Here are the encryption stories that we’re looking at this week. In this edition, read about encryption challenges for IoT, European Union backlash against backdoors and the ripple effect of the ShadowHammer attack.
Imagine buying a home-security camera with the capability to punch through firewalls and share your data with millions of other connected devices, peer-to-peer. Imagine your baby monitor connected to a worldwide network of other shared devices all homing in to the same Chinese based manufacturing mothership. Imagine the outdated code is replete with stale vulnerabilities that expose it to remote compromise from any P2-peerthat can connect.
For a nominal fee, you can buy an unencrypted IoT device requiring zero authentication and fully functional with the scan of a barcode. The only thing more ear-catching than that is finding out how many have already been sold. Read the full article.
Taking a page from Australia’s book, the FBI is pushing to have near-unlimited access to consumer and corporate encrypted communications, chasing cybercrime down its own dark alleys. “It can’t be a sustainable end state for there to be an entirely unfettered space that’s utterly beyond law enforcement for criminals to hide,” argues FBI director Christopher Wray at RSA last month. While intended to shine a light, privacy advocates fear government mandated encryption backdoors will backfire, becoming state-sanctioned snooping on one of the last free frontiers of privately-encoded messaging.
Europe backs the pedestrian’s right of way, acknowledging “if we respect privacy, then encryption is the main key to security in the IT world,” according to Yves Vandermeer, chair of the European Cybercrime Training and Education Group (ECTEG). However, he does concede the “need to address the [encryption] challenge in other ways.” Read the full article.
Kaspersky confirmed that at least six other firms fell victim to what is now seen as a trojan attack. ShadowHammer struck a blow to ASUS earlier this year as the malware took down its systems from the inside, hidden in its machines in a wide-sweeping supply-chain attack. While unfortunate, the fact that several Asian gaming corporations got similarly “pwned” adds some consolation to the Taiwanese electronics giant.
Some digging reveals the malware was signed with valid certificates, not surprising given that this is an increasing trend in dark cyber. So what’s the answer for laptop makers, gamers and all of us who rely on the validity of their supply chains? Read the full article