After Snowden revealed in 2013 pervasive spying by the US and Five Eyes agencies, researchers have increasingly revealed critical vulnerabilities deep down in nearly all mainstream and high-security systems. Vulnerabilities that, apparently, so often the story goes, went unnoticed for years or decades by their makers and by western security agencies.
The public dumping of thousands of CIA hacking tools revealed Wikileaks Vault 7 and that of the source code Hacking Team platform – for the semi-automated scaling of hacking to thousands – reveals not only that state-grade targeted hacking tools are available to mid-level hackers, but also their capability to scalably exploit them.
Meanwhile, over the last 2 years, nearly all media and experts reports how end-to-end encryption apps, blockchain and open source will deliver meaningful protection to the endpoint, but they are wrong.
In fact, more than $4 billions have been raised last year via ICO by blockchain startups to bring unprecedented levels of security and immutability to nearly all economic sectors. Yet, thesecurity that blockchains are increasingly bringing to the database/ledger level is completely lost at the endpoint edges. It is lost by the client devices used to write to it or read from it, which are more broken than ever. Cybersecurity, after all, is as good as the weakest link.
In fact, even after what we’ve learned, media still wildly overestimates the security of current of current and emerging endpoint solutions because of an uncoordinated alignment of IT providers marketing their new products and security agencies pretending that they are“going dark” in order to drive more criminals to use techs they can crack remotely.
Days ago Telegram, an app-based“secure” messaging platform with 170M users – fast expanding its features to become a sort of non-Chinese WeChat – announced an unprecedented $858 millions “private token sale” in order to turn its app-based platform a uniquely private and fast blockchain to “pay for services purely through digital tokens without relying on banks or payment processors, which are often the target of government scrutiny or censorship”.
But they haven’t and won’t deliver because (1)they inexplicably use of new obscure non-time-proven encryption protocol and (2) for the simple fact that their security is merely app-based, and therefore completely compromisable in integrity and confidentiality, by a malware easily installed on the endpoint device, by even mid-level hackers. Furthemore, hiding large financial transaction from a legitimate investigation is not only immoral but it will also never really be allowed by large states.