OnePlus phones have a secret root backdoor and the password is ‘angela’

Posted on November 22, 2017 by Robin Edgar

An apparent factory cockup has left OnePlus Android smartphones with an exposed diagnostics tool that can be potentially exploited to root the handsets. Security researcher Robert Baptiste suggested the EngineerMode APK was made by Qualcomm, and was intended to be used by factory staff to test phones for basic functionality before they are shipped out Read more about OnePlus phones have a secret root backdoor and the password is ‘angela’[…]

Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

Posted on May 5, 2017 by Robin Edgar

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor. In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide Read more about Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors[…]

WhatsApp backdoor allows snooping on encrypted messages

Posted on January 13, 2017 by Robin Edgar

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline Read more about WhatsApp backdoor allows snooping on encrypted messages[…]

Cisco Finds Backdoor Installed on 12 Million PCs by French Advertiser Tuto4PC

Posted on April 29, 2016 by Robin Edgar

Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Read more about Cisco Finds Backdoor Installed on 12 Million PCs by French Advertiser Tuto4PC[…]

Ukraine energy utilities attacked again with open source Trojan backdoor

Posted on January 22, 2016 by Robin Edgar

Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]

Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices used by whitehouse, CIA, NSA, for communications

Posted on January 22, 2016 by Robin Edgar

In the funniest disclosure I’ve read in some time (well, it would be if it wasn’t so terribly dangerous), it turns out that these teleconferencing units had a hardcoded admin account with extra permissions built in with username BlackWidow. In the first “fix”, AMX basically changed the user to Batman. Poor show. SEC Consult: Deliberately Read more about Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices used by whitehouse, CIA, NSA, for communications[…]

French say ‘Non, merci’ to encryption backdoors

Posted on January 21, 2016 by Robin Edgar

The French government has rejected an amendment to its forthcoming Digital Republic law that required backdoors in encryption systems. Axelle Lemaire, the Euro nation’s digital affairs minister, shot down the amendment during the committee stage of the forthcoming omnibus digital bill, saying it would be counterproductive and would leave personal data unprotected. “Recent events show Read more about French say ‘Non, merci’ to encryption backdoors[…]

Fortinet tries to explain weird SSH ‘backdoor’ discovered in firewalls, calls it “management authentication issue”

Posted on January 13, 2016 by Robin Edgar

Anyone who uses this script against vulnerable firewalls will gain administrator-level command-line access to the equipment. After some outcry on Twitter and beyond, Fortinet responded by saying it has already killed off the dodgy login system. “This issue was resolved and a patch was made available in July 2014 as part of Fortinet’s commitment to Read more about Fortinet tries to explain weird SSH ‘backdoor’ discovered in firewalls, calls it “management authentication issue”[…]

Dutch govt says no to backdoors, slides $540k into OpenSSL without breaking eye contact

Posted on January 8, 2016 by Robin Edgar

A government position paper, published by the Ministry of Security and Justice on Monday and signed by the security and business ministers, concludes that “the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands.” The conclusion comes at the end Read more about Dutch govt says no to backdoors, slides $540k into OpenSSL without breaking eye contact[…]

How to log into any backdoored Juniper firewall – hard-coded password published

Posted on December 22, 2015 by Robin Edgar

And that password is:

Police voice recording systems hackable with backdoors

Posted on May 29, 2014 by Robin Edgar

"NICE Recording eXpress is designed specifically for the audio recording needs of the small and medium sized Public Safety organisation. This advanced recording solution offers a comprehensive, advanced, easy-to-install and affordable platform built for the Public Safety environment and Command and Control operations delivering optimal recording functionality and quality management." Source: http://www.nice.com/sites/default/files/nicerecordingexpress050112.pdf.pdf.pdf Business recommendation: ======================== Read more about Police voice recording systems hackable with backdoors[…]

Samsung Galaxy Backdoor

Posted on March 13, 2014 by Robin Edgar

Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the Read more about Samsung Galaxy Backdoor[…]

Police will have ‘backdoor’ access to health records despite opt-out, says MP

Posted on February 7, 2014 by Robin Edgar

The database that will store the entire nation’s health records has a series of "backdoors" that will allow police and government bodies to access people’s medical data. David Davis MP, a former shadow home secretary, told the Guardian he has established that police will be able to access the health records of patients when investigating Read more about Police will have ‘backdoor’ access to health records despite opt-out, says MP[…]

ACTA Lives: How the EU & Canada Are Using CETA as Backdoor Mechanism To Revive ACTA

Posted on July 10, 2012 by Robin Edgar

Yes, if they can’t get your freedoms one way, they will try another. Michael Geist – ACTA Lives: How the EU & Canada Are Using CETA as Backdoor Mechanism To Revive ACTA.

iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find

Posted on January 25, 2024 by Robin Edgar

iPhone apps including Facebook, LinkedIn, TikTok, and X/Twitter are skirting Apple’s privacy rules to collect user data through notifications, according to tests by security researchers at Mysk Inc., an app development company. Users sometimes close apps to stop them from collecting data in the background, but this technique gets around that protection. The data is Read more about iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find[…]

All Apples Wide open for 4 years, Kaspersky security company and many others in Moscow opened wide – photos, location, mic, etc – just by sending them an imessage. Shows how dangerous closed source is.

Posted on December 30, 2023December 30, 2023 by Robin Edgar

[…] after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don’t know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM’s CoreSight Further Reading “Clickless” Read more about All Apples Wide open for 4 years, Kaspersky security company and many others in Moscow opened wide – photos, location, mic, etc – just by sending them an imessage. Shows how dangerous closed source is.[…]

Internet Architecture Board hits out at US, EU, UK client-side scanning (spying on everything on your phone and pc all the time) plans – to save (heard it before?) kids

Posted on December 19, 2023 by Robin Edgar

[…] Apple brought widespread attention to this so-called client-side scanning in August 2021 when it announced plans to examine photos on iPhones and iPads before they were synced to iCloud, as a safeguard against the distribution of child sexual abuse material (CSAM). Under that plan, if someone’s files were deemed to be CSAM, the user Read more about Internet Architecture Board hits out at US, EU, UK client-side scanning (spying on everything on your phone and pc all the time) plans – to save (heard it before?) kids[…]

Decoupling for IT Security (=privacy)

Posted on November 15, 2023 by Robin Edgar

Whether we like it or not, we all use the cloud to communicate and to store and process our data. We use dozens of cloud services, sometimes indirectly and unwittingly. We do so because the cloud brings real benefits to individuals and organizations alike. We can access our data across multiple devices, communicate with anyone Read more about Decoupling for IT Security (=privacy)[…]

EU Trys to Implement Client-Side Scanning, death to encryption By Personalised Targeting of EU Residents With Misleading Ads

Posted on November 2, 2023 by Robin Edgar

The EU Commission has been pushing client-side scanning for well over a year. This new intrusion into private communications has been pitched as perhaps the only way to prevent the sharing of child sexual abuse material (CSAM). Mandates proposed by the EU government would have forced communication services to engage in client-side scanning of content. Read more about EU Trys to Implement Client-Side Scanning, death to encryption By Personalised Targeting of EU Residents With Misleading Ads[…]

Integrating OpenAI’s ChatGPT and GPT-4: Socket’s story with code vulnerability scanning (it works very well)

Posted on March 31, 2023 by Robin Edgar

Several months ago, Socket, which makes a freemium security scanner for JavaScript and Python projects, connected OpenAI’s ChatGPT model (and more recently its GPT-4 model) to its internal threat feed. The results, according to CEO Feross Aboukhadijeh, were surprisingly good. “It worked way better than expected,” he told The Register in an email. “Now I’m Read more about Integrating OpenAI’s ChatGPT and GPT-4: Socket’s story with code vulnerability scanning (it works very well)[…]

Scammers Are Scamming Other Scammers Out of Millions of Dollars

Posted on December 8, 2022 by Robin Edgar

Nobody is immune to being scammed online—not even the people running the scams. Cybercriminals using hacking forums to buy software exploits and stolen login details keep falling for cons and are getting ripped off thousands of dollars at a time, a new analysis has revealed. And what’s more, when the criminals complain that they are being Read more about Scammers Are Scamming Other Scammers Out of Millions of Dollars[…]

Lenovo driver goof poses security risk for users of 25 notebook models

Posted on November 12, 2022 by Robin Edgar

More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday. At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates Read more about Lenovo driver goof poses security risk for users of 25 notebook models[…]

Egypt’s COP27 summit app can read your emails and encrypted messages, scan your device, send your location

Posted on November 10, 2022 by Robin Edgar

Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations. […] The potential vulnerability from the Android app, which has been downloaded thousands of times and provides a Read more about Egypt’s COP27 summit app can read your emails and encrypted messages, scan your device, send your location[…]

Cheekmate – build your own anal bead Chess cheating device howto

Posted on October 7, 2022 by Robin Edgar

Social media is abuzz lately over the prospect of cheating in tournament strategy games. Is it happening? How is that possible with officials watching? Could there be a hidden receiver somewhere? What can be done to rectify this? These are probing questions! We’ll get to the bottom of this by making a simple one-way hidden communicator using Adafruit Read more about Cheekmate – build your own anal bead Chess cheating device howto[…]

Hackers Are Hypervisor Hijacking in the wild now

Posted on September 30, 2022 by Robin Edgar

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy Read more about Hackers Are Hypervisor Hijacking in the wild now[…]