The encryption backdoor debate: Why are we still here?
Earlier this month, reports emerged that the UK government had pressured Apple, under the Investigatory Powers Act 2016, to create a backdoor into encrypted iCloud data. Unlike targeted access requests tied to specific cases, this demand sought a blanket ability to access users’ end-to-end encrypted files.
Apple was forced to reconsider its Advanced Data Protection service in the UK, and this latest development raises a fundamental question: Why does the debate over encryption backdoors persist despite decades of technological progress and repeated warnings from cybersecurity experts?
UK government asks Apple to give it backdoor access to encrypted user data
The UK government has used the Investigatory Powers Act (IPA) to issue Apple with a “technical capability notice” requiring the company to create a backdoor into its encrypted cloud services. The Home Office is specifically interested in bypassing the encryption that secures Apple’s Advanced Data Protection (ADP) service.
This cloud service includes a wealth of user data and, thanks to the use of end-to-end encryption, cannot be accessed by anyone other than the account holder. The UK government demand is part of legislation that forces companies to help law enforcement with investigations, but creating a backdoor would allow a level of access that even Apple does not currently have -- and there are concerns about the potential for abuse.
Linux malware Kobalos steals credentials using hacked OpenSSH software
A trojanized version of OpenSSH software is being used to steal SSH credentials from high performance computing (HPC) clusters, reports security firm ESET. The Linux malware has been dubbed Kobalos, and is described as "small, yet complex" and "tricksy".
Despite its diminutive size, the Kobalos backdoor is hitting some major targets including government systems in the US, universities in Europe, and a major ISP in Asia. Security experts report that while the multiplatform backdoor works on Linux, FreeBSD and Solaris, "there are also artifacts indicating that variants of this malware may exist for AIX and even Windows".