Items tagged with Encryption

Wondering if Mark Zuckerberg and the gang at Facebook are reading your encrypted WhatsApp messages? The social networking site insists it does not, as end-to-end encryption is what keeps everything private. Nevertheless, if you send a message through WhatsApp, it could still end up being read by a Facebook moderator. How so? End-to-end encryption basically means your data (messages, in this instance) gets scrambled in a way that appears as though it just a random mess of characters. There is a logical order, but unlocking the mystery requires a key, which only the sender and receiver possess. It's virtually unreadable to digital snoops, and that is the main appeal of WhatsApp. Earlier today,... Read more...
Facebook is reportedly pouring resources into research that would potentially allow it to analyze encrypted messages without actually decrypting the data, so that it can serve up targeted ads based on private communications. The technique is called homomorphic encryption. Should users of WhatsApp, the secure instant messaging service owned by Facebook, be concerned? WhatsApp boss Will Cathcart says no. WhatsApp is popular because its end-to-end encryption scheme renders messages unreadable by anyone outside of the sender and recipient. So even if the data is intercepted, it would just be a bunch of garbled text to the hacker, who would need a decryption key to make sense of it all. Homomorphic... Read more...
Worried about those secret recipes, sultry photos, or other confidential messages you have been sending on your Android phone? Well, good news. Google feels it has sufficiently tested its end-to-end encryption feature that arrived in beta last year, and is now rolling it out to the masses. However, there are some things you should know. For one, end-to-end encryption can only be enabled when chatting with one other person. It does not work for group chats, so keep that in mind. Also be aware that end-to-end encryption is not available for SMS (short message service) and MMS (multimedia messaging service) texts, and instead you have to be taking advantage of RCS (rich communications service).... Read more...
In the days of old, important files were kept in locked file cabinets, and the really important stuff would be secured inside a safe. And to some extent, that is still the case today. However, nearly everything is digitized these days, and so Western Digital is launching its new ArmorLock security platform to keep sensitive data away from prying eyeballs. For the time being, this is not something that the typical home consumer needs to worry about—Aunt Mabel's passed-down cookie recipe might be a hit at school bake sales, but data thieves have bigger targets. Those targets exist within finance, government, healthcare, IT enterprise, legal, and media and entertainment industries, and that's... Read more...
The debate over whether smartphone owners should be legally compelled to involuntary unlock their handsets for law enforcement rages on, and advocates that they should just scored a key victory in New Jersey. In a 4-3 vote, the New Jersey Supreme Court ruled that a former police office accused of tipping off a gang member via text messaging is not protected by the Fifth Amendment, and must unlock his phone. Robert Andrews was at one time an Essex County sheriff's officer. Prosecutors allege he had ties with a street gang member named Quincy Lowery, a suspected drug dealer who was ultimately arrested in 2015. Lowery told prosecutors that he had communicated with Andrews about the investigation... Read more...
Ever since the coronavirus pandemic exploded earlier this year, videoconferencing service Zoom has seen its popularity soar. During its ascent, Zoom has faced a number of challenges related to privacy and security, so on May 22, the company released the draft design of its end-to-end encryption (E2EE) implementation. Zoom says that since that date it has engaged with civil liberty organizations, its CISO council, child safety advocates, encryption experts, government representatives, its users, and others to get feedback on the feature. Ultimately, Zoom says that it explored new technologies that would enable it to offer E2EE for all tiers of users, even free users. This week, the video conferencing... Read more...
Zoom has been riding high due to the COVID-19 pandemic, and has in the past few months become a household name as families, businesses, and schools have used the platform to keep people in touch. The company this week announced its fiscal Q1 2021 earnings and absolutely crushed it, reporting revenue of $328 million (up 169 percent year-over-year). Coming off that big earnings win, Zoom CEO Eric Yuan explained that the previously-announced end-to-end encryption functionality would not be available to all users. Instead, it will only be available to users that actually use the paid version of Zoom, which starts at $14.99 month per host. So, what about Zoom users with free accounts... Read more...
Google began rolling out version 80 of its Chrome browser to the public at large in early February, with the most publicized feature being a new cookie classification system designed to give users more control over cookie controls. While cookie handling dominated the headlines, Chrome 80 also added stronger encryption, though perhaps not strong enough. Starting with Chrome 80, the browser encrypts local passwords and cookies in Windows using AES-256 encryption. Prior to Chrome 80, the browser leveraged the data protection API (DPAPI) built into the OS to handle encryption chores. And it still does, but AES-256 acts as another layer of protection for added security. This was thought to thwart... Read more...
U.S. lawmakers have been on a mission to kill end-to-end encryption as we known it. And we're not just talking about killing encryption (or at least providing backdoors) on devices like iPhones or the Google Pixel 4, but also online software platforms from Facebook and Google. The bill is entitled "The Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019,” which of course has to work out to some hip catchphrase, which in this case is the "EARN IT Act". Sponsors of the bill include Senators Lindsay Graham (R) and Richard Blumenthal (D). At its heart, the senators claim that the legislation is aimed at stopping child sexual abuse and the exploitation of... Read more...
President Donald Trump has butted heads with the US Federal Bureau of Investigation (FBI) in the past, but when it comes to  use of encryption on iPhone handsets, he is squarely in the FBI's corner. Both he and the FBI want Apple to build a backdoor into iOS that would allow law enforcement officials to access locked iPhone devices, a notion he reiterated in a recent interview. Apple has so far resisted appeasing the FBI in such a manner, due to concerns that such a backdoor would compromise the security of every iPhone and iPad owner on the planet. In lieu of relenting on its stance, Apple helps law enforcement in other ways during criminal investigations where iPhones come into play, such... Read more...
Apple and the FBI have clashed over encryption policies on numerous occasions, with the latter pressuring the former to build a backdoor into iOS to make it easier for authorities to crack into locked iPhone handsets. To this point, Apple has not wavered, or so we thought. New information suggests Apple had planned to support fully encrypted iCloud backups, but relented after objections from the FBI. In case you have not been following this saga, Apple and FBI butted heads publicly following the deadly San Bernardino shooting in late 2015. The FBI recovered an iPhone 5C that belonged to one of the terrorists involved in the shooting, who was killed in a showdown with police. It then sought Apple's... Read more...
Here we go again, the United States Federal Bureau of Investigation (FBI) is exerting pressure on Apple to help unlock an older iPhone model as part of a crime investigation, and just like before, there's another layer to the story. On the surface, it might seem reasonable to pressure a device maker to thwart its own creations, in the name of public safety and all that jazz. But that's a bulls**t excuse. I'll tell you why. We saw this play out before. At the tail end of 2015, a pair of terrorists went on a shooting spree in San Bernardino, killing 14 people and wounding 22 others. It was awful. Both terrorists died in a shootout with police, and authorities subsequently recovered an iPhone 5C... Read more...
In a recent post to Twitter, President Donald Trump offered up harsh criticism on Apple's policy of refusing to "unlock phones used by killers, drug dealers, and other violent criminals," which boils down to a fundamental argument over privacy and encryption, and the iPhone maker's resistance to building a backdoor into iOS. Apple's stance drew widespread attention following the shooting by a pair of San Bernardino terrorists a few years ago. Authorities had recovered an iPhone 5C that belonged to one of the shooters, but he perished in the gunfire during a confrontation with police. Initial attempts to bypass the iPhone's security to unlock the handset were unsuccessful, leading to a legal showdown... Read more...
Apple created a bit of ill-will for itself after it leveraged the Digital Millennium Copyright Act (DMCA) to compel Twitter to take down a tweet of an encryption key for its iPhone handsets. Around the same time, several DMCA take down requests were also sent to Reddit for posts on r/jailbreak, though it has not been confirmed if Apple and its legal time were behind the latter. As it applies to the Twitter post, security researcher "Siguza" (@s1guza) posted what looks to be an encryption key that could potentially be used to reverse engineer the iPhone's Secure Enclave Processor, thereby defeating the device's encryption scheme and exposing sensitive data. That did not sit well with Apple. The... Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,... Read more...
Google has launched another (Go edition) version of Android for entry-level smartphones, built on top of Android 10. It's the second release of a (Go edition) build, and is "faster and more secure" than the previous release that was built on top of Android 9 Pie, Google claims. Part of that claim is tied to a new encryption scheme. Android (Go edition) is not an entirely separate OS—it's a platform designed for smartphones with 1.5GB of memory or less. It features optimizations tailored for lower end handsets to ensure a "high quality" experience without necessitating burlier (and more expensive) hardware. This is part of an broader effort to make lower cost handsets feasible. "In the last... Read more...
WhatsApp bills itself as a free and secure messaging application with end-to-end encryption and cross platform support, all of which have made it a popular option. However, it may not be as secure as advertised. Vulnerabilities that were disclosed last year have still not been addressed, and if abused, could allow an attacker to spoof messages. Researchers at Checkpoint disclosed the a trio of attack vectors last year, explaining that they could enable a hacker to change a user's messages, change a sender's identity, and make private messages viewable to the public. One of those has been addressed, but two of the attack vectors still remain, as researchers recently demonstrated at the Black Hat... Read more...
Several technology firms have written an open letter to the GCHQ (Government Communications Headquarters), a UK intelligence and security organization, in response to the agency's proposed eavesdropping measure. If implemented, law enforcement would be able to spy on encrypted messages, such as those that are sent with WhatsApp, a secure instant messaging platform. WhatsApp is one of nearly four dozen signature on the open letter. Others include Apple, Google, and Microsoft. At issue is a "ghost" protocol that would effectively allow law enforcement or some other entity to silently observe encrypted chats in plain text, both without the knowledge of the parties participating in the chat, and... Read more...
Firefox Send, a file transfer service that Mozilla first introduced in beta form back in 2017, is now fully available for the public to try out. Mozilla has repositioned Firefox as an alternative browser with a heavy focus and security and privacy, and Firefox Send is an extension of this philosophy. With Firefox Send, you can head over to send.firefox.com and transfer files up to 1TB in size to another person. You can use any browser -- not just Firefox -- to initiate the transfer. This is done completely free of charge, and there are no strings attached. In addition, Firefox Send uses end-to-end encryption to ensure that your data is safe.  Wisely, Mozilla is providing granular... Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.  Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant... Read more...
Encryption certainly isn't the sexiest of topics for most people; we want our data to be secure from nefarious sorts and then move on. The challenge with encryption is that depending on the algorithm and type of encryption used, it can consume lots of system resources. This isn't such a big deal on high-end smartphones as many of them have special hardware to handle the encryption workload. It is a big deal on lower-end devices that have to do all the encryption work on the main SoC, and for those devices, it can mean poor performance and batteries that drain faster. Google has a new mode of storage encryption called Adiantum that is made specifically for devices that lack the capacity to use... Read more...
Go home, Australian government, you're drunk. That's the general sentiment among technology firms and privacy advocates around the world, in response to a controversial encryption bill Australia's parliament passed this week. The new legislation forces companies to crack their own encryption when and if it's requested by law enforcement and intelligence agencies. That in and of itself is controversial—Apple, for example, refused the US Federal Bureau of Investigation's demands to build a backdoor into iOS so that it could crack an iPhone that was confiscated from a crime scene. The issue was headed to court, until the FBI found another way to unlock the iPhone, and subsequently dropped... Read more...
1 2 3 4 5 Next ... Last