Articles about Encryption

The world of technology relies on encryption. Everything from private messages to online payments are secured in this way -- but how does it all work? Mozilla has come up with a way to teach people about encryption, combining gaming and emoji into a useful learning tool.

Codemoji is described as "a fun way to learn about ciphers", and while you might think that it's aimed solely at children, there's something here for all ages. The idea is very simple: letters and words are translated into emoji so they can only be read by those who understand the decryption technique.

Continue reading →

Each new version of iOS is eagerly awaited, and at its Worldwide Developer Conference (WWDC) Apple unveiled a preview of iOS 10. Much has been made of the new features, but developers probing the operating system are making a surprising discovery. The kernel of iOS 10 is unencrypted.

In the current climate of security-awareness, this might seem like something of an unusual decision. But Apple says that the change has been made to improve performance, and it could even help to increase security.

Continue reading →

Apple has announced that the deadline by which app developers must enable App Transport Security (ATS) in all apps is 1 January 2017. ATS is not a new feature of iOS 10, having been introduced in iOS 9 and it increases the security of data transferred over the web by apps.

With ATS enabled, apps are forced to use the far more secure HTTPS rather than HTTP, and this is something we've become accustomed to looking out for when browsing the web. At the moment, developers are able to disable ATS, but from the end of the year this will no longer be possible.

Continue reading →

Apple was quite boisterous at WWDC today regarding its operating systems and services. Quite frankly, I was blown away at all the ways the company is looking to improve its customers' lives, but some folks were apparently underwhelmed. Oh well, you can't please everyone, I suppose.

For some reason, Apple was fairly quiet about one huge change -- it is replacing the HFS+ file system. Based on the more-than-30-year-old HFS, it is apparently time to move on. What is the upcoming file system called? The unimaginatively "Apple File System". The encryption-ready file system will be used on macOS, iOS, tvOS, and watchOS.

Continue reading →

A number of supposedly secure HTTPS sites owned by Visa are vulnerable to what has been dubbed the 'forbidden attack'. The security flaw makes it possible for hackers to inject content and code into sites, as well as opening up the possibility of performing man-in-the-middle attacks.

A team of researchers have published a paper that shows how 70,000 HTTPS servers were vulnerable to the attack, and 184 were found to be particularly at risk. While many of the affected sites have since been patched, sites belonging to Visa and Polish banking associate Zwizek Banków Polskich remain insecure because of reusing a cryptographic nonce in contravention of the TLS protocol (hence the 'forbidden' tag).

Continue reading →

Following the company's very public stand-off with the FBI over the San Bernardino shooter's iPhone, Apple is demonstrating that it has a great interest in security by re-hiring encryption expert Jon Callas.

Best known for founding security-focused firms PGP Corp and Silent Circle -- the company behind the ultra-secure, privacy-centric Blackphone -- Callas has worked for Apple on two previous occasions.

Continue reading →

When Google announced the launch of two new messaging apps, the world wondered why. Duo is focused on video calling, while Allo is a more traditional messaging tool, albeit one with a Google assistant built in.

But while the world shrugged, Edward Snowden issued a stark warning. He says that Allo should be avoided, pointing out that the lack of end-to-end encryption makes it "dangerous".

Continue reading →

Ransomware is not exactly a new problem, but it's one that seems to be getting increasingly serious. Every week there's a new high profile attack out there including the likes of CryptXXX and PETYA. One of the biggest names, TeslaCrypt, has suddenly thrown in the towel and offered up a free decryption key for its victims.

The surprise move comes just a couple of months after version 4 of TeslaCrypt gained what was described as "unbreakable encryption". The closure is somewhat bittersweet. The shutdown comes as attackers switch to using CryptXXX instead, but perhaps the most surprising aspect is the fact that the site formerly used to accept Bitcoin ransom payments is now where you'll find the decryption key needed to gain access to your files.

Continue reading →

The case of the FBI seeking to force Apple to provide backdoor access to the San Bernardino shooter's iPhone focused attention on security and encryption once again. The agency may have been able to gain access to the phone with help from a third party, but the Indian government has gone one better.

Communications Minister Ravi Shankar Prasad has revealed that the government has a tool that can be used to gain access to, among other devices, Apple's iPhone. This is not to say that a tool has been created that bypasses encryption, rather that a method for getting past the lockscreen has been developed.

Continue reading →

The iPhone 5c belonging to San Bernadino shooter Syed Rizwan Farook is not the only iPhone that the US authorities have managed to hack this year. According to a report by Los Angeles Times, the Los Angeles Police Department has "bypassed the security features" of an iPhone 5s.

The iPhone 5s in question was used by April Jace, the wife of The Shield actor Michael Jace, who is facing murder charges, being accused of killing his partner on May 19, 2014. And, according to court documents reviewed by the publication, on March 18 the LAPD claimed to have found a "forensic cellphone expert" who could hack the device, which is believed to hold important evidence in the trial.

Continue reading →

In the last couple of weeks we have seen consumer messaging giants WhatsApp and Viber retrospectively add end-to-end encryption technology to their communications platforms. The notion of providing users with improved security is certainly to be applauded, and seeing messaging apps adopt encryption as a necessity as opposed to simply a nice-to-have feature, is long overdue.

However, the manner in which providers are increasingly introducing encryption technology within apps as an afterthought is potentially providing a false sense of security to the billions of people that use them on a daily basis.

Continue reading →

For some time, the person who created the cryptocurrency Bitcoin has been known as Satoshi Nakamoto. We know that was nothing more than a pseudonym, and now Australian entrepreneur Craig Wright has revealed that he is the man behind the mask.

It brings to an end years of speculation about the inventor's real identity, and Wright has been able to provide technical proof to the BBC to back up his claims. The IT and security consultant's home was raided in recent days as part of an investigation by the Australian Tax Office, and documents leaked from the inquiries pointed towards Wright. He has now confirmed his identity.

Continue reading →

The Snooper's Charter -- or the Investigatory Powers Bill -- is a highly controversial piece of legislation the UK government is trying to bring into force to allow for the bulk collection of data, NSA-style. Outside of government, it is widely regarded as a massive invasion of privacy, and the human rights group Liberty is just one of the organizations that is very vocally opposed to it.

The bill will require ISPs to record customers' browsing histories for an entire year, and will permit the government to remotely hack phones and computers, as well as requiring tech companies to provide backdoor access to encrypted data. To highlight what is at stake, Liberty is running a No #SnoopersCharter campaign, and has released a video that attacks the notion of 'if you have nothing to hide, you have nothing to fear' head on.

Continue reading →

Security firm Kaspersky has released a tool that can be used to decrypt files on computers hit by the CryptXXX ransomware. Rather than paying the ransom demanded to regain access to files, victims are now able to turn to the free RannohDecryptor utility.

CryptXXX had been identified by ProofPoint earlier in the month and described as being closely linked to the Reveton ransomware operation and Angler/Bedep. The ransom of $500 is considered to be quite high, but Kaspersky's free decryption tool means that files can be retrieved without having to part with a cent.

Continue reading →

In its latest quarterly Mobile Data Report, Wandera has revealed a significant rise in apps leaking credit card data on enterprise mobile devices.

The company, which specializes in mobile data security and management, compiled the report by analyzing the data usage trends and traffic patterns across its global network of enterprise mobile devices. Between Q4 2015 and Q1 2016, there has been a 17 percent increase in apps and mobile websites leaking credit card data.

Continue reading →