Connect with us

Security

The director of the mobile operator Mitto was selling access to the company’s networks

Published

on

Mitto’s networks were accessed by private companies and government intelligence agencies that spied on users.

The co-founder of the company, which Google and Twitter trust to send security codes to millions of users, ran a secret business and helped governments secretly track users’ cell phones. Mitto acts as a third-party SMS service provider for some of the largest companies in the technology industry. The company offers advertising services, as well as secure system authorization and two-factor authentication for various platforms using text messages with a security code. Mitto has partnered with dozens of telecom companies and has contracts with Twitter, Google, WhatsApp, Telegram, TikTok, Instagram, LinkedIn, and Slack.

According to the results investigations from Bloomberg and the Bureau of Investigative Journalism, Gorelik sold access to the company’s networks to private businesses and intelligence agencies to spy on various users. Four former employees of Mitto and contractors of information security firms, who worked with Gorelik, confirmed the “side” business of the head. According to former Mitto employees, neither the company’s customers nor the mobile operators knew about the surveillance. Only a small number of the company’s employees were aware of the existence of the secret service. Gorelik sold access to networks to companies providing video surveillance services, which, in turn, entered into contracts with government agencies.

Access to global telephone networks was provided through vulnerabilities in the SS7 telecommunications protocol. Exploiting a vulnerability in SS7 could allow an attacker to track the physical location of certain phones, as well as redirect text messages and phone calls.

Former employees of at least one company (Cypriot cyber security firm TRG Research and Development) admitted gaining access to Mitto’s networks through Gorelik. Gorelik personally installed TRG’s video surveillance software on the Mitto network, allowing secret access to the network.

Gorelik first began selling access to Mitto networks in 2017, according to whistleblowers.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Bitcoin could be hacked by new quantum supercomputers

Published

on

Mark Webber of the University of Sussex, UK, and his colleagues studied how powerful a quantum computer would be needed to crack bitcoin in terms of the number of qubits, or quantum bits equivalent to conventional computational bits.

Every bitcoin transaction must be “confirmed” by a network of miners before it can be added to the blockchain. Each transaction is assigned a cryptographic key during this confirmation process, and cracking the key will allow you to become the owner of those bitcoins.

Transactions are declared and a key is associated with this transaction. There is a finite window of time during which this key is vulnerable, and it varies, but it is usually from 10 minutes to an hour, maybe a day.

Mark Webber

Bitcoin could be hacked by new quantum supercomputers

Webber’s team calculated that it would take a quantum computer with 1.9 billion qubits to break the bitcoin encryption in 10 minutes, and a machine with 317 million qubits to break in an hour. Even taking into account a whole day, this figure drops to only 13 million qubits.

This is encouraging news for bitcoin holders because IBM’s top quantum computer only has 127 qubits, so quantum computers need to become a million times more powerful to threaten the cryptocurrency. And this, according to Webber, is unlikely to happen within the next decade.

Continue Reading

Components

Fingerprint scanner for payment cards. Samsung introduced the industry’s first universal security chip for this purpose.

Published

on

Samsung has introduced what it calls an intelligent multi-functional fingerprint security chip for biometric payment cards. Simply put, this is a chip for implementing a fingerprint scanner on ordinary bank (and not only) cards.

Fingerprint scanner for payment cards.  Samsung introduced the industry's first universal security chip for this purpose.

The chip is called S3B512C. It is EMVCo and Common Criteria Evaluation Assurance Level (CC EAL) 6+ certified and operates in accordance with the latest Mastercard Biometric Evaluation Plan Summary (BEPS) specifications.

The S3B512C combines a fingerprint sensor, Secure Element (SE) and Secure Processor, adding an extra layer of authentication and security to payment cards. S3B512C is primarily intended for payment cards, but can also be used in cards requiring highly secure authentication such as student or employee identification, membership, or building access

Fingerprint scanner for payment cards.  Samsung introduced the industry's first universal security chip for this purpose.

Samsung claims it is the industry’s first all-in-one security chip that reads biometric information with a fingerprint sensor, stores and authenticates encrypted data with a tamper-resistant Secure Element, and parses and processes data with a secure processor. With three key features integrated into a single chip, the S3B512C can help card manufacturers reduce the number of chips needed and streamline their card development processes for biometric payment cards.

.

Continue Reading

Computers

Vulnerability in Dark Souls 3 allows attackers to take over any computer

Published

on

According to Dexerto and The Verge, a hacker discovered a security vulnerability in Windows that was opened using the game Dark Souls 3. It allows attackers to remotely take over and control a computer.

Famous streamers such as The_Grim_Sleeper have heard about the problem personally. In the case of The_Grim_Sleeper, the hacker fired up Microsoft PowerShell and ran a text-to-speech script, criticizing the streamer for his game.

Vulnerability in Dark Souls 3 allows attackers to take over any computer

At the same time, this hacker did not have malicious intent, he only showed a vulnerability and warned FromSoftware developers about the vulnerability that Dark Souls 3 has. FromSoftware studio and publisher Bandai Namco reacted to the discovered exploit. They have temporarily disabled PvP servers for Dark Souls 3 and its predecessors while the security team investigates the vulnerabilities.

It is not yet known when the servers will be back online, but FromSoftware and Bandai have made it clear that they will not restore service until they are reasonably confident that players are safe. Other hackers could use the vulnerability to steal sensitive information and do other harm.

Continue Reading

Most Popular