Tag: encryption?
Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico
In a YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico. According to the researcher, targeted attacks can bypass BitLocker’s encryption by directly accessing the hardware and extracting the encryption keys stored…
Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico
In a YouTube video, security researcher Stacksmashing demonstrated that hackers can extract the BitLocker encryption key from Windows PCs in just 43 seconds using a $4 Raspberry Pi Pico. According to the researcher, targeted attacks can bypass BitLocker’s encryption by directly accessing the hardware and extracting the encryption keys stored…
Google Plans To Add End-To-End Encryption To Authenticator
Security researchers Mysk highlighted some of these risks in a post on Twitter, noting that “if there’s ever a data breach or if someone obtains access to your Google Account, all of your 2FA secrets would be compromised.” They added that Google could potentially use the information linked to your accounts to serve personalized ads and also advised users not to use the syncing feature until it supports E2EE. Brand pushed back against the criticism, stating that while Google encrypts “data in transit, and at rest, across our products, including in Google Authenticator,” applying E2EE comes at the “cost of enabling users to get locked out of their own data without recovery.”
Read more of this story at Slashdot.
WhatsApp and Signal would leave the UK rather than comply with potential requirement for weakened encryption
WhatsApp Would Not Remove End-To-End Encryption For UK Law, Says Chief
He said: “It’s a remarkable thing to think about. There isn’t a way to change it in just one part of the world. Some countries have chosen to block it: that’s the reality of shipping a secure product. We’ve recently been blocked in Iran, for example. But we’ve never seen a liberal democracy do that. “The reality is, our users all around the world want security,” said Cathcart. “Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”
The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so, Cathcart said. The online safety bill is a concerning expansion of that power, because of the “grey area” in the legislation. Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta’s annual turnover — unless it pulled out of the UK market entirely.
Read more of this story at Slashdot.
WhatsApp Has Started a Fight With the UK About Encryption
WhatsApp Says It Would Leave UK If Government Tried to Weaken Encryption
End-to-end encryption ensures that only the user and the person they are communicating with can read or listen to what is sent, and nobody in between, not even Meta/Facebook, can gain access to this content. However, the government, and some child-protection charities, argue that such encryption hinders efforts to combat the growing problem of online child abuse.
Under the bill, the government could force WhatsApp to apply content moderation policies that are impossible to implement without removing end-to-end encryption. If WhatsApp refused to do so, it could face fines of up to 4 percent of its parent company Meta’s annual turnover.
But speaking during a U.K. visit in which he will meet legislators to discuss the government’s internet regulation, Meta’s head of WhatsApp, Will Cathcart, said it would refuse to comply if asked to weaken its encryption, since it would do so for all users.
“Our users all around the world want security – 98% of our users are outside the U.K., they do not want us to lower the security of the product,” he said, adding that the app would rather accept being blocked in the U.K. “We’ve recently been blocked in Iran, for example. We’ve never seen a liberal democracy do that.”
Encrypted messaging app Signal’s president Meredith Whittaker also recently said it “would absolutely, 100% walk” and halt its service in the U.K. if the bill required it to scan messages.
Asked if he would go as far as Signal, Cathcart told the BBC: “We won’t lower the security of WhatsApp. We have never done that – and we have accepted being blocked in other parts of the world.”
“When a liberal democracy says, ‘Is it OK to scan everyone’s private communication for illegal content?’ that emboldens countries around the world that have very different definitions of illegal content to propose the same thing,” Cathcart said.
WhatsApp is the most popular messaging platform in the U.K., used by more than seven in 10 adults who are online, according to communication regulator Ofcom.
The U.K. government’s Online Safety Bill is expected to return to parliament this summer.
This article, “WhatsApp Says It Would Leave UK If Government Tried to Weaken Encryption” first appeared on MacRumors.com
Discuss this article in our forums
Google expands Gmail client-side encryption to more users
Google says client-side encryption (CSE) is now generally available for Gmail after it enabled the feature on Drive, Docs, Slides, Sheets and Meet last year and in Calendar earlier this month. The company opened a CSE beta for Gmail and Calendar late last year, but now all organizations on a Google Workspace Enterprise Plus, Education Plus or Education Standard plan can enable the privacy protection feature. The option isn’t available on personal Workspace plans or Google accounts just yet.
Although Workspace “encrypts data at rest and in transit by using secure-by-design cryptographic libraries,” CSE gives organizations total control over their encryption keys. “Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers,” Google wrote in a blog post.
Workspace admins will need to enable CSE, which is off by default. Once it’s enabled for your organization, you can add CSE to any message in Gmail by clicking the lock icon on the right side of the “To” field and turning on the “Additional encryption” option. The compose panel will turn blue and may read “New encrypted message.” Meanwhile, in Calendar, you can click the shield icon next to an event title to add “additional encryption” to the description, attachments and Google Meet call.
Encrypting the likes of Drive files and Calendar events is certainly welcome, but CSE protections may be most effective in Gmail. Organizations are perhaps more likely to send emails externally than share files or calendar invites with third-parties, after all. In any case, Google says that all essential Workspace apps are now covered by CSE.
This article originally appeared on Engadget at https://www.engadget.com/google-expands-gmail-client-side-encryption-to-more-users-171226086.html?src=rss