Category Archives: Encryption
Johnson County police scanners will soon go silent. What will that mean for transparency? – KCUR
For 13 Johnson County police agencies and hundreds of listeners to police radio scanners and phone apps, Jan. 23 will be Encryption Day.
Law enforcement officials see it as the day they take back control over how much of their operations including sensitive private information on the people they encounter will go out over airwaves to be noted by anyone with the right technology.
Scanner listeners, including some local crime journalists, see it differently.
To them, Encryption Day will be the day the lights dim over police transparency, the day their desktop scanners become expensive paperweights and phone apps all but useless in finding out whats going in real time with local law enforcement.
Once encryption happens, there is no expectation of accountability to the public about any agencys action. At least not in any meaningful way, wrote Cartherine Kost, administrator of the Johnson County KS Community and Police Scanner Group, in an email to the Post.
The public has the right to know what is happening in their communities. We have the right to have oversight of our governmental affairs. Encryption is one less way that we as citizens will be able to observe agencies and demand accountability, she added.
Encryption which blocks listeners from hearing what police and dispatchers say over the radio is nothing new.
Most local agencies already use some encryption on certain tactical channels. The primary channels on which initial calls go out, however, have remained audible for members of the general public to hear if they have scanners.
Thats whats about to change.
Lenexas police department recently announced over the social media platform X (formerly Twitter) that 13 agencies will begin encrypting their primary channels.
Those agencies include Blue Valley School District Police, Shawnee Mission School District Police, and the city police departments of Olathe, Overland Park, Shawnee, Lenexa, Leawood, Merriam, Fairway, Prairie Village, Roeland Park, Mission and Westwood.
The Johnson County Sheriffs office and Kansas Highway Patrol communications will not be encrypted.
This policy will help protect the privacy of those individuals, including victims, witnesses, and suspects, whose personal information is transmitted over a police radio, Lenexa Police wrote on X.
Carlos Moreno
/
KCUR 89.3
Listening in on police activities dates all the way back to the 1920s, when police communications existed alongside radio stations, and in at least one city, police played Yankee Doodle before their calls because of entertainment requirements from the Federal Radio Commission.
Tech evolved after that. Police adopted short-wave, but people still listened. The CB radio craze of the 1970s drew in another generation of listeners who turned to scanners of the day, many of whom were undeterred by the prospect of having to buy a separate crystal for each channel.
Tech evolved again, with the development of smartphone scanner apps that in more recent years has made listening easier and more accessible.
Then came the summer of 2020, the police killing of George Floyd in Minneapolis, the Black Lives Matter protests and the intensified scrutiny of police operations.
Scanners were reportedly used in some instances to alert protesting crowds to police attempts to hem them in, according to online publication Gizmodo.
Police now list several concerns about scanners that they believe validate the decision to encrypt their communications.
High on that list is the idea that criminals use scanners to keep track of and evade police a concept scanning group leaders push back hard against.
Lenexa Police Chief Dawn Layman said there have been times that unmarked police cars have attempted to get close enough to use a grappler a sort of tire lasso to stop a suspects car, only to have the target car suddenly speed up. She believes that was due to scanner descriptions of what was going on.
Agency heads have also been uncomfortable with personal information, exact addresses, mental health references and other information about callers and witnesses going out onto the airwaves.
Overland Park Interim Police Chief Simon Happer put it this way during a presentation to the city councils Public Safety Committee meeting earlier this month: A lot of things groups think are important, I dont know that they are. Is the fact that my next door neighbors had a disturbance between each other really a matter of public need to know?
A policy enacted a year ago by the FBI Criminal Justice Information Services gave the move toward encryption a final push, by requiring agencies to encrypt a range of biometric and other data by the time of their next audit. That policy only solidified a decision that had already been made in Lenexa, Layman said.
In other cities in the metro, the new policy makes little difference.
Independence, Missouri, for instance, was one of the first departments to encrypt all its channels in 2013 and others, including Kansas City, Kansas, and Kansas City, Missouri, have also done it, Happer said.
Carlos Moreno
/
KCUR 89.3
Police officials say they have worked hard to balance the publics right to know with information that, if made public, could damage their operations.
They point to current efforts toward transparency, such as call logs on their websites that give basic real time information on initial dispatch calls and say the normal communications provided through public information officers or talking to officers at the scene is still there.
Scanner enthusiasts, though, predict big downsides to the coming encryption, including more confusion over what is happening which can lead to a lack of trust between police and the public.
When there is a lack of reliable information available, there is no shortage of people who will send bad information out on the rumor mills, sometimes maliciously, writes Kost from the Johnson County scanner community group on Facebook. One only has to browse the NextDoor app and you can see incorrect information in abundance. And incorrect information leads to incorrect assumptions and incorrect actions.
Brett Cooper, who broadcast scanner traffic on the websiteBroadcastify in the 2010s and later set up the restricted channel ScanJoco, echoed that sentiment.
One of the things that worries me is when you get people guessing and throwing out random answers, it leads to rumors and conspiracy theories, he said. People can get really curious and be driving up to a hot scene and it would be really bad for those people not to be in the know.
Another danger is that police departments will have too much decision-making power over what the public knows, thereby eroding public trust, scanner advocates said.
We are only going to hear the information that agencies want us to hear. And in Johnson County, this is an issue, Kost wrote.
Although she said she doesnt believe the county has a bad cop problem, there will be temptations to edit the news.
I think that Johnson County will use encryption as a way to hide the crime and other relevant incidents from public view, Kost wrote. They are eager to maintain those best City to Raise Kids and Best Counties to Live In awards that they like to show off.
There are differing views on the role of civilian scanner enthusiasts.
At times, scanning listeners have been characterized as nosy busybodies looking for gossip about their neighbors. Happer said the public doesnt need to know every police call that goes out.
Its not really anybodys business what happened at my next door neighbors house, unless it was a serious crime, he said at the Overland Park committee meeting this month.
Councilmember Jeff Cox took it further.
Theres a massive gap between people who want information and people who need information, he said, adding the police department should be the ones to decide, not some guy on NextDoor with a scanner in his basement. Lets face it, a whole bunch of people whining about this just want it for entertainment, or to commercialize it as a media scoop, Cox said.
In fact, some scanner listeners say they are filling a journalistic role by answering questions when people hear sirens for calls that may never reach the prime-time news reports.
Kost, the administrator of the 42,000-member Johnson County KS Community and Police Scanner Group, said her group has provided timely information on traffic, road conditions and crashes, as well as events like the school shooting at Olathe East High in 2022.
During that incident, she said, the group was able to provide up-to-date information on where parents could go to be reunited with their children and to quash inaccurate rumors.
She also worries that police decisions to leave out certain crimes like domestic disturbances or drunk driving will be swept under the rug when they involve high-profile residents.
The Lenexa departments media contact, Master Police Officer Danny Chavez, suggested curious scanner listeners and residents can still go to the scene and then call the police department media spokespeople to find out what happened.
Its just they wont have access to hearing it in real time on the scanner. But in terms of transparency, here it is: If youre interested, you can go stand on the sidewalk, record the officers, and perhaps question the police information officer or submit an open records request, he said.
The scanning community is small enough that Chavez and Layman said they did not expect a flood of information requests.
Mike Frizzell, a scanning enthusiast and freelance journalist who frequently files stories for the Johnson County Post, said he often sees onlookers standing on the sidewalk watching when a police search is going on.
With everything encrypted, nobody will know, whats happening, Frizzell said. Well all be standing on the sidewalk looking.
As a journalist, Frizzell said most of the police work-around suggestions are impractical.
The call logs, for instance, would require him to constantly watch a laptop with multiple tabs open for each city.
My scanner goes with me everywhere, he said. When it makes a certain noise, I know I need to pay attention to it. I cant have 10 tabs open, refreshing them every 10 minutes. It would drive a person crazy.
Other times, the logs may not reflect a serious situation that needs to be reported on, he said.
Frizzell showed how Shawnee Polices call log in December made no mention of an armed standoff in which the equivalent of a SWAT team was called out. In that case, a man was charged with attempted capital murder.
Frizzell said he gets a lot of inquiries when people hear sirens, and the scanner helps him know which ones are worth pursuing.
I cant chase every single one of those. Ill be bankrupt just from buying gas, he said.
Frizzell added that if the situation merits, he prefers going to a scene, where officers and their supervisors recognize him and may answer his questions.
In minor incidents, police might be long gone in the amount of time it takes to drive to the scene, he explained.
Calling is still an option, but at the same time, if there is something major going on, I dont want to be tying up the dispatcher with my little questions that are insignificant when someones potentially getting shot at.
Many police-scanning enthusiasts have been skeptical of the reasons departments say they need to encrypt.
They say they have asked local authorities for specific examples to prove criminals are using scanners to evade the law. Cooper said he has never been contacted by law enforcement officers with concerns about ScanJoCo or Broadcastify.
Several in the scanning community said police can avoid airing sensitive data by using the encrypted channels they already have. But police say thats unworkable for them.
We cannot just ask people to switch to another channel, said Layman, as she held up a police radio. If Im wearing this and my focus is down the street on something and were in the heat of the moment and somebody says switch to Tac Channel 4, I shouldnt be taking my eyes off that to look at my radio to figure out what channel Im on.
Some scanners also said encryption will hurt police recruitment.
Patrick Norris, a scanning listener who lives in Independence, where police radio is already encrypted, said encryption there has already closed a window into the law enforcement world for young people looking for a career.
Thats a fair point, said Frizzell, who started a degree in justice administration after years listening to the scanner growing up. He said he often encounters young people on calls who are interested in policing as a career.
In Independence, encryption has already had a detrimental effect, Norris said.
You are a little bit more involved in the community when youre listening to it, he said. But when you dont know whats going on in your town, then youre just left with, I want to be safe. Or What happened? And you never hear anything.
This story was originally published by the Johnson County Post.
See the original post:
Johnson County police scanners will soon go silent. What will that mean for transparency? - KCUR
Breaking The Flash Encryption Feature Of Espressif’s Microcontrollers – Hackaday
Espressifs ESP32 microcontrollers come with a Flash encryption feature that when enabled ensures that the data and code stored on the (usually external) Flash chip is encrypted with AES-256 (ESP32) or better (ESP32-C3, -C6). For the ESP32 this encryption feature has been shown to be vulnerable to side channel attacks (SCA), leading[courk] to not only replicate this result with a custom ESP Correlation Power Analysis (CPA) board (pictured) that captures power usage of the MCU, but also to try his luck with the ESP32-C3 and ESP32-C6 parts that should be tougher nuts to crack.
Whereas the ESP32 uses a fairly straightforward AES-256 encryption routine that together with the exposed Flash communication lines on the QSPI bus make for a textbook SCA example, the ESP32-C3 ups the encryption to XTS-AES, which uses two 128-bit keys on the -C3 part (XTS-256). This particular MCU is still susceptible to the same SCA attack with CPA, making it somewhat harder to attack than the ESP32, but by no means impossible.
Following the advisory from Espressif (PDF) regarding the cracked ESP32 Flash encryption, anti-SCA measures were said to be implemented in future Espressif designs, which includes the ESP32-C6. These measure serve mostly to mask and obfuscate the internal operations in order make power trace data less useful. These countermeasures can be enabled in stages, which [courk] did, to see how much they affect a CPA-based SCA. Perhaps shockingly, none of these seemed to affect the CPA attack much, if at all.
As a bonus round, [courk] then decided to speed up the painfully slow process of recovering the encryption keys by fault injection, which just requires the first 128 bytes (one block) on the -C3 and -C6 parts. Using a voltage fault injection the Secure Boot feature is bypassed. The essential idea is that through a buffer overflow custom code can be run, which dumps the entire Flash content. After demonstrating this and report it to Espressif, an advisory was published that notes that theres no defense against this SCA and fault injection attack, other than using an ESP32 part that has internal Flash and no access to the QSPI bus from the outside.
It would seem that with how leaky the Flash encryption is on these ESP32-family parts, placing your bets on an attacker having an aversion to decapping an IC might indeed be your best defense.
Top image: Block Diagram of the ESP CPA Board (Credit: Courk at courk.cc)
More here:
Breaking The Flash Encryption Feature Of Espressif's Microcontrollers - Hackaday
Over 90% of child sexual abuse imagery is self-generated, data shows – The Guardian
Internet safety
Volume of material children are coerced or groomed into creating prompts renewed attack on end-to-end encryption
More than 90% of child sexual abuse imagery found on the internet is now self-generated, according to the charity responsible for finding and removing such material.
The Internet Watch Foundation said that it discovered self-generated child sexual abuse material (CSAM) featuring children under 10 on more than 100,000 webpages in the last year. That figure is an increase of 66% on the year before.
In total, a record 275,655 webpages were confirmed to contain CSAM, the IWF said, an increase of 8%. The new data prompted a renewed attack on end-to-end encryption from the UK government, backed by the IWF.
The rise in imagery discovered and removed is not necessarily problematic, said the charitys chief executive Susie Hargreaves, as some of the increase could be accounted for by better detection.
It does mean were detecting more, but I dont think its ever a good thing if youre finding loads more child sexual abuse, Hargreaves added. Obviously the IWF would be most successful if we didnt find any images of child sexual abuse. Our mission is the elimination of child sexual abuse its not just to find as much as possible and take it down.
Some of the self-generated imagery was created by children as young as three years old, the IWF said, and a fifth was ranked as containing category A harm, the most severe types of sexual abuse.
Ten years ago we hadnt seen self-generated content at all, and a decade later were now finding that 92% of the webpages we remove have got self-generated content on them, Hargreaves said. Thats children in their bedrooms and domestic settings where theyve been tricked, coerced or encouraged into engaging in sexual activity which is then recorded and shared by child sexual abuse websites.
The charity said that the new figures, the first data it has put together from 2023, underscore its opposition to Metas plans to turn on end-to-end encryption for Messenger, a security feature that would blind the company to content being shared on its service. The company reported 20 million incidents of people sharing CSAM in 2022 to the IWFs US equivalent, the National Center for Missing & Exploited Children [NCMEC], and the IWF fears that almost all of those reports would be lost. Hargreaves also criticised Apple for dropping plans to scan for CSAM on iPhones in a way the company had initially argued was privacy-preserving.
With so many organisations looking to do the right thing in the light of new regulations in the UK, it is incomprehensible that Meta is deciding to look the other way and offer criminals a free pass to further share and spread abuse imagery in private and undetected, she said.
Decisions like this, as well as Apple opting to drop plans for client-side scanning to detect the sharing of abuse, are baffling given the context of the spread of this imagery on the wider web.
Tom Tugendhat, the UK security minister, said: This alarming report clearly shows that online child sexual abuse is on the rise, and the victims are only getting younger. And yet, despite warnings from across government, charities, law enforcement and our international partners, Meta have taken the extraordinary decision to turn their backs on these victims, and provide a safe space for heinous predators.
The decision to roll out end-to-end encryption on Facebook Messenger without the necessary safety features, will have a catastrophic impact on law enforcements ability to bring perpetrators to justice.
In a statement, a Meta spokesperson said it expected to continue providing more reports to NCMEC than others. Encryption helps keep people, including children, safe from hackers, scammers and criminals. We dont think people want us reading their private messages so have spent years developing robust safety measures to prevent, detect and combat child abuse while maintaining online security.
Our recently published report detailed these measures, such as restricting over-19s from messaging teens who dont follow them and using technology to identify and take action against malicious behaviour. We routinely provide more reports to NCMEC than others, and given our ongoing investments, we expect that to continue.
Apple did not reply to a request for comment. The company delayed its plans for so-called client-side scanning of iPhones a month after announcing them, and has never publicly acknowledged that they have been dropped for good.
{{topLeft}}
{{bottomLeft}}
{{topRight}}
{{bottomRight}}
{{.}}
One-timeMonthlyAnnual
Other
Read this article:
Over 90% of child sexual abuse imagery is self-generated, data shows - The Guardian
American Binary & WhiteHawk Partner to Accelerate the Post-Quantum Transition – PR Newswire
KIRKLAND, Wash., Jan. 16, 2024 /PRNewswire/ -- By 2025within 12 monthsthe US government's encryption standards will mandate that all companies selling solutions that use encryption of any kind to the U.S. government must transition to post-quantum encryption per Commercial National Security Algorithm Suite 2.0 (CNSA 2.0.) These new standards prohibit RSA, Elliptic Curves, and other common encryption used by the financial system, healthcare, automotive, and other industries whose data is not secure according to these standards.
To accelerate meeting these new encryption standards, American Binary is thrilled to announce an official partnership with WhiteHawk, Inc; the world's first cybersecurity exchange. Their experts have vetted our post-quantum encrypted advanced networking, data store, and datalink solutions and will be working with us to bring our CNSA 2.0 compliant cybersecurity to critical industries across the nation.
"American Binary is the perfect exemplar of next generation Cyber Innovation so needed today and going forward for the automated and effective resilience of our Nation, Allies and the World. I am so proud to enable American Binary to conduct further Client engaging R&D and gain the traction they deserve in our Digital Age." Stated Terry Roberts, Founder and CEO of WhiteHawk CEC Inc.
"WhiteHawk and American Binary will be among the first to offer the U.S. defense and private enterprise community both post-quantum chip-level IoT and crypto-agile network layer encrypted products. With WhiteHawk's strong market position in cybersecurity coupled with American Binary's boundary-pushing deep tech, our two companies expect this partnership to accelerate the world's transition to post-quantum encryption." Stated Kevin Kane, Founder and CEO of American Binary.
Expect further news about our developments in 2024 and learn more about WhiteHawk here.
Media Contact: [emailprotected]
SOURCE American Binary
See the article here:
American Binary & WhiteHawk Partner to Accelerate the Post-Quantum Transition - PR Newswire
Global Encryption Software Market scrutinized in the new analysis – WhaTech Technology and Markets News
Encryption Software Market advances with heightened cybersecurity demands, offering secure data protection solutions for businesses in a digitally evolving landscape.
Report Overview
Polaris Market Research has recently published its latest report titled Encryption Software Market: By Size, Latest Trends, Share, Huge Growth, Segments, Analysis and Forecast, 2032. The research study gives an in-depth analysis of the market, assessing all the major aspects businesses need to know. It tracks all the major trends in the industry and their impact on the overall market., it assesses the market dynamics and covers the key demand and price indicators in the industry. Besides, it covers research data of several market key players, gross margin, and benefits through pictorial representations like tables, charts, and graphs.
Report: http://www.polarismarketresearch.com/industrfor-sample
The research study includes a thorough examination of the revenue generated by various segments across different regions worldwide. To help stakeholders gain an in-depth understanding of theEncryption Software Market, the study taps hard-to-find information on aspects such as supply chain optimization, distribution channels, and technology advancements. Furthermore, the report includes Porters Five Forces to analyze the prominence of several features in the industry.
The Encryption Software Market is witnessing robust growth driven by escalating concerns about data security and privacy in the digital era. With an increasing volume of sensitive information being transmitted and stored online, organizations are investing heavily in encryption solutions to safeguard their data from unauthorized access and cyber threats. End-to-end encryption, secure file sharing, and robust key management systems are becoming integral components of cybersecurity strategies across various industries. The market is also evolving in response to stringent regulatory requirements, pushing for stronger encryption measures to protect sensitive data. As cyber threats continue to evolve, the Encryption Software Market is expected to expand, providing advanced solutions to meet the ever-growing demands for secure data protection.
Industry Analysis
According to the research report, the global encryption software market was valued at USD 6.74 billion in 2023 and is expected to reach USD 26.34 billion by 2032, to grow at a CAGR of 16.4% during the forecast period.
Competitive Landscape
This section of the report sheds light on the competitive landscape in the industry. It provides an in-depth examination of the Encryption Software Market key players, covering their market share, production capacity, and plant turnarounds. The study also details all the major strategic developments, such as mergers, acquisitions, and collaborations, in the industry.
Some of the Major Companies in the Market Include
Report:www.polarismarketresearch.com/industrfor-sample
Growth Drivers
Segmental Analysis
The research report for the Encryption Software Market has been primarily segmented by type, application, end-use, and region. It offers an in-depth analysis of each of these segments and lists the top segments that are projected to witness the fastest growth. Besides, a thorough overview of various sub-segments is included in the report.
http://www.polarismarketresearch.com//178/2
Regional Overview
This section of the report offers an in-depth analysis of the regional markets in the industry. It evaluates the regional markets by analyzing the pricing of products compared to the revenue generated. Besides, other important aspects such as production capacity, supply and demand, logistics, and past performance of the Encryption Software Market in the given region are also covered.
The major regions and sub-regions covered in the study are:
Report: http://www.polarismarketresearch.com/industrtomization
Research Methodology
The research report has been prepared by using industry-standard methodologies to provide an accurate and reliable analysis of the market. It involves the collection of data by expert analysts only to have it filtered to offer significant predictions about the market. Also, it includes interviews with industry experts to keep the research relevant and practical. Along with primary and secondary data approaches, the study considers publicly available sources to provide an insightful market understanding.
Key Highlights of the Report
Report:www.polarismarketresearch.com/industrore-buying
The Report Answers the Following Questions
Indian Army develops end-to-end encrypted mobile ecosystem SAMBHAV: How it will work and more – Times of India
The Indian Army has developed SAMBHAV, an end-to-end secure mobile ecosystem, aiming to offer secure communication with instant co... Read More The Indian Army has developed SAMBHAV, an end-to-end secure mobile ecosystem, aiming to offer secure communication with instant connectivity. SAMBHAV operates on 5G technology and aligns with the Indian government's vision of dual-use infrastructure and civil-military fusion. Command Cyber Operations Support Wings (CCOSWs) are being established to enhance and integrate cyber capability at operational and tactical levels. Read Less The Indian Army has developed an "end-to-end secure mobile ecosystem" called SAMBHAV (Secure Army Mobile Bharat Version). The SAMBHAV mobile ecosystem is said to be aimed at offering secure communication with instant connectivity, even on the move, marking a "significant leap forward" in India's defense capabilities. Conventional capabilities are no longer the only measure of military prowess. Both State and non-State actors are developing means to bridge conventional asymmetries across the world. Over the years, cyberspace has emerged as one of the "principle domains of hybrid warfare". This is said to present both opportunities and threats across the continuum of operations. This has resulted in the proliferation of networks and IT infrastructure in the Indian Army "increasing manifold". The Indian Army has developed SAMBHAV in collaboration with leading academic and industry experts. Leveraging the potential of existing public cellular networks, SAMBHAV operates on 5G technology. "5G-ready handsets using multi-tier encryption," an official told news agency PTI. This initiative aligns with the Indian government's vision of "dual-use infrastructure" and "civil-military fusion" in technology. The initial rollout plans to deploy 35,000 sets in two phases, with 2,500 by January 15 and the remaining by May 31.How SAMBHAV helps"Mobile networks are prone to eavesdropping and therefore information security of mobiles is at risk of being compromised. An end-to-end secure mobile ecosystem which is network-agnostic has been developed to provide secure communication with instant connectivity on the move," the official added.
Expand
end of article
See original here:
Indian Army develops end-to-end encrypted mobile ecosystem SAMBHAV: How it will work and more - Times of India
EU: Open letter on security-cloaked threats to encryption – ARTICLE 19 – Article 19
ARTICLE 19 joined a coalition of civil society and digital rights organisations in signing an open letter calling on the High Level Group on access to data for effective law enforcement (the HLG) to engage civil society in ongoing discussions on access to data for effective law enforcement in the European Union. The HLG, set up by the Swedish Council Presidency, has been tasked with finding ways for the EU to facilitate police investigations as data is increasingly shared and stored in encrypted forms. Though advertised as a collaborative and inclusive platform, there is little transparency around the discussions and civil society has been excluded, while police and private sector participation has been prioritised. Engaging civil society in genuine and ongoing dialogue with the HLG is key to ensuring the EU Commission does not enable the security apparatus to undermine encryption and digital privacy in the EU. Read the letter below, and view as a PDF to view all signatories.
10 January 2024
Subject: Call to the High Level Group on Access to Data for Effective Law Enforcement for greater transparency and participation of all stakeholders
Dear Chairs of the High Level Group,
We, the undersigned digital rights and civil society organisations, emphasise the crucial importance of guaranteeing transparency, participation, inclusion and accountability, notably through the involvement of civil society in ongoing discussions held by the High Level Group (HLG) on access to data for effective law enforcement.
The European Commission and the Council of the EU are bound by Article 11 of the Treaty on European Union to give citizens and representative associations the opportunity to make known and publicly exchange their views in all areas of Union action and to maintain open, transparent and regular dialogue with representative associations and civil society. We therefore welcome the intention of the Commission, as described in the Commission Decision setting up the group, to establish and operate a collaborative and inclusive platform for stakeholders from all relevant sectors, including () data protection and privacy, () non-governmental organisations [to] work towards commonly accepted solutions.
However, in the context of these treaty obligations, the current working arrangements of the HLG raise multiple challenges for participation and inclusion.
In October 2023 several of our organisations proposed to contribute as civil society experts and participants to the upcoming activities and working sessions of the HLG given their expertise and long-term engagement with the subject matter. However, their requests were turned down and they were invited instead to submit written comments, which, if deemed relevant, could lead to a proper invitation at a later date.
In the meantime, we learnt that several industry players have been invited to the HLG meetings. This opaque and unequal participation process that may lead to an unbalanced representation of interests can hardly achieve one of the objectives of the HLG, which is to stimulate the interactive participation of all stakeholders and the sharing of different perspectives.
We would like to stress that transparency, inclusion, and accountability requires genuine opportunities for civil society to be informed about deliberations in the HLG and provide comments and advice, which the HLG can consider at all stages of its work. This dialogue is needed continuously throughout the process, and cannot be reduced to a one-time meeting where civil society presents its views separately from the main HLG process. It is critical that civil society can listen to Member States, and provide targeted advice on the specific discussions taking place.
In particular, we are deeply concerned that the very premise of the HLG objectives is to push for a security by design approach in all EU existing and future policies and legislation. We understand this framing as an attempt to impose a law enforcement access by design obligation in the development of all privacy-enhancing technologies, which would result in a serious impediment to peoples exercise of their fundamental rights to privacy and data protection and to freedom of expression, information and association. It could also have an unforeseen detrimental impact on the security of the critical infrastructure that we all rely on when using electronic communications services and digital devices. Hence it is all the more important to bring this debate into the public sphere.
Lastly, we would like to point out that, although the HLG is considered a sui generis group and not an official Commission expert group, there is a worrying lack of compliance with transparency requirements.
Article 11 of the Commission Decision states that an equivalent degree of transparency must be ensured to that applicable to Commission expert groups within the meaning of the Commission Decision C(2016) 3301. Yet, the HLG and its working groups are not registered on the Register of Commission expert groups and other similar entities, despite what its own rules of procedure prescribe.
The rules of procedure further state that DG HOME shall publish the agenda of the meetings of the group and other relevant background documents in due time ahead of the meeting, followed by timely publication of minutes. None of the meeting minutes have yet been made available to the public. Exceptions should be individually justified and internally reviewed. All documents should be published proactively and by default. This would also prevent the administrative burden of granting access to documents (see this request for example). We therefore call for a diligent approach to making all possible documents public and proactively engaging with civil society.
View as PDF
Read the original post:
EU: Open letter on security-cloaked threats to encryption - ARTICLE 19 - Article 19
Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload – The Hacker News
Jan 11, 2024NewsroomMalvertising / Cyber Attacks
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities.
"It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules," Malwarebytes' Jrme Segura said in a Wednesday report.
Atomic Stealer first emerged in April 2023 for a monthly subscription of $1,000. It's capable of harvesting sensitive information from a compromised host, including Keychain passwords, session cookies, files, crypto wallets, system metadata, and the machine's password via a fake prompt.
Over the past several months, the malware has been observed propagated via malvertising and compromised sites under the guise of legitimate software and web browser updates.
Malwarebytes' latest analysis shows that Atomic Stealer is now being sold for a hefty $3,000/month rental fee, with the actors running a promotion coinciding with Christmas, offering the malware for a discounted price of $2,000.
Besides incorporating encryption to thwart detection by security software, campaigns distributing Atomic Stealer have undergone a slight shift, wherein Google search ads impersonating Slack are used as conduits to deploy Atomic Stealer or a malware loader called EugenLoader (aka FakeBat) depending on the operating system.
It's worth noting that a malvertising campaign spotted in September 2023 leveraged a fraudulent site for the TradingView charting platform to deliver NetSupport RAT, if visited from Windows, and Atomic Stealer, if the operating system is macOS.
The rogue Slack disk image (DMG) file, upon opening, prompts the victim to enter their system password, thereby allowing threat actors to gather sensitive information that are access-restricted. Another crucial aspect of the new version is the use of obfuscation to conceal the command-and-control server that receives the stolen information.
"As stealers continue to be a top threat for Mac users, it is important to download software from trusted locations," Segura said. "Malicious ads and decoy sites can be very misleading though and it only takes a single mistake (entering your password) for the malware to collect and exfiltrate your data."
Read more from the original source:
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload - The Hacker News
China claims it has cracked Apple AirDrops encryption to identify senders – WRAL News
CNN Hong Kong (CNN) A Chinese tech company has succeeded in cracking the encryption around Apples AirDrop wireless file sharing function to identify users of the popular feature, according to Beijings Justice Bureau.
The company, Beijing-based Wangshendongjian Technology, was able to help police track down people who used the service to send inappropriate information to passersby in the Beijing subway, the agency said in a Monday statement.
It had identified the senders mobile phone numbers and email addresses as part of an investigation following a complaint, the statement said. Several suspects had been identified, it said, without giving details about the nature of the messages.
The firm broke through the technical difficulties of anonymous traceability through AirDrop, which prevented the further spread of inappropriate remarks and potential bad influence, the statement said.
CNN has reached out to Apple (AAPL) for comment.
AirDrop has been blamed for nuisance messages received by some commuters on subways and buses in Chinese cities. The popular wireless file sharing function was also reportedly used by protesters to spread anonymous messages critical of the Chinese government in the last few months of 2022.
According to international media, including The New York Times and Vice World News, some residents in China used AirDrop, which can be used only between Apple devices, to spread leaflets and images echoing slogans used ina rare protestagainst Chinese leader Xi Jinping in October of that year.
In 2019, AirDrop, which is effective only over short distances, was particularly popular among anti-government demonstrators in Hong Kong, who regularly used the feature to send colorful posters and artwork to subway passengers urging them to take part in protests.
In November 2022, Apple began to limit AirDrop sharingwith non-contacts for devices in China, which made it harder for users to share files with people they didnt know. That feature was later expanded globally.
The-CNN-Wire & 2024 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
See the rest here:
China claims it has cracked Apple AirDrops encryption to identify senders - WRAL News
China claims it can now bypass AirDrop encryption and identify senders – Android Authority
Aamir Siddiqui / Android Authority
TL;DR
Apples AirDrop is a popular iOS feature that allows Apple device owners to quickly share things like documents, images, and more. All a user has to do is be close to another device and have Bluetooth, Wi-Fi, and AirDrop enabled to share the file securely through end-to-end encryption. However, China is saying that it has found a way to bypass that encryption to identify users.
According to a report from Bloomberg, a Chinese state-backed organization in Beijing says it has discovered a way to identify AirDrop users who send messages. The technique reportedly allows the institution to see the phone numbers and email addresses of these senders.
The discovery is part of an effort in China to eliminate content it deems undesirable. For example, AirDrop was widely used by activists to share pro-democracy content during the protests in Hong Kong in 2019. The agency claims that police have used the technique to identify multiple suspects. However, the outlet says the police have not disclosed if anyone has been arrested.
The technique improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences, according to the agency. It remains to be seen how Apple will react to the news of AirDrop possibly being cracked. The publication states that an Apple representative did not respond to requests for comment.
Read more here:
China claims it can now bypass AirDrop encryption and identify senders - Android Authority