Connect with us

Tech News

SIM maker Gemalto denies damage amid hacking fallout

Published

on

Reuters / Dado Ruvic

Dutch-based chip maker Gemalto has acknowledged that American and British spy agencies tried hacking its systems years ago, but critics have slammed that response as denial and damage control.

In a statement Wednesday, the multinational corporation confirmed last week’s revelations of hacking by the United States National Security Agency and Britain’s GCHQ in 2010 and 2011, claiming they “only breached its office networks and could not have resulted in a massive theft of SIM encryption keys” as reported.

READ MORE: Gemalto says SIM cards ‘secure’ despite NSA, GCHQ hacking claim

Reporters who uncovered the hacking attempts have criticized Gemalto’s statement, saying the company only learned about the attacks last week when reached for comment, and that a proper investigation in just five days was simply not possible.

 

The Intercept magazine, which published the original investigation into the Gemalto hacks, quoted several security experts who characterized the company’s statement as “a lot of effort…to minimize and deny the impact of some old attacks,” and more of a “damage assessment” than a proper investigation.

“A true forensic investigation in such a complex environment is not possible in this time frame,” Ronald Prins of the Dutch firm Fox IT told The Intercept.

Last week, The Intercept published an investigation into the hacks by Jeremy Scahill and Josh Begley, based on the revelations by Edward Snowden, a former contractor for the NSA. Snowden’s documents provided insight into how and why the surveillance services targeted the Dutch-based multinational. Gemalto makes some two billion SIM cards for 450 wireless providers around the world, as well as chips for luxury cars and biometric US passports. Its security technology is used by more than 3,000 financial institutions and 80 government organizations.

Gemalto’s statement claims no breaches were found in the secure networks “running our SIM activity,”or “our other products such as banking cards, ID cards or electronic passports.”

 

However, documents cited by The Intercept directly contradict this: We “believe we have their entire network,” the author of a secret GCHQ slide reportedly boasted.

The Intercept’s investigation reported that the hacks targeted SIM cards belonging to mobile operators in “Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan.”Gemalto acknowledged this, but claimed these cards were using the obsolete, 2G technology, and that current users in the West – who rely on 3G, 4G and LTE technology – were “not affected.”

Targeting the manufacturer of SIM cards, used in most mobile devices around the world, would give the US and UK intelligence agencies the ability to collect mobile communications without government warrants or the permission of service providers.

 

Theft of the SIM keys “enables the bulk, low-risk surveillance of encrypted communications,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, told The Intercept. Gemalto and its employees were targeted by spies “not because they did anything wrong, but because they could be used as a means to an end,” he added.

According to The Intercept, fixing the security flaws in the current mobile phone system that intelligence agencies “regularly exploit” would take “billions of dollars, significant political pressure, and several years.” Jeremy Scahill, one of the authors of the original article, was disappointed by Gemalto’s denials as much as the media’s willingness to take them at face value.

Eric King, deputy director of the London-based advocacy group Privacy International, called trust in the security of communications systems “essential for our society and for businesses to operate with confidence” in a statement on Wednesday, adding that “The impact of these latest revelations will have ripples all over the world.”

 

China appears to have taken notice already. Citing security concerns over Western hardware, the government in Beijing has dropped a number of Western companies from its approved state purchase lists. Cisco, Apple, Citrix, and Intel’s McAfee security software are among the affected.

However, unnamed technology executives told Reuters that security concerns were only a pretext, and that the “real objective was to nurture China’s domestic tech industry and subsequently support its expansion overseas.”

source:http://rt.com/usa/235571-gemalto-sim-damages-nsa-hack/

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Business

BANK OF CHILE HIT BY CYBER-ATTACK, HACKERS ROB MILLIONS

Published

on

By

Shares in the Bank of Chile were down on Monday after it confirmed hackers had syphoned off $10 million (roughly Rs. 67 crores) of its funds, mainly to Hong Kong, though the country’s second-largest commercial bank said no client accounts had been impacted.

The cyberheist is the latest in a string of such attacks, including one in May in Mexico in which thieves used phantom orders and fake accounts to steal hundreds of millions of Mexican pesos out of the country’s banks, including Banorte.

Shares in the Bank of Chile, which is controlled by the Chilean Luksic family and Citigroup, were down 0.47 percent at CLP 100.4 ($.16) in mid-day trading.

Bank CEO Eduardo Ebensperger told Chilean daily La Tercera in an interview on Saturday that hackers had initially used a virus as a distraction, prompting the bank to disconnect 9,000 computers in branches across the country on May 24 to protect customer accounts.

Meanwhile, the hackers quietly used the global SWIFT bank messaging service to initiate a series of fraudulent transactions that were eventually spotted by the bank and cancelled but not before millions were funnelled to accounts abroad.

“The [attack] was meant to hurt the bank, not our customers,” Ebensperger said.

Ebensperger said a forensic analysis conducted by Microsoft had determined the attack was the work of a sophisticated international group of hackers, likely from eastern Europe or Asia, and that the bank had filed a criminal complaint in Hong Kong.

The bank said in a May financial statement that it would work with insurers to recoup the lost funds.

 

 

 

 

source: Gadgets 360

Continue Reading

Industry

HUAWEI MATE 20 PRO TIPPED TO SPORT A 6.9-INCH SAMSUNG OLED DISPLAY

Published

on

By

arlier this month, Huawei introduced the Watch 2 smartwatch with an eSIM and voice call support. Now, a new development claims that the company is procuring OLED displays from Samsung. The South Korean giant is said to have already sent out samples to Huawei, and if all goes well, full scale production is expected to start by Q3 2018. The smartphone to sport these 6.9-inch OLED panels is said to release sometime in the fourth quarter or even early 2019, and we largely expect to see them on the Huawei Mate 20 Pro.

South Korean media The Bell reports that Samsung is in the process of finalising samples with Huawei for its order of 6.9-inch OLED displays. These large-sized displays are usually seen on Huawei’s P series or Mate series. While the P30 series is not expected to arrive before MWC 2019, the Mate series traditionally arrives sometime in Q4. Furthermore, with the screen size being so large, we expect the Pro version to sport the 6.9-inch display, while the Mate 20 could sport a 6.1-inch or some such.

If Huawei is indeed bringing a 6.9-inch display smartphone, it should easily win the screen size battle, as the iPhone X Plus is expected to sport a 6.5-inch display, while the Samsung Galaxy Note 9 is expected to sport a 6.4-incher. These large sized displays are very popular in the Chinese market, and Huawei wants to meet expectations in its home market. Bigger screens are popular also because of the large text area used by the Chinese language, the report adds. Huawei wouldn’t want to lose its momentum in its biggest market by not staying ahead of its game.

Of course, all of this is based on sheer speculation, and we expect you to take everything with a pinch of salt, till Huawei makes things official.

 

 

Source: Gadget360

Continue Reading

Business

VPN TUNNEL : WHAT IS IT, HOW CAN IT KEEP YOUR INTERNET DATA SECURE

Published

on

By

With growing censorship and regulations threatening global internet freedom and security, in turn, we’ve seen an increasing number of services become available to protect your online web browsing.

Virtual Private Networks (or VPNs) have become increasingly popular in recent years for their ability to bypass government censorship and geo-blocked websites and services, and do so without giving away who is doing the bypassing.

For a VPN to do this, it creates what is known as a tunnel between you and the internet, encrypting your internet connection and stopping ISPs, hackers, and even the government from nosing through your browsing activity.

We explain the basics of what a VPN is here
What is a VPN Tunnel?
When you connect to the internet with a VPN, the VPN creates a connection between you and the internet that surrounds your internet data like a tunnel, encrypting the data packets your device sends.

While technically created by a VPN, the tunnel on its own can’t be considered private unless it’s accompanied with encryption strong enough to prevent governments or ISPs from intercepting and reading your internet activity.

The level of encryption the VPN tunnel has depends on the type of tunneling protocol used to encapsulate and encrypt the data going to and from your device and the internet.

Types of VPN tunneling protocols
There are many types of VPN tunneling protocols that offer varying levels of security and other features. The most commonly used tunneling protocols in the VPN industry are PPTP, L2TP/IPSec, SSTP, and OpenVPN. Let’s take a closer look at them.

1. PPTP
Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.

PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.

While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity – government agencies and authorities like the NSA have been able to compromise the protocol’s encryption.

2. L2TP/IPSec
Layer 2 Tunneling Protocol (L2TP) is used in conjunction with Internet Protocol Security (IPSec) to create a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel.

L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented. This double encapsulation does, however, make it a little slower than PPTP. It can also struggle with bypassing restrictive firewalls because it uses fixed ports, making VPN connections with L2TP easier to block. L2TP/IPSec is nonetheless a very popular protocol given the high level of security it provides.

3. SSTP
Secure Socket Tunneling Protocol, named for its ability to transport internet data through the Secure Sockets Layer or SSL, is supported natively on Windows, making it easy for Windows users to set up this particular protocol. SSL makes internet data going through SSTP very secure, and because the port it uses isn’t fixed, it is less likely to struggle with firewalls than L2TP.

SSL is also used in conjunction with Transport Layer Security (TLS) on your web browsers to add a layer to the site you’re visiting to create a secure connection with your device. You can see this implemented whenever the website you visit starts with ‘https’ instead of ‘http’.

As a Windows-based tunneling protocol, SSTP is not available on any other operating system, and hasn’t been independently audited for potential backdoors built into the protocol.

4. OpenVPN
Saving the best for last, we have OpenVPN, a relatively recent open source tunneling protocol that uses AES 256-bit encryption to protect data packets. Because the protocol is open source, the code is vetted thoroughly and regularly by the security community, who are constantly looking for potential security flaws.

The protocol is configurable on Windows, Mac, Android, and iOS, although third-party software is required to set up the protocol, and the protocol can be hard to configure. After configuration, however, OpenVPN provides a strong and wide range of cryptographic algorithms that will allow users to keep their internet data secure and to even bypass firewalls at fast connection speeds.

Which tunneling protocol should I use?
Advertisement

Even though it’s the fastest, you should steer clear of PPTP if you want to keep your internet data secure. L2TP/IPSec provides 256-bit encryption but is slower and struggles with firewalls given its fixed ports. SSTP, while very secure, is only available on Windows, and closed off from security checks for built-in backdoors.

OpenVPN, with its open source code, strong encryption, and ability to bypass firewalls, is the best tunneling protocol to keep your internet data secure. While it requires third-party software that isn’t available on all operating systems, for the most secure VPN connection to the internet, you’ll want to use the OpenVPN protocol.

A good VPN service should offer you the choice of at least these four types of tunneling protocols when going online. We’ve compiled a list of the best VPNs in the industry for you to get started on protecting your internet data.

 

 

 

Source: Tech Radar

 

Continue Reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 675 other subscribers

Advertisement

Trending

%d bloggers like this: