One month after publicly supporting Apple in its fight for encryption, chat app company WhatsApp now features end-to-end encryption in its client. In essence, whether you're calling someone, sending a file, messaging, hosting a group chat, or anything else, you can be rest assured it's completely private from hackers, WhatsApp, and anyone else you might be paranoid about.
"We live in a world where more of our data is digitized than ever before," company CEO and founder Jan Koum says of the change. "Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people's digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities."
We reported yesterday that the FBI had broken into the iPhone 5C used by the San Bernardino shooter, without Apple's help. It's now being reported that Appel can't force the FBI to disclose just how it broke into their smartphone.
The FBI reportedly tapped the help of an Israeli security firm, which broke into the iPhone 5C, and with Apple unable to force the FBI to show them how they did that, it could mean that other iPhones could be broken into. Why? Because Apple can't fix the security hole that the FBI went through - mainly for iPhone users, but it's obviously a hole that Apple don't know about, or at least they don't know which method the FBI used. It's quite scary there's an easy hole for a company that's not Apple, nor the FBI, can use to break into iPhones - quite easily, it seems.
Ars Technica talked with a law enforcement official, who said: "We cannot comment on the possibility of future disclosures to Apple. [There] are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences," he said while explaining the Vulnerabilities Equities Process". So, there's no legal requirement of the FBI to disclose how it broke through Apple's much-touted security... well now.
FBI 1, Apple 0.
Last week it became apparent Amazon had not included support for local encryption with Fire OS 5, which would seem to contradict its support of Apple's fight for encryption. Asked for comment on exactly that and why they would drop support when it seems all the work is done by Google anyway, an Amazon spokesperson simply told us, "We will return the option for full disk encryption with a Fire OS update coming this spring."
Amazon initially said its customers "weren't using" local encryption, so it decided not to include support for it, which appeared flimsy reasoning. Whatever the case, the company has wisely decided to change course, likely in light of how it looks currently.
For what feels like forever, Windows users have been at the butt of attacks from Mac users when it comes to "but Windows is open, and gets hit by viruses, malware, and ransomware all the time". Well, that might be something of the past now.
Palo Alto Networks is claiming it's discovered the first known OS X-based ransomware, known as "KeRanger". How do you get it? You download software infected with the nasty code, with BitTorrent client Transmission, where it will encrypt your files after 72 hours, after which it'll demand that you hand over digital currency ransom to get your files back. Nice.
The latest version of Transmission, alongside Apple revoking a security certificate from another developer that KeRanger used to get past OS X's built-in defenses, should keep you safe. But, this should act as a warning: OS X isn't as safe as most people think it is, and this could be the tip of the iceberg in the months, and years to come.
Amazon's Fire OS 5 came out in September, but only now is it being discovered that the operating system no longer supports local encryption (which makes data accessible only with a passcode or key). Concerns have arisen as a result, given Amazon just filed a brief supporting Apple's defense of encryption.
Fire OS is built on Android's open-source code, which has offered local encryption for years. Fire OS 5 doesn't support the feature it turns out, and Amazon's statement on why doesn't help clear matters up much.
Yesterday, Twitter, Reddit, and 15 other tech companies collectively filed an amicus brief in support of Apple and its defense of smartphone encryption. For reason unclear, other giants like Microsoft and Facebook -- which have publicly announced their support -- were not included. However, they have filed their own separate brief with the same goal.
Microsoft President and CLO Brad Smith writes in a blog post of the case, "The fact that we're discussing the All Writs Act across the country is a telling indication of the urgent need to update antiquated rules that govern digital technology and privacy. If we are to protect personal privacy and keep people safe, 21st century technology must be governed by 21st century legislation. What's needed are modern laws passed by our elected representatives in Congress, after a well-informed, transparent, and public debate."
Not all figures within the US government oppose encryption, today shows.
Secretary of Defense Ashton Carter made his position on the matter clear today at the RSA 2016 security conference, stating, "I'm not a believer in backdoors. It's not realistic and it's not technically accurate," later continuing, "[The Department of Defense is] not in the executive branch seeking legislation of this kind. I don't think writing a law without an exploration of all the technical solutions out there [is a good idea]."
He also isn't a fan of implementing "a law written by people [without tech expertise] or written in an atmosphere of anger and grief" and feels that one case shouldn't "drive the solution."
"We have to innovate our way to a sensible result," he finished.
A landmark decision has been reached in the ongoing data encryption war. A US magistrate judge in New York, presiding over a drug trafficking case, has ruled Apple cannot be forced to unlock an iPhone by the US government, which has been using the more than 100 year-old All Writs Act (AWA) as part of its argument. While this doesn't directly involve the bigger San Bernardino terrorism case, it's a big win for Apple and smartphone users in general who support their right to encryption, and will certainly help its argument in that case.
"The established rules for interpreting a statute's text constrain me to reject the government's interpretation that the AWA empowers a court to grant any relief not outright prohibited by law," magistrate Judge James Orenstein stated in his order.
Apple today asked a judge to throw out the order requiring it to hack the phone of an attacker in the San Bernardino case and followed it up with a request of its own: that its peers stand behind it to fight for privacy.
That's happened with Microsoft, whose President and Chief Legal Officer Brad Smith declared in a congressional hearing yesterday his company's "wholehearted" support of Apple's position, and that it would file an amicus brief next week to that end. (An amicus brief is a filing that allows those not directly involved in a case to have their say in it.)
Sources close to the company and security experts are saying Apple is currently working on upgrading its iPhone security measures, which would shield them from potential win by the government in the ongoing encryption war. It's said they've been working on it since before the San Bernardino attack.
The new security would be configured in such a way that a backdoor couldn't be created for it at the government's request (as is currently the case). Specifically, it addresses the vulnerability introduced by the troubleshooting system that allows Apple to update system software without a password. Once the new security in place, the government could request all it likes: Apple wouldn't be able to oblige even if it wanted to.
Experts believe Apple will be able to go through with it. Should the government win the fight, it's expected a new round of court battles would begin, at which point Apple may introduce yet more security measures, and round and round we go. In other words, Apple currently has the upper hand and will for the foreseeable future, barring Congress involvement.