Bruce Shneier's Blog

Subscribe to Bruce Shneier's Blog feed
A blog covering security and security technology. Movable Type Pro
Updated: 13 hours 9 min ago

Apple's FaceID

Tue, 09/19/2017 - 06:44
This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at someone and have it automatically unlock.... Bruce Schneier
Categories: Security News

Bluetooth Vulnerabilities

Mon, 09/18/2017 - 06:58
A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi chip by Project Zero and... Bruce Schneier
Categories: Security News

Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry

Fri, 09/15/2017 - 14:53
The Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Another iPhone Change to Frustrate the Police

Fri, 09/15/2017 - 06:28
I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's another, more significant, change: iOS now requires a passcode... Bruce Schneier
Categories: Security News

Hacking Robots

Thu, 09/14/2017 - 06:17
Researchers have demonstrated hacks against robots, taking over and controlling their camera, speakers, and movements. News article.... Bruce Schneier
Categories: Security News

On the Equifax Data Breach

Wed, 09/13/2017 - 12:49
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses... Bruce Schneier
Categories: Security News

Hacking Voice Assistant Systems with Inaudible Voice Commands

Wed, 09/13/2017 - 06:03
Turns out that all the major voice assistants -- Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa -- listen at audio frequencies the human ear can't hear. Hackers can hijack those systems with inaudible commands that their owners can't hear. News articles.... Bruce Schneier
Categories: Security News

Securing a Raspberry Pi

Tue, 09/12/2017 - 06:12
A Raspberry Pi is a tiny computer designed for markers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.... Bruce Schneier
Categories: Security News

A Hardware Privacy Monitor for iPhones

Mon, 09/11/2017 - 06:12
Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a journalist who is concerned about government surveillance: Our introspection engine is designed with the... Bruce Schneier
Categories: Security News

Friday Squid Blogging: Make-Your-Own Squid Candy

Fri, 09/08/2017 - 16:11
It's Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

ShadowBrokers Releases NSA UNITEDRAKE Manual

Fri, 09/08/2017 - 06:54
The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, described as a "fully extensible... Bruce Schneier
Categories: Security News

Research on What Motivates ISIS -- and Other -- Fighters

Thu, 09/07/2017 - 06:05
Interesting research from Nature Human Behaviour: "The devoted actor's will to fight and the spiritual dimension of human conflict": Abstract: Frontline investigations with fighters against the Islamic State (ISIL or ISIS), combined with multiple online studies, address willingness to fight and die in intergroup conflict. The general focus is on non-utilitarian aspects of human conflict, which combatants themselves deem 'sacred'... Bruce Schneier
Categories: Security News

Security Vulnerabilities in AT&T Routers

Wed, 09/06/2017 - 06:55
They're actually Arris routers, sold or given away by AT&T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don't know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which can allow "root" remote access... Bruce Schneier
Categories: Security News

Security Flaw in Estonian National ID Card

Tue, 09/05/2017 - 15:23
We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before... Bruce Schneier
Categories: Security News