 A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet traffic, according to a new research paper. The paper has sent shockwaves through the encryption community because of what it implies: The researchers believe that the mathematical probability of the weakness being introduced on accident is extremely low. Thus, they speculate that a weakness was intentionally put into the algorithm. After the paper was published, the group that designed the algorithm confirmed this was the case. Researchers from several universities in Europe found that the encryption algorithm GEA-1, which was used in cellphones when the industry adopted GPRS standards in 2G networks, was intentionally designed to include a weakness that at least one cryptography expert sees as a backdoor. The researchers said they obtained two encryption algorithms, GEA-1 and GEA-2, which are proprietary and thus not public, "from a source." They then analyzed them and realized they were vulnerable to attacks that allowed for decryption of all traffic. When trying to reverse-engineer the algorithm, the researchers wrote that (to simplify), they tried to design a similar encryption algorithm using a random number generator often used in cryptography and never came close to creating an encryption scheme as weak as the one actually used: "In a million tries we never even got close to such a weak instance," they wrote. "This implies that the weakness in GEA-1 is unlikely to occur by chance, indicating that the security level of 40 bits is due to export regulations."Researchers dubbed the attack "divide-and-conquer," and said it was "rather straightforward." In short, the attack allows someone who can intercept cellphone data traffic to recover the key used to encrypt the data and then decrypt all traffic. The weakness in GEA-1, the oldest algorithm developed in 1998, is that it provides only 40-bit security. That's what allows an attacker to get the key and decrypt all traffic, according to the researchers.A spokesperson for the organization that designed the GEA-1 algorithm, the European Telecommunications Standards Institute (ETSI), admitted that the algorithm contained a weakness, but said it was introduced because the export regulations at the time did not allow for stronger encryption."We followed regulations: we followed export control regulations that limited the strength of GEA-1," a spokesperson for ETSI told Motherboard in an email.Håvard Raddum, one of the researchers who worked on the paper, summed up the implications of this decision in an email to Motherboard. Raddum and his colleagues found that GEA-1's successor, GEA-2 did not contain the same weakness. In fact, the ETSI spokesperson said that when they introduced GEA-2 the export controls had been eased. Still, the researchers were able to decrypt traffic protected by GEA-2 as well with a more technical attack, and concluded that GEA-2 "does not offer a high enough security level for today's standards," as they wrote in their paper. Lukasz Olejnik, an independent cybersecurity researcher and consultant who holds a computer science PhD from INRIA, told Motherboard that "this technical analysis is sound, and the conclusions as to the intentional weakening of the algorithm rather serious." The good news is that GEA-1 and GEA-2 are not widely used anymore after cellphone providers adopted new standards for 3G and 4G networks. The bad news is that even though ETSI prohibited network operators from using GEA-1 in 2013, the researchers say that both GEA-1 and GEA-2 persist to this day because GPRS is still used as a fallback in certain countries and networks. "In most countries, [the risk is] not very high, and significantly lower risk than at the start of the 2000’s since GEA-3 and GEA-4 are used today," Raddum said. "But handsets still support GEA-1. Scenarios where a mobile phone today can be tricked into using GEA-1 exist." You can always get better informed when yu visit OUR FORUM.
 Facebook will soon begin testing ads inside its Oculus Quest virtual reality system. In the coming weeks, ads will start appearing inside the Resolution Games title Blaston as well as two other unnamed apps. Facebook will later expand the system based on user feedback, saying it aims to create a “self-sustaining platform” for VR development. Facebook introduced ads on the Oculus mobile app last month, and it’s used limited Oculus data to target Facebook advertising since 2019, but this is its first major foray into putting ads inside the Oculus VR platform itself. “Once we see how this test goes and incorporate feedback from developers and the community, we’ll provide more details on when ads may become more broadly available across the Oculus platform and in the Oculus mobile app,” the company said in a blog post. As on Facebook’s non-VR apps, you can block specific posts or companies from appearing in ad slots. And Facebook says it’s not changing how it collects or analyzes user information. It says that some of the most sensitive data — like raw images from Oculus headset cameras and weight or height information from Oculus Move fitness tracking — remains solely on users’ devices. Also, Facebook says it has “no plans” to target ads based on movement data or recordings from its voice assistant. A Facebook spokesperson says the system will use information from your Facebook profile, as well as “whether you’ve viewed content, installed, activated, or subscribed to an Oculus app, added an app to your cart or wishlist, if you’ve initiated checkout or purchased an app on the Oculus platform, and lastly, whether you’ve viewed, hovered, saved, or clicked on an ad within a third-party app.” As shown above, users can click an ad and either open it or save the link for later. The former option will launch a landing page in the Oculus Quest’s web browser, and the latter will save the ad in the Quest in-VR experience and Oculus mobile app’s Explore sections. Developers will get a share of the revenue from ads in their apps, but Facebook isn’t publicly revealing the percentage. Facebook is leaving its future roadmap open-ended. The spokesperson says Facebook hasn’t determined, for instance, whether ads could eventually appear inside your Oculus Home experience. Facebook also isn’t yet identifying the other apps using advertisements, although it will list additional names in the coming weeks. The first ads look like standard boxes inside game interfaces, but Facebook’s blog post says it’s exploring other options as well. “We’re currently investing in unobtrusive ads as a new way for developers to build businesses — and though we’re not quite ready to test them yet, we’re also exploring new ad formats that are unique to VR,” it says. VR has arguably been an advertising medium for years, with countless film and TV promotional tie-ins as well as novelty experiences from companies like McDonald’s and Ikea. But ad-supported VR apps are using a different model that more closely resembles that of the mobile and web ecosystem. Letting developers integrate advertising could create a greater incentive to work within Facebook’s official ecosystem rather than distributing through sideloading options like SideQuest. Facebook says ads are part of an attempt to figure out profitable business options in the growing but often difficult field of VR app development. “This is a key part of ensuring we’re creating a self-sustaining platform that can support a variety of business models that unlock new types of content and audiences. It also helps us continue to make innovative AR/VR hardware more accessible to more people,” says the blog post. Facebook currently dominates consumer VR with its Oculus Quest 2 headset — which, at $299, is one of the cheapest options on the market. It’s also acquired the studios behind several major VR games, including rhythm game Beat Saber and the battle royale title Population: One. While it may face renewed competition from a second-generation Sony PlayStation VR headset next year, at least one VR company has retreated from consumer hardware in part because of Facebook’s influence: Vive creator HTC, which has called Facebook’s low-cost consumer headsets “artificially subsidized” by the company’s advertising-focused business model. Vists OUR FORUM for more.  Microsoft will soon reveal their next generation of Windows at an upcoming press event later this month. Here is what we know so far about Microsoft's new version of Windows. The upcoming press event is scheduled for June 24th and coincides with a public webcast of the live Windows reveal at 11 AM EST. Way back in 2015, Microsoft's developer evangelist Jerry Nixon stated that Windows 10 is the last version of Windows: "Right now we're releasing Windows 10, and because Windows 10 is the last version of Windows, we're all still working on Windows 10." - Jerry Nixon. However, as pointed out by Microsoft watcher Mary Jo Foley and highlighted by Rich Woods on Twitter, Microsoft has never publicly said in plain words that Windows 10 is the last version of the Windows operating system. Only one developer evangelist only gave the statement. However, the Microsoft PR team never denied it. In fact, Microsoft is slowly dropping hints that suggest Windows 11 is around the corner. For example, the company recently uploaded 11 minutes long relaxing music video on YouTube, which shows off sunlight passing through the Windows logo to form the number '11' on the surface. At the moment, we don't know what the company has in store for us and whether the update is going to be called "Windows 11", but it's safe to assume that it will be based on the long-rumored Windows Sun Valley design, which was recently confirmed in a Microsoft documentation. It's also possible that Microsoft will drop the numbers and start using geographic location names like Sun Valley for Windows updates. Windows 11 update will improve the legacy apps and features of the operating system. On the surface, we're expecting Windows to appear more modern with consistent design language, at least for first-party apps. For example, Microsoft will update file Explorer with dark mode support for the popup menus (properties tab, etc.). However, it appears that the company will not replace File Explorer with a modern version. Instead, the plan is to service the existing Explorer and update it with new icons, rounded corners, and dark mode. Microsoft is using WinUI, modern controls, styles to improve the overall experience. WinUI is not a replacement for Fluent Design, and it is supposed to enhance the overall experience by enabling support for the same UI elements everywhere (legacy and modern). Windows Sun Valley update is built on top of the Fluent Design, which means Fluent Design is not going away. Windows Sun Valley will update File Explorer with new icons, rounded corners, and dark mode improvements. As you can see in the below GIF, Microsoft is spacing out the items, columns, and rows in File Explorer. These changes will help users with touchscreen, and they can easily interact with files without switching to tablet mode. Microsoft is adding a new option to the Settings app that will allow you to turn off the content-adaptive brightness control (CABC) feature. For those unaware, the CABC feature is used by OEMs like Dell and Lenovo to improve battery performance on PCs, but it comes at the cost of image quality. In depth reading can be found on OUR FORUM.
|
Latest Articles
|