Crypto-Gram
April 15, 2026
by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit Crypto-Gram's web page.
Read this issue on the web
These same essays and news items appear in the Schneier on Security blog, along
with a lively and intelligent comment section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
If these links don't work in your email client, try reading this issue of
Crypto-Gram on the web.
Possible New Result in Quantum Factorization
South Korean Police Accidentally Post Cryptocurrency Wallet Password
Meta?s AI Glasses and Privacy
Hacking a Robot Vacuum
Proton Mail Shared User Information with the Police
Microsoft Xbox One Hacked
Team Mirai and Democracy
Sen. Wyden Warns of Another Section 702 Abuse
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning
Voters
Apple?s Camera Indicator Lights
Inventors of Quantum Cryptography Win Turing Award
A Taxonomy of Cognitive Security
Is "Hackback" Official US Cybersecurity Strategy?
Possible US Government iPhone Hacking Tool Leaked
US Bans All Foreign-Made Consumer Routers
Company that Secretly Records and Publishes Zoom Meetings
Google Wants to Transition to Post-Quantum Cryptography by 2029
New Mexico?s Meta Ruling and Encryption
Hong Kong Police Can Force You to Reveal Your Encryption Keys
Cybersecurity in the Age of Instant Software
Python Supply-Chain Compromise
On Microsoft?s Lousy Cloud Security
Sen. Sanders Talks to Claude About AI and Privacy
AI Chatbots and Trust
On Anthropic?s Mythos Preview and Project Glasswing
How Hackers Are Thinking About AI
Upcoming Speaking Engagements
** *** ***** ******* *********** *************
Possible New Result in Quantum Factorization
[2026.03.16] I?m skeptical about -- and not qualified to review -- this new
result in factorization with a quantum computer, but if it?s true it?s a
theoretical improvement in the speed of factoring large numbers with a quantum
computer.
EDITED TO ADD (4/13): This post points out that the algorithm only works with
small numbers.
** *** ***** ******* *********** *************
South Korean Police Accidentally Post Cryptocurrency Wallet Password
[2026.03.17] An expensive mistake:
Someone jumped at the opportunity to steal $4.4 million in crypto assets
after South Korea?s National Tax Service exposed publicly the mnemonic recovery
phrase of a seized cryptocurrency wallet.
The funds were stored in a Ledger cold wallet seized in law enforcement
raids at 124 high-value tax evaders that resulted in confiscating digital assets
worth 8.1 billion won (currently approximately $5.6 million).
When announcing the success of the operation, the agency released photos of
a Ledger device, a popular hardware wallet for crypto storage and management.
However, the images also showed a handwritten note of the wallet recovery
phrase, which serves as the master key that allows restoring the assets to
another device.
The authorities failed to redact that info, allowing anyone to transfer into
their account the assets in the cold wallet.
Reportedly, shortly after the press release was published, 4 million
Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were
transferred out of the confiscated wallet to a new address.
EDITED TO ADD (4/13): It seems that the thief returned the money, and a second
thief promptly stole it again.
** *** ***** ******* *********** *************
Meta?s AI Glasses and Privacy
[2026.03.18] Surprising no one, Meta?s new AI glasses are a privacy disaster.
I?m not sure what can be done here. This is a technology that will exist,
whether we like it or not.
Meanwhile, there is a new Android app that detects when there are smart glasses
nearby.
** *** ***** ******* *********** *************
Hacking a Robot Vacuum
[2026.03.19] Someone tries to remote control his own DJI Romo vacuum, and ends
up controlling 7,000 of them from all around the world.
The IoT is horribly insecure, but we already knew that.
** *** ***** ******* *********** *************
Proton Mail Shared User Information with the Police
[2026.03.20] 404 Media has a story about Proton Mail giving subscriber data to
the Swiss government, who passed the information to the FBI.
It?s metadata -- payment information related to a particular account -- but
still important knowledge. This sort of thing happens, even to privacy-centric
companies like Proton Mail.
** *** ***** ******* *********** *************
Microsoft Xbox One Hacked
[2026.03.23] It?s an impressive feat, over a decade after the box was released:
Since reset glitching wasn?t possible, Gaasedelen thought some voltage
glitching could do the trick. So, instead of tinkering with the system rest
pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This
was quite a feat, as Gaasedelen couldn?t ?see? into the Xbox One, so had to
develop new hardware introspection tools.
Eventually, the Bliss exploit was formulated, where two precise voltage
glitches were made to land in succession. One skipped the loop where the ARM
Cortex memory protection was setup. Then the Memcpy operation was targeted
during the header read, allowing him to jump to the attacker-controlled data.
As a hardware attack against the boot ROM in silicon, Gaasedelen says the
attack in unpatchable. Thus it is a complete compromise of the console allowing
for loading unsigned code at every level, including the Hypervisor and OS.
Moreover, Bliss allows access to the security processor so games, firmware, and
so on can be decrypted.
** *** ***** ******* *********** *************
Team Mirai and Democracy
[2026.03.24] Japan?s election last month and the rise of the country?s newest
and most innovative political party, Team Mirai, illustrates the viability of a
different way to do politics.
In this model, technology is used to make democratic processes stronger, instead
of undermining them. It is harnessed to root out corruption, instead of serving
as a cash cow for campaign donations.
Imagine an election where every voter has the opportunity to opine directly to
politicians on precisely the issues they care about. They?re not expected to
spend hours becoming policy experts. Instead, an AI Interviewer walks them
through the subject, answering their questions, interrogating their experience,
even challenging their thinking.
Voters get immediate feedback on how their individual point of view matches --
or doesn?t -- a party?s platform, and they can see whether and how the party
adopts their feedback. This isn?t like an opinion poll that politicians use for
calculating short-term electoral tactics. It?s a deliberative reasoning process
that scales, engaging voters in defining policy and helping candidat
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (618:500/1)
|
Computer Support/Help/Discussion... 
