encryption

FBI reportedly overestimated inaccessible encrypted phones by thousands

The FBI seems to have been caught fibbing again on the topic of encrypted phones. FBI director Christopher Wray estimated in December that it had almost 7,800 phones from 2017 alone that investigators were unable to access. The real number is likely less than a quarter of that, The Washington Post reports. Internal records cited by sources put the actual number of encrypted phones at perhaps 1,200 but perhaps as many as 2,000, and the FBI told the paper in a statement that “initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.” Supposedly having three databases tracking the phones led to devices being counted multiple times. Such a mistake would be so elementary that it’s hard to conceive of how it would be possible. These aren’t co...

A simple solution to end the encryption debate

David Gurle Contributor Bill Harrington Contributor Criminals and terrorists, like millions of others, rely on smartphone encryption to protect the information on their mobile devices. But unlike most of us, the data on their phones could endanger lives and pose a great threat to national security. The challenge for law enforcement, and for us as a society, is how to reconcile the advantages of gaining access to the plans of dangerous individuals with the cost of opening a door to the lives of everyone else. It is the modern manifestation of the age-old conflict between privacy versus security, playing out in our pockets and palms. One-size-fits all technological solutions, like a manufacturer-built universal backdoor tool for smartphones, likely create more dangers than they prevent. Whil...

Investing in frontier technology is (and isn’t) cleantech all over again

Shahin Farshchi Contributor More posts by this contributor The dos and don’ts of crafting frontier-tech companies Five billion-dollar businesses for the driverless future I entered the world of venture investing a dozen years ago.  Little did I know that I was embarking on a journey to master the art of balancing contradictions: building up experience and pattern recognition to identify outliers, emphasizing what’s possible over what’s actual, generating comfort and consensus around a maverick founder with a non-consensus view, seeking the comfort of proof points in startups that are still very early, and most importantly, knowing that no single lesson learned can ever be applied directly in the future as every future scenario will certainly be different. I was fortunate to start my ventur...

Russia starts blocking Telegram for failing to turn over encryption keys

The Russian state telecommunication regulator has began blocking Telegram as expected. This comes after the messaging company refused to give Russian security services encryption keys. The service is expected to be blocked within the coming hours. According to several reports Telegram is still operational in the country though several service providers have started blocking the company’s website. Ran by its Russian founder Pavel Durov, Telegram has over 200 million users and is a top-ten messaging service made popular by its strong stance on privacy. Telegram is recognized as an operator of information dissemination in Russia and therefore the company is required by Russian to provide keys to its encryption service to the Federal Security Service. This is so the FSS can reportedly read the...

The web will soon be a little safer with the approval of this new security standard

Hear that? It’s almost as if thousands of spooks and hackers suddenly cried out at once… The Internet Engineers Task Force has just unanimously approved a security framework that will make encrypted connections on the web faster and more resistant to snooping. It’s called Transport Layer Security version 1.3, and while it’s not a big flashy event, it very much is the kind of iterative improvement that keeps the web working in the face of malicious actors everywhere. The IETF is a body of engineers from all over the world who collaborate on standards like this — and their approval of TLS 1.3 has been long in coming, more than four years and 28 drafts. That’s because the internet is a delicate machine and changes to its fundamental parts — such as how a client and server establish a secure, ...

Apple moves iCloud encryption keys for Chinese users to China

Apple told Reuters that the company had to comply with Chinese authorities and move iCloud data to Chinese data centers. Not everyone’s data is moving to China. This is only going to apply to residents of mainland China who chose China as their main country when they created their Apple account (not Hong Kong, Macau or Taiwan). The Chinese government can now ask Apple to decrypt iCloud backups much more easily. Human rights activists are concerned because it could lead to arrests of democracy advocates. Before this change, all encryption keys would be stored in the U.S. It means that authorities would have to go through the U.S. legal system to ask for user data stored on iCloud. Apple is partnering with a Chinese company for its Chinese data center. Apple has already complied with request...

Signal expands into the Signal Foundation with $50M from WhatsApp co-founder Brian Acton

Perhaps the most surprising thing I learned about Signal when I spoke with Moxie Marlinspike, the encrypted chat service’s creator, last year at Disrupt, was that it was essentially running on a shoestring budget. An indispensable tool used by millions and feared by governments worldwide, barely getting by! But $50 million from WhatsApp co-founder Brian Acton should help secure the app’s future, through the newly founded Signal Foundation nonprofit. The arrangement was announced in a dual blog post by Marlinspike and Acton on the Signal blog. As the former writes: Signal has never taken VC funding or sought investment, because we felt that putting profit first would be incompatible with building a sustainable project that put users first. As a consequence, Signal has sometimes suffered fro...

Electric car charge-station payment systems may lack basic security measures

Just a PSA: If you charge your car regularly at a public charge station, you might want to keep an eye out for fraudulent charges on whatever card you use to pay for it. Researchers have found that some charge stations, specifically those that require a dedicated card, “have not implemented basic security mechanisms” like encryption. Mathias Dalheimer, a security researcher who works at Fraunhofer, first presented his findings at the Chaos Computer Club conference. He first contacted the companies in question (which are not named), some of which apparently have refused to fix the issue — so he has presented it publicly, and now it’s even on the German R&D firm’s official page. The charge systems in question give you a card with a user ID number on it, which is connected in their backen...

Skype adds e2e encrypted ‘private chats’ powered by Signal Protocol

Microsoft-owned VoIP and messaging platform Skype has long been criticized for lacking end-to-end encryption. Which means Skype communications are not protected by a zero access architecture — and the company could be leaned on to provide authorities with your decrypted content data, for example. It’s also previously been shown accessing links sent via the platform. But it is now partially rectifying that situation — by launching an opt-in e2e encryption feature, utilizing the industry standard Signal Protocol, which also powers WhatsApp’s e2e encryption and is built by not-for-profit Open Whisper Systems. Microsoft announced the launch of a “Private Conversations” feature today, initially available as a preview via the Skype Insider program. It has not yet given a firm date for a wider ro...

Security researchers flag invite bug in WhatsApp group chats

Security researchers have revealed details of a vulnerability in WhatsApp’s security that could be used to compromise the secrecy of encrypted group chats on the messaging platform. The risk associated with the flaw is limited on account of attackers needing to have access to WhatsApp servers to be able to insert themselves into a group conversation. That said, WhatsApp does continue to face pressure from governments over its use of end-to-end encryption. So any vulnerability that could even theoretically offer a route for the company to be coerced by state entities to collaborate with their agents to afford a degree of access to encrypted conversations is worth highlighting. Wired reports that the encryption flaws, which were detailed today at the Real World Crypto security conference in ...

UK eyeing ‘extremism’ tax on social media giants

The UK government has kicked off the new year with another warning shot across the bows of social media giants. In an interview with the Sunday Times newspaper, security minister Ben Wallace hit out at tech platforms like Facebook and Google, dubbing such companies “ruthless profiteers” and saying they are doing too little to help the government combat online extremism and terrorism despite hateful messages spreading via their platforms. “We should stop pretending that because they sit on beanbags in T-shirts they are not ruthless profiteers. They will ruthlessly sell our details to loans and soft-porn companies but not give it to our democratically elected government,” he said. Wallace suggested the government is considering a tax on tech firms to cover the rising costs of policing relate...