Comments

vas pup July 22, 2022 4:42 PM

US developing satellite system to track hypersonic weapons
https://news.yahoo.com/us-developing-satellite-system-track-192309397.html

Israeli startup secures billions of dollars from money laundering
https://www.timesofisrael.com/spotlight/from-brazil-to-dubai-israeli-startup-secures-

billions-of-dollars-from-money-laundering/

“ThetaRay, a rapidly growing Israeli FinTech company, is being deployed to the front lines of this effort, securing hundreds of billions of dollars in cash flows against money laundering and other financial crimes. Cross-border payments, already valued at $37 trillion, are growing swiftly due to burgeoning digital platforms, but undetected financial crime is holding back revenue growth.

The company’s proprietary algorithms analyze transactions against dozens of risk indicators associated with financial crimes to detect anomalies that suggest criminals and terrorists are
moving money.”

JPA July 22, 2022 4:54 PM

Interesting article from Quanta Magazine on recent mathematical discoveries that shed light on whether true one-way functions can exist.

https://www dot quantamagazine.org/researchers-identify-master-problem-underlying-all-cryptography-20220406/

ResearcherZero July 23, 2022 1:03 AM

“Some former counterintelligence officials expressed frustration that the US government isn’t providing more granular detail about what it knows to  companies — or to cities and states considering a Chinese investment proposal. They believe that not only would that kind of detail help private industry and state and local governments understand the seriousness of the threat as they see it, but also help combat the criticism that the US government is targeting Chinese companies and people, rather than Chinese state-run espionage.”
https://www.cnn.com/2022/07/23/politics/fbi-investigation-huawei-china-defense-department-communications-nuclear/index.html

isn’t providing more granular detail about what it knows

Applicable to most espionage situations, where no one wants to say anything, get involved, or provide even the most basic information to law enforcement, who often do not want to be involved either.

&ers July 23, 2022 5:04 AM

@ALL

Latest Badcyber has some interesting stuff.

hxxps://badcyber.com/it-security-weekend-catch-up-july-22-2022/

Feel free to discover it by yourself & bookmark the main
page since it it updated weekly. A great source.

Leon Theremin July 23, 2022 5:20 PM

FBI investigation determined Huawei equipment could disrupt US nuclear comms

https://www.cnn.com/2022/07/23/politics/fbi-investigation-huawei-china-defense-department-communications-nuclear/index.html

https://news.ycombinator.com/item?id=32200371

Highlight comment: “Presumably, antenna resonance, array phase (directionality) and radio spectrum are all controllable with software now. Any or all of these could be modified remotely and changed back to civilian cell parameters again in a matter of seconds. Additionally the firmware, and hence general capabilities, can be remotely updated.

Hence, one can no longer look at a device like a modern radio cell and say “this is designed to work in such a way”. If you impounded it, took it to a lab, what you’d see on the bench may have no relation to how it operated a few days ago. Given also that traffic to and from the device may be encrypted all the way back to Beijing, the operation of the devices cannot be attested even in principle.

This is a serious general problem in modern security – one of unfalsifiability and plasticity of form and function. It applies as much to Windows and Apple computers as to Huawei.

Unless we quickly reverse the trend toward vendor-trust models that give over total control to unverifiable remote entities we’re all going to be seriously screwed soon.”

–nonrandomstring

lurker July 23, 2022 7:00 PM

@Leon Theremin

the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications

Cell phone frequencies <-> DoD frequencies? Could this have anything to do with the previous story about GSM GPS trackers not recommended for use in USA? Or is it just another case of US authorites assigning frequencies for their own use without sufficient concern for international practice in the field?

Yes, I read the suggestions that the gear was being remotely re-tuned. But there are physical constraints on how far circuits can be re-tuned. So we could turn the question round and suggest that having military frequencies close to cell phone frequencies so that the military can monitor/disrupt celltraffic, has bitten them on the . . .

SpaceLifeForm July 23, 2022 8:08 PM

@ Leon Theremin, lurker, Clive

Something from nothing, the ticks are free.

‘https://www.songmeaningsandfacts.com/meaning-money-nothing-dire-straits/

The ticks may be leaking bits.

Taz July 23, 2022 11:00 PM

7ea iphones. Our family uses phones as phones…we don’t even use Apple’s cloud garbage, their cellphone network functions, or even the camera.

But when Apple announced NeuralHash – we started looking for the exits anyway. Same behavior with McDonalds. After pink slime – we never returned.

So how do I get rid of these phones and move into something more secure? All I need pretty much is celldata/wifi data + secure VOIP. Any dumb processor in a box should be able to handle that?

Does any phone maker out there actually LISTEN to customers?

lurker July 24, 2022 1:02 AM

@Taz, “Does any phone maker out there actually LISTEN to customers?”

Yes, of course. But remember, their customers are not us. Their customers are the telcos who carry our data/voice at profit; their customers are the data brokers who mine and store and trade our data/voice. We are just the krill of the networks to be harvested for our data/voice to nourish other predators right up the food chain.

It would be fairly simple for one of moderate technical skill and access to suitable components, to make a sufficiently simple, sufficiently secure handset. Now try to get regulatory approval to use it on any existing network. Using it on only wifi/voip means trusting some random wifi operator. Good luck with that.

Q July 24, 2022 1:56 AM

There is https://puri.sm/ and probably some others.

Very expensive though, for what you actually get. So I guess privacy really does come at a cost. Either that or they are just taking advantage of people wanting to be more secure and marking things up to the max.

I don’t have one, and I have no intention to get one. It is a “smart” phone, and much too complex IMO for what it needs to be.

I use a simple dumb phone. Cheap and reliable. There is no chance to have remote actors interfering with it.

John July 24, 2022 3:05 AM

hmm….

Not that hard.

IP access point, voip phone.

voip website to translate Web IP to Telco IP.

Even add your own virtual PBX

All just SMOP [Small Matter Of Programming] lol.

John

Grima Squeakersen July 24, 2022 10:47 AM

As of 4 or 5 years ago, Tracphone still offered some dumb folding mobile phones, for sale at Walmart, among other places. A addiitonal benefit was that minutes pre-payment/renewal could be easily scrubbed in such a way as to facilitate anonymity from both TP and the carrier (e.g., TP would accept payments through Paygarden, which would take a Wally World gift card purchased for cash, minus their vig, of course). I haven’t done this excercise in a while, I don’t know if they still have dumb phones, or if not, if they have smart phones that can by used in dumb mode, and whether they still accept any method of payment that can be easily anonymized.

Clive Robinson July 24, 2022 6:27 PM

@ Leon Theremin, lurker, ALL,

“FBI investigation determined Huawei equipment could disrupt US nuclear comms”

So could anyone else… That is the nature of “Radio Broadcast Systems” a part of the US nuclear command system uses.

The current development by just about everybody of “Software Defined Radio”(SDR) technology started back last century. So it’s not as though the “Strategic Command” has not had time to do something if it was a real concern to them.

And it’s not just 5G mobile phone equipment. You can do the same with “Digital TV” and “Digital Cable” television equipment. Including consumer equipment such as some RTL Dongles that plug via USB into a computer… That is the generic nature of SDR equipment.

Did the FBI mention the US and Taiwanese chips inside the kit they where going “oh wailly wailly” over?

Probably not… When you are “politically hyping” which is what this is, the truth can be at best inconvenient at worst show up the real intent of the propaganda…

Which is the US FBI and DoJ desire to be at the heart of the worlds telecommunications and have full control over it. Not just for US spying, but extension of “extra judicial powers” we’ve seen on the Internet. That is to say “control” by owning the center of the “web” by ensuring things have to go through the US. So making spying as well as profit that much easier.

That is for the US to do to the whole world exactly what the US claims China might do to the US…

The problem is stay at the heart of world communications is difficult when people know US comms kit from RSA, Cisco, Jupiter, and most likely all others already have NSA backdoors in when it arives at your door…

So as the US what to do? Well a look in George Orwell’s little book on how to run a police state “1984” and use one of the stratagem in there…

So we have the,

“Far away in asia ‘yellow man army’ that is going to slash and burn, murder and eat dead babies to conquer the world, yarda yarda yarda” a

And all the other clap trap… designed to disttact away.

The real war is a trade war, and it exists decause of the stupidity of neo-cons out sourcing everything for very short term profit over ny kind of survivability.

So the neo-cons gutted US industry by “outsourcing”. The result no US industry and because a tipping point was crossed long ago little or no hope of getting industry back in an realistic time frame. The only way is to start anew with a different modality of income

Hence all the nonsense the world has seen over the past half decade…

The US lost the mobile phone technology race to Europe back last century. In turn Europe expanded GSM to be a world wide and in the process it became open to all provided they followed a few rules…

But the neo-cons do not like those rules, and have no intention of honouring them.

Very loosly the plan for communications is for the US to own 6G and all the advantages that gives.

Part of that will be certain inclusions in the standards that give the US it’s desired backdoors and a change of rules such that certain US chips that effectively do what TPM was once supposed to have done get installed…

SpaceLifeForm July 24, 2022 7:33 PM

@ Q

re: dumb phone

If it has a SIM, then remote actors can interfere with it.

Does your dumb phone have contacts and text?

Because that data is stored inside the SIM. It is a computer.

Your dumb phone is not as dumb as you may think it is.

Q July 24, 2022 9:45 PM

“If it has a SIM, then remote actors can interfere with it.”

Please explain how.

My phone is 2G. Is that really vulnerable remote actors?

Clive Robinson July 25, 2022 12:10 AM

@ Q, SpaceLifeForm,

“I use a simple dumb phone. Cheap and reliable. There is no chance to have remote actors interfering with it.”

What do you mean by “it”?

You have two seperate items, but to be functional with a phone service they need to be used together. So by it do you mean

1, The SIM.
2, The Phone.
3, The SIM & Phone.

@SpaceLifeForm pointed out that if a SIM is in the Phone (which it would need to be if it’s going to work with a service),

“If it has a SIM, then remote actors can interfere with it.”

Which is true. Because whilst you might possess the Phone, the service provider “Owns the SIM”. As your Phone has to “work through” the SIM as a combined unit it is subserviant or slave to the SIM… That is the service provider “owns” the combined system.

He then goes on to point out that the SIM can modify data on the phone… This is due to the way the phone standards are written.

In fact what you would call SMSs or Texts are an artifact of the SIM ability to modify the Phone data.

ResearcherZero July 25, 2022 12:22 AM

“We trust in Him. We don’t trust in governments. We don’t trust in United Nations, thank goodness,”

“Do you believe that if you lose an election that God still loves you and has a plan for you? I do. Because I still believe in miracles,”

“All of this anxiousness, all of this anxiety … all of this feeling about the bills that are pouring in, all of this feeling about the anxiety, and then the oil of God, the ointment of God, comes on this situation and releases you, if you will have it, and receive His gift,”
https://www.smh.com.au/politics/federal/don-t-trust-in-governments-the-un-scott-morrison-delivers-pentecostal-church-sermon-20220718-p5b2i2.html

“The cognitive dissonance couldn’t be starker.”

“former CEO and the deputy CEO of the Minerals Council of Australia – named as one of the top 10 most obstructive climate lobbyists in the world – have key roles in prime minister Scott Morrison’s office, and the revolving doors between the fossil fuel lobby and the government infests many other ministerial offices.”
https://reneweconomy.com.au/how-carbon-lobbyists-control-the-climate-policy-debate-in-australia/

And here is that oil…

In 2020-21, Australian Federal and state governments provided a total of $10.3 billion worth of spending and tax breaks to assist fossil fuel industries. The $7.8 billion cost of the fuel tax rebate alone is more than the budget of the Australian Army. Over the longer term, $8.3 billion is committed to subsidising gas extraction, coal-fired power, coal railways, ports, carbon capture and storage, and other measures.
https://australiainstitute.org.au/wp-content/uploads/2021/04/P1021-Fossil-fuel-subsidies-2020-21-Web.pdf

And Lord did it provide!

Data released today shows that in FY2020, fossil fuel companies donated $1,353,202 to the ALP, Liberal and National parties.

Yet given Australia’s reputation for woefully inadequate political disclosure and ‘dark money’ donations, with 35% of all contributions coming from unknown sources, the true figure could be significantly higher.
https://www.marketforces.org.au/politicaldonations2021/

Santos, Origin Energy, Woodside, AGL Australia…
https://reneweconomy.com.au/wp-content/uploads/2021/09/influence-map.jpg

“The government and the opposition are captured by the coal and gas industries.”

Australia’s fossil fuel production is privately owned and these private companies “tend to be highly politically organised, investing considerable resources into lobbying, campaign finance, public relations, and think tank sponsorship, and exerting influence through a ‘revolving door’ between business and government.”
https://www.nytimes.com/2021/10/21/world/australia/australia-coal-fossil-fuel-carbon.html

The Morrison government has slashed renewables funding and stacked Australia’s renewable energy agencies with fossil fuel executives…

Stacking the bureaucracy occurs under regimes of both stripes but, as is their wont, Prime Minister Scott Morrison and his energy minister Angus Taylor have taken their undemocratic agendas to the next level, to a grotesque art form.

They have been busy stacking public agencies, supposedly independent agencies, with their own people; not on merit but on party lines. We are of talking highly paid jobs, many between $250,000 and $500,000 going to people on the basis on political affiliations rather than ability or independence.
https://michaelwest.com.au/scott-morrison-angus-taylor-stack-clean-energy-agencies-with-fossil-fuel-mates/

Q July 25, 2022 1:00 AM

I don’t care what the provider does to the SIM. The phone can’t be modified by the SIM. The phone can’t spy on me and report to Google, or anyone else. The phone doesn’t have a fake off, it really is off when I decide. And if I am really worried I can remove the battery, but I don’t worry because the current drops to almost zero when off, so there is no way it is secretly recording speech, or communicating with the cell tower, or whatever.

If this is wrong please explain how. I don’t like it when people say it can be meddled with and then give no details. Can you please explain your assertion?

SpaceLifeForm July 25, 2022 2:50 AM

@ Q

The Baseband Radio processor, like the SIM, is just another cpu in your phone. Both have their own memory, both are proprietary code.

Who knows what they can conspire to do?

But both of them and your Applications processor all communicate over buses and have low level privilege.

In your case, probably not much to worry about because you are probably not a high-value target. Pretty much the only thing it could leak is contact names. Which could be useful information. If you were a high-value target, the LE would probably just get a warrant.

There is a lot of push to kill off 2G eventually. 5G can die today IMO.

‘https://www.cambridgewireless.co.uk/news/cw-journal/why-2g-wants-live-forever/

Winter July 25, 2022 3:50 AM

@ResearcherZero, Q

The Baseband Radio processor, like the SIM, is just another cpu in your phone. Both have their own memory, both are proprietary code.

Basically, the Baseband Radio processor owns the phone, all of it. But if you need speech call access, burner phones are a possibility in many countries. The fact that many countries do not allow anonymous SIM cards anymore tells you that they are still effective. But if you call the same people all the time then metadata analysis, even if everyone uses burner phones, makes you vulnerable.

If you need internet access, use simple “burner” smart phones that allow to be used as access points. Then use these access points to go online with a tablet without cell phone capabilities (no SIM, no Baseband Radio processor), always using either a VPN or TOR.

That way, you have a computing device that does not make contact with any provider and a disposable access point that cannot see what is happening in its connections.

If you are a high worth target and your threat model includes the NSA, GCHQ, Mossad, GRU, etc, you will be toast anyway. But for others, it might put them off for some time.

@ResearcherZero

The Gas of God

I am curious about their exit plans. Where are they planning to emigrate to when Australia ceases to be habitable?

https://au.news.yahoo.com/tim-flannery-weather-forecast-for-the-year-2100-extreme-climate-change-050057264.html

SpaceLifeForm July 25, 2022 4:21 AM

@ Q, Clive, ALL

‘https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking

In addition, Apple is developing features to restrict network operators from intervening in the data traffic. This is called [iCloud Private Relay],(‘https://www.lifewire.com/what-is-icloud-private-relay-5200343) which ensures providers no longer have access by encrypting and redirecting the data via Apple’s servers. Vodafone and Deutsche Telekom have already filed a complaint to the European Commission to stop Apple from doing this.

It’s all a battle over who can be the more efficient middleman and make more money from advertising. Apple thinks that by being a VPN provider, they will come out ahead.

So, yes, a dumb phone is good because your browsing data will not be weaponized against you because you are not providing any browsing data over your dumb phone in the first place. But you will still end up smelling the gunpowder at some point. You will eventually smell it as the clouds drift out of the legal systems as the battles unfold.

If you have a smart phone, try to use it smartly where you act is though it is a dumb phone. I.E., just use it like a dumb phone, calls and texts only. Segregate if you can. Not everyone can, because the only internet access they can afford is via cell.

SpaceLifeForm July 25, 2022 7:29 AM

@ Q, Clive, ALL

If there is a radio processor, it may be attackable.

This particular exploit was achieved with a carefully crafted SMS message.

I’ll list some snippets so you can spot the smoke. If you go thru the PDF, which is not large (17 pages of small font), you can glaze over the reversed engineered code. The PDF does reference a similar type attack delivered over WIFI, which obviously went thru a different processor.

Note: this is from 6 years ago. I have working smartphones older than that. So, there is technical debt. Do you upgrade to the latest and greatest new bugs, or do you stick with the old bugs?

Note that the Radio Baseband processor, the SIM card, and other radio stuff like BT/WIFI, NFC, are running ‘bare metal’. There is no OS on those processors. They may not even be patchable even if the vendor cared. Which they don’t, because there is no profit in that.

‘https://i.blackhat.com/us-18/Thu-August-9/us-18-Grassi-Exploitation-of-a-Modern-Smartphone-Baseband-wp.pdf

In this paper we will not cover attacks against the network or the protocols, but instead we will focus on remote memory corruption attacks against the smartphone baseband.

. . .

The communication between baseband and AP can happens through a series
of bus, such as PCI-e, USB, SDIO, shared memory etc.

The point that we would like to stress out is that the baseband is a separate system, so our bug will be on a system which is more constrained and separated from the AP.

. . .

The mobile network protocol stacks generally consists of several layers, starting from a Physical Layer, a Data Link layer, and thirdly a message layer.

Layer 3 messages are interesting because they are significantly more complex, and offer more opportunities for memory corruption.

. . .

We demonstrated our Remote Code Execution by changing the device IMEI by executing code inside the baseband.

This is just a demo payload, equivalent of the popular ”Popping Calc.exe”
on desktop.

. . .

In this paper we covered a lot of material. We demonstrated the reader that a baseband RCE is not only possible, but also practical for a determined attacker.

Basebands are really complex software, often on legacy code based, written
in unsafe memory languages, running with little or no mitigations.

It’s not surprising that a determined and skilled attacker is able to gain
remote code execution.

[Recall NSO and Pegasus]

Clive Robinson July 25, 2022 2:46 PM

@ SpaceLifeForm, Q, ALL,

“Basebands are really complex software, often on legacy code based, written in unsafe memory languages, running with little or no mitigations.”

Some of that code goes back to the late 1980’s… Written in almost CPU independent assembler code.

Basically just ad earlier C compilers did, you wrote a form of assembler that was common to all CPU’s (it’s actually easier than most people think).

The problem is that though it’s often trivial to transport from one CPU to another people tend to fotget the original code and why it was written this way…

SpaceLifeForm July 25, 2022 3:34 PM

Re: LinkedIn

‘https://news.clearancejobs.com/2022/07/25/uk-labels-linkedin-a-major-threat-says-adversaries-targeting-national-security-workforce/

vas pup July 25, 2022 5:04 PM

‘Killer robots’: Will they be banned?
https://www.dw.com/en/killer-robots-will-they-be-banned/a-62587436

“These aren’t the drones that deliver your online order. Loaded with cameras, sensors, and explosives, their mission is to drive themselves to a target with an algorithm in the driver’s seat. They destroy themselves along with the target, leaving behind just a pile of electronic detritus.

Increasingly, these sorts of weapons are the stuff of a manufacturer’s promotional materials rather than science fiction movies. From today, a United Nations conference of 80 countries gathers in Geneva to debate whether to ban them or at least regulate them more strictly.

Machines killing humans

Autonomous weapons are, as their name suggests, able to select and attack targets on their own. That is unlike piloted drones and other weapons, which a human operator directs from afar. Arms manufacturers are taking advantage of the latest advances in artificial intelligence and machine learning to develop them.

The UN conference calls them “lethal autonomous weapons systems.” Critics call them killer robots. They can take the form of =>drones, land vehicles, or submarines.

Some countries want autonomous weapons banned, arguing that an algorithm should never decide over life and death. Other countries want autonomous weapons regulated, with more or less binding rules of engagement that include some role for human decision-making.

There is evidence of Russia using autonomous weapons in this conflict,” said Ousman Noor, who works for the Campaign to Stop Killer Robots. The NGO wants to see these weapons banned. “That could lead to the acknowledgment of urgently needing to regulate these weapons before they get sold the world over.”

The US has reportedly sent the Ukrainian army several tactical unmanned “kamikaze” drones that can find their own target and explode on impact.

AI experts have long warned of the ease of producing small, armed drones in large numbers, which any IT student could program.”

vas pup July 25, 2022 5:22 PM

Israel to establish quantum computing R&D center, build quantum computer

https://www.timesofisrael.com/israel-to-establish-quantum-computing-rd-center-build-quantum-computer/

“Israel is moving ahead with plans to lay the foundation for quantum computational ability, which it has said would lead to future developments in economics, technology, security, engineering, and science.

This week, the Israel Innovation Authority announced a budget of NIS 100 million ($29 million) to build a quantum computing research center, headed by Israeli startup Quantum Machines, which will also help build a quantum computer.

Quantum Machines, founded in 2018, has built a hardware and software solution — Quantum Orchestration Platform (QOP) — for operating quantum systems to facilitate research and enable future breakthroughs. It also developed the QUA, a standard universal language for quantum computers that the startup says will allow researchers and scientists to write programs for varied quantum computers with one unified code.

The center will offer access to research and development on three quantum processing technologies — superconducting qubits, cold ions, and optic computes — and provide services to the Israeli quantum computing community, the Israel Innovation Authority said Sunday.

Quantum computing is a relatively new and extremely complex field, but experts say that the abilities can be extremely beneficial in industries like cybersecurity, materials and pharmaceuticals, banking and finance, and advanced manufacturing, and may lead to massive developments in broad fields like economics, security, engineering, and science.

In a nutshell, quantum computing harnesses quantum mechanics to quickly solve problems that are too complex for classical computers. Quantum computers process exponentially more data compared to classical computers, using quantum bits, or qubits, the basic unit of quantum information.”

==
Liftoff: Israeli startup’s ‘flying car’ aces first test
https://www.timesofisrael.com/liftoff-israeli-startups-flying-car-completes-first-test/

“An Israeli startup that is developing a “flying” vehicle, an electric vertical takeoff and landing (eVTOL) aircraft for individual consumers, said its prototype aircraft successfully completed a first hover test with regulators recently, setting the company on a path for further flight certification.

The aircraft, according to the company, offers a range of 110 miles (177 km) on a single charge at speeds of up to 155 miles (250 km) per hour, with a flight time of one hour. It has collapsible wings for easy parking and the ability to take off from or land on any flat surface, the company says.”

Clive Robinson July 25, 2022 7:25 PM

@ vas pup, ALL,

Re : ‘Killer robots’ Will they be banned?

The answer is very probably,

“They can not be”.

Which I guess is not what people want to hear.

But my reasoning is fairly simple and revolves around an issue that is almost a childlike question of,

“How do you tell a killer drone from a non killer drone?”

Easy to ask, almost impossible to answer. Because with the tangible physical components,

1, The basic components are the same.
2, The basic sub-assemblies are the same.
3, The major system parts are the same.
4, The overall systems are the same.

The same is true with the software components.

With a little bit of cautious design, the only difference is almost just a small software component, that can be “Patched Over The Air”(POTA) whilst a drone is on route to the target.

The reason is that the bulk of the AI software can be broken down and distributed in the system.

Think of the differense in a biological sense. You have a dog on a leash and the same dog off the leash. The dog has been trained in technical surveillance terms to,

“Find Fix and Finish”

A target of lets say a fox.

The control element by the handler on such a dog is “the leash”. If the dog is kept on the leash it can not kill the fox. If however released from the leash it will fond and kill a fox.

Which fox gets killed and where realy only depends on when the handler “releases the leash”.

The optimal design of a weapons drone is as what the UN conference calls a “Lethal Autonomous Weapons System / Platform” on which you add an over all “Go / No Go” human operator control system that is effectively the equivalent of the leash on the dog.

Therefore turning a “Lethal Weapons System” into a “Leathal Autonomous Weapons System” is not a question of,

“Adding AI”

Both systems need that. But a question of,

“When to release control”

Therefor the systems are so similar the only difference would be a few lines of code at best.

With regards,

“AI experts have long warned of the ease of producing small, armed drones in large numbers, which any IT student could program.”

I’ve been warning of this on this blog for years in that both the hardware and software are well within the capability of an undergraduate project.

Worse this also means they are well within the capability of a “Home hobbyist” especially as the tangible physical parts are easily available.

All you realy need are “drone parts” that are available to hobyists, researchers and small companies via the likes of Chinese manufacturers through the many “trade sites” that are the equivalent of Amazon or Ali-Baba or more specialiat sites.

Into which you integrate a high end “mobile phone” electronics. Some one who has “hacked-around” with Android platforms will have most of the required skill set…

I would not in any way describe myself as an AI expert, though I’ve worked around various forms of AI since the 1980’s. Using what were once leading edge but now embarrassingly simple “Expert Systems” and “Fuzzy logic” upwards.

My main use of them being as “black box” software to improve control systems in limited capability hardware or to get faster control loops.

If I’ve been seeing this problem for so long, how many others have not just considered it but designed their systems that way?

Robin July 26, 2022 2:50 AM

@Clive, an interesting and insightful comment, thank you.

I tend to agree (FWIW) about the technical angle. But if “killer robots” were banned (and of course getting agreement on what constitutes a “killer robot” is a problem gift-wrapped for the lawyers) the benefit might be less in prevention than in prosecution after the event. Not much consolation for those on the receiving end but like so many “banned” weapons, there is the hope that some potential users would be deterred.

Faint hope, perhaps, but one takes what one can.

vas pup July 26, 2022 3:39 PM

@Clive – thank you for you insightful comment.

@all

China space station: What is the Tiangong?

https://www.bbc.com/news/world-asia-china-61511546

“China launched a 23-tonne research lab module to its newly built space station Tiangong on Sunday 24 July. The lab Wentian, or “Quest for the Heavens”, is expected to carry out biological and life science research.

This is China’s latest step to become a leading space power.

Tiangong space station, or “Heavenly Palace”, is China’s new permanent space station. The country has previously launched two temporary trial space stations, named as Tiangong-1 and Tiangong-2.

The new lab Wentian is the second of three key modules to Tiangong. The first key module Tianhe – which contains living quarters for crew members – was sent into orbit in April 2021. The other key module, Mengtian science lab, is due to be launched by the end of 2022.

China has big ambitions for Tiangong. The station will have its own power, propulsion, life support systems and living quarters. It is also designed to provide refueling power to China’s new space telescope, called Xuntian, which will fly close to the space station next year.”

Q July 27, 2022 2:27 AM

I feel sad that tails is hosted on a server the is 100% JS, gitlab.

So they wish me to lower my security before I can supposedly improve my security? I think there is a major disconnect there that needs to be addressed.

I’m assuming the site is awesomely pretty with all the bells and whistles and things. I only see a blank page so I don’t know. I’d much rather have a site that simply works without all the extra complexity of JS.

oh packets my packets July 27, 2022 3:23 AM

@Q:

“I feel sad that tails is hosted on a server the is 100% JS, gitlab.”

The first link leads you to their “official” site where you may download the software. Javascript is not required there at all.

“So they wish me to lower my security before I can supposedly improve my security? I think there is a major disconnect there that needs to be addressed.”

Not at all. The the second link, which includes display of the Changelog file, are mainly for people “working” on Tails, reporting bugs, and so forth. Now for collaboration purposes, sure it would be very nice not to have to enable JavaScript, maybe you should report that as a bug? You can achieve this at their “official” site without having to enable JavaScript.

Clive Robinson July 27, 2022 11:06 PM

@ vas pup, ALL,

In answer to,

“Q: do they erase all stored information when phone is disposed?”

Short answer : NO.

Long answer : In part it depends on what you mean by “erase” within what the laws of physics alow.

If we go back to the 1970’s when Personal Computing started there were three basic types of memory,

1, Fully Mutable : RAM.
2, Semi Mutable : Magnetic storage.
3, Non Mutable : ROM.

And slightly later EPROM used as an alternative to very expensive and resource intensive Magnetic Storage, in Home Computers and some “Personal Digital Assistants”(PDA’s).

The problem with EPROM was that it was effectively a “write once” on individual bytes, but “erase all” with a UV light source.

So the question of how to “fake” an overwritable file system… Well there were two basic ways by which you stored the “access” information or index,

1, Store in battery backed RAM.
2, Write into the current end block.

That is the file contents were not erased, but the pointer to where they are within the EPROM is erased[1] simply by clearing a “flag bit” so the OS / File System would hide it from the user.

The same basic technique was used on the DOS FAT file system, which was why it was possible to have an “unerase” command. Because the only thing that needed to be changed was the first byte of the file name.

When “Electrically Erasable PROM”(EEPROM) came along there were two types (NAND and NOR) neither had very many “write cycles” some as few as only 100 guaranteed. Which was a problem, so “wear-leveling” algorithms were developed. These effectively used a mixture of EEPROM types where the pointer information was kept in the more expensive many thousand write lifetime memory that pointed into the much cheaper hundred write lifetime memory. The data is written across the cheaper memory, but only erased when all other blocks have been used. Thus giving a much extended life time. The down sides are,

1, Data is not erased
2, Chosen Data can not be overwritten.

And this is the problem for mobile
Phones, whilst pointers to data may be destroyed the data is not and can be recovered with the right tools, even after most “factory resets”.

[1] Writing to a byte of non volatile memory such as a PROM, EPROM, EEPROM or Flash ROM, is often described as “write once” but in fact it’s not. More accurately it is “write only” on a bit basis. That is you can change the state of each bit once, from it’s “erased” or “set” state to it’s “written” or “cleared” state but not back again. To “erase” you have to do it over entire blocks of memory or the whole device. So a byte can start at 0xFF and you can clear each bit just once untill you get down to 0x00. As ASCII uses only the bottom 7bits, the top bit can be used as a “flag”. Likewise due to the way ASCII is structured, not alowing certain characters to be used as “first filename letters” gives you other bits that can be used as flags (upto 3bits/byte).

JonKnowsNothing July 28, 2022 12:39 AM

@vas pup, @Clive @All

re: Recycled but Not Cleansed

In the USA, there used to be special bins at the stores where people could drop their old units for reuse as emergency contact phones. Even if there isn’t an active account, the phone is supposed to work for the emergency number in USA (911) provided the battery is charged.

These phones were intended for use in difficult situations, like for persons in dire circumstances such as battered-persons shelters where the need for police assistance to ensure the safety of the person is paramount.

There were supposed to be cleaned. Clive has explained why they cannot be fully cleaned up. Early on I used to drop old handsets in the bins. I don’t do that any more for the reasons that Clive explained.

Also, living in precarious circumstances myself, should the time come that the extravagance of paying for full cell service becomes ill advised, I may have need or reassurance that the emergency number might still work, even if the handset has a dead-air connection.

Roger July 28, 2022 1:05 AM

Oops, sorry, Bruce already covered the post-quantum standardization on 6th July. Don’t know how I missed it.

Anonymous July 28, 2022 10:15 PM

@ ALL, Bruce, Clive, -, Moderator

This was ‘approved’

‘https://www.schneier.com/comment-thankyou/?post_id=65704&comment_id=408292

‘https://www.schneier.com/blog/archives/2022/07/new-ufei-rootkit.html/#comment-408292

Note that the comment_id match.

Let’s see what happens over time with the expansion of space and how the post_id can be red-shifted.

It all relativistic.

It is all about what you can Observe from various angles from a distance.

DBA Gal July 28, 2022 10:38 PM

@ Anonymous

I followed this, but it makes no sense.

Why would a comment disappear?

Unless you can DELETE a row in a table, nothing should disappear. This makes no sense.

Q July 29, 2022 3:18 AM

“The first link leads you to their “official” site where you may download the software. Javascript is not required there at all.”

That requires blindly trusting the binary.

The mere fact that a major part of the site (a supposedly “security” focussed site) requires JS to even show anything tells me that the devs aren’t there yet. Either that, or it is deliberate to select for the dumb people, and keep out anyone that actually wants to think about things.

cluck cluck July 29, 2022 7:51 PM

@Q:

“That requires blindly trusting the binary.”

The images provided, one for DVD the other for USB, are signed using GPG by the authors. That’s not blind trust.

Do you like to argue for the sake of arguing because I don’t see why you’re continuing on this false rant. Maybe you should go try Reddit or something. Maybe that’s more your speed? Go on r/Tails at Reddit, for example, and post your illogical rants.

“The mere fact that a major part of the site (a supposedly “security” focussed site) requires JS to even show anything tells me that the devs aren’t there yet. Either that, or it is deliberate to select for the dumb people, and keep out anyone that actually wants to think about things.”

This is retarded and has already been explained to you.

Again, the JS required link is for development. If you’re a normal Tails user, chances are you don’t need to visit there. In fact, you can visit the official Tails site and contact them there about bugs if you find any, or whatever else you want to ask about the project.

The Tor project itself also uses the same service for their development, but you can download their software from their official site too without the JS. You can also verify the downloads using GPG. You do know what GPG is, right?

In closing, if you have any “better ideas” you can contact the Tails developers on their official site. Continuing to post here with nonsense is just wasting other people’s time and patience. But I hear some people thrive on that sort of thing. Sad.

Q July 30, 2022 7:51 AM

Thanks to cluck cluck for proving the point that the defenders of such bad practices of requiring JS haven’t fully thought through anything, and will conflate all sorts things together that don’t correlate.

Have a PGP key != secure. You can’t conflate those together. They are independent things. It might have good security, but the existence of a PGP key won’t affect that. Access to the source code (requiring JS sadly) is a necessary part of the process to help with assessing the software.

Claiming that only devs need to see the source code is also wrong. Many people need it, not just devs. Putting a JS roadblock in place seems to make it a great filter to select for those that will blindly trust anything with a PGP key.

Clive Robinson July 30, 2022 8:44 AM

@ cluck cluck, Q, ALL,

Re : Signed Code Failings.

“The images provided, one for DVD the other for USB, are signed using GPG by the authors. That’s not blind trust.”

Sorry but it is “blind trust” and we went over this more than a decade ago on this site, and subsequent events have proved the statments back then to be true.

At the foundation of things is the simple fact that “code signing” is no more than,

“Hashing an archive, and using one half of a public key to sign it.”

That actually gives you very little in the way of security.

It says nothing about the code, just that it was signed at a time an unknown clock said it was. The actual point in time can not in anyway be verified. So,

1, Sign time is unverifable.
2, Code quality in all respects is unknown.

But there is the actual signing process… We know that the hash is not “one to one” for input larger than the hash bit size. That is like a vehicle odometer a file of NxB where B is the hash output size in bits has atleast N possible values that will produce the same hash. The entire security of the hash rests on the unproved notion of “one way functions” as does the signing process. Both early hashes and early PubKeys have been shown to have issues that are the equivalent of reversing their respective one way functions.

But also consider that the chain of trust on the PubKey is actuallt in reality very weak. This is because of CA’s who have alowed fake PK’s to be signed with their master signing keys.

Anyone with access to a CA master key owns the entire trust tree. Many places do not in any way take anything close to the propper precautions with the signing key for what are politely called “Business Reasons” or “shareholder value” in short,

“Money talks, so security takes a walk”

In atleast four jurisdictions in the West it takes a letter with no judicial oversight to get access to a CA signing key. Further the physical security surounding the storage of signing and master keys is in most case laughable.

And lets be honest if the signing system is not setup correctly, an insider can simply set the clock on the computer signing a code archive forward in time. Then adjust the times on the code in the archive rebuild it and sign it. So what I do today can have a time in the past or time in the future…

So I can put malware in and make my archive, sign it with next years date, sign the code and walk away with it on a thumb drive and nobody would be any the wiser.

I can do similar with the internal build database if I’ve certain minor privileges.

But lets look on the output side of things. Lets assume there has been no misbehaviour with the code signing, how do you verify it is legitimate?

The simple answer is unless you are sufficiently skilled and have certain not well known knowledge you probably can not.

As is known both the NSA and GCHQ long ago worked out that the basic networking protocol of TCP/IP has a fundemental security flaw.

To get reliability, it is possible for multiple copies of any given network packet to be on the Internet heading via multiple routes to the same host IP address.

Two problems, arise from this,

1, The first copy to arive is treated as valid.
2, The packet can be sent from any host on the network.

So if I have control of any host closer to you than the host you think you are talking to, I can send you fake packets and you will not know. So if I own the router that is the upstream gateway you use but do not own or control then I have compleate control over what gets sent to your computer. So I can prempt any network packet sent to you. This is what the “Great Firewall of China” does, along with sending a TCP RST to the host you were talking to.

If I’ve also MITM’d the SSL certs as various states and corporations do –shout out to Clodflare– or used “fallback attacks” or similar to downgrade the communications security, you are not going to know about it unless you are fairly skilled and know fairly uncommon knowledge to check for it.

The simple fact is neither SSL or other encryption can stop such attacks as the required “root of trust” can not be established.

To establish the required “root of trust” requires you to have a communications channel that is,

1, Secure.
2, Fully authenticated.
3, Meta-data covert.

And mostly to some significant number of nines most people do not have this, nor do they know that they should, and even if they did as you now do nor do they know how to go about setting it up correctly.

So please stop being a “Tor Fanboi” making statments you’ve heard but have not verified in anyway. We see to much of this as it is.

Oh and if you want to up your credibility also cut out the first stage “Sock-Puppet” behaviour of changing you handle all the time, there are other factors in your style that can be used to identify you, as other regulars here will no doubt confirm if you ask.

SpaceLifeForm July 30, 2022 5:38 PM

@ DBA Gal, Clive, Leon, ALL

re: Why would a comment disappear?

It does not have to be DELETEd, it can just become hidden because the SELECT can be on a VIEW that has predicates that you are not aware of.

The comment can still exist in the database, but if you can not see it, the Observer could logically conclude that it was deleted, when in reality it was not.

SpaceLifeForm July 30, 2022 7:16 PM

@ Clive

re: networking

Excellent summary.

A small nitpick. Regarding packet race conditions, it’s not just TCP, The same can happen with UDP (see DNS intercept), and ICMP. It is purely an IP problem. If you can not control the channel from end to end, bad things can happen. Which is why numbers stations exist, because it is broadcast over radio, so if you have power to broadcast radio, it would be problematic for an attacker to interfere.

As to the nines, I would posit that those that do not comprehend the problem is not low sigma level.

strike me down July 31, 2022 2:01 AM

@ Clive Robinson

Then I assume you don’t trust any of your proprietary hardware and/or software. I assume you don’t trust any updates, firmware/software etc.

Blind trust works in a lot of ways, starting at the very basic roots of computer use.

I guess we’re all just blind, eh?

As for “ID” purposes, I don’t give a rat’s ass who knows who I am. If someone wants to track me down, I’ll treat them to a nice supper, including costs of travel. It just won’t happen.

Sneed July 31, 2022 2:26 AM

“Access to the source code (requiring JS sadly) is a necessary part of the process to help with assessing the software.”

Wrong. Obtaining the source code for Tor is available JS free on their site, both clear-net and via onion service.

“Claiming that only devs need to see the source code is also wrong.”

That was never claimed, except by you. The “collaboration” happens at the JS required areas.

“blindly trust anything with a PGP key.”

Do you trust your hardware/software? Have you audited it and your OS? If someone wants to say GPG is blind trust, so be it, but that doesn’t mean they aren’t a hypocrite.

Clive Robinson July 31, 2022 2:40 AM

@ strike me down, ALL,

Re : mitigation

“Then I assume you don’t trust any of your proprietary hardware and/or software. I assume you don’t trust any updates, firmware/software etc.”

Trust to do what?

Basic functionality yes, security not a chance.

So as I’ve said many times in the past I mitigate by “issolation and segregation”.

That is my machines are not externally connected they are “energy-gapped”, and “gap-crossing” is done by custom built instrumentation and data diode.

I’ve also posted on this blog a couple of times how to build RF Cages and how to using standard “household items” how to stop various “end run attacks” from miniture CCTV cameras, microphones etc.

Also how to build computers into safes to stop the stupid US FBI / DoJ argument that a computer hard drive is not the equivalent of a “locked draw”.

With regards,

“I guess we’re all just blind, eh?”

No, but we are all,

“The sum of our experiences”

Which means we all have different knowledge levels and points of view.

As for,

“As for “ID” purposes, I don’t give a rat’s ass who knows who I am.”

Well, the fact you’ve used a new handle suggests otherwise…

Like our host @Bruce Schneier, I use my real name as I stand by what I say technically.

Q July 31, 2022 8:10 PM

“The “collaboration” happens at the JS required areas.”

That is terrible then. So the code is written by people that either don’t know about, or don’t care about, having a good security posture. The devs are expected to have low security standards to work on a “secure” product.

Your claims just made it look worse and worse.

Funky July 31, 2022 9:32 PM

@Q,

WAAAAH Someone needs their bottle and blankey. WAAAAH!

Cry harder. May the JS be with you!

- July 31, 2022 10:24 PM

@Q:
@Clive Robinson:

Ignore, the Tails/TOR Fanboi @bumblebee and their sockpupets,

@oh packets my packets
@cluck cluck
@strike me down
@Sneed
@Funky

As you demonstrate they are ignorant of the basic facts of security, as are nearly all Tails/TOR Fanbois and users.

The FBI have repeatedly shown that they can identify Tails users when they want to, so the anonymity is at best illusory.

Winter August 1, 2022 1:08 AM

@-

The FBI have repeatedly shown that they can identify Tails users when they want to, so the anonymity is at best illusory.

Please help us with links to specific cases.

SpaceLifeForm August 1, 2022 6:19 AM

@ Winter, -, ALL

You may recognize the authour of this article.

‘https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

Winter August 1, 2022 7:35 AM

@SLF, –

You may recognize the authour of this article.

I did recognize him.

The article, from 2013, describes an attack route that is only accessible to the NSA. The attack is through the Firefox browser in the Tor browser bundle. Theoretically, it would be possible to use another browser to access the Tor network, but setting another browser up securely is non-trivial (I would likely fail). Note, the FBI was not mentioned, and in general, is not mentioned in attacks of Tor.

This was 9 years ago. Tor, Firefox, the NSA, and everything else have changed. What is relevant is that there is still no news that the Tor network itself has been de-anonymized except for agents able to see both enough in- and outgoing traffic of the Tor network. The NSA is still able to do that as one of only a few entities. The Tor project warns us that this is indeed a real danger.

Successful attacks of Tor in the news all breach either the target Onion server computer or the user browser [1]. The only advice to the user is to disable all javascript, access only HTTPS sites, and be careful which HTTPS sites you visit.

I would like to quote the The Hitchhiker’s Guide to Online Anonymity
How I learned to start worrying and love privacy anonymity
‘https://anonymousplanet-ng.org/guide.html

Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to find you? Probably not … Mossad will be doing “Mossad things” and will probably find you no matter how hard you try to hide.

[1] ‘https://www.researchgate.net/publication/352938766_De-anonymisation_attacks_on_Tor_A_Survey

From the Conclusions
We noticed a few important features while completing this work. 1. Most of the earlier de-anonymisation attacks focus on compromising network components of the Tor circuit. The main reason for this was the low number of relays in the Tor network when they were published. However, with Tor’s increasing popularity, the number of voluntary relays has increased, and the practicality of the attacks that can be executed by compromising a small set of Tor relays has decreased. Therefore, recent attacks assume passive adversaries that can observe the traffic at the source and destination links. 2. Techniques and concepts from other research domains have inspired Tor researchers to introduce novel attack schemes for Tor. This type of multi-disciplinary research will allow researchers to design more creative and robust attacks against the Tor network. 3. Recent works also experiment with techniques such as deep learning to attack the Tor network. Deep learning and Artificial Intelligence are progressing rapidly and affecting other technologies on the way.

Deep Learning to the rescue of attackers. 😉

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.