Month: May 2019

Privacy and IT Security in App Development

Jesus came and saved humans from destructive nature of hell, but he was a carpenter at the same time. The creative nature of God was evident in him. Sometimes I comment about secular works we do alongside our works of faith. Ministers must all work as the Apostles and disciples of Christ did. To depend solely on Church for living is not what Christ showed us and not what God had commanded. Genesis 2:9-15, 2 Thessalonians 3:3-16.

Today, I comment on my discovery that Adobe shared my personal information on the dark web, which they had no permission to do. I also had been suspicious of Adobe cloud technology as fascinating products but in a weak system. For instance, I sent someone an encrypted file for signature but before I could send the person the key to decrypt it and sign it. He called me to discuss the content of the document. I was confused at first and had to make sure that I did not previously send him the encryption key before asking him how he opened the document.

Once I did that, I inquired from the person how he accessed the document. He opened the encrypted document and read it on both his phone and computer without password, just like that. No encryption key was requested from the document recipient. I went back to my cloud storage to access the file, it required the encryption key that I created before opening it for me. The question then is, how come the recipient who had no computer training or hacking skill opened the document without the acrobat file demanding the encryption key before opening? Adobe told me he must have hacked into the document. Their response is the same old fashion denial of issue instead of acknowledging and solving the problem.

Lots of conversation is going on now about China and their stealing of our patents and intellectual properties but more need to be done about protecting it, especially regarding its security. We cannot open our front and back doors; creating escape tunnels and turn around and complain that thieves have stolen our properties or robbed us.

What happened to the good old days? When I was a kid, we used to play car games. Boys loved Mercedes Benz because of the ad saying then that the manufacturers guaranteed all Mercedes Benz by sealing their engines built to last forever and if it ever breaks down, overturns in any speed on the road or failed to protect you and your family from death during accident, you will come and get a new car and huge compensation. Then, BMW was separate from Mercedes Benz and has exact same promise. Volvo made the same promise too, like almost their competitors. Then the strength and culture of every company is to build the highest quality that anyone can ever build. Competition was never about profit or how cheap it is made. It was about what quality is the product and consumers patronize manufacturers based on their quality standards. It is all gone!

Global commerce has placed the means of production in places where the integrity and standard of production may not be urgent or important therefore depriving consumers great value for their money paid and creating many issues like privacy and security flaws. If God wanted humans to disregard our privacies, He would have shared the secrets in your heart with the public, hence He knows everything, and nothing is hidden from God. Men-of-God with such gift of secret knowledge would have been permitted by God to share such personal and private revelations with the public. Imagine a world where everyone secret is made public.

We should reconsider our cultural values and rethink our standard of production of goods and services at a competitive rate and markets.

Greed is not the same as profit and that is why God forbids greed. Luke 12:15 and Colossians 3:5 speak to this. Whoever engages in honest works or does good is rewarded with abundance harvest. 2 Corinthians 9:8. Why cheat is abundance has been promised. That is why such companies do not last. They disappear over time.

In conclusion, It is my hope and desire that our U.S. government, especially the United States JAB and 3 PAO’s through its Cybersecurity Asset Management tools ensures that systems, particularly foreign domiciled ones or persons comply with the risk management framework established in NIST standards and FedRAMP requirements and processes.

Google, Apple, and many company built its core products and principles by welcoming inputs from users and consumers and letting the technology evolve into the best around their consumers. Now, we are observing more and more erratic behaviors and outright punishment of anyone who provides constructive criticism or disagreement with companies at the core of these technological innovations.

If you disagree with any company, they ban you from their community or environment. Such behavior will kill inventions and innovations as the core value of western civilization. In college, we teach people and build our educational systems around robust constructive criticism without which research is useless. Our educational systems and institutions that hold modern civilization together will disintegrate because it will not even be tested for validity, authenticity, accuracy, integrity and strength. Without constructive criticism, human reasoning and rational will be too flawed to support any progressive society. If everyone is right, no one is right.

The public needs the protection of their governments as oversight and eagle eyes watching and testing what people are offering the public. Packaging the same products over and over again without any reasonable changes or development to maximize profit while lying to the public and deceiving unsuspecting people who are ignorant of how these systems work is stone cold greed. It proves the death of humanity because conscience is entirely absent in such conducts.

Ebelechukwu Elochukwu

IT Security is very challenging and only vigilance and preventive measure can protect your systems

IT Security is very challenging and only vigilance and preventive measure can protect your systems

Facebook just reported this week about an Israeli security firm called NSO development of a spyware which they sell to governments around the world to hack into communication devices. This spyware was used to hack into the Whatsapp calling function to call the target phone and install the surveillance app. NSO client use buffer overflow vulnerabilities in the Whatsapp Voice over Internet Protocol (VoIP) stacks to enforce remote code execution via series of Secured Real-time Transport Protocol (SRTCP) packets sent to a target phone number.

This attack occurred because it is most likely that there is no code signing technology deployed in Whatsapp and its encryption and digital signature could not keep the spyware out. The fact that there was code injection using this vulnerability shows deeper flaw in the development of the app core or root of trust and its code signing and input validation capabilities. If the Whatsapp code is not signed, how come any data injection is not stopped by impute validation system?

Hence specific details are not provided (it is standard IT security policy though), it is also possible the NSO spyware attack utilized the Dynamic Link Library (DLL) injection, which compromises system memory and manipulating it into running the spyware as an authentic command. It does not seem that Whatsapp has a detective control or deterrent control or preventive control systems to prevent this kind of attacks.

With the money they spent in purchasing the app, you will think they will invest in thorough security sweep of the app to ensure this kind of flaws are prevented. Anyway, without boring you with IT technical terms, it goes to the unconscionable conducts of big tech which undermines to ethical and professional standard of the whitehat hackers and computer programmers.

We have heard how Boeing offered security features of something as big and critical system like aircraft as an optional feature and we have people showing sympathy for them. It is all about dollar and no emphasis on the security and privacy of consumers in protecting human life.

Anyway, I am mentioning this because it is a lie that this problem was recently found in Whatsapp. I suffered same attack since over two years now, warned people, mentioned about the surveillance on my devices on Facebook and Twitter posts, and this problem is not just on Whatsapp alone. Other communication networks like AT & T and T – Mobile has been compromised and so was Viber app, different communication systems like calling card technologies, conference calls and internet calls.

These Tech companies should start taking the ethics of this very important future industry for the world (IT) very serious and take the fiduciary duty of care to include consumers just as they take their shareholders’. Like NSO responded, it is all about money. No more privacy, after all, the consumers do not care about their own privacy. They share everything in social media. So, there is no motivation for the industry to spend more money providing security feature that the people do not care about having.

I have been telling people that many of these apps are not safe, that there is spyware hidden in my phones by people surveilling me, I have changed phones and each time, they find their way into new phones using the same or other vulnerabilities. The congress has been silent and provides no oversight over the irresponsibility of these tech people and blackhat hackers. Every cybersecurity specialist should be ashamed of this kind of embarrassment and cover ups. It makes us look bad!

Ebelechukwu P. Elochukwu