Items tagged with Encryption

President Donald Trump has butted heads with the US Federal Bureau of Investigation (FBI) in the past, but when it comes to  use of encryption on iPhone handsets, he is squarely in the FBI's corner. Both he and the FBI want Apple to build a backdoor into iOS that would allow law enforcement officials to access locked iPhone devices, a notion he reiterated in a recent interview. Apple has so far resisted appeasing the FBI in such a manner, due to concerns that such a backdoor would compromise the security of every iPhone and iPad owner on the planet. In lieu of relenting on its stance, Apple helps law enforcement in other ways during criminal investigations where iPhones come into play, such... Read more...
Apple and the FBI have clashed over encryption policies on numerous occasions, with the latter pressuring the former to build a backdoor into iOS to make it easier for authorities to crack into locked iPhone handsets. To this point, Apple has not wavered, or so we thought. New information suggests Apple had planned to support fully encrypted iCloud backups, but relented after objections from the FBI. In case you have not been following this saga, Apple and FBI butted heads publicly following the deadly San Bernardino shooting in late 2015. The FBI recovered an iPhone 5C that belonged to one of the terrorists involved in the shooting, who was killed in a showdown with police. It then sought Apple's... Read more...
Here we go again, the United States Federal Bureau of Investigation (FBI) is exerting pressure on Apple to help unlock an older iPhone model as part of a crime investigation, and just like before, there's another layer to the story. On the surface, it might seem reasonable to pressure a device maker to thwart its own creations, in the name of public safety and all that jazz. But that's a bulls**t excuse. I'll tell you why. We saw this play out before. At the tail end of 2015, a pair of terrorists went on a shooting spree in San Bernardino, killing 14 people and wounding 22 others. It was awful. Both terrorists died in a shootout with police, and authorities subsequently recovered an iPhone 5C... Read more...
In a recent post to Twitter, President Donald Trump offered up harsh criticism on Apple's policy of refusing to "unlock phones used by killers, drug dealers, and other violent criminals," which boils down to a fundamental argument over privacy and encryption, and the iPhone maker's resistance to building a backdoor into iOS. Apple's stance drew widespread attention following the shooting by a pair of San Bernardino terrorists a few years ago. Authorities had recovered an iPhone 5C that belonged to one of the shooters, but he perished in the gunfire during a confrontation with police. Initial attempts to bypass the iPhone's security to unlock the handset were unsuccessful, leading to a legal showdown... Read more...
Apple created a bit of ill-will for itself after it leveraged the Digital Millennium Copyright Act (DMCA) to compel Twitter to take down a tweet of an encryption key for its iPhone handsets. Around the same time, several DMCA take down requests were also sent to Reddit for posts on r/jailbreak, though it has not been confirmed if Apple and its legal time were behind the latter. As it applies to the Twitter post, security researcher "Siguza" (@s1guza) posted what looks to be an encryption key that could potentially be used to reverse engineer the iPhone's Secure Enclave Processor, thereby defeating the device's encryption scheme and exposing sensitive data. That did not sit well with Apple. The... Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,... Read more...
Google has launched another (Go edition) version of Android for entry-level smartphones, built on top of Android 10. It's the second release of a (Go edition) build, and is "faster and more secure" than the previous release that was built on top of Android 9 Pie, Google claims. Part of that claim is tied to a new encryption scheme. Android (Go edition) is not an entirely separate OS—it's a platform designed for smartphones with 1.5GB of memory or less. It features optimizations tailored for lower end handsets to ensure a "high quality" experience without necessitating burlier (and more expensive) hardware. This is part of an broader effort to make lower cost handsets feasible. "In the last... Read more...
WhatsApp bills itself as a free and secure messaging application with end-to-end encryption and cross platform support, all of which have made it a popular option. However, it may not be as secure as advertised. Vulnerabilities that were disclosed last year have still not been addressed, and if abused, could allow an attacker to spoof messages. Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat... Read more...
Several technology firms have written an open letter to the GCHQ (Government Communications Headquarters), a UK intelligence and security organization, in response to the agency's proposed eavesdropping measure. If implemented, law enforcement would be able to spy on encrypted messages, such as those that are sent with WhatsApp, a secure instant messaging platform. WhatsApp is one of nearly four dozen signature on the open letter. Others include Apple, Google, and Microsoft. At issue is a "ghost" protocol that would effectively allow law enforcement or some other entity to silently observe encrypted chats in plain text, both without the knowledge of the parties participating in the chat, and... Read more...
Firefox Send, a file transfer service that Mozilla first introduced in beta form back in 2017, is now fully available for the public to try out. Mozilla has repositioned Firefox as an alternative browser with a heavy focus and security and privacy, and Firefox Send is an extension of this philosophy. With Firefox Send, you can head over to send.firefox.com and transfer files up to 1TB in size to another person. You can use any browser -- not just Firefox -- to initiate the transfer. This is done completely free of charge, and there are no strings attached. In addition, Firefox Send uses end-to-end encryption to ensure that your data is safe.  Wisely, Mozilla is providing granular... Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.  Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant... Read more...
Encryption certainly isn't the sexiest of topics for most people; we want our data to be secure from nefarious sorts and then move on. The challenge with encryption is that depending on the algorithm and type of encryption used, it can consume lots of system resources. This isn't such a big deal on high-end smartphones as many of them have special hardware to handle the encryption workload. It is a big deal on lower-end devices that have to do all the encryption work on the main SoC, and for those devices, it can mean poor performance and batteries that drain faster. Google has a new mode of storage encryption called Adiantum that is made specifically for devices that lack the capacity to use... Read more...
Go home, Australian government, you're drunk. That's the general sentiment among technology firms and privacy advocates around the world, in response to a controversial encryption bill Australia's parliament passed this week. The new legislation forces companies to crack their own encryption when and if it's requested by law enforcement and intelligence agencies. That in and of itself is controversial—Apple, for example, refused the US Federal Bureau of Investigation's demands to build a backdoor into iOS so that it could crack an iPhone that was confiscated from a crime scene. The issue was headed to court, until the FBI found another way to unlock the iPhone, and subsequently dropped... Read more...
Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption. SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the... Read more...
1 2 3 4 5 Next ... Last