Hackers Could Decrypt Your GSM Phone Calls

Hackers Could Decrypt Your GSM Phone Calls

But at the DefCon security conference in Las Vegas on Saturday, researchers from the BlackBerry are presenting an attack that can intercept GSM calls as they're transmitted over the air and decrypt them to listen back to what was said.

13-Year-Old Encryption Bugs Still Haunt Apps and IoT

13-Year-Old Encryption Bugs Still Haunt Apps and IoT

But at the Black Hat security conference in Las Vegas on Wednesday, Purdue University researcher Sze Yiu Chau has a warning for the security community about a different threat to encryption: vulnerabilities that were discovered more than a decade ago still very much persist today.

Was Bitcoin Created by This International Drug Dealer? Maybe!

Was Bitcoin Created by This International Drug Dealer? Maybe!

After a month, I was able to convince a colleague with deep cryptocurrency knowledge, someone who’d followed every twist and turn of the Satoshi saga, that Le Roux was the odds-on solution to the mystery of who created bitcoin.

Google Turns to Retro Cryptography to Keep Datasets Private

Google Turns to Retro Cryptography to Keep Datasets Private

"The net result is that we can perform this computation without exposing any individual data and only getting the aggregate result," says Amanda Walker, a privacy tools and infrastructure engineering manager at Google.

A Plan to Stop Breaches With Dead Simple Database Encryption

A Plan to Stop Breaches With Dead Simple Database Encryption

That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either.

Google's Push to Close a Major Encrypted Web Loophole

Google's Push to Close a Major Encrypted Web Loophole

Which means that today, when you register a site through Google that uses ".app," ".dev," or ".page," that page and any you build off of it are automatically added to a list that all mainstream browsers, including Chrome, Safari, Edge, Firefox, and Opera, check when they're setting up encrypted web connections.

The Clever Cryptography Behind Apple's 'Find My' Feature

The Clever Cryptography Behind Apple's 'Find My' Feature

In a background phone call with WIRED following that keynote, Apple broke down that privacy element, explaining how its "encrypted and anonymous" system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device.

The False Promise of “Lawful Access” to Private Data

The False Promise of “Lawful Access” to Private Data

Terrorists should not feel free to upload terrible images of slaughter, but neither should they be empowered to empty people’s bank accounts or to tap the phones of presidents and prime ministers.“But,” people say, “What if only legitimate requests can get into the protected communications?” Weaknesses in computer systems are discovered by attackers all the time.

Hackers Can Tell What Netflix Bandersnatch Choices You Make

Hackers Can Tell What Netflix Bandersnatch Choices You Make

In practice, though, the researchers say that they can analyze Netflix's encrypted interactive video traffic to find clues about what users are watching, and which choices they've made in their movie journeys.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

Firefox Send Is an Easy Way to Share Large Files Securely

Firefox Send Is an Easy Way to Share Large Files Securely

Even if I delete a file from some cloud storage somewhere, I don’t even know if it’s actually gone for good, or just gone from the user interface.” Because Firefox Send is end-to-end encrypted, not even Mozilla can see the contents of what you’re sharing.

Quantum Physics Could Protect the Grid From Hackers—Maybe

Quantum Physics Could Protect the Grid From Hackers—Maybe

“It’s like working on a car with its engine running.” Sungjin Kim/Getty Images Cybersecurity experts have sounded the alarm for years: Hackers are ogling the U.S. power grid. Peters’s group thinks that a utility company could use quantum-encrypted data to communicate with their hardware.

Google's Making It Easier to Encrypt Even Cheap Android Phones

Google's Making It Easier to Encrypt Even Cheap Android Phones

"The design is solid, based on trusted components, and likely to adequately protect users of the products integrating this new algorithm." The Google researchers says that they are confident in Adiantum's integrity, and they hope it will help call attention to the importance of storage encryption for IoT and other low-resource devices.

Security News This Week: Privacy Wins in Six Flags Fingerprints Ruling

Security News This Week: Privacy Wins in Six Flags Fingerprints Ruling

The case hinges on Illinois’ strict biometric security law, which passed in 2008, giving the state the strictest rules in the country for how companies can collect permanent personal data like fingerprints.

The Pitfalls of Facebook Merging Messenger, Instagram, and WhatsApp Chats

The Pitfalls of Facebook Merging Messenger, Instagram, and WhatsApp Chats

"If the goal is to allow cross-app traffic, and it’s not required to be encrypted, then what happens?" Matthew Green, Johns Hopkins University In a Wall Street Journal opinion piece on Thursday evening, Zuckerberg wrote that, "There’s no question that we collect some information for ads—but that information is generally important for security and operating our services as well." An indelible identity across Facebook's brands could have security benefits like enabling stronger anti-fraud protections.

Be Careful Using Bots on Telegram

Be Careful Using Bots on Telegram

"A bot would dramatically undercut the security properties of a chat." Kenn White, Open Crypto Audit Project But Telegram's bot platform relies instead on the Transport Layer Security protocol used in HTTPS web encryption. While researching one such malware scheme, Forcepoint accidentally discovered that Telegram chats that include bots have reduced security.

Australia's Encryption-Busting Law Could Impact the World

Australia's Encryption-Busting Law Could Impact the World

All of Australia's intelligence allies—the United States, the United Kingdom, Canada, and New Zealand, known collectively as the Five Eyes—have spent decades lobbying for these mechanisms."The debate about simplifying lawful access to encrypted communication carries a considerable risk of regulations spilling to other countries," says Lukasz Olejnik, a security and privacy researcher and member of the W3C Technical Architecture Group.

Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor

Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor

Rosenstein did, though, repeat past assertions that unyielding encryption blocks crucial investigative avenues, and potentially endangers public safety."There is nothing virtuous about refusing to help develop responsible encryption, or in shaming people who understand the dangers of creating any spaces—whether real-world or virtual—where people are free to victimize others without fear of getting caught or punished," Rosenstein said.It is not so certain, though, that encryption meaningfully hinders law enforcement to the degree that the government alleges.

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns

And in some cases, it’s easy to forget that they’re even connected to the internet.”Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla’s rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn’t take a PhD to parse."We’re trying to give people essentially a way to look at any product and what to look for, what questions to ask."Ashley Boyd, MozillaThe most surprising result of Mozilla’s testing may be how many products actually earned its seal of approval.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

But if owners of a Model S manufactured before then don't turn on that PIN—or don't pay to replace their key fob with the more strongly encrypted version—the researchers say they're still vulnerable to their key-cloning method.Keys to the KingdomLike most automotive keyless entry systems, Tesla Model S key fobs send an encrypted code, based on a secret cryptographic key, to a car's radios to trigger it to unlock and disable its immobilizer, allowing the car's engine to start.