Oi, 你好, and welcome to the September 2019 SKY ECC newsletter. The competition is heating up as I came across some very interesting news about our ‘competitors’, criminals compete with the police by pretending to be them, the largest brewer in the world competes with hackers, Toyota competes with email scammers and loses 4 billion yen, and Telegram competes with the fundamental aspects of their app.
WhatsApp security vulnerability disclosed
The hits keep on coming as another WhatsApp security breach has been discovered. The vulnerability is made all the worse by the fact that it compromises WhatsApp’s famed end-to-end encryption. Here’s how it works:
- Only iOS users are impacted.
- Users visit an infected website.
- A “monitoring implant” is installed on the victim phone.
- Hackers gain access to all photos, text, and documents sent.
The key here is that the ‘end’ of the end-to-end encryption is broken, not the encryption itself as some news sites have stated.
This happens because WhatsApp is not in a separate encrypted container like SKY ECC is. With this feature they could have had their OS compromised by the “monitoring implant” without issues. Our zero-trust policy protects our users.
Bounty hunter impersonates police to trick T-Mobile
Remember above when I said the cops were competing with criminals? A bounty hunter used illegal tactics by impersonating police officers to call 3 different telecom companies to obtain client data. Here’s what he’d do:
- He set up a fake website which looked like it was associated with the Colorado Task force, and sent emails from an email account under it.
- He’d claim that he needed data immediately due to a suicide threat, which only police have access to.
- The ‘threat’ was actually someone who had skipped bail.
- To back up his lies further, he’d fax a cover letter reading “Colorado Public Safety Fugitive Recovery Agent” in the header to mobile phone agents.
Someone at T-Mobile became suspicious after his fifth try before anything happened. How many do they think he got away with? At least 16. There was never a time when this ‘bounty hunter’ was a law enforcement officer. He couldn’t be…he was a convicted felon years before all of this started! See? I brought it full circle–he was a crook all along, but got paid for it for a while.
Stories like this are exactly why SKY ECC is so stringent on user privacy, including not keeping any personally identifiable data, such as names or locations. Our system can’t be fooled like this. A criminal could call our support all they wanted, but they don’t have any information to give!
You can hack our lives and banks, but not our beer!
Anheuser-Busch, the maker of pretty much every adult beverage, have decided that your beer deserves the same level of protection…or, embarrassingly, higher…as your bank.
The brewer has created their own cyber-security team and based them in Israel. The job of the division will be monitoring for any cyber attacks against the company, which has been identified as an ongoing issue for them, especially ransomware.
Seriously. Who targets a brewer? All they do is provide us with joy while banks add another fee onto our services every other month. Go bug them.
Toyota caught in 4 billion yen email scam
A European subsidiary of Toyota, Toyota Boshoku, has been caught in a huge email scam. This scam likely saw an employee at Toyota Boshoku become the victim of a social engineering attack sent via email. It usually goes likes this:
- Scammer obtains data about a manager who works at the company, getting their name and a way to imitate their email.
- The scammer looks for a vulnerable person in the company to exploit. In this case they found someone who had the ability to transfer $37 million.
- The target will then receive a message which looks to be from someone higher up, likely using their name and contact information fraudulently. It can also come in the form of a legitimate invoice which could be stolen and have its banking details altered from the right bank to the scammer’s bank.
- Pressure is put on the victim to act fast and not double-check, often stating that this has already been cleared ‘higher up’ in the company.
That’s it. $37 million can be gone just like that. These types of scams are very difficult to detect. When in doubt, it’s best to check with higher ups because one phone call could save a lot of problems.
The last word…
Telegram was recently found to have a major flaw that allowed for text to be deleted but images would stay in a directory of the handset. This is a huge issue for them as this is one of the prominent features of their app, and could lead to more people deleting Telegram to use a better app. The company with the paper plane logo needs to call in some serious help to fix this…
Links to stories mentioned:
- WhatsApp security vulnerability disclosed
- Bounty hunter impersonates police to trick T-Mobile
- You can hack our banks and our lives, but not our beer!
- Toyota caught in 4 billion yen email scam
- Telegram image messaging bug
Read recent posts from SKY ECC
We don’t just read about security and privacy—we write about it too. Visit the SKY ECC blog for more posts on security, privacy, and SKY ECC product updates. First up are two essential deep-dives which explain key features of SKY ECC, followed by the three most recent blog posts.
Explaining 521-bit ECC Encryption From the Ground Up
SKY ECC is named after the 521-bit elliptic-curve cryptography it uses as a primitive for protecting every message sent over it. Learn what this really means with an explanation of cryptography from the very beginning to today!
Learn About the Powerful Network Security Features of SKY ECC
Have you ever wondered how our network of global servers work? Wonder no more as this article clearly explains it in simple terms, with useful diagrams to further your understanding. Read it now to be an expert on the SKY ECC network, and see the example diagram below!
Best Messaging App Comparison: Wickr vs. SKY ECC
Private Messages App Comparison: Telegram vs. SKY ECC
Both of these articles make direct comparisons of SKY ECC versus Wickr and Telegram. Facts are brought up for each on how they excel, and how they don’t match SKY ECC. Use them when people say they’d rather download a ‘free’ app.
Encrypted Message Apps: Why You Need to Use Them Now
If someone ever objects to using even the most basic encrypted messaging app, this post looks at why they are necessary. There is also a look at why SKY ECC does encrypted messaging so well, along with a secret message game you can play at home. On your computer.