Skip to main content

Saudi telecom seeks help of Hackers for monitoring encrypted Twitter data according to e-mails.

 Mobily, a Saudi Arabian telecommunications company with 4.8 million subscribers, is working on a way to intercept encrypted data sent over the Internet by Twitter, Viber, and other mobile apps, a security researcher said Monday.
Moxie Marlinspike, the pseudonymous cryptographer who has identified several security bugs in the secure sockets layer protocol used to protect website transactions, said he learned of the project after receiving an e-mail from company officials. Carrying the subject line "Solution for monitoring encrypted data on telecom," it said the project was required by "the regulator." Marlinspike believed this meant the
government of Saudi Arabia. In follow-up e-mails, the Mobily officials said they were looking for ways to bypass the protections built into the SSL and Transport Layer Security protocols so telecom workers could monitor messages spreading terrorism.
"One of the design documents that they volunteered specifically called out compelling a [certificate authority] in the jurisdiction of the UAE or Saudi Arabia to produce SSL certificates that they could use for interception," Marlinspike wrote in a blog post. "A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities."
Mobily representatives didn't respond to an e-mail seeking comment for this article.
Marlinspike, who recently left Twitter after working in the company's security department, continued:
"Their level of sophistication didn’t strike me as particularly impressive, and their existing design document was pretty confused in a number of places, but Mobily is a company with over five billion in revenue, so I’m sure that they’ll eventually figure something out. What’s depressing is that I could have easily helped them intercept basically all of the traffic they were interested in (except for Twitter—I helped write that TLS code, and I think we did it well). They later told me they’d already gotten a WhatsApp interception prototype working and were surprised by how easy it was. The bar for most of these apps is pretty low."
Marlinspike said it was "rude" of him to publish the details of a private correspondence but that it was "substantially more rude of them to be engaged in massive-scale eavesdropping of private communication." He warned readers about the influence wealthy governments are having on hackers and security researchers. That is primarily driven by the large scale purchase of security exploits used to compromise computers and eavesdrop on citizens. For a good understanding of how it all works, see this article published Friday by Reuters reporter Joseph Menn.
"Really, it’s no shock that Saudi Arabia is working on this, but it is interesting to get fairly direct evidence that it’s happening," Marlinspike wrote. "More to the point, if you’re in Saudi Arabia (or really anywhere), it might be prudent to think about avoiding insecure communication tools like WhatsApp and Viber (TextSecure and RedPhone could serve as appropriate secure replacements), because now we know for sure that they’re watching. For the rest of us, I hope we can talk about what we can do to stop those who are determined to make this a reality, as well as the ways that we’re already inadvertently a part of that reality’s making."


Popular posts from this blog

LG’s first flexible OLED phone due before the year is out

LG plans to launch a flexible OLED smartphone before the end of the year, the company’s VP of mobile has confirmed, though it’s unclear to what extent the work-in-progress handset will actually flex. The OLED panel in question is the handiwork of LG Display according to VP of LG mobile Yoon Bu-hyun, the WSJ  reports, with the proposed device set to launch sometime in Q4. LG Display’s work on flexible OLEDs has been underway for some time, though the company’s efforts have perhaps been overshadowed somewhat by rival Samsung’s YOUM development. Last year, according to a Korea Times report, LG Display was preparing for
Flexible displays are the Future of IT Industry! A part from 4k and smart home appliances, the CES 2013 saw a lot of attention being drawn towards bendable, flexible displays. The elasticised display idea isn’t something new as we have seen hoards of device concepts being crafted around flexible, bendable and even foldable displays. These concept devices give us a futuristic feel, be it a flexible phone to be worn around the wrist or a phone that opens up to turn into a tablet or PSP-like device. But how far is this future? Nokia has been toying with the idea ever since we remember. The technology sounds very fascinating and the possibilities and the extent to which bendable displays could be used are vast and leave us spellbound. However, these have always been concepts and we haven’t seen any device materialise in the real world. There have been several technologies that were conceived in these years and all have been put to their practical use. But the bendable d

Xarius: Charge Your Mobile From Air

Xarius is a portable energy generator that allows to charge electrical appliances by the use of windpower in areas without electricity. Its lightweight and compact design makes the wind turbine to a perfect companion on backpacking trips with little luggage. It is composed of a foldable three-wing-system and an internal energy generator. The integrated rope makes it easy to adapt to any environment.Hooks are attached to both of its ends to tighten the rope and open the wings at the same time using the resulting tension. For convenient charging the battery is permanently installed, so that the electrical device can be charged inside the tent. The LED on the hook shows the current charge of battery. The pulsating orange indicates that the wind turbine has to recharge. Even at low wind speeds the blades begin to rotate autonomously.