article thumbnail

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

article thumbnail

Hyundai Uses Example Keys for Encryption System

Schneier on Security

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Brexit Deal Mandates Old Insecure Crypto Algorithms

Schneier on Security

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. x and inter-operates among all major e-mail software packages.

article thumbnail

Paragon: Yet Another Cyberweapons Arms Manufacturer

Schneier on Security

Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said.

article thumbnail

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

article thumbnail

What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature

Tech Republic Security

The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.

article thumbnail

xz Utils Backdoor

Schneier on Security

modified the way the software functions. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware.