Author Archives: Patrick Howell O'Neill

Apple’s iOS 11.4.1 blocks tools governments use to crack open iPhones

Posted on by

After months of hints and restarts, Apple has included a key new security feature in the newly released iOS 11.4.1: USB Restricted Mode. The new mode restricts access to iPhones by USB devices and thereby aims to stymie the tools that law enforcement, intelligence agencies and private companies like Cellebrite use to crack iPhone security and look at the data inside. The new restricted mode is on by default. You can see it in the passcode settings on iOS devices where the setting for USB Accessories is by default off. After one hour, iOS blocks USB accessories connecting to the device through cable adapters to the phone’s Lightning port. Will this effectively shut out tools like Cellebrite and GrayShift‘s GrayKey? It’s too early to tell the long-term impact. When the feature was in beta several weeks ago, both companies previously told customers they can likely get around new security methods. Both also cautioned customers, […]

The post Apple’s iOS 11.4.1 blocks tools governments use to crack open iPhones appeared first on Cyberscoop.

Continue reading Apple’s iOS 11.4.1 blocks tools governments use to crack open iPhones

Congress presses Tim Cook and Larry Page for answers on security and privacy

Posted on by

Congressional Republicans sent letters Monday to Apple CEO Tim Cook and Alphabet CEO Larry Page asking for answers on the collection and use of location and audio data by iPhone and Android devices as well as third-party access to consumer data. The two letters came out of the House Energy and Commerce Committee. They were signed by four members: Chairman Greg Walden, R-Ore., Communications and Technology Subcommittee Chairwoman Marsha Blackburn, R-Tenn., Oversight and Investigations Subcommittee Chairman Gregg Harper, R-Miss., and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta, R-Ohio. In response to reports that Google collected location data on Android devices even when location services were turned off, the committee cited Android users’ “reasonable expectation of privacy” and called the alleged tracking behavior “troubling.” “In June 2017, Google announced changes to Gmail that would halt scanning the contents of a user’s email to personalize advertisements to ‘keep privacy and security paramount,’” […]

The post Congress presses Tim Cook and Larry Page for answers on security and privacy appeared first on Cyberscoop.

Continue reading Congress presses Tim Cook and Larry Page for answers on security and privacy

Cellebrite’s newest target: Your IoT-filled home

Posted on by

Smart home devices are quickly proliferating across the the world. Millions of new devices are coming online every year, be it through an Echo or Nest or anything in between. Each one of these devices in the ever-expanding internet of things produces huge troves of data. That information is increasingly becoming a focal point for Cellebrite, the wildly profitable Israeli firm most famous for its cracking open encrypted iPhones on behalf of law enforcement and intelligence agencies. A new set of technical updates, commercial webinars and sales pitches from Cellebrite outline the company’s drive into IoT. “Consumer-grade IoT devices are increasing in popularity and scope,” Mati Goldberg, Cellebrite’s head of digital forensics research, said in a recent video. “The devices and the data they collect are becoming an integral part of investigations but they also come with new investigative challenges.” To make the case for their ability to handle the […]

The post Cellebrite’s newest target: Your IoT-filled home appeared first on Cyberscoop.

Continue reading Cellebrite’s newest target: Your IoT-filled home

German police raid cyber-privacy tech groups

Posted on by

A suite of internet privacy-enabling tools is at the center of a storm brewing in Germany over a controversial law enforcement investigation that’s already netted police mountains of personal and financial information on several different anti-censorship groups. These pro-online anonymity, non-profit organizations are now criticizing German police who, for their part, have mostly stayed mostly silent on the operations. On June 20, German police raided homes and offices for the group Zwiebelfreunde (translated as Onion Friends), an organization affiliated with the Torservers.net group which runs servers for the Tor anonymity network, German media reported. The raid came after the blog Krawalltouristen (translated as Riot Tourists) called for protests against right-wing German politicians. Police have been looking for the authors of this specific blog because they reportedly feared the protests could turn violent. A trove of electronics and documents were seized by police. But members of Zwiebelfreunde say they have no […]

The post German police raid cyber-privacy tech groups appeared first on Cyberscoop.

Continue reading German police raid cyber-privacy tech groups

NSO Group employee allegedly stole source code worth ‘hundreds of millions of dollars’

Posted on by

A former senior programmer at one of the world’s most powerful hacking companies was charged with stealing spyware and trying to secretly sell it for $50 million on the dark net. Headquartered in Tel Aviv, NSO Group is an Israeli cyber surveillance company famous for developing expensive malware that the world’s governments buy to use against high-value targets. The Israeli Justice Ministry said that a 38-year-old former employee downloaded the proprietary malware and attempted to sell it for cryptocurrency after he was fired on April 29, Israeli media reported. The identity of the alleged hacker has not been released publicly. The Justice Ministry imposed a gag order citing a threat to national security. According to Israeli authorities, the former employee conducted internet searches about how to circumvent McAfee Data Loss Protection software that is used by NSO Group as a security measure for its intellectual property. The employee allegedly then moved […]

The post NSO Group employee allegedly stole source code worth ‘hundreds of millions of dollars’ appeared first on Cyberscoop.

Continue reading NSO Group employee allegedly stole source code worth ‘hundreds of millions of dollars’

Raytheon hires Air Force CISO Peter Kim

Posted on by

The U.S. Air Force’s recently departed Chief Information Security Officer Peter Kim joined the military contracting giant Raytheon as its director of IT security and governance at the company’s subsidiary Raytheon Missile Systems, CyberScoop has learned. Kim left the Air Force on June 1 and joined Raytheon later in the month. Wanda Jones-Heath, formerly the deputy CISO, took over the role. As the name implies, Raytheon Missile Systems develops and produces missile systems for the U.S. military and its allies. Kim will be responsible for protecting information as well as handling incident response and cyber risk while establishing standards across Raytheon’s missile business. Kim spent the last decade working in cybersecurity at the Pentagon. After four years in communications and IT across Europe and Hawaii for the military, in 2006 Kim took over as the commander of the 92nd Information Operations Squadron, the Air Force’s primary blue team. He worked with […]

The post Raytheon hires Air Force CISO Peter Kim appeared first on Cyberscoop.

Continue reading Raytheon hires Air Force CISO Peter Kim

Brave browser adds private tabs with Tor for ‘enhanced privacy protection’

Posted on by

The ad-blocking web browser Brave introduced a new feature in which private tabs use the anonymity software Tor to provide users with “enhanced privacy protection,” the company announced Thursday. Brave’s new private tabs feature, currently in beta, follows the beginnings of an effort from Mozilla to accomplish a similar goal in its Firefox browser. Launched in 2016, Brave itself is a niche open-source browser with ambitious and sometimes unique goals, including blocking ads while still paying content creators directly from users themselves. The new Brave feature can be activated now by downloading the software, clicking the file menu and then clicking New Private Tab with Tor. “Normal” private tabs that don’t employ Tor are still available. Here’s a video of the new feature in beta: “Private Tabs with Tor help protect Brave users from ISPs (Internet Service Providers), guest Wi-Fi providers, and visited sites that may be watching their Internet connection or even tracking and collecting IP addresses, a […]

The post Brave browser adds private tabs with Tor for ‘enhanced privacy protection’ appeared first on Cyberscoop.

Continue reading Brave browser adds private tabs with Tor for ‘enhanced privacy protection’

Former Equifax employee charged with insider trading over 2017 data breach

Posted on by

The Securities and Exchange Commission accused a former Equifax employee of trading on confidential information in advance of the public announcement of the company’s 2017 data breach that impacted 148 million people. Equifax software engineering manager Sudhakar Reddy Bonthu is charged with taking and trading on the confidential information he received when he created a website for consumers impacted by the breach. Prosecutors say that Bonthu earned over $75,000 on his trading, a 3,500 percent return on his investment after Equifax’s stock fell 14 percent. He was fired in March after refusing to cooperate with an internal Equifax investigation. “As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit,” said Richard R. Best, Director of the SEC’s Atlanta Regional Office.  “Corporate insiders simply cannot abuse their access to sensitive information […]

The post Former Equifax employee charged with insider trading over 2017 data breach appeared first on Cyberscoop.

Continue reading Former Equifax employee charged with insider trading over 2017 data breach

Former Obama administration senior cybersecurity adviser hired at Illumio

Posted on by

Former Obama administration cybersecurity official Jonathan Reiber has joined data center and cloud security company Illumio.
Reiber will take the role of head of cybersecurity strategy. The role was previously occupied by another former Obama administ… Continue reading Former Obama administration senior cybersecurity adviser hired at Illumio