• Microsoft is spending resources taking down botnets (via HNTV).  I’m happy for this decision, as Microsoft does have the ability to provide a lot of knowledge regarding how botnets misuse their operating systems.
  • Want to hack Android phones?  Just use malicious QR codes (and put them up on posters in various areas; people love clicking on things they shouldn’t), or put out an app which has Internet access permissions and read a lot of HTC logs.  Right now, cell phone security is almost nonexistent.  People assume that they don’t need any kind of security, and that nothing bad could happen—it’s just a phone, right?  An analogy that I saw was that cell phone security is approximately at Windows 98 levels.  As I said, almost nonexistent.
  • What happens when a government designs a Trojan Horse?  Yukabacera at The Daily WTF forums describes the Bundestrojaner.  I have not yet read the Computer Chaos Club’s report (in German), but I look forward to it.  It sounds like the type of thing we should all be afraid of:  when governments build backdoors into applications or try to get their own code in to spy on people, what prevents bad guys (assuming that government officials themselves aren’t bad guys or don’t abuse their power to spy on plumbers) from hijacking that same code?  The existence of a vulnerability is scary enough, and unlike private vulnerabilities, the government may deem this one “necessary,” meaning that people couldn’t remove it.

2 thoughts on “Security News

  1. I would be stunned, personally, if the US doesn’t do this already. I can very easily imagine that every new communications technology manufacturer, say, a new program for encryption, gets a call from the NSA. Of course, the NSA is also totally capable of just hacking it themselves.

    EDIT: I think part of the reason security is weak on cell phones is because cell phones are more difficult to access without user assistance, so the market just isn’t there. If I remember correctly, cell phones are very difficult to get a wire tap for, from a technical standpoint. Tracking a person’s location is easy; their conversation is not.

    1. There are a number of applications which I know do not do this. There are federal laws which require companies to provide private keys or transmissions if they hold the data, but in the case of something like Skype (where it’s peer-to-peer), there’s no such luck.

      I’d argue that the reason cell phones don’t have good security is that the market for security isn’t important yet. Right now, manufacturers are in the expansion phase, where they want to wow people with shiny gizmos and pretty gadgets. This means lots of cool stuff, but little security. Apple’s security is a bit better (in part because they limit who’s allowed to market products in their iPhone store), but malware still gets through and that doesn’t stop people with rooted phones from installing stuff.

      Even if tracking a conversation is difficult, getting all of their text messages, website and search histories, etc. isn’t that hard to do—HTC made it really easy (on accident). Apple also did a good job of holding all kinds of tracking data in iPhones, though that was a bit harder to get at. Really, it goes back to economics. There simply isn’t enough of a market for a secure but not-really-functional phone. That was the Blackberry, and RIM is dying. Granted, RIM is dying in part because of their own actions, but the Blackberry model—before governments started watering it down—was really sound: the company hosts its own Blackberry server with its own private keys. RIM forwards encrypted messages along, but never sees the unencrypted text. The devices were pretty sound and their OS wasn’t that easy to break. You didn’t want to root Blackberry phones, and although you could install some applications, they didn’t have quite as many privileges as consumer-grade products. Unfortunately, people want the consumer-grade toys rather than the industrial/commercial work devices, and they don’t like carrying around 2-3 phones. As a result, and due to to some poor marketing and product manufacture by RIM, Blackberry’s share of the market has declined precipitously, being eaten up by Android and, to a smaller extent, the iPhone.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s