NOKIA 7 PLUS PHONES SENT PERSONAL INFORMATION TO China.Nokia 7 plus phones have been hidden sending personal information to China. Finland has started an investigation after
NRK’s ​​disclosure.
As per NRK’s reports, The end user’s phone number, GPS location, mobile phone IMEI number has sent to the Chinese server. Every time when Nokia 7 plus devices were powered on or Unlocked the information sent to the server. Moreover, the data packages were in an unencrypted format that is more horrify.
NRK investigated and found the server domain vnet.cn. Vnet.cn domain is own by China Internet Network Information Center( China Telecom).
Likely, that this is an application intended for the Chinese market but which has been accidentally distributed to Nokia 7 Plus phones outside China’s borders. HMD Global refused to make comment to NRK on the matter.
Further more, uncovered code on Github by non-other than Qualcomm.
The only other clue comes courtesy of security researcher Dirk Wetter, who claims the offending APK package sending this data to China is named “com.qualcomm.qti.autoregistration.apk.” He had also investigated the network traffic to his Nokia 7 Plus, and saw the same remarkable packages.

All people in East Africa who use mobile phones are at a risk of falling prey to cyber criminals

C

Throughout my writings and research reports  i have presented to various blogs, websites,and as an experienced cyber security and threat intelligence analyst.I have for long time been warning all of you in East Africa of being subjective and prone to attacks from cyber criminals.I remember telling you of the behavior that show a phone or an technology equipment has been taken over by a malicious spy ware or any exterior intrusion. Some of the characters include fast draining of the battery,unfamiliar sounds in background when calling,slowness and unexpected shutdowns of internet browser and search engines.... etc.
Recently you had that president Uhuru Kenyatta's social media accounts were being intruded by unknown and anauthorised people!!!! How did it happen for a whole president with all availed technocrats. Its ridiculous however we as technologists know that it is possible. I have talked of many issues which President Uhuru Kenyatta's technocrats can put in mind,i know some of these presidents talk to fellow presidents even over the phones and social media and remember that some of your fellows are naturally "un ethical spies"... Try to read through articles on acidicsecurity.blogspot.com .
They are some features that can show that your phone haa been taken over by intrusions, these are:
You will see some unfamiliar apps installed on your phone without your knowledge. These apps include:
Load control:if this is installed on your phone,it means the one who haa remotedly installed it has a load control reciever and is able to recieve and record control data from activities taking place within and on your phone including date,time and gps coordinates.
Settings app:This is meant to provide an opening in the systems of your phone and set alternative settings on your phone that remotely replaces the activities of the original " settings " app on your phone.This rogue settings app has ability to monitor the victims phone,able to stealthily and quickly make glances over whats taki g place on the phone since it also enables PEEKING. it has permission to access to phonebook,camera,..etc as you Will see in the picture
Meter mark:This is a very dangerous app,basically and specifically is meant to take over the gps services on the phone. And because its able to have permission of access to phone storage,it downloads gps data of the phone when it is online and stores it so that it can use it when the phone is offline.it has the ability to import key hole markup language files to enable it display geographical data in all earth browsers like google earth.
Please,if you are a diplomat or a national figure who like making calls to  phone numbers in a highly suspicious country, always reset your phone before you use it for other national duties
You will alao see your phone assigned queer accounts you didn't request  e.gDongnao,others am not going yo reveal because am still making research on them
Some of these rogue apps can not be easily seen for many are remotely installed in the phones chip partitions.
For God And My Country

As you can see from the picture, 70% of these apps activities take place in the background and since such an app has permission to the storage, camera,phone,sms,......etc.. Then i think president Uhuru Kenyatta must not get shock as yo why,how and who infiltrate in his social media accounts.For example,if it has accessibly to cameras it can remotely take screen shots of taps one makes on the keyboard thus enabling him yo take or know our passwords.2.if it can take over the messaging syatem the A2F authentication is rendered a useless..........,since it also read contacts,it thus knows who we talk to most often!!!! I know you all are reading this and most of you as you always brand me  a Museveni spy,but lets put that aside ...and make sure you take a keen interest in the security of your data over uour phone

I have been investigating this online fraud by the one who claims is a brian white foundation ti help people...... Thisbis fraud,deal with him at your own peril

Him and otherbmanyfraudulent people who think can use social.Media to con people should stop

There are other characters who want to blackmail the gorvenment,important personalities should also stop...

We all have the right to expression but we shouldbuse it not to harm others

DRC president is in Rwanda again

Felix the burning issue is"" those numbers are owned by fraudsters"....i recieved their msgs in 2017,2018,....a friend of mine received theiFelix tsiskedi lands in Rwanda again for a meeting

SU-57 is the deadliest multirole air fighter

The Swedish jet has no outstanding characteristics in comparison to the fifth-generation Su-57’s, but reportedly has top of the line electronic warfare (EW) equipment and software, making it difficult for enemy jets to track it.
Commander of Sweden's Air Force, Mats Helgesson, stated that the country's recently developed Saab JAS 39 Gripen E jets were "designed to kill Sukhois" — Russia's top air superiority fighters, Finnish national broadcaster Yle reported. In a bid to further stress the Gripen E's effectiveness, Helgesson concluded that the aircraft have a "black belt" in fighting Russian jets.

Justin Bronk, an aerial-combat expert at the Royal United Services Institute, cited by Business Insider, said that the JAS 39 Gripen series is known for its outstanding EW capabilities, which are upgraded every two years.
"Several years ago the Gripen pilots got tired of being made fun of by German Typhoon pilots and came to play with their wartime electronic warfare and gave them a hell of a hard time", he said.
At the same time, Bronk noted that a pilot never knows in advance whether EW will woATCH Never-Before-Seen Footage of Testing of Su-57 Jet's Stealth Capabilities
Although it's unclear how powerful the EW components of the JAS 39 Gripen E are in comparison to those of the Su-57, as the two have never competed in the air, the Russian fighter jet is capable of carrying a far greater payload (10,000 kg, in comparison to 5,300kg for its Swedish counterpart) and reaching higher speeds (2.45 Mach in comparison to 2 Mach by the Gripen E). Additionally, Russian Sukhoi jets are known for their manoeuvrability in dogfights and ability to perform stunning feats in the air.

Who has been intruding in president Kenyatta's social media accounts

Like i have been alerting you for long,our socail media accounts are not secure!!! I have always told you that 2FA (two factor authentication) cannot help you.i proved this on gmail,yahoo,facebook,instagram..The process of sending us security codes as proof of our security is just bogus. Alot of social media accounts here in africa are prone to ss7 exploits and other state sponsored intruders.i remember telling via my facebook account around mid this month how a certain country had managed to sneak into accounts of its citzens whom it thought were ill talking about its situation.i had proved that after a mishap in Facebook's usual way of working.
On gmail,there are certaim spam messages telling you of bank accounts loaded with money or scholarships where you are convinced to tap on the links with faces of beautiful ladies.This is a dangerous link do not dare try it.
Sometimes when you are logged into your account,you see changes in the font size of your page yet you did not invoke such changes,this means your account is logged to in or on adifferrent device or application on a different device with different settings.
Recently the social media accounts ofof the president od kenya was recently intruded by unknown people.This led to the closing down of his accounts

How to set up two step verification on your social media account

One of the most remarkable developments in the consumer technology industry in the past two decades is the emergence of social media networks. Social media has revolutionized the sort of social connections and interactions we have offline. Additionally, it has enhanced how we communicate and stay informed.

Nowadays, billions of people around the world use one or several of the existing social networking platforms daily to communicate with family, friends, and colleagues. Also, many of us use some of our social media accounts to stay abreast with events and current affairs happening around us and in the lives of those we are connected with on the networks. Although it has its demerits, social media has indubitably brought great benefits to us.

With all the attractions of social networks, it’s easy to get immersed in your online engagement and forget an essential aspect of your digital life — security. However, the risk of account breach (unauthorized access) by bad actors with nefarious intent is real. In fact, every year, thousands of accounts are compromised. Affected users may have their personal details and identities stolen and sold to other bad actors who likely use them for criminal aims.

Two-Step Verification

Such account breaches necessitate the need for the companies behind the platforms to improve their security practices and safety features. One such security feature that is increasingly adopted is the two-step verification. Sometimes known as two-factor authentication (2FA), this account security feature requires any person attempting to gain access to an account to provide additional proof of authenticity — showing that they are allowed to access the account. That second step usually requires the person to enter a code sent to the account owner’s phone or answer a security question pre-defined and answered by the account owner. Only when the right code or answer is entered will the account be successfully accessed. In essence, this two-step verification provides an additional layer of account security.

The practical implication of this feature is that when someone attempts to login from a device not recognized as yours, you will get an alert on your mobile phone or email address about attempted login. Usually, the IP address and location of the unrecognized device will be included.

This two-step verification is significant because in the past before smartphones became popular, internet users only needed their username or email address and password to log into their accounts online. Increase in both password theft and sophistication of hackers became a real and growing concern. Furthermore, using,specially designed bots, hackers could break into potentially vulnerable accounts using stolen account credentials. 

Fortunately, nowadays on many web and mobile applications, users have the option to set up the two-step verification process for their accounts. In other cases, the process is compulsory.

Below we look at how this important security feature is implemented across some big social media platforms.

Facebook

As the most broadly used social networking platform, Facebook’s implementation of the two-step verification feature is unconditionally expected. Thankfully, Facebook users are allowed the freedom to turn on the account security feature using two second-step authentication methods namely:

• SMS codes sent as text messages to your smartphone.
• Access codes from a third party authentication app (e.g., Google Authenticator)

To activate the feature, you have to take the following steps:

1. When logged in, go to your Settings and select the Security and Login option.
2. Go down to the Use two-factor authentication option then click Edit.
3. Select the authentication method of your choice and then follow the instructions that appear on your screen.
4. Once you have turned on the chosen authentication method, click Enable.

Once that it successfully set up, when trying to log in from an unrecognized device, you will have the options to

1. Consent to login attempts from recognized devices.
2. You can also use recovery codes for situations when you don’t have your phone.
3. Tap your security key on another device. The security key can be added when setting up the two-step authentication process.

Instagram

Similar to its parent company Facebook, Instagram allows its users the option of setting up the two-step authentication process. The procedure requires either of the same two authentication methods as Facebook.

When the preferred method is SMS codes sent via mobile text message, the following steps have to be taken to activate the feature.

1. Go to your profile page and tap the menu icon in the top right-hand corner.
2. Select the Settings option from the list.
3. From the list that appears, selectPrivacy and Security.
4. Choose Two-Factor Authentication.
5. Tap on the switch icon next to Text Message.
6. If you don’t have a phone number confirmed and associated with your account, you’ll be prompted to provide it.
7. After entering the number, tap the next icon to complete the setup.

Alternatively, if your preferred authentication method is an authentication app, you’ll need to follow the steps below.

1. Go to your profile page and tap the menu icon on the top right corner.
2. Select the Settings option from the list.
3. From the list that appears, selectPrivacy and Security.
4. Choose Two-Factor Authentication.
5. Tap the Get Started button if you haven’t previously turned on the two-step authentication feature.
6. Tap on the switch icon next to Authentication App and follow the on-screen instructions.
7. To complete the process, enter the code you received from the authentication app.

Twitter

Twitter also allows its users to set up the two-step verification security feature. In order to set up what the company calls login verification, a user must have a confirmed email address and a telephone number confirmed and connected to the account. These requirements will help whenever account recovery becomes necessary. Twitter also offers two authentication methods – SMS code via text message and authentication code generated from a third party authentication app.

The following are the steps you have to take to set up your Twitter login verification via SMS.

1. From the top menu, choose the Profileicon and select Settings and Privacy.
2. Click on Account settings and then Set up login verification.
3. After reading the guiding instructions, click Start. 
4. Input your password and click Verify.
5. Tap or click Send code.
6. Enter the verification code you received on your device before you click Submit.
7. You should click Get Backup Code. Doing so will generate a code for future use in situations where you are without your valid phone number for whatever reason. It is advised you safely store the code. For example, you can take a screenshot of it and save it to your cloud storage application.

After successfully setting up the process, each time you attempt to login to Twitter, you’ll be prompted to enter a six-digit code sent to your confirmed phone number. You can learn how to use the authentication code method here.

WhatsApp

If you’re one of the more than 1 billion active WhatsApp users, you have the option to enable the double verification feature. When successfully activated, you’ll be required to provide a six-digit PIN each time you try to verify your phone number. The PIN is generated through the process of enabling two-step verification.

To turn on two-step verification on WhatsApp, you’ll have to:

1. Go to Settings.
2. Select Account.
3. Select Two-step verification.
4. Tap Enable.

You can also add your email address upon activating this feature. The email address will be an alternative for you to receive a link should you forget your PIN. Using the link, you’ll be able to disable two-step authentication. The company strongly advises users to be careful enough to give the correct email address since they do not verify the provided address. Similarly, if you never requested to confirm your phone number but received a link from WhatsApp, you’re advised to ignore it as someone else may be trying to do without your knowledge or permission.

LinkedIn

In order to be able to set up the two-step verification on LinkedIn, the user is required to have a phone number confirmed and associated with their account.

To activate the extra account security feature, you should take the following steps:

1. Click on the Profile icon with the label Me at the right area of the top menu bar.
2. From the drop-down menu, choose Settings & Privacy.
3. Under the Account section, select Login and Security.
4. In the new page that opens, select the Account tab (the first tab before Privacy).
5. Click Turn On on the right end of the Two-step verification to activate the feature. If you have not connected a phone number, you’ll have to click Change and then Add a phone number.
6. Input the verification code sent your connected phone number into the box and click Verify.

Snapchat

Snapchat offers the two standard authentication methods earlier mentioned. The following are the steps you have to take to turn on the feature.

1. When on the main Camera home screen, tap on the Profile icon located on the top left corner.
2. Tap the Settings icon shown as a cogwheel.
3. Select Two-Factor Authentication:
4. Follow the subsequent instructions that are provided on your screen.

The company also advises users who activate this feature to generate a Recovery Code and save it in a safe location. It will be helpful in scenarios where the phone is missing, or phone number is changed, or when the phone is restored to original settings.

Lastly, if you’ve never really used the two-factor authentication feature on your social media accounts, now is the time to do so. Use what you’ve learned here to protect your diappfrom  access by people who may be bent on doing you harm online. As a matter of fact, you’d be well advised to apply this vital safety feature across your other online accounts that hold valuable information (e.g., online banking application, financial trading or investing platfapplicationsthcare, and pharmaceutical applicatio

Turkey blames Saturday bombs by the alshabab in somalia

Close to 20 people among them a deputy minister were killed in multiple bombing attacks in Mogadishu and its environs.

Al-Shabaab militants drove into the Ministry of Labour office block leaving in its wake at least ten dead and ten others injured. Deputy Labour Minister Saqar Ibrahim Abdalla was among those killed in the 11 am bombing.

According to some tabloids,police sources said that about ten bodies had been retrieved from the building which also houses the ministry of public works in Shangani area.

Ambulance service Aaamin Ambulance said it had ferried ten injured people to various city hospitals.


The entrance to the Ministry of Labour building damaged when an explosives laded vehicle rammed into it.
An explosives loaded vehicle rammed into the building followed by heavy gunfire as security forces engaged the militants in gunfire. Three explosions went off within a span of 15 minutes.

Police said all the militants had been killed.
 three other bombings hit various parts of the city today killing a total of 9 people and injuring five. Separate blasts hit  Ex-Control Afgooye area killing 7 people while in Warshadaha street in Daynile district two people were killed in a blast.

The fourth blast hit Hawlwadaq district but there were no casualties reported.

Turkey has today condemned the terror attacks on Saturday in the Somalia capital Mogadishu that killed almost to 20 people including a deputy minister and wounded eleven others.

The Turkish Foreign Ministry said in a statement: “We strongly condemn the terrorist attacks perpetrated against the Ministry of Labor and Social Affairs and the Ministry of Public Works in Mogadishu.”

“We wish Allah’s mercy upon those who lost their lives, a speedy recovery to the wounded and convey our condolences to the friendly and brotherly Government and people of Somalia,” the statement read.

Somali-based al-Qaeda affiliated terrorist group Al-Shabaab has claimed the responsibility of the attacks.

Android Q developer beta may be launched today

Android Q , the next version of the mobile operating system, could be launching its developer preview later today, thanks to speculation over a date filter in Google’s bug tracker.
A template explaining how to file bug reports for Android Q Beta was spotted by XDA Developers Editor-in-Chief Mishaal Rahman.
The sample (which reportedly could be found here but has since been removed) seemed to be directed at OEMs, and advises reporters to check if the issue has already been filed by clicking a link ( https://goo.gl/qL5TjA , still working as of publication) leading to a repository – which only lists bug tickets created on or after March 11, 2019.
Apple invites went out for its March 25 event, where it might announce a streaming service
Samsung: use the fingerprint scanner , not facial unlocking, for more security
"I took selfies with the Huawei Mate X foldable and it's a game-changer"
Expanding beta
This comes hot on the heels of another
revelation that Google will add more phone companies to the Android Q beta, as Iliyan Malchev from Google's Project Treble team said on the Android Developers Backstage podcast.
Adding more phonemakers to the early testing process could help get their devices on newer versions of Android more rapidly. Project Treble itself is dedicated to making it easier for manufacturers to push the latest version of Android to their devices, so this seems like one move in the holistic effort to get the mobile OS’ ecosystem up-to-date more rapidly and in greater numbers.
What will come in Android Q is still a mystery, but an early dev build acquired by XDA Developers suggests a system-wide dark more, more refined permissions and Face ID-style logins could be coming with the next OS version.

Researchers at Kaspersky Lab have uncovered a new strain of malware spreading via The Pirate Bay torrent tracker site.
Named after the classic Russian doll , PirateMatryoshka aims to infect users ’ computers with adware and tools that spreads further malware onto the device . It carries a Trojan -downloader disguised as a hacked version of legitimate software used in everyday PC activity.
Torrent services are a popular target for cybercriminals looking to distribute malicious code, not least because users in search of illegal content often disconnect their online security solutions or ignore system notifications in order to install the downloaded content .
PirateMatryoshka is spread using established seeders with no known history of malicious activity. The latter makes for an effective distribution process , because due to the good reputation of the seeder , potential victims have no reason to doubt that the file to be downloaded is safe .
Once the installer is run it shows the victim a copy of The Pirate Bay page that is in fact a phishing page , asking them to enter their credentials to continue the installation . Later this malware uses these credentials to create new seeders distributing more copies of PirateMatryoshka . Kaspersky’ s research shows that so far , the phishing link has been accessed around 10 , 000 times .
Even if user credentials aren ’t entered the infection still proceeds . The malware unpacks further malicious modules including a malicious clicker that , among other things can check the ‘ agree ’ box that triggers the adware installer , flooding a victim ’s device with unsolicited software . About 70 percent of installed programs are adware such as pBot, and 10 percent are detected as malware that can bring other malware onto the PC , such as another Trojan downloader .
“Multi-layered malware is a very common occurrence , and we have found many cases of malicious installers who are installing more than one program on a person ’s device ,” says David Emm , principal security researcher at Kaspersky Lab UK . “ When it comes to PirateMatryoshka , however , this process is much more sophisticated. The malware that reaches a victim ’s computer can then introduce additional installers, which in turn spreads even more malware . This is a very advanced type of malware , considering it is an un -targeted, mass attack that carries a phishing component for wider onward distribution . ”

The Gmail Smart Compose feature is a nifty time-saving service that uses AI and machine learning to suggest words and sentences while you compose emails. Those that use it find it to be fairly accurate and legitimately helpful.
However, those that have been using it have been Google Pixel 3 owners, as Smart Compose has only been available on that device. Not anymore, though!
Starting now, Smart Compose is rolling out to everyone, regardless of your smartphone’s make or model. Simply fire up the Gmail app and, assuming you’re on the latest version, you should see the following pop-up:

For reference, that appeared on my phone
Now, when you are typing an email, you should see suggestions here and there that will help you autocomplete your sentence
If for some reason you don’t want this feature, that’s OK: Google allows you to turn Smart Compose off. Just open Gmail, open the flyout menu, scroll down to Settings, choose the appropriate account, and then uncheck “Smart Compose.” Repeat these steps for any other accounts in your app.
If for some reason you don’t see Smart Compose in your Gmail app yet, you can always sideload the latest version from APKMirror. However, it shouldn’t be too long of a wait if you want to tough it out.

TWRP for Samsung s9 and s9+ is now officially available

Many of Samsung's phones, including its flagship Galaxy S and Note series, ship with different processors depending on where they are sold. Some models have the company's own Exynos chips, while others have Snapdragon processors. Almost one year after the phone's release , the TWRP custom recovery now has official builds for the Snapdragon Galaxy S9/S9+.
The recovery image is specifically for the SM-G9600 (S9) and SM-G9650 (S9+) models, which are sold in Hong Kong and Latin America. Those of you with a United States S9 are still out of luck, since Samsung doesn't allow bootloaders on those phones to be unlocked.
Recovery images for the Galaxy S9 ( starqltechn ) and S9+ ( star2qltechn ) are available from TWRP's website

Kagame’s insanity: Rwanda asks Museveni to kick out top tycoon.
By: sadabkk@observer.ug
There are many reasons argued publicly and privately by officials on both sides of the conflict for the current border standoff between Rwanda and Uganda, but government insiders have nailed it down to one: Kampala’s outright refusal to turn against a very prominent Rwandan businessman hugely invested in this country.
Two weeks before Rwanda closed its borders with Uganda on Wednesday last week, the Rwandan high commissioner to Kampala met President Museveni and communicated several requests for action against particular dissidents.
A well-placed government of Uganda source has told The Observer that Maj Gen Frank Mugambage reportedly arrived with, among others, a request that Uganda should close businesses owned by Tribert Rujugiro Ayabatwa, a very wealthy Rwandan national running a string of enterprises in Uganda. The Rwandan government believes Rujugiro is pumping money into subversive activities being carried out on Ugandan soil against Kigali.
Rujugiro is the man behind the Meridian Tobacco Company, a $20 million (Shs 72 billion) operation which opened in the West Nile town of Arua last year. The Arua plant is a subsidiary of Pan-African Tobacco group, the manufacturers of Supermatch cigarettes.
But with Kampala not responding positively to the message delivered by Mugambage, tensions quickly mounted between the two countries. By Monday evening, Rwandan troops were seen deploying along hilltops near the common border. Days earlier, their Foreign Affairs minister Richard Sezibera accused Uganda of torturing and harassing Rwandan nationals here, while at the same time harbouring subversive elements plotting to topple the government in Kigali.
Security sources tell The Observer that Rujugiro switched some of his investments to Uganda in 2013 after he fell out with Rwanda president Paul Kagame. A former close associate, Rujugiro was part of the 12-man presidential advisory council Kagame named in 2009, headed by former British prime minister Tony Blair. The government source said that Museveni demanded for proof from Mugambage that this businessman was indeed fanning activities designed to destabilise Rwanda.
“The president of course asked for credible evidence to prove their claim because we can’t simply close his businesses without a basis,” the source said.
“The president also asked Mugambage what assurance [Rwanda] had that if we close his [Rujugiro’s] businesses, he will not find another channel [of funding the alleged activities] because he is an international businessman.”
Concerned about the 352 direct jobs which Rujugiro has created in Arua, and the 15,000 smallholder farmers plus another 1,600 occasional workers such as transporters doing business with Meridian, Museveni reportedly declined to grant Rwanda’s request. Instead, he reportedly told Mugambage that he needed time to engage Rujugiro.
Museveni is also understood to have said that he would either advise Rujugiro to find a buyer of his choice to take over the tobacco factory, or ask him to relocate the plant to another country. Kigali believes that a retired senior Ugandan military officer (names withheld), with very close links to a high office, holds a 15 per cent stake in the Arua tobacco factory.
The other request Mugambage is said to have brought to the meeting was for Museveni to get an unnamed cattle keeper with a ranch in Bukomero, Kiboga district sent back to Rwanda. The said ranch is said to be stocked with over 1,000 head of cattle.
“If you participated in the NRA liberation war, and you know how cattle keepers and other peasants aided the war, you are right to lose sleep over such a rancher,” the security source said.
Also on Mugambage’s shopping list was a request that the owner of a bus company which plies the Dar-es-Salaam – Nairobi – Kampala – Kigali route be repatriated. Interviewed on Monday, government spokesman Ofwono Opondo declined to speak about the Rujugiro case.
“We don’t discuss particular individual cases, but Rwanda has been engaging the ministry of Foreign Affairs and security agencies with a list of low and high-profile people, some of whom came here as refugees, whom they say are involved in subversive activities,” Opondo said.
But given its adherence to UN protocols on refugees, Opondo said, Uganda has always worked with the UN to facilitate their relocation to other countries such as Canada. Rujugiro himself relocated from South Africa to Canada.
THE FALLOUT
Rujugiro first spoke about his fall-out with Kagame on November 20, 2013 on the Straight Talk Africa show hosted by Voice of America’s Shaka Ssali. According to The News of Rwanda, a Kigali-based publication, Rujugiro’s point of departure with Kagame came after his arrest in London following an arrest warrant issued by the South African prosecution office over alleged tax evasion.
The tycoon allegedly expected Kigali to intervene on his behalf. But when no help came through, he turned against Kagame, linked up with Rwanda Defence Forces (RDF) deserters like Lt Gen Kayumba Nyamwasa and the late Patrick Karegeya to form the Rwanda National Congress (RNC). The RNC is one of the groups Kigali says is involved in clandestine activities against it from Uganda.
That same year, the Rwandan government confiscated Rujugiro’s properties as accusations of trying to topple Kagame’s government and tax evasion increased against him. Two years ago, in September 2017, the Rwandan government through Rwanda Revenue Authority, auctioned Rujugiro’s prestigious shopping mall in Kigali. Kigali Investment Company bought the mall at $8 million, $12 million lower than the amount Rujugiro claims to have spent constructing the building.
BUSINESS CHAIN
According to an article published on January 1, 2019, by Forbes Magazine, an American business magazine, Rujugiro owns Africa’s biggest tobacco company that has footprints in Burundi, Democratic Republic of Congo, South Africa, Tanzania, Nigeria, South Sudan and the United Arab Emirates.
The magazine describes him as Africa’s largest indigenous producer of cigarettes and other tobacco products, and puts his annual revenue at more than $200 million, with more than 7,000 employees.
Voice of America in 2013 also reported that besides cigarettes, Rujugiro is into tea processing, manufacture of plastic shoes and cement with factories in ten African countries. The radio also said he is trading in 27 African countries and the Middle East.
Rujugiro’s business dealings can be traced to as far back as 1978 in Burundi where he lived as a refugee.
sadabkk@observer.ug

Arrested for selling a gun

The Chieftaincy of Military Intelligence is holding an armour man at Kampala Central Police station for selling police guns.
Sgt Hannington Mugungira is being detained at CMI manned Special Investigations Division in Kireka after police guns went missing in February this year.
It is reported that during the audit, guns we discovered missing and further probe discovered that Mugungira had sold two pistols.
A source at Kampala CPS told one tabloid, that the suspect admitted that he sold the pistols which further led CMI operatives to the arrest of a one Akampulira from Maestro Security Company who is the buyer of the said guns.
Luke Owoyesigire the Kampala Metropolitan deputy police spokesperson when contacted for a comment said the matter was being handled by CID headquarters in Kibuli.
Owoyesigire referred this online newspaper to SP Vicente Sekate the CID spokesperson for more details but could not be reached by the time of press.
Six Police officers were in 2017 arrested at Kampala Central Police station (CPS) over a break-in at the station’s armory.
The police officers are said to have been guarding the station when unknown thugs raided the station and took off with two AK47 guns and 60 bullets.
The stolen guns and bullets were later recovered in Iganga district.
Details indicated that the guns had been hired out to criminals.
It is alleged that some policemen connived with the officer in charge of the armory to secure the guns and hire them out to criminals at unknown amount. The criminals were expected to return the guns after their mission.
However, the guns were discovered missing on a Sunday when some officers on duty were supposed to use them. Upon realizing that they were about to busted, the implicated officers tried to break the armory lock to make it look like a break-in but it was too late.

Are you safe with your huawei phone?

Cyber-espionage has been going on for years. In one famous example in 2012, it emerged that China had hacked UK defense firm BAE Systems to steal data about a $264 billion F-35 Joint Strike Fighter (JSF) jet. And it wasn’t the first time the country had been accused of stealing military jet plans.
But recently, the focus has moved to Chinese companies, particularly those that manufacture network equipment as 5G services start to roll out. So, why is all the focus on Huawei, and how secure is it to use its products and services?
Founded in Shenzhen, Guangdong, in 1987 by Ren Zhengfei, a former People's Liberation Army officer, the firm is owned by 80,000 of its 180,000 employees. Like its rivals Nokia and Ericsson, Huawei has manufactured mobile network equipment for years.
During the last decade or so it has stormed into the consumer market as a smartphone manufacturer and now owns 16% of the market. At Mobile World Congress (MWC) this week, it became the latest to announce a folding smartphone with the launch of the Mate X.
The story so far
There is growing concern about Huawei from governments around the world. So much so, that many have blocked telecoms companies from using Huawei gear in next-generation 5G mobile networks.
So far, the US and Australia have banned Huawei from providing equipment for their 5G networks, while Canada’s relationship with the firm is under review. There is also concern among European telecoms network operators, with some considering removing Huawei’s equipment. BT, for example, has
removed Huawei equipment from key parts of its 4G network.
At the same time, the UK has expressed concerns, with the National Cyber Security Centre (NCSC) asking Huawei to fix issues that could pose a new risk to the network.
The US is particularly concerned about Ren’s military background. And the State Department's top cyber official, Robert Strayer, certainly thinks there is an issue.
"A country that uses data in the way China has - to surveil its citizens, to set up credit scores and to imprison more than 1 million people for their ethnic and religious background - should give us pause about the way that country might use data in the future," Strayer said, according to The Washington Post . "It would be naive to think that country, [given] the influence it has over its companies, would act in ways that would treat our citizens better than it treats its own citizens."
Meanwhile, the daughter of Huawei’s founder,
Meng Wanzhou was last year arrested by Canadian authorities, after the US government alleged that she was assisting Huawei in dodging US sanctions on Iran. She and the firm deny any wrongdoing.
Are Huawei phones safe?
Last year, Huawei phones were banned by networks including Verizon and AT&T after being labelled a security threat. Meanwhile, tech site Tech.Co interviewed Timothy Heath, senior international defense research analyst at the RAND Corporation, who believes it is entirely plausible that the firm’s phones could be used to spy:
“The threat is legitimate, given the murky links between Huawei and Chinese authorities. The Chinese state has the authority to demand tech companies like Huawei turn over useful information or provide access to the communications and technologies owned and sold by Huawei.
"Chinese authorities can use this information and access to facilitate espionage or cyber attacks over Huawei communications technologies. Consumer tech devices like phones that rely on Huawei technologies will be easier for Chinese authorities to penetrate and exploit for these reasons.”
He added: “Tech companies play a critical role in developing the dual use technologies that the PLA needs to fight a hi-tech war against world class militaries like that of the United States.”
What about Huawei network equipment?
As an equipment vendor, it is technically possible for Huawei to conduct espionage through the network, or even for it to disrupt communications with disastrous consequences. As more devices are connected to the internet, including autonomous vehicles and electrical grids, this threat becomes all the more real.
The risk becomes bigger with 5G because the way the networks are designed and run makes it harder to monitor security, according to the head of the UK's intelligence service MI6, Alex Younger.
However, many of the UK providers including EE, Vodafone and Three have been working with Huawei to build their 5G networks. They are currently waiting for the UK government to decide whether they will be permitted to carry on doing so, with a decision coming in Spring this year.
China's National Intelligence Law passed in 2017 says organizations should "support, co-operate with and collaborate in national intelligence work".
But a Huawei spokesperson says: “We are a private company owned by employees and comply with applicable laws and regulations. If we are forced to maliciously violate the trust of our customers, we would rather shut the company down. We are committed to developing the most innovative and secure technology, to bring digital to every person, home and organization for a fully connected, intelligent world. We will make all sacrifices – at any cost – to defend security without hurting any country, any organization, or any individual. This is our highest agenda.”
What does Huawei say?
It’s Mobile World Congress this week so what better place for Huawei to hit back at recent comments from the US? During his keynote
Huawei chairman Guo Ping denied that the firm spies on behalf of its country’s government. It has "no evidence, nothing", he said, adding that the vendor had never planted backdoors in its equipment and would not permit third parties to meddle with its kit. Guo said, according to Business Insider : "Carriers are responsible for the secure operations of their own networks. Carriers can prevent outside attacks."
He also hit out at the US government for its new law allowing it to demand data stored with Amazon, Microsoft, or other cloud providers.
What should you do?
First, don’t panic. Ian Thornton Trump, head of cyber security at AMTrust international, points out: “If nation states are going to hack, they are going to hack. This has very little to do with security; this has everything to do with market protectionism and vendettas against companies that don’t bend to the will of the US.”
He therefore thinks security is a side show “being used as leverage and FUD to promote someone else’s products and services”. He says: “There has been no public mention of a security issue with Huawei and you can bet an indictment that if it did have a back door this would be blasted to the media.
“The indictment of Huawei is about intellectual property theft – allegedly and perhaps not even an American company – and selling to Iran using front companies. How a Chinese company is subject to American law is of course the big and larger question.”
Huawei is certainly producing some innovative phones and it’s been working on network equipment for years. Of course, intelligence personnel will know a lot more about what’s happening behind the scenes, so it’s important to be wary. But at the same time, much of this is about political posturing: Do we really think Huawei has manufactured a folding phone so it can tap all our calls and take over the network? Probably not.

This week at Mobile World Congress (MWC) in Barcelona Spain, Huawei's chairman Guo Ping deflected recent criticism his firm has received over security flaws and backdoors in its products. Guo immediately turned his ire to America and the National Security Agency (NSA) and its program called PRISM. This NSA program allowed the agency to access highly sensitive stored documents, emails, photographs, and data from major companies. Further, it was discovered that leading social media platforms like Google , Facebook , Yahoo, YouTube, Skype, PalTalk, etc. all provided the NSA with direct access to their users’ information in exchange for immunity from future prosecution. Ping rightfully denied that Huawei ever had backdoors in its products. He suggested these allegations were due to the company’s tremendous investment in 5G R&D, arguing that Huawei should get a pass. When it comes to security, though, nobody gets a pass. Further, recent arrests of key employees, including Huawei's founder’s daughter (and CFO), has increased scrutiny and speculation about the company’s nefarious intentions.
For countries, proactive incident response helps mitigate overall risk
All countries have spy agencies and those organizations rely on data and intelligence to be effective. Reverse/social engineering, malware/viruses, phishing schemes are all useful tools for agencies to target specific users and gain access to sensitive data or critical infrastructure.  Exploiting backdoors and packet sniffing is much more difficult and tends to produce random results. That said, from a cyberwarfare perspective, a top goal for most nation-states is to have a "killswitch" to stop security incidents and Internet traffic from hostile nations they conflict with. Ukraine is an excellent example of what happens when a country is ill-equipped to stop
cyber-aggression . It is virtually impossible to build a hack-proof network; however, organizations can employ practices to mitigate damage caused by hackers during a breach.  Case-in-point, network equipment vendors have a responsibility to deploy solutions that are secure and uphold industry standards for data protection and integrity—such as the Network Equipment Security Scheme (NESA) spearheaded by the GSMA and 3GPP. Carriers and service providers have even more responsibility to deploy proactive security measures to safeguard the flow of traffic through their networks. Even if there are security vulnerabilities in the networking equipment, a proactive incident response program can reduce the threat and attack-plane.
Is there such a thing as "manageable risk" in cybersecurity?
Claims and subsequent action by the United States and other countries have put Huawei, Supermicro, and ZTE under a negative spotlight and the effects have been damaging from a revenue, brand, and loyalty perspective. Although the UK's National Cyber Security Centre (NCSC) deemed Huawei as a "manageable risk," these companies will be challenged to regain their credibility and reputations in the security industry. Although it is nearly impossible to prove the claims against each company, it does force every equipment vendor to determine which side of the fence they are on and perhaps incentivize the industry to make meaningful long-term changes and safeguards—especially as 5G becomes a reality. While these companies are on their heels, rivals like Cisco, Ericsson , Nokia , etc. have a healthy competitive opportunity to grow market share. However, as a wise person once said, “what comes around, goes around” it will be easier for the industry to take care of itself before clueless bureaucrats and politicians do it for them. Since Huawei has established itself from a 5G perspective, it could also take a market leadership role in de-stigmatizing the security of Chinese-made equipment. Additionally, it could work with the industry to set meaningful standards for security before someone does it for them. This will not only help Huawei, but its Chinese counterparts and the industry as a whole.

F35 is a turd with wings...?

 the F35 is a turd with wings...?
Its not like the General Accounting Office (GAO) created a report citing "111 Category 1 and 855 Category 2 deficiencies". . .
Its not like it will 'fall out of the sky' if it is disconnected from Autonomic Logistics Information System (ALIS) for a short amount of time. . .
It is not like the F35B variant 'shook apart under stress-testing' and has to have its tyres changed in less than 10 landings. . .
Its not like the guns on the F35 are "consistently missing ground targets" and are showing a bias “long, and to the right”. . .
The Lockheed Martin F-35 Joint Strike Fighter was supposed to be four times more effective than older, legacy fighters in air-to-air combat, Eight times more effective in air-to-ground combat, And three times better at reconnaissance and suppression of enemy air defences.
All 3 versions of the F35 (A, B & C) are zesty yellow turds. Not only has the project extremely over promised and extremely under delivered, The F35 program is the most expensive undertaking by the US government. In 2012 the project had already cost $320 Billion (USD) and in 2014 it was estimated to "have operating costs 79 percent higher than the aircraft it was to replace". There are so many better things that you can operate for between $25,000 and $35,000 USD per hour.
It is such a heap of shit, That it cannot out manoeuvre or out fly the 20 year old fighter that it is supposed to replace. In fact, Not only is it a physical heap of shit, I would hate to see all of the security vulnerabilities that this 'winged disaster' has, let alone all of the data that is going to be collected by Lockheed Martin via (ALIS & any 'man in the middle').
Lockheed Martin's excuse is that the F35 is so 'selthy' that it doesn't need to out fly the enemy, because it will 'sneak up undetected and kill them first'. YEAH, GOOD LUCK WITH THAT. . .
After all of that, Australia is committed to purchase 72 of these flying shit sandwiches, Too bad Australian Consumer Law (ACL) does not apply in this case. . . They are no where near 'As described and without defects'

Bitcoin developer ,jameson lopp explanations on how to be secure on Bitcoin

More people are thinking about online privacy and protecting their data these days, but how hard is it to close every potential data leak and keep your personal information secure? On a recent episode of Epicenter , Casa CTO Jameson Lopp explained the extreme measures he takes to protect his privacy in an increasingly digital world.
‘They Don’t Know My Real Name’
After discussing why online privacy is so important in the age of social media, Lopp was asked to explain the tradeoffs of trying to close up all of the potential security holes in his daily life in the aftermath of a swatting incident in 2017 . Lopp gave examples of some of the extreme measures he has taken, including the use of a fake name when interacting with the people who live near him.
“They don’t know my real name,” said Lopp. “They don’t know what I do. They just know that I’m a programmer. I’m a boring old programmer.”
Lopp added that he interacts with most of his friends remotely via the internet, and he doesn’t have “crypto friends” in the area where he lives. Having said that, he does have non-crypto friends who spend time with Lopp doing non-crypto things.
“It’s kind of like living a double life almost,” said Lopp. “Sometimes that feels kind of like James Bond spy-type stuff, and other times it’s just plain annoying.”
Seeking Privacy Can Be Annoying
In terms of specific annoyances related to his search for privacy, Lopp pointed to the fact that he has to drive pretty far away to pick up his mail at a private mailbox or sign up for any kind of membership that requires personal identification.
“I don’t want my name in any databases that are tied to location,” added Lopp.
According to Lopp, there are also services available that make it easier to sign up for things in a pseudonymous manner, which has been helpful. However, when Lopp cannot sign up for something pseudonymously, the costs of retaining his privacy can be expensive because he basically has to hire a lawyer to act as a proxy on his behalf.
In terms of being recognized in public as a Bitcoin personality, Lopp said he’s only been recognized in the real world once, and he thinks it was mostly due to the large beard he had at the time.
“Most of the time when I’m out and about [now], I keep it pretty low key and I just look like another guy,” said Lopp.
It is Lopp’s intention to prevent any of his personal information from falling into the wrong hands, which means he needs to limit the locations and companies where that data is stored.
“Information wants to be free. Any service you give your data to, over a long enough period of time, it’s almost inevitable that that data is going to leak,” said Lopp.

Facebook has again been lying its users!

Facebook's 2019 looks set to repeat the PR train wreck of 2018, with the company now admitting that they misrepresented the extent of their spying on teenage user data when the controversy came to light in January this year. Significantly more kids were affected than originally acknowledged and parental consent was nothing of the sort.
This comes a day after Instagram was slammed for being the worst social media culprit for facilitating child abuse.
Any relief the social media giant may have been feeling following January’s record results, and consigning 2018 to the history books, now seems to be fading away.
At the end of January, the news broke that Facebook has been secretly paying people to install a 'Facebook Research' VPN to harvest users' phone and web activity. The program deployed a VPN that bypassed the app store safeguards, granting access to private messages and chats, web activity and emails open. Last year,
Apple removed the Israeli Onavo app ,
acquired by Facebook in 2013 for up to $200 million, for "snooping" on users in violation of its rules.
Facebook withdrew the application and rode out the storm. Controversy over, right? Wrong.
The Truth Emerges
At the time, the social media giant claimed that "less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms."
But now, in a letter to U.S. Senator Mark Warner, dated 20 February, the company has admitted - again - that they were somewhat expedient with the truth. "Initial reporting around this project was not entirely accurate," they said. “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. The analysis shows that number is about 18 percent when you look at the complete lifetime of the program and also add people who had become inactive and uninstalled the app.”
As reported by TechRadar , the letter to Senator Warner from Facebook's VP for U.S. Public Policy, Kevin Martin, also admitted that "potential participants were required to confirm that they were over 18 or provide other evidence of parental consent, though the vendors did not require a signed parental consent form for teen users."
Ironically, last week Facebook finally agreed to launch a clear history function that will please users and annoy advertisers in equal measure. It was seen as a step in the right direction. The company clearly wants to get ahead of the issues - to an extent. Its challenge is that so many of the issues are tightly integrated into its business model.
"The idea is a lot of sites need cookies to work," CEO Mark Zuckerberg wrote in a blog, "but you should still be able to flush your history whenever you want. We’re building a version of this for Facebook too. It will be a simple control to clear your browsing history on Facebook – what you’ve clicked on, websites you’ve visited, and so on."
But, CFO David Wehner acknowledged the issues this will cause their business model, creating "headwinds in terms of being able to target as effectively as before."
No dates have been given - expect significant consultation with major advertisers to be taking place.
Regulation Approaches
On 'Safer Internet Day' In February,
Margot James MP, the U.K.'s Minister for Digital said that "online safety is a top priority for the Government and we want to make the U.K. the safest place in the world to be online. We will soon be publishing an Online Harms White Paper which will set out clear expectations for companies to help keep their users, particularly children, safe online." She added that the White Paper "will set out new legislative measures to ensure that the platforms remove illegal content and prioritize the protection of users, especially children, young people and vulnerable adults."
The British MP followed this with an interview to Business Insider , saying that the threat of financial sanctions against the leading social media platforms is set to become very real if toxic content and bad behaviors are not brought under control, and comparing the proposed sanctions program to "the powers that the ICO [Information Commissioner's Office] already has." Under GDPR, this could mean fines of up to 4% of global revenues - some $2.2 billion for Facebook.
"As you know, we are not generally opposed to regulation," Facebook confirmed in their letter - that's good because it is becoming ever clearer that some form of regulation is now inevitable.
"You know it's a good day at Facebook when the words 'teenagers,' 'research,' and 'lying' are in the news," wrote Mashable.
The issues around safeguarding social media's young userbase are not specific to Facebook. Also in recent days, YouTube has had to respond to claims that its platform was being used to facilitate child exploitation. "We disabled comments from tens of millions of videos that could be subject to predatory behavior,"

When eBay merchant Mr. Balaj was looking through a pile of hi-fi junk at an auction in the U.K., he came across an odd-looking device. Easily mistaken for a child’s tablet, it had the word “Cellebrite” written on it. To Mr. Balaj, it appeared to be a worthless piece of electronic flotsam, so he left it in his garage to gather dust for eight months.
But recently he’s learned just what he had his hands on: a valuable, Israeli-made piece of technology called the Cellebrite UFED. It’s used by police around the world to break open iPhones, Androids and other modern mobiles to extract data. The U.S. federal government, from the FBI to Immigration and Customs Enforcement, has been handing millions to Cellebrite to break into Apple and Google smartphones. Mr. Balaj ( Forbes agreed not to publish his first name at his request) and others on eBay are now acquiring and trading Cellebrite systems for between $100 and $1,000 a unit. Comparable, brand-new Cellebrite tools start at $6,000.
Cellebrite isn’t happy about those secondhand sales. On Tuesday, two sources from the forensics industry passed Forbes a letter from Cellebrite warning customers about reselling its hugely popular hacking devices because they could be used to access individuals’ private data. Rather than return the UFEDs to Cellebrite so they can be properly decommissioned, it appears police or other individuals who’ve acquired the machines are flogging them and failing to properly wipe them. Cybersecurity researchers are now warning that valuable case data and powerful police hacking tools could have leaked as a result.
Cellebrite warns customers about reselling its high-tech mobile hacking devices. FORBES
Hacker’s delight
Earlier this month, Matthew Hickey, a cybersecurity researcher and cofounder of training academy Hacker House, bought a dozen UFED devices and probed them for data. He discovered that the secondhand kit contained information on what devices were searched, when they were searched and what kinds of data were removed. Mobile identifier numbers like the IMEI code were also retrievable.
Hickey believes he could have extracted more personal information, such as contact lists or chats, though he decided not to delve into such data. “I would feel a little awful if there was a picture of a crime scene or something,” he said. But using the information within a UFED, Hickey believes a malicious hacker could identify the suspects and their relevant cases.
In one screenshot provided by Hickey to Forbes, the previous UFED user had raided phones from Samsung, LG, ZTE and Motorola. Hickey had tested it on old iPhone and an iPod models with success.
Cellebrite hasn’t returned repeated emails from Forbes seeking comment over the last two weeks.
Rooting out Cellebrite’s secrets
The tools may also contain the software vulnerabilities Cellebrite keeps secret from the likes of Apple and Google, said Hickey. Cellebrite’s exploits (little software programs that break the security of computers and mobile phones) were encrypted, but the keys should be extractable from the UFED, though Hickey hasn’t had success on the tools he bought.
As Forbes reported in March last year, Cellebrite had become so adept at finding iOS flaws that it was able to crack the passcodes of the latest Apple models , up to the iPhone X. But the forensics provider is in a race to find flaws before Apple patches them and the hacks become impossible. The company explained to Forbes that it had to keep those exploits secret so Apple couldn’t fix and prevent police from accessing iPhones.
Looking deeper, Hickey found what appeared to be Wi-Fi passwords left on the UFEDs too. They could have belonged either to police agencies or to other private entities that had access to the devices, such as independent investigators or business auditors.
Reselling police data
There’s one obvious reason the Cellebrite devices have started appearing online: There are newer models of UFED being released with fresh software. But Hickey was concerned to find leftover forensics data.
“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere,” Hickey told
Forbes.
“Units are intended to be returned to vendor precisely for this reason, people ignoring that risk information on the units being available to third parties.”
Hackable hacking kit
Hickey said security on the units was “fairly poor.” In particular, he was able to find out the admin account passwords for the devices and take control of them. Cracking the devices’ license controls was also simple, using guides found on online Turkish forums. A skilled hacker could unleash the device to break into iPhones or other smartphones using the same information, he said. A malicious attacker could also modify a unit to falsify evidence or even reverse the forensics process and create a phone capable of hacking the Cellebrite tech, Hickey warned.
Despite concerns about the security of critical law enforcement devices, Hickey at least plans to do something fun with his purchases. For some upcoming hacker parties, he’s going to alter them to run the shoot-’em-up classic Doom. Others have already started playing.

el
some of you should start being careful of what comes out of your beaks!!!! i know that such people who post such want gain attention ....and later on start deceiving that CMI,ISO,CID,SFC operatives are hunting you because of what your dirty minds compels you to write.Let warn you,its high time you start avoiding jokes about Security!!!!! now ,what if they ask you when,how and where in kisoro you saw those army vehicles, what would you say???? By the way,some of you are not ever worth to be thought of by CMI and i think some of you have never seen real CMI or ISO,SFC....you really have not!!!!

Cellebrite UFED, an iPhone hacking tool made in Israel and widely used by the law enforcement authorities including the Federal Bureau of Investigation, Customs Enforcement and Immigration departments is surprisingly up for sale on eBay.
This tool is mainly used for hacking or breaking open modern mobile phones such as iPhones and Androids for the sole purpose of obtaining data. The law enforcement authorities primarily use Cellebrite to extract data from Google smartphones and Apple devices . It is the same iPhone hacking tool that the FBI used to break open the iPhone 5C of Syed Rizwan Farook , the infamous San Bernardino shooter.
See: Textalyzer Device Tells Police Everything Users Do on Their Smartphone
According to Forbes , second hand Cellebrite is being sold on eBay between $100 to $1000. It is worth noting that Cellebrite sells new tools for $6,000. Understandably, Cellebrite, a forensic data firm responsible for making Cellebrite UFED, isn’t happy about it and has warned customers about reselling such sensitive hacking devices because if landed into wrong hands, these can be exploited to access someone’s private information. Cellebrite also requested users to return the UFEDs to the company so that these could be decommissioned appropriately.
Thomas Brewster
@iblametom
Cellebrite has issued a warning to customers about the risk of reselling its devices.
I spoke to a guy who found one at a real-world auction and resold on eBay. He didn't know he had police iPhone/Android hacking tech, put it in his garage to gather dust for 8 months.
Lewl.
Thomas Brewster @iblametom
New - The Feds’ Favorite iPhone Hacking Tool Is Selling On eBay For $100—And It’s Leaking Data forbes.com/sites/thomasbr…
64 2:43 PM - Feb 27, 2019
45 people are talking about this
Security researcher Matthew Hickey (Hacker Fantastic on Twitter) bought several Cellebrite UFED devices and identified that there was indeed valuable data stored on the devices including IMEI numbers that can be used to locate a mobile phone easily. Moreover, Hickey believes that the devices might also reveal chat and contact lists but he didn’t attempt to dig any deeper.
Hacker Fantastic
@hackerfantastic
Cellebrite UFED classic exploits & functions - I got this gem at an auction - has SIM card cloning features (elite)
267 12:13 AM - Feb 12, 2019
99 people are talking about this
Another grave issue of concern is that the second hand Cellebrite UFEDs can also leak information about vulnerabilities that many devices like Apple iPhones contain. In March 2018, Forbes reported that Celebrite can identify iOS flaws and can crack passwords of the newest Apple models including the iPhone X and the company deliberately keeps these flaws a secret so that Apple couldn’t fix it. This way, Cellebrite helps law enforcement in retrieving data from mobile phones.
Hickey claims that the units are poorly secured as he could easily identify the admin account passwords of the units and could control them while accessing their license controls was also an easy feat to accomplish. All that he needed to do is check out for online guidelines on Turkish forums.
See: US government gets its hand on $15,000 iPhone do this, imagine what a skilled hacker could be capable of. A smart hacker can easily hack iPhones using the information or modify the unit to alter evidence or fully reverse the forensic process in order to make the device capable of hacking the technology that Cellebrite is most sought-after for.