Crypto-Gram
April 15, 2026

by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram's web page.

Read this issue on the web

These same essays and news items appear in the Schneier on Security blog, along with a lively and intelligent comment section. An RSS feed is available.

** *** ***** ******* *********** *************
In this issue:

If these links don't work in your email client, try reading this issue of Crypto-Gram on the web.

Possible New Result in Quantum Factorization
South Korean Police Accidentally Post Cryptocurrency Wallet Password
Meta?s AI Glasses and Privacy
Hacking a Robot Vacuum
Proton Mail Shared User Information with the Police
Microsoft Xbox One Hacked
Team Mirai and Democracy
Sen. Wyden Warns of Another Section 702 Abuse
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
Apple?s Camera Indicator Lights
Inventors of Quantum Cryptography Win Turing Award
A Taxonomy of Cognitive Security
Is "Hackback" Official US Cybersecurity Strategy?
Possible US Government iPhone Hacking Tool Leaked
US Bans All Foreign-Made Consumer Routers
Company that Secretly Records and Publishes Zoom Meetings
Google Wants to Transition to Post-Quantum Cryptography by 2029
New Mexico?s Meta Ruling and Encryption
Hong Kong Police Can Force You to Reveal Your Encryption Keys
Cybersecurity in the Age of Instant Software
Python Supply-Chain Compromise
On Microsoft?s Lousy Cloud Security
Sen. Sanders Talks to Claude About AI and Privacy
AI Chatbots and Trust
On Anthropic?s Mythos Preview and Project Glasswing
How Hackers Are Thinking About AI
Upcoming Speaking Engagements

** *** ***** ******* *********** *************
Possible New Result in Quantum Factorization

[2026.03.16] I?m skeptical about -- and not qualified to review -- this new result in factorization with a quantum computer, but if it?s true it?s a theoretical improvement in the speed of factoring large numbers with a quantum computer.

EDITED TO ADD (4/13): This post points out that the algorithm only works with small numbers.

** *** ***** ******* *********** *************
South Korean Police Accidentally Post Cryptocurrency Wallet Password

[2026.03.17] An expensive mistake:

Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea?s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet.

The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million).

When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management.

However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device.

The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet.

Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

EDITED TO ADD (4/13): It seems that the thief returned the money, and a second thief promptly stole it again.

** *** ***** ******* *********** *************
Meta?s AI Glasses and Privacy

[2026.03.18] Surprising no one, Meta?s new AI glasses are a privacy disaster.

I?m not sure what can be done here. This is a technology that will exist, whether we like it or not.

Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

** *** ***** ******* *********** *************
Hacking a Robot Vacuum

[2026.03.19] Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world.

The IoT is horribly insecure, but we already knew that.

** *** ***** ******* *********** *************
Proton Mail Shared User Information with the Police

[2026.03.20] 404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI.

It?s metadata -- payment information related to a particular account -- but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.

** *** ***** ******* *********** *************
Microsoft Xbox One Hacked

[2026.03.23] It?s an impressive feat, over a decade after the box was released:

Since reset glitching wasn?t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn?t ?see? into the Xbox One, so had to develop new hardware introspection tools.

Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data.

As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.

** *** ***** ******* *********** *************
Team Mirai and Democracy

[2026.03.24] Japan?s election last month and the rise of the country?s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics.

In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations.

Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They?re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking.

Voters get immediate feedback on how their individual point of view matches -- or doesn?t -- a party?s platform, and they can see whether and how the party adopts their feedback. This isn?t like an opinion poll that politicians use for calculating short-term electoral tactics. It?s a deliberative reasoning process that scales, engaging voters in defining policy and helping candidat
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (21:1/229)