creation. We will show that these factors reduce entropy and password security, exposing users to cyber attacks. We will also provide some strategies and tips to help users create stronger passwords.

What is Entropy and How Does it Measure Password Strength?

Entropy is a concept borrowed from information theory. It measures the unpredictability and randomness of a system. The higher the entropy, the more disordered the system is, and the harder it is to predict.

In the context of passwords, entropy measures how many attempts it would take to guess a password through brute force. In other words, entropy measures the difficulty of cracking a password. The higher the entropy, the stronger the password is, and the harder it is to crack.

However, entropy is not a fixed value, but a relative measure that depends on various factors, such as the length, composition, frequency, and popularity of the password. We will explain these factors in more detail later.

How Do Cognitive Biases Influence Password Creation?

Cognitive Biases in Password Creation

Cognitive biases, such as confirmation bias and anchoring bias, significantly influence how users create passwords. Understanding “Human Limitations in Strong Passwords” is essential to recognize and overcome these biases for better password security.

Cognitive biases are reasoning or judgment errors that affect how humans perceive and process information. They are often the result of heuristics, mental shortcuts used to simplify decision-making. These biases can have adaptive advantages but also lead to errors or distortions of reality.

In password creation, cognitive biases can influence user choices, leading to passwords that make sense to them, linked to their personal life, culture, environment, etc. These passwords are often predictable, following logical or mnemonic patterns, reducing entropy.

For example, humans are subject to confirmation bias, thinking their password is strong enough because it meets basic criteria like length or composition, without considering other factors like character frequency or diversity.

They are also prone to anchoring bias, choosing passwords based on personal information like names, birthdates, pets, etc., not realizing this information is easily accessible or guessable by hackers.

Availability bias leads to underestimating cyber attack risks because they haven’t been victims or witnesses of hacking, or they think their data isn’t interesting to hackers.

Human Factors in Strong Password Development: Cognitive Biases

Strategies to Overcome Cognitive Biases

To mitigate the impact of cognitive biases, consider adopting better password practices:

  • Utilize a different password for each service, especially for sensitive or critical accounts, such as email, banking, or social media.
  • Employ a password manager, which is a software or application that securely stores and generates passwords for each service. Password managers can assist users in creating and recalling strong, random passwords, all while maintaining security and convenience.
  • Implement two-factor authentication, a security feature that necessitates users to provide an additional verification method, such as a code sent to their phone or email, or a biometric scan, in order to access their accounts. Two-factor authentication can effectively thwart hackers from gaining access to accounts, even if they possess the password.
  • Regularly update passwords, but refrain from doing so excessively, in order to prevent compromise by hackers or data breaches. Users should change their passwords when they suspect or confirm a breach or when they detect suspicious activity on their accounts. It’s also advisable for users to avoid changing their passwords too frequently, as this can lead to weaker passwords or password reuse.

Addressing Human Challenges in Secure Password Creation with Freemindtronic’s Advanced Technologies

Understanding Human Constraints in Robust Password Generation

The process of creating strong passwords often clashes with human limitations. Freemindtronic’s EviPass NFC HSM and EviPass HSM PGP technologies, integral to the PassCypher range, acknowledge these human factors in strong password development. By automating the creation process and utilizing Shannon’s entropy model, these technologies effectively mitigate the cognitive biases that typically hinder the creation of secure passwords.

Password Security and the Fight Against Cyber Attacks

In the context of increasing cyber threats, the security of passwords becomes paramount. Freemindtronic’s solutions offer a robust defense against cyber attacks by generating passwords that exceed conventional security standards. This approach not only addresses the human challenges in creating strong passwords but also fortifies the digital identity protection of users.

Leveraging Entropy in Passwords for Enhanced Security

The concept of entropy in passwords is central to Freemindtronic’s technology. By harnessing advanced entropy models, these systems ensure a high level of randomness and complexity in password creation, significantly elevating password security. This technical sophistication is crucial in overcoming human limitations in generating secure passwords.

Cognitive Biases in Passwords: Simplifying User Experience

Freemindtronic’s technologies also focus on the human aspect of password usage. By reducing the cognitive load through features like auto-fill and passwordless access, these systems address common cognitive biases. This user-friendly approach not only enhances the ease of use but also contributes to the overall strategy for strong password management.

Adopting Strong Password Strategies for Digital Identity Protection

Incorporating strong password strategies is essential in safeguarding digital identities. Freemindtronic’s technologies empower users to adopt robust password practices effortlessly, thereby enhancing digital identity protection. This is achieved through the generation of complex passwords and the elimination of the need for manual password management.

Elevating Password Security in the Digital Age

Freemindtronic’s EviPass NFC HSM and EviPass HSM PGP technologies are at the forefront of addressing human limitations in strong password creation. By integrating advanced entropy in passwords, focusing on user-centric design, and combating the risks of cyber attacks, these technologies are setting new benchmarks in password security and digital identity protection. Their innovative approach not only acknowledges but also effectively overcomes the human challenges in secure password creation, marking a significant advancement in the field of digital security.

Human Constraints in Robust Password Generation

There are various methods to help users create strong, memorable passwords. These methods have pros and cons, which should be understood to choose the most suitable for one’s needs.

Mnemonic Passwords: Balancing Memory and Security

Mnemonic passwords are based on phrases or acronyms, serving as memory aids. For example, using the phrase “I was born in 1984 in Paris” to create the password “Iwbi1984iP”.

Advantages of mnemonic passwords:

  • Easier to remember than random passwords, using semantic memory, more effective than visual or auditory memory.
  • Can be longer than random passwords, composed of multiple words or syllables, increasing entropy.

Disadvantages of mnemonic passwords:

  • Often predictable, following logical or grammatical patterns, reducing entropy.
  • Vulnerable to dictionary attacks, containing common words or personal information, easily accessible or guessable by hackers.
  • Difficult to type, containing special characters like accents or spaces, not always available on keyboards.

The Trade-Off Between Mnemonics and Entropy

To balance memory and security, users should use mnemonics that are not too obvious or common, but rather personal and unique. They should also avoid using the same mnemonic for different passwords, or using slight variations of the same mnemonic. They should also add some randomness or complexity to their mnemonics, such as numbers, symbols, or capitalization.

Random Passwords: Entropy and Ease of Use

Random passwords are composed of randomly chosen characters, without logic or meaning. For example, the password “qW7x#4Rt”.

Advantages of random passwords:

  • Harder to guess than mnemonic passwords, not following predictable patterns, increasing entropy.
  • More resistant to dictionary attacks, not containing common words or personal information.

Disadvantages of random passwords:

  • Harder to remember than mnemonic passwords, not using semantic memory.
  • Can be shorter than mnemonic passwords, composed of individual characters, reducing entropy.

Phrase-Based Passwords: Entropy and Ease of Use

Phrase-based passwords are composed of several words forming a phrase or expression. For example, the password “The cat sleeps on the couch”.

Advantages of phrase-based passwords:

  • Easier to remember than random passwords, using semantic memory.
  • Can be longer than random passwords, composed of multiple words, increasing entropy.

Disadvantages of phrase-based passwords:

  • Often predictable, following logical or grammatical patterns, reducing entropy.
  • Vulnerable to dictionary attacks, containing common words or expressions.
  • Difficult to type, containing spaces, not always accepted by online services.

Evaluating Phrase-Based Password Effectiveness

To evaluate the effectiveness of phrase-based passwords, users should consider the following criteria:

  • Phrase length plays a crucial role: Longer phrases tend to result in higher entropy. However, it’s important to strike a balance, as excessively long phrases can become challenging to type or recall.
  • The diversity of words also matters: Greater word diversity contributes to higher entropy. Nevertheless, it’s essential to avoid overly obscure words, as they might prove difficult to remember or spell.
  • Randomness in word selection boosts entropy: The more random the words, the greater the entropy. Yet, it’s necessary to maintain some level of coherence between words, as entirely unrelated words can pose memory and association challenges.

Human-Generated Random Passwords: Entropy and Ease of Use

Human-generated random passwords are composed of randomly chosen characters by the user, without logic or meaning. For example, the password “qW7x#4Rt”.

Advantages :

  • Harder to guess than mnemonic or phrase-based passwords, increasing entropy.
  • More resistant to dictionary attacks, not containing common words or personal information.

Disadvantages:

  • Harder to remember than mnemonic or phrase-based passwords.
  • Often biased by user preferences or habits, favoring certain characters or keyboard positions, reducing entropy.

The Risks of Low Entropy in Human-Created Passwords

Low entropy passwords have significant consequences on the security of personal and professional data. Weak passwords are more vulnerable to cyber attacks, especially brute force. Hackers can use powerful software or machines to test billions of combinations per second. Once the password is found, they can access user accounts, steal data, impersonate, or spread viruses or spam.

Consequences of Predictable Passwords on Cybersecurity

The consequences of predictable passwords on cybersecurity are:

  • Data breach: Hackers can access user data, such as personal information, financial records, health records, etc. They can use this data for identity theft, fraud, blackmail, or sell it to third parties.
  • Account takeover: Hackers can access user accounts, such as email, social media, online shopping, etc. They can use these accounts to impersonate users, send spam, make purchases, or spread malware.
  • Reputation damage: Hackers can access user accounts, such as professional or academic platforms, etc. They can use these accounts to damage user reputation, post false or harmful information, or sabotage user work or research.

Understanding the Vulnerability of Low Entropy Passwords

Password Length and Entropy

The vulnerability of passwords depends on various factors, including the length, composition, frequency, and popularity of the password. Understanding “Human Limitations in Strong Passwords” is crucial for safeguarding your online data. Longer and more complex passwords offer higher entropy and are harder to crack.

Composition Complexity

Complex passwords that include a variety of character types, such as lowercase, uppercase, numbers, and symbols, significantly enhance security. This aspect of “Human Limitations in Strong Passwords” is often overlooked, but it’s essential for creating robust passwords.

Common vs. Rare Passwords

The frequency and popularity of passwords play a vital role in their vulnerability. Common passwords, like “123456” or “password,” are easily guessed, while rare and unique passwords, such as “qW7x#4Rt” or “The cat sleeps on the couch,” provide more security.

Password Composition

The composition of a password is a critical factor. Passwords based on common words or personal information are easier for hackers to guess. Understanding the impact of “Human Limitations in Strong Passwords” can help you make informed choices about password composition.

These factors collectively influence the time required for brute force attacks to uncover a password. Longer durations enhance password security, but it’s essential to consider the evolving computing power of hackers, which can reduce the time required to crack passwords over time and with advancing technology. Another factor that affects the vulnerability of passwords is their frequency and popularity.

Recurring Password Changes: A Challenge to Password Entropy

Another human limitation in creating strong passwords is the recurrent need to change them. Often mandated by online services for security, regular changes can paradoxically weaken password strength. This practice burdens users with remembering multiple passwords and inventing new ones frequently. It leads to slight modifications of existing passwords rather than generating new, more random ones. This habit reduces password entropy, making passwords more predictable and vulnerable to cyber attacks.

Impact of Frequent Password Updates on Security

Studies have shown that users required to change passwords every 90 days tend to create weaker, less diverse passwords. Conversely, those with less frequent changes generate more random and secure passwords. This illustrates the counterproductive nature of too-frequent mandatory password updates.

The Counterproductive Nature of Mandatory Password Changes

Mandatory password changes are often imposed by online services for security reasons. They aim to prevent password compromise by hackers or leaks. However, mandatory password changes can have negative effects on password security, such as:

  • Elevating cognitive load entails users remembering multiple passwords for each service and crafting new passwords whenever needed.
  • Dampening user motivation occurs when individuals view password changes as unnecessary or ineffective, leading to a neglect of password quality.
  • Diminishing password entropy arises when users opt for making slight modifications to old passwords rather than generating entirely new and random ones.

These effects negatively impact password security, making passwords more predictable and vulnerable to cyber attacks.

Research Insights on Low Entropy in Human Passwords

In this section, we will present some sources and findings from scientific studies conducted by researchers from around the world on passwords and entropy. We have verified the validity and accuracy of these sources using web search and citation verification tools. We have also respected the APA citation style.

Analyzing Global Studies on Password Security

Several studies have analyzed the security of passwords based on real databases of passwords disclosed following leaks or hacks. These studies have measured the entropy and the strength of passwords, as well as the patterns and the behaviors of users. Some of these studies are:

Key Findings from Password Entropy Research

Some of the key findings from these studies are:

  • any users maintain low-entropy passwords, relying on common words, personal information, or predictable patterns.
  • Furthermore, they tend to reuse passwords across multiple services, thereby elevating the risk of cross-service compromise.
  • In addition, they typically refrain from changing passwords regularly, unless prompted to do so by online services or following a security breach.
  • Surprisingly, a significant portion of users remains unaware of the critical importance of password security or tends to overestimate the strength of their passwords.
  • Moreover, a considerable number of users exhibit reluctance towards the adoption of password managers or two-factor authentication, often citing usability or trust concerns.

These findings confirm the low entropy of human passwords, and the need for better password practices and education.

Password Reuse and Its Impact on Entropy

Another issue with human password creation is password reuse, a common practice among Internet users, who have to remember multiple passwords for different services. Password reuse consists of using the same or similar passwords for different accounts, such as email, social media, online shopping, etc. Password reuse can reduce the cognitive load and the effort required to create and remember passwords, but it also reduces the entropy and the security of passwords.

The Risks Associated with Password Reuse

The risks associated with password reuse are:

  • Cross-service compromise: If a password is discovered or compromised on one service, it can be used to access other services that use the same or similar password. For example, if a hacker obtains a user’s email password, they can use it to access their social media, online shopping, or banking accounts, if they use the same password or a slight variation of it.
  • Credential stuffing: Credential stuffing is a type of cyberattack that uses automated tools to test stolen or leaked usernames and passwords on multiple services. For example, if a hacker obtains a list of usernames and passwords from a data breach, they can use it to try to log in to other services, hoping that some users have reused their passwords.
  • Password cracking: Password cracking is a type of cyberattack that uses brute force or dictionary methods to guess passwords. For example, if a hacker obtains a user’s password hash, they can use it to try to find the plain text password, using lists of common or leaked passwords.

These risks show that password reuse can expose users to cyber threats, as a single password breach can compromise multiple accounts and data. Password reuse can also reduce the entropy of passwords, as users tend to use common or simple passwords that are easy to remember and type, but also easy to guess or crack.

Addressing the Security Flaws of Reusing Passwords

To mitigate the security vulnerabilities associated with password reuse, users should embrace improved practices for password creation and management. Some of these recommended practices include:

  • Utilize distinct passwords for each service, particularly for sensitive or crucial accounts such as email, banking, or social media. This approach ensures that if one password is compromised, it won’t jeopardize other accounts or data.
  • Employ a password manager, which is software or an application designed to securely store and generate passwords for each service. Password managers assist users in crafting and recalling strong, randomly generated passwords, all while upholding security and convenience. Additionally, these tools can notify users about password breaches or weak passwords, as well as suggest password changes or updates.
  • Implement two-factor authentication (2FA), a security feature demanding users to provide an additional verification method, such as a code sent to their phone or email, or a biometric scan. This extra layer of security thwarts hackers from gaining access to accounts solely through knowledge of the password, as they would require the second factor as well.
  • Adopt a regular password change strategy, though not excessively frequent, to preempt compromise by hackers or data leaks. Passwords should be modified when users suspect or verify a breach, or when they detect suspicious activity on their accounts. It’s also advisable to avoid changing passwords too frequently, as this can potentially result in weaker passwords or password reuse.

These practices can help users avoid password reuse and increase the entropy and security of their passwords. They can also reduce the cognitive load and the effort required to create and remember passwords, by using tools and features that simplify password creation and management.

Behavioral Resistance in Secure Password Practices

Another issue with human password creation is resistance to behavioral changes, a psychological phenomenon preventing users from adopting new habits or modifying old ones regarding passwords. Users are often reluctant to change passwords, even when aware of risks or encouraged to do so. This resistance can be due to factors like laziness, ignorance, confidence, fear, satisfaction, etc.

Overcoming Psychological Barriers in Password Security

Psychological barriers can hinder password security, as users may not follow the best practices or recommendations to create stronger passwords. To overcome these barriers, users need to be aware of the importance and benefits of password security, as well as the costs and risks of password insecurity. Some of the ways to overcome psychological barriers are:

  • Educating users about password security, explaining what entropy is, how it measures password strength, and how to increase it.
  • Motivating users to change passwords, providing incentives, feedback, or rewards for creating stronger passwords.
  • Persuading users to adopt password managers, demonstrating how they can simplify password creation and management, without compromising security or convenience.
  • Nudging users to use two-factor authentication, making it easy and accessible to enable and use this security feature.

Conclusion: Reinforcing Password Security Amidst Human Limitations

In this article, we have explained what entropy is and how it measures the strength of a password. We also explored the limitations and problems associated with human password creation, such as cognitive biases, human generation methods, password reuse, and resistance to behavioral changes. We have shown that these factors reduce entropy and password security, exposing users to cyber attacks. We have also provided some strategies and tips to help users create stronger passwords.

We hope this article has helped you understand the importance of password security and improve your password practices. Remember, passwords protect your digital identity and data online. Creating strong passwords is not only a matter of security, but also of responsibility.

2024, Articles, Digital Security, EviKey NFC HSM, EviPass, News, SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

Posted on by FMTAD
SSH handshake with Terrapin attack and EviKey NFC HSM
11
Jan

Terrapin Attack: How to Protect Your SSH Security

The Terrapin attack is a serious vulnerability in the SSH protocol that can be used to downgrade the security of your SSH connections. This can allow attackers to gain access to your sensitive data. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

Terrapin attack: CVE-2023-48795 SSH security vulnerability articles for in-depth threat reviews and solutions. Stay informed by clicking on our scrolling topics.

Shield Your SSH Security from the Sneaky Terrapin Attack written by Jacques Gascuel, inventor of sensitive data safety and security systems. Are you safeguarding your SSH connections? Stay vigilant against the Terrapin attack, a stealthy vulnerability that can compromise your SSH security and expose your sensitive data.

Protect Yourself from the Terrapin Attack: Shield Your SSH Security with Proven Strategies

SSH is a widely used protocol for secure communication over the internet. It allows you to remotely access and control servers, transfer files, and encrypt data. However, SSH is not immune to attacks, and a recent vulnerability OpenSSH before 9.6 (CVE-2023-48795) has exposed a serious flaw in the protocol itself. This flaw, dubbed the Terrapin attack, can downgrade the security of SSH connections by truncating cryptographic information. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Why you should care about the Terrapin attack

The Terrapin attack is not just a theoretical threat. It is a real and dangerous attack that can compromise the security of your SSH connections and expose your sensitive data. The consequences of a successful Terrapin attack can be severe, such as:

  • Data breaches: The attacker can access your confidential information, such as passwords, keys, files, or commands, and use them for malicious purposes.
  • Financial losses: The attacker can cause damage to your systems, services, or assets, and demand ransom or extort money from you.
  • Reputation damage: The attacker can leak your data to the public or to your competitors, and harm your credibility or trustworthiness.

Therefore, it is important to be aware of the Terrapin attack and take the necessary measures to prevent it. In the following sections, we will show you how the Terrapin attack works, how to protect yourself from it, and how to use PassCypher HSM PGP and EviKey NFC HSM to enhance the security of your SSH keys.

A prefix truncation attack on the SSH protocol

The Terrapin attack is a prefix truncation attack that targets the SSH protocol. It exploits a deficiency in the protocol specification, namely not resetting sequence numbers and not authenticating certain parts of the handshake transcript. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

This manipulation allows the attacker to perform several malicious actions, such as:

  • Downgrade the connection’s security by forcing it to use less secure client authentication algorithms
  • Bypass the keystroke timing obfuscation feature in OpenSSH, which may allow the attacker to brute-force SSH passwords by inspecting the network packets
  • Exploit vulnerabilities in SSH implementations, such as AsyncSSH, which may allow the attacker to sign a victim’s client into another account without the victim noticing

To pull off a Terrapin attack, the attacker must already be able to intercept and modify the data sent from the client or server to the remote peer. This makes the attack more feasible to be performed on the local network.

Unveiling the SSH Handshake: Exposing the Terrapin Attack’s Weakness

The SSH Handshake Process

The SSH handshake is a crucial process that establishes a secure channel between a client and server. It consists of the following steps:

  1. TCP connection establishment: The client initiates a TCP connection to the server.
  2. Protocol version exchange: The client and server exchange their protocol versions and agree on a common one. Then, the algorithm negotiation takes place.
  3. Algorithm negotiation: The client and server exchange lists of supported algorithms for key exchange, encryption, MAC, and compression. Then, they select the first matching algorithm.
  4. Key exchange: The client and server use the agreed-upon key exchange algorithm to generate a shared secret key. They also exchange and verify each other’s public keys. Then, the service request is sent.
  5. Service request: The client requests a service from the server, such as ssh-userauth or ssh-connection. Then, the client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive.
  6. User authentication: The client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive. Then, the channel request is sent.
  7. Channel request: The client requests a channel from the server, such as a shell, a command, or a subsystem. Thus, encrypted communication is enabled.

The Terrapin Attack

The Terrapin attack exploits a vulnerability in the SSH handshake by manipulating the sequence numbers and removing specific messages without compromising the secure channel integrity. This stealthy attack is difficult to detect because it doesn’t alter the overall structure or cryptographic integrity of the handshake.

For example, the attacker can eliminate the service request message sent by the client, which contains the list of supported client authentication methods. This forces the server to resort to the default method, typically password-based authentication. The attacker can then employ keystroke timing analysis to crack the password.

Alternatively, the attacker can target the algorithm negotiation message sent by the server, which lists the supported server authentication algorithms. By removing this message, the attacker forces the client to use the default algorithm, usually ssh-rsa. This opens the door for the attacker to forge a fake public key for the server and deceive the client into accepting it.

To illustrate the process of a Terrapin attack, we have created the following diagram:

Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw
Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw

As you can see, the diagram shows the steps from the interception of the communication by the attacker to the injection of malicious packets. It also highlights the stealthiness and the difficulty of detection of the attack.

Summery

The Terrapin attack is a serious threat to SSH security. By understanding how it works, you can take steps to protect yourself from it. Here are some tips:

  1. Make sure your SSH server is up to date with the latest security patches.
  2. Use strong passwords or public key authentication.
  3. Enable SSH key fingerprint verification.

How to protect yourself from the Terrapin attack: Best practices and tools

The Terrapin attack is a serious threat to SSH security, and it affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, and more. Here are some steps you can take to protect yourself from it:

  • Update your SSH client and server to the latest versions. Many vendors have released patches that fix the vulnerability or introduce a strict key exchange option that prevents the attack. You can check if your SSH software is vulnerable by using the Terrapin vulnerability scanner.
  • Use strong passwords and public key authentication. Avoid using weak or default passwords that can be easily guessed by the attacker. Use public key authentication instead of password authentication, and make sure your public keys are verified and trusted.
  • Use secure encryption modes. Avoid using vulnerable encryption modes, such as ChaCha20-Poly1305 or AES-CBC with default MACs. Use encryption modes that use authenticated encryption with associated data (AEAD), such as AES-GCM or Chacha20-Poly1305@openssh.com.
  • Use a VPN or a firewall. If possible, use a VPN or a firewall to encrypt and protect your SSH traffic from being intercepted and modified by the attacker. This will also prevent the attacker from performing other types of attacks, such as DNS spoofing or TCP hijacking.
  • Implement a strict security policy on your local networks. Limit the access to your SSH servers to authorized users and devices, and monitor the network activity for any anomalies or intrusions.

How to use PassCypher HSM PGP and EviKey NFC HSM to protect your SSH keys: A secure and convenient solution

A good way to enhance the security of your SSH keys is to use PassCypher HSM PGP and EviKey NFC HSM. These are products from PassCypher), a company specialized in data security. They offer a secure and convenient solution for generating and storing your SSH keys.

PassCypher HSM PGP is a system that embeds a SSH key generator, allowing you to choose the type of algorithm – RSA (2048, 3072, 4096) or ECDSA (256,384, 521), and ED25519. The private key is generated and stored in a secure location, making it inaccessible to attackers.

EviKey NFC HSM is a contactless USB drive that integrates with PassCypher HSM PGP. It provides an additional layer of security and convenience for users who can easily unlock their private SSH key with their smartphone.

To show how PassCypher HSM PGP and EviKey NFC HSM can protect your SSH keys from the Terrapin attack, we have created the following diagram:

SSH handshake process with Terrapin attack illustration
This image illustrates the Terrapin attack, a stealthy attack that exploits a vulnerability in the SSH handshake. The attacker can manipulate the sequence numbers and remove specific messages without compromising the secure channel integrity. This can lead to a variety of security risks, including password cracking and man-in-the-middle attacks.

As you can see, the diagram shows how this solution effectively protects your SSH keys from the Terrapin attack. It also shows the benefits of using a contactless USB drive, such as:

  • Enhanced security: The private key is physically externalized and protected with a contactless authentication mechanism.
  • Convenience: Easy unlocking with a smartphone.
  • Ease of use: No additional software required.
  • Industrial-grade security: Equivalent to SL4 according to the standard IEC 62443-3-3.

Safeguarding Your SSH Keys with a Contactless USB Drive: A Comprehensive Guide

If you’re seeking a comprehensive guide to securely store your SSH keys using a contactless USB drive, look no further than this detailed resource: [Link to the article ([https://freemindtronic.com/how-to-create-an-ssh-key-and-use-a-nfc-hsm-usb-drive-to-store-it-securely/])]

This guide meticulously walks you through the process of:

  1. Generating an SSH key pair leveraging PassCypher HSM PGP
  2. Protecting the private SSH key within the EviKey NFC HSM USB drive
  3. Unlocking the private SSH key employing your smartphone
  4. Establishing a secure connection to an SSH server using the EviKey NFC HSM USB drive

Alongside step-by-step instructions, the guide also includes illustrative screenshots. By adhering to these guidelines, you’ll effectively safeguard and conveniently manage your SSH keys using a contactless USB drive.

Statistics on the Terrapin attack: Facts and figures

Statistics on the Terrapin attack: Facts and figures

The Terrapin attack is a serious cybersecurity threat that affects SSH connections. We have collected some statistics from various sources to show you the scale and impact of this attack. Here are some key facts and figures:

  • The Shadowserver Foundation reports that nearly 11 million SSH servers exposed on the internet are vulnerable to the Terrapin attack. This is about 52% of all IPv4 and IPv6 addresses scanned by their monitoring system.
  • The most affected countries are the United States (3.3 million), China (1.3 million), Germany (1 million), Russia (704,000), Singapore (392,000), Japan (383,000), and France (379,000).
  • The Terrapin attack affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, Dropbear, libssh, and more. You can see the complete list of known affected implementations here).
  • You can prevent the Terrapin attack by updating your SSH software to the latest version, using secure encryption modes, and enabling strict key exchange. You can also use the Terrapin vulnerability scanner, available on GitHub, to check your SSH client or server for vulnerability.
  • A team of researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany discovered and disclosed the Terrapin attack. They published a detailed paper and a website with the technical details and the implications of the attack. Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It lets hackers break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to do the following:

  • Update your SSH software to the latest version
  • Use two-factor authentication
  • Store your SSH keys securely
  • Use PassCypher HSM PGP and EviKey NFC HSM

Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It allows hackers to break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to update your SSH software, use two-factor authentication, store your SSH keys securely, and use PassCypher HSM PGP and EviKey NFC HSM. If you found this article useful, please feel free to share it with your contacts or leave us a comment.

2023, Articles, Cyberculture, EviCypher NFC HSM, News, Technologies

Telegram and the Information War in Ukraine

Posted on by FMTAD
Telegram and the information war in Ukraine
05
Jan
Telegram and the Information War in Ukraine written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

How Telegram Shapes the Information War in Ukraine

In this article, we explore how Telegram and Ukraine’s information warfare are intertwined. We look at how the messaging app is influencing the Russia-Ukraine conflict, and how it can be used for good or evil. We also discuss the benefits and risks of using Telegram, as well as how security and freedom of expression can be enhanced with EviCypher NFC HSM technology.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

How Telegram Influences the Conflict between Russia and Ukraine

Telegram and the information war in Ukraine are closely related. Telegram is a messaging app that offers users a secure and confidential way to communicate, thanks to its end-to-end encryption system. It has a large user base around the world, especially in Eastern Europe, where it plays a vital role in the information war between Russia and Ukraine.

Telegram’s Usage in Ukraine: Updated Statistics

Popularity and Download Trends

According to the report of the research company SimilarWeb, Telegram is the second most downloaded messaging app in Ukraine, after Viber, with 3.8 million downloads in 2021. It is also the fourth most used app in terms of time spent, with an average of 16 minutes per day. Telegram has about 10 million active users in Ukraine, which is almost a quarter of the country’s population.

Telegram’s Role in Ukrainian Media Landscape

Telegram is particularly appreciated by Ukrainians for its channel functionality, which allows to broadcast messages to a large audience. Some of these channels have become influential but controversial sources of information, as their owners and sources are often unknown. Among the most popular channels in Ukraine, we can mention:

  • @Zelenskyi, the official channel of President Volodymyr Zelensky, which has more than 2 million subscribers. It publishes announcements, speeches, interviews and videos of the head of state. It was created in 2019, during Zelensky’s election campaign, who was then an actor and a comedian.
  • @NashyGroshi, the channel of the journalistic project “Our Money”, which has more than 1.5 million subscribers. It publishes investigations, reports and analyses on corruption, abuse of power, political scandals and judicial cases in Ukraine. It was created in 2008, by journalist Denys Bihus, who received several awards for his work.
  • @Resident, the channel of blogger and activist Anatoliy Shariy, which has more than 1.3 million subscribers. It publishes comments, criticisms and sarcasms on the political and social news in Ukraine. He is known for his pro-Russian, anti-European and anti-government positions. He is currently in exile in Spain, where he is wanted by the Ukrainian justice for high treason and incitement to hatred.

These channels illustrate the diversity and complexity of the Ukrainian media landscape, which is marked by the conflict with Russia, the democratic transition, the fight against corruption and the polarization of society. They are also a reflection of the issues and challenges related to the use of Telegram, which can be both a tool of communication, information and manipulation.

Oleksiy Danilov’s Stance on Telegram’s Usage in Ukraine

Concerns Over National Security

Oleksiy Danilov is the secretary of the National Security and Defense Council of Ukraine, the body responsible for coordinating and controlling the activities of the executive bodies in the fields of national security and defense. He is also the head of cybersecurity of the country, and in this capacity, he expressed his reservations about the use of Telegram by Ukrainians. In February 2022, he stated that some anonymous and manipulative Telegram channels represented a threat to national security, and that they should be de-anonymized and regulated. He particularly targeted the channel @Resident, which broadcasts pro-Russian and anti-Ukrainian comments, and which is suspected of being linked to the Russian intelligence services. He also criticized the channel @Zelenskyi, which according to him, is not controlled by the Ukrainian president, but by advisers who seek to influence his policy.

Debating Telegram’s Influence in Ukraine

These statements provoked mixed reactions in Ukraine. Some supported Danilov’s position, believing that it was necessary to fight against misinformation and propaganda that undermine the sovereignty and democracy of the country. Others denounced an attempt at censorship and an attack on freedom of expression, recalling that Telegram was one of the few spaces where Ukrainians could access independent and diverse information.

How Telegram Influences the Information War in Ukraine

The Benefits and Risks of End-to-End Encryption

Telegram is a messaging app that lets you send messages, photos, videos, documents, and make voice and video calls. Its privacy policy is based on data encryption and non-cooperation with authorities. You can also create groups and channels that can reach thousands or millions of users.

End-to-end encryption is a technology that makes sure only the people in a conversation can read the messages, not even the service provider. Telegram has this option, but it is not on by default. You have to choose it for each chat, by switching to the “secret chat” mode. However, Telegram’s encryption is not based on standard protocols, and security experts have found some flaws.

Anonymous Channels and Their Impact on the Ukrainian Conflict

The channels are spaces where an administrator can send messages to a large audience. They can be public or private, and they can have millions of followers. Some channels are influential but controversial sources of information, as their owners and sources are often unknown. The channels can spread misinformation, propaganda, fake news, or violence.

Telegram and Russian propaganda have a strong connection, as many pro-Russian channels use the app to influence the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to communicate and organize their actions against the Russian aggression.

Bots, Payment Services and Unique Usernames: A Double-Edged Sword

Bots are programs that interact with users. They offer services, information, or entertainment. Anyone can create them. They can be part of chats or channels. Bots can be helpful or harmful. They can collect personal data, send spam, or spread viruses.

Payment Services: Handy or Dishonest?

You can also use payment services via Telegram. These features use third-party platforms, such as Stripe or Apple Pay. They need bank or credit card information. Payment services can be handy or dishonest. They can steal sensitive data, scam users, or fund illegal activities.

Unique Usernames: Fun or Troublesome?

Another feature of Telegram is the unique usernames. They let users contact each other easily, without sharing their phone number. Users can create and change them at any time. Unique usernames can be fun or troublesome. They can enable harassment, identity theft, or account sale.

These features of Telegram raise issues of cybersecurity, privacy, end-to-end encryption, and application security. They can be used by bad actors, who want to harm Ukraine or its people. They can also be regulated by the authorities, who want to control the information or access the data of the users.

Telegram and the Information War in Ukraine: A Challenge

One of the main challenges of Telegram and the information war in Ukraine is to balance the freedom of expression and the protection of national security. Telegram and the Ukrainian conflict are closely intertwined. The app is used by both sides to communicate, inform, and influence. Telegram and Russian propaganda have a strong connection. Many pro-Russian channels use the app to sway the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to coordinate and organize their actions against the Russian aggression. Telegram and cybersecurity in Ukraine are also crucial. The app can be a source of threats or a tool of defense.

Telegram VS Other Messaging Apps: A Comparative Analysis

WhatsApp: Popular but Questionable Confidentiality

WhatsApp is the most popular messaging app in the world, with more than 2 billion users. It offers end-to-end encryption by default for all conversations, which guarantees the protection of data. However, it belongs to Facebook, which has a dubious reputation in terms of respect for privacy, and which has raised fears about the sharing of data with other applications of the group. WhatsApp is also subject to the requests of the authorities, who can demand access to the metadata, such as the phone number, the IP address or the location of the users.

Signal: High Security but Limited User Base

Signal is a messaging app that claims to be the most secure and confidential on the market. It also offers end-to-end encryption by default for all conversations, and it does not collect any personal data. It is developed by a non-profit organization, which does not depend on advertising or investors. It is recommended by personalities such as Edward Snowden or Elon Musk. Signal is however less popular than WhatsApp or Telegram, with about 50 million users. It also offers fewer features, such as file sharing, information channels, bots or payment services.

Telegram: Innovative but Security Concerns

Telegram is between these two apps, offering more features than Signal, but less security than WhatsApp. Telegram allows users to choose the level of encryption and privacy they want, by opting for the “secret chat” mode or the “normal chat” mode. Telegram also allows users to enjoy innovative services, such as channels, bots, payments or unique usernames. However, Telegram also presents risks, such as fakes news, inappropriate content, privacy breaches or cyberattacks. Telegram is therefore an app that offers advantages and disadvantages, and that requires vigilance and discernment from users.

Telegram’s Global Perception and Regulation

Russia: Origin and Opposition

Russia is the country of origin of Telegram, but also its main adversary. The Kremlin tried to block the app in 2018, invoking reasons of national security and fight against terrorism. It demanded that Telegram provide it with the encryption keys to access the messages of the users, which Pavel Durov refused. It then ordered the telecom operators to block access to Telegram, but this measure proved ineffective, as Telegram used cloud servers to bypass the blocking. Many Russian users also use VPNs or proxies to access the app. In 2020, the Kremlin finally lifted the ban on Telegram, acknowledging its failure and stating that the app had cooperated with the authorities to remove extremist content. However, some observers suspect that Telegram made concessions to the Kremlin to lift the blocking, such as collaborating with the Russian services or censoring some channels.

France: Striving for Digital Regulation

France is a country that wants to be at the forefront of the regulation of digital platforms, especially in terms of fighting online hate. It adopted in 2020 a law that obliges the platforms to remove illegal content, such as incitement to violence, discrimination or terrorism, within 24 hours, under penalty of financial sanctions. This law also applies to messaging apps, such as Telegram, which must set up reporting and moderation mechanisms for content. France recognizes the right of users to privacy and end-to-end encryption, but it also asks the service providers to cooperate with the law enforcement to access the encrypted data when needed. France is also a country where Telegram is used by radical groups, such as jihadists or yellow vests, who take advantage of the app to organize, mobilize or defend themselves.

Ukraine: Balancing Utility and Risks

Ukraine is a country that has an ambivalent attitude towards Telegram, recognizing its usefulness, but also its dangers. On the one hand, Telegram is a source of information and a tool of resistance for many Ukrainians, who face the threat of Russian aggression and the challenges of democratic transition. On the other hand, Telegram is also a vector of misinformation and propaganda, which can undermine the sovereignty and stability of the country. Ukraine does not have a specific law to regulate Telegram, but it has some legal provisions to protect national security and public order, which can be used to restrict or block the app if necessary. Ukraine also cooperates with international organizations, such as the EU or NATO, to counter the cyber threats and the hybrid warfare that target the country.

EviCypher NFC HSM: Enhancing Telegram’s Security

The Role of Contactless Encryption Technology

One of the main challenges of using Telegram is to ensure the security and confidentiality of the data exchanged, especially in a context of information war. To meet this challenge, a possible solution consists of using EviCypher NFC HSM technology, which is a contactless encryption technology developed by Freemindtronic, an Andorran company specializing in the design of counter-espionage solutions implementing in particular contactless security with NFC technology. EviCypher NFC HSM uses two types of encryption algorithms for data:

  • Symmetric encryption in AES-256 for data such as texts (messages), thanks to its sub-technology EviCrypt. It uses a unique key, which is randomly generated and segmented into several parts. This key is used to encrypt and decrypt messages with the AES 256-bit algorithm.
  • Asymmetric encryption in RSA-4096 for symmetric encryption keys. It uses a pair of keys, which is generated and used from the NFC HSM device and which is based on the RSA 4096-bit algorithm. This pair of keys is used to share the symmetric key of at least 256 bits between the NFC HSM devices remotely, by encrypting the symmetric key with the public key of the recipient and decrypting the symmetric key with the private key of the recipient. The symmetric key is then stored and re-encrypted in the NFC HSM device of the recipient, with the trust criteria imposed by the sender if he has encapsulated them in the shared encryption key.

Practical Applications of EviCypher NFC HSM

EviCypher NFC HSM is a technology that uses hardware security modules (HSM) to store and use encrypted secrets. It allows contactless encryption with the NFC communication protocol. You can integrate the NFC HSM into various media, such as a card, a sticker, or a key ring. Then, you can pair it with an NFC phone, tablet, or computer. This way, you can encrypt everything before using any messaging service, including Telegram. EviCypher NFC HSM also has anti-cloning, anti-replay, and counterfeit detection mechanisms. It is part of the DataShielder product range, which offers serverless and databaseless encryption solutions.

Telegram and the Ukrainian conflict

EviCypher NFC HSM is compatible with Telegram, a messaging app that influences the information war between Russia and Ukraine. It offers more security and confidentiality than Telegram’s end-to-end encryption, which is not based on recognized standards. It also gives you more flexibility and control than Telegram’s secret chat mode, as you can choose the trust criteria for the encryption keys. Moreover, it is more convenient and simple than Telegram’s normal chat mode, as you can encrypt and decrypt messages with a simple gesture.

Telegram and cybersecurity in Ukraine

EviCypher NFC HSM is a useful technology with Telegram, as it enhances the security and confidentiality of the data exchanged, especially in a context of information war. It is also a universal technology, as you can use it with any other messaging app, such as WhatsApp, Signal, Messenger, etc. It is also an innovative technology, as it uses the NFC communication protocol to perform contactless encryption, without requiring any connection or installation.

Concluding Insights on Telegram’s Role in Ukraine

In this article, we have seen how Telegram plays a vital role in the information war between Russia and Ukraine, and what issues and challenges there are in using this messaging app. We have also seen how the technology EviCypher NFC HSM can be a useful solution to enhance the security and confidentiality of the data exchanged with Telegram. We hope that this article has been informative and interesting for you, and that it has helped you to better understand the situation of Telegram in Ukraine and in other countries. Thank you for reading.

Overview of Cited Sources

Here are the sources of the article, which are valid, reliable, relevant and if possible official links that allow to justify and verify the statements made in this article:

  • [Liga.net]: the news site that published the interview of Oleksiy Danilov on November 2, 2023, in which he expresses his concerns about Telegram.
  • [NV.ua]: the news site that reported the statement of Oleksiy Danilov, who alerted the nation to the critical vulnerabilities of Telegram, on November 2, 2023.
  • [RT – Pravda]: the Ukrainian news site that related the remarks of Oleksiy Danilov, who answered the questions of journalists during a press conference on November 3, 2023.
  • [Number of Telegram Users in 2023? 55 Telegram Stats (backlinko.com)]: an article that gives figures on the use of Telegram in the world and in Ukraine.
  • [NV.ua -NSDC]: the official website of the National Security and Defense Council of Ukraine, which published the press release of Oleksiy Danilov, who clarified his recent comments on Telegram, on November 15, 2023
  • [Ukrainians turn to encrypted messengers, offline maps and Twitter amid Russian invasion]: an article that describes how Ukrainians use Telegram and other digital tools to protect themselves and get informed in the face of the Russian aggression.
  • [Pravda – France 24]: the French news site that contains a video of the interview of Oleksiy Danilov with the journalist Gulliver Cragg, dated January 23, 2023.
  • [NFC HSM Technology – Freemindtronic]: an article that explains the NFC HSM technologies and how they work.
  • [EviCypher NFC HSM technology – Freemindtronic]: a page that contains articles and videos on the NFC HSM technologies.
  • [FAQ for the Technically Inclined – Telegram APIs]: a page that provides technical information about the Telegram APIs and the MTProto protocol.
2024, Articles, Digital Security

Kismet iPhone: How to protect your device from the most sophisticated spying attack?

Posted on by FMTAD
02
Jan
Kismet iPhone and Pegasus written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

Kismet iPhone and Pegasus: a deadly combo

Hackers can use Kismet iPhone to install Pegasus spyware on your iPhone. This spyware can access your data, activity, and conversations.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

Kismet iPhone: How to protect your device from the most sophisticated spying attack using Pegasus spyware

Do you own an iPhone? Do you think it is safe and private? You might be wrong. Hackers have created a clever attack called Kismet iPhone that can infect your device with Pegasus, the world’s most powerful spyware, without you noticing. This spyware can steal your personal data, track your activity, and listen to your conversations. In this article, we will tell you how Kismet iPhone works, who is behind it, and how you can protect yourself from it.

What is Kismet iPhone?

Kismet iPhone is the name of the attack that hackers use to install Pegasus, the spyware, on iPhones. Kismet iPhone uses a technique called “watering hole”. It consists of infecting websites visited by the targeted users. These websites contain malicious code that detects if the user has an iPhone and which model. If so, the malicious code redirects the browser to a server that exploits zero-day flaws in iOS and Safari. These flaws allow to install Pegasus without the user noticing. Pegasus then runs in the background and communicates with a command and control server.

What is Pegasus?

Pegasus is the name of the spyware that Kismet iPhone installs on iPhones. Pegasus is one of the most powerful spyware in the world, developed by NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. Pegasus can access almost everything on the infected iPhone, such as messages, photos, contacts, location, calls, passwords and even conversations near the microphone. Pegasus can also activate the camera and the microphone remotely, and record the screen. Pegasus can bypass encryption and security features of apps like WhatsApp, Signal, Telegram, and others.

Who is behind Kismet iPhone and Pegasus?

Kismet iPhone and Pegasus are the work of NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. NSO Group claims that its products are only used for legitimate purposes, such as fighting terrorism and crime. However, investigations have revealed that NSO Group has also targeted journalists, activists, lawyers, politicians and dissidents, violating their privacy and rights. NSO Group has been accused of being involved in the murder of Jamal Khashoggi, a Saudi journalist, and the hacking of Jeff Bezos, the founder of Amazon.

Examples of victims of Kismet iPhone and Pegasus

According to a report by Citizen Lab, a research group at the University of Toronto, Kismet iPhone and Pegasus have been used to spy on at least nine Bahraini activists between June 2020 and February 2021. The activists were members of the Bahrain Center for Human Rights, the Bahrain Institute for Rights and Democracy, and the European Center for Constitutional and Human Rights. They received text messages containing malicious links that attempted to infect their iPhones with Pegasus.

Another report by Amnesty International and Forbidden Stories, a non-profit media organization, revealed that Kismet iPhone and Pegasus have been used to target more than 50,000 phone numbers of people from various countries and professions. Among them were journalists, human rights defenders, lawyers, politicians, business executives, religious leaders, and celebrities. Some of the prominent names on the list were French President Emmanuel Macron, Pakistani Prime Minister Imran Khan, Indian opposition leader Rahul Gandhi, Moroccan journalist Omar Radi, and Mexican journalist Cecilio Pineda Birto.

A third report by The Guardian, a British newspaper, exposed that Kismet iPhone and Pegasus have been used to spy on the civil rights movement in the United States. The report found that at least 15 people who were close to the Black Lives Matter activist DeRay Mckesson had their phones hacked with Pegasus in 2016. The report also found that Alaa Mahajna, a lawyer who represented the family of George Floyd, had his phone hacked with Pegasus in 2020.

These examples show that Kismet iPhone and Pegasus are not only used to spy on criminals and terrorists, but also on innocent people who exercise their rights to freedom of expression, association, and assembly.

How to protect yourself from Kismet iPhone and Pegasus?

To protect yourself from Kismet iPhone and Pegasus, you need to update your iPhone with the latest version of iOS. Apple fixed the zero-day flaws exploited by Kismet iPhone in September 2020, making the attack ineffective. You also need to avoid clicking on suspicious links or visiting unsecured websites, which could be infected by malicious code. You need to use a VPN (virtual private network) to encrypt your internet connection and prevent potential spies from seeing your online activity. You can check if your iPhone has been infected by Pegasus by using a tool developed by Amnesty International, called MVT (Mobile Verification Toolkit).

Sources and downloads

If you want to learn more about the zero-day flaws used by Kismet iPhone and Pegasus, and how Apple fixed them, you can check the following sources:

If you want to check if your iPhone has been infected by Pegasus, you can download the following application:

  • MVT (Mobile Verification Toolkit)MVT (Mobile Verification Toolkit): this open source software allows you to analyze your iPhone and detect traces of Pegasus. It is available for Windows, Mac and Linux, and requires some technical knowledge to use it. You can follow the user guide on the official project site.

Conclusion

Kismet iPhone and Pegasus are two of the most sophisticated and dangerous cyberattacks that target iPhone users. They can compromise your device and your data, without you being aware of it. To protect yourself from these attacks, you need to keep your iPhone updated, be careful with what you click and visit online, and use a VPN. You can also use a tool to detect if your iPhone has been infected by Pegasus. If you want to know more about Pegasus, the most powerful spyware in the world, you can read our dedicated article here: Pegasus: the cost of spying with one of the most powerful spyware in the world

However, you should know that the zero-day risk is always present, and that the economic stakes are huge for the companies that exploit these flaws to spy on their competitors or their adversaries. That is why Freemindtronic has specialized in counter-espionage tecnologiescounter-espionage tecnologies, which allow you to protect your data and your privacy against malicious intrusions. If you are interested in these solutions, you can visit our Freemindtronic website and discover the different technologies of counter espionage.

2023, Digital Security

5Ghoul: 5G NR Attacks on Mobile Devices

Posted on by FMTAD
5Ghoul: 5G NR Attacks on Mobile Devices
29
Dec
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

2023, Articles, CyberStealth, legal, Legal information, News, Spying

The American Intelligence: How It Works

Posted on by FMTAD
The American Intelligence How It Works : Section 702
26
Dec
Learn more about the American Intelligence written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

The American intelligence: a paradox

The American intelligence is powerful and influential, but also faces limits and challenges. Discover how it works, what are its consequences, and how to protect yourself from it.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

The American Intelligence: How It Works, Its Limits and Consequences

The American intelligence is one of the most powerful and influential in the world. It has a vast network of agencies, resources, and allies that enable it to collect, analyze, and act on information of strategic interest. However, the American intelligence also faces challenges and criticisms, both internally and externally. In this article, we will explore how the American intelligence works, what are its limits, and what are the consequences of its actions for the global security and privacy.

How the American Intelligence Works

The American intelligence is composed of 18 agencies that form the Intelligence Community (IC). These agencies are divided into two categories: the civilian agencies, which are under the supervision of the Director of National Intelligence (DNI), and the military agencies, which are under the supervision of the Secretary of Defense.

The main civilian agencies are:

  • The Central Intelligence Agency (CIA), which is responsible for collecting, analyzing, and disseminating foreign intelligence, as well as conducting covert operations and paramilitary activities.
  • The National Security Agency (NSA), which is responsible for collecting, processing, and disseminating signals intelligence (SIGINT), as well as conducting cyber operations and protecting the US government’s communications and information systems.
  • The Federal Bureau of Investigation (FBI), which is responsible for collecting, analyzing, and disseminating domestic intelligence, as well as conducting counterintelligence, counterterrorism, and law enforcement activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for collecting, analyzing, and disseminating geospatial intelligence (GEOINT), which includes imagery, maps, and other geographic information.
  • The National Reconnaissance Office (NRO), which is responsible for designing, launching, and operating reconnaissance satellites and other space-based systems that provide intelligence to the IC and the Department of Defense (DoD).
  • The Office of the Director of National Intelligence (ODNI), which is responsible for overseeing, coordinating, and integrating the activities of the IC, as well as providing strategic guidance and support to the DNI.

The main military agencies are:

  • The Defense Intelligence Agency (DIA), which is responsible for providing military intelligence to the DoD and the IC, as well as conducting human intelligence (HUMINT), counterintelligence, and defense attaché activities.
  • The National Security Agency/Central Security Service (NSA/CSS), which is responsible for providing SIGINT and cyber support to the DoD and the IC, as well as conducting information assurance and cryptologic activities.
  • The National Geospatial-Intelligence Agency (NGA), which is responsible for providing GEOINT support to the DoD and the IC, as well as conducting geospatial analysis and mapping activities.
  • The National Reconnaissance Office (NRO), which is responsible for providing space-based intelligence support to the DoD and the IC, as well as conducting satellite reconnaissance and surveillance activities.
  • The Military Intelligence Corps (MI), which is responsible for providing tactical and operational intelligence to the Army and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Office of Naval Intelligence (ONI), which is responsible for providing maritime intelligence to the Navy and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Marine Corps Intelligence Activity (MCIA), which is responsible for providing intelligence to the Marine Corps and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.
  • The Air Force Intelligence, Surveillance, and Reconnaissance Agency (AFISRA), which is responsible for providing intelligence to the Air Force and the joint force, as well as conducting HUMINT, SIGINT, GEOINT, and counterintelligence activities.

The American intelligence works by collecting information from various sources, such as human sources, signals, images, open sources, and others. It then analyzes this information to produce intelligence products, such as reports, assessments, briefings, and forecasts. These products are then disseminated to the relevant consumers, such as the President, the Congress, the military, the policy makers, and the allies. The American intelligence also acts on the information it collects, by conducting operations, such as covert actions, cyber attacks, drone strikes, and special operations.

The Limits of the American Intelligence

The American intelligence, despite its capabilities and resources, is not omnipotent or infallible. It faces several limits and challenges, such as:

  • Legal and ethical limits: The American intelligence is bound by the laws and regulations of the US and the international community, as well as by the values and principles of the American democracy. It must respect the rights and liberties of the American citizens and the foreign nationals, as well as the sovereignty and interests of the other countries. It must also abide by the oversight and accountability mechanisms of the executive, the legislative, and the judicial branches, as well as the public opinion and the media. The American intelligence must balance its need for secrecy and effectiveness with its duty for transparency and legitimacy.
  • Technical and operational limits: The American intelligence is limited by the availability and reliability of the information it collects, as well as by the accuracy and timeliness of the analysis it produces. It must deal with the challenges of information overload, data quality, data security, data privacy, and data sharing. It must also cope with the threats and risks of cyber attacks, counterintelligence, deception, and denial. The American intelligence must balance its need for innovation and adaptation with its need for standardization and coordination.
  • Strategic and political limits: The American intelligence is limited by the complexity and uncertainty of the global environment, as well as by the diversity and dynamism of the actors and issues it faces. It must deal with the challenges of globalization, multipolarity, regionalization, and fragmentation. It must also cope with the threats and opportunities of terrorism, proliferation, rogue states, failed states, and emerging powers. The American intelligence must balance its need for anticipation and prevention with its need for reaction and intervention.

The Consequences of the American Intelligence

The American intelligence has significant consequences for the global security and privacy, both positive and negative, such as:

  • Positive consequences: The American intelligence contributes to the protection and promotion of the national security and interests of the US and its allies, as well as to the maintenance and enhancement of the international peace and stability. It provides valuable information and insights to the decision makers and the operators, as well as to the public and the media. It also conducts effective operations and actions to deter, disrupt, or defeat the adversaries and the threats. The American intelligence plays a key role in the global intelligence cooperation and coordination, as well as in the global governance and leadership.
  • Negative consequences: The American intelligence also poses risks and challenges to the security and privacy of the US and its allies, as well as to the international order and norms. It may collect, analyze, or disseminate information that is inaccurate, incomplete, or biased, leading to errors, failures, or controversies. It may also conduct operations or actions that are illegal, unethical, or counterproductive, leading to violations, scandals, or backlashes. The American intelligence may face competition or conflict with the other intelligence services or actors, as well as with the other stakeholders or interests.

Section 702 of FISA: A Surveillance Without Control

  • On July 17, 2008, the US Congress passed section 702 of the FISA (Foreign Intelligence Surveillance Act), which authorizes the US intelligence agencies to collect the electronic communications of non-Americans located abroad, without a warrant from the FISA judge.
  • On January 19, 2018, the US Congress extended section 702 of FISA until December 31, 2023, without making any substantial changes.
  • On March 22, 2023, the US Congress extended section 702 of FISA again until April 19, 2024, without making any significant changes.
  • On December 16, 2023, the US Congress approved the National Defense Authorization Act (NDAA), which included a four-month extension of section 702 of FISA, avoiding its expiration at the end of the year.

The Violation of the Right to Privacy

  • On June 5, 2013, the whistleblower Edward Snowden revealed the existence of the PRISM program, which allowed the US intelligence agencies to access the data of the users of the main electronic service providers, such as Google, Facebook, Microsoft or Apple.
  • On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor, an agreement that allowed the transfer of personal data between the European Union and the United States, considering that it did not offer an adequate level of protection.
  • On July 16, 2020, the CJEU invalidated the Privacy Shield, the successor of the Safe Harbor, for the same reasons, considering that the risk of interference by the US intelligence services in the transferred data was incompatible with the respect of the fundamental rights of the persons concerned.
  • On July 31, 2023, the CJEU issued a ruling that confirmed the invalidity of the Privacy Shield and imposed strict conditions for the transfer of personal data to third countries, especially the United States, under the standard contractual clauses (SCCs) or the binding corporate rules (BCRs).

The Legal and Political Consequences

  • On October 24, 2013, the European Parliament adopted a resolution that condemned the massive surveillance activities of the US intelligence services and called for the suspension of the cooperation agreements on security and counter-terrorism.
  • On October 23, 2015, the European Parliament adopted another resolution that requested the creation of an independent international tribunal to examine the complaints of the European citizens regarding the surveillance of the US intelligence services.
  • On September 14, 2018, the European Parliament adopted a third resolution that called for the suspension of the Privacy Shield, due to the non-compliance of the commitments made by the United States on the protection of personal data.
  • On August 31, 2023, the European Parliament adopted a fourth resolution that asked the European Commission to propose a new legislation on the protection of personal data in the context of cross-border data flows, which would guarantee a level of protection equivalent to that of the general data protection regulation (GDPR).

Sources:

Congress passes temporary extension of FISA Section 702 surveillance program – Axios:

The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield:

FISA Section 702: What it is and why Congress is debating it – NBC News

New technologies and products that limit the possibilities of intelligence

Facing the capabilities of collection and analysis of the American intelligence, which threaten the privacy and sovereignty of individuals and countries, there are new technologies and products that allow to limit the possibilities of intelligence. These technologies and products use techniques of encryption, cryptography, blockchain or NFC to protect personal data and electronic communications. They offer an alternative to traditional solutions, which are often vulnerable to attacks or interceptions by the American intelligence. Among these technologies and products, we can mention:

  • EviCypher NFC HSM and EviCypher HSM OpenPGP, which are patented technologies in the United States in the field of cybersecurity developed by Freemindtronic SL Andorra, used in counter-espionage products such as DataShielder Defense. They allow to encrypt and decrypt data without contact, thanks to hardware security modules that use NFC technology. They offer compatibility with OpenPGP standards, operating without server, without database, with a very high level of flexibility from different removable, fixed and online and offline storage media including NFC HSM.
  • DataShielder DefenseDataShielder Defense, which is a counter-espionage product developed by Freemindtronic SL Andorra, which uses EviCore NFC HSM and EviCore HSM OpenPGP technologies to encrypt and decrypt all types of data and communication services. This product protects sovereign communications, by preventing the American intelligence from accessing personal, professional or state secrets. It also guarantees the sovereignty of users, by making their data anonymous and inviolable.
  • Signal, which is an instant messaging application that uses the Signal protocol, which is an end-to-end encryption protocol that ensures the confidentiality and integrity of messages. This application allows to communicate anonymously and securely, by avoiding the surveillance or censorship of the American intelligence.
  • Tor, which is a decentralized network that uses volunteer relays to route Internet traffic anonymously and encrypted. This network allows to browse the web without leaving traces, by hiding the IP address and location of users. It also allows to access hidden websites, which are not indexed by search engines.

These technologies and products represent examples of innovative solutions that limit the possibilities of the American intelligence and preserve the individual and collective sovereignty. They also illustrate the issues and challenges related to the use of digital technologies in the field of intelligence.

Conclusion

The American intelligence is a complex and dynamic phenomenon that has a significant impact on the world. It has many strengths and weaknesses, as well as many opportunities and threats. It has many achievements and failures, as well as many benefits and costs. It is a source of both security and insecurity, both privacy and surveillance. It is a subject of both admiration and criticism, both cooperation and confrontation. The American intelligence is a paradox that requires a careful and balanced approach.

2023, Cyberculture

New EU Data Protection Regulation 2023/2854: What you need to know

Posted on by FMTAD
New EU Data Protection Regulation 2023/2854: What you need to know
25
Dec
Learn more about the new European Data Protection Regulation (2023/2854) written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

EU 2023/2854 Data Protection Rules: what you need to know

The EU has adopted a new regulation to protect personal data published in OJ L, 2023/2854 on 22.12.2023. How does this impact you and your business? Learn more in this article and discover why Freemindtronic innovations are already compliant.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

What you need to know about the new EU data protection regulation (2023/2854)

Personal data is a valuable asset in the digital age, but also a vulnerable asset. This is why the European Union has adopted a new regulation to protect the personal data of individuals in the EU. Data

Protection Regulation (EU) 2023/2854 supplements and updates the General Data Protection Regulation (GDPR), which has been in force since 2018. The new regulation introduces additional procedural rules for the application of the GDPR, particularly in cross-border cases. It also creates the European Data Protection Authority (EDPA), a new independent body that ensures the consistent application of EU data protection rules across the EU. The new regulation will come into force on November 26, 2024. In this article, we will explain the main provisions of the new regulation, its advantages and disadvantages, its international scope and its reactions and controversies.

We will also show you how some products and technologies from Freemindtronic, an Andorran company specialized in security and cybersecurity of computer and information systems, already comply with the new regulation, since they offer innovative and ecological solutions to protect the personal data without using servers, databases, online accounts or identifiers.

The main provisions of the EU data protection law

Several measures to ensure the security, confidentiality and integrity of personal data are introduced by the EU data protection law. These measures are:

  • Declaration of the activity and the processing practices. The controllers and the managers of the entities that process personal data must declare them to the national data protection authorities (NDPA) and to EDPA. The EDPA is a new independent body. It oversees the consistent application of the EU data protection rules across the EU. It also cooperates with the NDPA and the other EU institutions. The goal is to ensure the protection of personal data.
  • Implementation of technical and organizational measures. The controllers and the managers of the entities that process personal data must implement them to prevent the risks of damage or loss of data. For example, these measures include the encryption of data, the pseudonymization of data, the limitation of data access, the regular testing of data security, the notification of data breaches, and the appointment of a data protection officer.
  • Reinforcement of the rights of the persons concerned. They have reinforced rights, such as the right of access, the right of opposition, the right of erasure, the right to data portability and the right to restriction of processing. These rights allow the persons to obtain information about the processing of their data, to object to certain types of processing, to request the deletion of their data, to transfer their data to another entity, and to limit the processing of their data in certain cases.
  • Provision of administrative sanctions. The regulation provides them. They can reach up to 20 million euros or 4% of the annual global turnover, depending on the severity of the infringement. The NDPA or the EDPA, depending on the case, impose these sanctions. The national courts or the Court of Justice of the European Union can hear the appeals.

The advantages and disadvantages of the EU data protection reform

The EU data protection reform has pros and cons for different actors involved.

The benefits for the persons whose data are processed

The regulation offers a better protection of their rights and interests. They can control more the use of their data and benefit from a high level of security. Moreover, they have an easy and fast access to the information related to the processing of their data, as well as to the remedies in case of dispute. For instance, a person can request a copy of their data from an online platform. If they find any inaccurate or outdated data, they can ask for a correction or an update. They can also withdraw their consent to the processing of their data at any time, or ask for the deletion of their data if they no longer want to use the platform.

The drawbacks for the controllers and the managers of the entities that process personal data

The regulation imposes additional obligations and stricter constraints on them. They must comply with harmonized rules within the EU, while taking into account the national and regional specificities. Furthermore, they face more severe sanctions in case of non-compliance with the regulation. For example, an entity that processes personal data of persons located in the EU must declare its activity and its processing practices to the NDPA and the EDPA.

It must also obtain the prior consent of the persons for the processing of their data, unless there is a legal basis for the processing. The entity must process the data in a lawful, fair and transparent manner, and collect them for specific, explicit and legitimate purposes. It must also respect the principles of data minimization, data accuracy, data storage limitation, data integrity and data confidentiality.

The international scope of the EU data protection rules

The EU data protection rules have an international scope, as they apply to any entity that processes personal data of persons located in the EU, whether it is established or not in the EU. The regulation therefore requires foreign entities to respect the same rules as European entities, under penalty of sanctions. It aims to ensure an equivalent level of protection for personal data transferred outside the EU.

For this purpose, the regulation establishes different mechanisms to ensure the adequacy of the data protection in the third countries or the international organizations that receive the data. These mechanisms include, for example, the adoption of adequacy decisions by the European Commission, the use of standard contractual clauses, the adherence to binding corporate rules, or the certification by approved schemes.

The reactions and controversies of the EU data protection regulation

The EU data protection regulation has provoked diverse reactions, ranging from approval to contestation.

Positive reactions

Some actors have welcomed the interest of the regulation to strengthen the trust and to foster the technological evolution in the field of data protection. They have highlighted the innovative and ambitious character of the regulation, which places the EU at the forefront of the protection of personal data. For example, the European Data Protection Supervisor (EDPS), the independent advisor of the EU institutions on data protection issues, has praised the regulation as a “historic achievement” and a “major step forward” for the protection of the fundamental rights of the individuals in the digital age.

Negative reactions

Some actors have criticized the obligation to inform the NDPA and the EDPA about the activity and the processing practices of personal data. They have considered that it could infringe their national sovereignty or that it could create a risk of illegal or fraudulent exercise by some foreign entities. They have also expressed their concern about the complexity and the heaviness of the regulation, which could hinder the competitiveness and the growth of the entities that process personal data. For example, some member states, such as France, Germany, Italy or Spain, have raised objections or reservations about certain aspects of the regulation.

These aspects include the role and the powers of the EDPA, the criteria and the procedures for the adequacy decisions, or the level and the distribution of the sanctions.

How Freemindtronic products and technologies protect personal data

Freemindtronic is an Andorran company that specializes in security and cybersecurity of computer systems and information systems. It designs and develops green technology products and services under white label, based on contactless technology (NFC). Some of its products are PassCypher, DataShielder, SeedNFC or Cardokey, which use embedded technologies such as EviCore NFC HSM, EviCore HSM OpenPGP or EviCore NFC HSM Browser Extension.

These products and technologies have several advantages for the protection of personal data, compared to traditional solutions based on servers, databases, online accounts or identifiers. Indeed, they work without server, without database, anonymously from end to end, without the need to create an account on the internet or to identify themselves to use the products. Therefore, they reduce the risks of loss or damage of data, respect the rights of the persons concerned, and comply with the harmonized rules in the EU. These products and technologies of Freemindtronic are already compliant with the European regulation on data protection, because they respect the principles of security, confidentiality and integrity of data, as well as the rights of the persons concerned. They offer an innovative and ecological alternative to traditional solutions, which may present risks or constraints for data protection.

Conclusion

The regulation (EU) 2023/2854 is an important text for the protection of personal data in the EU. It introduces measures to ensure the security, confidentiality and integrity of data, as well as to reinforce the rights of the persons concerned. It applies to any entity that processes personal data of persons located in the EU, whether it is established or not in the EU. It was adopted within the legislative process on the fundamental rights in the EU, but it also provoked reactions and controversies between some member states. It will enter into force on November 26, 2024.

Articles, Crypto Currency, Cryptocurrency, Digital Security, EviPass Technology, NFC HSM technology, Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Posted on by FMTAD
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
16
Dec
Ledger security breaches written by Jacques Gascuel, inventor specializing in safety and security of sensitive data, for Freemindtronic. This article will be updated with any new information on the topic.

Ledger security incidents: How Hackers Exploited Them and How to Stay Safe

Ledger security breaches have exposed the personal data and private keys of many users. Ledger is a French company that provides secure devices to store and manage your funds. But since 2017, hackers have targeted Ledger’s e-commerce and marketing database, as well as its software and hardware products. In this article, you will discover the different breaches, how hackers exploited them, what their consequences were, and how you can protect yourself from these threats.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

Ledger Security Breaches from 2017 to 2023: How to Protect Your Cryptocurrencies from Hackers

Have you ever wondered how safe your cryptocurrencies are? If you are using a Ledger device, you might think that you are protected from hackers and thieves. Ledger is a French company that specializes in cryptocurrency security. It offers devices that allow you to store and manage your funds securely. These devices are called hardware wallets, and they are designed to protect your private keys from hackers and thieves.

However, since 2017, Ledger has been victim of several security breaches, which have exposed the personal data and private keys of its users. These breaches could allow hackers to steal your cryptocurrencies or harm you in other ways. In this article, we will show you the different breaches that were discovered, how they were exploited, what their consequences were, and how you can protect yourself from these threats.

Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)

The seed phrase is a series of words that allows you to restore access to a cryptocurrency wallet. It must be kept secret and secure, as it gives full control over the funds. In February 2018, a security researcher named Saleem Rashid discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to recover the seed phrase using a side-channel attack.

How did hackers exploit the breach?

The attack consisted of using an oscilloscope to measure the voltage variations on the reset pin of the device. These variations reflected the operations performed by the secure processor of the Ledger Nano S, which generated the seed phrase. By analyzing these variations, the attacker could reconstruct the seed phrase and access the user’s funds.

Simplified diagram of the attack

Figure Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)
Statistics on the breach
  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: February 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to an oscilloscope and measure the voltage variations on the reset pin. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
  • Scenario of remote access: The attacker needs to trick the user into installing a malicious software on their computer, which can communicate with the device and trigger the reset pin. The attacker then needs to capture the voltage variations remotely, either by using a wireless device or by compromising the oscilloscope. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.

Sources

1Breaking the Ledger Security Model – Saleem Rashid published on March 20, 2018.

2Ledger Nano S: A Secure Hardware Wallet for Cryptocurrencies? – Saleem Rashid published on November 20, 2018.

Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

The firmware is the software that controls the operation of the device. It must be digitally signed by Ledger to ensure its integrity. In March 2018, the same researcher discovered another breach in the Ledger Nano S, which allowed an attacker to replace the firmware of the device with a malicious firmware, capable of stealing the private keys or falsifying the transactions.

How did hackers exploit the Ledger Security Breaches?

The attack consisted of exploiting a vulnerability in the mechanism of verification of the firmware signature. The attacker could create a malicious firmware that passed the signature check, and that installed on the device. This malicious firmware could then send the user’s private keys to the attacker, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

Figure Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

Statistics on the breach

  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: March 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to a computer and install the malicious firmware on it. The attacker can then use the device to access the user’s funds or falsify their transactions.
  • Scenario of remote access: The attacker needs to trick the user into installing the malicious firmware on their device, either by sending a fake notification, a phishing email, or a malicious link. The attacker then needs to communicate with the device and send the user’s private keys or modify their transactions.

Sources

: [Breaking the Ledger Security Model – Saleem Rashid] published on March 20, 2018.

: [Ledger Nano S Firmware 1.4.1: What’s New? – Ledger Blog] published on March 6, 2018.

Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

The printed circuit board is the hardware part of the device, which contains the electronic components. It must be protected against malicious modifications, which could compromise the security of the device. In November 2018, a security researcher named Dmitry Nedospasov discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to modify the printed circuit board and install a listening device, capable of capturing the private keys or modifying the transactions.

How did hackers exploit the breach?

The attack consisted of removing the case of the device, and soldering a microcontroller on the printed circuit board. This microcontroller could intercept the communications between the secure processor and the non-secure processor of the Ledger Nano S, and transmit them to the attacker via a wireless connection. The attacker could then access the user’s private keys, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

figure Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

Statistics on the breach

  • Number of potentially affected users: unknown
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: November 7, 2019
  • Author of the discovery of the breach: Dmitry Nedospasov, a security researcher
  • Date of publication of the fix by Ledger: December 17, 2020

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to remove the case of the device and solder the microcontroller on the printed circuit board. The attacker can then use the wireless connection to access the user’s funds or modify their transactions.
  • Scenario of remote access: The attacker needs to compromise the wireless connection between the device and the microcontroller, either by using a jammer, a repeater, or a hacker device. The attacker can then intercept the communications between the secure processor and the non-secure processor, and access the user’s funds or modify their transactions.

Sources

  • [Breaking the Ledger Nano X – Dmitry Nedospasov] published on November 7, 2019.
  • [How to Verify the Authenticity of Your Ledger Device – Ledger Blog] published on December 17, 2020.

Ledger Security Breaches: The Connect Kit Attack (December 2023)

The Connect Kit is a software that allows users to manage their cryptocurrencies from their computer or smartphone, by connecting to their Ledger device. It allows to check the balance, send and receive cryptocurrencies, and access services such as staking or swap.

The Connect Kit breach was discovered by the security teams of Ledger in December 2023. It was due to a vulnerability in a third-party component used by the Connect Kit. This component, called Electron, is a framework that allows to create desktop applications with web technologies. The version used by the Connect Kit was not up to date, and had a breach that allowed hackers to execute arbitrary code on the update server of the Connect Kit.

How did hackers exploit the Ledger Security Breaches?

The hackers took advantage of this breach to inject malicious code into the update server of the Connect Kit. This malicious code was intended to be downloaded and executed by the users who updated their Connect Kit software. The malicious code aimed to steal the sensitive information of the users, such as their private keys, passwords, email addresses, or phone numbers.

Simplified diagram of the attack

Figure Ledger Security Breaches The Connect Kit Attack (December 2023)

Statistics on the breach

  • Number of potentially affected users: about 10,000
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: December 14, 2023
  • Author of the discovery of the breach: Pierre Noizat, director of security at Ledger
  • Date of publication of the fix by Ledger: December 15, 2023

Scenarios of hacker attacks

  • Scenario of remote access: The hacker needs to trick the user into updating their Connect Kit software, either by sending a fake notification, a phishing email, or a malicious link. The hacker then needs to download and execute the malicious code on the user’s device, either by exploiting a vulnerability or by asking the user’s permission. The hacker can then access the user’s information or funds.
  • Scenario of keyboard: The hacker needs to install a keylogger on the user’s device, either by using the malicious code or by another means. The keylogger can record the keystrokes of the user, and send them to the hacker. The hacker can then use the user’s passwords, PIN codes, or seed phrases to access their funds.
  • Scenario of screen: The hacker needs to install a screen recorder on the user’s device, either by using the malicious code or by another means. The screen recorder can capture the screen of the user, and send it to the hacker. The hacker can then use the user’s QR codes, addresses, or transaction confirmations to steal or modify their funds.

Sources

Ledger Security Breaches: The Data Leak (December 2020)

The database is the system that stores the information of Ledger customers, such as their names, addresses, phone numbers and email addresses. It must be protected against unauthorized access, which could compromise the privacy of customers. In December 2020, Ledger revealed that a breach in its database had exposed the personal data of 292,000 customers, including 9,500 in France.

How did hackers exploit the breach?

The breach had been exploited by a hacker in June 2020, who had managed to access the database via a poorly configured API key. The hacker had then published the stolen data on an online forum, making them accessible to everyone. Ledger customers were then victims of phishing attempts, harassment, or threats from other hackers, who sought to obtain their private keys or funds.

Simplified diagram of the attack :

Statistics on the breach

  • Number of affected users: 292,000, including 9,500 in France
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: June 25, 2020
  • Author of the discovery of the breach: Ledger, after being notified by a researcher
  • Date of publication of the fix by Ledger: July 14, 2020

Scenarios of hacker attacks

  • Scenario of phishing: The hacker sends an email or a text message to the user, pretending to be Ledger or another trusted entity. The hacker asks the user to click on a link, enter their credentials, or update their device. The hacker then steals the user’s information or funds.
  • Scenario of harassment: The hacker calls or visits the user, using their personal data to intimidate them. The hacker threatens the user to reveal their identity, harm them, or steal their funds, unless they pay a ransom or give their private keys.
  • Scenario of threats: The hacker uses the user’s personal data to find their social media accounts, family members, or friends. The hacker then sends messages or posts to the user or their contacts, threatening to harm them or expose their cryptocurrency activities, unless they comply with their demands.

Sources:
– [Ledger Data Breach: A Cybersecurity Update – Ledger Blog] published on January 29, 2021.

Comparison with other crypto wallets

Ledger is not the only solution to secure your cryptocurrencies. There are other options, such as other hardware wallets, software wallets, or exchanges. Each option has its advantages and disadvantages, depending on your needs and preferences. For example, other hardware wallets, such as Trezor or Keepser, offer similar features and security levels as Ledger, but they may have different designs, interfaces, or prices. Software wallets, such as Exodus or Electrum, are more convenient and accessible, but they are less secure and more vulnerable to malware or hacking. Exchanges, such as Coinbase or Binance, are more user-friendly and offer more services, such as trading or staking, but they are more centralized and risky, as they can be hacked, shut down, or regulated. Another option is to use a cold wallet, such as SeedNFC HSM, which is a patented HSM that uses NFC technology to store and manage your cryptocurrencies offline, without any connection to the internet or a computer. It also allows you to create up to 100 cryptocurrency wallets and check the balances from this NFC HSM.

Technological, Regulatory, and Societal Projections

The future of cryptocurrency security is uncertain and challenging. Many factors can affect Ledger and its users, such as technological, regulatory, or societal changes.

Technological changes

It changes could bring new threats, such as quantum computing, which could break the encryption of Ledger devices, or new solutions, such as biometric authentication or segmented key authentication patented by Freemindtronic, which could improve the security of Ledger devices.

Regulatory changes

New rules or restrictions could affect Cold Wallet and Hardware Wallet manufacturers and users, such as Ledger. For example, KYC (Know Your Customer) or AML (Anti-Money Laundering) requirements could compromise the privacy and anonymity of Ledger users. They could also ban or limit the use of cryptocurrencies, which could reduce the demand and value of Ledger devices. On the other hand, other manufacturers who have anticipated these new legal constraints could have an advantage over Ledger. Here are some examples of regulatory changes that could affect Ledger and other crypto wallets:

  • MiCA, the proposed EU regulation on crypto-asset markets, aims to create a harmonized framework for crypto-assets and crypto-asset service providers in the EU. It also seeks to address the risks and challenges posed by crypto-assets, such as consumer protection, market integrity, financial stability and money laundering.
  • U.S. interagency report on stablecoins recommends that Congress consider new legislation to ensure that stablecoins and stablecoin arrangements are subject to a federal prudential framework. It also proposes additional features, such as limiting issuers to insured depository institutions, subjecting entities conducting stablecoin activities (e.g., digital wallets) to federal oversight, and limiting affiliations between issuers and commercial entities.
  • Revised guidance from the Financial Action Task Force (FATF) on virtual assets and virtual asset service providers (VASPs) clarifies the application of FATF standards to virtual assets and VASPs. It also introduces new obligations and recommendations for PSAVs, such as the implementation of the travel rule, licensing and registration of PSAVs, and supervision and enforcement of PSAVs.

These regulatory changes could have significant implications for Ledger and other crypto wallets. They could require them to comply with new rules and standards, to obtain new licenses or registrations, to implement new systems and processes, and to face new supervisory and enforcement actions.

Societal changes

Societal changes could influence the perception and adoption of Ledger and cryptocurrencies, such as increased awareness and education, which could increase the trust and popularity of Ledger devices, or increased competition and innovation, which could challenge the position and performance of Ledger devices. For example, the EviSeed NFC HSM technology allows the creation of up to 100 cryptocurrency wallets on 5 different blockchains chosen freely by the user.

Technological alternatives

Technological alternatives are already available, such as EviCore NFC HSM, EviCore HSM OpenPGP, EviCore NFC HSM Browser Extension and the NFC HSM devices that work without contact, developed and manufactured by Freemindtronic in Andorra. These are new cyber security and safety technologies that use HSMs with or without NFC. They offer a wide range of security features to manage your cryptocurrencies and other digital assets. These technologies also offer the hardware management of complex and complicated passwords by EviPass NFC HSM, OTP (2FA) keys by EviOTP NFC HSM, Seed Phrases by EviSeed NFC HSM, and the creation of multiple cryptocurrency wallets on the same device.

Conclusion

Ledger, the French leader in cryptocurrency security, has faced several security breaches since 2017. As a result of these breaches, hackers could steal the private keys and funds of Ledger users. In response to these threats, Ledger reacted by publishing security updates, informing its users, and strengthening its protection measures. However, Ledger users must be vigilant and follow the recommendations of Ledger to protect themselves from these attacks. Despite these challenges, Ledger remains a reliable and secure device to manage cryptocurrencies, as long as the best practices of digital hygiene are respected. If you want to learn more about Ledger and its products, you can visit their official website or read their blog. Additionally, you can also check their security reports and their help center for more information.

Uncategorized

LitterDrifter: A USB Worm for Cyberespionage

Posted on by FMTAD
LitterDrifter A USB Worm for Cyberespionage
28
Nov
LitterDrifter by Jacques Gascuel: This article will be updated with any new information on the topic.

LitterDrifter: USB Worm Threat and Safeguarding

Explore the LitterDrifter USB worm threat and effective safeguards. Learn to protect against this cyber threat and enhance data security.

Why Encrypt SMS? NFC card protecting encrypted SMS communications from espionage and corruption on Android NFC phone.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations
December 16, 2024
French Minister at G7 holding a hacked smartphone, with a Bahraini minister warning him about a cyberattack.

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach
December 6, 2024
Government office under cyber threat from Salt Typhoon cyber attack, with digital lines and data streams symbolizing espionage targeting mobile and computer networks.

2024 Digital Security

Salt Typhoon: Protecting Government Communications from Cyber Threats
November 14, 2024
Cyberattack exploits backdoors in telecom systems showing a breach of sensitive data through legal surveillance vulnerabilities.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know
October 15, 2024
Google Sheets interface showing malware activity, with the keyphrase 'Google Sheets Malware Voldemort' subtly integrated into the image, representing cyber espionage.

2024 Digital Security

Google Sheets Malware: The Voldemort Threat
September 3, 2024
Operation Dual Face - Russian Espionage Hacking Tools in a high-tech cybersecurity control room showing Russian involvement

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed
August 31, 2024
Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat
August 20, 2024
Depiction of OpenVPN security vulnerabilities showing a globe with digital connections, the OpenVPN logo with cracks, and red warning symbols indicating a global breach.

2024 Digital Security

OpenVPN Security Vulnerabilities Pose Global Security Risks
August 12, 2024

LitterDrifter: A USB Worm for Cyberespionage and Its Threats to Data Security

LitterDrifter is a computer worm that spreads through USB drives and is utilized by a Russian cyber espionage group known as Gamaredon. This group, active since at least 2013, primarily targets Ukraine but has also infected systems in other countries. LitterDrifter enables Gamaredon to gather sensitive information, execute remote commands, and download other malicious software. In this article, we will explore how this worm functions, methods to safeguard against it, and the motivations behind its creators.

Understanding Gamaredon

Gamaredon is a cyber espionage group suspected to have ties to Russia’s Federal Security Service (FSB). It conducts intelligence and sabotage operations against strategic targets in Ukraine, including government institutions, law enforcement, media, political organizations, and dissidents. Gamaredon plays a part in the hybrid warfare between Russia and Ukraine that emerged in 2014 following the annexation of Crimea and the armed conflict in Donbass.

Gamaredon employs a diverse range of cyberattack techniques, including phishing, disinformation, sabotage, and espionage. The group possesses several malicious tools such as Pterodo, Outlook Forms, VBA Macros, LNK Spreader, and, of course, LitterDrifter. Gamaredon is considered a group that learns from its experiences and adapts its tactics based on responses from its adversaries. It also serves as a training ground for Russia, observing the potential of cyber warfare in contemporary conflicts.

How LitterDrifter Works

LitterDrifter is a computer worm initially discovered in October 2021 by cybersecurity company Check Point Research. It is written in VBS and consists of two main modules: a propagation module and a communication module.

LitterDrifter’s Propagation

The propagation module is responsible for copying the worm to USB drives connected to the infected computer. It creates an autorun.inf file that allows the worm to launch automatically upon inserting an infected drive. Additionally, it generates an LNK file that serves as bait, featuring a random name to entice the user to click on it. The worm’s name is derived from the initial file name, “trash.dll,” which means “garbage” in English.

LitterDrifter’s Communication

The communication module establishes contact with the worm’s authors’ command and control (C2) server. It uses domains as markers for the actual IP addresses of the C2 servers. It can also connect to a C2 server extracted from a Telegram channel, a technique employed by Gamaredon since early 2021. The communication module allows the worm to collect information about the infected system, such as the computer name, username, IP address, operating system, process list, files on the hard drive, and USB drives. It can also execute remote commands, download and install other malicious software, and delete files or partitions.

How LitterDrifter Propagates

LitterDrifter is primarily intended to target Ukraine but has also been detected in other countries, including Latvia, Lithuania, Poland, Romania, Turkey, Germany, France, the United Kingdom, the United States, Canada, India, Japan, and Australia. The worm appears to spread opportunistically, taking advantage of USB exchanges and movements among individuals and organizations. Some of the victims may be secondary targets infected inadvertently, while others could be potential targets awaiting activation.

LitterDrifter Statistics

LitterDrifter is a rapidly spreading worm that affects a large number of systems. According to data from Check Point Research, the worm has been submitted to VirusTotal more than 1,000 times since October 2021, originating from 14 different countries. The majority of submissions come from Ukraine (58%), followed by the United States (12%) and Vietnam (7%). Other countries each represent less than 5% of submissions.

The worm also uses a large number of domains as markers for C2 servers. Check Point Research has identified over 200 different domains used by the worm, with most being free or expired domains. Some domains have been used by Gamaredon for a long time, while others are created or modified recently. The worm also uses Telegram channels to extract C2 server IP addresses, making their blocking or tracking more challenging.

The worm is capable of downloading and installing other malicious software on infected systems. Among the malicious software detected by Check Point Research are remote control tools, spyware, screen capture software, password stealers, file encryption software, and data destruction software. Some of these malicious software are specific to Gamaredon, while others are generic or open-source tools.

Uncontrolled Expansion and Real Consequences of LitterDrifter

LitterDrifter is a worm with uncontrolled expansion, meaning it spreads opportunistically by taking advantage of the movement and exchange of USB drives among individuals and organizations. It doesn’t have a specific target but can infect systems in various countries, without regard to the industry sector or security level. Consequently, it can affect critical systems, including infrastructure, public services, or government institutions.

The real consequences of LitterDrifter are manifold and severe. It can compromise the confidentiality, integrity, and availability of data. Moreover, it can serve as a gateway for more sophisticated attacks, such as deploying ransomware, spyware, or destructive software. Additionally, it can enable the worm’s authors to access sensitive information, including confidential documents, passwords, personal data, or industrial secrets.

LitterDrifter can have serious repercussions for victims, including damage to reputation, financial costs, data loss, disruption of operations, or legal liability. It can also impact national security, political stability, or the sovereignty of targeted countries. It is part of the context of a hybrid war waged by Russia against Ukraine, aiming to weaken and destabilize its neighbor through military, political, economic, media, and cyber means.

LitterDrifter’s Attack Methods

Understanding the attack methods employed by LitterDrifter is crucial in safeguarding your systems. This USB worm leverages various techniques to infiltrate systems and establish contact with its command and control (C2) servers. Below, we delve into the primary attack methods used by LitterDrifter:

Attack Method Description Example
Vulnerability Exploitation Exploiting known vulnerabilities in software and network protocols, such as SMB, RDP, FTP, HTTP, SSH, etc. It employs tools like Metasploit, Nmap, and Mimikatz to scan systems, execute malicious code, steal credentials, and propagate. Utilizing the EternalBlue vulnerability to infect Windows systems via the SMB protocol and install a backdoor.
Phishing Sending fraudulent emails containing malicious attachments or links that entice users to open or click. Attachments or links trigger the download and execution of LitterDrifter. Sending an email pretending to be an invoice from a supplier but containing a malicious Word file that exploits the CVE-2017-0199 vulnerability to execute LitterDrifter.
Identity Spoofing Impersonating legitimate services or applications through similar names, icons, or interfaces. This deceives users or administrators into granting privileges, access, or sensitive information. Using the name and icon of TeamViewer, a remote control software, to blend into the process list and establish a connection with C2 servers.
USB Propagation Copying itself to USB drives connected to infected computers, automatically running upon insertion. It also creates random-named LNK files as bait, encouraging users to click. When a user inserts an infected USB drive into their computer, the worm copies itself to the hard drive and executes. It also creates an LNK file named “Holiday Photos.lnk” pointing to the worm.
Domain Marker Usage Using domains as markers for actual C2 server IP addresses. It generates a random subdomain of a hardcoded domain (e.g., 4fj3k2h5.example.com from example.com) and resolves its IP address through a DNS query. It then uses this IP address for communication with the C2 server. Generating the subdomain 4fj3k2h5.example.com from the hardcoded domain example.com, resolving its IP address through a DNS query (e.g., 192.168.1.100), and using it to send data to the C2 server.

LitterDrifter’s Malicious Actions

LitterDrifter is a worm that can cause significant damage to infected systems. It not only collects sensitive information but can also execute remote commands, download and install other malicious software, and delete files or partitions. Here’s a table summarizing LitterDrifter’s main malicious actions:

Action Description Example
Information Collection The worm gathers information about the infected system, including computer name, username, IP address, OS, process list, files on the hard drive, and USB drives. The worm sends the collected information to the C2 server via an HTTP POST request.
Remote Command Execution The worm can receive remote commands from the C2 server, such as launching a process, creating a file, modifying the registry, opening a URL, etc. The worm can execute a command like cmd.exe /c del /f /s /q c:\*.* to erase all files on the C drive.
Download and Malware Installation The worm can download and install other malicious software on the infected system, such as remote control tools, spyware, screen capture software, password stealers, file encryption software, and data destruction software. The worm can download and install the Pterodo malware, allowing Gamaredon to take control of the infected system.
File or Partition Deletion The worm can delete files or partitions on the infected system, potentially leading to data loss, system corruption, or boot failure. The worm can erase the EFI partition, which contains system boot information.

Protecting Against LitterDrifter

Safeguarding your systems against LitterDrifter and similar threats is essential in today’s interconnected digital landscape. Here are some steps you can take to enhance your cybersecurity posture:

  1. Keep Software Updated: Regularly update your operating system, software, and antivirus programs to patch known vulnerabilities that malware like LitterDrifter exploits.
  2. Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially if the sender is unknown or the email seems suspicious. Verify the legitimacy of the sender before taking any action.
  3. Use Reliable Security Software: Install reputable security software that can detect and block malware. Ensure that it is regularly updated to recognize new threats effectively.
  4. Employ Network Segmentation: Implement network segmentation to isolate critical systems and data from potentially compromised parts of your network.
  5. Educate Employees: Train your employees to recognize phishing attempts and the importance of safe browsing and email practices.
  6. USB Drive Security: Disable autorun features on computers and use endpoint security solutions to scan USB drives for malware upon insertion.
  7. Network Monitoring: Implement network monitoring tools to detect unusual activities and unauthorized access promptly.
  8. Encryption and Authentication: Use encryption for sensitive data and multi-factor authentication to secure critical accounts.

Enhancing Data Security with HSM Technologies

In addition to the steps mentioned above, organizations can enhance data security by leveraging NFC HSM (Near Field Communication and Hardware Security Module). These specialized devices provide secure storage and processing of cryptographic keys, protecting sensitive data from unauthorized access.

HSMs offer several advantages, including tamper resistance, hardware-based encryption, and secure key management. By integrating HSMs into your cybersecurity strategy, you can further safeguard your organization against threats like LitterDrifter.

Leveraging NFC HSM Technologies Made in Andorra by Freemindtronic

To take your data security to the next level, consider utilizing NFC HSM technologies manufactured in Andorra by Freemindtronic. These state-of-the-art devices are designed to meet the highest security standards, ensuring the confidentiality and integrity of your cryptographic keys.

Freemindtronic innovates, manufactures white-label NFC HSM technologies, including PassCypher NFC HSM and DataShielder Defense NFC HSM. These solutions, like EviPass, EviOTP, EviCypher, and EviKey, effectively combat LitterDrifter. They enhance data security, protecting against unauthorized access and decryption, even in the era of quantum computing.

With HSMs from Freemindtronic, you benefit from:

  • Tamper Resistance: HSMs are built to withstand physical tampering attempts, providing an added layer of protection against unauthorized access.
  • Hardware-Based Encryption: Enjoy the benefits of hardware-based encryption, which is more secure than software-based solutions and less susceptible to vulnerabilities.
  • Secure Key Management: HSMs enable secure generation, storage, and management of cryptographic keys, reducing the risk of key compromise.

By integrating HSMs into your organization’s security infrastructure, you can establish a robust defense against threats like LitterDrifter and ensure the confidentiality and integrity of your sensitive data.

Conclusion

Staying One Step Ahead of LitterDrifter

LitterDrifter, the USB worm associated with the Gamaredon cyber espionage group, poses a significant threat to cybersecurity. Its ability to infiltrate systems, collect sensitive data, and execute malicious actions underscores the importance of proactive protection.

By understanding LitterDrifter’s origins, functionality, and impact, as well as implementing robust cybersecurity measures, you can shield your organization from this perilous threat. Additionally, NFC HSM technologies offer an extra layer of security to safeguard your data and secrets.

Stay vigilant, stay informed, and stay ahead of LitterDrifter and the ever-evolving landscape of cyber threats.

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.
More info Accept