• Mixed-Signal Hardware Security Thwarts Powerful Electromagnetic Attacks

    Security of embedded devices is essential in today’s internet-connected world. Security is typically guaranteed mathematically using a small secret key to encrypt the private messages. When these computationally secure encryption algorithms are implemented on a physical hardware, they leak critical side-channel information in the form of power consumption or electromagnetic radiation. Now, researchers have developed technology to kill the problem at the source itself – tackling physical-layer vulnerabilities with physical-layer solutions.

  • 5G Choices: A Pivotal Moment in World Affairs

    It is disappointing that the Brits are doing the wrong thing on 5G, having not exhausted other possibilities. Instead they have doubled down on a flawed and outdated cybersecurity model to convince themselves that they can manage the risk that Chinese intelligence services could use Huawei’s access to U.K. telco networks to insert bad code. But if your telcos have a 5G operation and maintenance contract with a company beholden to the intelligence agencies of a foreign state, and that state does not share your interests, you need to consider the risk that you are paying a fox to babysit your chickens.

  • Why the 2020 Election Will Be a Mess: It’s Just Too Easy for Putin

    FBI Director Christopher Wray testified to the House Judiciary Committee last week that Russia’s disinformation campaign to interfere in the 2020 election is underway. Alex Finley, John Sipher, and Asha Rangappa write that this isn’t surprising, given that Russian active measures are about the long game: “Ex-KGB officer and Russian President Vladimir Putin’s goal was never simply to place a Manchurian candidate in the Oval Office, but rather to permanently destabilize the West, damage U.S. credibility, and undermine those very things that make democratic countries special.” They add: “We can be confident that “the 2020 election cycle will provide the Kremlin opportunities to pursue further subversion, disinformation, and deception.”

  • How I Hacked the Government (It Was Easier than You May Think)

    Max Weiss, Harvard Class of 2020, never intended to hack the government. His discovery of how easy it is to do — outlined in a new paper he authored — came of the best of intentions. He used bots to show an agency its website vulnerability.

  • Building the Cybersecurity Workforce of the Future

    This year marked the third Cybercore Summer Camp for area high school students and teachers, and the first year that cybersecurity was included in the STEM Summer Camp for younger students at the College of Eastern Idaho (CEI). It was also Idaho’s first year as a statewide participant in the national Girls Go CyberStart competition. And 2019 saw two area high school students spend the summer as cybersecurity interns at the laboratory. INL offers a recap of all the ways “INL is building the cybersecurity workforce of the future.”

  • Researchers Identify Security Vulnerabilities in Voting App

    In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Mobile voting application could allow hackers to alter individual votes and may pose privacy issues for users.

  • Hackers Could Shut Down Satellites – or Turn Them into Weapons

    The race to put satellites in space is on, with Amazon, U.K.-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months. These new satellites have the potential to revolutionize many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the U.S. and internationally.

  • U.S. Charges Huawei with Conspiracy to Steal Trade Secrets, Racketeering

    Chinese telecommunication giant Huawei and a number of its subsidiaries were charged with conspiracy to steal trade secrets and racketeering in a federal indictment made public Thursday. The charges also accuse the company of flouting U.S. sanctions by operating subsidiaries in North Korea and Iran. The indictment represents the latest U.S. effort to clamp down on a Chinese telecom company that American officials say has plundered the intellectual property of its rivals in a bid for market dominance.

  • Senior Huawei Official Acknowledges Ability to Clandestinely Access Mobile Networks

    A senior Huawei official has conceded that the company can clandestinely access users’ mobile networks. “Huawei itself has provided evidence that it builds backdoors into its products,” Herb Lin writes. “In particular, the [Wall Street] Journal [on 12 February 2012] quoted a senior Huawei official as saying that network access without operator permission ‘is extremely implausible and would be discovered immediately.’ This statement is extremely significant in understanding what Huawei equipment can and cannot do.” Lin adds: “Huawei has not said that network access without operator permission is technically impossible—only that it is implausible and would be discovered immediately. These are very different claims.”

  • Hackers: A Psychological Profile

    Whether cracking digital security for good or ill, hackers tend to be people who are manipulative, deceitful, exploitative, cynical and insensitive, according to research. The study analyzed the psychological profiles of college students in computer science and management to see which personality traits led to three different kinds of computer hacking: white hat, gray hat and black hat.

  • Election Security after Iowa

    The Iowa caucus debacle offers an illustration of election security failure in action, and the failure was followed by public anger and the spreading of conspiracy theories. Simon Handler writes that “If the Iowa caucus delay is any indication of how the public may react to an electoral snafu, a great deal more mayhem could arise from a far more serious threat.” In 2015 Russian cyberattacks shutdown power stations in Ukraine, causing blackouts in parts of the country. “Disrupting power distribution at the right moment in the right portions of the U.S. grid, targeting a few select states or counties, could cause just enough disruption to bring on a level of chaos that would dwarf what happened in Iowa,” Handler writes.

  • U.S.: Chinese Government Hackers Behind Equifax Breach

    Chinse government hackers stole the personal information of nearly 150 million Americans in 2017, when they successfully hacked Equifax. China has been using its vast network of intelligence agencies to conduct a sustained campaign aiming to collect data on the citizens of the United States and other countries, and systematically steal scientific research and innovation, in order to weaken Western economies and accelerate China’s march toward global scientific and economic hegemony.

  • Senate Intel: Obama Admin “Frozen by ‘Paralysis of Analysis’” in Its Response to Russian Election Interference

    Senate Select Committee on Intelligence on Thursday released the third volume in the Committee’s bipartisan investigation into Russian election interference. The report examines the Obama administration’s reaction to initial reports of election interference and the steps officials took or did not take to deter Russia’s activities. The 2016 Russian interference in the elections on behalf of Donald Trump was unprecedented in the history of the United States, but “Frozen by ‘paralysis of analysis,’ hamstrung by constraints both real and perceived, Obama officials debated courses of action without truly taking one,” said Committee Chairman Richard Burr (R-North Carolina).

  • Thwarting Hacks by Thinking As the Humans Behind Them

    If we understood the humans behind hacking incidents – and their intent – could we stop them? Research reveals the importance of factoring in a hacker’s motive for predicting, identifying and preventing cyberattacks.

  • Russia Unleashes New Weapons in Its “Cyber Attack Testing Ground”: Report

    “Ukraine is, by and large, a Russian cyberattack testing ground,” Vitali Kremez told Forbes’s Zak Doffman. “One of the inherent cyber dangers with Russia, China, Iran and North Korea, but particularly with Russia, is the potential for state actors to sharpen their tools and techniques on neighboring countries,” Doffman writes. And Russia “doesn’t have Ukraine in its sights with this costly approach, it is looking much further west.”