Your Tech Story

Roshni Ankola

I am a second-year student pursuing Liberal Arts from Nmims. I am a painter, I love reading and have a great interest in cooking. I am also a trained kickboxer. I've always had a passion for writing and hence in my free time, I work as a freelance writer.

Predator spyware

New Predator Spyware Lets Government Hackers Break Into Chrome And Android.

Google said Monday that a rogue private surveillance firm sold access to almost half a dozen major security loopholes in Chrome and Android to government-affiliated hackers last year. These governments then employed Cytrox’s “predator” spyware to complete their hacking campaigns. Because of New Predator Spyware, your Android phone and Chrome browser may be in danger of state-sponsored hacking.

Cytrox, a murky North Macedonian business, is accused of selling access to four zero-day system vulnerabilities in the Chrome browser and one in the Android operating system. Clients included government-linked “threat actors” from a variety of nations who utilized the exploits to execute hacking campaigns using Cytrox’s invasive spyware “Predator.”
In a blog post, Google‘s Threat Analysis Group (TAG) announced the news and mentioned that they think likely government-backed entities acquiring these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia, consistent with CitizenLab findings, Google noted.

Predator Spyware
Image source: tosshub.com

Cytrox exploited n-day vulnerabilities as well as zero-day weaknesses (vulnerabilities that have yet to be patched) (ones that have been already patched by Google). This frequently occurs when consumers do not regularly update their gadgets.
Surveillance organizations like Cytrox were responsible for a large portion of the zero-day vulnerabilities disclosed last year. Pegasus, anyone? Yes, the same instrument that governments around the world use to spy on journalists, public personalities, and members of opposition parties. It was created by the Israeli NSO Group and is said to have been used by the Indian government.

How the hacking took place:

One-time URLs that were shortened and delivered over email were used to target Android users. “Once the target clicked the link, the browser was transferred to an attacker-owned domain that delivered the attacks before redirecting to a legitimate website,” Google added.
The first case was discovered in August 2021 on an un-updated Samsung Galaxy S21. This was accomplished by exploiting existing Chrome flaws and opening URLs without the user’s knowledge. And this was only one of the campaigns.

In the world of hacking, what Cytrox has done is considered incredibly advanced and clever. It is a next-level cyber company to sells access to security weaknesses that require its own spyware to exploit. The zero-day exploits were employed alongside n-day vulnerabilities, according to Google, since the spyware’s makers took advantage of the time gap between when major defects were patched but not recognized as security issues and when these fixes were fully carried out across the Android ecosystem.
In other words, the monitoring firm granted spyware rights to individuals who had not fully updated their gadgets, giving them access to security weaknesses. Google had released updates, but users took their time to install them. Google said that their findings highlight the extent to which commercial surveillance vendors have proliferated capabilities that were previously only employed by governments with the technical expertise to design and operationalize exploits.

Google stated that its Android and Chrome teams were quick to respond to the vulnerabilities and repair them. Cytrox appears to be comparable to NSO Group, which produces and distributes Pegasus, arguably the most destructive cyber weapon, to various countries for espionage on targeted devices.
In recent years, hacking scandals involving the private spy business have sparked much debate. This is bad news for businesses that must protect items that are used by hundreds of millions of people. Cytrox is making things difficult for the security teams at Google, Apple, and Microsoft, and it doesn’t appear that they’ll be getting a break anytime soon.

United Microelectronics Corporation

United Microelectronics Corporation – Taiwan’s First Semiconductor Company.

United Microelectronics Corporation is a chipmaker based in Taiwan with around a $10 billion market capitalization. It sells CMOS wafers, memory chips, and high-voltage integrated circuits, among other things. UMC has offices in Taiwan, Japan, South Korea, China, Singapore, the United States, and Europe, with over 17,000 employees worldwide.

About United Microelectronics Corporation

The silicon foundry business was where United Microelectronics Corporation (UMC) established its niche. UMC is a leading silicon foundry, or contract semiconductor maker, trailing only archival Taiwan Semiconductor Manufacturing. Design, engineering, manufacturing, packing, sorting, and testing are among the company’s production services. It supplies complementary metal-oxide-semiconductor logic wafers, mixed-signal wafers, radiofrequency complementary metal-oxide-semiconductor wafers, embedded memory products, high voltage integrated circuits, and complementary metal-oxide-semiconductor image sensors through its semiconductor foundry. UMC has offices in Taiwan, Japan, Korea, China, Europe, the United States, and Singapore, and it continues to expand capacity and invest in sophisticated manufacturing technology. Taiwan is the company’s largest market, accounting for 33% of net sales. Singapore (24 percent), the United States (12 percent), and China are the other key markets (9 percent ).

United Microelectronics Corporation
Image source: www.taipeitimes.com

UMC is aggressively developing internationally. The corporation invested $48 million in a subsidiary of Fujitsu Semiconductor, which has a 12-inch wafer manufacturing facility in Japan. In Xiamen, UMC has formed a joint venture with the city government of Xiamen and the state-owned Fujian Electronics and Information Group to establish a semiconductor fabrication plant. Starting in 2015, UMC will invest $1.35 billion in the initiative over five years. In January 2015, the company bought a 33 percent share in Xiamen-based chipmaker United Semiconductor as part of the plan. Taiwan’s first semiconductor company, UMC, was formed in 1980. Since 2012, Yen Po-wen, who joined UMC in 1986, has served as CEO.

Manufacturing Diversification

With numerous modern 300mm fabs in operation, UMC is a foundry production leader. Since 2002, Fab 12A in Tainan, Taiwan, has been producing client products in volume and is currently producing 14 and 28nm products. Phases 1&2, 3&4, and 5&6 make up the multi-phase complex, which is essentially three independent fabs. The entire monthly production capacity of Fab 12A is currently above 87,000 wafers. Fab 12i, UMC’s second 300mm fab, is located in Pasir Ris Wafer Park in Singapore. With a monthly capacity of 50,000 wafers, this second-generation 300mm plant is also in volume production. United Semi, UMC’s third 300mm fab in Xiamen, China, began volume production in Q4 2016. When fully equipped, United Semi’s overall design capacity is 50,000 wafers per month. In October of this year, UMC bought USJC in Japan. This 300mm fab in Mie Prefecture has a monthly capacity of 33,000 wafers for logic and specialty processes down to 40nm. UMC provides reliable and diversified manufacturing with leading production efficiency, thanks to its seven 200mm fabs and one 150mm specialized fab.

John Hsuan and Robert Tsao

From 1979 to 1981, Mr. Tsao was appointed Vice Chairman of the Electronics Research & Service Organization (ERSO), where he played an important role. He was a driving force behind the establishment of the Industrial Technology Research Institute (ITRI), where he oversaw the development of Taiwan’s first integrated circuit manufacturing line, which later became the foundation for United Microelectronics Corporation (UMC), a semiconductor contract manufacturer that produced chips based on the designs of its customers.

John Hsuan, who is soft-spoken and aloof at times, has been a driving force behind UMC’s recent metamorphosis from a small Taiwanese chip producer to a major IC wafer foundry. UMC was one of the first foundries to implement a 0.25-micron process, is a pioneer in 0.18-micron technology, and aims to ship products with copper interconnects early next year. UMC is the world’s second-largest pure-play foundry, behind Taiwan Semiconductor Manufacturing Co. Ltd., with sales expected to increase from $1.3 billion in 1998 to $1.75 billion this year.

borderless data

The Era Of Borderless Data Is Coming To An End.

We generate digital data every time we write an email, tap an Instagram ad, or swipe our credit cards. At the speed of a click, information travels around the world, becoming a kind of borderless money that sustains the digital economy. The flow of bits and bytes, which was mostly unregulated, fuelled the emergence of transnational mega-corporations such as Google and Amazon and transformed global communications, business, entertainment, and media. The era of open borderless data is coming to an end.

France, Austria, South Africa, and more than 50 other countries are stepping up attempts to regulate the digital data generated by their citizens, government agencies, and businesses. Governments are progressively defining laws and norms on how data may and cannot flow around the world, driven by security and privacy concerns, as well as commercial interests and authoritarian and nationalistic impulses. The best goal is to achieve “digital sovereignty” with borderless data.

Consider the following:

  • The Biden administration in Washington is circulating an early draught of an executive order designed to prevent adversaries like China from obtaining American data.
  • Judges and lawmakers in the European Union are pressing for stronger internet privacy regulations and artificial intelligence restrictions to protect information generated within the 27-nation union.
  • Indian lawmakers are working on a plan that would limit the amount of data that may leave the country of over 1.4 billion people.

According to the Information Technology and Innovation Foundation, the number of laws, regulations, and government policies requiring digital information to be maintained in a given country more than quadrupled to 144 between 2017 and 2021.

While countries like China have long walled off their digital ecosystems, the imposition of more national regulations on information flows signals a significant shift in the democratic world and affects how the internet has operated since its commercialization in the 1990s.

The implications for company operations, privacy, and how law enforcement and intelligence organizations investigate crimes and carry out surveillance activities are enormous. Microsoft, Amazon, and Google have launched new services that allow businesses to retain records and information inside a certain geographic area. Data migration has also become a topic of geopolitical debate, with a new treaty for information exchange across the Atlantic reached in principle in March.

“Over the last decade, the amount of data has grown to the point where there is pressure to bring it under sovereign control,” said Federico Fabbrini, a professor of European law at Dublin City University who edited a book on the subject and argues that data is inherently more difficult to regulate than physical goods.

Source: indianexpress.com

The new limits are unlikely to take down popular websites for most users. However, depending on where they live, consumers may lose access to some services or features. To avoid being sued under rules limiting the use of biometric data, Meta, Facebook’s parent company, recently announced that it will temporarily stop delivering augmented reality filters in Texas and Illinois.

The fight over borderless data reflects deeper economic divisions around the world.

borderless data
Image source: www.deccanherald.com

Data localization: why and why not?

According to Eduardo Ustaran, a lawyer at Hogan Lovells, a law company that helps corporations comply with new data requirements, shifting attitudes regarding digital information are “linked to a wider trend toward economic nationalism.”

The core concept of “digital sovereignty” is that digital waste generated by a person, business, or government should be stored in the country where it was generated, or at the very least treated in line with government-set privacy and other regulations. Some authorities prefer that information be held by a local company in circumstances where it is more sensitive. the world economy

That’s a significant change from today. The majority of files were formerly saved locally on home computers and corporate mainframes. However, as internet speeds and telecommunications infrastructure improved over the last two decades, cloud computing services enabled someone in Germany to save images on a Google server in California, or an Italian company to host a website using Amazon Web Services in Seattle.

JCP prescription for Data Bill explained:

After national security contractor Edward Snowden disclosed dozens of documents detailing widespread US surveillance of digital communications in 2013, it became a watershed moment

Concerns grew in Europe that relying on American companies like Facebook made Europeans vulnerable to surveillance by the US. This resulted in protracted legal battles over online privacy and trans-Atlantic talks to protect communications and other data sent to American companies.

The aftershocks continue to be felt. While the US promotes a free, unrestricted approach that allows data to flow freely across democratic nations, China, along with Russia and others, has walled off the internet and kept data within reach in order to monitor populations and stifle dissent. Europe is creating a new route, with carefully regulated markets and data privacy legislation.

Why is the Personal Data Protection Bill harmful for businesses?

The tech industry has raised concerns as new laws have been implemented. The online economy, according to groups representing Amazon, Apple, Google, Microsoft, and Meta, is fuelled by the free flow of data. They claimed that if tech businesses were to keep everything locally, they wouldn’t be able to offer the same products and services all over the world. Nonetheless, countries took action. Customers of Google’s internet measuring software, Google Analytics, which is used by many websites to collect audience statistics, were cautioned this year not to use it because it could expose Europeans’ borderless data to American eavesdropping in France and Austria.

After receiving criticism for giving the contract to an American company, the French government canceled a partnership with Microsoft to handle health-related data last year. Instead, officials promised to work with local businesses. Businesses have adapted. Microsoft said it was taking steps to make it easier for customers to preserve data inside specific geographic areas.

Customers can choose where their borderless data is housed in Europe, according to Amazon Web Services, the largest cloud computing service.

In the past year, Google Cloud has negotiated agreements with local tech and telecom companies in France, Spain, and Germany, ensuring that customers’ data is protected by a local company while using Google’s services. Ksenia Duxfield-Karyakina, who manages Google Cloud’s public policy efforts in Europe, stated, “We want to meet them where they are.”

According to Liam Maxwell, director of government transformation at Amazon Web Services, the company would adjust to European rules, but clients should be free to acquire cloud computing services based on their needs, not where the technology provider is from.

More fights over digital information loom, according to Max Schrems, an Austrian privacy activist who won litigation against Facebook over its data-sharing policies. He anticipated that the European Court of Justice would strike down the US-EU data arrangement proposed by Biden because it does not meet EU privacy rules.

“There was a time when data was completely unregulated, and people could do whatever they wanted,” Schrems explained. “Now we see that everyone is trying to govern it, but in various ways.” This is a global problem.”

Source: indianexpress.com