Tag Archive for: Tracing

Blockchain security companies tackle cryptocurrency theft, ransom tracing

/in


According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value.

Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.

The threat actors in these and other instances likely didn’t keep all or even most of the astonishing amounts stolen but, in many cases, are increasingly granted handsome “bounties” in exchange for a return of some or most of the missing funds. Avraham Eisenberg, the man behind a $114 million exploit on Mango Markets in mid-October, got to keep $47 million of his allegedly ill-gotten gains in exchange for returning $67 million to the project.

A new crop of cybersecurity companies has emerged

The mind-boggling amount of money generated from crimes against an array of digital finance segments has no real parallels in the traditional cybersecurity world, which has yet to amass the expertise needed to discover, track, and remediate security incidents in the blockchain space. Part of the reason conventional cybersecurity professionals are reluctant to devote resources to the digital currency arena is the belief among many top experts that cryptocurrencies are little more than financial fraud, an opinion they feel is borne out by the current collapse in the cryptocurrency market.

Against this backdrop, a new crop of security companies has emerged to help Web3 firms cope with the chronic crime and assist…

Source…

Aarogya Setu’s journey from a quick fix for contact tracing to ‘health app of the nation’

/in


Aarogya Setu started off as a contact tracing app for the country but is now integrated with Ayushman Bharat Digital Mission (ABDM), ABHA and with additional functionalities like sharing health status through QR code, Open API, health advisories, and testing lab details, “ it has transitioned into the health app for the nation,” National Informatics Centre (NIC) Director Seema Khanna told indianexpress.com. Incidentally, the app no longer enables contact tracing via Bluetooth, a feature the Aarogya Setu team says can be “re-introduced… depending upon the health department requirements.”

During the early days of the Covid-19 outbreak in India, after getting crucial inputs from epidemiologists and experts, it was understood that contact tracing was going to be the key factor in controlling the spread of the disease. Even developed countries were struggling in carrying out contact tracing, and implementing contact tracing for a nation like India with over a billion people was going to be even tougher.

MEITY-NIC had only a few weeks to architect a solution from scratch, develop the solution, test it and roll it out to millions of users. “As a response to the national crisis, a few enterprising and brilliant volunteers came together from industry and academia and facilitated the release of the initial framework and prototype in a matter of weeks. With the help of senior experts from government, private sector and academia, the prototype was further augmented and turned into a full-fledged app,” one of the team members said.

As many as 102 members including people from the government, industry and academia leadership were all part of the project. The app is currently being offered under the umbrella of MOHFW, NHA with NIC under Meity as the IT partner. Indeed, the app required funding to operate and continues to do so.

Prior to Aarogya Setu, contact tracing was being carried out manually, mostly through human contact tracers. The team was able to leverage the mobile app to carry out contact tracing on a mass scale. In the absence of Aarogya Setu, the nation would have needed lakhs of human contact tracers, who would need to go door-to-door in every nook and corner of the…

Source…

Covid-19 Contact Tracing on Android Is Not So Private After All

/in


Illustration for article titled It Turns Out Covid-19 Contact Tracing on Android Is Not So Private After All

Photo: Florence Ion/Gizmodo

At the start of the pandemic, Apple and Google scrambled to enable covid-19 contact tracing on their respective smartphone operating systems. The feature, which works across iOS and Android, was designed to help folks quickly determine if they’d been exposed to the virus by simply enabling a contact-tracing setting. Both companies had promised that pertinent data collected from the features, like where you’d been and who you’d passed by, would remain relatively anonymous and that only public health agencies would have access to that information.

Unfortunately, the opposite was true for the Android version of covid-19 tracing tool. The Markup published a report of a significant privacy flaw that allows hundreds of preinstalled apps offered by major Android manufacturers to access sensitive data. Apps like the Samsung Browser and Motorola’s MotoCare have grandfathered access to system logs for analytics and crash reports, which is where the data is stored.

The contact-tracing tools work by exchanging anonymized Bluetooth signals with other phones that have the ability enabled. (On Android, you can flip it on with a switch in the device settings menu.) Those signals change every 15 minutes so that individual users aren’t identifiable, created from a key that’s refreshed every 24 hours. The signals generated and received by an Android phone’s contact tracing are then saved into the device system logs. It’s there that Samsung, Motorola, Huawei, and other major Android players have automatic access to that data.

AppCensus, a mobile security firm, discovered the breach when testing the Android and iPhone contact tracing system as part of a contract with the U.S. Department of Homeland Security. The firm had found that the logs showed sensitive data, like whether a person was in contact with someone who had tested positive for covid-19. The data also contained information like the device name, MAC address, and advertising ID, which is what Google Play services use to personalize ads.

AppCensus claims that Google repeatedly dismissed the firm’s concerns when it brought up the issue in a February submission to Google’s bug bounty program….

Source…

Report: Guardsquare Reveals Security and Privacy Risks Persist in Global COVID-19 Contact Tracing Apps | Business

/in


LEUVEN, Belgium–(BUSINESS WIRE)–Dec 10, 2020–

Guardsquare, the mobile application security platform, today announced the release of the company’s second “Global Contact Tracing App Analysis,” which reassesses the levels of security protections and privacy risks of COVID-19 contact tracing apps. The report found that of the 95 mobile apps analyzed, 60% use the official application programming interface (API) for secure exposure notifications. For the remaining 40% of the contact tracing apps, the majority of which gather GPS location data, security is paramount ‒ yet lags.

“It is always important to follow security best practices during the development of any application which handles sensitive user data, and that is even more true when that app is a vital tool in the worldwide fight against the pandemic. Contact tracing apps gathering user location data and personally identifiable information are especially attractive targets for exploitation, further reinforcing the need for developers to implement essential security protections,” said Grant Goodes, Chief Scientist at Guardsquare.

Contact tracing apps have been commissioned and distributed by governments around the world to track and notify individuals of exposure to COVID-19 so they can take appropriate action in order to prevent the spread of the virus. Guardsquare first analyzed government-sponsored COVID-19 contact tracing Android mobile apps in June 2020, uncovering that the vast majority lacked even basic security protections. For this report, Guardsquare reanalyzed the original Android apps (with the exception of those no longer in use), added new apps that have since emerged, and included iOS mobile apps to derive insights into the two market-leading mobile operating systems.

In the updated analysis, Guardsquare found use of the Exposure Notification API developed by Apple and Google to be much more prevalent than in the June report. Notably, of the apps Guardsquare analyzed, 62% of the Android apps and 58% of the iOS apps are using the API. However, contact tracing apps not using the Exposure Notification API have applied either a minimal level of fundamental security…

Source…