Tag: encryption?
Web3 access controls: How zero-knowledge encryption can secure user access
US NIST Unveils Winning Encryption Algorithm For IoT Data Protection
ASCON was eventually picked as the winner for being flexible, encompassing seven families, energy efficient, speedy on weak hardware, and having low overhead for short messages. NIST also considered that the algorithm had withstood the test of time, having been developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University, and winning the CAESAR cryptographic competition’s “lightweight encryption” category in 2019.
Two of ASCON’s native features highlighted in NIST’s announcement are AEAD (Authenticated Encryption with Associated Data) and hashing. AEAD is an encryption mode that provides confidentiality and authenticity for transmitted or stored data, combining symmetric encryption and MAC (message authentication code) to prevent unauthorized access or tampering. Hashing is a data integrity verification mechanism that creates a string of characters (hash) from unique inputs, allowing two data exchange points to validate that the encrypted message has not been tampered with. Despite ASCON’s lightweight nature, NIST says the scheme is powerful enough to offer some resistance to attacks from powerful quantum computers at its standard 128-bit nonce. However, this is not the goal or purpose of this standard, and lightweight cryptography algorithms should only be used for protecting ephemeral secrets. For more details on ASCON, check the algorithm’s website, or read the technical paper (PDF) submitted to NIST in May 2021.
Read more of this story at Slashdot.
Anker Admits Eufy Cameras Did Not Offer End-to-End Encryption as Promised, Pledges to Do Better
That the Eufy cameras were uploading content to the cloud was problematic because Anker has long touted the security of its Eufy devices, claiming that they feature local-only storage and end-to-end encryption for those who want a more private camera solution. Following this debacle, The Verge began trying to get answers about Eufy camera security from Anker, and Anker was providing deliberately unclear and often misleading answers about how Eufy cameras worked.
The Verge was finally able to get answers from Anker by threatening to publish a story about the company’s lack of communication, which has led to some clarification about Eufy security. Eufy cameras do not offer native end-to-end encryption, and they did indeed provide unencrypted video streams through the Eufy web portal, though Anker says this is an issue that has now been fixed. From Eufy:
Previously, after logging into our secure Web portal at eufy.com, a registered user could enter debug mode, use the Web browser’s DevTool to locate the live stream, and then play or share that link with someone else to play outside of our secure system. However, that would have been the user’s choice to share that link, and they would have needed to first log into the eufy Web portal to get this link.
Today, based on industry feedback and out of an abundance of caution, the eufy Security Web portal now prohibits users from entering debug mode, and the code has been hardened and obfuscated. In addition, the video stream content is encrypted, which means that these video streams can no longer be played on third-party media players such as VLC.
I should note, however, that only 0.1 percent of our current daily users use the secure Web portal feature at eufy.com. Most of our users use the eufy Security app to view live streams. Either way, the previous design of our Web portal had some issues, which have since been resolved.
Video stream requests originating from the Eufy web portal will be end-to-end encrypted going forward, as they are with the Eufy app, which Anker says is the primary way that Eufy users access camera streams. Anker says that every Eufy camera is being updated to use WebRTC, which is encrypted by default, and it will no longer be possible to play Eufy video streams through third-party apps.
Anker was regretful about its lack of communication, and said that it would do better in the future. The company is bringing in third-party security companies to audit the Eufy security products, and it is working on an official bug bounty program. Anker will also establish a security micro-site in February, and will provide customers with more information on the changes that have been implemented.
For those who are interested in the full details of what Eufy has to say, The Verge published its complete email communications with Anker spokespeople.
This article, “Anker Admits Eufy Cameras Did Not Offer End-to-End Encryption as Promised, Pledges to Do Better” first appeared on MacRumors.com
Discuss this article in our forums
Meta’s bringing end-to-end encryption to all Messenger users, but not all at once
CircleCI says hackers stole encryption keys and customers’ secrets
CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month. The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing […]
CircleCI says hackers stole encryption keys and customers’ secrets by Zack Whittaker originally published on TechCrunch
CircleCI says hackers stole encryption keys and customers’ source code
CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month. The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing […]
CircleCI says hackers stole encryption keys and customers’ source code by Zack Whittaker originally published on TechCrunch
The Year Ahead in Encryption
Lucas Ropek covers cybersecurity and privacy for Gizmodo. You can follow his coverage here, and email story ideas and tips to lropek@gizmodo.com.