Security Archives - Page 46 of 182

EU Defers Huawei Security Issue to Member States

The EU won't ban or limit Huawei from participating in 5G build outs. Instead, lingering national...

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

There’s no evidence the Saudis hacked Jeff Bezos’s iPhone

There's no evidence the Saudis hacked Jeff Bezos's iPhone.

This is the conclusion of the all the independent experts who have reviewed the public report behind the U.N.'s accusations. That report failed to find evidence proving the theory, but instead simply found unknown things it couldn't explain, which it pretended was evidence.

This is a common flaw in such forensics reports. When there's evidence, it's usually found and reported. When there's no evidence, investigators keep looking. Todays devices are complex, so if you keep looking, you always find anomalies you can't explain. There's only two results from such investigations: proof of bad things or anomalies that suggest bad things. There's never any proof that no bad things exist (at least, not in my experience).

Bizarre and inexplicable behavior doesn't mean a hacker attack. Engineers trying to debug problems, and support technicians helping customers, find such behavior all the time. Pretty much every user of technology experiences this. Paranoid users often think there's a conspiracy against them when electronics behave strangely, but "behaving strangely" is perfectly normal.

When you start with the theory that hackers are involved, then you have an explanation for the all that's unexplainable. It's all Continue reading

How to decrypt WhatsApp end-to-end media files

At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we'll either have a smoking gun proving the Saudi's guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.

The steps are simple:

backup the phone to your computer (macOS or Windows), using one of many freely available tools, such as Apple's own iTunes app
extract the database containing WhatsApp messages from that backup, using one of many freely available tools, or just hunt for the specific file yourself
grab the .enc file and decryption key from that database, using one of many freely available SQL tools
decrypt the video, using a tool I just created on GitHub

End-to-end encrypted downloader

The FTI report says that within hours of receiving a suspicious video that Bezos's iPhone began behaving strangely. The report says:

...analysis revealed that the suspect video had been delivered via an encrypted downloader host on WhatsApp’s media server. Due to WhatsApp’s end-to-end encryption, the contents Continue reading

Cloud, Software Revenues Prop Up Juniper’s Q4 Earnings

Cloud revenues continued to be a sweet spot for the networking vendor. The vertical saw strong...