Tag Archive for: Frontier

The new frontier in online security: Quantum-safe cryptography


cryptography
Credit: Pixabay/CC0 Public Domain

A team of experts led by Monash University researchers, in collaboration with Australia’s national science agency CSIRO, has created an algorithm that can help strengthen online transactions that use end-to-end encryption against powerful attacks from quantum computers.

Cryptography researchers from Monash University’s Faculty of Information Technology and CSIRO’s data and digital specialist arm Data61 have developed the most efficient quantum-secure cryptography algorithm, called “LaV,” to enhance the security of end-to-end encryption, with potential application across instant messaging services, data privacy, cryptocurrency and blockchain systems.

End-to-end encryption is a way to secure digital communication between a sender and receiver using encryption keys. Mobile messaging services like WhatsApp and Signal use end-to-end encryption so that no one, including the communication system provider, telecom providers, internet providers or hackers can access the information being transmitted between the sender and the receiver.

It would take millions of years for a normal computer or even a supercomputer to hack into and gain access to data protected by end-to-end encryption. But a large-scale quantum computer could break current encryption within minutes and gain access to encrypted information more easily.

Lead researcher of the collaborative quantum security project, Dr. Muhammed Esgin, said the new cryptography tool will help make end-to-end encryption more secure, so online services can withstand hacks or interference from the most powerful quantum computers in the future.

“While end-to-end encryption protocols are quite well established and are used to secure data and messaging in some of the most popular instant messaging applications across the world, currently they are still vulnerable to more sophisticated attacks by quantum computers,” Dr. Esgin said.

“This new cryptographic tool can be applied to various mobile…

Source…

Privacy International and the Electronic Frontier Foundation’s Statement on Unauthorized Access to Data


Statement to the second session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes on Agenda Item 4: [illegal/unlawful/unauthorized] access

Addressing some of the first group of questions, we believe that any future Treaty should ensure that [illegal/unlawful/unauthorized] access does not criminalize security research, whistleblowers, and other novel and interoperable uses of technology that ultimately benefit all of usIn particular, the [unauthorized] access to a computer system provision should explicitly require the intention to access a computer system and the person’s intent to cause damage or defraud (malicious intent or mens rea). Without malicious intent, this future treaty risks harshly criminalizing “breaking security,” potentially without any need for harm or damage and seemingly without regard to whether the purpose was beneficial.

Some States have also interpreted unauthorized access laws so broadly as to put computer security researchers at risk of prosecution for engaging in socially beneficial security testing through standard security research practices. “Without authorization” should be defined more clearly to require the circumvention of a technical barrier like a password or other authentication stage. 

When it comes to whistleblowing, the 2015 report of the UN Special Rapporteur of freedom of expression noted that prosecution of whistleblowers generally deters whistle-blowing and recommended that States avoid it, reserving it, if at all, only for exceptional cases of the most serious demonstrable harm to a specific legitimate interest. 

The report states that “in such situations, the State should bear the burden of proving an intent to cause harm, and defendants should be granted (a) the ability to present a defense of an overriding public interest in the information, and (b) access to all information necessary to mount a full defense… Penalties should take into account the intent of the whistle-blower to disclose information of public interest and meet international standards of legality, due process, and proportionality.”…

Source…

The next frontier of warfare is online


Sometime in mid-2009 or early 2010 — no one really knows for sure — a brand new weapon of war burst into the world at the Natanz nuclear research facility in Iran. Unlike the debut of previous paradigm-shattering weapons such as the machine gun, airplane, or atomic bomb, however, this one wasn’t accompanied by a lot of noise and destruction. No one was killed or even wounded. But the weapon achieved its objective to temporarily cripple the Iranian nuclear weapon program, by destroying gas centrifuges used for uranium enrichment. Unfortunately, like those previous weapons, this one soon caused unanticipated consequences.

The use of that weapon, a piece of software called Stuxnet widely concluded to have been jointly developed by the United States and Israel, was arguably the first publicly known instance of full-scale cyberwarfare. The attack deployed a software vulnerability or exploit, called a zero-day, buried so deeply in computer code that it remains undetected until someone — a team of hackers, a criminal, an intelligence or law enforcement agency — activates it. We’ve all heard of, and perhaps even been victimized by, criminal hacks that may have pilfered our credit card numbers and passwords, or been spammed by suspicious emails that invite us to claim supposed Nigerian fortunes. But zero-days operate on a different level entirely.

“Zero-days offer digital superpowers,” New York Times cybersecurity reporter Nicole Perlroth writes in “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race.”

“Exploiting a zero-day, hackers can break into any system — any company, government agency, or bank — that relies on the affected software or hardware and drop a payload to achieve their goal, whether it be espionage, financial theft, or sabotage. There are no patches for zero-days, until they are uncovered. It’s a little like having the spare key to a locked building.”

Such capabilities, says Perlroth, make zero-days “one of the most coveted tools in a spy or cybercriminal’s arsenal.”

As with any other highly coveted commodity, a vast covert global market has sprung up to meet the demand for zero-days. Perlroth explains that this invisible digital trade was…

Source…

Physical World Hacking – the New Frontier of Cybercrime | Kenny Sahr


Cybercrime cost businesses and governments over $1 trillion in 2020, according to security software company McAfee. When we speak of cybercrime, we refer to damage to digital assets – computer files. Cybercrime is quickly moving from the digital world to the physical world.

Our Connected World
Over the past few years, more and more “things” are being connected. Smartphones are connected to the newly-minted smart home via light bulbs and appliances. Factories are adding internet connected parts and machinery. Cars are increasingly run by software. The COVID pandemic is accelerating the trend as people work at home and gain access to physical assets (and not just files) from factories that until recently were “air-gapped” (not connected to networks).

Imagine this scenario: a factory manager has access to a boiler from his home office. He ignores IT cybersecurity rules and a hacker gains access to his laptop. The hacker can theoretically raise the temperature of the boiler and cause damage to physical assets and people.

The Dangers of Hacking the Physical World
Criminal hackers are well aware of the new frontier of physical world hacking. The general public is not. The goal of this article is to inform you of what to expect in the coming years. Cybercrime is dangerous enough today. Adding the element of harming people and “stuff” takes cybercrime to a whole new level. I hope society is ready for the wave that is coming.

Let’s take a quick look at the future of cybercrime.

Automotive Hacking
Imagine hackers capable of distracting drivers. It is enough to generate flashing lights on the dashboard in order to wreak havoc. How about changing code on the software that runs your brakes? Cars are especially vulnerable for two reasons –

1. Cars move fast and can harm drivers, passengers and pedestrians
2. It is not easy to update the software or operating system of a car

The roads are dangerous enough without the added risk of hacking. Furthermore, unlike your phone or laptop, it is not easy to update a car’s software. On our personal devices, it just takes a few clicks in order to fix a vulnerability. For a car, today this translated into a recall – bringing an…

Source…