I was part of the team that defined the binary format that has been in use since the end of the 1990’s. The selected solution was not my preferred one, as I preferred a pre-linked version. At the time, everybody agreed that on-card verification was too ambitious, so this was never considered for Java Card […]
Category Archives: News
Uh oh, Google just stopped updating my kids’ phones
So, Google has revoked Huawei’s Android license. Huawei’s new phones won’t get any of the nice Google features like Google’s store, Gmail, and more. But also, all existing Huawei phones will stop receiving updates from Google. What? This includes my kids’ Honor-branded phones, and as far as I know, a significant portion of the kids […]
Should we Protect Cars from Terrorists?
Some days ago, Mark Cuban published on LinkedIn a question about weaponized cars: who has developed solutions to detect/prevent such events? I live close to Nice, so I would definitely extend the question to trucks, and basically to anything heavy that moves faster tn humans. Terrorists are not easy to distinguish from normal drivers before […]
Des contraintes naît la beauté
This quote from Leonardo da Vinci “Beauty is born from constraints” was chosen by Alain Colmerauer as the motto for Prolog IV, the last iteration (for now) of the Prolog language, déveloped by Prologia in the early 1990’s. Alain Colmerauer passed away this week. I have plenty of memories about him, starting from classes with […]
Can we try to get some IoT devices right?
Last week at RSA, various crypto stars, including Don Rivest, Adi Shamir, and Whitfield Diffie, have discussed security research trends in a panel, and the conclusion seems to be that quantum computing and AI are not the real priority with the Internet of Things. The priority is, or should be, to invest in better programming. […]
Attacking IoT is really easy
A few days ago, Metasploit has announced that their famous tool is now available to car hackers, and soon for any connected object. Metasploit is a well-known tool for web apps, and extending it to objects simply makes these objects as easy to hack as web apps. Indeed, there are many aspects in common between […]
Fighting poker-winning AIs on IoT Security
Published attacks tend to repeat themselves this year, but in the last few days, there has been a few interesting events and publications, in particular: Adi Shamir has made gloomy predictions about security in the next 15 years. Bruce Schneier has published a long essay about IoT security, with a vibrant and desperate call for […]
Traffic cameras, legal rules, and accusers
A few days ago, I watched Gone Girl on TV, a story about mounting evidence against an innocent person. And then, I looked at an article about challenging a traffic camera citation (in the US). The link between the two stories is evidence, of course. Traffic camera evidence incriminates a car, not a driver. The […]
The lowest hanging card
The latest news on six second card hacking is very entertaining, and frankly, not reassuring. This thing is just as simple that it is stupid. The CVV2/CVC2 is a secret number computed by banks using a secret key, so they are validated by the issuing bank. Apparently, most (all?) of them have chosen not to […]
IoT Security as Externality: Cluelessness, Denial, and more
Not my problem. That’s the 3-word definition of an externality: something that you don’t need to deal with, because the adverse consequences are not affecting you directly. This has been an issue for cybersecurity forever (Schneier, 2007), and it is widely known that the issue is particularly pressing with IoT (Schneier again, 2016). I have […]