Tag: encryption

Ottawa’s Hidden Agenda: Bill C-26 Aims for Secret Surveillance Backdoors

Canada’s Bill C-26, currently making its way through the country’s parliament, includes “secretive” provisions that can be used to break encryption, researchers are warning.

As far as its sponsors are concerned, Bill C-26 is cyber security legislation intended to amend the Telecommunications Act and other related acts.

But the way the Telecommunications Act will be amended is by allowing the government to force companies operating in that industry to include backdoors in networks protected by encryption, a pair of University of Toronto’s Citizen Lab researchers suggest.

In case the government decides its surveillance needs require altering “the 5G encryption standards that protect mobile communications” – then this can also be done, should C-26 become law.

This raises several important questions, such as whether the bill’s purpose might be precisely to undermine encryption, considering that the government decided not to include amendments in the text that would prevent this.

Another worrying aspect is that given the already lacking level of security in the telecommunications space, the government would be expected to try to fix the existing problems, rather than create new ones, the researchers note.

The amendment that could have rectified this situation was proposed last year by the Citizen Lab, while civil society and industry leaders and experts also participated in parliamentary hearings concerning C-26 to recommend restricting what are said to be the draft’s broad powers to prevent “technical changes from being used to compromise the ‘confidentiality, integrity, or availability’ of telecommunication services.”

However, these warnings fell on deaf ears, with the bill now progressing through parliament without the recommended changes, and despite MPs stating that facilitating and broadening mass surveillance in Canada was not the motive behind C-26.

Keep reading

New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.

“Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks,” Hosein Yavarzadeh, the lead author of the paper, said in a statement shared with The Hacker News.

“This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction.”

Spectre is the name given to a class of side-channel attacks that exploit branch prediction and speculative execution on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR) – which keeps a record of the last taken branches — to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.

Specifically, it introduces new primitives that make it possible to manipulate PHR as well as the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit.

Keep reading

Privacy Under Siege: Europol and the UK Crime Agency Target Encryption, Call For Backdoors

What is best known as the “politicization of institutions” in authoritarian societies is these days making a creeping but steady progress in some countries/blocs one would not have suspected of such things until relatively recently.

Here we have Europol (EU’s law enforcement agency) and the supposedly “divested” from the EU shenanigans via Brexit UK – but is it really? – and that country’s National Crime Agency (NCA), teaming up to attack Meta for dozens and dozens of reasonable reasons, but for the one thing the company is apparently trying to do right.

Read the joint declaration here.

And that’s implementing in its products end-to-end encryption (E2EE), the very, necessary, irreplaceable software backbone of a safe and secure internet for everybody. Yet that is what many governments, and here we see the EU via Europol, and the UK, keep attempting to damage.

But mass surveillance is a hard sell, so the established pitch is to link the global and overall internet problem, to that of the safety of children online, and justify it that way.

The Europol executive director, Catherine De Bolle, compared E2EE to “sending your child into a room full of strangers and locking the door.”

And yet, the technological truth and reality of the situation is that undermining E2EE is akin to giving the key to your front door and access to everybody in it, children included, to somebody you “trust” (say, governments and organizations who like you to take their trustworthiness for granted).

Keep reading

Unpatchable vulnerability in Apple chip leaks secret encryption keys

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Beware of hardware optimizations

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.

Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—is a flagrant violation of the constant-time paradigm.

Keep reading

Hackers can read private AI assistant chats even though they’re encrypted

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Keep reading

Louis XIV’s Great Cipher Baffled Codebreakers Until the 19th Century

In the clandestine corridors of 17th-century France, a remarkable cryptographic system known as the Great Cipher emerged, becoming the go-to code for the French monarch Louis XIV. The genius behind this ingenious cipher was Antoine and Bonaventure Rossignol, two brothers recognized for their exceptional skills in cryptography. Appointed as royal cryptologists by the ‘Sun King’, who ruled France from 1643 until 1715, the Rossignol brothers developed the Great Cipher to protect sensitive diplomatic and military communications from prying eyes.

The Rossignol brothers, who were appointed as royal cryptologists by Louis XIV in the 17th century, hailed from a family renowned for its exceptional skills in cryptography. The family first came to the attention of the royal family when a young mathematician named Rossignol managed to decipher a Huguenot cipher during the siege of Réalmont in 1626 leading to their surrender.

This brought him to the attention of the Louis XIII’s chief minister, Cardinal Richelieu, who recognized the value of cryptologists for diplomatic and intelligence purposes. On his deathbed, Louis XIII reportedly stated that Rossignol was “most necessary to the good of the state.”

Keep reading

NYPD faces backlash as it prepares to encrypt radio communications

The New York police department (NYPD) is facing serious backlash after announcing additional details about its plan to encrypt its radio communications system, which experts warn will limit transparency and accountability.

NYPD radio signals have been publicly accessible since 1932, allowing journalists and civilians to listen to police communications, Gothamist reported. The NYPD will now be encrypting its radio channels for the first time ever. Police radio encryption is already underway in several US cities, including Chicago and Denver.

Since starting in July, 10 precincts have already “gone dark”, or fully encrypted their radio systems. The entire “upgrade” to a new, encrypted radio system will be completed by December 2024 and cost an estimated $400m, a hefty price tag as several city agencies have been forced to swallow major budget cuts.

Critics of encryption say that the public radio channels are necessary for police accountability, press freedom and public safety.

Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project (Stop), a New York-based civil rights organization, called planned encryption a “disturbing attack on transparency and public oversight of the police”.

“Radio monitoring is one of the few ways that we can get an unfiltered look at how the NYPD is policing,” Cahn said.

Several police-involved killings have been uncovered by the press after listening to police radios, Cahn said. Video of an NYPD officer killing Eric Garner in 2014 was obtained due to a call on the police radio, Gothamist reported. The police killings of Amadou Diallo in 1999 and Sean Bell in 2006 were also uncovered due to police radio communications.

“Without public radio, we will simply be at the mercy of police to tell us when they killed someone. There’ll be no one else who knows,” Cahn said.

Press freedom advocates have also argued that encrypting police radios will prevent journalists from accurately reporting or covering police misconduct, ultimately allowing the NYPD to decide what should be considered news.

Todd Maisel, founder of New York Media Consortium, a group of eight media organizations against radio encryption, says: “Having the NYPD controlling the narrative is the worst possible scenario.

“They’re not going to tell you stories about anything that didn’t go well,” he added.

Keep reading

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control of infrastructure the group has used to generate more than $300 million in illicit payments to date.

Early Tuesday morning, the dark-web site belonging to AlphV, a ransomware group that also goes by the name BlackCat, suddenly started displaying a banner that said it had been seized by the FBI as part of a coordinated law enforcement action. Gone was all the content AlphV had posted to the site previously.

Around the same time, the Justice Department said it had disrupted AlphV’s operations by releasing a software tool that would allow roughly 500 AlphV victims to restore their systems and data. In all, Justice Department officials said, AlphV had extorted roughly $300 million from 1,000 victims.

An affidavit unsealed in a Florida federal court, meanwhile, revealed that the disruption involved FBI agents obtaining 946 private keys used to host victim communication sites. The legal document said the keys were obtained with the help of a confidential human source who had “responded to an advertisement posted to a publicly accessible online forum soliciting applicants for Blackcat affiliate positions.”

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in Tuesday’s announcement. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Within hours, the FBI seizure notice displayed on the AlphV dark-web site was gone. In its place was a new notice proclaiming: “This website has been unseized.” The new notice, written by AlphV officials, downplayed the significance of the FBI’s action. While not disputing the decryptor tool worked for 400 victims, AlphV officials said that the disruption would prevent data belonging to another 3,000 victims from being decrypted.

“Now because of them, more than 3,000 companies will never receive their keys.”

Keep reading

Gang ringleader who smuggled at least 127kg of cocaine into Britain using Encrochat is jailed for 16½ years after detectives ‘hacked into’ encrypted service

The ringleader of a drug network smuggled at least 127kg of cocaine into the UK using the Encrochat messaging service that has been burst open by detectives.

Marius Bucys, 43, of Dagenham in London, has been sentenced to 16 years and six months in prison after being convicted of conspiracy to import Class A drugs.

Bucys is the latest criminal to be busted after cybercrime experts cracked open the Encrochat service and used its data to arrest hundreds of criminals who had, until then, used the app as a near-untraceable means of coordinating drug deals.

European officers blew the app wide open in 2020, and Metropolitan Police detectives used a combination of its data and old-fashioned detective work to snare the drug smuggler – whose drivers used secret compartments to hide their wares.

The Met says Bucys acted as the ringleader in a wider drug network, arranging travel and logistics for the substances to be brought into the UK.

After Encrochat was accessed by police in the Netherlands and France, data was passed to police forces in the UK via the National Crime Agency (NCA) that detectives were able to use to link Bucys to the illicit trade.

Officers also trawled through hundreds of hours of CCTV showing lorry drivers stopping at locations up and down the M25 to pick up the drugs.

When officers raided his address, they found a notebook containing details of the importations.

Keep reading

NYPD Will Spend Nearly $400 Million to Hide its Radio Communications

The New York Police Department (NYPD) will spend nearly $400 million to upgrade its radio system, including encrypting its communications channels, which the public has been able to tune into since 1932.

At a New York City Council meeting Monday, NYPD Chief of Information Technology Ruben Beltran said the upgrade, expected to cost $390 million, will be completed by the end of next year, replacing the old analog radio network with a fully encrypted digital system. 

The move is part of a growing trend. Over the last decade, other large police departments in ChicagoBaltimoreWashington, D.C., and Portland have all encrypted their radio communications or are planning to do so. Departments say broadcasting in the clear gives criminals advance warning. Beltran said encryption would also protect the information of crime victims and block pranksters who jam up NYPD frequencies. (The NYPD regularly leaks information on arrestees and even victims for political purposes.)

However, scanner enthusiasts, news organizations, and elected officials complain that encrypted radio is cutting off a longstanding and useful source of information on police activity. As Gothamist reported, NYPD radio chatter has been the source of several major news stories over the years:

The New York Daily News obtained the crucial video of Officer Daniel Pantaleo killing Eric Garner thanks to a call that came over the police radio in Staten Island. As tens of thousands of peaceful demonstrators flooded the streets in June 2020, Gothamist recorded NYPD officers on radio airwaves using threatening language about the protesters, including saying that officers should run protesters over and shoot them. Responding, one officer was recorded saying “don’t put that over air.”

Police frequencies going dark is especially challenging for photojournalists, who rely on scanners to get to emergency scenes as fast as possible. The Chicago Police Department is considering a 30-minute public broadcast delay to allow news organizations to still hear dispatch calls.

Keep reading