O'Grady's PowerPage

Tag: enforcement

  • FBI’s Denver office issues warning about “juice jacking” attacks via public USB charging ports

    FBI’s Denver office issues warning about “juice jacking” attacks via public USB charging ports

    It never hurts to be careful with where you plug in your devices.

    The FBI has once again warned the public against using public USB ports to recharge an iPhone or iPad, with “juice jacking” attacks infecting mobile devices connected to the ports.

    While most people are familiar with malicious apps and online attacks being performed over the Internet, physical attacks, though rarer, are still present. Still, a number of people still leave their devices open to potential attack by using public recharging points.

    In a warning distributed via Twitter on April 6, the Federal Bureau of Investigation’s Denver office posted a warning to “avoid using free charging stations in airports, hotels, or shopping centers.” The agency stated that it believes bad actors have “figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”

    The theory here is that public USB charging points could be compromised by an attacker. Given that the public doesn’t necessarily believe a seeming power source available for free use could be malicious, the device owners will use the connection without contemplating whether attacks could be made on their hardware.

    While Apple does include “Trust this device” prompts in both its iOS and iPadOS mobile operating systems. This prevents any data transfers from occurring once you connect a new accessory to it until permission has been granted. If such a notice appears on a device connected to what should be a power-only USB port, you should disconnect it immediately. However, it is also possible for the notification to be bypassed, if the attack itself is sophisticated enough. If you’re actively using the iPhone while it is plugged in, you may not necessarily see the prompt at all.

    The FBI has recommended using your own chargers and USB cables to receive power from an electrical outlet, rather than trust a potentially compromised component.

    Stay tuned for additional details as they become available.

    Via AppleInsider and @FBIDenver

  • TRACED anti-robocall legislation signed into law

    With any luck, this should greatly reduce the number of robocalls you receive throughout the day.

    President Trump on Wednesday signed the TRACED anti-Robocall legislation into law, extending the FCC’s powers regarding enforcement and potentially fines.

    The bill, known in full as the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, the planned anti-robocall legislation has become law, and received bipartisan support in both the House of Representatives and the Senate.

    “This historic legislation will provide American consumers with even greater protection against annoying unsolicited robocalls,” wrote the office of Stephanie Grisham, White House Press Secretary.

    The Pallone-Thune TRACED act, named for Rep. Frank Pallone Jr. (D-N.J.) and Sen. John Thune (R-S.D.), chiefly extends the powers and authority of the Federal Communications Commission. The FCC will be able to impose fines of up to $10,000 per call for robocallers defined as abusing the system and committing offenses. Offenders may now be prosecuted by the Justice Department.

    Carriers will be requirement to incorporate STIR/SHAKEN-like authentication technology, which works to combat call number spoofing. These carriers will also be required to offer call blocking services to their users for free. Prior to this, 12 carriers, including AT&T and Verizon, had promised to implement authentication procedures.

    The Federal Communications Commission, under the TRACED legislation, will be required to provide annual reports on enforcement. Before the law comes into effect, the FCC will also have to work on rules regarding spam calls and texts.

    Stay tuned for additional details as they become available.

    Via AppleInsider and Congress.gov

  • USB Restricted Mode for iOS 11.4 could limit law enforcement agencies’ times to unlock iOS devices to seven days

    Apple is looking to make iOS even more secure, even if they irk law enforcement along the way.

    iOS 11.4, which is still in development, will include a security feature that disables the Lightning port if the iPhone hasn’t been unlocked for seven days.

    The feature is called USB Restricted Mode.

    Apple has described it like this:

    (more…)

  • FBI director Christopher Wray calls for weakened encryption, backdoor access to assist law enforcement efforts

    Because apparently several experts telling you something is mathematically impossible doesn’t mean a whole lot.

    Newly minted FBI director Christopher Wray has renewed calls to weaken or bypass encryption. Wray, citing more than 7,700 locked devices that have proven inaccessible to the FBI, has stated that encryption can be weakened without putting users at risks.

    Among the sources telling him this would be unlikely, if not impossible, include mathematicians, encryption experts, and even the U.S.’s own intelligence services. The mathematicians and encryption experts have stated that backdoors, if available, would be exploited by all. Wray’s comments pick up where previous FBI director James Comey left off.

    (more…)

  • Twitter to beef up reporting, blocking features

    twitterlogo

    You’re about to get more controls for your Twitter account.

    Last Tuesday, Twitter issued a blog post stating that the company would be enhancing its in-product harassment reporting and making improvements to “block.”

    Everything that happens in the world, happens on Twitter – to the tune of more than 500 million Tweets every day. That can sometimes include content that violates our rules around harassment and abuse and we want to make it easier to report such content. So, we’re improving the reporting process to make it much more mobile-friendly, require less initial information, and, overall, make it simpler to flag Tweets and accounts for review. These enhancements similarly improve the reporting process for those who observe abuse but aren’t receiving it directly. And to enable faster response times, we’ve made the first of several behind-the-scenes improvements to the tools and processes that help us review reported Tweets and accounts.

    As for the changes to block, the new blocked accounts page — which you can get to from the settings menu on Twitter.com — shows you the accounts you’ve blocked. We’ll be adding more controls and features to this page in the coming months. Additionally, accounts that you’ve blocked won’t be able to view your profile.

    (more…)