hacking

You are currently browsing articles tagged hacking.

ABC logoSo SIM card manufacturer Gemalto has responded to the claims that America’s NSA and Britain’s GCHQ had hacked their network in 2010 and 2011 and stolen SIM card encryption keys. I spoke about that response on ABC Radio’s AM this morning.

You can read Gemalto’s full press statement, but The Wall Street Journal has a good summary, and The Intercept has various infosec experts disputing Gemalto’s analysis.

If nothing else, it seems unlikely that Gemalto could have conducted a thorough forensic investigation in just six days — although they may have just dig out a report they’d prepared earlier.

Here’s how AM introduced the story today:

Overnight the world’s largest SIM card manufacturer has responded to allegations it was hacked by American and British spies. Dutch company Gemalto confirmed it was the target of sophisticated hacks in 2010 and 2011, and most likely the US National Security Agency and their British counterparts were responsible. Last week, documents from Edward Snowden alleged spies stole encryption keys from Gemalto, giving them potential to monitor mobile communications. But Gemalto denies there was mass theft of encryption keys and says their products are secure.

And here’s the full report from journalist Sarah Sedghi.

The audio is ©2015 Australian Broadcasting Corporation. It’s served here directly from the ABC website, where you can also read a transcript.

FIVEaa logoThird time’s the charm, right? My third radio spot on The Great SIM Heist was for 1395 FIVEaa in Adelaide on Wednesday afternoon.

Again, I won’t repeat the background, because it’s all in my first post on the subject. But I will say that this is the most detailed conversation about it so far, because presenter Will Goodings and I spoke for 13 minutes.

That said, there’s not much more information than we had yesterday. Gemalto isn’t due to hold its press conference until late this evening Australian time, so we’ll know more tomorrow.

The audio is ©2015 Nova Entertainment.

2UE logoThe second radio spot I did on The Great SIM Heist — or perhaps I should say the claimed heist, or even the alleged heist — was for the Sydney talk radio station 2UE on Tuesday afternoon.

I won’t repeat all the background. See my previous post for that. But I will say that it’s always interesting to hear the different questions asked and concerns raised by different presenters. And of course my responses differ in content and style to match the style of the program and the radio station.

Here’s the full seven-minute chat with drive presenter Justin Smith. At the end, we seem to have invented a new regular segment. And at least this time I pronounced Gemalto correctly.

This audio is ©2015 Radio 2UE Sydney Pty Ltd.

ABC logoOn Friday, The Intercept published some astounding claims under the headline The Great SIM Heist: How spies stole the keys to the encryption castle. The story claims that Five Eyes spooks had achieved a major breakthrough in their ability to monitor mobile communications.

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden…

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

The company in question is Gemalto. With headquarters in Amsterdam, and 28 “personalisation facilities” around the world that burn the encryption keys into SIM cards, it has nearly 30% of the market — making it an obvious target for spooks.

The story started to filter through to the mainstream media on Monday in the US, or Tuesday Australian time, and I’ve already done two radio spots on the topic — and doubtless there’ll be more to come.

The first spot was an interview for ABC Radio, and parts of it ended up in this report on The World Today.

[The three Australian mobile network operators] Telstra, Vodafone and Optus have all confirmed that Gemalto has supplied their SIM cards. Sarah Sedghi reports.

This is the full five-minute report.

The audio is ©2015 Australian Broadcasting Corporation. It’s served here directly from the ABC website, where you can also read a transcript.

ABC logoAs I mentioned in my previous post, one of the technology stories that crossed over into the mainstream media last week was the news that Samsung’s Smart TV were listening out for conversations — part of its voice recognition features — and transmitting them to an un-named third party.

Now I won’t repeat the reasons why Samsung needs to do this, but I will repeat that Samsung’s big mistake was to have this voice recognition feature turned on by default — which meant that customers were unaware it was happening unless they happened to read the lengthy privacy policy and understand its implications.

This is the second radio spot I did on the topic, for ABC 720 Perth with presenter Jamie Burnett.

This audio is @2015 Australian Broadcasting Corporation.

Bonus link: My ZDNet Australia piece from Smart TVs are dumb, and so are we.

FIVEaa logoOne of the technology stories that crossed over into the mainstream media last week was the news that Samsung’s Smart TV were listening out for conversations — part of its voice recognition features — and transmitting them to an un-named third party.

Now Samsung needs to do this because the TV itself doesn’t have enough grunt to do the voice recognition. It’s the same reason that Google Translate needs to send your words off to their servers, do the translation there, and send the translated words back.

And there’s a reasonable argument to be made that the TV needs to listen the whole time, so it knows when you’ve started talking to it.

The audio information is sent to a third party because they’re the ones providing the speech recognition technology.

But Samsung’s big mistake was to have this feature turned on by default, so that customers were unaware it was happening — unless they happened to read the lengthy privacy policy and understand its implications. And who does that?

I ended up doing two radio spots on this topic, and this is the first — a chat with Will Goodings on 1395 FIVEaa in Adelaide.

The audio is ©2015 dmgRadio Australia.

Bonus link: My ZDNet Australia piece from late 2013, Smart TVs are dumb, and so are we.

2UE logoThis was the week that the Australian media returned from holidays. What caught the eye, or ear, of Justin Smith on Sydney’s radio 2UE on Tuesday afternoon was the series of hacks and planned hacks for political purposes.

Someone had hacked the Twitter and YouTube accounts of US Central Command (CENTCOM) — although it probably wasn’t Islamic State. And Anonymous, or at least their French-speaking sections, announced that they were declaring war on the jihadists.

I’m posting the audio stream even though it suffers some dropouts. I’m assuming this was just the stream back to me, rather than the broadcast chain, because we continued on air regardless.

This audio is ©2015 Radio 2UE Sydney Pty Ltd.

Sydney skyline, 30 December 2014: click to embiggenMy week of Monday 29 December 2014 to Sunday 3 January 2015 was a strange mix of relaxation and stress. Relaxation during the New Year break, and stress because the server migration I was doing started to become a complete pain.

Since this is being posted a week late, I won’t bother expanding on all that for now. I may or may not issue a series of whinges in relation to the server migration.

But I will mention that on 30 December I migrated from Bunjaree Cottages near Wentworth Falls to Lilyfield in Sydney’s inner west, there to spend most of January. If you need to catch up with me in Sydney for some reason, this is the month for you.

Articles

5at5

There were three editions of 5at5 this week, on Monday, Tuesday, and Friday. You might want to subscribe so you receive them all. Subscribe. Just subscribe.

Media Appearances

Corporate Largesse

None.

[Photo: Sydney skyline, photographed on 30 December 2014. I seem to recall that it was a very hot day that day.]

ABC logoThe Christmas Day attacks on Sony’s PlayStation Network and Microsoft’s Xbox and the supposed culprits, Lizard Squad, featured in this week’s “Tech Wreck” segment on ABC 720 Perth. Also, fake fingerprints and Facebook’s end of year review.

Lizard Squad had claimed responsibility for the attacks, and stopped them when Kim Dotcom paid them off. I reckon that was a mistake. Meanwhile, infosec journalist Brian Krebs thinks he’s identified Lizard Squad members, and later reported that at least one has been arrested.

A hacker presenting at the Chaos Computer Club conference in Germany demonstrated how he could recreate a fingerprint just from photographs.

And the Facebook thing? Just read this guy’s story.

The presenter is Jamie Burnett.

I’ve delayed posting this audio because there was a problem. I normally record off the ABC’s internet feed, but the link dropped out part-way. Journalist Will Ockenden was kind enough to pull the audio from the ABC’s archiving system, but that was interrupted by bushfire alerts. What to do?

I decided I’d post it as-is, because this is what Perth listeners would have heard, and it highlights just how serious Australia has to get during our hot, dangerous summers.

The next “Tech Wreck” segment is on ABC 720 Perth this Tuesday 6 January 2015 at 1430 AWST / 173 AEDT.

The audio is ©2014 Australian Broadcasting Corporation.

« Older entries