In brief Plans by the German government to allow the police to deploy malware on any target's devices, and force the tech world to help them, has run into some opposition, funnily enough.
In an open letter this month, the Chaos Computer Club – along with Google, Facebook, and others – said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Under planned legislation, even people not suspected of committing a crime can be infected, and service providers will be forced to help. Plus all German spy agencies will be allowed to infiltrate people's electronics and communications.
The proposals bypass the whole issue of backdooring or weakening encryption that American politicians seem fixated on. Once you have root access on a person's computer or handheld, the the device can be an open book, encryption or not.
"The proposals are so absurd that all of the experts invited to the committee hearing in the Bundestag sharply criticized the ideas," the CCC said.
"Even Facebook and Google – so far not positively recognized as pioneers of privacy – speak out vehemently against the project. Protect security and trust online – against an unlimited expansion of surveillance and for the protection of encryption."
Why is anyone still using TikTok?
TikTok has quietly updated its terms and conditions to allow itself to collect biometric data on users, including “faceprints and voiceprints,” from users in the United States, as well as "identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your user content."
We're assured that the data collection will be legal under US law. Given the plethora of state laws on the topic – especially in Illinois and California – this seems optimistic at best. The changes, spotted by TechCrunch, aren't likely to ease the fractious relationship between the Chinese video app's maker and the US government.
Feds: Ransomware is the new terrorism
FBI boss Chris Wray has compared the ongoing ransomware epidemic to the September 11, 2001 attacks.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray told the Wall Street Journal. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
The interview comes after America's largest meat packer, JBS foods, was shutdown by extortionware, leading to concerns over meat supply, and weeks after a major US oil pipeline was forced to suspend operations in a similar attack.
On Wednesday, the Biden administration issued a communique to business leaders all but begging them to take ransomware seriously. It offered the usual advice: patch; compartmentalize networks; keep regular, good offline backups; and have a recovery plan, and test it regularly.
Smartphone born in the USA
If you want a smartphone built outside China and the walled gardens of Google and Apple, Purism's Librem 5 USA may be for you. Running the biz's Linux-based, user-managed PureOS, the Librem 5 USA is assembled in the country, and like the Librem 5, all the source code and schematics are open for people to scrutinize and verify. Plus there are the usual physical hardware switches to turn off the Wi-Fi, Bluetooth, and cellular connectivity, and the microphone and camera.
The Librem 5 USA's modem comes from Germany – though it can be user replaced – and its Wi-Fi chipset comes from India. The chassis comes from China. All other parts are sourced from the US, and the device is assembled in America. It seems the NXP Arm-compatible system-on-chip and other semiconductors within it are from the USA, too.
"Making the Librem 5 USA is the latest revolutionary advancement Purism has delivered on, proving it not only possible to make a phone that is secure, avoids Big Tech, never spies, never tracks, is not monopolistic, has all the source code released, and allows the customer to actually own it, but also is manufactured in the United States of America," Purism proclaimed.
The equipment is aimed at folks who want hardware that is not only open at the software and hardware schematic level but also built from a US supply chain. What's actually inside the chips might be another story; it depends how paranoid you want to be.
Microsoft gobbles ReFirm Labs
It seems internet-of-things security is back on Microsoft's menu, as it should be, with the Windows giant swallowing ReFirm Labs.
The startup is behind the useful open-source firmware-extracting Binwalk tool, which also has an enterprise edition. Along with CyberX that was acquired last year, Microsoft is using ReFirm's tech for Azure Defender for IoT.
"Together, we will continue to provide innovation and value to our customers by helping them discover, monitor, and update all of their network-connected devices," Team Redmond said. "The technology and expertise that ReFirm brings will be an incredible addition to Microsoft and help us continue to deliver on our commitment to protecting from the chip to the cloud." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks