decryption
Latest
Australian bill would make tech companies decrypt user messages
Weeks ago, the Australian government introduced a new strategy at the Five Eyes security conference to combat terrorism: Force tech titans like Google and Facebook to decrypt communications from users suspected to be extremists or other criminals. It seems they're moving ahead with it on their own turf, as the Australian government proposed a new bill today that would grant Australia's intelligence agencies this authority to compel tech companies to hand user messages over to law enforcement.
FBI director Comey backs renewed push for decryption law
If you were hoping that FBI Director James Comey had given up on legislation requiring that companies obey court-ordered decryption requests... you're about to be disappointed. In statements at a Senate committee, Comey supported Senator Dianne Feinstein's renewed effort to introduce a bill that would force companies to comply with decryption orders. Feinstein didn't say how close she was to submitting the legislation, but Comey claimed progress from his side. The tech industry had "come to see the darkness a little bit more," he says -- they supposedly understand the potential threat to public safety when law enforcement can't crack a device.
Former US national security officials back end-to-end encryption
Three former US national security officials have given their support to end-to-end encryption and criticised claims that the government should have backdoor access or "duplicate" decryption keys. Mike McConnell, a former director of the National Security Agency and director of national intelligence, Michael Chertoff, a former homeland security secretary, and William Lynn, a former deputy defense secretary voiced their approval in the Washington Post. The trio argue that requiring companies to produce duplicate keys would only increase the risk of cyberattack. In short, the location or holder of the duplicate keys would simply create another potential point of vulnerability and attract hackers.
Authorities decrypt laptop without defendant's help, Fifth Amendment need not apply
Constitutional junkies have had their eyes on Colorado for awhile now, because a federal judge there ordered a woman to decrypt her hard drive in a criminal trial. This, despite her cries that doing so would violate her Fifth Amendment right to be free from self-incrimination. The argument is now moot, as authorities have managed to access the laptop's data without any aid from the defendant, thereby obviating any Constitutional conundrums. Who knows if the feds found the evidence of bank-fraud they were looking for, or whether it was brute force or a lucky guess that did the trick, but at least we can say it's the last of the laptop-related Fifth Amendment court cases for awhile, right?
Court upholds Fifth Amendment, prevents forced decryption of data
When our forefathers were amending the constitution for the fifth time, they probably didn't have TrueCrypt-locked hard drives in mind. However, a ruling from the 11th Circuit Appeals Court has upheld the right of an anonymous testifier to not forcibly decrypt their data. The case relates to a Jon Doe giving evidence in exchange for immunity. The protection afforded to them under this case wouldn't extend to any other incriminating data that might be found, and as such Doe felt this could lead to violation of the fifth amendment. The validity of the prosecution's demands for the data decryption lies in what they already know, and how they knew it -- to prevent acting on hopeful hunches. The prosecutors were unable to demonstrate any knowledge of the data in question, leading the 11th Circuit to deem the request unlawful, adding that the immunity should have extended beyond just the current case. This isn't the first time we've seen this part of the constitution under the digital spotlight, and we're betting it won't be the last, either.
Biological computer can decode images stored in DNA chips, applications remain unclear
Scientists from the Scripps Research Institute and Technion–Israel Institute of Technology have taken biological computing one step further, with a new molecular machine capable of decoding images stored on a DNA chip. Though it's referred to as a "biological computer," the researchers' machine isn't much like a CPU at all -- unless your CPU was manufactured in a test tube filled with a smoothie of DNA molecules, enzymes and ATP. Once they found the right mix, the team proceeded to encrypt images on a DNA chip and used their Turing machine-like creation to decode them, with fluorescent stains helping to track its progress. The above image, read from left to right, gives a more literal idea of what the system can do -- basically, it takes a hidden image and extracts a given sequence. Storing data on DNA isn't anything new, but decrypting said data in this fashion apparently is. The applications for this kind of organic computing remain a bit fuzzy, but it's pretty clear that whatever follows probably won't look anything like a typical computer. The team's findings were recently published in a paper for the journal Angewandte Chemie, the abstract for which is linked below. For a slightly more readable explanation, check out the full press release after the break.
Judge forces defendant to decrypt laptop, fuels debate over Fifth Amendment rights
A judge in Colorado yesterday ordered a defendant to decrypt her laptop's hard drive at the prosecution's request, adding new fire to the ongoing debate surrounding consumer technology and the Fifth Amendment. The defendant, Ramona Fricosu, is facing charges of bank fraud, stemming from a federal investigation launched in 2010. As part of this investigation, federal authorities used a search warrant to seize her Toshiba Satellite M305 laptop. Fricosu's legal team had previously refused to decrypt the computer, on the grounds that doing so would violate her Fifth Amendment rights to avoid self-incrimination. On Monday, though, US District Judge Robert Blackburn ruled against the defendant, arguing that the prosecution retained the right to access her device, as stipulated under the All Writs Act -- a law that requires mobile operators to comply with federal surveillance."I conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer," Blackburn wrote, adding that there was strong evidence to suggest that Fricosu's computer contained information pertinent to the case. Fricosu's lawyer, Phil Dubois, is hoping to obtain a stay on the ruling, in the hopes of taking the case to an appeals court. "I think it's a matter of national importance," Dubois explained. "It should not be treated as though it's just another day in Fourth Amendment litigation." It remains to be seen whether Dubois succeeds in his appeal, though civil libertarians are already paying close attention to the case, since the US Supreme Court has yet to weigh in on the matter.
Ramona Fricosu case to determine if decrypted laptop files are safe under Fifth Amendment
So far, we've pretty much decided that the Fifth Amendment of the US Constitution covers those zany thoughts within your skull. But when it comes to more tangible things, it's hardly as clear. In the past, convicted persons have been forced to cough up keys to what eventually becomes evidence, and in the case of one Ramona Fricosu, the US Department of Justice is assuming that a computer passphrase is no different. But that assumption is causing shock waves throughout the tech community, as the decrypting of one's laptop files is arguably causing someone to become a "witness against himself." Of note, no one's asking that Ramona actually hand over the password per se, but even typing in the unlock code while not being watched results in effectively the same conclusion. The San Francisco-based Electronic Frontier Foundation is clearly taking a stance against the proposal, noting that this type of situation is exactly one that the Fifth was designed to protect. Only time will tell if Fricosu's offered immunity as a token for complying, but the precedents that are set here are apt to be felt for decades to come. Tap that CNET link for an in-depth report.
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(function() { var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0]; s.type = 'text/javascript'; s.async = true; s.src = 'http://widgets.digg.com/buttons.js'; s1.parentNode.insertBefore(s, s1); })(); Digg Just as the MPAA is preparing to offer movies to customers at home while they're still in theaters by limiting playback to DRM-protected digital outputs only, the HDCP protocol they rely on may have been cracked wide open. All devices that support HDCP, like Blu-ray players, set-top boxes and displays with HDMI inputs, have their own set of keys to encrypt and decrypt protected data and if keys for a particular device are compromised, they can be revoked by content released in the future which will then refuse to play. Now, posts have been floating around on Twitter about a supposed "master key" which renders that protection unusable since it allows anyone to create their own source and sink keys. Who discovered this and by what technique isn't immediately clear, but as early as 2001 security researcher Niels Ferguson proposed that it could be easily revealed by knowing the keys of less than 50 different devices. Hardware HDCP rippers like the HDfury2 and DVIMAGIC have been around for a while and various AACS cracks easily allow rips of Blu-ray discs but if this information is what it claims to be, then the DRM genie could be permanently out of the bag allowing perfect high definition copies of anything as long as the current connector standards are around. While it's unlikely your average user would flash their capture device with a brand new key and get to copying uncompressed HD audio and video, keeping those early releases off of the torrents in bit perfect quality could go from difficult to impossible.
Saudi Arabia pleased by RIM's concession, says BlackBerry messaging can stay for now
The forty-eight hour deadline came and went, but Saudi Arabia didn't pull the plug -- citing a "positive development" in RIM's efforts to appease Saudi regulators, the country has allowed BlackBerry messaging services to continue for the time being. Saudi Arabia's Communications and Information Technology Commission (CITC) didn't specify what the aforementioned "development" was, but thanks to well-placed anonymous sources we can hazard a guess: "CITC will now be able to monitor communications via messaging services," one Saudi telecom official told the Wall Street Journal, and Reuters reports that RIM will hand over BlackBerry decryption codes to the country. That's all for now, but expect this issue to bubble back to the surface again in the United Arab Emirates come October.
PlayStation Home hacked, the search for backup exploits begins
Hackers, like life, will find a way. Sony knows that all too well thanks to the PSP, but so far the PlayStation 3 has stood strong in the face of legions of nerds trying to find a way to exploit it. A potentially major breakthrough may have been made, though, as well-known PS3 hacker StreetskaterFU (we've no idea what he's going for with that name -- really) has managed to decrypt the beta client for Sony's PlayStation Home service. Curious devs can now poke around in the files looking for a way to exploit the newish in-game XMB functionality, potentially allowing homebrew apps and game backups without hard drive swapping. There's no guarantee it will lead anywhere in the end, but you don't care either way, right? Our upstanding readership would never participate in such heinously illegal activities.[Thanks, James]
Koster writes "how to hack an MMO"
Have you ever wanted to walk through walls in MMO? How about telepathically sense the locations of all the good drops in a zone, or make invisible things very, very visible?A blog post by game designer Raph Koster (of Ultima Online and now Metaplace fame) will tell you how! Admittedly, Koster doesn't really go into much detail. Also, he's trying to help developers avoid hacking problems, not giving inside secret tips to hackers. It's still an interesting read, though!He lays out an overview of the various design choices developers make that are exploited by hackers. For example, some developers might choose to trust the client to handle collision detection to reduce lag and increase gameplay responsiveness. Well, a clever hacker can make the client report to the server with false collision information, allowing that hacker to move through walls. It turns out that most designers take a middle-of-the-road approach, meaning that, as Koster puts it: "only bad-ass hackers are cheating, instead of damn near everyone."
Researchers claim GSM calls can be hacked on the cheap
Callers, your worst nightmare is coming true... maybe. According to a report, a group of hackers at the Black Hat conference in Washington D.C. claim that they're able to hack GSM calls with equipment costing about $1,000. If you believe the team (and we're inclined to at least have a listen), they can decrypt GSM phone conversations and text messages on a network using inexpensive tools called field programmable gate arrays. Until now, the cost of the technology required to hack GSM transmissions has been prohibitively expensive for all but your government and large-scale snooping operations, but that's beginning to change. Not only can this technique allow access to calls, but some of the tech demonstrated at the conference might also enable a user to pinpoint a phone's distance from the surveillance hardware, and find out what type of device is being used. There was no mention of CDMA hacking, so you might want to move over to Sprint for all your seedy activities. Er, we mean stay on Sprint.
iPod touch/iPhone ramdisks decrypted
In the words of the sainted Professor Farnsworth: "Good news, everybody everyone!" The iPhone/iPod touch dev team has decrypted the iPhone 1.1.1 and iPod touch ramdisks. So what does this mean, loyal TUAW readers? It means that you're getting really close to free, non-commercial 1.1.1 unlocks put together by a cadre of dedicated hackers who are doing all of this for your benefit, for fun in their spare time, and for free.To all of you cynics who roll your eyes and add "does that mean we're getting really close to free, non-commercial bricks for the next firmware upgrade", the for-pay SIMFree 1.1.1 unlocks are now on sale. For those of you who would rather wait and save the $60-$100, it doesn't look like it will be long.Update: Yes, they are working on unbricking as well as unlocking, saying they are "dedicated to getting a free and workable solution out to the general public. At the very least, a baseband downgrader should be possible. We understand your frustration, and please don't think for a second that we've forgotten you."Thanks xorl, mjc, Edgan, netkas, pumpkin, asap18, NerveGas, tE_gU
Workaround enables Netflix 'Watch Now' titles to be decrypted, saved
Looking for a new way to use FairUse4WM? Have a Netflix account? If so, go on and roll your sleeves up, as a crafty (and acrimonious) fellow has managed to find a workaround that enables you to not only decrypt the DRM-laced "Watch Now" movie files, but save them to your hard drive for future viewing. Admittedly, the process is somewhere between painless and potentially frustrating, but the gist of it involves Windows Media Player 11, FairUse4WM, Notepad, a Netflix account, and a broadband connection. Through a series of hoop jumping, users can now strip the "Watch Now" files free of DRM and watch them at their leisure and on any video-playing device they choose. Granted, there's certainly issues of legality mixed in here, but where there's a will, there's a way. [Warning: Read link language potentially NSFW][Via TVSquad]
Capcom's CPS-3 arcade board decrypted at last
It wouldn't take too many minutes of perusing the archives here to realize that we're fans of obscure emulation feats, and this one certainly ranks pretty high up there. Apparently, Capcom's CPS-3 arcade system board has finally been cracked, which means that the next logical step of bringing titles such as Red Earth, Street Fighter III, and JoJo to the emulation realm has already begun. A post over at Haze's Mame WIP page notes that the challenge has been duly accepted, and we're hoping that it won't be too much longer before success is found. Of course, it sounds like this will not be an exceptionally easy task, but at least half the battle has already been won.[Via Exophase, thanks zshadow]
The battle continues: firmware 3.30 decrypted
Once again, Team C+D has decrypted Sony's latest firmware. Although this doesn't provide anything tangible for end users, this is a crucial first step in creating new custom firmware. While the decryption was expected, the poem written by the team was not: 3.30 Decrypter! * From Team Create+Destroy.. * Some thought we failed - or had disappeared, But $ony beware - your last hour is near. In spite protections and multiple locks, In spite busy lifes and - unwashed - socks, For you to enjoy but for $ony to fear, 3.30 decrypter is ready, so cheer! Why do these people seem to hate Sony? They've made an impressive piece of hardware for us to enjoy, yet somehow that's seen as an evil thing? Regardless, 3.30 has been decrypted: feel free to celebrate/mourn in however way you choose.[Via DCEmu]
Hours later, 3.11 is decrypted
Firmware 3.11 was released unceremoniously, and the homebrew community has already decrypted it. Like last time, this decryption will most likely lead to another version of Dark_Alex's open-edition firmware, which combines the functionality of Sony's official firmware releases with the ability to run homebrew.I can't say that I'm surprised. Of course, considering how 3.11 was created to simply patch a single game, this decryption was probably a lot easier than it should've been.[Via DCEmu]
Is all hope lost for Sony? 3.10 decrypted
It shouldn't come as a surprise that the homebrew community has miraculously decrypted the latest PSP firmware in less than 24 hours. The homebrew community seems to be at war against Sony, who's desperately trying to close the security holes in their firmware and slow down the rampant piracy that can jeopardize the PSP as a viable platform.Firmware decryption isn't helpful for the average PSP user, but it will be for other homebrew coders. Undoubtedly, PSP whiz kid Dark_Alex is working on a new open edition firmware for the system. Will Sony ever be able to regain the momentum in this battle?[Thanks, cyanide! Via QJ]
Homebrew FTW: firmware 3.01 decrypted
Just to help you keep track of it all:Nov 20 - Firmware 3.00 available.Nov 21 - Suspicious "security issue" found.Nov 22 - Firmware 3.01 available.Nov 22 - Firmware 3.00 and 3.01 decrypted.Noobz, a popular PSP coder, proudly announced that the newly released 3.01 firmware has been decrypted. What does that mean? It means the homebrew community is working harder, and faster, than ever, to keep up with Sony. With the firmware decrypted, hopefully it won't be too long until something tangible appears for homebrew users.So when do you think firmware 3.02 will come out? Tomorrow?[Via PSP Hacks]
