Contemporary encryption is practically unbreakable. Because of that, attackers don’t bother breaking it but look for ways to bypass it and still access users’ data. Whether these workarounds work or not, comes down to the implementation of encryption algorithms. Here’s what the methods are and why they wouldn’t work against Secure Group’s products.
You can’t overstate how central smartphones have become to people’s lives. The average time a person spends using their mobile device is about five hours a day – one-third of the time a person is awake. Nothing wrong with that really. Until you consider how much data – often personal – this activity involves. Android phones are inherently insecure in the way they handle this data. And while volumes of it leak all the time, there is no shortage of parties looking to put your data to malicious use.
It has been a busy weekend for those concerned with online privacy. Last Friday, the Guardian reported about research that claims to have detected a security loophole in the way WhatsApp employs its end-to-end encryption protocol, Signal. A day later, the protocol’s developers, Open Whisper Systems, responded that what the research claims is a vulnerability, is actually a feature – and definitely not a backdoor. But is one of the most popular end-to-end encrypted instant messengers really backdoored?
Earlier this month, we began what we hope to become a regularly updated newsletter rounding up relevant news articles about security and privacy concerns in the world today, in order to inform our customers and anyone interested in these issues.
Two weeks ago, a frightening vulnerability was discovered on Android phones. Dubbed Stagefright, it allows an attacker potential access to higher functions of your phone by simply sending you a text message with attached and infected media, such as a video or audio clip, or a photo. Luckily, this flaw was discovered relatively early by Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake. A patch was also provided by Drake and co. and Google was quickly alerted to the problem and solution both. End of story? Unfortunately no. Patching issues and new vulnerabilities have complicated things, and your android phone may be vulnerable a while yet.
In the interest of keeping our clients informed about relevant security and privacy issues in the world today, Secure Group wants to share with you some of the top related stories in the past few weeks. We plan to continue this roundup on a monthly basis, and wherever possible, follow up on these stories throughout the month.
In order to stay as current as possible, we’ll start in reverse chronological order.
- EFF’s Street Level Surveillance Project
- EFF and Coalition aim to improve “Do Not Track” browser function via policy
- CISA to return to the senate floor this week
- Massive Android Exploit Discovered
- Poitras, Snowden Documentary Film-maker (CitizenFour), sues US Government for access to Airport Detainment and Search records
- Kill-Switch” legislation enacted in California“
Hot new Encrypted Phone Crumbles at Def Con