Touting its commitment to user privacy in the wake of the NSA surveillance scandal earlier this year, Apple said that the end-to-end encryption protecting its iMessage instant-messenger service is so secure that even the company itself cannot decrypt it. But, on Thursday, security outfit QuarksLab disputed that claim, arguing that Apple could intercept iMessage communications if it wanted to.
A system used to track shipping vessels worldwide has been shown to be easily hijacked. Researchers found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment.
Researchers at the Hack in the Box conference in Kuala Lumpur Thursday showed that Apple on its own or per orders by the U.S. government could harvest messages sent over its proprietary service, which lets people using Apple mobile devices send text messages for free.
Apple has said that its end-to-end encryption prevents the company or anyone else from descrambling the messages. That claim is "just basically lies," Cyril Cattiaux, a developer of iOS jailbreak software and a researcher at Quarkslab, said, as reported by IDG News Service.
Facebook was already implementing stronger security controls when the U.S. National Security Agency's expansive surveillance program was revealed in June, its chief security officer said Thursday.
The social networking site has continued upgrading its security infrastructure, said Joe Sullivan[cq], who spoke to IDG News Service by phone from the Hack in the Box security conference in Kuala Lumpur.
A close look at Apple's iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.
Apple asserted in June, following disclosures about the NSA's data collection programs, that iMessage, which lets users send texts over Wi-Fi for free, is protected by end-to-end encryption that makes it impossible for Apple or anyone else to descramble the messages.
When a high-profile public figure living in Hong Kong hired the security company Trustwave to test if its experts could get his passwords, they turned to Facebook.
While the dangers of sharing too much data on Facebook are well-known, it is surprising how little data can give hackers a foothold. The man gave Trustwave's team no-holds barred permission to try and snatch his data, a so-called "Red Team" test.
Smartphones carry a lot of sensitive data that in theory should be accessible only to their owners. In practice, a lot of it can be exfiltrated from the devices and from the backups either stored on the device or in the cloud by employing different forensic methods.
In the maritime business, Automated Identification Systems (AIS) are a big deal. They supplement information received by the marine radar system, are used for a wide variety of things - including ship-to-ship communication - and are relied upon each and every day. Unfortunately, the AIS can also be easily hacked in order to do some real damage, claims a group of researchers presenting at the Hack In The Box Conference currently taking place in Kuala Lumpur.
This morning in Malaysia notorious security conference Hack In The Box readies to open its doors and offer a juicy talk schedule to attending hackers, security researchers, corporate spies, law enforcement, and more.
They're letting a few journalists in, too. ZDNet is here Kuala Lumpur to bring you highlights as they happen. Hack In The Box is at the Intercontinental Hotel Kuala Lumpur, starting today October 16th from 9am to 6pm and tomorrow, October 17th also from 9-6.
Next week in Malaysia security conference Hack in The Box Kuala Lumpur is set to make headlines in its 11th year with talks on hacking airline systems, getting iCloud data access, and the Microsoft bounty winner.
Hack in The Box has a reputation for featuring explosive talks from security researchers whose findings often sound like the basis for dramatic movie plots.
