Friday, June 20, 2014

Hacker mimics

Imitating voices is something that always amazes us, who knows why! It is maybe because it allows us to bring vocal chords that most humans do not exploit to the fullest to their limits. It's more than singing. It is to bring the voice to unexpected places. Put another way, it is doing with the voice what a hacker (understood as a developer) does with the code.

If imitating voices amazes you, you have to hear the next story. A team led by Michael Ossmann is doing with its own resources its own imitation of NSA’s spy devices, revealed a year ago by Edward Snowden. They are managing to develop hardware and software through reverse engineering that could be accessible to anyone with a single stated purpose: to show the weaknesses of any company so they will be forced to make more and better security investments.

The goal of Ossmann’s team is particularly relevant this week, in which the British intelligence service has "given up" about the battle for credibility. It does not only recognize openly that it spies on its citizens, but also states that such actions are legal, including the surveillance of webmail services. It was said by Charles Farr, Director of the Office for Security and Counter-Terrorism at the United Kingdom's Home Office, who believes that both social networks and email are "external communications", and therefore can be intercepted without any previous warranty.

We may not be shocked about it if we consider how our data go from one company to another in just one click, but it is not clear at all which is the weakest link in the chain. And remember that criminals attack right there in the weakest link. No matters what the security measures of the company that gathers your details if on its legal transfer to third parties for commercial exploitation, these third parties have more holes than a Swiss cheese. Moreover, we can have high confidence in the larger suppliers, but they will sometimes ignore the security warnings that they get, as LinkedIn did: Six notices of identity theft related to the SSL and man-in-the-middle (MITM) vulnerabilities.

What is a MITM but a great example of "imitation", impersonating someone else in two directions -toward the service provider and to the user-? Well that is precisely the goodness of installing antimalware software on your Android device. It's not just for malicious applications, which have to deal with the accuracy of the Google machine, but for Zero-Day vulnerabilities affecting your legitimate applications and for social engineering attacks. A well targeted attack can take you to an unwanted link, an unexpected download and to a hijacked and encrypted smartphone or tablet. And much of the process will have been done, without your knowledge, using the TOR network, the cybercriminals’ favorite one to carry out its operations.


Post a Comment