encryption
Latest
DOJ letter reveals the FBI recently cracked an iPhone 11
While the Department of Justice, US attorney general and even the president continue to pressure Apple for additional technical support in unlocking iPhones tied to the naval base shooting in December, a letter reveals that the FBI recently cracked a password-protected iPhone 11. That phone belonged to Lev Parnas, an associate of the president's lawyer Rudy Giuliani, who has been indicted on charges of violating straw and foreign donor bans to illegally funnel money into US elections. Bloomberg reports that a letter from government lawyers to the judge (PDF) indicated that the FBI spent two months unlocking the defendant's iPhone 11. Last week Motherboard reported on text messages and notes that appeared to have been pulled from the iPhone using forensics software from Cellebrite. It appears, that, similar to the case of the San Bernardino shooting a few years ago, the government has access to tools that will allow them to pull data from an iPhone, but is requesting additional help and some sort of backdoor access directly from Apple.
Apple reportedly dropped iCloud encryption plans amid FBI pressure
Apple encrypts your iOS device's locally stored data, but it doesn't fully encrypt iCloud backups -- and that was apprently a conscious choice. Reuters sources say Apple dropped plans for end-to-end encryption of iCloud backups (codenamed KeyDrop and Plesio) roughly two years ago. The decision came soon after the company revealed those plans to the FBI, which unsurprisingly objected given its previous pressure on Apple to facilitate access to San Bernardino shooter Syed Farook's iPhone. However, it's not clear this was the reason -- law enforcement's desires may have been secondary.
ProtonMail debuts an encrypted calendar app
ProtonMail is known for its encrypted email service, which it offers as a more secure alternative to products like Google's Gmail. In recent years, the company started by CERN researchers has begun to branch out further, offering encrypted contacts through its mobile app and a free VPN service. Now, it's offering another privacy-focused Google alternative with the launch of an encrypted calendar.
Facebook tells US, UK and Australia it won't weaken chat encryption
If officials were hoping that Facebook would stop end-to-end encryption in its messaging apps just because they sent a strongly-worded letter, they had another thing coming. Facebook has sent its own letter to US Attorney General Bill Barr, acting Homeland Security Secretary Chad Wolf and relevant Australian and UK ministers telling them that it wouldn't weaken encryption in apps like Facebook Messenger and WhatsApp. Its defense revolves largely around telling, well, the truth: that it's not possible to create an encryption backdoor that only law enforcement and government can access.
Senate bill would block US companies from storing data in China
US Senator Josh Hawley (R-Missouri) wants to make it illegal for US companies to store user data or encryption keys in China. He also wants to prevent Chinese companies from collecting any more info from American users than is necessary to provide their service. He proposed these measures as part of a new National Security and Personal Data Protection Act announced today.
Apple will fix macOS flaw exposing portions of encrypted emails
Apple is touting its claimed privacy advantage more than ever, but that's not entirely true for Mac users at the moment. The company tells Engadget it will fix a macOS flaw that leaves portions of encrypted Mail messages unprotected. Bob Gentler has discovered that a database file used by Siri (snippets.db) was storing text from emails that were otherwise supposed to be protected -- even if you remove the private key that prevents you from reading the app in Mail. While it's not the full message, it could still pose problems if a hacker has access to your system and is trawling for sensitive info.
China passes law regulating data encryption
China isn't known for respecting privacy, but it's readying legislation that will address it all the same. The country has passed a law that will regulate cryptography in the country for both government and private uses when it takes effect on January 1st, 2020. Officials didn't go into great detail about the law in the announcement, but they raise concerns that permissions could vary significantly depending on whether or not you're working for the ruling party.
Russian hackers modify Chrome and Firefox to track secure web traffic
Many hackers won't touch web browsers beyond exploiting their vulnerabilities, but one group is taking things one step further. Kaspersky has detailed attempts by a Russian group, Turla, to fingerprint TLS-encrypted web traffic by modifying Chrome and Firefox. The team first infects systems with a remote access trojan and uses that to modify the browsers, starting with installing their own certificates (to intercept TLS traffic from the host) and then patching the pseudo-random number generation that negotiates TLS connections. That lets them add a fingerprint to every TLS action and passively track encrypted traffic.
DOJ asks Facebook to halt end-to-end encryption plans (updated)
The Department of Justice is set to ask Facebook to pause plans for end-to-end encryption across all of its messaging services. It will urge the company not to move forward "without ensuring that there is no reduction to user safety."
Google faces scrutiny from Congress, DOJ over plans to encrypt DNS
Google's bid to encrypt domain name requests appears to be raising hackles among American officials. The Wall Street Journal has learned that the House Judiciary Committee is investigating Google's plans to implement DNS over HTTPS in Chrome, while the Justice Department has "recently received complaints" about the practice. While Google says it's pushing for adoption of the technology to prevent spying and spoofing, House investigators are worried this would give the internet giant an unfair advantage by denying access to users' data.
Treaty would force Facebook to share encrypted chats with UK police
A cross-Atlantic political agreement could put social networks in an awkward position. Sources for The Times and Bloomberg understand that the US and UK will sign a treaty in October that would force Facebook and other social networks to hand encrypted messages to UK law enforcement. The measure would be limited to 'serious' cases like pedophilia and terrorism, but it could still leave social sites either handing over effectively unusable data (if they can't decrypt chats themselves) or weakening security through backdoors.
Researchers easily breached voting machines for the 2020 election
The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.
Android 10 Go edition improves speed and security for low-cost phones
Android Go has made smartphones more accessible by enabling lower-cost devices, but it's frequently pokey and sometimes insecure -- not a great introduction to modern mobile tech. Google is aware of this, though, and it's tackling those issues head-on with its newly unveiled Android 10 Go edition. The scaled-back version of Android 10 puts a strong focus on speed, with faster and more memory-efficient app switching as well as launching that's 10 percent faster than in Android 9 Go. It should be more reliable, too.
Microsoft makes its open-source secure voting software available to all
Back in May Microsoft announced its plans to make the business of voting more secure, verifiable and efficient. Enter ElectionGuard, which, after various demonstrations over the summer, is now available on GitHub, open to use by any tech supplier looking for what Microsoft calls a more trustworthy voting system.
Firefox will encrypt web domain name requests by default
Mozilla's Firefox privacy protections will soon include one of the most basic tasks for any web browser: fielding the domain name requests that help you visit websites. The developer will make DNS over encrypted HTTPS the default for the US starting in late September, locking down more of your web browsing without requiring an explicit toggle like before. Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring.
Dentist offices across the US hit with ransomware
Hundreds of dentist offices around the United States were hit with ransomware this week according to multiple reports from ZDNet, CNN and security researcher Brian Krebs. The incidents are the result of an apparent vulnerability in software provided by The Digital Dental Record and PerCSoft, two Wisconsin-based companies that offer medical record retention and backup services to dental practices.
Apple might force Facebook to change how its apps handle voice calls
A change coming in iOS 13 could force Facebook to change Messenger and WhatsApp. As The Information reports, Apple will no longer allow these apps to run Voice Over Internet Protocol (VOIP) in the background when it's not in use. At the moment, apps like Messenger and WhatsApp run VOIP continuously in order to connect calls faster, but doing so could also allow them to do other things, like collect user data. According to The Information, Facebook may have to redesign its messaging apps in order to comply.
Bird's latest rideshare scooter is designed to thwart vandals
Rideshare scooters are designed to be a quick and convenient way to get around town, but because we're not allowed to have nice things, many are falling foul of damage and vandalism -- there's even an entire Instagram account dedicated to trashing them. But Bird is taking a stand, and has unveiled its next generation e-scooter that boasts an arsenal of anti-vandalism features.
Here’s how AG Barr is going to get encryption 'backdoors'
If you heard the reverberation of a few thousand heads exploding last week, it was the sound of information security professionals reacting to US Attorney General Barr saying that Big Tech "can and must" put backdoors into encryption. In his speech for a cybersecurity conference at Fordham University, Barr warned tech companies that time was running out for them to develop ways for the government to break encryption. FBI Director Christopher Wray agreed with him.
Cloudflare wants to protect the internet from quantum computing
Quantum computing has the potential to revolutionize health care, AI, financial modeling, weather simulation and more. It's also going to shake up encryption as we know it. Without advances in post-quantum cryptography, quantum computing could make it easy for hackers to access sensitive data, like credit card info. To prevent that, internet infrastructure company Cloudflare is testing post-quantum cryptography technology, and it's sharing its open-source software package, CIRCL, or Cloudflare Interoperable Reusable Cryptographic Library, on GitHub.
