5762 stories
·
0 followers

Clearview AI Is Struggling To Address Complaints As Its Legal Issues Mount

1 Share
An anonymous reader quotes a report from BuzzFeed News: Clearview AI, the facial recognition company that claims to have amassed a database of more than 3 billion photos scraped from Facebook, YouTube, and millions of other websites, is scrambling to deal with calls for bans from advocacy groups and legal threats. These troubles come after news reports exposed its questionable data practices and misleading statements about working with law enforcement. Following stories published in the New York Times and BuzzFeed News, the Manhattan-based startup received cease-and-desist letters from Twitter and the New Jersey attorney general. It was also sued in Illinois in a case seeking class-action status. Despite its legal woes, Clearview continues to contradict itself, according to documents obtained by BuzzFeed News that are inconsistent with what the company has told the public. In one example, the company, whose code of conduct states that law enforcement should only use its software for criminal investigations, encouraged officers to use it on their friends and family members. In the aftermath of revelations about its technology, Clearview has tried to clean up its image by posting informational webpages, creating a blog, and trotting out surrogates for media interviews, including one in which an investor claimed Clearview was working with "over a thousand independent law enforcement agencies." Previously, Clearview had stated that the number was around 600. Clearview has also tried to allay concerns that its technology could be abused or used outside the scope of police investigations. In a code of conduct that the company published on its site earlier this month, it said its users should "only use the Services for law enforcement or security purposes that are authorized by their employer and conducted pursuant to their employment." It bolstered that idea with a blog post on Jan. 23, which stated, "While many people have advised us that a public version would be more profitable, we have rejected the idea.""Clearview exists to help law enforcement agencies solve the toughest cases, and our technology comes with strict guidelines and safeguards to ensure investigators use it for its intended purpose only," the post stated. But in a November email, a company representative encouraged a police officer to use the software on himself and his acquaintances. "Have you tried taking a selfie with Clearview yet?" the email read. "It's the best way to quickly see the power of Clearview in real time. Try your friends or family. Or a celebrity like Joe Montana or George Clooney. Your Clearview account has unlimited searches. So feel free to run wild with your searches."

Read more of this story at Slashdot.

Read the whole story
tain
9 hours ago
reply
Share this story
Delete

There's no evidence the Saudis hacked Jeff Bezos's iPhone

1 Share
There's no evidence the Saudis hacked Jeff Bezos's iPhone.

This is the conclusion of the all the independent experts who have reviewed the public report behind the U.N.'s accusations. That report failed to find evidence proving the theory, but instead simply found unknown things it couldn't explain, which it pretended was evidence.


This is a common flaw in such forensics reports. When there's evidence, it's usually found and reported. When there's no evidence, investigators keep looking. Todays devices are complex, so if you keep looking, you always find anomalies you can't explain. There's only two results from such investigations: proof of bad things or anomalies that suggest bad things. There's never any proof that no bad things exist (at least, not in my experience).

Bizarre and inexplicable behavior doesn't mean a hacker attack. Engineers trying to debug problems, and support technicians helping customers, find such behavior all the time. Pretty much every user of technology experiences this. Paranoid users often think there's a conspiracy against them when thier electronics behave strangely, when "behaving strangely" is perfectly normal.

When you start with the theory that hackers are involved, then you have an explanation for the all that's unexplainable. It's all consistent with the theory, thus proving it. This is called "confirmation bias". It's the same thing that props up conspiracy theories like UFOs: space aliens can do anything, thus, anything unexplainable is proof of space aliens. Alternate explanations, like skunkworks testing a new jet, never seem as plausible.

The investigators were hired to confirm bias. Their job wasn't to do an unbiased investigation of the phone, but instead, to find evidence confirming the suspicion that the Saudis hacked Bezos.

Remember the story started in February of 2019 when the National Inquirer tried to extort Jeff Bezos with sexts between him and his paramour Lauren Sanchez. Bezos immediately accused the Saudis of being involved. Even after it was revealed that the sexts came from Michael Sanchez, the paramour's brother, Bezos's team double-downed on their accusations the Saudi's hacked Bezos's phone.

The FTI report tells a story beginning with Saudi Crown Prince sending Bezos a message using WhatsApp containing a video. The story goes:
The downloader that delivered the 4.22MB video was encrypted, delaying or preventing further study of the code delivered along with the video. It should be noted that the encrypted WhatsApp file sent from MBS' account was slightly larger than the video itself.
This story is invalid. Such messages use end-to-end encryption, which means that while nobody in between can decrypt them (not even WhatsApp), anybody with possession of the ends can. That's how the technology is supposed to work. If Bezos loses/breaks his phone and needs to restore a backup onto a new phone, the backup needs to have the keys used to decrypt the WhatsApp messages.

Thus, the forensics image taken by the investigators had the necessary keys to decrypt the video -- the investigators simply didn't know about them. In a previous blogpost I explain these magical WhatsApp keys and where to find them so that anybody, even you at home, can forensics their own iPhone, retrieve these keys, and decrypt their own videos.

The above story implicates the encrypted file because it's slightly larger than than the unencrypted file. One possible explanation is that these extra bytes contain an exploit, virus, or malware.

However, there's a more accurate explanation: all encrypted WhatsApp videos will be larger than the unencrypted versions by between 10 and 25 bytes, for verification and padding. It's a standard way how encryption works.

This is a great demonstration of confirmation bias in action, how dragons breed on the edge of maps. When you expect the encrypted and unencrypted versions to be the same size, this anomaly is inexplicable and suggestive of hacker activity. When you know how the encryption works, how there's always an extra 10 to 25 bytes, then the idea is silly.

It's important to recognize how much the story hinges on this one fact. They have the unencrypted video and it's completely innocent. We have the technology to exonerate that video, and it's exonerated. Thus, if a hack occurred, it must be hidden behind the encryption. But when we unmask the encryption and find only the video we already have, then the entire report will break down. There will no longer be a link between any hack found on the phone and the Saudis.

But even if there isn't a link to the Saudis, there may still be evidence the phone was hacked. The story from the FTI forensics report continues:
We know from a comprehensive examination of forensics artifacts on Bezos' phone that within hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter. ... The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent.
I've performed the same sort of forensics on my phones and have found that there no such thing as some sort of normal "baseline" of traffic, as described in this Twitter thread. One reason is that users do unexpected things, like forward an email that has a large attachment, or visiting a website that causes unexpectedly high amounts of traffic. Another reason is that the traffic isn't stored in nice hourly or daily buckets as the above story implies. Instead, when you use the app for a months, you get just a single record of how much data the app has sent for months. For example, I see one day where the Uber app exfiltrated 56-megabytes of data from my phone, which seems an inexplicable anomaly. However, that's just the date the record is recorded, reflecting months of activity as Uber has run in the background on my phone.

I can't explain all the bizarre stuff I see on my phone. I only ever download podcasts, but the records show the app uploaded 150-megabytes. Even when running over months, this is excessive. But lack of explanation doesn't mean this is evidence of hacker activity trying to hide its traffic inside the podcast app. It just means something odd is going on, probably a bug or inefficient design, that a support engineer might want to know about in order to fix.

Conclusion

Further FTI investigation might find more evidence that actually shows a hack or Saudi guilt, but the current report should be considered debunked. It contains no evidence, only things it's twisted to create the impression of evidence.

Bezos's phone may have been hacked. The Saudis may be responsible. They certainly have the means, motive, and opportunity to do so. There's no evidence exonerating the Saudis as a whole.

But there is evidence that will either prove Saudi culpability or exonerate that one video, the video upon which the entire FTI report hinges. And we know that video will likely be exonerated simply because that's how technology works.

The entire story hinges on that one video. If debunked, the house of cards fall down, at least until new evidence is found.

The mainstream press has done a crapy job. It's a single-sourced story starting with "experts say". But it's not many experts, just the FTI team. And they aren't unbiased experts, but those hired specifically to prove Besos's accusation against the Saudis. Rather than healthy skepticism looking for other experts to dispute the story, the press has jumped in taking Bezos's side in the dispute.

I am an expert, and as I've shown in this blogpost (and linked posts with technical details), I can absolutely confirm the FTI report is complete bunk. It contains no evidence of a hack, just anomalies it pretends are evidence.
Read the whole story
tain
12 hours ago
reply
Share this story
Delete

How to decrypt WhatsApp end-to-end media files

1 Share
At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we'll either have a smoking gun proving the Saudi's guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.

The steps are simple:
  • backup the phone to your computer (macOS or Windows), using one of many freely available tools, such as Apple's own iTunes app
  • extract the database containing WhatsApp messages from that backup, using one of many freely available tools, or just hunt for the specific file yourself
  • grab the .enc file and decryption key from that database, using one of many freely available SQL tools
  • decrypt the video, using a tool I just created on GitHub

End-to-end encrypted downloader

The FTI report says that within hours of receiving a suspicious video that Bezos's iPhone began behaving strangely. The report says:
...analysis revealed that the suspect video had been delivered via an encrypted downloader host on WhatsApp’s media server. Due to WhatsApp’s end-to-end encryption, the contents of the downloader cannot be practically determined. 
The phrase "encrypted downloader" is not a technical term but something the investigators invented. It sounds like a term we use in malware/viruses, where a first stage downloads later stages using encryption. But that's not what happened here.

Instead, the file in question is simply the video itself, encrypted, with a few extra bytes due to encryption overhead (10 bytes of checksum at the start, up to 15 bytes of padding at the end).

Now let's talk about "end-to-end encryption". This only means that those in middle can't decrypt the file, not even WhatsApp's servers. But those on the ends can -- and that's what we have here, one of the ends. Bezos can upgrade his old iPhone X to a new iPhone XS by backing up the old phone and restoring onto the new phone and still decrypt the video. That means the decryption key is somewhere in the backup.

Specifically, the decryption key is in the file named 7c7fba66680ef796b916b067077cc246adacf01d in the backup, in the table named ZWAMDIAITEM, as the first protobuf field in the field named ZMEDIAKEY. These details are explained below.


WhatsApp end-to-end encryption of video

Let's discuss how videos are transmitted using text messages.

We'll start with SMS, the old messaging system built into the phone system that predates modern apps. It can only send short text messages of a few hundred bytes at a time. These messages are too small to hold a complete video many megabytes in size. They are sent through the phone system itself, not via the Internet.

When you send a video via SMS what happens is that the video is uploaded to the phone company's servers via HTTP. Then, a text message is sent with a URL link to the video. When the recipient gets the message, their phone downloads the video from the URL. The text messages going through the phone system just contain the URL, an Internet connection is used to transfer the video.

This happens transparently to the user. The user just sees the video and not the URL. They'll only notice a difference when using ancient 2G mobile phones that can get the SMS messages but which can't actually connect to the Internet.

A similar thing happens with WhatsApp, only with encryption added.

The sender first encrypts the video, with a randomly generated key, before uploading via HTTP to WhatsApp's servers. This means that WhatsApp can't decrypt the files on their servers.

The sender then sends a message containing the URL and the decryption key to the recipient. This message is encrypted end-to-end, so again, WhatsApp itself cannot decrypt the contents of the message.

The recipient downloads the video from WhatsApp's server, then decrypts it with the encryption key.

Here's an example. A friend sent me a video via WhatsApp:


All the messages are sent using end-to-end encryption for this session. As described above, the video itself is not sent as a message, only the URL and a key. These are:

mediakey = TKgNZsaEAvtTzNEgfDqd5UAdmnBNUcJtN7mxMKunAPw=

These are the real values from the above exchange. You can click on the URL and download the encrypted file to your own computer. The file is 22,161,850 bytes (22-megabytes) in size. You can then decrypt it using the above key, using the code shown below. I can't stress this enough: you can replicate everything I'm doing in this blogpost, to do the things the original forensics investigators hired by Bezos could not.


iPhone backups and file extraction

The forensics report in the Bezos story mentions lots of fancy, expensive tools available only to law enforcement, like Celebrite. However, none these appear necessary to produce their results. It appears you can get the same same results at home using freely available tools.

There are two ways of grabbing all the files from an iPhone. One way is just to do a standard backup of the phone, to iCloud or to a desktop/laptop computer. A better way is to jailbreak the phone and get a complete image of the internal drive. You can do this on an iPhone X (like Bezos's phone) using the 'checkm8' jailbreak. It's a little complicated, but well within the abilities of techies. A backup gets only the essential files needed to restoring the phone, but a jailbreak gets everything.

In this case, it appears the investigators only got a backup of the phone. For the purposes of decrypting WhatsApp files, it's enough. As mentioned above, the backup needs these keys in order to properly restore a phone.

You can do this using Apple's own iTunes program on Windows or macOS. This copies everything off the iPhone onto your computer. The intended purpose is so that if you break your phone, lose it, or upgrade to the latest model, you can easily restore from this backup. However, we are going to use this backup for forensics instead (we have no intention of restoring a phone from this backup).



So now that you've copied all the files to your computer, where are they, what are they, and what can you do with them?

Here's the location of the files. There's two different locations for Windows, depending upon whether you installed iTunes from Apple or Microsoft.
  • macOS: /Users/username/Library/Application Support/MobileSync/Backup
  • Windows: /Users/username/AppData/Roaming/Apple Computer/MobileSync/Backup
  • Windows: /Users/username/Apple/MobileSync/Backup
The backup for a phone is stored using the unique ID of the phone, the UDID:
Inside the backup directory, Apple doesn't use the original filenames on the phone. Instead, it stores them using the SHA1 hash of the original filename. The backup directory has 256 subdirectories named 00, 01, 02, .... ff corresponding to the first byte of the hash, each directory containing the corresponding files.

The file we are after is WhatsApp's ChatStorage.sqlite file, whose full pathname on the iPhone hashes to "7c7fba66680ef796b916b067077cc246adacf01d".

On macOS, the Backup directory is protected. You have to go into the Security and Privacy settings to give the Terminal app "Full Disk Access" permissions. Then, copy this file to some other directory (like ~) where other apps can get at it.

Note that in the screenshot above, I also gave "iPhone Backup Extractor" permissions. This program provides a GUI that gives files their original names (like "ChatStorage.sqlite") instead of hashes 7c7fba666... It also has a bunch of built-in logic for extracting things like photos and text messages.

The point of this section is to show that getting these files is simply a matter of copying off your phone and knowing which file to look for.


Working with WhatsApp chat log

In the previous section, I describe how to backup the iPhone, and then retrieve the file ChatStorage.sqlite from that backup. This file contains all your chat messages sent and received on your iPhone. In this section, I describe how to read that file.

This file is an SQL database in standard "sqlite" format. This is a popular open-source projects for embedding SQL databases within apps and it's used everywhere. This means that you can use hundreds of GUIs, command-line tools, and programming languages to read this file.

I use "sqlitebrowser", which runs as a GUI on Windows, macOS, and Linux. Below is a screenshot. As you can see, the filename is the file we copied in the step above, the hash of the original name. I then click on "Browse Data" and select the table ZWAMEDIAITEM. I see a list of those URLs in the column ZMEDIAURL, and the corresponding decryption keys in the column ZMEDIAKEY.


The media keys are "blobs" -- "binary large objects". If I click on one of those blobs I see the following as the mediakey:



This binary data is in a format called protobuf. The byte 0x0a means the first field is a variable length string. The next byte 0x20 means the string is 32-bytes long. The next 32-bytes is our encryption key, which I've highlighted. The next field (0x12 0x20) is a hash of the file. There are two more fields at the end, but I don't understand what they are.

So in hex, our encryption key is:

4ca80d66c68402fb53ccd1207c3a9de5401d9a704d51c26d37b9b130aba700fc

Or if encoded in BASE64;

TKgNZsaEAvtTzNEgfDqd5UAdmnBNUcJtN7mxMKunAPw=

We now have the mediaurl and mediakey mentioned above. All we need to do is download the file and decrypt it.


How to decrypt a WhatsApp media file

Now we come to the meat of this blogpost: given a URL and a key, how do we decrypt it? The answer is "unsurprising crypto". It's one of most important principles of cryptography that whatever you do should be something boring as normal, as is the case here. If the crypto is surprising and interesting, it's probably wrong.

Thus, the only question is which of the many standard ways did WhatsApp choose?

Firstly, they chose AES-256, which is the most popular choice for such things these days. It's key is 256-bits, or 32-bytes. AES is a "block cipher", which means it encrypts a block at a time. The block size is 16-bytes. When the final block of data is less than 16-bytes, it needs to be padded out to the full length.

But that's not complete. In modern times we've come to realize that simple encryption like this is not enough. A good demonstration of this is the famous "ECB penguin" [1] [2] [3]. If two 16-byte blocks in the input have the same cleartext data, they'll have the same encrypted data. This is bad, as it allows much to be deduced/reverse-engineered from the encrypted contents even if those contents can't be decrypted.

Therefore, WhatsApp needs not only an encryption algorithm but also a mode to solve this problem. They chose CBC or "cipher block chaining", which as the name implies, chains all the blocks together. This is also a common solution.

CBC mode solves the ECB penguin problem of two blocks encrypting the same way, but it still has the problem of two files encrypting the same way, when the first part of the files are the same. Everything up to the first difference will encrypt the same, after which they will be completely different.

This is fixed by adding what's called an initialization vector or nonce to the start of the file, some random data that's different for each file. This guarantees that even if you encrypt the same file twice with the same key, the encrypted data will still be completely different, unrelated. The IV/nonce is stripped out when the file is decrypted.

Finally, there is the problem with the encrypted file may be corrupted in transit -- accidentally or maliciously. You need to check this with a hash or message authentication code (aka MAC). In the case of WhatsApp, this will be in the first 10 bytes of the encrypted data, which we'll have to strip out at the end. This MAC is generated by using a different key than the AES key. In other words, we need two keys: one to encrypt the file, and a second to verify that the contents haven't been changed.

This explains why there was a 14 byte difference between the encrypted video and unencrypted video. The encrypted data needed 10 bytes for a MAC at the start, and 4 bytes for padding at the end.

The code

Here is the code that implements all the above stuff:


At the top of the file I've hard-coded the values for the mediaurl and mediakey to the ones I found above in my iPhone backup.

The mediakey is only 32-bytes, but we need more. We need 32-bytes for the AES-256 key, another 16-bytes for the initialization vector, and 32-bytes for the message authentication key.

This is common problem is solved by using a special pseudo-randomization function to expand a small amount of data into a larger amount of data, in this case from 32-bytes to 112-bytes. The standard WhatsApp chose is "HMAC Key Derivation Function". This is expressed in my code as the following, where I expand the key into the IV, cipherkey, and mackey.:

mediaKeyExpanded=HKDF(base64.b64decode(mediaK),112,salt)
iv=mediaKeyExpanded[:16]
cipherKey= mediaKeyExpanded[16:48]
macKey=mediaKeyExpanded[48:80]

Then, I download the file from the URL. I have to strip the first 10 bytes from the file, which is the message authentication code.

mediaData= urllib2.urlopen(mediaurl).read()
file= mediaData[:-10]
mac= mediaData[-10:]

Then using the cipherkey from the first step, I decrypt the file. I have to strip the padding at the end of the file.

decryptor = AES.new(cipherKey, AES.MODE_CBC, iv)
imgdata=AESUnpad(decryptor.decrypt(file))


To download and decrypt the video, simply run the program as such:
I'm not going to link to the video myself. If you want to know what it contains, you are going to have to run the program yourself.

Remember that this example is a video a friend sent to me, and not the original video sent by MBS to Bezos. But the same principle applies. Simply look in that file in the backup, extract the URL and mediakey, insert into this program, and you'll get that file decrypted.


Conclusion

The report from FTI doesn't find evidence. Instead, it finds the unknown. It can't decrypt the .enc file from WhatsApp. It therefore concludes that it must contains some sort of evil malware hidden on that that encryption -- encryption which they can't break.

But this is nonsense. They can easily decrypt the file, and prove conclusively whether it contains malware or exploits.

They are reluctant to do this because then their entire report would fall apart. Their conclusion is based upon Bezos's phone acting strange after receiving that video. If that video is decrypted and shown not to contain a hack of some sort, then the rest of the reasoning is invalid. Even if they find other evidence that Bezos's phone was hacked, there would no longer anything linking to the Saudis.


Read the whole story
tain
15 hours ago
reply
Share this story
Delete

An AI Epidemiologist Sent the First Warnings of the Wuhan Virus

1 Share
An anonymous reader shares a report: On January 9, the World Health Organization notified the public of a flu-like outbreak in China: a cluster of pneumonia cases had been reported in Wuhan, possibly from vendors' exposure to live animals at the Huanan Seafood Market. The US Centers for Disease Control and Prevention had gotten the word out a few days earlier, on January 6. But a Canadian health monitoring platform had beaten them both to the punch, sending word of the outbreak to its customers on December 31. BlueDot uses an AI-driven algorithm that scours foreign-language news reports, animal and plant disease networks, and official proclamations to give its clients advance warning to avoid danger zones like Wuhan. Speed matters during an outbreak, and tight-lipped Chinese officials do not have a good track record of sharing information about diseases, air pollution, or natural disasters. But public health officials at WHO and the CDC have to rely on these very same health officials for their own disease monitoring. So maybe an AI can get there faster. "We know that governments may not be relied upon to provide information in a timely fashion," says Kamran Khan, BlueDot's founder and CEO. "We can pick up news of possible outbreaks, little murmurs or forums or blogs of indications of some kind of unusual events going on." Khan says the algorithm doesn't use social media postings because that data is too messy. But he does have one trick up his sleeve: access to global airline ticketing data that can help predict where and when infected residents are headed next. It correctly predicted that the virus would jump from Wuhan to Bangkok, Seoul, Taipei, and Tokyo in the days following its initial appearance.

Read more of this story at Slashdot.

Read the whole story
tain
17 hours ago
reply
Share this story
Delete

Day Zero Ethics for Military AI

1 Share

Editor’s Note: This article was submitted in response to the call for ideas issued by the co-chairs of the National Security Commission on Artificial Intelligence, Eric Schmidt and Robert Work. It addresses the third question (parts b. and d.) which asks authors to consider the ethical dimensions of AI.   Examining the legal, moral, and ethical implications […]

The post Day Zero Ethics for Military AI appeared first on War on the Rocks.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Bitcoin Gold Hit By 51 Percent Attacks, $72,000 In Cryptocurrency Double-Spent

1 Share
Malicious cryptocurrency miners took control of Bitcoin Gold's blockchain recently to double-spend $72,000 worth of BTG. The Next Web reports: Bad actors assumed a majority of the network's processing power (hash rate) to re-organize the blockchain twice between Thursday and Friday last week: the first netted attackers 1,900 BTG ($19,000), and the second roughly 5,267 BTG ($53,000). Cryptocurrency developer James Lovejoy estimates the miners spent just $1,200 to perform each of the attacks, based on prices from hash rate marketplace NiceHash. This marks the second and third times Bitcoin Gold has suffered such incidents in two years. Any entity that controls more than 51 percent of a blockchain's hash rate can decide what version of the blockchain is accepted (or rejected) by the network. These scenarios also allow for "double-spending," attacks that initiate a transaction with intent to quickly reverse it by "re-organizing" the blockchain, so that they can spend their original cryptocurrency again. What results is a third party accepting the original transaction and the network returns the cryptocurrency spent to the attacker, essentially allowing their funds to be used twice -- hence the name "double-spending." With Bitcoin, a transaction is generally deemed legitimate once found six blocks deep in the blockchain. These particular 51-percent attackers performed re-organizations up to 16 blocks deep, seemingly in a bid to trick exchanges like Binance into paying out BTG destined to be double-spent.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete
Next Page of Stories