Is tech paranoia justified? (1 Jul, 2020)

Have your say on today's Aardvark Daily column

Is tech paranoia justified? (1 Jul, 2020)

Postby aardvark_admin » Wed Jul 01, 2020 7:18 am

This column is archived at: https://aardvark.co.nz/daily/2020/0701.shtml

Just who can you trust in today's hi-tech world?

Well it seems that "nobody" is the correct answer.

It's almost certain that China would be exploiting any opportunity it could to gather intelligence on other nations by way of "bugging" the infrastructure components it sells them -- but does anyone really think that the same isn't true for gear purchased from the USA, Europe or any other country?

Hell, we can't even trust our own governments not to spy on us (in violation of the laws that are supposed to protect us from such things) so why would we not expect other countries to do the same?

And don't even get me started on all the eaves-dropping Android apps that are out there.

Always assume that everything you do and say is being recorded or monitored by someone -- and you'll be right 99% of the time.

Or am *I* also paranoid? :-)
aardvark_admin
Site Admin
 
Posts: 4345
Joined: Wed May 07, 2014 2:10 pm

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby aardvark_admin » Wed Jul 01, 2020 7:24 am

Ha... after posting this morning's column I read this: https://www.rnz.co.nz/news/in-depth/420 ... ia-and-mi6

Makes my case *very* nicely.

NOBODY can be trusted!
aardvark_admin
Site Admin
 
Posts: 4345
Joined: Wed May 07, 2014 2:10 pm

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby Necrotic Kingdom » Wed Jul 01, 2020 8:10 am

As Irish orator John Philpot Curran said in 1790: "It is the common fate of the indolent to see their rights become a prey to the active. The condition upon which God hath given liberty to man is eternal vigilance."

I prefer Open Source.
Necrotic Kingdom
 
Posts: 154
Joined: Thu Aug 29, 2019 11:31 am

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby GSVNoFixedAbode » Wed Jul 01, 2020 8:13 am

And if they don't get all your information via routers, they can use Tictok:
https://www.reddit.com/r/videos/comment ... _just_get/
TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.

Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)

Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)

Everything network-related (ip, local ip, router mac, your mac, wifi access point name)

Whether or not you're rooted/jailbroken

Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC

They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function. They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
GSVNoFixedAbode
 
Posts: 355
Joined: Thu May 08, 2014 8:53 am

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby goosemoose » Wed Jul 01, 2020 9:21 am

You can't trust anyone in the tech sphere. They're all at it. I don't see what the problem is with using Huawei and other Chinese kit, especially if its cheap and good. I'm sure beancounters and management the world over would agree with me too. It's as old as espionage itself in that you always assume the communications link is being snooped on by your adversary. This shouldn't be any different today. Everything sensitive going over the internet should be encrypted to a suitable standard.

Besides Huawei opened their code for all to see. Has any USAian vendor done that? Also Cisco was caught with an NSA backdoor in it. Huawei never has. Yet.
goosemoose
 
Posts: 692
Joined: Thu May 08, 2014 1:05 pm

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby phill » Wed Jul 01, 2020 9:52 am

so there main bit of evidence for the chinese using spyware inside huawei devices is .. we use spyware inside the devices that are made here

couple that with who is likely funding lobbyists to colour the view and disinformation the us govt gets .. and don't forget large political donations from the same

if you want to have a 100% guarantee no one can remotely control your devices .. ya dreamin .. you can redo all the firmware and software yourself and air gap anything that doesn't need to be there

the uk still intends to use huawei stuff so they think they can override anything intentionally left behind

the remote kill switch code can be beaten by not allowing it to activate .. and or having a unkill function available .. no necessarily as good as the original but enough to get through an attack

bottom line has to have something to do with
if the usa wasn't so corrupted by corporate interests atm you might believe more of what they say
( ,,,,,,,, ....... A E I O U use em sparingly theres probably not enough )

i might live and eat in a sewer .. but hey look how many of these shiny things i have got
User avatar
phill
 
Posts: 2273
Joined: Tue Nov 25, 2014 8:31 pm

Re: Is tech paranoia justified? (1 Jul, 2020)

Postby Kiwiiano » Wed Jul 01, 2020 4:38 pm

Moral: trust no-one, ensure all communications are deeply encrypted: And every communication should contain a significant quantity of random empty data that is genuinely indecipherable to keep snoopers’ quantum computers locked up in endless useless cycles.
JbyDkt9( fTb^5on^ cg0maIH@ jpO0$bts aq3LgyGt m¢s$fFs8 irRT92#! IryBHs”: UgHfe3’. Hit•†s∫© nt4^yB9: 60)&NL}| vHDi=-,c
~ Kiwiiano
“Nothing will make any sense until you realise that nothing makes any sense!”
Kiwiiano
 
Posts: 508
Joined: Wed May 07, 2014 5:36 pm


Return to Today's column

Who is online

Users browsing this forum: No registered users and 2 guests

cron