Category: backdoors
-
On the Security of Password Managers
On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane,…
-
Backdoor in Notepad++
Backdoor in Notepad++ Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal…
-
Hacking Electronic Safes
Hacking Electronic Safes Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this…
-
The UK May Be Dropping Its Backdoor Mandate
The UK May Be Dropping Its Backdoor Mandate The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately. Bruce Schneier Go to bruce schneier
-
Encryption Backdoor in Military/Police Radios
Encryption Backdoor in Military/Police Radios I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but…
-
China Accuses Nvidia of Putting Backdoors into Their Chips
China Accuses Nvidia of Putting Backdoors into Their Chips The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s artificial intelligence chips. It said US AI experts…
-
Google Sues the Badbox Botnet Operators
Google Sues the Badbox Botnet Operators It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google’s security protections, and the…
-
“Encryption Backdoors and the Fourth Amendment”
“Encryption Backdoors and the Fourth Amendment” Law journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspective: Abstract: The National Security Agency (NSA) reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of three theories removed the Fourth Amendment’s requirement that…
-
Communications Backdoor in Chinese Power Inverters
Communications Backdoor in Chinese Power Inverters This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. […] Over the past nine months, undocumented…
-
Florida Backdoor Bill Fails
Florida Backdoor Bill Fails A Florida bill requiring encryption backdoors failed to pass. Bruce Schneier Go to bruce schneier
-
More Countries are Demanding Backdoors to Encrypted Apps
More Countries are Demanding Backdoors to Encrypted Apps Last month, I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating backdoors. Both initiatives are attempting to scare people into supporting backdoors, which are—of course—are terrible idea. Also: “A Feminist Argument…
-
Thousands of WordPress Websites Infected with Malware
Thousands of WordPress Websites Infected with Malware The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in…
-
An iCloud Backdoor Would Make Our Phones Less Safe
An iCloud Backdoor Would Make Our Phones Less Safe Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access…
-
An LLM Trained to Create Backdoors in Code
An LLM Trained to Create Backdoors in Code Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.” Bruce Schneier Go to bruce schneier
-
UK Is Ordering Apple to Break Its Own Encryption
UK Is Ordering Apple to Break Its Own Encryption The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big…
-
New VPN Backdoor
New VPN Backdoor A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a…