encryption
Latest
DOJ renews push to require access to encrypted devices
No, US law enforcement hasn't given up on its dreams of forcing tech companies to allow access to encrypted devices. New York Times sources have learned that the Department of Justice and the FBI have been meeting with security researchers in an effort to develop systems that would let police reach encrypted data without making them vulnerable to hacking. At the same time, officials have reportedly renewed talks about asking Congress to draft and pass legislation requiring the use of those mechanisms. The White House circulated a memo in February giving agencies ways to consider "solving the problem," according to the news outlet.
Democrats aim to subpoena Apple, Twitter over private chats
The House of Representatives' investigation into Russia's election interference may have ended, but Democrats are still discussing what they'd like to do if and when they regain a House majority -- and it could have significant repercussions for the tech industry. Their recently published memo in the aftermath of the investigation calls on the House Intelligence Committee to subpoena Apple, Twitter and WhatsApp for info regarding encrypted chat apps and private messages. The Democrats want to know which apps key actors in the 2016 US election used, and what they said.
FBI arrests CEO of company selling custom BlackBerrys to gangs
Custom, extra-secure BlackBerry phones remain a staple of the criminal underworld, and a recent bust just illustrated this point. Motherboard has learned that the FBI arrested Vincent Ramos, the founder of the well-established phone mod seller Phantom Secure, for allegedly aiding criminal organizations that include the Sinaloa drug cartel. The company altered BlackBerry and Android devices to disable common features (including the camera and web browsing) while adding Pretty Good Privacy for encrypted conversations. And it wasn't just turning a blind eye to the shady backgrounds of its customers, according to investigators -- it was fully aware of who was involved.
Signal Messenger receives $50 million from WhatsApp co-founder
WhatsApp co-founder Brian Acton left Facebook in 2017 to start a non-profit. Turns out that non-profit involves another messaging app: Signal. In a blog post, Signal chief Moxie Marlinspike has announced the launch of Signal Foundation, a 501(c)(3) nonprofit that was made possible by the $50,000,000 in funding Acton provided. Signal's secure messaging app is a popular choice among privacy-focused users, including staff members of the US Senate. Even though it's a fairly recognizable name, it's been having financial troubles that make it hard to hire more people to develop new features.
MIT’s low power encryption chip could make IoT devices more secure
The Internet of Things hasn't ever been super secure. Hacked smart devices have been blamed for web blackouts, broken internet, spam and phishing attempts and, of course, the coming smart-thing apocalypse. One of the reasons that we haven't seen the same sort of encryption as the web affords, however, is that such protection is energy-intensive. MIT is working on a new chip, however, to perform this sort of public-key encryption that only uses 1/400 as much power as a software solution would. In addition, the chip uses about 1/10 as much memory and executes processes 500 times as fast.
Upcoming Chrome update will label HTTP sites ‘not secure’
Chrome has been taking measures to inform users when they're on an unencrypted HTTP website, adding notifications to more and more sites over the last couple of years. Today, Google announced it will be taking that one step further, labeling all HTTP sites as "not secure" starting with the release of Chrome 68. You can see what that will look like in the image below.
FBI chief says phone encryption is a 'major public safety issue'
The FBI's stance on phone encryption hasn't changed even if the President fired former director James Comey. At a cybersecurity conference in New York, current chief Christopher Wray has reiterated that the agency failed to access the content inside 7,775 devices within the fiscal year that ended on September 30th, 2017 despite having the proper warrants. That's over half the number of devices the FBI tried to crack open within that period, making encryption, according to Wray, a "major public safety issue."
Tougher WiFi security will keep you safe at the coffee shop
WiFi security hasn't changed much since WPA2 came to be in 2004, and that's becoming increasingly apparent when public hotspots are frequently risky and glaring exploits are all too common. It's about to get a long-due upgrade, though: the Wi-Fi Alliance plans to roll out a WPA3 standard that addresses a number of weak points. For many, the highlight will be individualized data encryption. Even if you're on an open public network, you won't have to worry quite so much about someone snooping on your data.
ProtonMail Bridge offers encryption for your go-to email client
ProtonMail's encrypted email app went live for everyone a year or so ago. The company offered a free VPN service just this past June and an encrypted contacts system just before Thanksgiving of this year. Now ProtonMail is enabling mainstream email app users safely send and receive email, too.
Quantum encryption is now fast enough for voice calls
Quantum encryption is theoretically a dream for security, as you can't even inspect the data without altering it. However, it's currently several times slower than the conventional kind, which makes it impractical for voice calls or streaming video. Science may have come to the rescue, though: researchers have developed a quantum encryption key distribution system that promises to be five to 10 times faster than existing methods, or roughly on par with conventional encryption when run in parallel. The trick was to cram more data into each photon.
ProtonMail will use encryption to lock down your contacts list
About a year and a half ago, ProtonMail opened up its previously invite-only beta encrypted email service to the public, along with a couple of mobile apps. A couple of months ago, ProtonMail created a free tier for its VPN service, too. Now the company is offering ProtonMail Contacts, which it's calling "the world's first encrypted contacts manager."
Texas authorities serve Apple a warrant for mass shooter's iPhone (updated)
Authorities are persisting in their efforts to get access to the Texas mass shooter's iPhone despite having missed an early opportunity. The San Antonio Express-News has learned that Texas Rangers served Apple warrants for data on both the perpetrator's iPhone SE and a basic LG cellphone. In the case of the iPhone, the state law enforcement unit wants access to both local and iCloud info (such as calls, messages and photos) produced since January 1st, 2016.
The FBI can’t unlock the Texas church shooter’s phone
At a press conference today, an FBI official investigating the man who killed 26 people in a Texas church on Sunday said the agency can't open the shooter's encrypted phone. The agent painted the issue as a growing concern among law enforcement at all levels who can't access data on devices without their owner's credentials. It's essentially the same argument the FBI made two years ago when it demanded Apple help break into the phone of the San Bernardino shooter, a conflict that escalated into the courtroom.
Afghanistan won’t ban WhatsApp or Telegram after all
Last week, reports circulated that the government of Afghanistan was aiming to enact a ban on popular encrypted messaging apps WhatsApp and Telegram. The Ministry of Communications and Information Technology sent letters to private telecommunications companies asking them to disable the apps, and copies of those letters quickly began making the rounds on social media. That caused a hefty amount of pushback from the public and spurred some to question the stability of citizens' freedom of expression. However, as Reuters reports, the Afghan government has now stated that there will not be a ban on either messaging service.
Afghanistan government wants to temporarily ban WhatsApp
According to reports from the New York Times, Afghanistan is currently in the midst of a temporary WhatsApp ban. Yesterday, government letters to private telecommunications companies asking them to suspend the messaging service began making the rounds on social media. And while some customers of the government-owned communications company Salaam Telecom reported that WhatsApp and Telegram had both stopped working for them, private companies are reportedly still considering whether to comply with the government's request.
Signal's secure messaging is now available in a desktop app
You can already use Signal for secure chats on the desktop, but you've had to use a Chrome web app to participate in those encrypted conversations. What if you don't like Chrome, or would just prefer something more elegant than a browser? Signal is ready to help. It just released a stand-alone PC app, Signal Desktop, that offers privacy-minded messaging without heading to the web. The experience isn't a radical break from what you've known before, but it will make sure that you don't type in the wrong browser tab and reveal your innermost secrets.
Great, now there's 'responsible encryption'
Trump's Department of Justice is trying to get a do-over with its campaign to get backdoors onto iPhones and into secure messaging services. The policy rebrand even has its own made-up buzzword. They're calling it "responsible encryption." After Deputy Attorney General Rod J. Rosenstein introduced the term in his speech to the U.S. Naval Academy, most everyone who read the transcript was doing spit-takes at their computer monitors. From hackers and infosec professionals to attorneys and tech journalists, "responsible encryption" sounded like a marketing plan to sell unsweetened sugar to diabetics.
FBI tried and failed to unlock 7,000 encrypted devices
In an 11-month period, the FBI failed to gain access to around 7,000 encrypted mobile devices, BBC News reports, which is about half of those targeted by the agency according to FBI Director Christopher Wray. In a speech given at the Association of Chiefs of Police conference yesterday, he said that device encryption was "a huge, huge problem," for the agency.
Android is getting a feature that encrypts website name requests
Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS.
Google's annual report shows more web traffic is encrypted
For several years now, Google has been exerting pressure to increase the usage of HTTPS across the internet. By defaulting to secure connections on both ends, users can be protected from anyone who may intercept or even manipulate data as it flows back and forth -- quite useful in a world where you can't even trust WiFi. For its own products, Google says HTTPS use is up to 89 percent overall, up from just 50 percent at the beginning of 2014. The number of top 100 websites defaulting to HTTPS has nearly doubled since last year (way to catch up), growing from 37 to 71.