ICYMI: Gov spies grab crypto keys, Masque attacks & interviewing Eugene
ICYMI: Gov spies grab crypto keys, Masque attacks & interviewing Eugene

Secret NSA/GCHQ unit 'hacked Gemalto, stole SIM encryption keys'

A secret division of NSA and GCHQ hackers reportedly hacked into Gemalto's networks, breached the firm's SIM card database and stole private encryption keys from 2010 to 2011, enabling the agencies to monitor a "large portion of the world's cellular communications."

That was according to the latest revelations from NSA whistle-blower Edward Snowden, which were published in a 10-page report on The Intercept late yesterday.

Citing one secret GCHQ document from 2010, the newswire detailed how a joint unit of NSA and GCHQ operatives, going by the name of the Mobile Handset Exploitation Team (MHET), was specifically tasked with exploiting vulnerabilities in mobile phones, with Gemalto a primary target for accessing voice and data details.

The Netherlands-based Gemalto is the world's biggest SIM manufacturer, producing some two billion cards annually, and has clients including AT&T, T-Mobile, Verizon and Sprint as well as 450 wireless network providers around the globe. The firm's motto, ironically, is ‘Security to be free”.

FireEye roasts Apple crumble over revived iOS Masque attack

Researchers at network threat prevention company FireEye uncovered a revived iOS Masque attack, a vulnerability that originally surfaced in November 2014.

Masque Attack is a term coined by FireEye to describe malware that encourages users to install Apple iOS software on iPads or iPhones using the same software ‘bundle identifier' as an existing legitimate application.

FireEye surmises that Apple's iOS ecosystem has what it calls out as a ‘fundamental flaw' in the way it handles the URL schemes that call specific apps to launch when a user clicks on them - and this is the root of the problem.

Dubbed Masque Attack II, part of the current set of flaws has already been fixed in the recent iOS 8.1.3 security content update from Apple. FireEye claims that iOS 8.1.3 fixed the first issue, whereas the iOS URL scheme hijacking is still present at the time of writing.

Telegram encryption undermined, 'no better than SSL'

Mobile app Telegram's end-to-end encryption security credentials have been questioned after researcher accessed plain-text messages.

Telegram is a mobile and desktop app which promises ‘secret chats' that are protected by end-to-end encryption. The Russia-based start-up has more than 50 million users and has been suggested as a secure messaging platform to replace the likes of Snapchat and Whatsapp, even amongst journalists.

However, its security is now under the spotlight after one security researcher claimed to have compromised and accessed these secrets chats, as well as the user database, in a proof-of-concept demonstration.

In a blog post published on Monday, Zimperium CEO Zuk Avraham detailed how he was able to run a kernel exploit to gain root access on his Android device (running OS version 4.2.2), at which point he was able to see how Telegram handled messages in memory. Creating his own secret messages in the Android app, Avraham ran a kernel exploit, dumped the process memory of Telegram, and found strings containing words he had input in his messages. These secrets chats were displayed in plain-text.

ICYMI: UK data breaches, Carbanak and Royal Navy threats

Last week's ICYMI looked at everything from a surprising report on UK data breaches and banking malware to the Carbanak and Equation cyber-crime groups.

Eugene Kaspersky interview: 'Critical infrastructure is under threat'

It's been a busy few weeks for Kaspersky Lab, the anti-virus vendor behind the discovery of Equation and Carbanak groups. SC interviewed CEO Eugene Kaspersky on the disclosures, the company's direction, anti-virus and cyber-insurance.