Articles about Encryption

There are a lot of questions still to be answered about the San Bernardino iPhone that saw the FBI and Apple go head to head. After something of a battle, the FBI found someone to crack the iPhone. But who exactly did it? How did they do it? Will Apple be told how to do it in private? But one question that has also been lurking in the background is just how much it cost to hack into a single iPhone.

Now we know the answer. Not precisely, but we have a pretty good idea. Perhaps unsurprisingly, cracking the iPhone at the center of one of the most interesting technology cases in recent history, was not cheap. In a somewhat roundabout way, FBI Director James Comey revealed that the cost was more than $1.34 million.

Continue reading →

EFF (the Electronic Frontier Foundation) has filed a Freedom of Information (FOIA) lawsuit against the Justice Department. The digital rights group wants to learn whether the government has made use of secret court orders to force tech companies to provide access to encrypted user data.

After the Apple vs the FBI battle, there has been renewed interest in how companies handle not only encryption, but government requests for access to such data. With services such as WhatsApp enabling end-to-end encryption, attention has now switched to what might be happening in the background without users' knowledge. While Apple very publicly refused to provide decryption keys, EFF -- and others -- are concerned that secret court orders may be used to hide what is really happening.

Continue reading →

Apple has revealed that Chinese authorities have asked for access to the company's source code in the last couple of years. The revelation was made by Apple general counsel Bruce Sewell as he tried to deflect accusations that have sprung up in the wake of the San Bernardino iPhone case.

The battle between Apple and the FBI rumbled on for a while as authorities asked the iPhone manufacturer to crack encryption or provide a backdoor into the phone at the center of the case. Apple refused to help the FBI, leading to accusations that the company was failing to help US authorities whilst assisting those abroad. Apple categorically denies handing over information to the Chinese authorities.

Continue reading →

The major messaging services are now placing a greater emphasis on their users' privacy and security, following the heated encryption debate started by Apple and the FBI. Viber has just announced end-to-end encryption support, making it the second leading player this month to introduce this feature after WhatsApp.

Viber has over 700 million users across the globe, but its end to end encryption feature will not be available everywhere right away. The company is focusing on Belarus, Brazil, Israel and Thailand first, with other markets to get the same treatment in the weeks that follow.

Continue reading →

Ever since hero Edward Snowden's bombshell document leaks, the technology world has wide eyes for encryption. Sure, it was a topic prior to Snowden, but many failed to give it the focus it deserved. Thankfully, companies are now better implementing encryption, and some of them, such as Apple, are fighting for our rights too.

Today, the encryption initiative, 'Let's Encrypt', finally leaves beta. Josh Aas, ISRG Executive Director says "we set out to encrypt 100 percent of the Web. We're excited to be off to a strong start, and with so much support across the industry". If you are wondering what he means, please know that big players such as Cisco, Akamai, HP, Mozilla, Google, and Facebook are sponsoring it. But what exactly is Let’s Encrypt?

Continue reading →

The PETYA ransomware is just one of the recent examples of malware that encrypts victims' hard drives until a fee is paid. The advice from the government is not to pay the ransom -- or at least not expect to get a decryption key if you do -- but a password generator has been created that means you can decrypt your hard drive for free.

While TeslaCrypt 4 boasts 'unbreakable encryption', the same cannot be said of PETYA, although the PETYA ransomware does have the irritating habit of overwriting MBRs. This does mean that there is no way to interact with the drive on the infected computer, but with access to a spare machine to read the drive and access to the online tool created by Leostone, you could have your data back in seconds. As the tool's website proudly proclaims, you can "Get your petya encrypted disk back, WITHOUT paying ransom!!!" -- here's what you need to do.

Continue reading →

Apple's battle with the FBI has focused the attention of the technology community on encryption. But while just about all of the big players in the tech world backed Apple's refusal to create a backdoor for the FBI into iOS, Congress has a very different idea about how encryption and governmental access to data should be handled. This is perfectly demonstrated by a new bill.

The draft version of the Compliance with Court Orders Act of 2016 -- penned by Senators Diane Feinstein and Richard Burr -- would essentially force all US companies to decrypt data they may have encrypted, or to provide backdoors when asked. It's a bill described variously as 'dangerous', 'encryption-weakening', and 'anti-security', and it starts off aggressivley in stating that "no person or entity is above the law". In effect, it renders the encryption put in place by the likes of WhatsApp completely pointless as, if the bill is passed, companies would have to decrypt data on demand.

Continue reading →

Ransomware is one of the most prevalent security threats at the moment, and each week there are new examples that up the ante a little more. In recent months we have seen cross-platform ransomware, Tesla 4's unbreakable encryption, and the MBR-overwriting antics of PETYA, but a new phishing scam takes another approach.

In a cleverly orchestrated campaign, a phishing scam is doing the rounds whereby malware meets social engineering in a bid to extract cash from victims. It marries together the file-encrypting Maktub ransomware with a thinly-veiled threat -- home addresses. Quoting victims' home addresses to them serves two purposes: it adds a level of authenticity to the phishing email, but also acts as additional leverage by upping the fear level.

Continue reading →

Just a few days ago, WhatsApp trumpeted the roll out of end-to-end encryption for its messaging service. The world rejoiced. With events such as the battle between Apple and the FBI turning attention to encryption, the announcement was well-timed to ride the crest of the wave. But it seems that for all of the bluster and bravado, the news about extra protection may not be quite as good as it seems.

Analysis of WhatsApp's privacy documentation reveals that the Facebook-owned company retains a huge amount of data about messages that are sent. If this all sounds familiar, it's because the retention of metadata is precisely what the NSA was (is?) up to, trawling web communications and upsetting Edward Snowden and privacy advocates around the world. WhatsApp's encryption and policies mean that those who are concerned about their privacy should not rest on their laurels.

Continue reading →

It turned the case of the century in to the case that didn’t really happen. The battle between Apple and the FBI came to a sudden end last month when the US Justice Department said it didn’t need the iPhone manufacturer's help, and then successfully hacked its way into the iPhone in question.

With the San Bernardino shooter's iPhone seemingly successfully cracked, the FBI last night revealed to Senator Dianne Feinstein just how it managed it. There are no current plans to share this information with Apple, but FBI Director James Comey revealed that the tool that was brought in only works on the iPhone 5c.

Continue reading →

Malware is far from being a new problem, but the inexorable rise of ransomware has taken many by surprise. There have been a number of very high profile instances of ransomware such as PETYA, and the threat is perceived as being so high that the US and Canada have taken the unusual step of issuing a joint security alert.

The likes of TeslaCrypt 4 feature 'unbreakable encryption' and use scare-tactics to encourage victims to part with their money. This is what has prompted the joint alert from the US Department of Homeland Security and the Canadian Cyber Incident Response Centre which warns about "destructive ransomware variants such as Locky and Samas". Interestingly, the advisory actively discourages victims from bowing to ransom demands.

Continue reading →

It would be hugely ironic if the UK government’s plans to help it seize back control of the digital age actually pushed technology firms even further down the path of encryption.

The second version of the Investigatory Powers Bill -- or Snoopers Charter, as it has been colloquially dubbed -- was published by the Home Office on March 1. This came in light of criticism of the first version -- published in December -- from three parliamentary joint committees: the Science and Technology Committee, the Intelligence and Security Committee, and the Joint Committee for the bill itself -- which made some 86 recommendations alone.

Continue reading →

Yesterday, the FBI announced that it had managed to break into the San Bernardino shooter's iPhone sans help from Apple. The iPhone manufacturer will undoubtedly be pleased that the court case has come to an end without the company having to cave in and assist the agency.

In a statement, Apple said: "From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought". But with the FBI's previous insistence that help from Apple was absolutely essential, some serious questions remain.

Continue reading →

The US justice department has announced that it has successfully cracked the iPhone belonging to the San Bernardino shooter, Syed Farook. The FBI was able to unlock the phone without help from Apple, ending the lawsuit that had pitted the FBI against Apple.

In a statement, the Justice Department said: "The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple." It has been thought that Israeli security firm Cellebrite was helping the FBI, but the question now has to be asked about the security of other iPhones and whether law enforcement agencies will use the same technique to access data in the future.

Continue reading →

When Apple recently refused to comply with a federal court order issued by the FBI to help it break into an iPhone 5c, belonging to one of the shooters in the San Bernardino incident, a US House Judiciary Committee hearing was held.

If a ruling is made in favor of the FBI, Apple will have to weaken the encryption of its iPhone operating system, allowing the FBI to gain access to data on any iPhone. Apple’s chief executive, Tim Cook described this as the "software equivalent of cancer".

Continue reading →