backdoor
Latest
Apple set to remove thousands of games from Chinese App Store in license crackdown
Apple could remove as many as 20,000 games from its App Store in China.
Senators demand answers over Juniper Network's 2015 backdoor incident
Senators want answers by July 10th.
DOJ letter reveals the FBI recently cracked an iPhone 11
While the Department of Justice, US attorney general and even the president continue to pressure Apple for additional technical support in unlocking iPhones tied to the naval base shooting in December, a letter reveals that the FBI recently cracked a password-protected iPhone 11. That phone belonged to Lev Parnas, an associate of the president's lawyer Rudy Giuliani, who has been indicted on charges of violating straw and foreign donor bans to illegally funnel money into US elections. Bloomberg reports that a letter from government lawyers to the judge (PDF) indicated that the FBI spent two months unlocking the defendant's iPhone 11. Last week Motherboard reported on text messages and notes that appeared to have been pulled from the iPhone using forensics software from Cellebrite. It appears, that, similar to the case of the San Bernardino shooting a few years ago, the government has access to tools that will allow them to pull data from an iPhone, but is requesting additional help and some sort of backdoor access directly from Apple.
Facebook tells US, UK and Australia it won't weaken chat encryption
If officials were hoping that Facebook would stop end-to-end encryption in its messaging apps just because they sent a strongly-worded letter, they had another thing coming. Facebook has sent its own letter to US Attorney General Bill Barr, acting Homeland Security Secretary Chad Wolf and relevant Australian and UK ministers telling them that it wouldn't weaken encryption in apps like Facebook Messenger and WhatsApp. Its defense revolves largely around telling, well, the truth: that it's not possible to create an encryption backdoor that only law enforcement and government can access.
Apple, Google and others condemn UK plan to view encrypted chats
Major players within the tech industry have long-opposed the idea of government access to users' messages and chat conversations -- now they're continuing the fight with an open letter to GCHQ (the UK's government communication headquarters) lambasting proposals that could allow officials to eavesdrop on encrypted chats.
ASUS releases fix for ShadowHammer malware attack
ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
Hackers hijacked update server to install backdoors on ASUS machines
For nearly half a year, computer maker ASUS was unwittingly pushing malware that gave hackers backdoor access to thousands of computers, according to Kaspersky Lab. Hackers managed to compromise one of the company's servers used to provide software updates to ASUS machines. The attack, which has been given the name ShadowHammer was discovered late last year and has since been stopped. Engadget reached out to ASUS for comment and will update this story if we hear back.
Signal says it can't allow government access to users' chats
Last week, the Australian government passed the country's controversial Access and Assistance Bill 2018 into law, legislation that allows government agencies to demand access to encrypted communications. Companies that don't comply with the new law could face fines of up to AU$10 million ($7.3 million). A number of companies that stand to be affected have spoken out about the legislation, and Signal has now joined in, explaining that it won't be able to fulfill such requests if asked.
Australian law could force tech firms to hand over customer data
Australia has been relying on criminal telecommunications legislation dating back to the days of the landline, so proposed laws unveiled today are designed to bring the country's legal enforcements in line with the many nefarious opportunities the internet presents for hackers. But it's raised eyebrows among some industry experts.
FBI admits to 'over-counting' inaccessible mobile devices
For the last two years, the FBI has repeatedly claimed that thousands of phones linked to criminal investigations were inaccessible due to locks and encryption. Last year FBI Director Christopher Wray said it had failed to access 7,800 mobile devices, but tonight a Washington Post report reveals that number is incorrect. According to the Post, the accurate number is between 1,000 and 2,000, with a recent internal estimate putting at about 1,200 devices, and in a statement, the FBI responded: "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported." The official excuse is that errors caused by multiple databases resulted in devices being counted more than once, but the issue has been an FBI and DOJ pursuit of backdoor access to locked phones. Then-director James Comey cited the inflated figure during a debate over the San Bernardino shooters' locked iPhone, and it has come up again in relation to similar incidents. Without being provided any backdoor by Apple, law enforcement gained access to that device anyway, and as we've recently learned, there are tools it can use for newer phones. The government has repeatedly referred to "Going Dark" as a major problem it faces in investigations, suggesting tech companies are enabling criminals by strengthening privacy protections that they can't get around. But privacy advocates have long thought the agency was pumping up its numbers, and now it's case has taken a significant hit.
Bipartisan bill aims to prevent the government from forcing backdoors
A number of US Representatives introduced the Secure Data Act today, bipartisan legislation aimed at preventing the government from forcing backdoors into encrypted products and services. The act was introduced by Representatives Zoe Lofgren (D-CA) and Thomas Massie (R-KY) and was cosponsored by Jerrold Nadler (D-NY), Ted Poe (R-TX) and Matt Gaetz (R-FL). "Encryption backdoors put the privacy and security of everyone using these compromised products at risk," Lofgren said in a statement. "It is troubling that law enforcement agencies appear to be more interested in compelling US companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services."
DOJ renews push to require access to encrypted devices
No, US law enforcement hasn't given up on its dreams of forcing tech companies to allow access to encrypted devices. New York Times sources have learned that the Department of Justice and the FBI have been meeting with security researchers in an effort to develop systems that would let police reach encrypted data without making them vulnerable to hacking. At the same time, officials have reportedly renewed talks about asking Congress to draft and pass legislation requiring the use of those mechanisms. The White House circulated a memo in February giving agencies ways to consider "solving the problem," according to the news outlet.
FBI chief says phone encryption is a 'major public safety issue'
The FBI's stance on phone encryption hasn't changed even if the President fired former director James Comey. At a cybersecurity conference in New York, current chief Christopher Wray has reiterated that the agency failed to access the content inside 7,775 devices within the fiscal year that ended on September 30th, 2017 despite having the proper warrants. That's over half the number of devices the FBI tried to crack open within that period, making encryption, according to Wray, a "major public safety issue."
OnePlus inadvertently left a backdoor on its phones (updated)
OnePlus' security troubles aren't over yet. Users have discovered that many of the company's phones from the past few years (including the OnePlus 5) include a Qualcomm testing app, EngineerMode, that lets you get root-level access to the phone without having to unlock its bootloader. An attacker would likely need physical access to your phone to do any damage, but that still means they could insert trackers or otherwise compromise your phone with very little effort.
The FBI can’t unlock the Texas church shooter’s phone
At a press conference today, an FBI official investigating the man who killed 26 people in a Texas church on Sunday said the agency can't open the shooter's encrypted phone. The agent painted the issue as a growing concern among law enforcement at all levels who can't access data on devices without their owner's credentials. It's essentially the same argument the FBI made two years ago when it demanded Apple help break into the phone of the San Bernardino shooter, a conflict that escalated into the courtroom.
US allies accuse NSA of manipulating encryption standards
The US National Security Agency (NSA) is in the global bad books again after allegations surfaced suggesting it was trying to manipulate international encryption standards. Reuters reports that it has seen interviews and emails from experts in countries including Germany, Japan and Israel expressing concern that the NSA has been pushing two particular encryption techniques not because they are secure, but because the agency knows how to break them.
Australian bill would make tech companies decrypt user messages
Weeks ago, the Australian government introduced a new strategy at the Five Eyes security conference to combat terrorism: Force tech titans like Google and Facebook to decrypt communications from users suspected to be extremists or other criminals. It seems they're moving ahead with it on their own turf, as the Australian government proposed a new bill today that would grant Australia's intelligence agencies this authority to compel tech companies to hand user messages over to law enforcement.
Russia threatens to ban Telegram if it doesn’t hand over data
Russia's communications regulator has demanded Telegram turn over information about the messaging app and the company behind it or risk being blocked. Founder Pavel Durov said that Telegram had also been asked to give the Russian government access to decrypt user messages, all in the name of catching terrorists.
EU proposes banning encryption backdoors
The European Union might want it to be easier for police to obtain data, but that doesn't mean it'll be easy for officers to read that data. The European Parliament has proposed amended regulation that would not only require end-to-end encryption when available, but forbid backdoors that offer guaranteed access to law enforcement. EU residents need to know that the "confidentiality and safety" of their data is "guaranteed," according to the draft, and backdoors risk "weakening" that privacy.
Anti-encryption bill changes would limit some effects on security
A Senate bill that would demand encryption backdoors may be on ice for now, but it's now poised to come back -- with a few limitations. Just Security claims to have obtained proposed changes to the bill that would scale back its requirements to placate critics of its effect on privacy and security. Some of them could make a meaningful difference, but there's a concern that this wouldn't change the underlying problems with the legislation.
