Tag Archive for: secretly

Why You Should Stop Apple ‘Secretly’ Reading Your iMessages

/in


So, what’s going on with iMessage? How come its end-to-end encryption can be compromised by Apple to access user content? Surely, messages are either end-to-end encrypted or they’re not—is that not the entire point?

But Apple can access iMessage content despite those messages being protected by the company’s end-to-end encrypted architecture. As Forbes reported earlier this year, Apple can decrypt and provide iMessages to law enforcement when required.

While many argue that breaking end-to-end encryption to support law enforcement is justifiable, the problem is that any spare key or a backdoor is a security weakness. Content is either end-to-end encrypted or it’s not. It really is that simple. This is the debate now raging between governments and tech on the future of encryption.

“iMessage users may wrongly believe that their communication is private,” ESET’s Jake Moore warns, “but with access granted from just with a backup created, it somehow defeats its success in protection.” And he should know, as a former digital forensics police investigator. “Messaging platforms often mention privacy at the core of their design, but backdoor access can come from a small number of directions.”

In contrast to iMessage, Signal cannot provider user content, however forcibly it’s requested by governments or agencies. Even WhatsApp cannot break its own encryption, albeit cloud backups of WhatsApp chats can be accessed.

“Who polices those with the access to the backdoor?” Immersive Labs’ Sean Wright asks. “How do we ensure it’s not misused? Is it the process going to be transparent?”

When it comes to Apple, the situation is complex. Because with just a simple setting change on your phone, you make it impossible for Apple to access your iMessages, you vastly improve the security of all that private information.

The problem is cloud backups, of course. With WhatsApp, users can enable or disable a cloud backup to restore their chat histories if they lose or change their phones. Those backups are outside the platform’s end-to-end encryption. And while it seems that this may be fixed in some future release, right now the only option is to…

Source…

6 Sings Your Computer Is Secretly Mining Cryptocurrency

/in


While blockchain technology represents one of the safest ways to secure and keep your funds, hackers are also trying to keep track of the most recent technologies and security measures to try to find a way to bypass high levels of security. In that matter, it is very important to earn how to store your Bitcoin and other cryptocurrencies most safely. The safest method is to keep them on your e-wallet, especially offline ones while choosing to store them on some online platform like crypto exchange might bring some risks. There were already some cases where thefts managed to steal millions from online crypto platforms. Also, you should beware of unknown sources when it comes to trading websites as well. You can visit techround.co.uk to read more about the important factors that you should know before choosing the right online exchange.

Furthermore, we have to mention cryptojacking, which is one of the most recent methods that hackers are using to exploit sources of other people to mine cryptocurrencies. They are using various methods for this technique. Some of the most common are malware files that can start using your PC for mining and adding a code to your website. The main issue is that you might not notice that on time. Here are some of the best ways to find out if someone is secretly mine cryptocurrencies on your computer.

1. Overheating Hardware

Source:onlinecmag.com

Hardware is the most important part of the mining process, especially the graphics card. Since the mining process is getting more difficult over time, people need more resources for the efficient creating of blocks of codes. That is especially important for Bitcoin. Today, we have big mining centers where miners are combining hundreds of mining rigs for more efficient processes. However, some of them might try to use some alternative ways to get enough resources, and sharing malware files is one of them. The blockchain coding requires high spec hardware, and you could notice that something is not right with your PC in case it starts overheating even when you are not running any demanding operations on it. That is the sign for checking all of the files and look for malware and viruses.

2. Inspect Your…

Source…

Android users may have been secretly charged by popular app – how to check

/in


Cybercrimes have been on the rise during lockdown as millions of mobile phone and tablet users download apps to relieve the boredom or help them unleash their creative side on social media.

A new security study has revealed that one such app available on the Google Play Store, which has been downloaded by over 100 million users worldwide, could be secretly withdrawing cash from your linked debit or credit card account.

VivaVideo is described as a ‘Pro Video Editor and Free Video Maker app’ on the Google Play Store and has received over 12 million reviews with an average rating of 4.4 stars out of five. 

But, security experts Upstream Systems have taken a closer look at the app and said their Secure-D platform identified over 20 million “fraudulent transaction attempts” from VivaVideo since early 2019.

Android users have been urged to update their devices as soon as possible

Upstream Systems added that these transactions could have resulted in $27 million (over £20 million) in fake charges for users of the Android app.

They said these “fraudulent” transactions came from VivaVideo users being signed up in secret to premium subscription plans, reports Express Online.

The VivaVideo app allegedly sent invisible ads to users in an attempt to get them to sign-up to these paid-for plans.

Upstream Systems said their Secure-D platform has managed to block over 20 million suspicious transactions from the VivaVideo app.

While they added that suspicious activity was detected in 19 countries, including the UK, Brazil was the heaviest hit region with over 11.5 million dubious transaction attempts.

In their study online Upstream Systems said: “Upstream’s mobile security platform Secure-D identified that a popular Android app was responsible for over 20 million fraudulent transaction attempts that could have resulted in $27 million in fake charges for users.

“The VivaVideo app has been initiating premium subscription attempts, delivering invisible ads to users while avoiding detection by users.”

Latest Scams To Look Out For

Besides trying to secretly sign users up to paid-for…

Source…

500 Chrome extensions secretly uploaded private data from millions of users

/in
500 Chrome extensions secretly uploaded private data from millions of users

Enlarge

More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.

The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions.

“In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users,” Kaya and Duo Security Jacob Rickerd wrote in a report. “This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users’ knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store’s fraud detection mechanisms.”

Read 11 remaining paragraphs | Comments

Biz & IT – Ars Technica