Security

The results of a study conducted by researchers from Duke University, Penn State University, and Intel Labs have revealed that a significant number of popular Android applications transmit private user data to advertising networks without explicitly asking or informing the user. The researchers developed a piece of software called TaintDroid that uses dynamic taint analysis to detect and report when applications are sending potentially sensitive information to remote servers.

They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user's location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.

Just a few weeks after the leak of the HDCP master keys was confirmed, a software implementation of the encryption scheme has been developed.

The software implementation should be able to decrypt a 1080p30 stream given a suitably fast dual-core processor and about 1.6GB of RAM. The poor performance is due to the nature of the algorithm. HDCP was designed to be cheap and fast for hardware manufacturers, but operations that are quick and easy in hardware are often slow and inefficient in software. In spite of this, the developers believe they have opportunities for further optimization and improvement, making real-time decryption on more modest hardware feasible.

The purpose of their efforts is less than obvious. HDCP is used for the protection of content over the links between systems—for example, the cable between your video card and your monitor—to prevent the creation of perfect digital copies. An HDCP source—typically a video card or Blu-ray set-top box—will only transmit data if it can establish an HDCP-protected connection to a sink—a monitor or TV.

As such, to capture an HDCP-protected data stream, the capture device needs to appear to be a legitimate sink. This means that the capture device needs to be physically connected to the source (usually over an HDMI, DVI, or DisplayPort cable), and needs to be able to perform the right HDCP handshaking before the source will even begin playback. So to even get an HDCP-protected stream to use the software with, you need hardware that's able to "speak" HDCP to capture the data—and if you have that, the hardware will be decrypting the stream anyway.

The leak of the master key does allow anyone to create their own sources and sinks, in a manner that cannot be blocked or disabled, so it might yet be used to produce general-purpose HDCP strippers to allow, for example, capture of copy-protected cable programs. This software implementation, though, looks more like a novelty to prove that the keys are real than a practical anti-HDCP solution.

Read the comments on this post

We reported last week about a malware threat known as Stuxnet that is designed to compromise industrial equipment. Due to the highly targeted nature of the Stuxnet worm and a large concentration of infections in Iran, analysts speculated that it may have been launched by a major government in an effort to sabotage Iran's controversial Bushehr power plant.

The Iranian government confirmed this week that computers at Bushehr were infected by the worm, but representatives claim that the infection was isolated to a handful of noncritical systems and hasn't disrupted the plant, which is in the final stages of construction and is expected to become operational in October.

Security researchers have uncovered some unexpected behaviors in a piece of malware called Stuxnet. The worm exploits a number of zero-day vulnerabilities in order to propagate itself over Windows networks, but it also targets embedded software developed by Siemens that runs in industrial equipment. The worm could be used to disrupt factories and other industrial environments.

Researchers have found that the highest concentration of Stuxnet infections is located in Iran. That discovery, coupled with the very high level of sophistication exhibited by the malware, has led some researchers to speculate that it was crafted by a major government body with the aim of disabling Iran's nuclear power plant.

Though the Library of Congress has ruled iPhone jailbreaks as "fair use," that doesn't mean Apple can't try to prevent it. While Apple has patched iOS 4.x to stymie jailbreaks on the iPhone 4, hackers have reportedly discovered a low-level boot ROM exploit which could allow these devices to be jailbroken. However, users hoping to use the code to jailbreak these devices are instead being tricked into downloading a trojan used to steal passwords from desktop computers.

A hacker named "pod2g," who works with a group that goes by the name Chronic Development Team, announced earlier this month that he found an exploit that could effectively jailbreak an iPhone 4 "forever." The exploit, referred to as "SHAtter," takes advantage of a flaw discovered in very low-level iPhone boot ROM code. Since it is unlikely that Apple could patch the boot ROM via software, devices with the flawed boot ROM code would be impervious to jailbreak patches in future iOS updates.

A purported tool using the exploit, greenpois0n, has been circulating recently, but security researcher Costin Raiu at Kapersey Labs says that all such tools are in fact trojans designed to trick users into giving up passwords. Additionally, fake jailbreaking websites have popped up, claiming to offer jailbreaks for any iOS device running any iOS version for up to $40 a pop.

Raiu warned that there are no current jailbreaks for iOS 4.0.2 or later on the iPhone 4, though the iPhone Dev Team has released a new beta of redsn0w which can jailbreak iOS 4.1 running on an iPhone 3G or second-gen iPod touch. These older devices are still susceptible to the pwnage2 DFU exploit used on these devices when running older versions of iOS. However, using the new beta may disable carrier unlocks (using the ultrasn0w tool) "forever."

The important caveat buried in all this is that jailbreaking probably shouldn't be undertaken by casual users, despite the availability of one-click tools like blackra1n or PwnageTool. Likewise, users who do decide to jailbreak should make every effort to be well-informed of what groups like iPhone Dev Team or Chronic Development Team are working on. Jailbreaking by definition compromises the security of your mobile device, and it seems malicious hackers aren't afraid to exploit the desire to jailbreak for their own ends.

Read the comments on this post

High-bandwidth Digital Content Protection (HDCP), the copy protection system used to prevent the making of perfect digital copies of audio and video data sent over DisplayPort, HDMI, and DVI interfaces, may have been blown out of the water if a post made to pastebin.com yesterday is what it claims to be. The post purports to contain the HDCP "master key," a 40×40 matrix of 56-bit numbers, which is used by the HDCP licensing company, Digital Content Protection (DCP), to generate the private keys used in all HDCP devices.

HDCP was invented by Intel to be a cheap-to-implement, high-performance cryptographic system suitable for use in audio and video applications. Its purpose was to create a secure digital path that could not be eavesdropped, so that pirates would not be able to make high-quality digital copies of high-definition video. HDCP also provides a mechanism for key revocation: if a device's key has been leaked, it can be added to a list of revoked keys, effectively blacklisting it and preventing it from being used for playback of encrypted content.

It's apparent that the physics lexicon has been dragged kicking and screaming out of the 19th century with a recent paper published in Nature Photonics titled "Hacking commercial quantum cryptography systems by tailored bright illumination." I never thought I would live to see the word "hacking" used in its proper context in a physics paper. But enough about physics lingo. What about the quantum encryption hacks alluded to by the title?

What we have is another paper demonstrating that the weak point of quantum encryption systems is the point where classical meets quantum. This is not the first hack of its kind, but, it is, in true hacker tradition, the first focused on a commercial system.