The Border Gateway Protocol (BGP) is flawed, and needs to be fixed. Repairing this protocol would minimize data theft, extortion, state-level espionage, as well as the disruption of security-critical transactions. This is the conclusion of a new roadmap document, published earlier this week by the White House.
The document is called “Roadmap to enhancing internet routing security”, and it discusses the problems, and potential solutions, of BGP.
The Border Gateway Protocol (BGP) is the primary routing protocol used to exchange routing information between different autonomous systems (AS) on the internet. In other words, it’s the glue that holds the entire internet together.
Espionage and data theftIt enables routers to determine the most efficient paths for data to travel across the vast expanse of interconnected networks that make up the internet. BGP is crucial for maintaining a stable and scalable internet by allowing networks to share reachability information and make routing decisions based on a variety of policies.
But the protocol was designed back in 1989, and security was more of an afterthought. As a result, BGP has been abused multiple times throughout the years in some high-profile attacks. For example, in 2008, a Pakistani ISP wanted to block access to YouTube within Pakistan but accidentally announced a more specific BGP route that led to YouTube’s global traffic being redirected through Pakistan. This caused a worldwide outage of YouTube for several hours.
Two years later, China Telecom advertised incorrect BGP routes that caused a significant amount of global internet traffic, including that of U.S. government and military sites, to be routed through China for about 18 minutes. China claimed it was an incident, while some researchers in the west thought it was a deliberate attempt at cyber-espionage.
In 2018, attackers hijacked BGP routes for Amazon’s Route 53 DNS service to redirect traffic intended for MyEtherWallet, a popular cryptocurrency wallet service, to a malicious server. The attackers then stole users' cryptocurrency by tricking them into entering their credentials on the fake site.
The solution is an authentication scheme called Resource Public Key Infrastructure (RPKI) - a security framework designed to enhance the security of the Border Gateway Protocol (BGP) by providing a way to cryptographically verify the ownership of IP address blocks and the authorization of networks to announce specific routes.
“To that end, this document serves as a roadmap to increase the adoption of technologies that address critical vulnerabilities associated with the Border Gateway Protocol (BGP) and drive improvements in Internet inter-domain routing security and resilience,” the White House’s document concludes.
“This roadmap is not a technical guide on how to implement routing, but rather points to best-available guidance and practices, details United States Government (USG) actions to promote BGP security, and makes recommendations to improve routing security throughout the Internet ecosystem.”
Via The Register
More from TechRadar ProApple's Touch ID has had a good run, but when the iPhone SE switches to what most people think will be an OLED display with Face ID it will mark the end of the line for the more than decade-old technology.
This last vestige of not only Apple's circular fingerprint reader but of the iPhone's once-iconic home button has nowhere to go, no place to hide. No other piece of Apple hardware, mobile or otherwise, uses it. When that iPhone SE redesign comes (likely not, though, as part of the iPhone 16 Apple Event), the Apple Home button and Touch ID will begin a slow fade into memory, and then be buried with all the other long-forgotten classic technology.
When I posted one of our stories about the rumored changes coming to the next iPhone SE, one former colleague claimed they couldn't live without Touch ID. I assured them they would survive, but I understood the devotion.
When Apple introduced Touch ID on the iPhone 5s in 2013, I lauded it in my review: "Overall, Touch ID feels easy and secure. And speaking of security, your fingerprints are not stored with Apple; instead they’re locally encrypted at a hardware level. It's a smart move, and I applaud Apple for getting this right out of the gate."
Touch ID was such a big and comparatively new idea that it sparked unusual ideas and use cases. As technology reporters, we found ourselves answering questions like "Can a severed finger access a stolen iPhone 5s?"
Turns out the answer is no. The RF capacitor sensor technology would only work with a live finger. You might surmise that in addition to verifying those tiny ridges, it could pick up the blood flow or pulse underneath the skin.
Oh, but it gets better. Since most people didn't have mobile fingerprint readers in their pockets, the arrival of Touch ID inspired people to try using the sensor with other body parts. No, not those body parts (as far as I know). There was, though, a man in Japan who figured out how to register his nipple on and then use it to unlock his iPhone 5s. Why? Your guess is as good as mine.
Letting goTouch ID eventually became as commonplace as, well, iPhones, and we didn't start to consider the loss of this effective, tactile, biometric security feature until the arrival of Apple's iPhone X and Face ID in 2017.
As is typical of Apple, changes flow through Apple product lines in an evolutionary fashion on both iPhones and iPads (the iPod Touch died with its Touch ID-free home button intact). But, as was the case with the transition from 30-pin charge ports to Lightning and now to USB-C, changes eventually visit all Apple products and classes.
Anyone who thought the iPhone SE would somehow escape the update, slipping through innovation's hands like a greased banana, was fooling themselves. Change is inevitable in all things, and a requirement for technology.
And yet, I still feel a twinge of sadness at the impending end of what was once a symbol of all iPhone technology. The home button, which originally featured a small printed square in the middle, was recognizable from a distance. It became slightly less so with Touch ID, which eventually traded movement for haptic response and the square for sparkling glass, latterly with a metal ring surrounding the Touch ID circle.
Perhaps we wouldn't have fallen in love with the iPhone and this little button if Apple hadn't done such a good job of creating it. As I wrote back in 2013, "Placing the fingerprint reader under the home button is a brilliant idea – even more so because the execution is nearly flawless."
So we have only Apple to thank and to blame for our devotion to this disappearing invention. Face ID is probably smarter, faster, and more secure, but we'll never forget the home button and Touch ID, and we may miss them long after the next iPhone SE arrives.
You might also likeWe still consider the original OnePlus Open to be the best foldable phone you can buy right now, but some new leaks suggest a successor isn't too far away – and could soon overshadow the imminent Honor Magic V3.
According to the prominent leaker Digital Chat Station on Weibo (via Android Authority), the OnePlus Open 2 will have "record-breaking thinness" alongside a host of other upgrades. Like before, it's expected to be a rebranded Oppo phone, this time the Oppo Find N5.
The main spec boost will apparently be a Snapdragon 8 Gen 4 chipset (up from the Snapdragon 8 Gen 2), with the Open 2 also including a triple-camera setup with a 50MP primary camera. It isn't yet clear how those cameras will differ from the current model, which already has a 64MP periscope telephoto.
Previous rumors from the same source have also hinted at a new 6,000mAh battery for the new foldable, which would be a huge upgrade on the 4,805 mAh cell in the current OnePlus Open.
While that battery rumor is more speculative, these new design rumors seem more plausible. Foldable phones are currently battling to shrink their footprints closer to the size of non-foldables, with Honor preparing to launch the Magic V3 at IFA 2024 – and that phone is confirmed to measure just 4.35mm when unfolded and 9.2mm when folded. The current OnePlus Open measures a comparatively beefy 11.9mm when folded.
The only issue for OnePlus Open 2 coveters is that previous rumors have pointed to a launch in early 2025 rather than a year after the current model (which landed in October 2023).
Shallow crave The original OnePlus Open (above) has a big camera bump, but does also pack in the best cameras we've seen on a foldable. (Image credit: Future / Philip Berne)While this new battle for thinness among traditional phones – like the rumored iPhone Air – feels like a slightly unnecessary blast from the early 2010s, it makes much more sense for foldables, which are naturally a bit chunkier than the handsets we've become accustomed to.
This OnePlus Open 2 leak suggests the phone will be well under 10mm thick when closed. That would make it significantly thinner than the Samsung Galaxy Z Fold 6, which is a comparatively thick 12.1mm when folded (and 5.6mm thick when unfolded). The Google Pixel 9 Pro Fold, meanwhile, is 10.5mm thick when folded, or 5.1mm when you unfold it.
Still, who will take the 'thinnest foldable' crown between the Honor Magic V3 and OnePlus Open 2 remains to be seen. The Magic V3 measures only 4.35mm when unfolded and 9.2mm when folded.
More important will be the overall experience of using the phones – and our OnePlus Open review described it as "the only big foldable phone that doesn’t feel like a compromise." If the OnePlus Open 2 can fix its weaknesses (namely, battery life, features and its sizable camera bump), then it'll remain the favorite and retain the overall top spot in our foldable phones guide.
You might also like...While Beats has been busy with new Solo Buds and reentering speakers with the Pill, it seems the Apple-owned audio brand has also been focused on updating another product… one that’s been five years in the making, as of this story's publication. The iconic earhooked Powerbeats Pro are set to return, at least according to a new teaser video posted to the Beats by Dre Instagram.
As shown off by LA Dodgers baseball superstar Shohei Ohtani, Powerbeats Pro 2 will arrive in 2025 and sport a redesigned, modern look. Not much else is known, aside from the fact that Ohtani can rock them while batting at home plate, and that the caption says they’re built "for him".
Powerbeats Pro 2 … landing in 2025A post shared by Beats by Dre (@beatsbydre)
A photo posted by on
When 2025 rolls around, it will have been six years since Powerbeats Pro launched in 2019.
In that time, Beats has continued to invest and roll out other earbuds, all of which sit directly in your ear – Fit Pro, Studio Buds Plus, and Solo Buds included. The appeal of the Powerbeats Pro is the earhook, and for those who’ve been waiting for an upgrade, faith is being rewarded. The earhook is in full force on Powerbeats Pro 2 with more subtle, rounded edges in what I’d described as a modern look.
From the teaser video, Ohtani’s Powerbeats Pro 2 appears to have a slightly thinner earhook, but it’s hard to say for sure. The bridge from the ear to the hook still has a slant – albeit a somewhat more pronounced one – but like the hook, it is dramatically thinner.
Aside from this quick look at the Powerbeats Pro 2 on-ear, everything else is up in the air, including what processor Beats is using inside, the driver for producing audio, and whether they’ve managed to shrink the case. It's safe to assume the Lightning port will be swapped for USB-C, though. Chances are a port won't be entirely removed, though, like the one on the Solo Buds.
The first-generation Powerbeats Pro in black. (Image credit: TechRadar)The original Powerbeats Pro features Apple’s H1 chip, a custom drive with support for Spatial Audio, and nine hours of playback. In fact, in TechRadar’s review, the Powerbeats Pro scored a four out of five, and we called them a big step up from previous Beats earbuds and, at the time, “Apple’s most premium workout buds.” That latter has likely been outpaced by AirPods Pro or Beats Fit Pro, but for the ear-hook fanatic, Powerbeats still likely remains the top choice.
Those specs look a little dated now, and Beats could use this as an opportunity to boost them significantly. It could opt to use its in-house developed silicon, like with other earbuds, or tap one of Apple’s chips.
I think we all hope that the combination carrying and charging case is at least shrunk. But as someone who rocked Powerbeats Pro for a while and still uses them occasionally, I’m keen to try out the second generation and thankful that Beats isn’t pulling the plug on earhooks; if anything, they’re making them cooler.
(Image credit: Beats) You Might Also LikeIFA 2024 has been bringing in plenty of tech and gaming news, and MSI has dropped its own bomb by confirming the specs for its upcoming PC gaming handheld, the MSI Claw 8 AI+.
It turns out that MSI will still be using an Intel CPU to power its system, namely the Intel Core Ultra 200V Lunar Lake SoC. MSI is also boosting the memory speed, battery life, and screen size compared to its predecessor.
The maximum system memory is increasing to 32GB, and will move from LPDDR5-6400 to LPDDR5x-8533. Battery capacity will increase to 80Wh (nearly double the original system's 53Wh), and there will be two Thunderbolt 4 ports. The new model will support the M.2 2280 SSD form factor and the screen size will increase to eight inches, though it will not be upgraded to an OLED display.
The MSI Claw 8 AI+ is the official follow-up to the original Claw 8 A1M model which was infamously met with plenty of scathing reviews and poor reception upon launch. Since then, MSI pushed out multitudes of BIOS updates that greatly improved the performance. However, it still falls short of other superior portables like the Steam Deck, Asus ROG Ally X, and Lenovo Legion GO.
Will MSI succeed this time?While I do agree with MSI’s decision to start anew with the MSI Claw 8 AI+, as the A1M model was simply not cutting it even with all the performance updates, it’s always difficult to win back lost trust when it comes to pushing out a flawed product.
The new Intel CPU it’s equipped with sounds impressive, as the Lunar Lake architecture is potentially able to blow AMD mobile CPUs out of the water performance-wise. So theoretically, it makes sense why MSI is sticking with Intel - that and it makes the MSI Claw stand out more in the growing sea of gaming handhelds.
However, considering all the massive issues the original model had, it’s hard for me to trust that this next go around with Intel won’t backfire. Technically, we never received official confirmation as to which end of the manufacturing process went wrong, but many of the portable’s woes stemmed from the constant Intel driver issues and subsequent downloads fixing them.
Personally, I’m rooting for MSI to pull out a win here, as I always support plenty of healthy competition in any given market. Having yet another viable PC gaming handheld option to choose from is a win in my book, as it’ll motivate the other tech giants to keep innovating. It also seems like MSI is listening to buyer criticism and incorporating it into their final product, much like how nearly every improvement in the ROG Ally X can be traced directly back to community feedback.
You might also likeAll physical multi-factor authentication (MFA) keys that work on Infeneon’s SLE78 microcontroller were said to be vulnerable to a cryptographic flaw which allows threat actors to clone the gadget and gain unabated access to restricted accounts. This includes the YubiKey 5, considered the most widely used hardware token based on the FIDO standard.
In an in-depth technical analysis, researchers from NinjaLab described how they discovered the flaw, and what it means for those using YubiKey 5. As explained, the SLE78 microcontroller implements the Elliptic Curve Digital Signature Algorithm (ECDSA) as its core cryptographic primitive. In short, ECDSA is a cryptographic algorithm used to create digital signatures, and if a hacker is able to read this signature, then they are able to undermine the security of the entire token.
And that’s exactly what NinjaLab did, by employing a technique known as “side-channel”. This is a type of security attack in which hackers exploit information gained from the physical implementation of a computer system, rather than weaknesses in the implemented algorithms. These attacks gather information by observing how a system operates, such as its timing, power consumption, electromagnetic emissions, or even sound.
YubiKey 5 not so easily exploitedWith SLE78, generating a different ephemeral key takes varying amounts of time, and this is something the researchers were able to read, and from it clone their own YubiKey 5 (this is a super simplified explanation).
It is definitely a major vulnerability, but one that is not that easy to replicate in the wild. The attacker would need to know the victim’s login information first, and have physical access to the MFA token. Then, they would need to tear the token apart in order to access the hardware within, and use $11,000 worth of equipment to do the reading. The reading itself, and the process of cloning the device, only takes a few minutes.
This isn’t something your average hacker could abuse, but a nation-state - absolutely. It’s also worth mentioning that there is no patch, or fix - all YubiKey 5 devices running firmware prior to version 5.7 are permanently vulnerable.
Via Ars Technica
More from TechRadar ProOne of the best VPN services on the market has just become an early mover in delivering a VPN app compatible with next-generation Windows devices.
ExpressVPN has closely collaborated with Qualcomm (developers of the Snapdragon X Elite processor) and Microsoft to accelerate the delivery of a fully ARM-compatible Windows VPN app. The team eventually found a revolutionary solution to avoid building a native ARM application from scratch.
As of September 4, the ExpressVPN ARM app is now available in beta, with a full production launch set for the middle of October.
A hybrid solutionWhile new Microsoft Copilot+ PCs powered by Snapdragon can deliver better battery life and super-fast performances, they have been worryingly lacking in VPN compatibility. This is why most VPN apps still aren't ready to support Qualcomm's high-performance ARM-based processor. This was something that the ExpressVPN team knew it needed to fix
"Snapdragon is one of the most exciting things to happen to the Windows platform in recent times, and we saw this as an opportunity to showcase a high-performance VPN solution tailored for ARM's capabilities," said Peter Membrey, Chief Engineering Officer at ExpressVPN.
The main issue with VPN compatibility on ARM Windows machines was that emulation posed serious performance limitations that could affect VPN apps' functionality. Now, ExpressVPN has found a way to fix this without the need to build a native ARM application from scratch.
As the provider explains in a blog post, the release of Microsoft’s new Prism emulator with the Windows 11 24H2 upgrade has made it possible for emulated apps to match the quality of a native build. The team then decided to harness this new opportunity by shaping its in-house built WireGuard-inspired VPN protocol, Lightway, accordingly.
"By leveraging Microsoft's enhanced emulation and Lightway's adaptable architecture, we were able to solve initial limitations and deliver this build efficiently," Membrey explains.
(Image credit: ExpressVPN)The provider promises such a hybrid approach can offer users "the best of both worlds," namely the full security of a premium VPN service and accelerated development time.
As we mentioned earlier, just a handful of top VPN services are available for ARM Windows devices at the time of writing. Private Internet Access (PIA) launched its ARM-native app about a month ago. Windscribe and Surfshark also have ARM-native Windows VPN apps, while the likes of NordVPN, and ProtonVPN are currently working on their versions.
ExpressVPN now believes that its innovative approach to ARM compatibility marks a significant milestone in VPN technology. This could then support other providers fasten their transition to ARM.
Membrey said: "We’re proud to be one of the first major VPN providers to demonstrate our commitment to this platform, and we will continue to optimize Lightway and our software to ensure that users can enjoy the best that Snapdragon, Microsoft, and ExpressVPN have to offer."