NIST standardizes crypto for IoT
The U.S. National Institute of Standards and Technology announced that the Ascon family of encryption and hashing algorithms were designated as a standard for lightweight cryptography applications. By design it intends this encryption for internet of things devices, including industrial use cases like sensors and actuators, as well as medical devices and infrastructure. Resource constrained devices can still implement this encryption, including countermeasures against side-channel attacks. Available implementations include C, Java, Python, and Rust.
Chinese phones collect PII
According to a new report from researchers at the University of Edinburgh and Trinity College Dublin, found that Chinese phone makers like Xiaomi, OnePlus, and Oppo’s RealMe collect extensive data on users without consent. This involves data directly from the OS as well as preinstalled apps. Personally identifiable information appears to go to both the phone vendor as well as service providers and network operators. Data sent includes phone numbers, IMEI and MAC addresses, geolocation data, contacts, and text metadata. The researchers found no way to opt-out of collection. Data collection also didn’t stop when leaving China, with devices sending information to carriers and vendors even when connected on Wi-Fi with no SIM card used.
(Gizmodo)
Chinese firms also working on AI chatbots
This week we’ve seen Microsoft and Google make headlines for showing how they will integrate generative AI across search and other products. But the tech giants of China also threw their hats in this emerging ring. Alibaba says it began work on ChatGPT-like system currently in internal testing. The newspaper 21st Century Herald’s sources say the company may integrate this with with DingTalk app. And Baidu, China’s largest search engine, announced plans to launch its own ChatGPT-like service in March, called “Wenxin Yiyan (WEN-SHIN YEE-YIN),” or “Ernie Bot” in English. Ernie is a large-scale machine-learning model that’s been trained on data over several years and will serve as the foundation of Baidu’s upcoming tool.
(Reuters)
New developments for iOS browsers
When it comes to innovating with third-party browsers on iOS, developers deal with significant limitations. One of the biggest, Apple requires any browsers on iOS to use its WebKit rendering engine. That’s what Firefox and Chrome use on the platform. However earlier this week, Google’s Chromium blog revealed it began work on a browser based on its Blink engine. It cautioned this represented an experiment for performance testing, not a step toward a shippable product. But it seems to be something of a trend. The Register notes Mozilla also hosts code for an iOS version of Firefox using its Gecko rendering engine, although it last updated it on GitHub back in October.
And now a word from our sponsor, US, yes, CISO Series
UK creates standalone tech regulator
In the UK, the Department for Digital, Culture, Media and Sport previously oversaw tech regulation in the country. However Prime Minister Rishi Sunak revealed the formation of new science, innovation and technology department that will now oversee the technology sector. The new department will be headed by former DCMS secretary Michelle Donelan. This comes as the government’s Online Safety Bill makes its way through Parliament, as well as the anticipated announcement of the UK’s broader strategy around semiconductors.
(Politico)
Swatting the c-suite on the rise
CSO Online passed on a report from the digital executive protection company BlackCloak, which reports an increase in swatting and doxxing attacks against high profile positions in Fortune 500 companies. These include c-suite executive and board members. These attacks seem focused on healthcare, biomed, pharma, and esports industries. The company recommends removing personal information from data broker sites, sharing less personal information overall, making corporate About Us pages with executives more formal, and registering homes with either a trust of an LLC rather than in their name.
Turkey blocks access to Twitter
The internet watchdog NetBlocks discovered the block, which comes in the wake of devastating earthquakes in the country that have killed tens of thousands. On the morning of February 8th, NetBlocks found Twitter blocked across several service providers, with access slowed on others. Later in the morning the government instituted a comprehensive block on all providers. Turkey’s recently passed “disinformation law” give it the power to block social media platforms spreading misinformation. Turkish citizens took to the site to note and complain about the government’s earthquake response in hard hit areas.
Tor faces continued DDoS pressure
The maintainers of the Tor Project say that numerous DDoS attack hit its anonymity network over the past seven months. There appears to be a level of sophistication to the attacks, which varied in method and targets over time. Generally the network remains operational, but traffic significantly slowed during attacks. This makes it hard to pinpoint a responsible party or to fully prepare for future attacks. The team plans to add two new members to its network team to better focus on development to help defend against this rouge traffic.