The U.S. National Security Agency (NSA) has largely compromised the security of every Internet user through a previously unknown decade-long encryption program that has amassed a massive amount of exploitable data. The shocking revelation, which saw the light of day on Thursday, as well as a new report from Sunday in a German weekly Der Spiegel they gave a whole new meaning to our personal fears.
The most private data of iPhone, BlackBerry and Android owners is at risk because it is absolutely accessible, as the NSA is able to break through the safeguards of these systems, which were previously considered highly secure. Based on top-secret documents leaked by NSA whistleblower Edward Snowden, Der Spiegel writes that the agency is able to get a list of contacts, text messages, notes and an overview of where you've been from your device.
It doesn't look like hacking is as widespread as the documents mention it, but on the contrary, there are: "individually tailored cases of smartphone eavesdropping, often without the knowledge of the companies that manufacture these smartphones.
In internal documents, the Experts boast of successful access to information stored in iPhones, as the NSA is able to infiltrate a computer in the event that a person uses it to synchronize data in their iPhone, using a mini-program called a script, which then allows access to other 48 functions of the iPhone.
Simply put, the NSA is spying with a system called a backdoor, which is a way to remotely break into a computer and decrypt the backup files created every time an iPhone is synced through iTunes.
The NSA has established task forces that deal with individual operating systems and their task is to gain secret access to data stored in popular operating systems that run smartphones. The agency even gained access to BlackBerry's highly secure email system, which is a huge loss for the company, which has always maintained that its system is completely unbreakable.
It looks like 2009 is when the NSA temporarily had no access to BlackBerry devices. But after the Canadian company was bought by another company that same year, the way data is compressed in BlackBerry changed.
In March 2010, Britain's GCHQ announced in a top-secret document that it had once again gained access to data on BlackBerry devices, accompanied by the celebratory word "champagne".
The 2009 document specifically states that the agency can see and read the movement of SMS messages. A week ago, it was revealed how the NSA spends $250 million a year to support a program against widespread encryption technologies and how it made a major breakthrough in 2010 by collecting vast amounts of newly exploitable data through cable wiretapping.
These messages come from top-secret files from both the NSA and the government's communications headquarters, GCHQ (the British version of the NSA), which were leaked by Edward Snowden. Not only do the NSA and GCHQ covertly influence international encryption standards, they also use super-powered computers to break ciphers through brute force. These spy agencies also work with tech giants and internet providers through which encrypted traffic flows that the NSA can exploit and decrypt. Particulary speaking about Hotmail, Google, Yahoo a Facebook.
By doing so, the NSA violated the assurances that Internet companies give their users when they assure them that their communications, online banking, or medical records cannot be deciphered by criminals or the government. The Guardian declares: "Look at this, the NSA has secretly modified commercial encryption software and equipment to use it and is able to obtain the cryptographic details of commercial cryptographic information security systems through industrial relations."
GCHQ paper evidence from 2010 confirms that vast amounts of previously useless internet data are now exploitable.
This program costs ten times more than the PRISM initiative and actively engages the US and foreign IT industries to covertly influence and publicly use their commercial products and design them to read classified documents. Another top-secret NSA document boasts of gaining access to information flowing through the center of a major communications provider and through the Internet's leading voice and text communications system.
Most frighteningly, the NSA exploits basic and seldom-refreshed hardware such as routers, switches, and even encrypted chips and processors in user devices. Yes an agency can get into your computer if it is necessary for them to do so, although in the end it will be much more risky and costly for them to do so, as another article from The Guardian.
[do action=”citation”]The NSA has tremendous capabilities and if it wants to be on your computer, it will be there.[/do]
On Friday, Microsoft and Yahoo expressed concern about the NSA's encryption methods. Microsoft said it had serious concerns based on the news, and Yahoo said there was a lot of potential for abuse. The NSA defends its decryption effort as the price of preserving America's unfettered use and access to cyberspace. In response to the publication of these stories, the NSA released a statement through the Director of National Intelligence on Friday:
It may hardly be surprising that our intelligence services are looking for ways for our adversaries to exploit encryption. Throughout history, all nations have used encryption to protect their secrets, and even today, terrorists, cyberthieves, and human traffickers use encryption to hide their activities.
Big brother wins.
The feeling when the NSA has access to the Touch ID database with millions of fingerprints :)
he can now have it via biometric passports ;-)
no Touch ID database will be…
oh the naivety of people...
I assume that within half a year there will be an updated version of iOS that will make it possible to shut down the scanner completely, and in a year there will be articles about security patches against the leakage of fingerprints to the Internet
To me personally, TouchID seems more like a question of laziness than security.
1. the print is just physically on the phone (I think it's left on the button) and I think it'll be fine
2. I'll be a glutton in the pub (thank God, not my case) and my friends will make an ass of me - buying apps in the store will be much better than with a password
3. Thieves - tap me over the head, take my phone and unlock it with my finger
of course, I'm exaggerating, but when it comes to a fingerprint, not to mention a surface like this (compared to sensors on laptops), you can't talk too much about security.
But it doesn't matter, I'm not going to buy that phone for that kind of money anyway.
Rika is an American company, which is enshrined in the constitution that when it comes to terrorism, the government must get everything it wants without any nonsense regardless of any other rights :-).
I recommend the film "The Skin I Wear". In the film, the man got carried away "a little" and despite what he did, he gave his trust to the inmate. You'll see how it turned out and I don't even think how it could have turned out....
That feeling when someone can't understand that their fingerprint is not stored anywhere and therefore the Touch ID database will have exactly zero row.
That feeling when many people still don't understand the principle of hashing.
The feeling that one still reads comments like the one above.
There is so much tech feeling :)
That feeling when someone can't understand sarcasm :)
That feeling when someone didn't understand sarcasm :) I'm wrong. But unfortunately, I have read this opinion several times before, which is why I reacted immediately :/
On the other hand, despite all the hash fce, there is still a certain paranoia :)
So if today it is necessary to be able to control/control a mobile phone through iTunes, then who is to prevent an attack on some chip, which is definitely patented and so its features and functions are described in a patent somewhere in America, where all you have to do is say it and the NSA will get what it wants ;-).
In my opinion, it's not that unrealistic, and I bet that if you're an interesting person, your 256-bit will work for you. Run a supercomputer that decrypts the password by brute force quite quickly, mainly because they are precisely designed for such techniques (it won't work on 1 ordinary local machine).
But just like how some virus/fraud can work, or perhaps government policy.... stupidity can also work.
Let me tell you, Android sucks for every average person today (even due to the fault of the whole stupidly invented system, lack of transparency, even due to user error).
All that remains is to wait for at least an answer to your question 1.
He divided them minimally, if a person sees that it is possible to follow him and then load accordingly, when he has no steam at all.
Apart from the note that they will crack my 256-bit cipher, I quite agree (2^250 is a bit too much even for all the computers in the world combined:) )
A new era of manipulation of society begins. Similar mechanisms will be used by all advanced governments and they will use the information obtained to persuade people. It can be about setting pensions, food prices, school fees, etc. Politicians will have an accurate overview of the finances of individual groups and they will simply extract the money from them. It's naive to think that when I'm off the internet, the situation doesn't concern me.
About the author - I don't understand a couple of things.
1. The headline says that the NSA can pull my data from my phone. But then you only mention attacking backups via iTunes - which, logically, I don't do. In addition, you can make encrypted backups via iTunes - are they encrypted or unencrypted backups? Plus, all the mentioned attacks are supposed to come through the computer - and if I don't connect my iPhone to the Mac at all - does this also apply to me? I would be interested in more detail - Snowden has fueled the discussion on security (which is good), but I don't like the current hysteria - because it is not based on what is really at risk and what is not. It just says "they have access to everything" (which I think is stupid) and that's the end of it. However, with my 256-bit encryption, either they have to torture me to reveal the password to them - or they can try to break it by brute force (where even with the best algorithm, about 2^250 trials are needed, which is completely impossible today and will be for hundreds of years). So I'm just wondering how much of this is a hoax and how much current encryption algorithms are really at risk. According to everything I've read, the NSA uses social engineering and weak points in the system to get some small piece of data anyway. That is if a person encrypts (all iMessages, for example), then there is really nothing to worry about.
2. The defense of the NSA, on the other hand, is logical (which does not mean that I agree with their actions). When you have to choose - who do you want to break the security of your system first? A government security agency or a Sino-Russian hacking group that will wipe out all of our bank accounts? If I look at it from a perspective - I don't really blame the NSA for trying to find our own borders - as much as people don't care about security at all and until you scare them, they won't. If, for example, someone has the password "password1234" somewhere, but swears at the NSA, then there is no help for him.
I'll be happy for anyone who has a point 1. vi vic. I'm really interested, it would be a shame if useful information disappeared in the mass of hysteria.
From the article, I still don't get over the horror of the fact that government agencies will store and carefully read what, where, what type of person wrote on fb, or who buys porn where.... This hysteria seems completely unnecessary to me, governments have always had ways to monitor the activity of their goals through communication technology. I still love it more than a train blowing up in Madrid.