
2016 Emerging Cyber Threats Report - Oatseller
http://www.iisp.gatech.edu/2016-emerging-cyber-threats-report
======
jackgavigan
Something that I've found myself thinking a lot about recently is the
difficulty of ensuring that the code/app/software a user is running (on their
own device) hasn't been replaced with a compromised/backdoored/trojan'd
doppelganger that's secretly siphoning off all your data.

It's effectively a DRM challenge, and the sort of thing you can handle using a
secret if the platform is secure but it's not clear to me whether solutions
like ARM's TrustZone can be leveraged to protect secrets in this way.

~~~
tshadwell
You could use something like YubiKey and regularly check for its presence.

~~~
jackgavigan
On a smartphone?

~~~
dspillett
Maybe if you have one of the NFC capable ones and your phone is capable of
that (admittedly there aren't overly many that are) and implement it properly
(no Windows phones do, apparently, reducing the target device list still
further).

Of you your device supports keyboards via USB OTG, though none of my current
devices (an Android phone, a Windows phone, and a Windows-proper tablet) seem
to recognise a yubikey plugged in this way (at least the tablet and android
phone recognise normal keyboards, the Windows phone I've not tried)

------
imglorp
> Cyber espionage shows no sign of abating

It's not clear how the public can evaluate this. It's necessarily kept secret
by all participants.

What is abundantly clear is that it's far more profitable for states to
surveil their own citizens than anyone else, and some states like the US, UK,
and AU are going to extreme lengths to do so and make it legal.

------
yesme
True, you might want to check this thread that was trending last day
[https://news.ycombinator.com/item?id=10463286](https://news.ycombinator.com/item?id=10463286)
.

