backdoors – Page 5 – SSL and internet security news

Supply-Chain Attack against the Electron Development Platform

August 8, 2019 infossl

backdoors, Security technology, securityengineering, supplychain, vulnerabilities

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool … Read More “Supply-Chain Attack against the Electron Development Platform” »

More on Backdooring (or Not) WhatsApp

August 2, 2019 infossl

artificialintelligence, backdoors, facebook, privacy, Security technology, whatsapp

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans. The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video … Read More “More on Backdooring (or Not) WhatsApp” »

Facebook Plans on Backdooring WhatsApp

August 1, 2019 infossl

backdoors, encryption, facebook, Security technology, whatsapp

This article points out that Facebook’s planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on … Read More “Facebook Plans on Backdooring WhatsApp” »

ACLU on the GCHQ Backdoor Proposal

July 30, 2019 infossl

aclu, backdoors, encryption, gchq, Security technology, uk

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable — by me, as well. Now Jon Callas of the ACLU explains why. Powered by WPeMatico

Attorney General William Barr on Encryption Policy

July 24, 2019 infossl

backdoors, cryptowars, encryption, essays, lawenforcement, nationalsecuritypolicy, Security technology

Yesterday, Attorney General William Barr gave a major speech on encryption policy — what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access … Read More “Attorney General William Barr on Encryption Policy” »

Backdoor Built into Android Firmware

June 21, 2019 infossl

android, backdoors, crime, firmware, google, malware, phones, Security technology, supplychain

In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said … Read More “Backdoor Built into Android Firmware” »

Cryptanalyzing a Pair of Russian Encryption Algorithms

May 10, 2019 infossl

academicpapers, algorithms, backdoors, cryptanalysis, cryptography, encryption, hashes, russia, Security technology

A pair of Russia-designed cryptographic algorithms — the Kuznyechik block cipher and the Streebog hash function — have the same flawed S-box that is almost certainly an intentional backdoor. It’s just not the kind of mistake you make by accident, not in 2014. Powered by WPeMatico

Vulnerability in French Government Tchap Chat App

April 24, 2019 infossl

backdoors, france, Security technology, vulnerabilities

A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing. Powered by WPeMatico

G7 Comes Out in Favor of Encryption Backdoors

April 23, 2019 infossl

backdoors, encryption, g7, hacking, keyescrow, keys, lawenforcement, Security technology, terrorism

From a G7 meeting of interior ministers in Paris this month, an “outcome document“: Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, … Read More “G7 Comes Out in Favor of Encryption Backdoors” »

China Spying on Undersea Internet Cables

April 15, 2019 infossl

backdoors, china, espionage, nationalsecuritypolicy, Security technology, supplychain

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony networks globally, has gone to sea. Under its Huawei Marine … Read More “China Spying on Undersea Internet Cables” »