Connect with us

Biz & IT

Trump’s Huawei ban also causing tech shocks in Europe

Published

on

The escalating U.S.-China trade war that’s seen Chinese tech giant Huawei slapped on a U.S. trade blacklist is causing ripples of shock across Europe too, as restrictions imposed on U.S. companies hit regional suppliers concerned they could face U.S. restrictions if they don’t ditch Huawei.

Reuters reports shares fell sharply today in three European chipmakers — Infineon Technologies, AMS and STMicroelectronics — after reports suggested some already had, or were about to, halt shipments to Huawei following the executive order barring U.S. firms from trading with the Chinese tech giant.

The interconnectedness of high-tech supply chains coupled with U.S. dominance of the sector and Huawei’s strong regional position as a supplier of cellular, IT and network kit in Europe suddenly makes political risk a fast-accelerating threat for EU technology companies, large and small.

On the small side is French startup Qwant, which competes with Google by offering a pro-privacy search engine. In recent months it has been hoping to leverage a European antitrust decision against Google  Android last year to get smartphones to market in Europe that preload its search engine, not Google’s.

Huawei was its intended first major partner for such devices. Though, prior to recent trade war developments, it was already facing difficulties related to price incentives Google included in reworked EU Android licensing terms.

Still, the U.S.-China trade war threatens to throw a far more existential spanner in European Commission efforts to reset the competitive planning field for smartphone services — certainly if Google’s response to Huawei’s blacklisting is to torch its supply of almost all Android-related services, per Reuters.

A key aim of the EU antitrust decision was intended to support the unbundling of popular Google services from Android so that device makers can try selling combinations that aren’t entirely Google-flavored — while still being able to offer enough “Google” to excite consumers (such as preloading the Play Store but with a different search and browser bundle instead of the usual Google + Chrome combo).

Yet if Google intends to limit Huawei’s access to such key services, there’s little chance of that.

(In a statement responding to the Reuters report Google suggested it’s still deciding how to proceed, with a spokesperson writing: “We are complying with the order and reviewing the implications. For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices.”)

Going on Google’s initial response, Qwant co-founder and CEO Eric Léandri told us he thinks Google has overreacted — even as he dubbed the U.S.-China trade war “world war III — economical war but it’s a world war for sure.”

“I really need to see exactly what President Trump has said about Huawei and how to work with them. Because I think maybe Google has overreacted. Because I haven’t [interpreted it] that way so I’m very surprised,” he told TechCrunch.

“If Huawei can be [blacklisted] what about the others?,” he added. “Because I would say 60% of the cell phone sales in Europe today are coming from China. Huawei or ZTE, OnePlus and the others — they are all under the same kind of risk.

“Even some of our European brands who are very small like Nokia… all of them are made in China, usually with partnership with these big cell phone manufacturers. So that means several things but one thing that I’m sure is we should not rely on one OS. It would be difficult to explain how the Play Store is not as important as the search in Android.”

Léandri also questioned whether Google’s response to the blacklisting will include instructing Huawei not to even use its search engine — a move that could impact its share of the smartphone search market.

“At the end of the day there is just one thing I can say because I’m just a search engine and a European one — I haven’t seen Google asking to not be by default in Huawei as search engine. If they can be in the Huawei by default as a search engine so I presume that everyone else can be there.”

Léandri said Qwant will be watching to see what Huawei’s next steps will be — such as whether it will decide to try offering devices with its own store baked in in Europe.

And indeed how China will react.

“We have to understand the result politically, globally, the European consequences. The European attitude. It’s not only American and China — the rest of the world exists,” he said.

“I have plan b, plan c, plan d, plan f. To be clear we are a startup — so we can have tonnes of plans, The only thing is right now is it’s too enormous.

“I know that they are the two giants in the tech field… but the rest of the world have some words today and let’s see how the European Commission will react, my government will react and some of us will react because it’s not only a small commercial problem right now. It’s a real political power demonstration and it’s global so I will not be more — I am nobody in all this. I do my job and I do my job well and I will use the maximum opportunity that I can find on the market.”

We’ve reached out to the Commission to ask how it intends to respond to escalating risks for European tech firms as Trump’s trade war steps up. Update: A Commission spokesperson for the Digital Single Market reiterated its prior statements around Huawei and cybersecurity, recommending Member States evaluate risks and strengthen risk mitigation measures. “EU Member States have the right to decide whether to exclude companies from their markets for national security reasons, if they do not comply with the country’s standards and legal framework,” the spokesperson added.

Also today, Reuters reports that the German Economy Minister is examining the impact of U.S. sanctions against Huawei on local companies.

But while a startup like Qwant waits to see what the next few months will bring — and how the landscape of the smartphone market might radically reconfigure in the face of sharply spiking political risk, a different European startup is hoping to catch some uplift: Finland-based Jolla steers development of a made-in-Europe Android alternative, called Sailfish OS.

It’s a very tiny player in a Google-dominated smartphone world. Yet could be positioned to make gains amid U.S. and Chinese tech clashes — which in turn risk making major platform pieces feel a whole lot less stable.

A made-in-Europe non-Google-led OS might gain more ground among risk averse governments and enterprises — as a sensible hedge against Trump-fueled global uncertainty.

“Sailfish OS, as a non-American, open-source based, secure mobile OS platform, is naturally an interesting option for different players — currently the interest is stronger among corporate and governmental customers and partners, as our product offering is clearly focused on this segment,” says Jolla co-founder and CEO Sami Pienimäki .

“Overall, there definitely has been increased interest towards Sailfish OS as a mobile OS platform in different parts of the world, partly triggered by the on-going political activity in many locations. We have also had clearly more discussions with e.g. Chinese device manufacturers, and Jolla has also recently started new corporate and governmental customer projects in Europe.”

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Safari and iOS bug reveals your browsing activity and ID in real time

Published

on

Getty Images

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

“The fact that database names leak across different origins is an obvious privacy violation,” Martin Bajanik, a researcher at security firm FingerprintJS, wrote. He continued:

It lets arbitrary websites learn what websites the user visits in different tabs or windows. This is possible because database names are typically unique and website-specific. Moreover, we observed that in some cases, websites use unique user-specific identifiers in database names. This means that authenticated users can be uniquely and precisely identified.

Attacks work on Macs running Safari 15 and on any browser running on iOS or iPadOS 15. As the demo shows, safarileaks.com is able to detect the presence of more than 20 websites—Google Calendar, YouTube, Twitter, and Bloomberg among them—open in other tabs or windows. With more work, a real-world attacker could likely find hundreds or thousands of sites or webpages that can be detected.

When users are logged in to one of these sites, the vulnerability can be abused to reveal the visit and, in many cases, identifying information in real time. When logged in to a Google account open elsewhere, for instance, the demo site can obtain the internal identifier Google uses to identify each account. Those identifiers can usually be used to recognize the account holder.

Raising awareness

The leak is the result of the way the Webkit browser engine implements IndexedDB, a programming interface supported by all major browsers. It holds large amounts of data and works by creating databases when a new site is visited. Tabs or windows that run in the background can continually query the IndexedDB API for available databases. This allows one site to learn in real time what other websites a user is visiting.

Websites can also open any website in an iframe or pop-up window in order to trigger an IndexedDB-based leak for that specific site. By embedding the iframe or popup into its HTML code, a site can open another site in order to cause an IndexedDB-based leak for the site.

“Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session,” Bajanik wrote. “Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window.”

How IndexedDB in Safari 15 leaks your browsing activity (in real time).

Bajanik said he notified Apple of the vulnerability in late November, and as of publication time, it still had not been fixed in either Safari or the company’s mobile OSes. Apple representatives didn’t respond to an email asking if or when it would release a patch. As of Monday, Apple engineers had merged potential fixes and marked Bajanik’s report as resolved. End users, however, won’t be protected until the Webkit fix is incorporated into Safari 15 and iOS and iPadOS 15.

For now, people should be wary when using Safari for desktop or any browser running on iOS or iPadOS. This isn’t especially helpful for iPhone or iPad users, and in many cases, there’s little or no consequence of browsing activities being leaked. In other situations, however, the specific sites visited and the order in which they were accessed can say a lot.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” Bajanik wrote. “In the meantime, we hope this article will raise awareness of this issue.”

Continue Reading

Biz & IT

Microsoft warns of destructive disk wiper targeting Ukraine

Published

on

Getty Images

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Around the same time, Microsoft said in a post over the weekend, “destructive” malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks a dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

“Overwriting the MBR is atypical for cybercriminal ransomware,” members of the Microsoft Threat Intelligence Center wrote in Saturday’s post. “In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC.”

Over the weekend, Serhiy Demedyuk, deputy head of Ukraine’s National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.

Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 “primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland,” authors of the Mandiant report wrote.

All evidence points to Russia

Ukrainian officials said UNC1151 was likely working on behalf of Russia when it used its skill in harvesting credentials and infiltrating websites to deface Ukraine’s government sites. In a statement, they wrote:

As of now, we can say that all the evidence points to the fact that Russia is behind the cyber attack. Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace.

Russia’s cyber-troops are often working against the United States and Ukraine, trying to use technology to shake up the political situation. The latest cyber attack is one of the manifestations of Russia’s hybrid war against Ukraine, which has been going on since 2014.

Its goal is not only to intimidate society. And to destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians. They can achieve this by throwing fakes into the infospace about the vulnerability of critical information infrastructure and the “drain” of personal data of Ukrainians.

Damage assessment

There were no immediate reports of the defacements having a destructive effect on government networks, although Reuters on Monday reported Ukraine’s cyber police found that last week’s defacement appeared to have destroyed “external information resources.”

“A number of external information resources were manually destroyed by the attackers,” the police said, without elaborating. The police added: “It can already be argued that the attack is more complex than modifying the homepage of websites.”

Microsoft, meanwhile, didn’t say if the destructive data wiper it found on Ukrainian networks had merely been installed for potential use later on or if it had actually been executed to wreak havoc.

There’s no proof that the Russian government had any involvement in the wiper malware or the website defacement, and Russian officials have flatly denied it. But given past events, Russian involvement wouldn’t be a surprise.

In 2017, a massive outbreak of malware initially believed to be ransomware shut down computers around the world and resulted in $10 billion in total damages, making it the most costly cyberattack ever.

NotPetya initially spread spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. Both Ukrainian
and US government officials have said Russia was behind the attacks. In 2020, federal prosecutors charged four Russian nationals for alleged hacking crimes involving NotPetya.

Continue Reading

Biz & IT

Backdoor for Windows, macOS, and Linux went undetected until now

Published

on

Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.

Researchers from security firm Intezer said they discovered SysJoker—the name they gave the backdoor—on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.

The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.

Analyses of the Windows version (by Intezer) and the version for Macs (by researcher Patrick Wardle) found that SysJoker provides advanced backdoor capabilities. Executable files for both the Windows and macOS versions had the suffix .ts. Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository. Intezer went on to say that SysJoker masquerades as a system update.

Wardle, meanwhile, said the .ts extension may indicate the file masqueraded as video transport stream content. He also found that the macOS file was digitally signed, though with an ad-hoc signature.

SysJoker is written in C++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.

Based on organizations targeted and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “​​espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”

Continue Reading

Trending