Morning Security Brief: Mobile Phone Freezing Yields Data, FCC Backs Down, Private Security Contractors, Malware Epidemiology
By Ann Longmore-Etheridge
Freezing a mobile phone's memory chip can allow someone to steal the encryption key that protects sensitive information. Internet providers have persuaded the Federal Communications Commission to back down on tough new recommendations on cybersecurity. The U.S. Military now leans heavily on private contractors during war. IT security specialists can stop Malware by using some 19th century techniques.
►Researchers at the Friedrich-Alexander University in Germany have shown that when a mobile phone's memory chip is chilled , sensitive data can be removed from it. This research builds on 2008 work at Princeton, during which researchers used "nothing fancier than a can of compressed air to chill memory chip modules while a computer was running," says The Economist. This allowed them to remove the chips and pilfer critical data like passwords. The Princeton researchers found that "the freezing ruse bypassed the protections of full-disk encryption (FDE). An FDE-enabled drive exchanges data between disk and memory through an encryption layer, the key for which must be stored in dynamic memory. The data on the disk are always encrypted. Chilling the memory chip allowed the team to retrieve this key, allowing the drive to be cracked." As the full report on The Economist explains, getting the information from mobiles is not easy.
►The Wall Street Journal reports that Internet providers have persuaded the Federal Communications Commission to back down on tough new recommendations on cybersecurity. “An original draft of a report by an advisory panel to the Federal Communications Commission, viewed by The Wall Street Journal, endorsed a list of concrete suggestions for major telecommunications and cable companies to tackle the cybersecurity problem. Those measures—which included steps such as controlling which employees have administrative privileges on company networks—weren’t backed in the final report,” says the Journal.
►The Alaska Dispatch probes the growing dependence of the U.S. military on private contractors , including security contractors. According to the paper, 18 percent of the private contractors hired during the Iraq War "provided security services, such as guarding installations, protecting convoys, or acting as bodyguards." Thirty-five percent of diplomatic personnel said in a RAND survey that they had to "manage the consequences of actions by armed contractors against local citizens. And nearly 40 percent had witnessed armed contractors acting in ways that were unnecessarily threatening, arrogant, or belligerent while deployed."
►TechWeek Europe looks at the epidemiology of malware , discussing how the same methods applied to solving the origins of a 19th century cholera outbreak can help today's IT security professionals get to the bottom of a malware outbreak.