Items tagged with Encryption

Ever since the coronavirus pandemic exploded earlier this year, videoconferencing service Zoom has seen its popularity soar. During its ascent, Zoom has faced a number of challenges related to privacy and security, so on May 22, the company released the draft design of its end-to-end encryption (E2EE) implementation. Zoom says that since that date it has engaged with civil liberty organizations, its CISO council, child safety advocates, encryption experts, government representatives, its users, and others to get feedback on the feature. Ultimately, Zoom says that it explored new technologies that would enable it to offer E2EE for all tiers of users, even free users. This week, the video conferencing... Read more...
Zoom has been riding high due to the COVID-19 pandemic, and has in the past few months become a household name as families, businesses, and schools have used the platform to keep people in touch. The company this week announced its fiscal Q1 2021 earnings and absolutely crushed it, reporting revenue of $328 million (up 169 percent year-over-year). Coming off that big earnings win, Zoom CEO Eric Yuan explained that the previously-announced end-to-end encryption functionality would not be available to all users. Instead, it will only be available to users that actually use the paid version of Zoom, which starts at $14.99 month per host. So, what about Zoom users with free accounts... Read more...
Google began rolling out version 80 of its Chrome browser to the public at large in early February, with the most publicized feature being a new cookie classification system designed to give users more control over cookie controls. While cookie handling dominated the headlines, Chrome 80 also added stronger encryption, though perhaps not strong enough. Starting with Chrome 80, the browser encrypts local passwords and cookies in Windows using AES-256 encryption. Prior to Chrome 80, the browser leveraged the data protection API (DPAPI) built into the OS to handle encryption chores. And it still does, but AES-256 acts as another layer of protection for added security. This was thought to thwart... Read more...
U.S. lawmakers have been on a mission to kill end-to-end encryption as we known it. And we're not just talking about killing encryption (or at least providing backdoors) on devices like iPhones or the Google Pixel 4, but also online software platforms from Facebook and Google. The bill is entitled "The Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019,” which of course has to work out to some hip catchphrase, which in this case is the "EARN IT Act". Sponsors of the bill include Senators Lindsay Graham (R) and Richard Blumenthal (D). At its heart, the senators claim that the legislation is aimed at stopping child sexual abuse and the exploitation of... Read more...
President Donald Trump has butted heads with the US Federal Bureau of Investigation (FBI) in the past, but when it comes to  use of encryption on iPhone handsets, he is squarely in the FBI's corner. Both he and the FBI want Apple to build a backdoor into iOS that would allow law enforcement officials to access locked iPhone devices, a notion he reiterated in a recent interview. Apple has so far resisted appeasing the FBI in such a manner, due to concerns that such a backdoor would compromise the security of every iPhone and iPad owner on the planet. In lieu of relenting on its stance, Apple helps law enforcement in other ways during criminal investigations where iPhones come into play, such... Read more...
Apple and the FBI have clashed over encryption policies on numerous occasions, with the latter pressuring the former to build a backdoor into iOS to make it easier for authorities to crack into locked iPhone handsets. To this point, Apple has not wavered, or so we thought. New information suggests Apple had planned to support fully encrypted iCloud backups, but relented after objections from the FBI. In case you have not been following this saga, Apple and FBI butted heads publicly following the deadly San Bernardino shooting in late 2015. The FBI recovered an iPhone 5C that belonged to one of the terrorists involved in the shooting, who was killed in a showdown with police. It then sought Apple's... Read more...
Here we go again, the United States Federal Bureau of Investigation (FBI) is exerting pressure on Apple to help unlock an older iPhone model as part of a crime investigation, and just like before, there's another layer to the story. On the surface, it might seem reasonable to pressure a device maker to thwart its own creations, in the name of public safety and all that jazz. But that's a bulls**t excuse. I'll tell you why. We saw this play out before. At the tail end of 2015, a pair of terrorists went on a shooting spree in San Bernardino, killing 14 people and wounding 22 others. It was awful. Both terrorists died in a shootout with police, and authorities subsequently recovered an iPhone 5C... Read more...
In a recent post to Twitter, President Donald Trump offered up harsh criticism on Apple's policy of refusing to "unlock phones used by killers, drug dealers, and other violent criminals," which boils down to a fundamental argument over privacy and encryption, and the iPhone maker's resistance to building a backdoor into iOS. Apple's stance drew widespread attention following the shooting by a pair of San Bernardino terrorists a few years ago. Authorities had recovered an iPhone 5C that belonged to one of the shooters, but he perished in the gunfire during a confrontation with police. Initial attempts to bypass the iPhone's security to unlock the handset were unsuccessful, leading to a legal showdown... Read more...
Apple created a bit of ill-will for itself after it leveraged the Digital Millennium Copyright Act (DMCA) to compel Twitter to take down a tweet of an encryption key for its iPhone handsets. Around the same time, several DMCA take down requests were also sent to Reddit for posts on r/jailbreak, though it has not been confirmed if Apple and its legal time were behind the latter. As it applies to the Twitter post, security researcher "Siguza" (@s1guza) posted what looks to be an encryption key that could potentially be used to reverse engineer the iPhone's Secure Enclave Processor, thereby defeating the device's encryption scheme and exposing sensitive data. That did not sit well with Apple. The... Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,... Read more...
Google has launched another (Go edition) version of Android for entry-level smartphones, built on top of Android 10. It's the second release of a (Go edition) build, and is "faster and more secure" than the previous release that was built on top of Android 9 Pie, Google claims. Part of that claim is tied to a new encryption scheme. Android (Go edition) is not an entirely separate OS—it's a platform designed for smartphones with 1.5GB of memory or less. It features optimizations tailored for lower end handsets to ensure a "high quality" experience without necessitating burlier (and more expensive) hardware. This is part of an broader effort to make lower cost handsets feasible. "In the last... Read more...
WhatsApp bills itself as a free and secure messaging application with end-to-end encryption and cross platform support, all of which have made it a popular option. However, it may not be as secure as advertised. Vulnerabilities that were disclosed last year have still not been addressed, and if abused, could allow an attacker to spoof messages. Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat... Read more...
Several technology firms have written an open letter to the GCHQ (Government Communications Headquarters), a UK intelligence and security organization, in response to the agency's proposed eavesdropping measure. If implemented, law enforcement would be able to spy on encrypted messages, such as those that are sent with WhatsApp, a secure instant messaging platform. WhatsApp is one of nearly four dozen signature on the open letter. Others include Apple, Google, and Microsoft. At issue is a "ghost" protocol that would effectively allow law enforcement or some other entity to silently observe encrypted chats in plain text, both without the knowledge of the parties participating in the chat, and... Read more...
Firefox Send, a file transfer service that Mozilla first introduced in beta form back in 2017, is now fully available for the public to try out. Mozilla has repositioned Firefox as an alternative browser with a heavy focus and security and privacy, and Firefox Send is an extension of this philosophy. With Firefox Send, you can head over to send.firefox.com and transfer files up to 1TB in size to another person. You can use any browser -- not just Firefox -- to initiate the transfer. This is done completely free of charge, and there are no strings attached. In addition, Firefox Send uses end-to-end encryption to ensure that your data is safe.  Wisely, Mozilla is providing granular... Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.  Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant... Read more...
Encryption certainly isn't the sexiest of topics for most people; we want our data to be secure from nefarious sorts and then move on. The challenge with encryption is that depending on the algorithm and type of encryption used, it can consume lots of system resources. This isn't such a big deal on high-end smartphones as many of them have special hardware to handle the encryption workload. It is a big deal on lower-end devices that have to do all the encryption work on the main SoC, and for those devices, it can mean poor performance and batteries that drain faster. Google has a new mode of storage encryption called Adiantum that is made specifically for devices that lack the capacity to use... Read more...
Go home, Australian government, you're drunk. That's the general sentiment among technology firms and privacy advocates around the world, in response to a controversial encryption bill Australia's parliament passed this week. The new legislation forces companies to crack their own encryption when and if it's requested by law enforcement and intelligence agencies. That in and of itself is controversial—Apple, for example, refused the US Federal Bureau of Investigation's demands to build a backdoor into iOS so that it could crack an iPhone that was confiscated from a crime scene. The issue was headed to court, until the FBI found another way to unlock the iPhone, and subsequently dropped... Read more...
Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption. SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the... Read more...
One aspect of smartphones that largely gets overlooked is security. For many consumers, the technical details surrounding stronger encryption just isn't as interesting as advancements in camera technology and other prominent features. For those who do care to know more, however, Google wrote a blog post describing its Titan M chip that is the backbone of security for its recently launched Pixel 3 and Pixel 3 XL handsets. "Last year on Pixel 2, we also included a dedicated tamper-resistant hardware security module to protect your lock screen and strengthen disk encryption. This year, with Pixel 3, we’re advancing our investment in secure hardware with Titan M, an enterprise-grade security... Read more...
Apple has a history of butting heads with government officials over the topic of encryption, and specifically whether the Cupertino outfit should be forced to install a backdoor into its iOS devices primarily for law enforcement to use. It's not just the US Federal Bureau of Investigation (FBI) that Apple disagrees with, though. Apple is taking the Australian government to task over a "dangerously ambiguous" bill that deals with encryption. Australia's draft Access and Assistance Bill grants authority to certain agencies "to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era." The bill seeks to establish... Read more...
A pair of macOS security experts have discovered a bug in the latest version of macOS that exposes the contents of files, including ones that are encrypted and are supposed to be safe from prying eyes. The security flaw exists within Apple's 'Quick Look' feature, which caches thumbnails and names of files, even when the files are stored within a password protected encrypted container, such as a hard drive or a separate partition. The issue with Quick Look is that it stores that data in a non-encrypted location. Even worse, they apparently remain on the hard drive, even if a user deletes the original file that he or she previewed via QuickLook. "This means that all photos that you have previewed... Read more...
Apple has confirmed plans to bolt shut a security hole in iPhone devices that law enforcement agencies have been using to gain entrance into locked handsets after seizing them from suspected criminals. As can be imagined, those same agencies are none too pleased with Apple's decision. As far as Apple is concerned, however, it's a matter of security and privacy for consumers, both of which are compromised by certain third-party devices. For example, companies like GrayShift and Cellebrite offer USB devices that enable customers to thwart existing security measures in iOS, and in particular a set number of password guesses before being permanently locked out of an iPhone or the data is erased.... Read more...
1 2 3 4 5 Next ... Last