Former British PM Liz Truss' Phone Hacked | iOS Bluetooth Eavesdropping Bug | New Digital ID and Health Insurance for Japan

October 31st

Article by Christopher Lauder, Client Engagement Executive, Rela8 Group

Former British PM Liz Truss' Phone Hacked

As it’s Halloween, let us begin with a spooky story here in the UK. It has been alleged that Liz Truss' personal mobile phone was hacked by agents suspected of working for the Kremlin in Russia. It is believed that they gained access to top-secret exchanges with key international partners.

It has been said by one source that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

The hack was discovered during the summer Tory leadership campaign, but the news was suppressed, the Mail on Sunday said. Details about the hack were suppressed by then-prime minister Boris Johnson and Cabinet Secretary Simon Case, The Mail on Sunday claimed, citing what it said amounted to a "news blackout" imposed by Mr Case.

The newspaper also said private messages exchanged between Ms Truss and Kwasi Kwarteng, her close friend whom she made chancellor when she became prime minister, were also uncovered by the alleged hack.

It is not clear how any hack happened, but opposition parties have seized on the issue. Shadow Home Secretary Yvette Cooper had this to say on the issue:

"There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies."

"There are also serious security questions around why and how this information has been leaked or released right now which must also be urgently investigated."

The Liberal Democrats foreign affairs spokesperson Layla Moran MP raised concerns about why the alleged hack had not been made public earlier:

"We need an urgent independent investigation to uncover the truth. If it turns out this information was withheld from the public to protect Liz Truss' leadership bid, that would be unforgivable."

The government has refused to comment on any of the details reported by the Mail on Sunday. A spokesperson has stated:

"The government has robust systems in place to protect against cyber threats. That includes regular security briefings for ministers, and advice on protecting their personal data and mitigating cyber threats."

Source - Liz Truss Phone Hack - BBC News

Source - Liz Truss Phone Hack - Independent

Source - Liz Truss Phone Hack - Sky News

Source - Liz Truss Phone Hack - Daily Mail

We need an urgent independent investigation to uncover the truth. If it turns out this information was withheld from the public to protect Liz Truss' leadership bid, that would be unforgivable
Layla Moran, MP and Liberal Democrats foreign affairs spokesperson

iOS Bluetooth Eavesdropping Bug 

Apple released iOS 16.1 and macOS Ventura to the public this week. In addition to headlining new features and changes, there are also essential security fixes as well. Similar to a previous story we have covered, this bug has allowed apps with access to Bluetooth to record user conversations with Siri and audio from the iOS keyboard dictation feature while using AirPods or Beats headsets.

The findings come from app developer Guilherme Rambo, who published a blog post about the new vulnerability on Wednesday. Here’s the TL; DR on the bug that Rambo found and reported to Apple, and Apple fixed with iOS 16.1:

“Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.”

Earlier this week, the company reportedly fixed the vulnerability (tracked by Apple as CVE-2022-32946) and said they would reward Rambo $7000 for discovering it.

Source - iOS Eavesdropping Bug - Rambo Codes

Source - iOS Eavesdropping Bug - 9to5 Mac

Source - iOS Eavesdropping Bug - InfoSecurity Magazine

New Digital ID and Health Insurance for Japan

Beginning in Autumn 2024, existing photo-less national health insurance cards will no longer be accepted, officially replaced by My Number Cards. However, Japan's plan to phase out public health insurance cards in favour of linking the services to a digital ID card could compel those who oppose the digitisation to sign up. 

The My Number Card, which has been around since 2016, incorporates a microchip and photo, and links to other credentials such as driving licenses and tax department accounts.

Cardholders use a PIN and the card to access services such as Mynaportal – an online system for registering and changing bank accounts, viewing health insurance information, checking pension info, and other related services. To assuage the public's concerns regarding the change, Digital Minister Kono Taro had this to say:

"The My Number system is NOT a system that keeps or manages your information in a centrally located place. Each administrative agency manages and operations (sic) the information independently and works with the information relevant only to their operations. Information such as your taxes, pension information, and medical records cannot be obtained from the chip if another person tries to access your lost card."

Kono is among the Japanese politicians pushing users toward the My Number Card. There's only one problem, Japan's residents seem reluctant to adopt them. An online petition has been started to keep current health cards that quickly gathered 100,000 signatures.

The goal is for almost all citizens to have a My Number Card by March 2023, but on October 14, it was revealed at a press conference that the total number of My Number Card applicants had reached 70.79 million, and the number of issued cards was 62.53 million – a sizeable shortfall of Japan's 125 million population.

Furthermore, the process of getting a card itself can be cumbersome. Applying for a card was – no joke – originally only available via the postal service until, by its own admission, the issuing authority received enough complaints to offer it online as well. Applicants must collect the card in person, proving their identity with a barrage of documents.

Once the card is in hand, accessing the system can also be tough. Users who forget their PIN can be locked out of their account, and the website itself can be difficult for the digitally unsavvy. Additionally, if the card is stolen or lost, it takes two months to get a new one.

At another press conference on October 21, it was conceded that the integration had some issues – such as dealing with infants and prompt issuance in the event of loss – leading several government organisations to review the procedures for applying to acquire the card.

In parliament this week, Prime Minister Fumio Kishida reportedly said the country will continue plans to phase out the health insurance cards. However, the government will also make arrangements for those who pay into plans to continue using their public health insurance.

Source - Japan Digital ID - AP News

Source - Japan Digital ID - VOA News

Source - Japan Digital ID - Fox News

Source - Japan Digital ID - Biometric Update

If you want to get in touch then give us a shout