Skip to content
IntegraMSP
IntegraMSP
  • About
    • Reviews
  • Services
    • Hosted Solutions
    • Business IT Solutions
    • Data Protection
    • Marketing Services
  • Latest News
  • Contact
Schedule a Free Consultation
Schedule a Free Consultation
  • About
    • Reviews
  • Latest News
  • Services
    • Hosted Solutions
    • Business IT Solutions
    • Data Protection
    • Marketing Services
  • Contact
  • SCHEDULE A FREE CONSULTATION
  • (214) 705-2008
IntegraMSP
IntegraMSP
  • About
    • Reviews
  • Latest News
  • Services
    • Hosted Solutions
    • Business IT Solutions
    • Data Protection
    • Marketing Services
  • Contact
  • SCHEDULE A FREE CONSULTATION
  • (214) 705-2008

The Week in Breach – Serious New Warning Issued For Apple’s 1.65 Billion iPad, iPhone Users

Make sure to add us or contact us for the latest news

Real-Time Service Alerts



Gordon Kelly

Senior Contributor
Consumer Tech
iPhone owners are currently facing multiple threats, but Apple’s new CSAM detection system has generated greater fears than even the biggest hacks. And it just got worse.

In a shocking new report (via BleepingComputer), a team of researchers at Imperial College London have found fundamental flaws in the technology behind Apple’s CSAM (Child Sexual Abuse Material) detection system. Apple intends to launch CSAM across all iPhones and iPads running iOS 15, but the report states that it is simple for images to both evade detection and “raise strong privacy concerns” for users.

CSAM operates by comparing image hashes (IDs) of pictures shared privately between iOS users to databases provided by child safety organizations. If matches are found then authorities and, where appropriate, parents are automatically notified. In theory, this makes the system rigorous and private. The problem is Imperial researchers found the whole system (and all systems of its type) can be bypassed simply by applying a hashtag filter to any image.

The filter sends an alternative hashtag to the detection systems and this fooled them 99.9% of the time. Moreover, the filter is virtually invisible so images appear unchanged to the human eye. The researchers also found that the only countermeasure Apple could take would be to increase the hash size (from 64 to 256), but such a move significantly increases false positives while also encoding more user data into images which introduces serious privacy concerns.

“Our results shed strong doubt on the robustness to adversarial black-box attacks of perceptual hashing-based client-side scanning as currently proposed,” explain the researchers. “The detection thresholds necessary to make the attack harder are likely to be very large, probably requiring more than one billion images to be wrongly flagged daily, raising strong privacy concerns.”

Apple, Apple iOS 15, Apple iOS 15 upgrade, iPhone iOS 15 upgrade, new iOS update, iOS 15 problem, iOS 15 bug, iOS 15 fix, iPhone 13, iPhone 13 Pro, iPhone 12 Pro Max, iPhone 12

CSAM has already been widely condemned. In August, Edward Snowden said it “will permanently redefine what belongs to you, and what belongs to them”, pointing out that governments could force Apple to search for any images they desire.

“I can’t think of any other company that has so proudly, and so publicly, distributed spyware to its own devices… There is no fundamental technological limit to how far the precedent Apple is establishing can be pushed, meaning the only restraint is Apple’s all-too-flexible company policy, something governments understand all too well.”

Having initially tried to defend CSAM as poorly communicated, Apple has subsequently delayed its mass release on iPhones and iPads until 2022. Following these latest revelations, however, questions must be asked about the viability of the system as a whole.

I have reached out to Apple for comment on these findings and will update this post when/if I receive a reply.

___

Follow Gordon on Facebook

Dark Web ID’s Top Threats This Week


Diamond Comic Distributors

https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.

IntegraMSP to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>> 


Electronic Warfare Associates (EWA)

https://www.msspalert.com/cybersecurity-news/electronic-warfare-associates-ewa-data-breach-email-phishing-incident-details/

Exploit: Phishing

Electronic Warfare Associates (EWA): Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown

How It Could Affect Your Business Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.

IntegraMSP to the Rescue: Help your clients build a powerful defense against today’s top cybersecurity threat, phishing, with the knowledge and threat intelligence you’ll gain in our eBook The Phish Files. DOWNLOAD IT>>

 


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors relted to the assessed breach.

Post navigation
← Previous Post
Next Post →

Our Business IT Partners

https://integramsp.com/wp-content/uploads/2020/09/DT_AuthorizedPartner_4C-e1600798803176.jpg
https://integramsp.com/wp-content/uploads/2020/09/logmein-e1600798783884.jpg
https://integramsp.com/wp-content/uploads/2020/09/MSP-Barracuda-e1600798745409.png
https://integramsp.com/wp-content/uploads/2020/09/sophos-global-partner-program-silver-e1600798726205.png
https://integramsp.com/wp-content/uploads/2020/09/Eaton-e1600798636978.jpg
https://integramsp.com/wp-content/uploads/2020/09/HP-Partner-First-Silver-e1600798871272.png
https://integramsp.com/wp-content/uploads/2020/09/partners-cisco-meraki-640x356-1-e1600798888493.jpg
https://integramsp.com/wp-content/uploads/2020/09/Enterprise_Parnter_Logo_JPEG-e1600798849498.jpg
https://integramsp.com/wp-content/uploads/2020/09/RS48593_original-e1600798821693.png
https://integramsp.com/wp-content/uploads/2019/12/Cytracom_Partner_150px-e1600798918800.png
https://integramsp.com/wp-content/uploads/2019/12/partner-logo-e1575651704817.png
Microsoft

Get In Touch!

(214) 705-2008

1700 Pacific Ave
Suite 2630
Dallas, TX 75201

Site Map

  • Home
  • About Us
  • News & Media
  • Hosted Solutions
  • Business IT Solutions
  • Data Protection
  • Marketing Services
  • Contact Us

Reviews

See All Reviews

Subscribe

Complete the below form to receive news and updates from IntegraMSP. All fields are required.

Select list(s) to subscribe to

Copyright 2023 IntegraSys IT, LLC. All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT