Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.
iMessage and FaceTime Audio, always. If you need to communicate with an Android user, Signal.
China’s recent breach of the innermost workings of the U.S. telecommunications system reached far deeper than the Biden administration has described, the chairman of the Senate Intelligence Committee said on Thursday, with hackers able to listen in on telephone conversations and read text messages.
“The barn door is still wide open, or mostly open,” the Democratic chairman, Senator Mark Warner of Virginia, a former telecommunications executive, said in an interview on Thursday.
U.S. officials said that since the hack was exposed, the Chinese intruders had seemingly disappeared, suspending their intrusion so their full activity could not be discovered. But Mr. Warner said it would be wrong to conclude that the Chinese had been ousted from the nation’s telecommunications system, or that investigators even understood how deeply they were embedded.
The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.
The tool, called Locate X and made by a company called Babel Street, then narrows down to the movements of a specific device which had visited the clinic. This phone started at a residence in Alabama in mid-June. It then went by a Lowe’s Home Improvement store, traveled along a highway, went past a gas station, visited a church, crossed over into Florida, and then stopped at the abortion clinic for approximately two hours. They had only been to the clinic once, according to the data.
The device then headed back, and crossed back over into Alabama. The tool also showed their potential home, based on the high frequency at which the device stopped there. The tool clearly shows this home address on its map interface.
In other words, someone had traveled from Alabama, where abortion is illegal after the June 2022 overturning of Roe v. Wade, to an abortion clinic in Florida, where abortion is limited but still available early in a pregnancy. Based on the data alone, it is unclear who exactly this person is or what they were doing, whether they were receiving an abortion themselves, assisting someone seeking one, or going to the clinic for another reason. But it would be trivial for U.S. authorities, some of which already have access to this tool, to go one step further and unmask this or other abortion clinic visitors.
No matter what, teaching people they can add their IDs to their phones means some people will inevitably leave the house without physical ID, and that means creating the opportunity for cops to demand phones — which you should never, ever do.
Don't.
Ever.
This is among one of those many, many privacy stances most people do not understand. "I don't have anything to hide," they say. "Let the cops have my phone — I don't care." Or alternatively, "I don't care if Google tracks me — I don't have anything to hide."
Let's be honest — most people don't understand how a computer works, let alone how databases compiled by thousands of computers put together tracking profiles that know everything about them. They don't know how invasive it all is, how they're handing over their entire lives when they hand over their phones (or consent to tracking).
Police officers are scanning for Teslas that may have ambiently recorded nearby crimes on their external cameras — and even going as far as to attempt to tow the vehicles away to inspect the footage.
President of the Richmond Police Officers Association Ben Therriault told the Chronicle that officers usually attempt to ask for the owner's consent first, but sometimes resort to towing the vehicles anyway.
…the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search “the entirety” of its reserve of location data “while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result.” Therefore, “the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient.”
Hackers broke into a cloud platform used by AT&T and downloaded call and text records of “nearly all” of AT&T’s cellular customers across a several month period, AT&T announced early on Friday.
The worst telcom hack in history. (That we know of.)
Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.
At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.
The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.
Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis.
Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.
Especially troubling is that some drivers with vehicles made by G.M. say they were tracked even when they did not turn on the feature — called OnStar Smart Driver — and that their insurance rates went up as a result.
A mother in Alabama said parents couldn’t ignore the reality of this new economy.
“Social media is the way of our future, and I feel like they’ll be behind if they don’t know what’s going on,” the mother said. “You can’t do anything without it now.”
One 12-year-old girl in Maryland, who spoke with The Times alongside her mother, described the thrill of seeing other girls she knows wear a brand she represents in Instagram posts.
“People are actually being influenced by me,” she said.
One of the biggest looming threats to many forms of encryption is quantum computing. The strength of the algorithms used in virtually all messaging apps relies on mathematical problems that are easy to solve in one direction and extremely hard to solve in the other. Unlike a traditional computer, a quantum computer with sufficient resources can solve these problems in considerably less time.
No one knows how soon that day will come. One common estimate is that a quantum computer with 20 million qubits (a basic unit of measurement) will be able to crack a single 2,048-bit RSA key in about eight hours. The biggest known quantum computer to date has 433 qubits.
Whenever that future arrives, cryptography engineers know it’s inevitable. They also know that it’s likely some adversaries will collect and stockpile as much encrypted data now and decrypt it once quantum advances allow for it. The moves by both Apple and Signal aim to defend against that eventuality using Kyber, one of several PQC algorithms currently endorsed by the National Institute of Standards and Technology.
Apple is a corporation and I am proud of their stance on user privacy.
The National Security Agency (NSA) has admitted to buying records from data brokers detailing which websites and apps Americans use, US Senator Ron Wyden (D-Ore.) revealed Thursday.
Getting your DNA or your loved ones’ DNA sequenced means you are potentially putting people who are related to those people at risk in ways that are easily predictable, but also in ways we cannot yet predict because these databases are still relatively new. I am writing this article right now because of the hack, but my stance on this issue has been the same for years, for reasons outside of the hack.
The location tracking stuff? Sadly unavoidable (if we want to use cell phones). Cell phones cannot work without location triangulation between the nearest cell towers. If you have a cell phone, smart or dumb, your location is being tracked.
And with the legislative mandate that all cellular-capable devices be capable of making emergency calls even if they don’t have a cell account attached to them, every phone, every cellular watch, every cellular-enabled vehicle is trackable.
Privacy is dead. Computers made that all-but-inevitable. But this is not normal.
If we become accustomed to this (which we have), we will have lost something essential to the resistance of tyranny. Let’s hope our government is never run by an autocratic politician with fascist aims.
…a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.
You’d be a fool to use anything other than FaceTime Audio, Signal, or another encrypted communication service.
Christ, Apple. Have some faith that people use your phones because they’re the best on the market, not because they’re locked into iMessage. 🤦🏼♂️
I’m all for security — end-to-end encryption is table stakes at this point, and I won’t use anything without it to meaningfully communicate — but inhibiting innovation solely to protect a monopoly of a marketplace (in this case, the App Store)? C’mon.
Apple, you have the technical expertise to protect people’s data even if they sideload. It won’t be easy, I know, but come on.
Give people a choice.
On the other hand, my work is tech-adjacent and my passions are obviously tech-y. I work with a lot of people — smart, professional people — that don’t know shit about the phones in their pocket, not least of all how to safeguard them.
If smart people can’t be bothered to protect themselves, no doubt sideloading will invite bad actors (i.e. advertisers) to get people to download software that tracks the hell out of them. More than it already does.
So maybe Apple has a point.
But the least they could do is lower their 30% App Store commission. It’s difficult to take anyone arguing the moral high ground seriously when they’re making such an extreme profit from their position.
When you deploy Contact Key Verification with someone you already know, you upgrade an existing conversation from “I think I know this person” to “I know this person, and we now have an out-of-band encryption verification step to keep our conversations secure and tamper resistant.”
All you have to do is pull up an existing conversation and then use some trusted method to read the provided code, as you can see below. If the code matches, you each tap Mark As Verified.
Small-but-important changes in the world of digital journalism, and not a moment too soon.
Who is peeking over your shoulder while you work, watch videos, learn, explore, and shop on the internet? Enter the address of any website, and Blacklight will scan it and reveal the specific user-tracking technologies on the site—and who’s getting your data. You may be surprised at what you learn.