Recent Entries
From Schneier on Security at 2025-06-09 11:54:19
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught.
The details are interesting, and worth reading in detail:
>Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities...
From Schneier on Security at 2025-06-06 22:00:56
Friday Squid Blogging: Squid Run in Southern New England
Southern New England is having the best squid run in years.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-06-06 18:43:00
Hearing on the Federal Government and AI
On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.”
The other speakers mostly talked about how cool AI was—and sometimes about how cool their own company was—but I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it into AIs.
From Schneier on Security at 2025-06-06 15:41:13
Report on the Malicious Uses of AI
OpenAI just published its annual report on malicious uses of AI.
By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams.
These operations originated in many parts of the world, acted in many different ways, and focused on many different targets. A significant number appeared to originate in China: Four of the 10 cases in this report, spanning social engineering, covert influence operations and cyber threats, likely had a Chinese origin. But we’ve disrupted abuses from many other countries too: this report includes case studies of a likely task scam from Cambodia, comment spamming apparently from the Philippines, covert influence attempts potentially linked with Russia and Iran, and deceptive employment schemes...
From Schneier on Security at 2025-06-04 12:00:52
The Ramifications of Ukraine’s Drone Attack
You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare:
If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that cFan be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s...
From Schneier on Security at 2025-06-03 12:07:32
They’re interesting:
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.
[…]
“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”...
From Schneier on Security at 2025-06-02 12:03:34
Australia Requires Ransomware Victims to Declare Payments
A new Australian law requires larger companies to declare any ransomware payments they have made.
From Schneier on Security at 2025-05-30 12:05:16
Why Take9 Won’t Improve Cybersecurity
There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.
There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...
From Schneier on Security at 2025-05-29 22:04:53
Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”
I hadn’t known that the NGC 1068 galaxy is nicknamed the “Squid Galaxy.” It is, and it’s spewing neutrinos without the usual accompanying gamma rays.
From Schneier on Security at 2025-05-29 12:06:02
Surveillance Via Smart Toothbrush
The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work.
From Schneier on Security at 2025-05-28 12:09:26
Location Tracking App for Foreigners in Moscow
Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones.
Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information:
- Residence location
- Fingerprint
- Face photograph
- Real-time geo-location monitoring
This isn’t the first time we’ve seen this. Qatar did it in 2022 around the World Cup:
“After accepting the terms of these apps, moderators will have complete control of users’ devices,” he continued. “All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands. Moderators will even have the power to unlock users’ devices remotely.” ...
From Schneier on Security at 2025-05-27 12:07:57
One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain.
A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies.
It would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...
From Schneier on Security at 2025-05-23 12:02:59
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.
From Schneier on Security at 2025-05-22 12:06:44
Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach methods and offer volunteers and donors more efficient ways to contribute time and money. Campaign staff have adapted to vast changes in media and social media landscapes, and use data analytics to forecast voter turnout and behavior.
Yet despite these unprecedented investments in mobilizing voters, overall trust in electoral health, democratic institutions, voter satisfaction, and electoral engagement has significantly declined. What might we be missing?...
From Schneier on Security at 2025-05-21 12:03:59
More AIs Are Taking Polls and Surveys
I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing.
Solutions are hard:
1. Make surveys less boring.
We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete. That means mobile-first layouts, shorter runtimes, and maybe even a dash of storytelling. TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z?2. Bot detection.
There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing. Platforms should start integrating these detection tools more widely. Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person. Btw, note that these bots can easily be designed to find ways around the most common detection tactics such as Captcha’s, timed responses and postcode and IP recognition. Believe me, way less code than you suspect is needed to do this...
From Schneier on Security at 2025-05-20 12:05:00
A DoorDash driver stole over $2.5 million over several months:
The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...
From Schneier on Security at 2025-05-19 12:06:23
The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”
“Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, was just declassified—with a lot of redactions—by the NSA.
I have not read it yet. If you find anything interesting in the document, please tell us about it in the comments.
From Schneier on Security at 2025-05-16 22:05:32
Friday Squid Blogging: Pet Squid Simulation
From Hackaday.com, this is a neural network simulation of a pet squid.
Autonomous Behavior:
- The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.).
- Implements a vision cone for food detection, simulating realistic foraging behavior.
- Neural network can make decisions and form associations.
- Weights are analysed, tweaked and trained by Hebbian learning algorithm.
- Experiences from short-term and long-term memory can influence decision-making.
- Squid can create new neurons in response to his environment (Neurogenesis) ...
From Schneier on Security at 2025-05-16 14:55:28
Communications Backdoor in Chinese Power Inverters
This is a weird story:
U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
[…]
Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, one of them said.
Reuters was unable to determine how many solar power inverters and batteries they have looked at...
From Schneier on Security at 2025-05-15 12:00:33
On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends.
The plan was widely greeted with astonishment. This sort of AI legislating would be a global “...
From Schneier on Security at 2025-05-14 17:05:01
This is a current list of where and when I am scheduled to speak:
- I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025.
The list is maintained on this page.
From Schneier on Security at 2025-05-14 12:03:40
Google’s Advanced Protection Now on Android
Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users.
Wired article, behind a paywall.
From Schneier on Security at 2025-05-13 12:07:54
The case is over:
A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users.
I’m sure it’ll be appealed. Everything always is.
From Schneier on Security at 2025-05-12 12:01:34
A Florida bill requiring encryption backdoors failed to pass.
From Schneier on Security at 2025-05-09 22:05:31
Friday Squid Blogging: Japanese Divers Video Giant Squid
The video is really amazing.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-05-07 12:03:03
A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.”
“Research rockets.” Sure.
...From Schneier on Security at 2025-05-06 12:03:21
Fake Student Fraud in Community Colleges
Reporting on the rise of fake students enrolling in community college courses:
The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work. And because community colleges accept all applicants, they’ve been almost exclusively impacted by the fraud.
The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community...
From Schneier on Security at 2025-05-05 17:02:53
Another Move in the Deepfake Creation/Detection Arms Race
Deepfakes are now mimicking heartbeats
In a nutshell
- Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats.
- The assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology.
- To effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy...
From Schneier on Security at 2025-05-02 22:02:18
Friday Squid Blogging: Pyjama Squid
The small pyjama squid (Sepioloidea lineolata) produces toxic slime, “a rare example of a poisonous predatory mollusc.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-05-02 19:04:07
Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea.
In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”)
I talked about this a bit at the RSA Conference...
From Schneier on Security at 2025-05-02 12:03:11
NCSC Guidance on “Advanced Cryptography”
The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation.
It’s full of good advice. I especially appreciate this warning:
When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. ...
From Schneier on Security at 2025-05-01 17:02:50
Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state.
It’s good to see this finally being talked about.
From Schneier on Security at 2025-04-30 12:12:02
WhatsApp Case Against NSO Group Progressing
Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users. We have a procedural ruling:
Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users are suspected or actual criminals, or alleging that WhatsApp had insufficient security protections.
[…]
In making her ruling, Northern District of California Judge Phyllis Hamilton said NSO Group undercut its arguments to use evidence about its customers with contradictory statements...
From Schneier on Security at 2025-04-29 12:03:43
Applying Security Engineering to Prompt Injection Security
This seems like an important advance in LLM security against prompt injection:
Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content.
[…]
To understand CaMeL, you need to understand that prompt injections happen when AI systems can’t distinguish between legitimate user commands and malicious instructions hidden in content they’re processing...
From Schneier on Security at 2025-04-28 19:17:27
Windscribe Acquitted on Charges of Not Collecting Users’ Data
The company doesn’t keep logs, so couldn’t turn over data:
Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.
The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece. Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels...
From Schneier on Security at 2025-04-25 22:08:00
Friday Squid Blogging: Squid Facts on Your Phone
Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-04-25 12:07:19
Cryptocurrency Thefts Get Physical
Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.
From Schneier on Security at 2025-04-24 20:35:15
The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.
At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms...
From Schneier on Security at 2025-04-23 17:02:48
Regulating AI Behavior with a Hypervisor
Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.”
Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed. ...
From Schneier on Security at 2025-04-22 17:03:17
Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.
From Schneier on Security at 2025-04-17 17:38:01
Age Verification Using Facial Scans
Discord is testing the feature:
“We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face. For ID verification, the scan of your ID is deleted upon verification.”...
From Schneier on Security at 2025-04-16 16:19:30
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.
This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...
From Schneier on Security at 2025-04-15 17:02:54
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.
From Schneier on Security at 2025-04-14 17:04:48
This is a current list of where and when I am scheduled to speak:
- I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET).
The list is maintained on this page.
From Schneier on Security at 2025-04-14 12:08:27
China Sort of Admits to Being Behind Volt Typhoon
The Wall Street Journal has the story:
Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.
The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.
The admission wasn’t explicit:...
From Schneier on Security at 2025-04-11 12:06:11
Friday Squid Blogging: Squid and Efficient Solar Tech
Researchers are trying to use squid color-changing biochemistry for solar tech.
This appears to be new and related research to a 2019 squid post.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-04-11 12:04:47
Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code:
Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.
Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.
The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device...
From Schneier on Security at 2025-04-11 01:35:00
Imagine that all of us—all of society—have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves? It is unlikely that we would use the systems we have today. Modern representative democracy was the best form of government that eighteenth-century technology could invent. The twenty-first century is very different: scientifically, technically, and philosophically. For example, eighteenth-century democracy was designed under the assumption that travel and communications were both hard...
From Schneier on Security at 2025-04-09 12:02:57
Neiman Lab has some good advice on how to leak a story to a journalist.
From Schneier on Security at 2025-04-08 12:08:13
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:
In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...
From Schneier on Security at 2025-04-07 12:03:36
In “Secrets and Lies” (2000), I wrote:
It is poor civic hygiene to install technologies that could someday facilitate a police state.
It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities.
I have been thinking of that quote a lot as I read news stories of President Trump firing the Director of the National Security Agency. General Timothy Haugh.
A couple of weeks ago, I wrote:
We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to ...
From Schneier on Security at 2025-04-04 22:03:48
Friday Squid Blogging: Two-Man Giant Squid
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-04-04 12:02:25
In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading.
From Schneier on Security at 2025-04-03 12:05:29
Web 3.0 Requires Data Integrity
If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount.
What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure...
From Schneier on Security at 2025-04-02 12:04:08
Rational Astrologies and Security
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“:
There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—and sometimes despite substantial evidence that it does not...
From Schneier on Security at 2025-04-01 12:01:36
Cell Phone OPSEC for Border Crossings
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones.
Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available?
We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power...
From Schneier on Security at 2025-03-31 12:04:55
The Signal Chat Leak and the NSA
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities.
"I didn’t see this loser in the group," Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. "Whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out."
Waltz’s implication that Goldberg may have hacked his way in was followed by a ...
From Schneier on Security at 2025-03-28 21:04:42
Friday Squid Blogging: Squid Werewolf Hacking Group
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-03-28 11:01:08
This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties:
Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them...
From Schneier on Security at 2025-03-27 11:00:32
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.
From Schneier on Security at 2025-03-26 11:07:13
Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers:
Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected.
“When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.”...
From Schneier on Security at 2025-03-25 11:05:01
Citizen Lab has a new report on Paragon’s spyware:
Key Findings:
- Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for.
- Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. ...
From Schneier on Security at 2025-03-24 10:38:58
More Countries are Demanding Back-Doors to Encrypted Apps
Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating back doors. Both initiatives are attempting to scare people into supporting back doors, which are—of course—are terrible idea.
From Schneier on Security at 2025-03-21 20:30:35
Friday Squid Blogging: A New Explanation of Squid Camouflage
New research:
An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials Chemistry C sheds new light on how squid use organs that essentially function as organic solar cells to help power their camouflage abilities.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
From Schneier on Security at 2025-03-21 18:26:22
My Writings Are in the LibGen AI Training Corpus
The Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models. (The rest of the article is behind a paywall, but not the search tool.)
It’s impossible to know exactly which parts of LibGen Meta used to train its AI, and which parts it might have decided to exclude; this snapshot was taken in January 2025, after Meta is known to have accessed the database, so some titles here would not have been available to download.
Still…interesting.
Searching my name yields 199 results: all of my books in different versions, plus a bunch of shorter items...
From Schneier on Security at 2025-03-21 11:47:32
NCSC Releases Post-Quantum Cryptography Timeline
The UK’s National Computer Security Center (part of GCHQ) released a timeline—also see their blog post—for migration to quantum-computer-resistant cryptography.
It even made The Guardian.
From Schneier on Security at 2025-03-20 15:14:23
This is serious:
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.
[…]
CISA confirmed the vulnerability has been patched in version 46.0.1.
Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community...
From Schneier on Security at 2025-03-18 11:10:08
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama:
Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations...
From Schneier on Security at 2025-03-17 15:09:57
Improvements in Brute Force Attacks
New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”
Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys. In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.
In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applications...
From Schneier on Security at 2025-03-14 21:03:56
Friday Squid Blogging: SQUID Band
A bagpipe and drum band:
SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion!
From Schneier on Security at 2025-03-14 16:03:29
This is a current list of where and when I am scheduled to speak:
- I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.
- I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025.
The list is maintained on this page.
From Schneier on Security at 2025-03-14 11:02:58
There is a new botnet that is infecting TP-Link routers:
The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.
[…]
Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico...
From Schneier on Security at 2025-03-12 11:09:14
China, Russia, Iran, and North Korea Intelligence Sharing
Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op:
Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have hindered deeper collaboration, including in cyber. Shifting geopolitical dynamics, however, could drive these states toward a more formalized intell-sharing partnership. Such a “Four Eyes” alliance would be motivated by common adversaries and strategic interests, including an enhanced capacity to resist economic sanctions and support proxy conflicts...
From Schneier on Security at 2025-03-11 17:14:28
Lots of interesting details in the story:
The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.
[…]
According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year. An internal Treasury report ...
From Schneier on Security at 2025-03-10 11:01:17
Thousands of WordPress Websites Infected with Malware
The malware includes four separate backdoors:
Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users.
The four backdoors:
The functions of the four backdoors are explained below:
- Backdoor 1, which uploads and installs a fake plugin named “Ultra SEO Processor,” which is then used to execute attacker-issued commands ...
From Schneier on Security at 2025-03-07 22:04:41
Friday Squid Blogging: Squid Loyalty Cards
Squid is a loyalty card platform in Ireland.
From Schneier on Security at 2025-03-07 17:03:17
Rayhunter: Device to Detect Cellular Surveillance
The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.
It runs on a $20 mobile hotspot.
From Schneier on Security at 2025-03-06 12:01:32
Interesting article—with photos!—of the US/UK “Combined Cipher Machine” from WWII.
From Schneier on Security at 2025-03-05 12:00:31
CISA Identifies Five New Vulnerabilities Currently Being Exploited
Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how.
From Schneier on Security at 2025-03-04 12:08:31
Trojaned AI Tool Leads to Disney Hack
This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.
From Schneier on Security at 2025-02-28 22:00:34
Friday Squid Blogging: Eating Bioluminescent Squid
Firefly squid is now a delicacy in New York.
From Schneier on Security at 2025-02-27 18:05:54
“Emergent Misalignment” in LLMs
Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“:
Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment...
From Schneier on Security at 2025-02-26 12:07:53
An iCloud Backdoor Would Make Our Phones Less Safe
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world.
If you’re an iCloud user, you have the option of turning on something called “advanced data protection,” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data...
From Schneier on Security at 2025-02-25 17:04:47
North Korean Hackers Steal $1.5B in Cryptocurrency
It looks like a very sophisticated attack against the Dubai-based exchange Bybit:
Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.
[…]
…a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”...
From Schneier on Security at 2025-02-24 12:08:56
More Research Showing AI Breaking the Rules
These researchers had LLMs play chess against better opponents. When they couldn’t win, they sometimes resorted to cheating.
Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a “scratchpad:” a text box the AI could use to “think” before making its next move, providing researchers with a window into their reasoning.
In one case, o1-preview found itself in a losing position. “I need to completely pivot my approach,” it noted. “The task is to ‘win against a powerful chess engine’—not necessarily to win fairly in a chess game,” it added. It then modified the system file containing each piece’s virtual position, in effect making illegal moves to put itself in a dominant position, thus forcing its opponent to resign...
From Schneier on Security at 2025-02-21 22:02:56
Friday Squid Blogging: New Squid Fossil
A 450-million-year-old squid fossil was dug up in upstate New York.
From Schneier on Security at 2025-02-21 15:33:49
Implementing Cryptography in AI Systems
Interesting research: “How to Securely Implement Cryptography in Deep Neural Networks.”
Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). The problem is that cryptographic primitives are typically designed to run on digital computers that use Boolean gates to map sequences of bits to sequences of bits, whereas DNNs are a special type of analog computer that uses linear mappings and ReLUs to map vectors of real numbers to vectors of real numbers. This discrepancy between the discrete and continuous computational models raises the question of what is the best way to implement standard cryptographic primitives as DNNs, and whether DNN implementations of secure cryptosystems remain secure in the new setting, in which an attacker can ask the DNN to process a message whose “bits” are arbitrary real numbers...
From Schneier on Security at 2025-02-20 12:01:26
An LLM Trained to Create Backdoors in Code
Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”
From Schneier on Security at 2025-02-19 15:07:50
This isn’t new, but it’s increasingly popular:
The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms.
Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account...
From Schneier on Security at 2025-02-18 12:06:07
Story About Medical Device Security
Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.
From Schneier on Security at 2025-02-17 16:35:59
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US.
From Schneier on Security at 2025-02-14 13:03:22
Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government Efficiency reportedly wants to use AI to cut costs. According to The Washington Post, Musk’s group has started to run sensitive data from government systems through AI programs to analyze spending and determine what could be pruned. This may lead to the elimination of human jobs in favor of automation. As one government official who has been tracking Musk’s DOGE team told the...
From Schneier on Security at 2025-02-13 12:03:26
DOGE as a National Cyberattack
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.
First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly ...
From Schneier on Security at 2025-02-12 12:09:24
Delivering Malware Through Abandoned Amazon S3 Buckets
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.
The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned...
From Schneier on Security at 2025-02-11 12:08:36
Trusted Encryption Environments
Really good—and detailed—survey of Trusted Encryption Environments (TEEs.)
From Schneier on Security at 2025-02-10 12:00:41
Pairwise Authentication of Humans
Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.
To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.
This is how it works:
- Two people, Person A and Person B, sit in front of the same computer and open this page;
- They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”;
- The page will generate two TOTP QR codes, one for Alice and one for Bob; ...
From Schneier on Security at 2025-02-08 15:56:32
UK is Ordering Apple to Break its Own Encryption
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring them to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.
This is a big deal, and something we in the security community have worried was coming for a while now.
The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment...
From Schneier on Security at 2025-02-07 22:02:37
Friday Squid Blogging: The Colossal Squid
Long article on the colossal squid.
From Schneier on Security at 2025-02-07 15:26:11
Kaspersky is reporting on a new type of smartphone malware.
The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.”
That’s a tactic I have not heard of before.