2024, Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

Posted on May 17, 2024May 17, 2024 by FMTAD

17
May

Delving into the 2░0░2░4░Dropbox Security Breach: A Chronicle of Vulnerabilities, Exfiltrated Data

In 2024, a shadow fell over cloud storage security. The Dropbox breach exposed a shocking vulnerability, leaving user data at risk. This deep dive explores the attack, the data compromised, and why encryption remains your ultimate defense. Dive in and learn how to fortify your digital assets.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

Europol office showing a security breach alert on a computer screen, with agents discussing in the background.

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

February 8, 2024

Digital representation of Ivanti Zero-Day Flaws threatening cybersecurity in a futuristic cityscape

2024 Digital Security Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

February 5, 2024

Woman holding a smartphone with a padlock icon on the screen, promoting protection from stalkerware.

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

January 26, 2024

Dropbox Security Breach. Stay updated with our latest insights.

Europol

Dropbox Security Breach: Password Managers and Encryption as Defense By Jacques Gascuel, this article examines the crucial role password managers and encryption play in mitigating the risks of cyberattacks like the Dropbox Security Breach

Phishing Tactics: The Bait and Switch in the Aftermath of the Dropbox Security Breach

The 2024 Dropbox Security Breach stands as a stark reminder of the ever-evolving cyberthreat landscape and the urgent need for robust security measures. In this comprehensive article, we’ll unravel the intricate details of this breach, examining the tactics employed by attackers, the vast amount of sensitive data compromised, and the far-reaching consequences for affected users. We’ll also delve into the underlying security vulnerabilities exploited and discuss essential measures to prevent similar incidents in the future. Finally, we’ll explore the crucial role of advanced encryption solutions, such as DataShielder and PassCypher, in safeguarding sensitive data stored in the cloud. Through this in-depth analysis, you’ll gain a clear understanding of the Dropbox breach, its impact, and the proactive steps you can take to enhance your own cybersecurity posture.

Crafting Convincing Emails

Attackers meticulously crafted phishing emails, often disguised as notifications or security alerts, to deceive employees.

Crafting Convincing Emails: Attackers meticulously crafted phishing emails, often disguised as notifications or security alerts, to deceive employees.
Exploiting Human Trust: By leveraging the trust employees had in Dropbox, attackers successfully persuaded them to divulge sensitive information.
MFA Circumvention: The compromise of MFA codes highlights the need for additional layers of security beyond passwords.

This diagram depicts the stages of the 2024 Dropbox Security Breach, from phishing emails to data exfiltration and its aftermath.

Dropbox Security Breach Attack Flow: Unraveling the Steps of the Cyberattack

Phishing Emails: Attackers send out phishing emails to Dropbox employees, mimicking legitimate communications.
Credential Harvesting: Employees fall victim to phishing tactics and reveal their credentials, including MFA codes.
Unauthorized Access: Attackers gain unauthorized access to Dropbox Sign infrastructure using compromised credentials.
Exploiting Automated Tools: Attackers exploit automated system configuration tools to manipulate accounts and escalate privileges.
Data Exfiltration: Attackers extract a vast amount of sensitive data, including emails, usernames, phone numbers, hashed passwords, API keys, OAuth tokens, and MFA data.

Exploited Vulnerabilities: A Technical Analysis

The attackers behind the Dropbox breach exploited a combination of vulnerabilities to gain unauthorized access and exfiltrate sensitive data.

Specific CVEs Exploited

CVE-2019-12171: This vulnerability allowed attackers to store credentials in cleartext in memory, posing a significant security risk.
CVE-2022-4768: This critical vulnerability in Dropbox Merou affected the add_public_key function, leading to injection attacks.
Automated System Configuration Tools: The exploitation of these tools highlights the need for robust access controls and security measures.

Exfiltrated Data: The Scope of the Breach

The sheer volume of data compromised in the Dropbox breach is staggering, raising serious concerns about the potential impact on affected users.

Types of Data Exposed

Exposed Emails: Attackers now possess email addresses, potentially enabling them to launch targeted phishing attacks or engage in email scams.
Vulnerable Usernames: Usernames, often coupled with leaked passwords or other personal information, could be used to gain unauthorized access to other online accounts.
Misused Phone Numbers: Exposed phone numbers could be used for unwanted calls, text messages, or even attempts to reset passwords or gain access to other accounts.
Hashed Passwords: A Target for Cracking: While not directly readable, hashed passwords could be subjected to brute-force attacks or other cracking techniques to recover the original passwords.
Compromised Authentication Tokens: API keys and OAuth tokens, used for app authentication, could enable attackers to impersonate users and access their Dropbox accounts or other connected services.

The Dropbox Breach Fallout: Unraveling the Impact and Consequences

The ramifications of the Dropbox breach extend far beyond the compromised data itself. The incident has had a profound impact on both affected users and Dropbox as a company.

Consequences of the Breach

User Privacy Concerns: The exposure of personal information has left users feeling vulnerable and at risk of identity theft, phishing attacks, and other cyber threats.
Reputational Damage: Dropbox’s reputation as a secure cloud storage provider has taken a significant hit, potentially affecting user trust and future business prospects.
Financial Costs: Dropbox has incurred substantial expenses in investigating the breach, notifying affected users, and implementing additional security measures.

Lessons Learned: Preventing Future Breaches and Strengthening Security

In the aftermath of the Dropbox breach, it’s crucial to identify key takeaways and implement preventive measures to safeguard against future incidents.

Essential Security Practices

Secure Service Accounts: Implement strong passwords for service accounts and enforce strict access controls, adhering to the principle of least privilege. Consider using Privileged Access Management (PAM) solutions to manage and monitor service account activity.
Regular Penetration Testing: Conduct regular penetration tests (pen tests) to identify and remediate vulnerabilities in systems and networks before they can be exploited by attackers. Engage qualified security professionals to simulate real-world attack scenarios.
Continuous Monitoring and Incident Response: Establish a robust incident response plan to effectively address security breaches. This plan should include procedures for identifying, containing, and remediating incidents.
Patch Management: Prioritize timely patching of software and systems with the latest security updates. Implement a comprehensive patch management strategy to ensure the prompt deployment of critical security updates.

Beyond the Breach: Enhancing Proactive Defense with Advanced Encryption

While robust security practices are essential for preventing breaches, additional layers of protection can further safeguard data. Advanced encryption solutions play a pivotal role in this regard. Here, we’ll delve into two such solutions – DataShielder HSM PGP and NFC HSM, and PassCypher HSM PGP and NFC HSM – and explore how they address the vulnerabilities exploited in the 2024 Dropbox breach.

DataShielder HSM PGP and NFC HSM

DataShielder HSM PGP and NFC HSM provide client-side encryption for data stored in the cloud. By encrypting data at rest and in transit (as depicted in the following diagram [Insert DataShielder Diagram Here]), DataShielder ensures that even if an attacker gains access to cloud storage, the data remains inaccessible. This robust protection is achieved through:

Client-Side Encryption: Data is encrypted on the user’s device before being uploaded to the cloud.
Hardware Security Module (HSM) or NFC HSM: Encryption keys are stored within a secure HSM or NFC HSM, offering physical separation and robust protection against unauthorized access.
Offsite Key Management: Encryption keys are never stored on the cloud or user devices, further minimizing the risk of compromise (as illustrated in the diagram).
Post-Quantum Encryption: Additionally, DataShielder incorporates post-quantum encryption algorithms to safeguard against future advancements in code-breaking techniques.

DataShielder HSM PGP and NFC HSM: Ensuring Dropbox security breach protection with AES-256 encryption and offsite key management

PassCypher HSM PGP and NFC HSM

PassCypher HSM PGP and NFC HSM go beyond traditional password management, offering a comprehensive security suite that directly addresses the vulnerabilities exploited in the 2024 Dropbox breach. Here’s how PassCypher strengthens your defenses:

Multi-Factor Authentication (MFA) with Hardware Security: PassCypher NFC HSM offers additional protection for logins by securely managing Time-based One-Time Passwords (TOTP) and HOTP keys. Users can scan a QR code to automatically store the encrypted TOTP secret key within the NFC HSM, adding a layer of hardware-based authentication beyond passwords.
Real-Time Password Breach Monitoring: PassCypher HSM PGP integrates with Have I Been Pwned (HIBP), a constantly updated database of compromised passwords. This real-time monitoring allows users to be instantly notified if their passwords appear in any known breaches.
Phishing Prevention: In addition to the URL sandbox system and protection against typosquatting and BITB attacks mentioned earlier, PassCypher’s comprehensive approach empowers users to identify and avoid malicious attempts (as detailed in the diagram).
Client-Side Encryption: PassCypher utilizes client-side encryption to ensure data remains protected even if attackers manage to exfiltrate it (as shown in the diagram).

By combining these features, PassCypher HSM PGP and NFC HSM provide a robust defense against the social engineering tactics and credential theft exploited in the Dropbox breach.

Statistics of the 2024 Dropbox Security Breach

While verifying the exact number of users affected by data breaches can be challenging, security experts estimate that the Dropbox breach could have impacted a substantial number of users. Some reports suggest that the breach may have affected up to 26 billion records, making it one of the largest data breaches in history. However, it is crucial to note that this figure is unconfirmed and may not reflect the actual number of individuals impacted.

Key Takeaways for Enhanced Cybersecurity

Uncertain Numbers: The exact number of affected users remains unclear, highlighting the challenges in verifying breach statistics.
Potential for Massive Impact: The estimated 26 billion records underscore the potential scale of the breach and its far-reaching consequences.
Importance of Reliable Sources: Relying on reputable sources for breach information is crucial to ensure accurate and up-to-date data.

Conclusion: A Call for Vigilance and Enhanced Security in the Wake of the Dropbox Security Breach

The 2024 Dropbox security breach serves as a stark reminder of the ever-evolving cyberthreat landscape and the urgent need for vigilant security practices. Organizations must prioritize robust security measures, including strong access controls, regular vulnerability assessments, and timely patching. Additionally, advanced encryption solutions, such as DataShielder HSM PGP and NFC HSM and PassCypher HSM PGP and NFC HSM, can provide an extra layer of protection for sensitive data.

Key Takeaways for Enhanced Cybersecurity

Collective Responsibility: Cybersecurity is a shared responsibility, requiring collaboration between organizations and individuals.
Continuous Learning and Awareness: Staying informed about emerging threats and adopting best practices are essential for effective cybersecurity.
Protecting Sensitive Data: Prioritizing data protection through robust security measures and advanced encryption is paramount.

The 2024 Dropbox security breach serves as a cautionary tale, highlighting the vulnerabilities that can exist even in large, established organizations. By learning from this incident and implementing the recommendations discussed, we can collectively strengthen our cybersecurity posture and protect our valuable data from the ever-evolving threat landscape.

2024, Digital Security

Apple M chip vulnerability: A Breach in Data Security

Posted on March 25, 2024March 26, 2024 by FMTAD

25
Mar

Apple M-Chip Vulnerability: Critical Risk

Learn about the critical Apple M-chip flaw, a micro-architectural vulnerability that threatens data security. This article reveals the attack process exploiting data prefetching and encryption key extraction, highlighting the major security impact. Essential reading to understand and anticipate the risks linked to this alarming discovery.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

Apple M chip vulnerability: uncover the critical security breach highlighted by MIT (CSAIL). Stay updated with our latest insights.

Apple M chip vulnerability and how to Safeguard Against Threats, by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides invaluable knowledge on how data encryption and decryption can prevent email compromise and other threats.

Apple M chip vulnerability: uncovering a breach in data security

Researchers at the Massachusetts Institute of Technology’s (MIT) Computer Science and Artificial Intelligence Laboratory (CSAIL) have unveiled a critical hardware flaw within Apple’s M-series chips, dubbed the “Apple M chip vulnerability,” marking a significant breach in data security. This vulnerability, referred to as ‘GoFetch,’ highlights a concerning issue in the chips’ microarchitecture, potentially compromising the integrity of sensitive information stored on millions of devices. Unlike previous security flaws, this unpatchable vulnerability allows for the unauthorized extraction of cryptographic keys through a secondary channel during the execution of cryptographic protocols, posing a serious threat to data security across a broad spectrum of devices. The discovery underscores the vulnerability’s profound implications, as it affects not only the security of Apple devices but also the broader ecosystem relying on these cryptographic protocols.

Exploiting the Apple M Chip Vulnerability Without Elevated Privileges

A notable aspect of this vulnerability is its exploitation without the need for elevated privileges. Academic researchers have devised an application capable of retrieving cryptographic keys from other applications running the affected algorithms. This exploitation leverages the Data Memory-Dependent Prefetcher (DMP) within the chips, which can mistakenly interpret data as memory addresses, thereby enabling attackers to reconstruct secret keys.

The Risk to Users’ Sensitive Data

The implications of this vulnerability are far-reaching, affecting all common cryptographic algorithms, including those designed to be quantum-resistant. Researchers have demonstrated the successful extraction of RSA, DHKE, Kyber, and Dilithium keys, with extraction times varying from 49 minutes to 15 hours, depending on the algorithm. This vulnerability endangers the integrity of encrypted data, including sensitive personal and financial information.

The Mechanics Behind the Attack

The vulnerability arises from the architectural design of Apple’s M1, M2, and M3 chips, which, similar to Intel’s latest Raptor Lake processors, utilize caches to enhance performance. These caches can inadvertently mix up data with memory addresses, leading to potential data leakage. A well-designed cryptographic code should operate uniformly in time to prevent such vulnerabilities.

La Vulnérabilité des Puces M d’Apple: A Risk to Cryptocurrency Wallets

The discovery of this vulnerability also casts a shadow over the security of cryptocurrency wallets. Given the flaw’s capacity for cryptographic key extraction through side-channel attacks, users of cold wallets or hardware wallets connected to computers with vulnerable chips for transactions may face heightened risks. These vulnerabilities underscore the importance of assessing the security measures of cold wallets and hardware wallets against such exploits.

Impact on Cold Wallets and Hardware Wallets

Private key extraction poses a serious threat, especially when devices are connected to vulnerable computers for transactions. This vulnerability could compromise the very foundation of cryptocurrency security, affecting both local and remote attack scenarios.

Security Recommendations

Manufacturers of cold and hardware wallets must promptly assess and address their vulnerability to ensure user security. Users are advised to adhere to best security practices, such as regular updates and minimizing the connection of cold wallets to computers. An effective alternative is the utilization of Cold Wallet NFC HSM technology, such as Freemindtronic’s EviVault NFC HSM or EviSeed NFC HSM, embedded in Keepser and SeedNFC HSM products, offering robust protection against such vulnerabilities.

Apple M Chip Vulnerability: Unveiling the Unpatchable Flaw

This flaw, inherent to the microarchitecture of the chips, allows the extraction of cryptographic keys via a secondary channel during the execution of the cryptographic protocol.
This discovery of an “irreparable flaw” in Apple’s M-series chips could seriously compromise data security by allowing unauthorized extraction of encryption keys. This vulnerability constitutes a significant security flaw, posing a substantial risk to user data across various devices.

The Micro Architectural Rift and its Implications: Unveiling the Apple M Chip Vulnerability

Critical Flaw Discovered in Apple’s M-Chips

Moreover, the recent discovery of the ‘Apple M chip vulnerability’ in Apple’s M-series chips has raised major IT security concerns. This vulnerability, inherent in the silicon design, enables extraction of cryptographic keys through a side channel during the execution of standard cryptographic protocols. Furthermore, manufacturers cannot rectify this flaw with a simple software or firmware update, as it is embedded in the physical structure of processors.

Implications for Previous Generations

Additionally, the implications of the ‘Apple M chip vulnerability’ are particularly severe for earlier generations of the M-series, such as M1 and M2. Furthermore, addressing this flaw would necessitate integrating defenses into third-party cryptographic software, potentially resulting in noticeable performance degradation when performing cryptographic operations.

Hardware optimizations: a double-edged sword

Moreover, modern processors, including Apple’s M-series and Intel’s 13th Gen Raptor Lake microarchitecture, utilize hardware optimizations such as memory-dependent prefetching (DMP). Additionally, these optimizations, while enhancing performance, introduce security risks.

New DMP Research

Moreover, recent research breakthroughs have unveiled unexpected behavior of DMPs in Apple silicon. Additionally, DMPs sometimes confuse memory contents, such as cryptographic keys, with pointer values, resulting in data “dereference” and thus violating the principle of constant-time programming.

Additionally, we can conclude that the micro-architectural flaw and the unforeseen behaviors of hardware optimizations emphasize the need for increased vigilance in designing cryptographic chips and protocols. Therefore, addressing these vulnerabilities necessitates ongoing collaboration between security researchers and hardware designers to ensure the protection of sensitive data.

Everything you need to know about Apple’s M chip “GoFetch” flaw

Origin of the fault

The flaw, dubbed “GoFetch,” was discovered by researchers at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT). It affects Apple’s M1, M2 and M3 chips and allows for the extraction of encryption keys, compromising data security1.

Level of hazardousness

The vulnerability is considered severe because it cannot be fixed by a simple software patch. Furthermore, it is due to a specific hardware optimization in the architecture of the chips, making it difficult to correct without significantly impacting the performance of the devices.

Apple’s response and actions taken

Moreover, to date, Apple has not yet officially communicated about this flaw. Security experts recommend the use of software solutions to mitigate risk, although this may reduce the performance of affected devices.

Source of the vulnerability report

The detailed report on this vulnerability has been published by CSAIL. For an in-depth understanding of the flaw and its implications, it is advisable to consult the full research paper provided by the researchers.

Understanding the ‘Apple M chip vulnerability’ and its ‘GoFetch’ flaw

Vulnerability Description

Data Memory-Dependent Prefetcher (DMP): Moreover, this function in Apple’s M chips is designed to improve performance by predicting and loading data that the CPU might need next. However, it has a vulnerability that can be exploited through a side-channel attack.
Side-Channel Attack: Additionally, the flaw allows attackers to observe the effects of the DMP’s operation, such as timing information, to infer sensitive data.
Encryption Key Extraction: Furthermore, by exploiting the DMP’s behavior, attackers can extract encryption keys that are used to secure data on the device. This includes keys from widely-used cryptographic protocols like OpenSSL Diffie-Hellman, Go RSA, CRYSTALS Kyber, and Dilithium.

Level of Hazardousness

Additionally, the “GoFetch” flaw is considered very dangerous because it is a hardware-level vulnerability. It cannot be fixed with a software update without potentially reducing chip performance.

The diagram illustrating the level of hazardousness of the micro-architectural flaw in the Apple M-Chip, specifically the “GoFetch” flaw, has been successfully created. Moreover, this visual representation captures the flaw’s inception at the Data Prefetching (DMP) function, its exploitation through the attack process, the subsequent extraction of encryption keys, and the final security impact, including compromised data privacy and security breaches.

Diagram showcasing the GoFetch vulnerability in Apple M-Chip, from data prefetching to security impact. — This diagram delineates the exploitation process of the GoFetch flaw in the Apple M-Chip, highlighting its hazardous impact on data security.

Data Prefetching (DMP): Furthermore, a diagram component shows the DMP function, which is the initial target for the attack.
Attack Process: Additionally, a flow demonstrates how the attacker exploits the DMP to initiate a side-channel attack.
Encryption Key Extraction: Moreover, a depiction of the attacker successfully retrieving the encryption keys through the side-channel.
Security Impact: Additionally, the final part of the diagram should show the potential risks, such as compromised data privacy and security breaches.

Impact and Timeline of Apple M1, M2, and M3 Chips: Assessing the ‘Apple M chip vulnerability’ Impact and Progression

The ‘Apple M chip vulnerability’ affects all Macs running Apple silicon, including M1, M2, and recent M3 chips. This includes a wide range of Mac and MacBook computers, which are now susceptible to side-channel attacks exploiting this vulnerability.

Apple computer affected by this flaw

The ‘Apple M chip vulnerability’ impacts a wide range of Apple hardware, starting with the launch of the first Mac system-on-chip, the M1, in November 2020. This hardware includes the M1, M1 Pro, M1 Max, M1 Ultra, M2, M2 Pro, M2 Max, M2 Ultra, M3, M3 Pro, and M3 Max chips.

Date	Model	Description
Nov 2020	M1	Introducing the M1 to MacBook Air, MacBook Pro, and Mac mini 13″
Apr 2021	M1	Launch of the iMac with M1 chip
Oct 2021	M1 Pro and M1 Max	M1 Pro and M1 Max arrive in 14-inch and 16-inch MacBook Pros
March 2022	M1 Ultra	M1 Ultra launches with Mac Studio
June 2022	M2	Next generation with the M2 chip
Jan. 2023	M2 Pro and M2 Max	M2 Pro and M2 Max launch in 14-inch and 16-inch MacBook Pros, and Mac mini
June 2023	M2 Ultra	M2 Ultra launches on Mac Studio and Mac Pro
Oct 2023	M3	M3 series with the M3, M3 Pro and M3 Max

To establish the extent of the problem of Apple’s M chip vulnerability and its consequences on a global scale, we sought to establish the most accurate statistics published on the internet to try to assess as accurately as possible the number of devices affected and the geographical scope of the impact.

The Magnitude of the ‘Apple M chip vulnerability’: Global Consequences and Statistics

The “GoFetch” vulnerability in Apple’s M chips has a potential impact on millions of devices around the world. Since the introduction of the M1 chip in November 2020, Apple has sold tens of millions of Mac computers with the M1, M2, and M3 chips, with a presence in more than 100 countries. This security flaw therefore represents a significant threat to data privacy and security on a global scale.

Potential Consequences:

Privacy breach: Because encryption keys can be extracted, sensitive user data is at risk.
Business impact: Organizations that rely on Apple devices for their operations could face costly data breaches.
Economic repercussions: Confidence in the safety of Apple products could be shaken, potentially affecting future sales.

It is crucial that users are aware of this vulnerability and take steps to secure their devices, pending an official response from Apple and potential solutions to mitigate the risks associated with this critical security breach.

Statistics

In terms of sales, Apple’s A and M chips have seen impressive growth, with a 54% increase in revenue, reaching $2 billion in the first quarter. This positive trend reflects the widespread geographic impact and growing adoption of Apple Silicon technologies.

Based on available data, here is an estimate of the number of Apple computers with the M1, M2, and M3 chips sold, broken down by geographic region:

Statistics Table Detailed Statistics

Based on available data, here is an estimate of the number of Apple computers with the M1, M2, and M3 chips sold, broken down by geographic region:

Region	Estimated sales
Americas	2 millions
Europe	1.5 million
Greater China	1 million
Japan	500 000
Middle East	300 000
Africa	200 000
Asia-Pacific	300 000
Latin America	100 000
Eastern Europe	100 000

Estimated total: 6 million units sold.

These estimates underscore the importance of the “GoFetch” vulnerability and the need for Apple to effectively respond to this security flaw on a global scale.

These estimates are based on market shares and sales trends in these regions. They give an idea of the distribution of sales of Macs with the M1, M2, and M3 chips outside of major markets.

These figures are based on overall sales and may vary depending on the sources and methods of calculation. Still, they give an idea of the scale of Apple’s M-chip distribution around the world and highlight the importance of the “GoFetch” vulnerability on a global scale. It’s important to note that these numbers are estimates, and exact sales data by country isn’t always published by Apple or third-party sources.

What are the Safeguards?

The IT security expert community emphasizes the importance of developing software solutions to mitigate risk, even if it could lead to a significant decrease in the performance of affected devices. Solutions like DataShielder Defense NFC HSM, developed by Freemindtronic, offer hardware or hybrid countermeasures to secure encryption keys

DataShielder NFC HSM

DataShielder Defense NFC HSM, developed by Freemindtronic, offers advanced security measures to protect encryption keys against vulnerabilities such as “GoFetch.” Utilizing AES-256 and RSA-4096 encryption through an NFC HSM and/or hybrid hardware and software HSM PGP for data encryption as well as wifi, Lan, Bluetooth, and NFC communication protocols, DataShielder enables externalized encryption for Apple computers, ensuring the confidentiality and integrity of sensitive data. This solution is particularly beneficial for businesses and organizations handling highly sensitive information, providing them with robust cybersecurity and security against potential cyber threats.

DataShielder HSM PGP

DataShielder HSM PGP provides a secure hybrid HSM PGP platform solution for generating, storing, and managing PGP keys, offering end-to-end encryption for email communications via a web browser. By integrating mechanisms for creating secure containers on multiple hardware supports that can be physically externalized from the computer, DataShielder HSM PGP enhances the confidentiality and authenticity of email exchanges by encrypting emails, thus mitigating the risk of interception or tampering by malicious actors. This solution is ideal for all types of businesses, financial institutions, and companies requiring stringent data protection measures without the risk of relying on their computers’ security vulnerabilities.

DataShielder Defense

DataShielder Defense provides comprehensive protection against hardware vulnerabilities and cyber threats by combining hardware and software hybrid encryption compatible with all types of storage media, including NFC HSM. It incorporates the management of various standard symmetric and asymmetric encryption keys, including freely selectable Open PGP encryption algorithms by the user. By protecting sensitive data at the hardware level, without servers, without databases, and in total anonymity, DataShielder Defense ensures a very high level of security considered post-quantum, offering a wide range of applications, including data storage, communication, and processing. This solution is particularly advantageous for governmental entities and organizations dealing with classified information. It serves as a counter-espionage tool suitable for organizations looking to strengthen their cybersecurity posture and mitigate risks associated with very complex emerging threats.

In summary, DataShielder solutions provide effective countermeasures against hardware vulnerabilities like “GoFetch,” offering organizations reliable protection for their sensitive data and critical assets. Through continuous innovation and collaboration with industry partners, DataShielder remains at the forefront of data security, empowering organizations to defend against evolving cyber threats and protect their digital infrastructure.

Let’s summarize

The recent discovery of a vulnerability in Apple M chips, dubbed “GoFetch,” by MIT researchers raises major concerns about data security on devices equipped with these chips. This flaw potentially exposes millions of Mac computers worldwide to side-channel attacks, compromising the privacy of stored information.

In conclusion on the vulnerability of Apple M series chips: Addressing the critical Apple M chip vulnerability

The vulnerability discovered in Apple’s M-series chips, known as “GoFetch,” by researchers at MIT underscores the significant challenges facing hardware manufacturers in terms of security. Effective safeguards, both in software and hardware, are crucial to mitigate risks and uphold the security of sensitive user data. Collaboration among manufacturers, security researchers, and government entities is essential to develop robust solutions and ensure protection against emerging threats.

In conclusion, the prompt identification and resolution of hardware vulnerabilities like “GoFetch” are imperative for maintaining user confidence and safeguarding the integrity of IT systems. Continuous evaluation and implementation of technological advancements and security best practices are necessary to provide adequate protection against potential threats.

2024, Cyberculture, Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

Posted on February 21, 2024March 15, 2024 by FMTAD

21
Feb

Protecting encrypted messaging: the ECHR decision

Encrypted messaging is vital for digital privacy and free speech, but complex to protect. The historic ECHR decision of February 13, 2024 supports strong encryption against government surveillance. We discuss the importance of this decision. You will discover EviCypher NFC HSM encryption technology from Freemindtronic, guardian of this decision but for all messaging services in the world.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

Digital image showing a confused user at a computer surrounded by complex password symbols

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

2023 Cyberculture

New EU Data Protection Regulation 2023/2854: What you need to know

December 25, 2023

Stay informed in our posts dedicated to Cyberculture to follow its evolution thanks to our regularly updated topics

Learn more through this Cyberculture section on your data encryption rights to protect your personal and professional data written by Jacques Gascuel, creator of data security solutions. Stay informed and secure with our regular news.

Encrypted messaging: ECHR says no to states that want to spy on them

The historic judgment of the European Court of Human Rights (ECHR) elevates encrypted messaging to the rank of guardian of privacy and freedom of expression. But this also poses security and public order problems. On February 13, 2024, she spoke out in favor of strong encryption, against state interference.

The ECHR has rejected Russian authorities’ request to Telegram, a messaging application, to provide private keys for encrypting its users’ communications, or to install backdoors that would allow authorities to access them. The Court considered that this request violated the rights to privacy and correspondence, as well as freedom of expression, of Telegram users.

The context of the case

The case background Six journalists and human rights activists challenged the request of the Russian authorities to Telegram before the ECHR. They claimed that this request violated their fundamental rights. They relied on Articles 8 and 10 of the European Convention on Human Rights. These articles protect the right to privacy and correspondence, and the right to freedom of expression.

The reasoning of the Court

The Court’s reasoning The Court acknowledged that the request of the Russian authorities had a legitimate aim of national security and crime prevention. However, it found that the interference with the rights of the applicants was not proportionate to the aim pursued. It emphasised that encryption plays a vital role in ensuring the confidentiality of communications and the protection of personal data. It held that the request of the Russian authorities was too general and vague. It did not offer enough safeguards against abuse. It could deter people from using encrypted messaging services.

The Court also noted that encryption helps citizens and businesses to defend themselves against the misuse of information technologies, such as hacking, identity theft, data breach, fraud and undue disclosure of confidential information. It stated that this should be duly taken into account when assessing the measures that could weaken encryption.

The Court further observed that, in order to be useful to the authorities, the information must be decrypted at some point. It suggested that the authorities should use other means to obtain the necessary information, such as undercover operations, metadata analysis and international cooperation.

The consequences of the decision

The decision’s implications The decision of the Court is final and binding for Russia. It has to implement it within a reasonable time. It also has a broader impact. It sets out principles applicable to all member states of the Council of Europe, which comprises 47 countries. It sends a strong signal in favour of the respect of fundamental rights on the internet. It aligns with the position of several international organisations, such as the UN, the EU or the OSCE. They have stressed the importance of encryption for the protection of human rights online.

The official link of the ECHR decision is: AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE. You can access it by clicking on the title or copying the address in your browser.

The position of other countries in the world

Encryption of communications is not a consensual topic. Countries have different, even opposite, positions on the issue. Here are some examples:

The Netherlands have argued for the right to strong encryption. They considered it a human right that must be safeguarded, in the country’s own interest.
The United States have repeatedly asked technology companies to provide them with access to encrypted data. They invoked the need to fight terrorism. These requests have been challenged by companies, such as Apple. They refused to create backdoors in their encryption systems.
China adopted a cybersecurity law in 2016. It requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption. This law has been denounced by human rights defenders. They fear that it will be used to strengthen the surveillance and censorship of the Chinese regime.
The European Union adopted a directive on the protection of personal data in 2016. It recognizes encryption as a technical measure suitable for ensuring the security of data. The EU also supported the development of end-to-end encryption. It funded projects such as the free software Signal, which allows to encrypt calls and messages.

These examples show the divergences and convergences between different countries on the subject of encryption. They also reveal the political, economic and social issues that are at stake.

The world’s reactions to the ECHR decision on Encrypted Messaging

The ECHR decision on Encrypted Messaging has sparked different reactions in the world. Some countries praised the judgment, which boosts the protection of human rights on the internet. Other countries slammed the position of the Court, which undermines, according to them, the judicial cooperation and the national security.

The supporters of the ECHR decision

The Netherlands are among the countries that supported the ECHR decision. They argued for the right to strong encryption, considering it a human right that must be safeguarded, in the country’s own interest. The European Union also backed the Court, reminding that encryption is a technical measure suitable to ensure the security of data, in accordance with the directive on the protection of personal data adopted in 2016. The EU also stressed that it funds the development of end-to-end encryption, through projects such as the free software Signal, which allows to encrypt calls and messages.

The opponents of the ECHR decision

The United States are among the countries that opposed the ECHR decision. They have repeatedly asked technology companies to provide them with access to encrypted data, invoking the need to fight terrorism. These requests have been challenged by companies, such as Apple, which have refused to create backdoors in their encryption systems. China also expressed its disagreement with the Court, stating that encryption of communications fosters the dissemination of illegal or dangerous content, such as terrorist propaganda, child pornography or hate speech. China recalled that it has adopted in 2016 a cybersecurity law, which requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption.

The non-signatories of the European

Convention on Human Rights Some countries have not reacted to the ECHR decision, because they are not signatories of the European Convention on Human Rights. This is the case for example of Russia, which ceased to be a member of the Council of Europe on March 16, 2022, after the invasion of Ukraine decided by the Kremlin. The country no longer participates in the activities of the ECHR. This is also the case of many countries in Africa, Asia or Latin America, which are not part of the Council of Europe and which have not ratified the Convention.

The signatory countries of the European Convention on Human Rights

The European Convention on Human Rights is an international treaty adopted by the Council of Europe in 1950, which aims to protect human rights and fundamental freedoms in the states parties. It entered into force in 1953, after being ratified by ten countries: Belgium, Denmark, France, Ireland, Italy, Luxembourg, the Netherlands, Norway, Sweden and the United Kingdom .

Since then, the Convention has been ratified by 36 other countries, bringing the total number of states parties to 46. They are: Albania, Germany, Andorra, Armenia, Austria, Azerbaijan, Bosnia and Herzegovina, Bulgaria, Cyprus, Croatia, Estonia, Finland, Georgia, Greece, Hungary, Iceland, Latvia, Liechtenstein, Lithuania, Malta, Moldova, Monaco, Montenegro, North Macedonia, Poland, Portugal, Romania, Russia, San Marino, Serbia, Slovakia, Slovenia, Spain, Czech Republic, Turkey and Ukraine.

All these countries recognize the jurisdiction of the European Court of Human Rights (ECHR), which is in charge of ensuring the respect of the Convention. The ECHR can be seized by any person, group of persons or non-governmental organization who claims to be a victim of a violation of the Convention by one of the states parties. The ECHR can also be seized by a state party who alleges that another state party has violated the Convention. The ECHR delivers judgments that are final and binding for the states parties.

An innovative and sovereign alternative: the EviCypher NFC HSM technology

Facing the challenges of encryption of communications, some users may look for an alternative more innovative and sovereign than the traditional messaging applications. This is the case of the EviCypher NFC HSM technology, developed by the Andorran company Freemindtronic. This technology makes it possible to generate, store, manage and use AES-256 encryption keys to encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, private messaging like Linkedin, Skype, X and even via postal mail with encrypted QR code messages, etc.

EviCypher NFC HSM: A Secure and Innovative Solution for Encrypted Messaging

Firstly, it guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Secondly, it preserves the anonymity and sovereignty of users, because it works without server and without database. It does not require internet connection, nor user account, nor phone number, nor email address. It leaves no trace of its use, nor of its user. It does not depend on the policies or regulations of the countries or companies that provide the communication services.

Thirdly, it offers an extreme portability and availability of encryption keys, thanks to the NFC technology. The user can carry his encryption keys on a physical support, such as a card, a bracelet, a key ring, etc. He can use them with any device compatible with NFC, such as a smartphone, a tablet, a computer, etc. He can also share them with other trusted users, in a simple and secure way.

Lastly, it is compatible with the EviCore NFC HSM or EviCore HSM technology, which allows to secure the access to equipment and applications. The user can thus use the same physical support to encrypt his communications and to authenticate on his different digital services.

The EviCypher NFC HSM technology guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Transforming Encrypted Messaging with EviCypher NFC HSM

The European Court of Human Rights (ECHR) decisively highlights encrypted messaging’s vital role in protecting privacy and freedom of speech. EviCypher NFC HSM, aligning perfectly with these principles, emerges as a pioneering solution. It confronts the challenges of state surveillance and privacy breaches head-on, providing unmatched defense for private communications. EviCypher NFC HSM goes beyond the ECHR’s conventional security and privacy requirements. It crafts an inviolable communication platform that honors users’ privacy rights profoundly. With its innovative approach, EviCypher NFC HSM introduces new data protection standards, forging a robust barrier against government intrusion.

Global Reach and User Empowerment

EviCypher NFC HSM’s technology has a broad global impact, seamlessly addressing the varied encryption landscapes worldwide. It provides a consistent answer to privacy and security issues, disregarding geographic limits. This global applicability makes EviCypher NFC HSM an indispensable tool for users worldwide, solidifying its position as a guardian of global privacy.

Despite potential skepticism about new technologies, the user-friendly and accessible nature of EviCypher NFC HSM aims to dispel such doubts. It promotes wider adoption among those seeking to enhance their communication security. Its compatibility with diverse devices and straightforward operation simplify encryption, facilitating an effortless shift towards secure communication practices.

EviCypher NFC HSM: A Beacon of User Autonomy

EviCypher NFC HSM technology deeply commits to empowering users. It allows individuals to generate, store, and manage their encryption keys independently, giving them direct control. This autonomy not only improves data security but also demonstrates a strong commitment to protecting users’ fundamental rights. It resonates with the values emphasized across the discussion, providing an effective way to strengthen online privacy and security. EviCypher NFC HSM marks a significant leap forward in the movement towards a more secure and private digital landscape.

This technologie HSM stands out as a state-of-the-art, self-sufficient solution, perfectly in line with the ECHR’s decisions and the worldwide need for secure encrypted communication. It leads the charge in advancing user autonomy and security, signaling a crucial evolution in encrypted messaging towards unparalleled integrity.

Incorporating EviCypher’s distinctive features—its operation without servers or databases, interoperability, and backward compatibility with all current communication systems, such as email, SMS, MMS, RCS, and social media messaging, even extending to physical mail via encrypted QR codes—highlights its adaptability and innovative spirit. EviCypher’s resistance to zero-day vulnerabilities, due to encrypting communications upfront, further underscores its exceptional security. Operating anonymously and offline, it provides instant usability without requiring user identification or account creation, ensuring seamless compatibility across phone, computer, and communication systems.

Summary at encrypted messaging

Encrypted Messaging is crucial for the digital society. It protects internet users’ privacy and freedom of expression. But it also challenges security and public order. The European Court of Human Rights (ECHR) supported strong encryption on February 13, 2024. It defended the right to encryption, against states that want to access it. Several international organizations agree with this position. They emphasize the importance of encryption for human rights online. However, the ECHR decision sparked diverse reactions worldwide. Different countries have different views on encryption.

Our conclusion on Encrypted Messaging

EviCypher NFC HSM technology is an innovative and sovereign alternative for Encrypted Messaging. Users can generate, store, manage and use AES-256 encryption keys. They can encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, etc. EviCypher NFC HSM technology ensures data confidentiality and integrity. It works even if messaging services are compromised. It preserves users’ anonymity and sovereignty. It does not need server or database. It offers extreme portability and availability of encryption keys, thanks to NFC technology. It is compatible with EviCore NFC HSM or EviCore HSM technology. They secure access to equipment and applications.

DataShielder products provide EviCypher NFC HSM technology. They are contactless encryption devices, guardians of keys and secrets. Freemindtronic, an Andorran company specialized in NFC security, designs and manufactures them.

2024, Articles, Digital Security, News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

Posted on February 8, 2024February 8, 2024 by FMTAD

08
Feb

How to protect yourself from the attack against Microsoft Exchange?

The attack against Microsoft Exchange was a serious security breach in 2023. Thousands of organizations worldwide were hacked by cybercriminals who exploited vulnerabilities in Microsoft’s email servers. How did this happen? What were the consequences? How did Microsoft react? And most importantly, how can you protect your data and communications? Read our comprehensive analysis and discover Freemindtronic’s technology solutions.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

Cyberattack against Microsoft: discover the potential dangers of stalkerware spyware, one of the attack vectors used by hackers. Stay informed by browsing our constantly updated topics.

Cyberattack against Microsoft: How to Protect Yourself from Stalkerware, a book by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides invaluable knowledge on how data encryption and decryption can prevent email compromise and other threats.

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

On December 13, 2023, Microsoft was the target of a sophisticated attack by a hacker group called Lapsus$. This attack exploited another vulnerability in Microsoft Exchange, known as CVE-2023-23415, which allowed the attackers to execute remote code on the email servers using the ICMP protocol. The attackers were able to access the email accounts of more than 10,000 Microsoft employees, some of whom were working on sensitive projects such as the development of GTA VI or the launch of Windows 12. The attackers also published part of the stolen data on a website called DarkBeam, where they sold more than 750 million fraudulent Microsoft accounts. Microsoft reacted quickly by releasing a security patch on December 15, 2023, and collaborating with the authorities to arrest the perpetrators of the attack. One of the members of the Lapsus$ group, an Albanian hacker named Kurtaj, was arrested on December 20, 2023, thanks to the cooperation between the American and European intelligence services1234.

What were the objectives and consequences of the attack?

The attack against Microsoft Exchange affected more than 20,000 email servers worldwide, belonging to businesses, institutions and organizations from different sectors. These servers were vulnerable because they used outdated versions of the software, which no longer received security updates. The attack exploited a critical vulnerability known as ProxyLogon (CVE-2023-23415), allowing the attackers to execute remote code on the servers and access the email accounts. Despite the efforts to solve the problem, many vulnerable servers remained active, exposing the email accounts of about 30,000 high-level employees, including executives and engineers. The attackers were able to steal confidential information, such as internal projects, development plans, trade secrets or source codes.

What were the objectives of the attack?

The attack was attributed to Lapsus$, a hacker group linked to Russia. According to Microsoft, the group’s main objective was to gain access to sensitive information from various targets, such as government agencies, think tanks, NGOs, law firms, medical institutions, etc. The group also aimed to compromise the security and reputation of Microsoft, one of the leading technology companies in the world. The attack was part of a larger campaign that also involved the SolarWinds hack, which affected thousands of organizations in 2020.

What were the impacts of the attack?

The attack had serious impacts on the victims, both in terms of data loss and reputation damage. The data stolen by the attackers included personal and professional information, such as names, addresses, phone numbers, email addresses, passwords, bank details, credit card numbers, health records, etc. The attackers also leaked some of the data on the DarkBeam website, where they offered to sell the data to the highest bidder. This exposed the victims to potential identity theft, fraud, blackmail, extortion, or other cybercrimes. The attack also damaged the reputation of Microsoft and its customers, who were seen as vulnerable and unreliable by their partners, clients, and users. The attack also raised questions about the security and privacy of email communication, which is widely used in the digital world.

What were the consequences of the attack?

The attack had several consequences for Microsoft and its customers, who had to take urgent measures to mitigate the damage and prevent further attacks. Microsoft had to release a security patch for the vulnerability, and urge its customers to update their software as soon as possible. Microsoft also had to investigate the origin and extent of the attack, and cooperate with the authorities to identify and arrest the attackers. Microsoft also had to provide support and assistance to its customers, who had to deal with the aftermath of the attack. The customers had to check their email accounts for any signs of compromise, and change their passwords and security settings. They also had to notify their contacts, partners, and clients about the breach, and reassure them about the security of their data. They also had to monitor their online activities and accounts for any suspicious or fraudulent transactions. The attack also forced Microsoft and its customers to review and improve their security policies and practices, and adopt new solutions and technologies to protect their data and communication.

How did the attack succeed despite Microsoft’s defenses?

The attack was sophisticated and stealthy, using several techniques to bypass Microsoft’s defenses. First, the attackers exploited a zero-day vulnerability, which means that it was unknown to Microsoft and the public until it was discovered and reported. Second, the attackers used a proxy tool to disguise their origin and avoid detection. Third, the attackers used web shells to maintain persistent access to the servers and execute commands remotely. Fourth, the attackers used encryption and obfuscation to hide their malicious code and data. Fifth, the attackers targeted specific servers and accounts, rather than launching a massive attack that would have raised more suspicion.

What are the communication vulnerabilities exploited by the attack?

The attack exploited several communication vulnerabilities, such as:

Targeted phishing: The attackers sent fake emails to the victims, pretending to be from legitimate sources, such as Microsoft, their bank, or their employer. The emails contained malicious links or attachments, that led the victims to compromised websites or downloaded malware on their devices. The attackers then used the malware to access the email servers and accounts.
SolarWinds exploitation: The attackers also used the SolarWinds hack, which was a massive cyberattack that compromised the software company SolarWinds and its customers, including Microsoft. The attackers inserted a backdoor in the SolarWinds software, which allowed them to access the networks and systems of the customers who installed the software. The attackers then used the backdoor to access the email servers and accounts.
Brute force attack: The attackers also used a brute force attack, which is a trial-and-error method to guess the passwords or encryption keys of the email accounts. The attackers used automated tools to generate and test a large number of possible combinations, until they found the right one. The attackers then used the passwords or keys to access the email accounts.
SQL injection: The attackers also used a SQL injection, which is a technique to insert malicious SQL commands into a web application that interacts with a database. The attackers used the SQL commands to manipulate the database, and access or modify the data stored in it. The attackers then used the data to access the email accounts.

Why did the detection and defense systems of Microsoft Exchange not work?

The detection and defense systems of Microsoft Exchange did not work because the attackers used advanced techniques to evade them. For example, the attackers used a proxy tool to hide their IP address and location, and avoid being traced or blocked by firewalls or antivirus software. The attackers also used web shells to create a backdoor on the servers, and execute commands remotely, without being noticed by the system administrators or the security software. The attackers also used encryption and obfuscation to conceal their malicious code and data, and prevent them from being analyzed or detected by the security software. The attackers also used zero-day vulnerability, which was not known or patched by Microsoft, and therefore not protected by the security software.

How did Microsoft react to the attack?

Microsoft reacted to the attack by taking several actions, such as:

The main actions of Microsoft

Releasing a security patch: Microsoft released a security patch for the vulnerability exploited by the attack, and urged its customers to update their software as soon as possible. The patch fixed the vulnerability and prevented further attacks.
Investigating the attack: Microsoft investigated the origin and extent of the attack, and collected evidence and information about the attackers and their methods. Microsoft also cooperated with the authorities and other organizations to identify and arrest the attackers.
Providing support and assistance: Microsoft provided support and assistance to its customers, who were affected by the attack. Microsoft offered guidance and tools to help the customers check their email accounts for any signs of compromise, and change their passwords and security settings. Microsoft also offered free credit monitoring and identity theft protection services to the customers, who had their personal and financial data stolen by the attackers.

Microsoft also released patches for the vulnerabilities exploited by the attack

Microsoft also released patches for the other vulnerabilities exploited by the attack, such as the SolarWinds vulnerability, the brute force vulnerability, and the SQL injection vulnerability. Microsoft also improved its detection and defense systems, and added new features and functions to its software, to enhance the security and privacy of email communication.

What are the lessons to be learned from the attack?

The attack was a wake-up call for Microsoft and its customers, who had to learn from their mistakes and improve their security practices. Some of the lessons to be learned from the attack are:

Email security

Email is one of the most widely used communication tools in the digital world, but also one of the most vulnerable to cyberattacks. Therefore, it is essential to ensure the security and privacy of email communication, by applying some best practices, such as:

Using strong and unique passwords for each email account, and changing them regularly.
Using multi-factor authentication (MFA) to verify the identity of the email users, and prevent unauthorized access.
Using encryption to protect the content and attachments of the email messages, and prevent them from being read or modified by third parties.
Using digital signatures to verify the authenticity and integrity of the email messages, and prevent them from being spoofed or tampered with.
Using spam filters and antivirus software to block and remove malicious emails, and avoid clicking on suspicious links or attachments.
Using secure email providers and platforms, that comply with the latest security standards and regulations, and offer features such as end-to-end encryption, zero-knowledge encryption, or self-destructing messages.

Multi-factor authentication

Multi-factor authentication (MFA) is a security method that requires the user to provide two or more pieces of evidence to prove their identity, before accessing a system or a service. The pieces of evidence can be something the user knows (such as a password or a PIN), something the user has (such as a smartphone or a token), or something the user is (such as a fingerprint or a face scan). MFA can prevent unauthorized access to email accounts, even if the password is compromised, by adding an extra layer of security. Therefore, it is recommended to enable MFA for all email accounts, and use reliable and secure methods, such as biometric authentication, one-time passwords, or push notifications.

Principle of least privilege

The principle of least privilege (POLP) is a security concept that states that each user or system should have the minimum level of access or permissions required to perform their tasks, and nothing more. POLP can reduce the risk of data breaches, by limiting the exposure and impact of a potential attack. Therefore, it is advisable to apply POLP to email accounts, and assign different roles and privileges to different users, depending on their needs and responsibilities. For example, only authorized users should have access to sensitive or confidential information, and only administrators should have access to system settings or configuration.

Software update

Software update is a process that involves installing the latest versions or patches of the software, to fix bugs, improve performance, or add new features. Software update is crucial for email security, as it can prevent the exploitation of vulnerabilities that could allow attackers to access or compromise the email servers or accounts. Therefore, it is important to update the software regularly, and install the security patches as soon as they are available. It is also important to update the software of the devices that are used to access the email accounts, such as computers or smartphones, and use the latest versions of the browsers or the applications.

System monitoring

System monitoring is a process that involves observing and analyzing the activity and performance of the system, to detect and resolve any issues or anomalies. System monitoring is vital for email security, as it can help to identify and stop any potential attacks, before they cause any damage or disruption. Therefore, it is essential to monitor the email servers and accounts, and use tools and techniques, such as logs, alerts, reports, or audits, to collect and analyze the data. It is also essential to monitor the email traffic and behavior, and use tools and techniques, such as firewalls, intrusion detection systems, or anomaly detection systems, to filter and block any malicious or suspicious activity.

User awareness

User awareness is a state of knowledge and understanding of the users, regarding the security risks and threats that they may face, and the best practices and policies that they should follow, to protect themselves and the system. User awareness is key for email security, as it can prevent many human errors or mistakes, that could compromise the email accounts or expose the data. Therefore, it is important to educate and train the email users, and provide them with the necessary information and guidance, to help them recognize and avoid any phishing, malware, or social engineering attacks, that could target their email accounts.

What are the best practices to strengthen information security?

Information security is the practice of protecting the confidentiality, integrity, and availability of the information, from unauthorized or malicious access, use, modification, or destruction. Information security is essential for email communication, as it can ensure the protection and privacy of the data and messages that are exchanged. Some of the best practices to strengthen information security are:

Adopt the Zero Trust model: The Zero Trust model is a security approach that assumes that no user or system can be trusted by default, and that each request or transaction must be verified and authorized, before granting access or permission. The Zero Trust model can enhance information security, by reducing the attack surface and preventing the lateral movement of the attackers, within the system.
Use advanced protection solutions: Advanced protection solutions are security solutions that use artificial intelligence, machine learning, or other technologies, to detect and respond to the most sophisticated and complex cyberattacks, that could target the email accounts or data. Some of these solutions are endpoint detection and response (EDR), identity and access management (IAM), or data encryption solutions.
Hire cybersecurity experts: Cybersecurity experts are professionals who have the skills and knowledge to design, implement, and maintain the security of the system and the information, and to prevent, detect, and respond to any cyberattacks, that could affect the email accounts or data. Cybersecurity experts can help to strengthen information security, by providing advice, guidance, and support, to the email users and administrators.

How can Freemindtronic technology help to fight against this type of attack?

Freemindtronic offers innovative and effective technology solutions such as EviCypher NFC HSM and EviPass NFC HSM and EviOTP NFC HSM and other PGP HSMs. They can help businesses to fight against this type of attack based on Zero Day and other threats. Their technology is embedded in products such as DataShielder NFC HSM and DataShielder HSM PGP and DataShielder Defense or PassCypher NFC HSM or PassCypher HSM PGP. These products provide security and communication features for data, email and password management and offline OTP secret keys.

DataShielder NFC HSM is a portable device that allows to encrypt and decrypt data and communication on a computer or on an Android NFC smartphone. It uses a contactless hardware security module (HSM) that generates and stores encryption keys securely and segmented. It protects the keys that encrypt contactless communication. This has the effect of effectively fighting against all types of communication vulnerabilities, since the messages and attachments will remain encrypted even if they are corrupted. This function regardless of where the attack comes from, internal or external to the company. It is a counter-espionage solution. It also offers other features, such as password management, 2FA – OTP (TOTP and HOTP) secret keys. In addition, DataShielder works offline, without server and without database. It has a configurable multi-authentication system, strong authentication and secure key sharing.
DataShielder HSM PGP is an application that transforms all types of physical storage media (USB key, S, SSD, KeyChain / KeyStore) connected or not connected into HSM. It has the same features as its NFC HSM version. However, it also uses standard AES-256 and RSA 4096 algorithms, as well as OpenPGP algorithms. It uses its HSMs to manage and store PGP keys securely. In the same way, it protects email against phishing and other email threats. It also offers other features, such as digital signature, identity verification or secure key sharing.
DataShielder Defense is a dual-use platform for civilian and military use that offers many functions including all those previously mentioned. It also works in real time without server, without database from any type of HSM including NFC. It also has functions to add trust criteria to fight against identity theft. It protects data and communication against cyberattacks and data breaches.

In summary

To safeguard against the Microsoft Exchange attack, prioritize security updates and patches. Embrace Freemindtronic’s innovative solutions for enhanced protection. Stay vigilant against phishing and employ robust authentication methods. Opt for encryption to shield communications. Engage cybersecurity experts for advanced defense strategies. By adopting these measures, you can fortify your defenses against cyber threats and ensure your data’s safety.

2024, Digital Security, Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

Posted on February 5, 2024 by FMTAD

05
Feb

Ivanti Patches Two Critical Zero-Day Vulnerabilities, One Under Active Attack

Ivanti, a leader in endpoint and network management solutions, has patched two critical zero-day vulnerabilities, one of which was actively exploited by cybercriminals. Learn more about these vulnerabilities and how to protect your organization.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

This sentence is under a slider that shows similar topics on the zero day.

The Ivanti zero-day flaws, written by Jacques Gascuel, inventor of cybersecurity solutions, of cyber-safety of sensitive data and of counter-espionage, deal with the subject of the Ivanti Zero Day 2024 vulnerabilities.

What are Zero-Day Flaws and Why are They Dangerous?

A zero-day flaw is a previously unknown vulnerability in software that hackers can exploit before the vendor becomes aware and devises a patch. These vulnerabilities are particularly perilous because there is no existing defense against their exploitation. Cybercriminals can use zero-day flaws to launch sophisticated cyberattacks, leading to unauthorized data access, system damage, and widespread security breaches.

Ivanti’s Two Zero-Day Vulnerabilities: CVE-2024-21888 and CVE-2024-21893

Ivanti’s announcement highlights two specific vulnerabilities:

CVE-2024-21888: This is a critical privilege escalation vulnerability found in the web components of Ivanti Connect Secure and Policy Secure (versions 9.x, 22.x). It allows malicious users to gain administrator privileges, thereby obtaining the ability to alter system configurations, access restricted data, and potentially introduce further malicious code into the network infrastructure.
CVE-2024-21893: Identified as a server-side request forgery (SSRF) flaw within the SAML component of Ivanti Connect Secure, Policy Secure (versions 9.x, 22.x), and Ivanti Neurons for ZTA, this vulnerability enables attackers to bypass authentication mechanisms to access restricted resources. This flaw is particularly concerning due to its active exploitation, which suggests a targeted approach by cybercriminals to leverage this vulnerability for malicious purposes.

Ivanti has acknowledged the targeted exploitation of CVE-2024-21893 and expressed concerns over the potential for increased malicious activities following the public disclosure of these vulnerabilities.

How to Protect Your Organization from Ivanti’s Zero-Day Flaws

In response to the discovery of these vulnerabilities, Ivanti has taken swift action by releasing patches for the affected products, including specific versions of Connect Secure and ZTA. The company strongly advises a precautionary factory reset of devices before applying the patches to eliminate any lingering threats from the system. Additionally, Ivanti recommends importing a mitigation file named “mitigation.release.20240126.5.xml” as a temporary countermeasure against these vulnerabilities.

To safeguard against these vulnerabilities, organizations are urged to apply Ivanti’s patches immediately, conduct a factory reset of devices prior to patching, and adopt a proactive cybersecurity posture. This includes regular software updates, comprehensive user education on cybersecurity best practices, and the implementation of robust security measures such as firewalls, intrusion detection systems, and regular security audits.

The Impact of Ivanti’s Zero-Day Flaws on the Cybersecurity Landscape

Since the beginning of 2024, the cybersecurity community has witnessed the disclosure of six zero-day vulnerabilities within Ivanti’s product lineup, with half of them being actively exploited. A study conducted by Volexity found that more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. These attacks have affected organizations from all sectors, including government agencies, Fortune 500 companies and cloud service providers .

CISA Issues Emergency Directive for Federal Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. It requires all federal agencies to apply Ivanti’s patches and mitigations, and report any compromise to the CISA. This directive is important because it shows the urgency and the severity of the situation, and its implications for the national and international security.

Mandiant Identifies Bypass Technique and Webshell Deployment

Mandiant, a cybersecurity firm, has identified a technique that bypasses the mitigation file and allows the deployment of a custom webshell named BUSHWALK. This webshell works by injecting malicious code into the legitimate web pages of Ivanti devices, and allows the attackers to execute commands and access files on the compromised systems. Mandiant has provided a detailed description of how this webshell works, how to detect it, and how to remove it. Mandiant has also clarified that this technique is distinct from the mass exploitation that followed the disclosure of the vulnerabilities.

UNC5221: The Threat Group Behind the Targeted Exploitation

Mandiant has also attributed the exploitation of the Ivanti zero-day flaws to a threat group named UNC5221, suspected to be linked to China. This group has targeted organizations from various sectors, including government agencies, Fortune 500 companies and cloud service providers . Mandiant has also revealed the tools and the malware used by this group, such as BUSHWALK, BLOODHOUND, CHOPSTICK and SLIGHTPULSE. These tools and malware are designed to perform reconnaissance, lateral movement, credential theft and data exfiltration on the compromised networks.

The Number of Victims and the Potential Consequences

According to the latest reports from Volexity and Mandiant, more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. The sectors most affected by these intrusions include government, finance, healthcare, education, and technology. The potential consequences of these intrusions include unauthorized data access, system encryption by ransomware, installation of backdoors for persistent access, and execution of malicious code. Such incidents can lead to significant financial losses, reputational damage, operational disruptions, and legal implications for the affected organizations.

EviCypher and EviPass: Innovative Technologies to Protect Yourself from the Zero-Day Flaws

Facing the threat of the Ivanti zero-day flaws, there are innovative solutions to protect yourself effectively. These are the EviCypher and EviPass technologies, developed by Freemindtronic, a company specialized in pocket cybersecurity.

EviCypher is a NFC device that allows you to encrypt and decrypt messages securely and anonymously. You just need to slide your EviCypher card behind your smartphone for the message to be encrypted or decrypted. The system uses individual encryption keys, stored offline, in a non-volatile and physically secure memory. Thus, even if the message is intercepted by an attacker who exploits an Ivanti zero-day flaw, he will not be able to read it without the corresponding key.

EviPass is a mobile application that allows you to manage your passwords and credentials securely and conveniently. You just need to scan your EviPass card with your smartphone to access your online accounts. The application uses an OpenPGP encryption algorithm, based on public and private keys. The private keys are stored offline, in a non-volatile and physically secure memory. Thus, even if an attacker manages to access a compromised Ivanti device, he will not be able to steal the passwords and credentials without the EviPass card.

These two solutions offer a high level of security, based on the principle of “Air Gap”, which consists of creating a physical and digital barrier between the data and the attackers. They are also easy to use, without requiring any specific knowledge in cybersecurity. They are compatible with all digital communication systems, including those that use Ivanti products. They are protected by international patents, and manufactured in Andorra by Freemindtronic.

EviPass NFC NFC and EviPass HSM PGP: Freemindtronic’s Technologies for Password Management

EviPass NFC NFC and EviPass HSM PGP are two technologies developed by Freemindtronic for password management. EviPass NFC NFC is a technology that uses NFC cards to store and access passwords and credentials. EviPass HSM PGP is a technology that uses hardware security modules (HSM) to store and access passwords and credentials using the OpenPGP encryption algorithm. Both technologies are integrated into the EviPass mobile application, which allows users to manage their passwords and credentials securely and conveniently.

EviCypher NFC HSM and EviCypher HSM PGP: Freemindtronic’s Technologies for Message Encryption

EviCypher NFC HSM and EviCypher HSM PGP are two technologies developed by Freemindtronic for message encryption. EviCypher NFC HSM is a technology that uses NFC cards and hardware security modules (HSM) to encrypt and decrypt messages. EviCypher HSM PGP is a technology that uses hardware security modules (HSM) to encrypt and decrypt messages using the OpenPGP encryption algorithm. Both technologies are integrated into the EviCypher NFC device, which allows users to encrypt and decrypt messages securely and anonymously.

PassCypher and DataShielder: Freemindtronic’s Products that Incorporate EviCypher and EviPass Technologies

PassCypher and DataShielder are two products designed and manufactured by Freemindtronic that incorporate the EviCypher and EviPass technologies. PassCypher is a NFC device that connects to your smartphone or computer and allows you to access your online accounts using the EviPass technology. DataShielder is a NFC device that connects to your smartphone or computer and allows you to encrypt and decrypt messages using the EviCypher technology. With these products, you can benefit from the EviCypher and EviPass technology to protect your passwords, credentials and messages.

To learn more about these solutions, you can visit the Freemindtronic website or the Codeur blog, which present the features and benefits of EviCypher and EviPass.

Conclusion

In conclusion, the Ivanti zero-day flaws are dangerous vulnerabilities that can compromise the security and confidentiality of the users’ data. It is therefore important to protect yourself effectively against these flaws, by applying the patches provided by Ivanti, following the cybersecurity recommendations, and using innovative solutions like EviCypher and EviPass, developed by Freemindtronic. These solutions are integrated into innovative products, designed and manufactured in Andorra. Don’t wait any longer to protect yourself from the Ivanti zero-day flaws, and discover the EviCypher and EviPass solutions from Freemindtronic. What are your impressions on these products? Let us know in the comments below.

2024, Articles, Digital Security, EviKey NFC HSM, EviPass, News, SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

Posted on January 11, 2024January 11, 2024 by FMTAD

11
Jan

Terrapin Attack: How to Protect Your SSH Security

The Terrapin attack is a serious vulnerability in the SSH protocol that can be used to downgrade the security of your SSH connections. This can allow attackers to gain access to your sensitive data. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

Terrapin attack: CVE-2023-48795 SSH security vulnerability articles for in-depth threat reviews and solutions. Stay informed by clicking on our scrolling topics.

Shield Your SSH Security from the Sneaky Terrapin Attack written by Jacques Gascuel, inventor of sensitive data safety and security systems. Are you safeguarding your SSH connections? Stay vigilant against the Terrapin attack, a stealthy vulnerability that can compromise your SSH security and expose your sensitive data.

Protect Yourself from the Terrapin Attack: Shield Your SSH Security with Proven Strategies

SSH is a widely used protocol for secure communication over the internet. It allows you to remotely access and control servers, transfer files, and encrypt data. However, SSH is not immune to attacks, and a recent vulnerability OpenSSH before 9.6 (CVE-2023-48795) has exposed a serious flaw in the protocol itself. This flaw, dubbed the Terrapin attack, can downgrade the security of SSH connections by truncating cryptographic information. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Why you should care about the Terrapin attack

The Terrapin attack is not just a theoretical threat. It is a real and dangerous attack that can compromise the security of your SSH connections and expose your sensitive data. The consequences of a successful Terrapin attack can be severe, such as:

Data breaches: The attacker can access your confidential information, such as passwords, keys, files, or commands, and use them for malicious purposes.
Financial losses: The attacker can cause damage to your systems, services, or assets, and demand ransom or extort money from you.
Reputation damage: The attacker can leak your data to the public or to your competitors, and harm your credibility or trustworthiness.

Therefore, it is important to be aware of the Terrapin attack and take the necessary measures to prevent it. In the following sections, we will show you how the Terrapin attack works, how to protect yourself from it, and how to use PassCypher HSM PGP and EviKey NFC HSM to enhance the security of your SSH keys.

A prefix truncation attack on the SSH protocol

The Terrapin attack is a prefix truncation attack that targets the SSH protocol. It exploits a deficiency in the protocol specification, namely not resetting sequence numbers and not authenticating certain parts of the handshake transcript. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

This manipulation allows the attacker to perform several malicious actions, such as:

Downgrade the connection’s security by forcing it to use less secure client authentication algorithms
Bypass the keystroke timing obfuscation feature in OpenSSH, which may allow the attacker to brute-force SSH passwords by inspecting the network packets
Exploit vulnerabilities in SSH implementations, such as AsyncSSH, which may allow the attacker to sign a victim’s client into another account without the victim noticing

To pull off a Terrapin attack, the attacker must already be able to intercept and modify the data sent from the client or server to the remote peer. This makes the attack more feasible to be performed on the local network.

Unveiling the SSH Handshake: Exposing the Terrapin Attack’s Weakness

The SSH Handshake Process

The SSH handshake is a crucial process that establishes a secure channel between a client and server. It consists of the following steps:

TCP connection establishment: The client initiates a TCP connection to the server.
Protocol version exchange: The client and server exchange their protocol versions and agree on a common one. Then, the algorithm negotiation takes place.
Algorithm negotiation: The client and server exchange lists of supported algorithms for key exchange, encryption, MAC, and compression. Then, they select the first matching algorithm.
Key exchange: The client and server use the agreed-upon key exchange algorithm to generate a shared secret key. They also exchange and verify each other’s public keys. Then, the service request is sent.
Service request: The client requests a service from the server, such as ssh-userauth or ssh-connection. Then, the client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive.
User authentication: The client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive. Then, the channel request is sent.
Channel request: The client requests a channel from the server, such as a shell, a command, or a subsystem. Thus, encrypted communication is enabled.

The Terrapin Attack

The Terrapin attack exploits a vulnerability in the SSH handshake by manipulating the sequence numbers and removing specific messages without compromising the secure channel integrity. This stealthy attack is difficult to detect because it doesn’t alter the overall structure or cryptographic integrity of the handshake.

For example, the attacker can eliminate the service request message sent by the client, which contains the list of supported client authentication methods. This forces the server to resort to the default method, typically password-based authentication. The attacker can then employ keystroke timing analysis to crack the password.

Alternatively, the attacker can target the algorithm negotiation message sent by the server, which lists the supported server authentication algorithms. By removing this message, the attacker forces the client to use the default algorithm, usually ssh-rsa. This opens the door for the attacker to forge a fake public key for the server and deceive the client into accepting it.

To illustrate the process of a Terrapin attack, we have created the following diagram:

Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw

As you can see, the diagram shows the steps from the interception of the communication by the attacker to the injection of malicious packets. It also highlights the stealthiness and the difficulty of detection of the attack.

Summery

The Terrapin attack is a serious threat to SSH security. By understanding how it works, you can take steps to protect yourself from it. Here are some tips:

Make sure your SSH server is up to date with the latest security patches.
Use strong passwords or public key authentication.
Enable SSH key fingerprint verification.

How to protect yourself from the Terrapin attack: Best practices and tools

The Terrapin attack is a serious threat to SSH security, and it affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, and more. Here are some steps you can take to protect yourself from it:

Update your SSH client and server to the latest versions. Many vendors have released patches that fix the vulnerability or introduce a strict key exchange option that prevents the attack. You can check if your SSH software is vulnerable by using the Terrapin vulnerability scanner.
Use strong passwords and public key authentication. Avoid using weak or default passwords that can be easily guessed by the attacker. Use public key authentication instead of password authentication, and make sure your public keys are verified and trusted.
Use secure encryption modes. Avoid using vulnerable encryption modes, such as ChaCha20-Poly1305 or AES-CBC with default MACs. Use encryption modes that use authenticated encryption with associated data (AEAD), such as AES-GCM or Chacha20-Poly1305@openssh.com.
Use a VPN or a firewall. If possible, use a VPN or a firewall to encrypt and protect your SSH traffic from being intercepted and modified by the attacker. This will also prevent the attacker from performing other types of attacks, such as DNS spoofing or TCP hijacking.
Implement a strict security policy on your local networks. Limit the access to your SSH servers to authorized users and devices, and monitor the network activity for any anomalies or intrusions.

How to use PassCypher HSM PGP and EviKey NFC HSM to protect your SSH keys: A secure and convenient solution

A good way to enhance the security of your SSH keys is to use PassCypher HSM PGP and EviKey NFC HSM. These are products from PassCypher), a company specialized in data security. They offer a secure and convenient solution for generating and storing your SSH keys.

PassCypher HSM PGP is a system that embeds a SSH key generator, allowing you to choose the type of algorithm – RSA (2048, 3072, 4096) or ECDSA (256,384, 521), and ED25519. The private key is generated and stored in a secure location, making it inaccessible to attackers.

EviKey NFC HSM is a contactless USB drive that integrates with PassCypher HSM PGP. It provides an additional layer of security and convenience for users who can easily unlock their private SSH key with their smartphone.

To show how PassCypher HSM PGP and EviKey NFC HSM can protect your SSH keys from the Terrapin attack, we have created the following diagram:

SSH handshake process with Terrapin attack illustration — This image illustrates the Terrapin attack, a stealthy attack that exploits a vulnerability in the SSH handshake. The attacker can manipulate the sequence numbers and remove specific messages without compromising the secure channel integrity. This can lead to a variety of security risks, including password cracking and man-in-the-middle attacks.

As you can see, the diagram shows how this solution effectively protects your SSH keys from the Terrapin attack. It also shows the benefits of using a contactless USB drive, such as:

Enhanced security: The private key is physically externalized and protected with a contactless authentication mechanism.
Convenience: Easy unlocking with a smartphone.
Ease of use: No additional software required.
Industrial-grade security: Equivalent to SL4 according to the standard IEC 62443-3-3.

Safeguarding Your SSH Keys with a Contactless USB Drive: A Comprehensive Guide

If you’re seeking a comprehensive guide to securely store your SSH keys using a contactless USB drive, look no further than this detailed resource: [Link to the article ([https://freemindtronic.com/how-to-create-an-ssh-key-and-use-a-nfc-hsm-usb-drive-to-store-it-securely/])]

This guide meticulously walks you through the process of:

Generating an SSH key pair leveraging PassCypher HSM PGP
Protecting the private SSH key within the EviKey NFC HSM USB drive
Unlocking the private SSH key employing your smartphone
Establishing a secure connection to an SSH server using the EviKey NFC HSM USB drive

Alongside step-by-step instructions, the guide also includes illustrative screenshots. By adhering to these guidelines, you’ll effectively safeguard and conveniently manage your SSH keys using a contactless USB drive.

Statistics on the Terrapin attack: Facts and figures

The Terrapin attack is a serious cybersecurity threat that affects SSH connections. We have collected some statistics from various sources to show you the scale and impact of this attack. Here are some key facts and figures:

The Shadowserver Foundation reports that nearly 11 million SSH servers exposed on the internet are vulnerable to the Terrapin attack. This is about 52% of all IPv4 and IPv6 addresses scanned by their monitoring system.
The most affected countries are the United States (3.3 million), China (1.3 million), Germany (1 million), Russia (704,000), Singapore (392,000), Japan (383,000), and France (379,000).
The Terrapin attack affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, Dropbear, libssh, and more. You can see the complete list of known affected implementations here).
You can prevent the Terrapin attack by updating your SSH software to the latest version, using secure encryption modes, and enabling strict key exchange. You can also use the Terrapin vulnerability scanner, available on GitHub, to check your SSH client or server for vulnerability.
A team of researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany discovered and disclosed the Terrapin attack. They published a detailed paper and a website with the technical details and the implications of the attack. Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It lets hackers break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to do the following:

Update your SSH software to the latest version
Use two-factor authentication
Store your SSH keys securely
Use PassCypher HSM PGP and EviKey NFC HSM

Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It allows hackers to break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to update your SSH software, use two-factor authentication, store your SSH keys securely, and use PassCypher HSM PGP and EviKey NFC HSM. If you found this article useful, please feel free to share it with your contacts or leave us a comment.

2023, Articles, Cyberculture, EviCypher NFC HSM, News, Technologies

Telegram and the Information War in Ukraine

Posted on January 5, 2024March 25, 2024 by FMTAD

05
Jan

Telegram and the Information War in Ukraine written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

How Telegram Shapes the Information War in Ukraine

In this article, we explore how Telegram and Ukraine’s information warfare are intertwined. We look at how the messaging app is influencing the Russia-Ukraine conflict, and how it can be used for good or evil. We also discuss the benefits and risks of using Telegram, as well as how security and freedom of expression can be enhanced with EviCypher NFC HSM technology.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

How Telegram Influences the Conflict between Russia and Ukraine

Telegram and the information war in Ukraine are closely related. Telegram is a messaging app that offers users a secure and confidential way to communicate, thanks to its end-to-end encryption system. It has a large user base around the world, especially in Eastern Europe, where it plays a vital role in the information war between Russia and Ukraine.

Telegram’s Usage in Ukraine: Updated Statistics

Popularity and Download Trends

According to the report of the research company SimilarWeb, Telegram is the second most downloaded messaging app in Ukraine, after Viber, with 3.8 million downloads in 2021. It is also the fourth most used app in terms of time spent, with an average of 16 minutes per day. Telegram has about 10 million active users in Ukraine, which is almost a quarter of the country’s population.

Telegram’s Role in Ukrainian Media Landscape

Telegram is particularly appreciated by Ukrainians for its channel functionality, which allows to broadcast messages to a large audience. Some of these channels have become influential but controversial sources of information, as their owners and sources are often unknown. Among the most popular channels in Ukraine, we can mention:

@Zelenskyi, the official channel of President Volodymyr Zelensky, which has more than 2 million subscribers. It publishes announcements, speeches, interviews and videos of the head of state. It was created in 2019, during Zelensky’s election campaign, who was then an actor and a comedian.
@NashyGroshi, the channel of the journalistic project “Our Money”, which has more than 1.5 million subscribers. It publishes investigations, reports and analyses on corruption, abuse of power, political scandals and judicial cases in Ukraine. It was created in 2008, by journalist Denys Bihus, who received several awards for his work.
@Resident, the channel of blogger and activist Anatoliy Shariy, which has more than 1.3 million subscribers. It publishes comments, criticisms and sarcasms on the political and social news in Ukraine. He is known for his pro-Russian, anti-European and anti-government positions. He is currently in exile in Spain, where he is wanted by the Ukrainian justice for high treason and incitement to hatred.

These channels illustrate the diversity and complexity of the Ukrainian media landscape, which is marked by the conflict with Russia, the democratic transition, the fight against corruption and the polarization of society. They are also a reflection of the issues and challenges related to the use of Telegram, which can be both a tool of communication, information and manipulation.

Oleksiy Danilov’s Stance on Telegram’s Usage in Ukraine

Concerns Over National Security

Oleksiy Danilov is the secretary of the National Security and Defense Council of Ukraine, the body responsible for coordinating and controlling the activities of the executive bodies in the fields of national security and defense. He is also the head of cybersecurity of the country, and in this capacity, he expressed his reservations about the use of Telegram by Ukrainians. In February 2022, he stated that some anonymous and manipulative Telegram channels represented a threat to national security, and that they should be de-anonymized and regulated. He particularly targeted the channel @Resident, which broadcasts pro-Russian and anti-Ukrainian comments, and which is suspected of being linked to the Russian intelligence services. He also criticized the channel @Zelenskyi, which according to him, is not controlled by the Ukrainian president, but by advisers who seek to influence his policy.

Debating Telegram’s Influence in Ukraine

These statements provoked mixed reactions in Ukraine. Some supported Danilov’s position, believing that it was necessary to fight against misinformation and propaganda that undermine the sovereignty and democracy of the country. Others denounced an attempt at censorship and an attack on freedom of expression, recalling that Telegram was one of the few spaces where Ukrainians could access independent and diverse information.

How Telegram Influences the Information War in Ukraine

The Benefits and Risks of End-to-End Encryption

Telegram is a messaging app that lets you send messages, photos, videos, documents, and make voice and video calls. Its privacy policy is based on data encryption and non-cooperation with authorities. You can also create groups and channels that can reach thousands or millions of users.

End-to-end encryption is a technology that makes sure only the people in a conversation can read the messages, not even the service provider. Telegram has this option, but it is not on by default. You have to choose it for each chat, by switching to the “secret chat” mode. However, Telegram’s encryption is not based on standard protocols, and security experts have found some flaws.

Anonymous Channels and Their Impact on the Ukrainian Conflict

The channels are spaces where an administrator can send messages to a large audience. They can be public or private, and they can have millions of followers. Some channels are influential but controversial sources of information, as their owners and sources are often unknown. The channels can spread misinformation, propaganda, fake news, or violence.

Telegram and Russian propaganda have a strong connection, as many pro-Russian channels use the app to influence the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to communicate and organize their actions against the Russian aggression.

Bots, Payment Services and Unique Usernames: A Double-Edged Sword

Bots are programs that interact with users. They offer services, information, or entertainment. Anyone can create them. They can be part of chats or channels. Bots can be helpful or harmful. They can collect personal data, send spam, or spread viruses.

Payment Services: Handy or Dishonest?

You can also use payment services via Telegram. These features use third-party platforms, such as Stripe or Apple Pay. They need bank or credit card information. Payment services can be handy or dishonest. They can steal sensitive data, scam users, or fund illegal activities.

Unique Usernames: Fun or Troublesome?

Another feature of Telegram is the unique usernames. They let users contact each other easily, without sharing their phone number. Users can create and change them at any time. Unique usernames can be fun or troublesome. They can enable harassment, identity theft, or account sale.

These features of Telegram raise issues of cybersecurity, privacy, end-to-end encryption, and application security. They can be used by bad actors, who want to harm Ukraine or its people. They can also be regulated by the authorities, who want to control the information or access the data of the users.

Telegram and the Information War in Ukraine: A Challenge

One of the main challenges of Telegram and the information war in Ukraine is to balance the freedom of expression and the protection of national security. Telegram and the Ukrainian conflict are closely intertwined. The app is used by both sides to communicate, inform, and influence. Telegram and Russian propaganda have a strong connection. Many pro-Russian channels use the app to sway the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to coordinate and organize their actions against the Russian aggression. Telegram and cybersecurity in Ukraine are also crucial. The app can be a source of threats or a tool of defense.

Telegram VS Other Messaging Apps: A Comparative Analysis

WhatsApp: Popular but Questionable Confidentiality

WhatsApp is the most popular messaging app in the world, with more than 2 billion users. It offers end-to-end encryption by default for all conversations, which guarantees the protection of data. However, it belongs to Facebook, which has a dubious reputation in terms of respect for privacy, and which has raised fears about the sharing of data with other applications of the group. WhatsApp is also subject to the requests of the authorities, who can demand access to the metadata, such as the phone number, the IP address or the location of the users.

Signal: High Security but Limited User Base

Signal is a messaging app that claims to be the most secure and confidential on the market. It also offers end-to-end encryption by default for all conversations, and it does not collect any personal data. It is developed by a non-profit organization, which does not depend on advertising or investors. It is recommended by personalities such as Edward Snowden or Elon Musk. Signal is however less popular than WhatsApp or Telegram, with about 50 million users. It also offers fewer features, such as file sharing, information channels, bots or payment services.

Telegram: Innovative but Security Concerns

Telegram is between these two apps, offering more features than Signal, but less security than WhatsApp. Telegram allows users to choose the level of encryption and privacy they want, by opting for the “secret chat” mode or the “normal chat” mode. Telegram also allows users to enjoy innovative services, such as channels, bots, payments or unique usernames. However, Telegram also presents risks, such as fakes news, inappropriate content, privacy breaches or cyberattacks. Telegram is therefore an app that offers advantages and disadvantages, and that requires vigilance and discernment from users.

Telegram’s Global Perception and Regulation

Russia: Origin and Opposition

Russia is the country of origin of Telegram, but also its main adversary. The Kremlin tried to block the app in 2018, invoking reasons of national security and fight against terrorism. It demanded that Telegram provide it with the encryption keys to access the messages of the users, which Pavel Durov refused. It then ordered the telecom operators to block access to Telegram, but this measure proved ineffective, as Telegram used cloud servers to bypass the blocking. Many Russian users also use VPNs or proxies to access the app. In 2020, the Kremlin finally lifted the ban on Telegram, acknowledging its failure and stating that the app had cooperated with the authorities to remove extremist content. However, some observers suspect that Telegram made concessions to the Kremlin to lift the blocking, such as collaborating with the Russian services or censoring some channels.

France: Striving for Digital Regulation

France is a country that wants to be at the forefront of the regulation of digital platforms, especially in terms of fighting online hate. It adopted in 2020 a law that obliges the platforms to remove illegal content, such as incitement to violence, discrimination or terrorism, within 24 hours, under penalty of financial sanctions. This law also applies to messaging apps, such as Telegram, which must set up reporting and moderation mechanisms for content. France recognizes the right of users to privacy and end-to-end encryption, but it also asks the service providers to cooperate with the law enforcement to access the encrypted data when needed. France is also a country where Telegram is used by radical groups, such as jihadists or yellow vests, who take advantage of the app to organize, mobilize or defend themselves.

Ukraine: Balancing Utility and Risks

Ukraine is a country that has an ambivalent attitude towards Telegram, recognizing its usefulness, but also its dangers. On the one hand, Telegram is a source of information and a tool of resistance for many Ukrainians, who face the threat of Russian aggression and the challenges of democratic transition. On the other hand, Telegram is also a vector of misinformation and propaganda, which can undermine the sovereignty and stability of the country. Ukraine does not have a specific law to regulate Telegram, but it has some legal provisions to protect national security and public order, which can be used to restrict or block the app if necessary. Ukraine also cooperates with international organizations, such as the EU or NATO, to counter the cyber threats and the hybrid warfare that target the country.

EviCypher NFC HSM: Enhancing Telegram’s Security

The Role of Contactless Encryption Technology

One of the main challenges of using Telegram is to ensure the security and confidentiality of the data exchanged, especially in a context of information war. To meet this challenge, a possible solution consists of using EviCypher NFC HSM technology, which is a contactless encryption technology developed by Freemindtronic, an Andorran company specializing in the design of counter-espionage solutions implementing in particular contactless security with NFC technology. EviCypher NFC HSM uses two types of encryption algorithms for data:

Symmetric encryption in AES-256 for data such as texts (messages), thanks to its sub-technology EviCrypt. It uses a unique key, which is randomly generated and segmented into several parts. This key is used to encrypt and decrypt messages with the AES 256-bit algorithm.
Asymmetric encryption in RSA-4096 for symmetric encryption keys. It uses a pair of keys, which is generated and used from the NFC HSM device and which is based on the RSA 4096-bit algorithm. This pair of keys is used to share the symmetric key of at least 256 bits between the NFC HSM devices remotely, by encrypting the symmetric key with the public key of the recipient and decrypting the symmetric key with the private key of the recipient. The symmetric key is then stored and re-encrypted in the NFC HSM device of the recipient, with the trust criteria imposed by the sender if he has encapsulated them in the shared encryption key.

Practical Applications of EviCypher NFC HSM

EviCypher NFC HSM is a technology that uses hardware security modules (HSM) to store and use encrypted secrets. It allows contactless encryption with the NFC communication protocol. You can integrate the NFC HSM into various media, such as a card, a sticker, or a key ring. Then, you can pair it with an NFC phone, tablet, or computer. This way, you can encrypt everything before using any messaging service, including Telegram. EviCypher NFC HSM also has anti-cloning, anti-replay, and counterfeit detection mechanisms. It is part of the DataShielder product range, which offers serverless and databaseless encryption solutions.

Telegram and the Ukrainian conflict

EviCypher NFC HSM is compatible with Telegram, a messaging app that influences the information war between Russia and Ukraine. It offers more security and confidentiality than Telegram’s end-to-end encryption, which is not based on recognized standards. It also gives you more flexibility and control than Telegram’s secret chat mode, as you can choose the trust criteria for the encryption keys. Moreover, it is more convenient and simple than Telegram’s normal chat mode, as you can encrypt and decrypt messages with a simple gesture.

Telegram and cybersecurity in Ukraine

EviCypher NFC HSM is a useful technology with Telegram, as it enhances the security and confidentiality of the data exchanged, especially in a context of information war. It is also a universal technology, as you can use it with any other messaging app, such as WhatsApp, Signal, Messenger, etc. It is also an innovative technology, as it uses the NFC communication protocol to perform contactless encryption, without requiring any connection or installation.

Concluding Insights on Telegram’s Role in Ukraine

In this article, we have seen how Telegram plays a vital role in the information war between Russia and Ukraine, and what issues and challenges there are in using this messaging app. We have also seen how the technology EviCypher NFC HSM can be a useful solution to enhance the security and confidentiality of the data exchanged with Telegram. We hope that this article has been informative and interesting for you, and that it has helped you to better understand the situation of Telegram in Ukraine and in other countries. Thank you for reading.

Overview of Cited Sources

Here are the sources of the article, which are valid, reliable, relevant and if possible official links that allow to justify and verify the statements made in this article:

[Liga.net]: the news site that published the interview of Oleksiy Danilov on November 2, 2023, in which he expresses his concerns about Telegram.
[NV.ua]: the news site that reported the statement of Oleksiy Danilov, who alerted the nation to the critical vulnerabilities of Telegram, on November 2, 2023.
[RT – Pravda]: the Ukrainian news site that related the remarks of Oleksiy Danilov, who answered the questions of journalists during a press conference on November 3, 2023.
[Number of Telegram Users in 2023? 55 Telegram Stats (backlinko.com)]: an article that gives figures on the use of Telegram in the world and in Ukraine.
[NV.ua -NSDC]: the official website of the National Security and Defense Council of Ukraine, which published the press release of Oleksiy Danilov, who clarified his recent comments on Telegram, on November 15, 2023
[Ukrainians turn to encrypted messengers, offline maps and Twitter amid Russian invasion]: an article that describes how Ukrainians use Telegram and other digital tools to protect themselves and get informed in the face of the Russian aggression.
[Pravda – France 24]: the French news site that contains a video of the interview of Oleksiy Danilov with the journalist Gulliver Cragg, dated January 23, 2023.
[NFC HSM Technology – Freemindtronic]: an article that explains the NFC HSM technologies and how they work.
[EviCypher NFC HSM technology – Freemindtronic]: a page that contains articles and videos on the NFC HSM technologies.
[FAQ for the Technically Inclined – Telegram APIs]: a page that provides technical information about the Telegram APIs and the MTProto protocol.

Articles, DataShielder, News

DataShielder Defense NFC HSM: Protect Your Sovereign Communications

Posted on November 24, 2023November 24, 2023 by FMTAD

24
Nov

DataShielder Defense NFC HSM – Jacques Gascuel: This article will be updated with any new information on the topic.

Why You Need DataShielder Defense NFC HSM

DataShielder Defense NFC HSM, a patented solution, ensures maximum confidentiality and anonymization of communications from sovereign entities. Using NFC technology, this HSM manages up to 200 secrets offline, contactless and shareable via any communication method, including email and SMS. A GreenTech innovation, it is interoperable, backward compatible and versatile, designed to immediately respond to various specific needs and customizable for enhanced secret security.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

DataShielder Defense NFC HSM: How to Protect Your Sovereign Communications with a Revolutionary Solution

The protection of sovereign entities and the enhancement of existing defense and intelligence systems are crucial challenges in today’s world. Sovereign communications, such as those between heads of state, diplomats, military personnel, or secret agents, are constantly exposed to threats of interception, hacking, or manipulation. These threats can compromise the security, integrity, and confidentiality of sensitive information, and have serious consequences for national and international security.

To address these challenges, a revolutionary solution has been developed by Freemindtronic, a andorran company specialized in data security and encryption. This solution is called DataShielder Defense NFC HSM, and it is the ultimate solution for protecting all forms of communications of sovereign entities. This innovative and cutting-edge solution, protected by two patents, guarantees an unparalleled level of confidentiality and trust among humans, without compromise. With DataShielder, your secrets and sensitive data remain inaccessible and indecipherable, even in case of compromise of the equipment and information and communication systems.

In this article, we will explain how DataShielder Defense NFC HSM works, what are its features and benefits, and how it can be customized to suit your specific needs. We will also show how this solution could have influenced several major events in the history of communication security, and how it has received international recognition and awards for its excellence.

How DataShielder Defense NFC HSM Works

DataShielder Defense NFC HSM is a device that uses Near Field Communication (NFC) technology to create, store, and use up to 100 different secrets in a single device. A secret can be anything that you want to protect, such as an encryption key, a password, a PIN code, a cryptocurrency key, a bank account information, or a message. DataShielder allows you to share your encrypted secrets via all the means of communication available in the world, such as postal mail, webcam, email, SMS, MMS, RCS, messaging, or directly between two NFC HSM devices.

To use DataShielder, you need an Android NFC phone or tablet, and the DataShielder app, which is available for free on the Google Play Store. You also need a DataShielder Defense NFC HSM device, which is a small and discreet card that can be customized to fit different formats and accessories. The device does not require any battery or external power source, as it uses the energy of the NFC signal of the phone to operate on demand.

To create a secret, you simply need to tap your phone on the device, and choose the type of secret you want to create. You can either generate a random secret, or import an existing one. You can also add specific trust criteria for each secret, such as BSSID, geographical area, password, fingerprint, QR code or barcode scan, and phone UID. The absence of any of these criteria makes the access to the secret impossible, ensuring maximum and personalized security.

To use a secret, you simply need to tap your phone on the device, and choose the secret you want to use. You can either use it directly on your phone, or send it to another device or person. You can also use the secret to unlock secure USB or SSD keys, to log in to your favorite websites, to make secure voice calls and SMS, to manage your banking information, to generate and use cryptocurrency wallets, and more.

To share a secret, you simply need to tap your phone on the device, and choose the secret you want to share. You can either share it directly with another NFC HSM device, or encrypt it with the RSA-4096 public key of the recipient, and send it via any means of communication. The recipient will need to decrypt the secret with their NFC HSM device, using the EviSCP HSM (ZKP) protocol, which is a patented technology that ensures a secure and confidential exchange of secrets.

Differentiating Benefits of DataShielder Defense NFC HSM

DataShielder Defense NFC HSM offers a complete and adaptable solution to your needs, thanks to the set of advanced and efficient features that it incorporates. These features are based on different technologies, each with a specific name and function. Here is a summary of the main features and benefits of DataShielder:

Feature	Technology	Function	Benefit
Random generation of symmetric and asymmetric encryption keys	EviCypher NFC HSM	Encrypt all types of data (texts, images, videos) in post-quantum AES-256. Use the RSA-4096 public key to exchange encrypted secrets between distant NFC devices.	Protect your data and secrets from unauthorized access and decryption, even in case of quantum computing attacks.
Random generation of identifiers and passwords	EviPass NFC HSM	Generate automatically complex and complicated passwords up to 48 characters based on the 95 ASCII characters, or on bases 16, 58, 64 or 85. Import and store manually login identifiers, PIN codes, PUK, lock codes, TPM2.0 passwords, BitLocker… Log in automatically to your favorite websites.	Secure your online accounts and devices with strong and unique passwords. Save time and avoid typing errors with automatic login.
Create a segmented key	EviAuth NFC HSM	Divide your secret into two segments and store them on two different NFC HSM devices. Require the presence of two people to reconstitute the secret.	Increase the security and confidentiality of your secret by adding a human factor. Prevent the access to the secret by a single person or device.
Management of secret OTP keys	EviOTP NFC HSM	Store securely the secret OTP keys whose one-time passwords based on time (TOTP) or HMAC (HOTP) to generate a secondary authentication factor (2FA).	Enhance the security of your online accounts and services with a second factor of authentication. Avoid the risk of losing or compromising your OTP keys.
Secure voice calls and SMS	EviCall NFC HSM	Store your phone contacts and make a voice call from the NFC HSM without leaving any trace in the phone history.	Communicate securely and discreetly with your contacts. Avoid the interception and recording of your voice calls and SMS.
Secure management of banking information	EviPay NFC HSM	Store, manage and use securely the information related to credit cards and bank accounts.	Protect your financial information and transactions from fraud and theft. Access and use your banking information easily and securely.
Unlocking of secure USB or SSD keys without contact	EviKey NFC HSM	Manage the administrator, user and temporary user PIN codes to unlock the secure USB/SSD keys without contact.	Secure your external and internal storage with a contactless unlocking system. Manage the access rights and permissions of the USB/SSD keys.
Generation of cryptocurrency wallets	EviSeed NFC HSM	Automatically and directly create from a blockchain the secret BIP39 key, its derived key, its public key and the public address. The balance verification is done directly on the blockchain.	Create and use cryptocurrency wallets securely and conveniently. Store your cryptocurrency keys in an inviolable and encrypted manner. Verify your balance directly on the blockchain.
Automatic import of private keys	EviVault NFC HSM	Import derived private keys by scanning their QR codes from five blockchain platforms including Bitcoin, Ethereum, Polygon, Binance Smart Chain and IOTA. Create and save also the BIP39 PassPhrases.	Import and use private keys from different blockchain platforms easily and securely. Scan the QR codes and store the keys in an encrypted manner. Create and save also the BIP39 PassPhrases.
Management of authentication cards	EviCore NFC HSM	Scan and store the barcode or QR code of any type of card that uses this type of identification (access cards, loyalty cards sometimes linked to a payment system).	Store and use authentication cards securely and conveniently. Scan the barcode or QR code and store it in an encrypted manner.
NFC HSM pairing key manager	EviCore NFC HSM	Manage the NFC HSM fleet within a sovereign entity.	Manage and control the NFC HSM devices within your organization. Assign and revoke pairing keys for the devices.
Data encryption	EviCrypt NFC HSM	Encrypt your texts and files upstream before sending them to your recipients using your usual messaging services.	Encrypt your data before sending it via any means of communication. Ensure that only the intended recipients can decrypt and access your data.
Use on all computer systems	EviCore NFC HSM Browser Extension	Use your NFC HSM with the free Freemindtronic browser extension based on Chromium and Firefox. Find the DataShielder NFC HSM functions on all your computers.	Use your NFC HSM on any computer system.
Use of a virtual USB Bluetooth keyboard	EviKeyboard BLE	Use a virtual keyboard for secure and discreet input. Extend the use of secrets in HID mode on various computer systems, TPM2.0, BitLocker, Windows, Linux, Apple, proprietary software and web browsers.	Don’t touch the keyboard. Enter a free line of code up to 52 characters. Entering BIOS passwords. Easy to use

Stealth Customization Options

The manufacturer Freemindtronic offers a customization service specially designed for sovereign entities, combining discretion and functionality.

Discreet Formats: Modified standard PVC and PCB cards for effective camouflage.

Stealth Accessories: Labels, key rings, promotional pens, and cufflinks subtly integrating NFC HSM devices.

USB Dummy Keys: Mini USB keys functioning as secret containers for the NFC HSM devices.

NFC On/Off Card: PCB cards with switchable NFC antenna for increased stealth.

These options guarantee invisible security, ideal for special operations and covert missions.

Complementary Accessories

Secure NFC EviKey USB and SSD Keys: These devices offer secure external and internal storage, perfectly integrated with DataShielder NFC HSM for enhanced data protection.
Bluetooth Virtual Keyboard EviKeyboard BLE: An innovative keyboard for secure and discreet input, complementing the DataShielder NFC HSM by an additional layer of security in data entry.

International Distinctions and Awards

The EviCypher NFC HSM technology, essential to DataShielder, has received worldwide recognition, marked by several important awards.

Gold Medal 2021 of the Geneva Inventions: EviCypher Technology awarded among hundreds of international inventions.
Three Global InfoSec Awards 2021: Awarded for being the best data security solution by Cyber Defense Magazine “Next-Gen in Crypto Security”, “Most Innovative Hardware Password Manager”, “Next-Gen in Secrets Management”.
Two E&T Innovation Awards 2021: Distinguished for the best communication and IT solution, as well as for the best cybersecurity solution.
Two nominations for the National Cyber Awards 2021 of the United Kingdom: Finalist in two categories “The Innovation in Cyber Award 2021” and “The Cyber Defense Product of the Year 2021”.
Gold Globee Award 2022: Cyber Computer NFC winner of a Cyber Security Global Excellence Awards®.
Fortress Award 2023: Awarded for its excellence in encryption and privacy protection.

Conclusion

DataShielder Defense NFC HSM is a revolutionary solution for protecting your sovereign communications. It offers a high level of security, confidentiality, and trust, without compromise. It is compatible with all types of data and communication means, and can be customized to suit your specific needs. It is also environmentally friendly, durable, and interoperable. It has received international recognition and awards for its excellence and innovation. If you are looking for a solution that can protect your secrets and sensitive data from any threat, DataShielder Defense NFC HSM is the solution for you. Contact Freemindtronic today and get your DataShielder Defense NFC HSM device. You will not regret it.

Articles, EviCore NFC HSM Technology, legal, News, Training

Dual-Use Encryption Products: a regulated trade for security and human rights

Posted on November 17, 2023March 15, 2024 by FMTAD

17
Nov

Dual-use encryption products by Jacques Gascuel: This article will be updated with any new information on the topic.

Dual-use encryption products: a challenge for security and human rights

Encryption is a technique that protects data and communications. Encryption products are dual-use goods, which can have civilian and military uses. The export of these products is controlled by the EU and the international community, to prevent their misuse or diversion. This article explains the EU regime for the export of dual-use encryption products, and how it has been updated.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

2023 Articles CyberStealth legal Legal information News Spying

The American Intelligence: How It Works

December 26, 2023

The international regulations on dual-use encryption products

The main international regulations that apply to dual-use encryption products are the Wassenaar Arrangement and the EU regime for the control of exports of dual-use goods.

The Wassenaar Arrangement

The Wassenaar Arrangement is a multilateral export control regime that aims to contribute to regional and international security and stability. It promotes transparency and responsibility in the transfers of conventional arms and dual-use goods and technologies. It was established in 1996 and currently has 42 participating states, including the United States, Canada, Japan, Australia, Russia, China and most of the EU member states.

The Wassenaar Arrangement maintains a list of dual-use goods and technologies that are subject to export control by the participating states. The list is divided into 10 categories, with subcategories and items. Category 5, part 2, covers information security, including encryption products. The list of encryption products includes, among others, the following items:

Cryptographic systems, equipment, components and software, using symmetric or asymmetric algorithms, with a key length exceeding 56 bits for symmetric algorithms or 512 bits for asymmetric algorithms, or specially designed for military or intelligence use.
Cryptanalytic systems, equipment, components and software, capable of recovering the plain text from the encrypted text, or of finding cryptographic keys or algorithms.
Cryptographic development systems, equipment, components and software, capable of generating, testing, modifying or evaluating cryptographic algorithms, keys or systems.
Non-cryptographic information security systems, equipment, components and software, using techniques such as steganography, watermarking, tamper resistance or authentication.
Technology for the development, production or use of the above items.

The participating states of the Wassenaar Arrangement are required to implement national export controls on the items listed in the arrangement, and to report annually their exports and denials of such items. However, the arrangement does not impose binding obligations on the participating states, and each state is free to decide whether to grant or refuse an export license, based on its own policies and national interests.

The EU regime for the control of exports of dual-use goods

The common legal framework of the EU for dual-use goods

The EU regime for the control of exports of dual-use goods is a common legal framework. It applies to all EU member states, and it has two main goals. First, it aims to ensure a consistent and effective implementation of the international obligations of export control. Second, it aims to protect the security and human rights of the EU and its partners. The regime is based on the Regulation (EU) 2021/821, which was adopted in May 2021 and entered into force in September 2021. This regulation replaces the previous Regulation (EC) No 428/2009.

The Regulation (EU) 2021/821: the principles and criteria of export control

The Regulation (EU) 2021/821 establishes a Union list of dual-use goods. These are goods that can have both civilian and military uses, such as software, equipment and technology. These goods are subject to an export authorization, which means that exporters need to obtain a permission from the competent authorities before exporting them. The Regulation also sets out a set of general principles and criteria for granting or refusing such authorization. The Union list of dual-use goods is based on the international export control regimes, including the Wassenaar Arrangement. It covers the same categories and items as the latter. However, the EU list also includes some additional items that are not covered by the international regimes. These are cyber-surveillance items that can be used for internal repression or human rights violations.

The Union list of dual-use goods: the categories and items subject to an export authorization

The Union list of dual-use goods consists of ten categories, which are:

Category 0: Nuclear materials, facilities and equipment
Category 1: Materials, chemicals, micro-organisms and toxins
Category 2: Materials processing
Category 3: Electronics
Category 4: Computers
Category 5: Telecommunications and information security
Category 6: Sensors and lasers
Category 7: Navigation and avionics
Category 8: Marine
Category 9: Aerospace and propulsion

Each category contains a number of items, which are identified by a code and a description. For example, the item 5A002 is “Information security systems, equipment and components”. The items are further divided into sub-items, which are identified by a letter and a number. For example, the sub-item 5A002.a.1 is “Cryptographic activation equipment or software designed or modified to activate cryptographic capability”.

The novelties of the Regulation (EU) 2021/821: the due diligence obligation, the catch-all clause, the human security approach and the transparency and information exchange mechanism

The Regulation (EU) 2021/821 also provides for different types of export authorizations. These are individual, global, general or ad hoc authorizations, depending on the nature, destination and end-use of the items. Moreover, the Regulation introduces some novelties, such as:

A due diligence obligation for exporters. This means that exporters have to verify the end-use and the end-user of the items, and to report any suspicious or irregular transaction.
A catch-all clause. This allows the competent authorities to impose an export authorization on items that are not listed, but that can be used for weapons of mass destruction, a military end-use, human rights violations or terrorism.
A human security approach. This requires the competent authorities to take into account the potential impact of the items on human rights, international humanitarian law, regional stability and sustainable development, especially for cyber-surveillance items.
A transparency and information exchange mechanism. This requires the competent authorities to share information on the authorizations, denials and consultations of export, and to publish annual reports on their export control activities.

The dual-use encryption products: sensitive goods for security and human rights

The dual-use encryption products are a specific type of dual-use goods that fall under the category 5 of the Union list. These are products that use cryptographic techniques to protect the confidentiality, integrity and authenticity of data and communications. These products can have both civilian and military uses, and they raise important issues for security and human rights.

The dual-use encryption products: a definition and examples

The dual-use encryption products are defined by the Regulation (EU) 2021/821 as “information security systems, equipment and components, and ‘software’ and ‘technology’ therefor, which use ‘cryptography’ or cryptanalytic functions”. The Regulation also provides a list of examples of such products, such as:

Cryptographic activation equipment or software
Cryptographic equipment for mobile cellular systems
Cryptographic equipment for radio communication systems
Cryptographic equipment for computer and network security
Cryptanalytic equipment and software
Quantum cryptography equipment and software

The dual-use encryption products: security issues

The dual-use encryption products can have a significant impact on the security of the EU and its partners. On the one hand, these products can enhance the security of the EU and its allies, by protecting their sensitive data and communications from unauthorized access, interception or manipulation. On the other hand, these products can also pose a threat to the security of the EU and its adversaries, by enabling the encryption of malicious or illegal activities, such as terrorism, espionage or cyberattacks. Therefore, the export of these products needs to be carefully controlled, to prevent their misuse or diversion to undesirable end-users or end-uses.

The dual-use encryption products: human rights issues

The dual-use encryption products can also have a significant impact on the human rights of the EU and its partners. On the one hand, these products can protect the human rights of the EU and its citizens, by safeguarding their privacy and freedom of expression on the internet. On the other hand, these products can also violate the human rights of the EU and its partners, by enabling the repression or surveillance of dissidents, activists or journalists by authoritarian regimes or non-state actors. Therefore, the export of these products needs to take into account the potential consequences of the items on human rights, international humanitarian law, regional stability and sustainable development, especially for cyber-surveillance items.

The modification of the Union list of dual-use goods by the Delegated Regulation (EU) 2022/1

The Union list of dual-use goods is not static, but dynamic. It is regularly updated to reflect the changes in the technological development and the international security environment. The latest update of the list was made by the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the Regulation (EU) 2021/821.

The changes made by the international export control regimes in 2020 and 2021

The Delegated Regulation (EU) 2022/1 reflects the changes made by the international export control regimes in 2020 and 2021. These are the Wassenaar Arrangement, the Nuclear Suppliers Group, the Australia Group and the Missile Technology Control Regime. These regimes are voluntary and informal arrangements of states that coordinate their national export control policies on dual-use goods. The EU is a member of these regimes, and it aligns its Union list of dual-use goods with their lists of controlled items. The changes made by these regimes include the addition, deletion or modification of some items, as well as the clarification or simplification of some definitions or technical parameters.

The new items added to the Union list of dual-use goods: the quantum technologies, the drones and the facial recognition systems or biometric identification systems

The Delegated Regulation (EU) 2022/1 also adds some new items to the Union list of dual-use goods. These are items that are not covered by the international export control regimes, but that are considered to be sensitive for the security and human rights of the EU and its partners. These items include:

Certain types of software and technology for the development, production or use of quantum computers or quantum cryptography. These are devices or techniques that use the principles of quantum physics to perform computations or communications that are faster or more secure than conventional methods.
Certain types of equipment, software and technology for the development, production or use of unmanned aerial vehicles (UAVs) or drones. These are aircraft or systems that can fly without a human pilot on board, and that can be used for various purposes, such as surveillance, reconnaissance, delivery or attack.
Certain types of equipment, software and technology for the development, production or use of facial recognition systems or biometric identification systems. These are systems or techniques that can identify or verify the identity of a person based on their facial features or other biological characteristics, such as fingerprints, iris or voice.

The entry into force and application of the Delegated Regulation (EU) 2022/1

The Delegated Regulation (EU) 2022/1 entered into force on 7 January 2022. It applies to all exports of dual-use goods from the EU from that date. The exporters of dual-use goods need to be aware of the changes and updates to the Union list of dual-use goods, and to comply with the export control rules and procedures established by the Regulation (EU) 2021/821. The competent authorities of the member states need to implement and enforce the new Union list of dual-use goods, and to cooperate and coordinate with each other and with the Commission. The Commission needs to monitor and evaluate the impact and effectiveness of the new Union list of dual-use goods, and to report to the European Parliament and the Council.

The national regulations on dual-use encryption products

How some countries have their own rules on dual-use encryption products

The case of the United States

Some countries have their own national regulations on dual-use encryption products, which may differ or complement the existing regimes. For example, the United States has a complex and strict export control system, based on the Export Administration Regulations (EAR). The EAR classify encryption products under category 5, part 2, of the Commerce Control List (CCL). The EAR require an export license for most encryption products, except for some exceptions, such as mass market products, publicly available products, or products intended for certain countries or end-users. The EAR also require that exporters submit annual self-classification reports, semi-annual sales reports, and encryption review requests for certain products.

The case of Andorra

Andorra is a small country between France and Spain. It is not an EU member, but it has a customs union with it. However, this customs union does not cover all products. It only covers those belonging to chapters 25 to 97 of the Harmonized System (HS), which are mainly industrial products. Agricultural products and products belonging to chapters 1 to 24 of the HS are free of import duties in the EU. But they are subject to the most-favored-nation (MFN) treatment in Andorra.

Andorra has adopted the EU list of dual-use goods. It requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. This regulation came into force on 9 September 2021 and replaced the previous Regulation (EC) No 428/2009. Andorra has also adopted the necessary customs provisions for the proper functioning of the customs union with the EU. These provisions are based on the Community Customs Code and its implementing provisions, by the Decision No 1/2003 of the Customs Cooperation Committee.

Andorra applies the EU regulation, as it is part of the internal market. Moreover, Andorra has adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods. This modification reflects the changes made by the international export control regimes in 2020 and 2021. It also adds some new items, such as software and technologies for quantum computing, drones or facial recognition. The Delegated Regulation (EU) 2022/1 came into force on 7 January 2022, and applies to all exports of dual-use goods from the EU from that date.

Andorra entered the security and defense sector for the first time by participating in Eurosatory 2022. This is the international reference exhibition for land and airland defense and security. Andorra became the 96th country with a security and defense industry on its territory. Among the exhibitors, an Andorran company, Freemindtronic, specialized in counter-espionage solutions, presented innovative products. For example, DataShielder Defense NFC HSM, a device to protect sensitive data against physical and logical attacks. It uses technologies such as EviCypher NFC HSM and EviCore NFC HSM, contactless hardware security modules (NFC HSM). The president of Coges events, a subsidiary of GICAT, identified these products as dual-use and military products. They need an export or transfer authorization, according to the Regulation (EU) 2021/821. Freemindtronic also showed its other security solutions, such as EviKey NFC HSM, a secure USB key, a security token. These products were displayed in the Discover Village, a space for start-ups and SMEs innovations.

Switzerland

Switzerland is not an EU member, but it has a free trade agreement with it. Switzerland has adopted the Regulation (EU) 2021/821 by the Ordinance of 5 May 2021 on the control of dual-use goods. Switzerland applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. Switzerland has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

Turkey

Turkey is not an EU member, but it has a customs union with it. Turkey has adopted the Regulation (EU) 2021/821 by the Presidential Decree No 3990 of 9 September 2021 on the control of exports of dual-use goods. Turkey applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. Turkey has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

United Kingdom

The United Kingdom left the EU on 31 January 2020. It has adopted the Regulation (EU) 2021/821 by the Dual-Use Items (Export Control) Regulations 2021, which came into force on 9 September 2021. The United Kingdom applies the EU list of dual-use goods and requires an export or transfer authorization for these goods, according to the Regulation (EU) 2021/821. The United Kingdom has also adopted the Delegated Regulation (EU) 2022/1 of the Commission of 20 October 2021, which modifies the EU list of dual-use goods.

The challenges and opportunities for the exporters of dual-use encryption products

The exporters of dual-use encryption products face several challenges and opportunities in the current context of export control regulations. Among the challenges, we can mention:

The complexity and diversity of the regulations, which may vary depending on the countries, the products, the destinations and the end-uses, and which require a deep knowledge and a constant monitoring from the exporters.
The costs and delays related to the administrative procedures, which can be high and unpredictable, and which can affect the competitiveness and profitability of the exporters, especially for small and medium enterprises (SMEs).
The legal and reputational risks, which can result from an involuntary or intentional violation of the regulations, or from a misuse or diversion of the products by the end-users, and which can lead to sanctions, prosecutions or damages to the image of the exporters.

Among the opportunities, we can mention:

The growing demand and innovation for encryption products, which are increasingly used in many sectors and domains, such as finance, health, education, defense, security, human rights, etc.
The contribution to the security and human rights of the exporters, their customers and the general public, by enabling the protection of data, privacy, freedom of expression, access to information and democratic participation, thanks to encryption products.
The cooperation with the competent authorities, the civil society and the international community, to ensure the compliance and accountability of the exporters, and to support the development and implementation of effective and balanced encryption policies and regulations, that respect the security and human rights of all stakeholders.

Conclusion

Dual-use encryption products can have both civil and military uses. They are subject to export control regulations at different levels: international, regional and national. These regulations aim to prevent the risks that these products can pose for security and human rights. At the same time, they allow the development and trade of these products. Therefore, the exporters of dual-use encryption products must comply with the regulations that apply to their products. They must also assess the impact of their products on security and human rights. The exporters of dual-use encryption products can benefit from the demand and innovation for these products. These products are essential for the digital economy and society. They can also enhance the security and human rights of the exporters, their customers and the public.

Freemindtronic Andorra is a company that specializes in dual-use encryption products. It offers secure and innovative solutions for data, communication and transaction protection. Freemindtronic Andorra respects the export control regulations that apply to its products. It is also committed to promoting and supporting the responsible and lawful use of its products. It follows the principles of security and human rights. Freemindtronic Andorra cooperates with the authorities, the civil society and the international community. It ensures the transparency and accountability of its activities. It also participates in the development and implementation of effective and balanced encryption policies and regulations. It respects the interests and needs of all stakeholders.

Articles, News, Technical News

Brute Force Attacks: What They Are and How to Protect Yourself

Posted on November 1, 2023November 1, 2023 by FMTAD

01
Nov

brute force attacks by Jacques Gascuel: This article will be updated with any new information on the topic.

Everything You Need to Know About Brute-force Attacks

80% of cyberattacks are brute force attacks. This technique tests all combinations to find a system’s password, key, or URL. These attacks threaten the security of your data. How to protect yourself? What tools and practices should be adopted? This article explains.

2024 Digital Security

Dropbox Security Breach 2024: Phishing, Exploited Vulnerabilities

May 17, 2024

2024 Digital Security

Europol Data Breach: A Detailed Analysis

May 16, 2024

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

Brute-force Attacks: A Comprehensive Guide to Understand and Prevent Them

Brute Force: danger and protection 80% of cyberattacks are brute force attacks. This technique tests all combinations to find the password, key, URL or hash of a system. These attacks threaten the security of your data. How to protect yourself? What tools and practices to adopt? This article explains:

Brute force types and methods : they vary according to the hackers’ method, the intrusion level and the application domain.
Brute force on electronic components : physical or electrical techniques are used to target chips or boards.
Brute force on passwords, keys, URLs and hashes : software or network techniques are used to access websites, online accounts, encrypted files, etc.
Brute force on phone systems : code or key techniques are used to hack landlines, mobiles or VoIP services.
Protection from brute force on devices and domains : encryption, authentication, masking, verification or correction techniques can help you strengthen your security.
Resistance evaluation of products or services to brute force : a scoring model based on the attack type and severity can help you assess the risk.

Types and Methods of Brute-force Attacks

There are several types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, and the domain of application.

Hackers’ Method

Hackers can use different methods to perform brute force attacks, depending on the type of data they want to obtain or modify. Here are the most common ones:

Simple brute force attacks: hackers try to guess the password of a user without using software, based on personal information or common passwords. These attacks work against users who have weak and easy-to-guess passwords, such as “password”, “1234567890”, or “qwerty”.
Dictionary attacks: hackers use software that tries passwords from a predefined list of common words, such as those from a dictionary or a database. These attacks are faster than simple ones but less effective against complex and random passwords.
Hybrid brute force attacks: hackers combine the previous two methods by adding variations to the dictionary words, such as numbers, symbols, or capital letters. These attacks are more sophisticated and can crack more robust passwords but they take more time and resources.
Reverse brute force attacks: hackers target the username rather than the password, assuming that the password is easier to guess or obtain by other means. These attacks are useful to access accounts that use the same username on multiple sites or services.
Distributed brute force attacks: hackers use multiple computers or devices connected to the Internet to perform brute force attacks simultaneously on the same target. These attacks are more powerful and harder to detect because they distribute the load and avoid security measures such as attempt limits or IP blocks.
Non-invasive faster than brute force attacks: hackers exploit weaknesses in the design or implementation of a system to reduce the number of combinations to test to find a secret information. For example, they can use a technique called “side-channel cube attack” to break AES encryption in less than 10 minutes with a laptop.
Analogous attacks: hackers use methods similar to brute force attacks but that do not test all possible combinations. For example, they can use a technique called “binary search attack” to guess a PIN code in less than 20 tries by exploiting the system’s response (correct/incorrect).

Level of Intrusion

Brute force attacks can also be classified according to the level of intrusion they involve:

Invasive attacks: hackers access physically the system or device they want to hack, using for example a keyboard, a USB stick, or a cable. These attacks are more dangerous because they can bypass software or network protections but they require proximity with the target and a risk of being caught.
Non-invasive attacks: hackers do not need to access physically the system or device they want to hack; they do it remotely via Internet or wireless network. These attacks are more discreet and easier to perform but they can be blocked by firewalls, antivirus software or secure protocols.

Domain of Application

Hackers’ objectives and motivations determine the domains where they apply brute force attacks. Here are some examples:

The civil domain: Hackers use brute force attacks to access personal or professional accounts such as emails, social networks, online banks or cloud services. They can steal sensitive information, impersonate identities, extort money or harm the reputation of the victims.
The defense domain: Hackers compromise national or international security by targeting military, governmental or diplomatic systems with brute force attacks. They can spy, sabotage, destabilize or provoke conflicts between countries.
The ethical hacking domain: Hackers test the security of systems or devices with brute force attacks by putting themselves in the attackers’ shoes. They can identify and report flaws, improve protections or train users.
The research domain: Hackers advance science and technology by exploring the limits of systems or devices with brute force attacks. They can discover new possibilities, innovate or create new products.

Brute-force Attacks on Electronic Components

Brute force attacks are not limited to passwords or encryption keys. They can also target electronic components that store or process data such as chips or integrated circuit boards. These attacks aim to access encrypted or protected information that is in the hardware using physical or electrical techniques.

Invasive Attacks

Invasive attacks are attacks that require direct access to the hardware and that involve modifying or destroying it. These attacks are often used to reverse engineer or extract data from chips or smart cards. Here are some examples:

Decapsulation: this technique consists of removing the outer layer of protection of a chip to expose the silicon and the internal layers. This can be done mechanically or chemically for example with nitric acid.
Deprocessing: this technique consists of removing progressively the internal layers of a chip to access the transistors and the connections. This can be done with chemicals lasers or focused ion beams (FIB).
Removal of the passivation layer: this technique consists of removing the insulating layer that covers the surface of a chip to allow electrical contact with the bonding wires (the thin connections between the chip and the package).
Reverse engineering: this technique consists of analyzing the structure and the functioning of a chip or an integrated circuit board to extract the source code the algorithms or the vulnerabilities.
Micro-probing: this technique consists of using micro-probes (metal needles) to connect directly to the internal components of a chip or an integrated circuit board and interfere with the signals or extract data.
Instantaneous memory attack: this technique consists of freezing a chip or an integrated circuit board to preserve the data that is in the volatile memory (RAM) after cutting off the power supply. This technique allows bypassing the mechanisms of automatic erasure of sensitive data in case of intrusion attempt.
Securing pairing algorithms against physical attacks: this technique consists of protecting pairing algorithms which are used for identity-based encryption against physical attacks that aim to modify the behavior of the hardware. This technique uses mathematical methods to detect and correct errors induced by physical disturbances.

Non-invasive Attacks

Non-invasive attacks are attacks that do not need direct access to the hardware but that use auxiliary or hidden channels to obtain or modify data on chips or integrated circuit boards. These attacks exploit the physical characteristics of the hardware such as power consumption electromagnetic field acoustic noise or temperature. Here are some examples:

Side-channel attack: this technique consists of measuring a physical parameter related to the functioning of a chip or an integrated circuit board to deduce information about the operations it performs or the data it processes. For example it is possible to guess an encryption key by analyzing the power consumption of a chip while it encrypts or decrypts a message.
Fault injection attack: this technique consists of provoking an error in the functioning of a chip or an integrated circuit board by sending it an abnormal signal such as an electric pulse a light wave or ionizing radiation. This technique allows modifying the behavior of the hardware revealing hidden information or bypassing protections.
Software flaw attack: this technique consists of exploiting a vulnerability in the software that controls the functioning of a chip or an integrated circuit board to access or modify sensitive data. For example it is possible to take control of a router by using a flaw in its firmware (the internal software that controls the functioning of the hardware).
Hidden channel attack: this technique consists of exploiting information that is not directly related to the functioning of the targeted system such as noise temperature or time. For example it is possible to guess the PIN code of a phone by listening to the sound produced by the keys when entering it.

Brute-force Attacks on Passwords Encryption Keys Hidden URLs and Hashes

Passwords encryption keys hidden URLs and hashes are data that serve to protect access or confidentiality of information on Internet. Hackers can try to guess them using brute force attacks which consist in testing all possible combinations until they find the right one. These attacks can have serious consequences such as identity theft account hijacking message decryption or website hacking.

Attacks on Passwords

Passwords are secret codes that users enter to authenticate on a website or an online service. Hackers can try to guess them using brute force attacks simple dictionary hybrid reverse or distributed as we have seen previously. These attacks can allow hackers to access users’ accounts and steal their personal financial or

professional information. To protect themselves from these attacks, users should choose strong and unique passwords, use a password manager, enable two-factor authentication, and avoid phishing emails.

Attacks on Encryption Keys

Encryption keys are data that are used to encrypt or decrypt messages or files. They can be symmetric (the same key is used for encryption and decryption) or asymmetric (two different keys are used: a public key for encryption and a private key for decryption). Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to read or modify confidential messages or files.

To protect themselves from these attacks, users should choose long and random encryption keys, use secure encryption algorithms, do not disclose or store their encryption keys in insecure places, and use secure protocols to exchange their encryption keys with their correspondents, such as the Diffie-Hellman protocol or the SSL/TLS protocol.

Another type of brute force attack targets the data stored in the volatile memory of devices, such as computers and phones. Volatile memory is a type of memory that loses its content when the power supply is cut off. This makes it vulnerable to brute force attacks that aim to extract sensitive data from it, using physical or software techniques. In this section, we will explain what are brute force attacks on volatile memory, how they work, what are the risks and how to prevent them.

Tools for brute force attacks

There are many tools available for brute force attacks on different protocols or services. Some are used for malicious purposes, others for penetration testing or security audit. Here is a non-exhaustive list of tools for brute force attacks:

Hashcat: Hashcat claims to be the world’s fastest and most advanced password recovery tool based on CPU. It supports five unique modes of attack for over 300 optimized hashing algorithms.
Flipper Zero: a multifunctional device that allows you to perform brute force attacks on RFID, NFC, Bluetooth systems, etc.
Gobuster: a tool written in Go that allows you to perform brute force attacks on web directories, DNS subdomains, S3 buckets or virtual hosts.
BruteX: a shell-based tool that allows you to perform brute force attacks on different services such as FTP, SSH, Telnet, RDP, VNC, etc.
Dirsearch: a tool written in Python that allows you to perform brute force attacks on web directories and files.
Callow: a tool written in C# that allows you to perform brute force attacks on web forms.
SSB: a tool written in Perl that allows you to perform brute force attacks on SMTP servers.
THC-Hydra: a popular tool that allows you to perform brute force attacks on more than 50 protocols such as HTTP, HTTPS, FTP, SSH, Telnet, SMB, etc.
Burp Suite: a suite of tools that allows you to perform penetration testing on web applications, including brute force attacks on web forms or HTTP parameters.
Patator: a tool written in Python that allows you to perform modular brute force attacks on different services such as HTTP, FTP, SSH, SMTP, etc.
Pydictor: a tool written in Python that allows you to generate custom lists for brute force or dictionary attacks.
Ncrack: a tool that allows you to perform fast and flexible brute force attacks on different services such as RDP, SSH, Telnet, HTTP(S), POP3(S), etc.

Brute force attacks on volatile memory: a data security risk

Volatile memory is a type of memory that loses its content when the power supply is cut off. This is the case for the random access memory (RAM) of computers and phones, which temporarily stores data and programs that are running. Volatile memory has an advantage: it erases the traces of computer activity in case of power outage or system shutdown. But it also has a drawback: it can be targeted by brute force attacks aiming to recover the sensitive data it contains.

A brute force attack is a method that consists of testing all possible combinations of a password, an encryption key or an access code, until finding the right one. Brute force attacks can be performed using specialized software, which exploits the computing power of computers or networks of machines. Brute force attacks can take a lot of time, depending on the complexity and length of the password, key or code to guess.

Brute force attacks on volatile memory are attacks that aim to extract data stored in the RAM of a computer or a phone, using physical or software techniques. For example, it is possible to cool down the RAM with liquid nitrogen, which allows to preserve its content for a few minutes after the system shutdown. It is then possible to transfer the RAM to another device, and use a brute force software to decrypt the data it contains. It is also possible to use malicious software that infiltrates the system and accesses the RAM, bypassing software or hardware protections.

Brute force attacks on volatile memory pose a risk for data security, because they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

To sum up, brute force attacks on volatile memory are a serious threat for data security, as they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

Attacks on Hidden URLs

Hidden URLs are web addresses that are hidden or modified to avoid being easily accessible or identifiable. They can be used to protect the privacy or security of a website or an online service. For example, a website may use a hidden URL to prevent being indexed by search engines or targeted by hackers. Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to access hidden or forbidden websites, such as illegal, malicious, or sensitive websites.

To protect themselves from these attacks, users should choose long, complex, and random hidden URLs, do not use predictable or easy-to-guess hidden URLs, do not share or publish their hidden URLs with other people or on other websites, and use encryption or authentication techniques to enhance the security of their hidden URLs.

Attacks on Hashes

Hashes are data that result from applying a mathematical function to a message or a file. They are used to verify the integrity or authenticity of a message or a file, by comparing it to the original hash. They can also be used to store passwords securely, by transforming them into irreversible hashes. Hackers can try to guess them using brute force attacks simple, dictionary, or hybrid, by testing all possible combinations until they find the right hash. These attacks can allow hackers to falsify or reveal messages or files.

To protect themselves from these attacks, users should choose secure hashing functions that do not have collisions (two different messages that produce the same hash) or preimages (a message that produces a given hash), use salting (adding a random data to the message before hashing) or peppering (adding a secret data to the message before hashing) techniques to make hashes more resistant to brute force attacks, do not store or transmit their hashes in insecure places, and use secure protocols to exchange their hashes with their correspondents, such as the HMAC protocol or the SSL/TLS protocol.

Brute-force Attacks on Phone Systems

Phone systems are devices that allow communication by voice or text, such as landlines, mobile phones (smartphones), or VoIP services. Hackers can try to hack them using brute-force attacks that consist of guessing codes or keys. These attacks can allow hackers to access data or services of a phone system, such as contacts, messages, calls, payments, or subscriptions.

Attacks on PIN Codes

PIN codes are secret codes of four digits that are used to unlock a mobile phone or a SIM card. Hackers can try to guess them using brute force attacks simple or analogous by testing all possible combinations until they find the right one. These attacks can allow hackers to access data or services of the mobile phone or the SIM card.

To protect themselves from these attacks users should choose random and unpredictable PIN codes that do not contain numerical sequences easy to guess such as “0000” “1234” or “4321”. They should not write or share their PIN codes with other people. They should activate the function of automatic locking of the mobile phone or the SIM card after a certain number of unsuccessful attempts. They should activate the function of automatic reset of the mobile phone or the SIM card after a certain number of unsuccessful attempts.

Attacks on IMEI Codes

IMEI codes are unique codes of 15 digits that identify a mobile phone. They are used to block a mobile phone in case of theft or loss. Hackers can try to guess them using brute force attacks simple or distributed by testing all possible combinations until they find the right one. These attacks can allow hackers to unlock a stolen or lost mobile phone and use it for malicious purposes such as making fraudulent calls sending unwanted messages or accessing personal data of the owner.

To protect themselves from these attacks users should note their IMEI codes and keep them in a safe place. They should not disclose their IMEI codes to unknown or suspicious people. They should report the loss or theft of their mobile phone to their operator and request the blocking of their IMEI codes. They should use a service of location or remote locking of their mobile phone in case of loss or theft.

Attacks BrutePrint

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised. Click is here for more information Attacks BrutePrint.

Evaluation of Products or Services Resistance to Brute-force Attacks

To evaluate the resistance of products or services to brute force attacks we can use a scoring model based on the type and severity of possible attacks. The scoring model can be as follows:

For each product or service we identify the possible types of brute force attacks that can target it such as passwords encryption keys hidden URLs hashes PIN codes or IMEI codes.
For each type of brute force attack we assign a score from 1 to 5 according to the severity of the attack. The score can be based on the following criteria: the complexity of the attack the time required to perform the attack the impact of the attack on the confidentiality integrity or availability of the data or service and the likelihood of the attack to succeed.
We calculate the average score for each product or service by adding up the scores for each type of brute force attack and dividing by the number of types. The lower the score the more resistant the product or service is to brute force attacks.

For example let’s consider two products: a web application and a smartphone. The possible types of brute force attacks and their scores are as follows:

Type of brute-force attack	Web application	Smartphone
Passwords	3	2
Encryption keys	4	3
Hidden URLs	2	N/A
Hashes	3	N/A
PIN codes	N/A	2
IMEI codes	N/A	4

The average score for the web application is (3 + 4 + 2 + 3) / 4 = 3. The average score for the smartphone is (2 + 3 + 2 + 4) / 4 = 2.75. Therefore, according to this scoring model, the smartphone is more resistant to brute force attacks than the web application.

Statistics on brute force attacks

Brute force attacks are common and effective methods used by hackers to access systems protected by passwords or encryption keys. According to the IBM Cost of a Data Breach 2022 report, stolen or compromised credentials are the leading cause of data breaches and cost an average of $4.35 million to businesses worldwide in 2021. Brute force attacks are also increasing with the health crisis, which has encouraged remote work and online services. According to Cloudflare, the number of brute force attacks on RDP and SSH protocols increased by 400% between March and April 2020.

The duration and difficulty of a brute force attack depend on the length and complexity of the password or key to guess. According to Cloudflare, a seven-character password would take, at a rate of 15 million keystrokes per second, 9 minutes to crack. An eight-character password would take 4 hours, a nine-character password would take 8 days, and a ten-character password would take 463 days. It is therefore essential to use passwords or keys that are long and random enough to resist brute force attacks.

Real Cases of Brute-force Attacks

Brute force attacks are not only theoretical methods, but also real threats that have affected various domains, such as finance, health, politics, etc. In this section, we will present some examples of brute force attacks that have taken place in recent years, and show their consequences and lessons.

Brute force attacks on financial institutions

Financial institutions are often targeted by brute force attacks, as they store sensitive data and money. For instance, in 2019, a group of hackers used brute force attacks to access the online banking systems of several banks in Eastern Europe and Central Asia. They stole over $100 million from more than 40,000 accounts. The hackers used a software called Cobalt Strike, which allowed them to remotely control the infected computers and launch brute force attacks on the banks’ servers. They also used a technique called “ATM cash-out”, which enabled them to withdraw money from ATMs without using cards.

This case shows the importance of using strong passwords and encryption keys for online banking systems, as well as updating the software and hardware to prevent malware infections. It also shows the need for monitoring and alerting mechanisms to detect and stop brute force attacks in real time.

Brute force attacks on health systems

Health systems are also vulnerable to brute force attacks, as they store personal and medical data that can be used for identity theft or blackmail. For example, in 2020, a hacker group called Maze used brute force attacks to breach the network of Fresenius, Europe’s largest private hospital operator. They encrypted the data and demanded a ransom for its release. The attack affected the hospital’s operations and patient care, as well as its subsidiaries that produce dialysis products and blood transfusion devices.

This case illustrates the impact of brute force attacks on human lives and health services. It also highlights the need for securing the network and data of health systems, as well as having backup and recovery plans in case of an attack.

Brute force attacks on political systems

Political systems are not immune to brute force attacks, as they can influence the outcome of elections or policies. For instance, in 2016, a hacker group called Fancy Bear used brute force attacks to access the email accounts of several members of the Democratic National Committee (DNC) in the United States. They leaked the emails to WikiLeaks, which published them online. The leaked emails revealed internal conflicts and controversies within the DNC, and damaged the reputation of Hillary Clinton, who was running for president against Donald Trump.

This case demonstrates the power of brute force attacks to manipulate public opinion and interfere with democratic processes. It also underscores the need for protecting the email accounts and communications of political actors, as well as educating the public about cyber threats and misinformation.

How to Prevent Brute-force Attacks

Brute force attacks are a serious threat to the security and privacy of users, systems, and devices. Therefore, it is important to take preventive measures to avoid or mitigate their impact. Here are some general tips to prevent brute force attacks:

Use strong and unique passwords, encryption keys, hidden URLs, hashes, PIN codes, and IMEI codes. They should be long, complex, and random, containing letters, numbers, and symbols. They should not be based on personal or predictable information, such as names, dates, or phone numbers.
Use secure encryption algorithms and hashing functions. They should not have known or exploitable flaws or weaknesses, such as collisions or preimages. They should have enough entropy (degree of unpredictability) to resist brute force attacks.
Use secure protocols and techniques to exchange and store data. They should provide encryption, authentication, verification, correction, masking, or salting features. They should use secure channels and devices to transmit and store data.
Use security software and hardware to protect systems and devices. They should include firewalls, antivirus software, sensors, or locks. They should detect and block brute force attacks or trigger self-destruction or data erasure mechanisms.
Use ethical hacking and research to test and improve the security of systems and devices. They should identify and report vulnerabilities, flaws, or weaknesses. They should provide solutions, innovations, or products to enhance the security of systems and devices.

In conclusion

In this article, we have explored the topic of brute force attacks, also known as trial-and-error or exhaustive attacks. We have seen that brute force attacks are methods used by hackers to access systems protected by passwords or encryption keys, by testing all possible combinations until finding the right one. We have also seen that there are different types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, the domain of application and the tools used. We have focused on some specific types of brute force attacks, such as those on electronic components, passwords, encryption keys, hidden URLs, hashes and phone systems. We have also evaluated the resistance of products or services to brute force attacks, by presenting some real cases and some criteria to assess the security level. Finally, we have given some tips on how to prevent brute force attacks, by using long and complex passwords or keys, encrypting data, updating software and hardware, and using security tools.

Brute force attacks are a serious threat for data security and privacy, as they can allow hackers to access confidential information, compromise other systems or services, or extort the victims. Therefore, it is essential to be aware of the risks and the solutions to protect yourself from brute force attacks. If you want to learn more about this topic, you can check the sources that we have cited throughout this article.