Improving Firefox stability on Linux

Roughly a year ago at Mozilla we started an effort to improve Firefox stability on Linux. This effort quickly became an example of good synergies between FOSS projects.

Every time Firefox crashes, the user can send us a crash report which we use to analyze the problem and hopefully fix it:

https://hacks.mozilla.org/2021/05/improving-firefox-stability-on-linux/

#ff #firefox #stability #linux
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Researchers in the computer science department at Princeton University say they sampled 259 phone numbers at two major wireless carriers, and found 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked.

The Princeton team further found 100 of those 259 numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication.

https://krebsonsecurity.com/2021/05/recycle-your-phone-sure-but-maybe-not-your-number/

💡 read as well: (PDF)
Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States
https://t.iss.one/BlackBox_Archiv/2135

#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

How Myanmar's military moved in on the telecoms sector to spy on citizens

In the months before the Myanmar military's Feb. 1 coup, the country's telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledge of the plan told Reuters.

The technology gives the military the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of the telecom and internet firms, the sources said.

The directives are part of a sweeping effort by the army to deploy electronic surveillance systems and exert control over the internet with the aim of keeping tabs on political opponents, squashing protests and cutting off channels for any future dissent, they added.

Decision makers at the civilian Ministry of Transport and Communications that delivered the orders were ex-military officials, according to one industry executive with direct knowledge of the plans and another briefed on the matter.

"They presented it as coming from the civilian government, but we knew the army would have control and were told you could not refuse," the executive with direct knowledge said, adding that officials from the military-controlled Ministry of Home Affairs also sat in on the meetings.

More than a dozen people with knowledge of the intercept spyware used in Myanmar have been interviewed by Reuters. All asked to remain anonymous, citing fear of retribution from the military junta.

https://www.reuters.com/world/asia-pacific/how-myanmars-military-moved-telecoms-sector-spy-citizens-2021-05-18/

#myanmar #military #telecom #surveillance #internet #spyware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

What the NSA provides to its foreign partners, and vice versa

The cooperation between (signals) intelligence agencies of different countries is strictly quid pro quo, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.

Two of these documents are about the NSA's Second Party partners (better known as the Five Eyes): Canada and New Zealand, and six about Third Party partners: Germany, Israel, Norway, Saudi Arabia, Sweden and Turkey. Another NSA document provides some characteristics of these relationships.

The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.

The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".

https://www.electrospaces.net/2021/05/what-nsa-provides-to-its-foreign.html

#usa #nsa #FiveEyes #cooperation #leaked #papers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The new corporate owner of Freenode is Imperial Family Companies

https://imperialfamily.com/

https://freenode.net/

#freenode #imperialfamily
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hetzner has banned crypto mining and Chia farming

Hetzner has silently adjusted its T&Cs and blocked entire IP ranges this morning around 9:20. In the last 36h 50x AX41 canceled and moved. I am deeply disappointed, even if the change does not affect me.

https://nitter.pussthecat.org/Hetzner_Online/status/1394957824749457409

via https://twitter.com/Hetzner_Online/status/1394957824749457409

#hetzner #server #hosting #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Developers Flee Open Source Project After ‘Takeover’ By Korean Crown Prince

Developers of the popular open source network Freenode are quitting en masse and accusing Andrew Lee, the Crown Prince of Korea, of a “hostile takeover” of the organization.

Developers of the open source organization Freenode are quitting en masse after Andrew Lee, a tech entrepreneur and the Crown Prince of Korea, has taken control of the network in what developers are describing as an "hostile takeover."

Freenode was founded in 1994 and has since become the largest free and open source project that runs Internet Relay Chat (or IRC) networks, which were once hugely popular and are still an important internet chat protocol. It has traditionally been run by volunteers and has amassed "90,000 users and just shy of 50,000 registered channels," according to the organization's official website. While it is not as popular as it used to be, it is still a key site for free software project coordination.

On Wednesday, a dozen Freenode staff volunteers published posts announcing their resignations, which explain their decision to quit. The broad strokes of the letters explain that they believe Lee bought the entire Freenode network under what they believe are false—but legal—pretenses, and that they have lost control over the network. They said there is little the staff can do to oppose changes that Lee wants to implement.

The now former staff members announced that they are launching a new chat network, Libera.chat, to continue Freenode's mission.

https://www.vice.com/en/article/m7ev8y/freenode-open-source-korea-crown-prince-takeover

💡 read as well:
The new corporate owner of Freenode is Imperial Family Companies
https://t.iss.one/BlackBox_Archiv/2239

#freenode #imperialfamily
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

FemtoStar: taking aim for the stars

The FemtoStar Project is a global community developing a satellite constellation for secure, open, and private communications - anywhere on planet Earth.

FemtoStar is free and open-source technology. This goes for software and hardware alike, and, yes, even for the satellites themselves. You have access to the source files, and if you want to make sure the software on your terminal lives up to its privacy and security claims, the source is freely available to use, read, or modify.

https://www.pine64.org/2021/05/19/femtostar-taking-aim-for-the-stars/

https://femtostar.com/

#femtostar #secure #private #satellite #communication
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

the whole freenode kerfluffle

Yesterday, operational control over freenode was taken over by Andrew Lee, the person who has been owner of freenode limited since 2017. Myself and others have had questions about this arrangement since we noticed the change in ownership interest in freenode limited back in 2017.

Historically, freenode staff had stated that everything was under control and that Andrew’s involvement in freenode limited had no operational impact on the network. It turns out that Christel was lying to them: Andrew had operational control and legal authority over the freenode domains. This lead to several current volunteers drafting their resignation letters.

When I asked Andrew about the current state of the freenode domain, one of his associates who I hadn’t spoken to in months (since terminating the Ophion project I was doodling on during lockdown) came out of nowhere and started offering me bribes of staff privileges and money for Alpine. These developments were concerning to the Alpine council and interim technical committee, so we scheduled an event at AlpineConf to talk about the situation.

Our initial conclusion was that we should wait until the end of the month and see how the situation shakes out, and possibly plan to stand up our own IRC infrastructure or use another network. Then this happened yesterday:

https://ariadne.space/2021/05/20/the-whole-freenode-kerfluffle/

💡 read as well:
Developers Flee Open Source Project After ‘Takeover’ By Korean Crown Prince
https://t.iss.one/BlackBox_Archiv/2241

#freenode #imperialfamily
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Big Data = Big Failure III

Corporate businesses and government agencies are all doing it: collecting data and thereby breaking universal laws. Ready to take action? We know what to do.

Collecting data is not compatible with the UN law we mentioned in part 1 of this series – even if it's done anonymously, and by the government for good reasons.

The basic, underlying problem is that collecting and storing huge amounts of data series anonymously is simply not possible (as we described in part 2). Moreover, considering the amounts of data collected today, anyone with access to it can analyze it and find out things which are firmly restricted by law. There is nothing to stop this from happening today.

Even government agencies want to collect data

The European Convention on Human Rights Article 8 adds to the declaration as follows: “…except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

In plain English: government agencies are always allowed to collect everything since they are doing it for “good” reasons.

Summarizing the series' three blog posts

To collect data about a specific criminal case upon a court’s approval might be in the public’s interest. These are the good examples told to us. However, anything close to mass data gathering leads unconditionally to breaking the UN laws and the foundation of democracy.

Anything other than a minimal data retention policy is unacceptable. We cannot even speculate the horrible things that may happen if all the collected data leaks and falls into the wrong hands for other reasons (for example, change of government, war, malware attack, or human error).

💡 Big Data = Big Failure (1)
https://mullvad.net/en/blog/2021/5/6/big-data-big-failure-i/

💡 Big Data = Big Failure (2)
https://mullvad.net/blog/2021/5/12/big-data-big-failure-ii/

💡 Big Data = Big Failure (3)
https://mullvad.net/en/blog/2021/5/20/big-data-big-failure-iii/

#BigData #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

U.S. government denies disrupting Russian ransomware ring that hacked Colonial Pipeline

Hackers affiliated with DarkSide are complaining the group disappeared without sharing payoff money

The U.S. government was not behind the disruption last week of a Russian hacker ring’s computer network in the wake of the devastating cyberattack on a major U.S. fuel pipeline, four U.S. officials said, while experts said the group’s disappearance could be a ploy.

The shuttering of DarkSide’s operation last Thursday also has led to grousing by hackers affiliated with the group who claim they have not been paid by the ringleaders, according to cyber experts tracking the group. It is not clear whether these affiliates were involved with the cyberattack on Colonial Pipeline on May 7, which led the company to shut down its pipeline for days, creating fuel shortages and panic buying in the southeastern United States.

Last Thursday, DarkSide announced that it had lost access to its servers, which it used to house and display data stolen from victims and to store ransoms it had collected for unlocking computer networks or refraining from releasing victims’ data online.

“In addition,” the group stated in a blog post, “funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

The announcement came shortly after President Biden at a news briefing said the U.S. government was “going to pursue a measure to disrupt their ability to operate.” That fueled speculation that U.S. Cyber Command had knocked DarkSide offline.

But officials, speaking on the condition of anonymity because of the matter’s sensitivity, said military cyber operators did not undertake such an action nor had any other U.S. agency.

https://telegra.ph/US-government-denies-disrupting-Russian-ransomware-ring-that-hacked-Colonial-Pipeline-05-20

via www.washingtonpost.com

#usa #russia #darkside #ransomware #cyberattack #servers #hacked #bitcoin #seized
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facial recognition, fake identities and digital surveillance tools: Inside the post office's covert internet operations program

The post office’s law enforcement arm has faced intense congressional scrutiny in recent weeks over its Internet Covert Operations Program (iCOP), which tracks social media posts of Americans and shares that information with other law enforcement agencies. Yet the program is much broader in scope than previously known and includes analysts who assume fake identities online, use sophisticated intelligence tools and employ facial recognition software, according to interviews and documents reviewed by Yahoo News.

Among the tools used by the analysts is Clearview AI, a facial recognition software that scrapes images off public websites, a practice that has raised the ire of privacy advocates. The U.S. Postal Inspection Service uses Clearview’s facial recognition database of over 3 billion images “to help identify unknown targets in an investigation or locate additional social media accounts for known individuals,” according to materials reviewed by Yahoo News.

https://telegra.ph/Facial-recognition-fake-identities-and-digital-surveillance-tools-Inside-the-post-offices-covert-internet-operations-program-05-20

via www.aol.com

#facial #recognition #digital #surveillance #post #office #internet #usa
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Can a Spreadsheet Really Destroy Your Computer?

Can opening the wrong document really destroy your computer? We explore what could happen if a malicious office macro is lurking a document you open.

https://www.youtube.com/watch?v=_1CqDcqcWGs

#spreadsheet #macros #malicious #hak5 #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv

Now Your Car is a Cybersecurity Risk, Too

💡 Cybersecurity in the auto industry is much more complex than smartphones and PCs for two main reasons:

👉🏼 The dozens of ECUs in each vehicle connected via multiple electronic buses with different speeds and characteristics, and

👉🏼 the multiple potential in-car and remote access points such as OBDII, USB and SD ports, keyless entry, Bluetooth and Wi-Fi, embedded modem, sensors, infotainment or smartphone apps and the multiple connections via telematics and other cloud systems that access car systems.

https://www.eetimes.com/now-your-car-is-a-cybersecurity-risk-too/

#cybersecurity #cyberattacks #cars
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Inside the Bubble at Facebook

This is part 1 in my Truth Distortion Field series.

In March 2018, BuzzFeed published a leaked Facebook memo about their “growth at all costs” mentality, igniting a firestorm about Facebook’s long-standing attitude towards challenges like fake news, filter bubbles, and state actors.

As in any media frenzy, unfair criticisms were voiced — but at the core of the debate was a truth that has had Facebook employees thinking more deeply than ever before about the implications of their company's products.

This wake-up call has been nearly a decade in the making. For the last several years, I’ve tried to understand why certain Facebook executives have been mistaken for so long about the negative impacts of their product and how the truth distortion field at any large company can overtly — and more often, subtly — distort how employees think.

https://www.nemil.com/tdf/part1-employees.html

#facebook #DeleteFacebook #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Facebook Still ‘Secretly’ Tracks Your iPhone—This Is How To Stop It

So, this isn’t good. Your iPhone settings enable you to tell Facebook you don’t want your location tracked. It’s clear and non-ambiguous. Why then, if you tell Facebook “never” to access your location, is the data harvesting giant doing exactly that?

...(...)

Despite me telling my iPhone “never” to allow Facebook access to my location, despite me checking Facebook online to confirm it knows “location history for mobile devices” is set to “off.” Facebook continues to exploit a loophole, harvesting photo location tags and IP addresses, all of which it will, in its own words, “collect and process.”

I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.

My iPhone adds GPS tags to photos—useful to sort and find images. I can use the share function in Apple Photos to strip location data as I send, and most messengers strip this data, but in Facebook’s app, when I upload a photo, the data is sent as well.

Facebook and Instagram do in fact strip the metadata, the so-called EXIF information, from photos that are saved to their platforms. You can see this, because if you save a photo from Instagram or your Facebook albums onto your phone, there will be no location information. That has been replaced with Facebook’s own codes.

And so, you might assume that Facebook has deleted this data. Wrong. If you go to your Facebook privacy settings and select “your Facebook information,” you can download a copy of the data it holds. If you select “photos and videos,” you will see the data that Facebook saved from the images you uploaded.

In the case of this specific photo, the one just uploaded from my iPhone, that data includes a very precise location and my “upload IP address.” Facebook doesn’t need any more than that. If I type those lat/long co-ordinates into Google Maps, I get an exact match to my location, and Google’s Street View shows me the front of my house. As you can imagine, this is not the kind of privacy I had in mind.

https://www.forbes.com/sites/zakdoffman/2021/05/22/apple-user-warning-how-to-stop-facebook-secretly-tracking-your-iphone-ipad/

#facebook #DeleteFacebook #iphone #apple #privacy #data
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Federal Court of Justice (Germany): Secure e-mail service Tutanota must allow surveillance

On its tour of courts, e-mail service provider Tutao has arrived at the Federal Supreme Court.

Tutao GmbH must comply with a ruling by the BGH's investigating judge and allow the monitoring of two e-mail addresses. This is according to a decision of the 3rd Criminal Senate of the Federal Court of Justice dated April 28, 2021, which is available to heise online (2 BJs 366/19-9 VS-NfD). The complaint of Tutao GmbH is admissible, but unfounded.

The order of telecommunications surveillance and recording objected to by Tutao is lawful, the decision states. It does not matter whether the company provides telecommunications services within the meaning of Section 3 No. 24 TKG, i.e. services that consist entirely or predominantly of the transmission of signals via telecommunications networks.

According to Paragraph 100a, Section 1, Sentence 1 of the German Code of Criminal Procedure, telecommunications must be monitored and recorded under certain circumstances, the Criminal Senate further explains. According to paragraph 4 of the same section, every telecommunications service provider must allow courts, public prosecutors' offices and the police to conduct surveillance.

https://justice.digital/2021/05/22/federal-court-of-justice-tutanota-secure-e-mail-service-must-enable-surveillance/

https://www.heise.de/news/Bundesgerichtshof-Sicherer-E-Mail-Dienst-Tutanota-muss-Ueberwachung-ermoeglichen-6051834.html

#tutanota #email #surveillance #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

If Apple is the only organisation capable of defending our privacy, it really is time to worry

A giant private company is doing the work governments should be doing on regulation of user data. That’s not a good thing

A few weeks ago, Apple dropped its long-promised bombshell on the data-tracking industry. The latest version (14.5) of iOS – the operating system of the iPhone – included a provision that required app users explicitly to confirm that they wished to be tracked across the internet in their online activities. At the heart of the switch is a code known as “the identifier for advertisers” or IDFA. It turns out that every iPhone comes with one of these identifiers, the object of which is to provide hucksters with aggregate data about the user’s interests. For years, iPhone users had had the option to switch it off by digging into the privacy settings of their devices, but, because they’re human, very few had bothered to do that.

From 14.5 onwards, however, they couldn’t avoid making a decision and you didn’t have to be a Nobel laureate to guess that most iPhone users would opt out. Which explains why those who profit from the data-tracking racket had for months been going apeshit about Apple’s perfidy. Some of the defensive PR mounted on their behalf, for example Facebook’s weeping about the impact on small, defenceless businesses, defied parody. Other counteroffensives included attacks on Apple’s monopolistic control over its App store and charges of rank hypocrisy – that changes in version 14.5 were not motivated by Apple’s concerns for users’ privacy but by its own plans to enter the advertising business. And so on.

It will be a while until we know for sure whether the apocalyptic fears of the data-trackers were accurate. It takes time for most iPhone users to install operating system updates and so these are still relatively early days. But the first figures are promising. One data analytics company, for example, has found that in the early weeks the daily opt-out rate for American users has been about 94%. This is much higher than surveys conducted in the run-up to the change had suggested – one had estimated an opt-out rate closer to 60%.

If the opt-out rate is as high as we’ve seen so far, then it’s bad news for the data-tracking racket, which the Financial Times estimates to be a $350bn industry, and good news for humanity.

https://www.theguardian.com/commentisfree/2021/may/22/if-apple-is-the-only-organisation-capable-of-defending-our-privacy-it-really-is-time-to-worry

#opinion #apple #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Columbia Engineering Team Builds First Hacker-resistant Cloud Software System

As the first system to guarantee the security of virtual machines in the cloud, SeKVM could transform how cloud services are designed, developed, deployed, and trusted

New York, NY—May 24, 2021—Whenever you buy something on Amazon, your customer data is automatically updated and stored on thousands of virtual machines in the cloud. For businesses like Amazon, ensuring the safety and security of the data of its millions of customers is essential. This is true for large and small organizations alike. But up to now, there has been no way to guarantee that a software system is secure from bugs, hackers, and vulnerabilities.

Columbia Engineering researchers may have solved this security issue. They have developed SeKVM, the first system that guarantees--through a mathematical proof--the security of virtual machines in the cloud. In a new paper to be presented on May 26, 2021, at the 42nd IEEE Symposium on Security & Privacy, the researchers hope to lay the foundation for future innovations in system software verification, leading to a new generation of cyber-resilient system software.

SeKVM is the first formally verified system for cloud computing. Formal verification is a critical step as it is the process of proving that software is mathematically correct, that the program’s code works as it should, and there are no hidden security bugs to worry about.

“This is the first time that a real-world multiprocessor software system has been shown to be mathematically correct and secure,” said Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory. “This means that users’ data are correctly managed by software running in the cloud and are safe from security bugs and hackers.”

The construction of correct and secure system software has been one of the grand challenges of computing. Nieh has worked on different aspects of software systems since joining Columbia Engineering in 1999. When Ronghui Gu, the Tang Family Assistant Professor of Computer Science and an expert in formal verification, joined the computer science department in 2018, he and Nieh decided to collaborate on exploring formal verification of software systems.

Their research has garnered major interest: both researchers won an Amazon Research Award, multiple grants from the National Science Foundation, as well as a multi-million dollar Defense Advanced Research Projects Agency (DARPA) contract to further development of the SeKVM project. In addition, Nieh was awarded a Guggenheim Fellowship for this work.

https://www.engineering.columbia.edu/press-release/first-hacker-resistant-cloud-software-system

#hacker #resistant #cloud #software #system
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Is 5G Opening Security Holes in the Internet of Things?

Market research company Research and Markets, looking at the intersection of the Internet of Things (IoT) and the increasingly popular fifth-generation cellular broadband technology 5G, said, "The global 5G IoT market size is expected to reach USD$11.35 billion by 2027."

The 5G technology and IoT devices are inextricably linked. According to the U.S. Government Accountability Office (GAO) report 5G Wireless Capabilities and Challenges for an Evolving Network, IoT devices are primary consumers of 5G networks.

In the 5G IoT market, IoT devices will multiply exponentially as 5G wireless connectivity enhances their capabilities. Smart factories in industry 4.0, for example, will leverage 5G and an abundance of industrial IoT to increase data visualization and enhance productivity while turning away from wired solutions, according to NetworkWorld .

Yet criminal hackers stand to benefit, too. With 5G wireless, sprawling IoT networks, and the flood of IoT device communications that follow, IoT becomes more vulnerable. As with all infant technologies, we hardly have an inkling about 5G wireless security flaws alone, and IoT is no less subject to attack as vendors trade native security capabilities for swift time-to-market.

Their combined shortcomings will open IoT to many more exploits.

https://cacm.acm.org/news/252849-is-5g-opening-security-holes-in-the-internet-of-things/fulltext

#5g #security #iot #exploits
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv