Unlocking

now browsing by tag

 
 

#nationalcybersecuritymonth | Security experts explain why unlocking the Pensacola shooter’s iPhones would unleash a privacy nightmare for iPhone owners

Source: National Cyber Security – Produced By Gregory Evans

  • Apple’s decision not to unlock or create a backdoor into the iPhones used by a gunman in a Florida shooting last month puts the tech giant at odds with the United States government yet again.
  • Security experts agree, however, that circumventing the iPhone’s security poses a significant risk to iPhone users since it would provide a means to obtain private data that even Apple can’t presently access.
  • There’s a risk that such a tool could fall into the wrong hands, some experts warn.
  • Visit Business Insider’s homepage for more stories.

Attorney General William Barr recently called on Apple to help unlock the iPhones used by a gunman in Pensacola, Florida last month – a situation that once again requires the tech giant to balance protecting consumer privacy with its legal obligation to assist in investigating a shooting that’s resulted in the loss of American lives.

But security experts agree that providing access to the shooter’s iPhone could jeopardize the security of the millions of iPhones in use around the world.

„In essence, you’re trying to make a weapon that can only be used on a single target,“ Jacob Doiron, an information systems lecturer at San Diego State University, said to Business Insider. „But that’s not the nature of weapons, or exploits. They are applicable to any device that has that profile or configuration.“

On Monday, Barr said that Apple had not provided any „substantive assistance“ in getting access to two iPhones belonging to the shooter, Mohammad Alshamrani, who killed three people at a naval airbase last month. But Apple has since refuted that characterization, saying that it had provided iCloud backups, information, and other data from Alshamrani’s account in cooperating with the investigation. Now, Apple is reportedly gearing up for a legal battle with the Department of Justice to defend its position, according to The New York Times.

„We have always maintained there is no such thing as a backdoor just for the good guys,“ Apple said in a comment to Business Insider. „Backdoors can also be exploited by those who threaten our national security and the data security of our customers.“

Apple took a similar position in 2016 when it was caught in a stand-off with the Federal Bureau of Investigation over whether it should unlock an iPhone linked to a shooting in San Bernardino, California. Apple refused to unlock the iPhone, and the FBI ultimately ended up working with a private companyto gain access to the device.

The crux of the issue when it comes to unlocking an iPhone or bypassing its encryption , according to privacy experts, is that once Apple creates a backdoor, there’s a risk that it can be used in unpredictable and in some cases harmful ways.

„I would say the chances of it falling into the wrong hands are 100%,“said Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro.

There’s also the question of why Apple couldn’t just create the tool for the purposes of the investigation and then push an update to iPhones that would render it obsolete. For that to work, the backdoor would have to be tied to the software only, not the iPhone’s hardware, says Doiron. „Sometimes these vulnerabilities take place on the hardware, level,“ he said. „That’s not something that could be fixed via software.“

„We’re on your side“

The broader issue, however, may be that creating such a tool would put private, encrypted data from iPhone users in the hands of Apple and its employees – a privilege the company doesn’t want to begin with. Such a move that would be in stark opposition to Apple’s stance on consumer privacy.

„You are not our product,“ Apple CEO Tim Cook said in an interview with ABC News last year. „Our products are iPhones and iPads. We treasure your data. We want to help you keep it private and keep it secure. We’re on your side.“

Foto: Apple CEO Tim Cook.sourceREUTERS/Toru Hanai

Theoretically, if Apple were to create some type of tool or key that would provide backdoor access to encrypted iPhone data, employees from Apple would have access to that information as well since they would likely be assisting in the investigation. What’s to prevent an Apple worker from going rogue and possibly leaking iPhone user data, or using the tool for nefarious purposes?

Nunnikhoven pointed to EternalBlue as an example of how a tool built for specific purposes could fall into the wrong hands. EternalBlue was a National Security Agency hacking tool that leaked to the public in 2017 that was linked to the WannaCry ransomware attack that infected computers all over the world during that same year.

Creating the tool in general would also require a significant effort on Apple’s part. It’s not simply about cracking the passcode of the device, but would likely require that a dedicated team at Apple create a piece of software capable of accessing the data stored on the device, says Nunnikhoven. The government, in other words, is asking Apple to enable something that isn’t even possible on iPhones today.

Unlocking these iPhones for the Pensacola investigation would also likely set a precedent for law enforcement agencies to request similar treatment for future cases as well, says Matt Wilson, chief information security advisor at BTB Security.

„It’s just more evidence to prove this isn’t just [cybersecurity experts] saying, ‚I don’t want to think about it,’“ said Wilson. „It’s [experts] saying we’ve thought about it very long and very hard, and we don’t see a viable way that addresses all of these issues.“

Source link

The post #nationalcybersecuritymonth | Security experts explain why unlocking the Pensacola shooter’s iPhones would unleash a privacy nightmare for iPhone owners appeared first on National Cyber Security.

View full post on National Cyber Security

Unlocking the power of Sophos Central API – Sophos News

Source: National Cyber Security – Produced By Gregory Evans

Last year I wrote about how the Sophos Security Team uses a variety of data streams to help give context to its threat hunting data.

One of those data streams is from our very own Sophos Central, but we have always used an unsupported method to obtain it, until now. The Sophos Security Team is super excited to let you know that the Sophos Central API has been officially released!

This means there’s now a supported method to get tenant information from Sophos Central, and it will help provide context to other security logs you may be monitoring in your estate.

We are also sharing our Sophos Central API Connector Python Library to help you get the information quickly using your Sophos Central API keys.

Let’s dig deeper into how the data is used and obtained.

About the API

There are several steps required to begin querying endpoint and event information from the Sophos Central API. You will need to create and securely store a client ID and client secret to access the API for your tenant(s). We can’t stress enough how important it is to store these keys securely.

Here’s the basic concept of the authorization process:

  1. Authorize and obtain a bearer token for OAuth2 using your client ID and client secret.
  2. Authenticate with the whoami api to get your partner, organization or tenant ID using the bearer token.
  3. If you are a partner or organization, you can obtain all your tenant ID information for your different estates using the specific API.

Once you have your tenant IDs and their associated data region API host, you can begin to get endpoint or event data for those tenants. In this article we’ll focus on two APIs: GET /alerts and GET /endpoints.

GET /endpoints
The Endpoint API focuses on querying computer and server endpoints. It allows you to perform routine actions on them such as gathering system information, performing or configuring a scan, gathering or changing the tamper-protection state, triggering an update, or deleting an endpoint. When using the GET /endpoints path this will get all the endpoints for the specified tenant.

GET /alerts
The Common API is the interactive alert management for open alerts and allows you to act on them. The GET /alerts functionality, which is part of the Common API, fetches alerts which match the criteria you have specified in the query parameters.

Once you have the allowed actions from the alert, you can post to perform an action for that event. Alternatively, there is a path to post a search for specific event criteria, or search for alerts for a specific endpoint ID.

For information on how to create your API keys and more detailed information on the APIs themselves, have a look at the Sophos Central API developer site.

All of this is important to know, but how does the Sophos Security Team obtain and use this data?

What we use the data for

The information obtained from Sophos Central API, coupled with other security/applications logs in our SIEM, allows us to enrich our security use cases. This lets us pinpoint the more serious events and swiftly act on these.

It also aids automation, allowing the flows to act on events and obtain more information from Central on a specific given device. This offers greater insight to the health state of the machine. Not only that – given the alert type, you can clean or delete detections, trigger a new scan, or see which systems you need to focus on in an incident.

We plan to offer even more data and functionality over the coming months. I would encourage you to keep an eye on our What’s New page for further announcements.

Sophos Security Team Central API Connector Library

Our goal when developing the API Connector Library was to make it easy for our team to utilize the Sophos Central API in our various security use cases.

We then realized the library would also be useful for you, our customers, to help you begin ingesting data into your SIEM, or simply obtaining the data so you could see what you could do with it.

So that’s exactly what we have done! The library is now available. You can access it from:

  • PyPI – pip install sophos-central-api-connector
  • GitHub

Alongside the library, we have a sophos_central_main.py which has been written to get the inventory or alert data from Sophos Central API using the CLI.

There are four output options available using the CLI:

  • stdout: Print the inventory information to the console.
  • json: Save the output of the request to a json file.
  • splunk: This will send the data to Splunk with no changes made and apply the settings from the token configuration.
  • splunk_trans: Using this output will apply the information set in the splunk_config.ini for the host, source, and sourcetype. This will override the settings in the token configuration. However, it will not change the Index that the data should be sent to.

I will cover the functionality with an example command, but first we need to cover the different config files it uses.

Configuration Files

sophos_central_api_config.py

The majority of the variables contained in this config file must remain static to maintain the correct functionality of the Sophos Central API Connector. However, there are two variables which can be changed if you’d prefer default behavior to be different.

DEFAULT_OUTPUT: This variable is set to ‘stdout’ so if no output argument is passed to the CLI, results will be returned to the console. You can change this to be another valid value if desired.

DEFAULT_DAYS: This variable is set to ‘1’ if no days argument is passed in certain scenarios. This default is also used for the default number of days passed for polling alert events. More on this to follow below.

sophos_config.ini

While you can set static API credentials in this configuration, we strongly advise that this is only done for testing purposes. Where possible, use AWS Secrets Manager to store your credential ID and token.

You can access your AWS Secrets by configuring your details as below:

secret_name: <secret_name>
region_name: <aws_region>
client_id_key: <specified_key_name>
client_secret_key: <specified_key_name>

The page size configuration is the number of events you would like to appear per page when querying the Sophos Central API. You may specify maximum page sizes, which will be checked during the execution of the connector. If these pages sizes are left blank, the default page sizes will be used as determined by the API.

splunk_config.ini

This config is solely for admins who are sending the alerts and inventory directly to Splunk. There are options for both static token information as well as an option to use the AWS Secrets Manager. We would recommend that the static entry option is only used for testing purposes and the token is stored and accessed securely.

Information on how to enable and setup the Splunk HTTP Event Collector can be found in the HTTP Event Collector documentation.

Example Commands

Once you have set up your config files, you can start see what data you have.

To display syntax help information:

‘python <path to file>/sophos_central_main.py --help’

To get your tenant information:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get tenants’

To get inventory data:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get inventory --output <output_option>’

If you wish to just get the inventory for one specific tenant, then the syntax is the following:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get inventory --tenant <tenant_id> --output <output_option>’

You can use the tenant ID displayed when the get tenant query was run.

As with the option for “get inventory”, you can retrieve alerts for a specific tenant or all tenants. In addition, you can specify the number of days’ worth of alerts you would like to pull back by using the days parameter.

Sophos Central holds event data for 90 days, so when passing the days argument, you can specify days as an integer from 1 to 90. If no argument for the number of days is passed, a default of one day is set, or to whatever was set in the ‘default_days’ in the sophos_central_api_config.py file.

To get the alert data run:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get alerts --days <integer: 1-90> --output <output_option>’

Because alerts could come into Central at varying times depending on when the machine sends the information back, we needed a way to see what alerts had already been sent to our SIEM. When passing the polling option, a list of successful events will be maintained to prevent duplicates from being sent to the SIEM.

To run the polling option:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get alerts --days <integer: 1-90> --poll_alerts --output <splunk or splunk_trans>’

There is no polling option for the “get inventory” functionality, as the data for all systems should be returned to obtain a full inventory. This is because the data for each machine can change each time the CLI is run, or simply get specific endpoint id inventory data if required.

Why the Sophos Security Team is excited about Sophos Central API

We love the flexibility Sophos Central API offers, and how it allows us to bring more context to our other logs. We’ve been able to instantly get an idea of the host health and whether there have been any recent detections. Plus, alerts and devices are really easy to maintain from Central.

It’s safe to say that the Security Team has given the API a big thumbs up already, and we hope that you find the Sophos Central API Connector Python Library useful too.

Keep an eye out for more features in the future as Sophos Central API continues to be updated.

Source link

The post Unlocking the power of Sophos Central API – Sophos News appeared first on National Cyber Security.

View full post on National Cyber Security

Face #ID shown #unlocking for #family #members who aren’t #alike

Source: National Cyber Security – Produced By Gregory Evans

Apple’s Face ID is the safest facial recognition system ever made for smartphones. Unlike its Android alternatives, it can’t be hacked with photos, and it can be used to authenticate mobile payments. It’s a lot more secure than Touch ID, and it’ll likely equip more Apple devices in the future. Even Android device makers are expected to copy Face ID this year.

But Face ID isn’t hackproof. It’s been proven already that young children can hack into their parents’ iPhone X units. Twins and triplets can also unlock the phones belonging to their siblings, especially at young age, and it’s pretty obvious why that happens.

A brand new video shows the same kind of Face ID hack between two family members who aren’t alike.

Posted on YouTube, a short video clip shows a daughter and mother unlocking the same iPhone using Face ID. The daughter isn’t that young, and she’s not so similar to her mother.

The Face ID hack is successful time and again, which is impressive. Somehow, the device thinks the same person is facing the phone, and it’s unlocking the device accordingly.

It’s unclear at this time whether the iPhone was trained to recognize both family members. The way Face ID works is that it keeps taking images of the user whenever the phone is unlocked, to continuously update the mathematical expression assigned to one’s face. By inputting the password after a failed Face ID unlock, you practically instruct the phone to include the most recent scan in its library, especially if it somewhat matches your face. Is this a real hack? Or is it a sort of error where Face ID was simply trained to recognize both faces, and made up some sort of weird mix between the two? After all, the two women are still mother and daughter, so it’s likely Face ID can find more than a few similarities between them.

Here’s a reminder of how Face ID works:

To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation—if its quality is sufficient—for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.

Whatever is allowing this hack to work, Apple should definitely find a way to fix it.

The post Face #ID shown #unlocking for #family #members who aren’t #alike appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Transparent Practice Padlocks with 12pcs Unlocking Lock Pick Set Key Extractor Tool Lock Pick Tools Silver

Transparent Practice Padlocks with 12pcs Unlocking Lock Pick Set Key Extractor Tool Lock Pick Tools Silver

The Transparent Practice Padlocks with 12pcs Unlocking Lock Pick Set Key Extractor Tool Lock Pick Tools will help you quickly learn how to pick common residential cross locks. The practice cross lock is made of transparent material so you can … View full post on National Cyber Security Ventures

Cell Phone Unlocking & Computer Maintenance (Newton)

Source: National Cyber Security – Produced By Gregory Evans

Cell Phone Unlocking & Computer Maintenance (Newton)

We are now processing factory unlocks and jealbreak for any cell phone for most providers.. We can provide a permanent unlock in 1-12hrs.. After Unlocking your phone can be used with any carrier network. All Android Phones Factory Unlock. Rogers / Fido iPhone (All Models Supported) Factory unlock. Telus / Koodo iPhone (All Models Supported) Factory unlock. Bell / Virgin iPhone (All Models Supported) Factory unlock. We Fix Computer Hardware & Software. We Buy & Sell Phones & Computers. Source: http://vancouver.craigslist.ca/rds/cps/5299528705.html

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cell Phone Unlocking & Computer Maintenance (Newton) appeared first on National Cyber Security.

View full post on National Cyber Security

AT&T Sues Former Employees For Unlocking Phones

Source: National Cyber Security – Produced By Gregory Evans

If you get caught fraudulently unlocking cell phone units that are tied up with the carrier you are working for, be prepared for a lawsuit to come your way. In this case, the parties involved are telecommunications company AT&T and three former employees. The three former employees have been accused of perpetuating the unlocking of thousands of mobile phone units tied up to AT&T. According to PC Mag, the trio, MarcSapatin, Nguyen Lam and Kyra Evans, worked for AT&T in 2013 in an AT&T call center in Washingtonmoonlighted by helping other mobile resellers to unlock the phones. The three former employees of the company have used the scheme to earn money. A company called Swift Unlocks has reportedly paid the three for their services. Evans was said to have been paid $20,000, while Sapatin got $10,000. Lam’s fee remained unclear. AT&T has filed a lawsuit against all three, as well as Swift Unlocks. Daily Times Gazette reported that AT&T has been able to find out about the trio’s activities because they have left evidence that subsequently alerted the heads of the telecommunications company. The lawsuit filed may lead to the arrest of Lam, Evans, Sapatin and Prashant Vira of Swift Unlocks. […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post AT&T Sues Former Employees For Unlocking Phones appeared first on National Cyber Security.

View full post on National Cyber Security

AT&T SUES EX-EMPLOYEES OVER PHONE UNLOCKING & HACKING MALWARE

Source: National Cyber Security – Produced By Gregory Evans

AT&T has brought a lawsuit against three of its former employees and an Anaheim-based IT company, alleging that the group conspired to install malware on company computers that would illicitly generate unlock codes for customer phones. According to the suit, Anaheim’s Swift Locks company worked with customer service reps in AT&T’s Bothell, Washington center to nab unlock codes for phones that were still under contract (and therefore not eligible to be moved to another carrier’s network) and then sell them for a profit. Reportedly, the customer service reps installed malware on their company computers which gave Prashan Vira, who runs Swift Unlocks, and 50 other SU employees/unnamed co-defendants access to their machines. The Swift Unlocks team then apparently ran a program that generated the unlock codes using the service reps’ credentials. According the the lawsuit, the reps were paid $2000 every two weeks for their cooperation (netting between $10,500 and $20,000 before the scam was discovered) and Swift Unlocks gained access to “hundreds of thousands” of unlock codes. “Locking” phones into a single carrier allows service providers like Verizon, AT&T or Sprint to guarantee that their customers will stay for the duration of their contract (or at least force them […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post AT&T SUES EX-EMPLOYEES OVER PHONE UNLOCKING & HACKING MALWARE appeared first on National Cyber Security.

View full post on National Cyber Security

Cell Phone Unlocking Service: Unlock All Phones for $20 only – $20 (Toronto)

Source: National Cyber Security – Produced By Gregory Evans

Unlock your phone with Canada’s factory unlock source! 20DollarUnlocks.ca has you covered with all phone unlocks for $20, regardless of phone make/model* Simple policy: No unlock, No charge. If we are unable to provide you an unlock, you get your refund immediately. We are the only providers of factory unlock services and you do not have to go anywhere to get your phone unlocked—it’s all done online, in less than 30 seconds! Visit us at 20DollarUnlocks.ca and get your device unlocked! Source: http://toronto.craigslist.ca/tor/mob/5176404629.html

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cell Phone Unlocking Service: Unlock All Phones for $20 only – $20 (Toronto) appeared first on National Cyber Security.

View full post on National Cyber Security

UNC researchers unlocking the mysteries of autism

Source: National Cyber Security – Produced By Gregory Evans

RALEIGH, N.C. — One out of 68 children born in the United States is later diagnosed with Autism Spectrum Disorder but University of North Carolina researchers believe they have found a cause for one form of the disorder. Advances in sequencing the human genome is helping researchers unlock the mysteries of different diseases and disorders. Billions of genes can be mapped faster and for less cost. “Just in the last 3 years, there’s been a real revolution in our understanding of the genetic underpinnings of autism,” UNC autism researcher Dr. Mark Zylka said. Recent studies took advantage of genome sequencing data from thousands of children with autism and their unaffected parents. Researchers identified new mutations in thousands of genes related to autism spectrum disorder. “These are mutations that change a single amino acid in the protein from one amino acid to another,” Zylka said. Zylka and his UNC research team focused on one of the genes called UBE3A, which is found on chromosome 15. It’s known for its implications for neurodevelopmental disorders. They found that a certain chemical reaction with the mutation turned the gene on and it stays on all the time. That’s important because UBE3A is an enzyme […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post UNC researchers unlocking the mysteries of autism appeared first on National Cyber Security.

View full post on National Cyber Security

Cracking a BlackBerry Passport: Unlocking is surprisingly easy

Cracking a BlackBerry Passport: Unlocking is surprisingly easy

My new BlackBerry Passport turns out to be a great phone. But there was one minor disadvantage that had nothing to do with the phone itself. It turns out that my home in the country is in a bad spot […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security