Encryption

Tim Cook appears to be using his international tour, which so far includes Israel, Germany and the UK, to push a second product every bit as hard as the Apple Watch: privacy. In an interview with the German newspaper BILD posted yesterday (paywall), Cook went as far as to praise Edward Snowden for his role in prompting discussion of the issue.

If Snowden did anything for us at all, then it was to get us to talk more about these things. [Apple’s] values have always been the same.

The comments follow a meeting with German Chancellor Angela Merkel, at which data privacy was reportedly a key topic. Cook also told the Telegraph last week that “none of us should accept that the government or a company or anybody should have access to all of our private information.” Cook has in the past resisted FBI pressure to compromise its strong encryption, and was the only tech CEO to attend a recent White House cybersecurity summit.

In the BILD interview, Cook reiterated Apple’s stance on privacy, and also said that as Apple had grown larger, it had taken deliberate decisions to be less secretive about some aspects of its business … 
Expand
Expanding
Close

Apple CEO Tim Cook is scheduled to speak at a White House “cyber summit” at the end of the week, The Hill reported today. The White House is expected to unveil a new cybersecurity program during the summit, and is bringing together leaders in technology and government to address the issue.

Cook’s exact talking points haven’t been revealed, but Apple has previously taken strong stances on issues of customer privacy—putting it in direct conflict with the Department of Justice at times.

Expand
Expanding
Close

The popular secure password management app 1Password is out with a big update today adding new features on both iOS and Mac. Arriving in version 5.2 of 1Password for iOS is a new login creator tool, a one-time password tool for use with two factor auth, new entry fields for pro users, and more. On the Mac side, 1Password version 5.1 was released adding a number of improvements to sync. This includes the ability to sync secondary vaults to iOS over WiFi. More on the major new features below:

Expand
Expanding
Close

For several months we’ve followed the U.S. government’s attempts to work around encryption in chat apps, even taking the hyperbole to an illogical extreme at one point, but we haven’t yet seen similar threats from other nations… or at least, we hadn’t until today.

British prime minister David Cameron said today that unless the government is given backdoor access to encrypted messaging services, he’s just going to outlaw them:

Expand
Expanding
Close

Bloomberg reports that a Manhattan District Attorney is challenging recent moves by Apple, Google and other tech companies by suggesting government pass laws that prevent mobile devices from being “sealed off from law enforcement.” In an interview this week, the government official called it “an issue of public safety.”
Expand
Expanding
Close

Apple and the government have long been engaged in a bitter war of words over encryption and security practices employed in Apple’s iOS devices, but a new Wall Street Journal report indicates that the Department of Justice is really starting to take the rhetoric to the next level.

According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child.
Expand
Expanding
Close

FBI Director James Comey isn’t backing down from his position that Apple and Google are wrong to encrypt customer smartphone data preventing law enforcement agencies the possibility of access if requested. After last month sharing that the FBI was in talks with the two companies to discuss concerns with marketing devices as being inaccessible to third-parties including the government, the FBI Director spoke with CBS News in an interview where he continued to make the case against such encryption…
Expand
Expanding
Close

United States Attorney General Eric Holder, who announced plans to resign earlier this week pending confirmation of a successor, has criticized Apple and Google for encrypting smartphone data beyond law enforcement official access, Reuters reports.

“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said in a speech before the Global Alliance Against Child Sexual Abuse Online.

Expand
Expanding
Close

Director of the Federal Bureau of Investigation James Comey expressed his concern today over Apple and Google’s decision to encrypt information stored on smartphones, the Huffington Post reports, adding that FBI officials are pushing both companies to change their policies in order to allow law enforcement officials to access data in certain instances.

“I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law,” Comey told reporters at FBI headquarters in Washington. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”

In the case of the iPhone maker, Apple CEO Tim Cook used the company’s privacy stance as a major marketing point on a number of occasions over the past month.
Expand
Expanding
Close

Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses. 

The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below):
Expand
Expanding
Close

Yes, another secure and ephemeral messaging app. There’s Wickr, Snapchat, Confide, so what makes Wiper Messenger different? I’ve had the chance to play around with the new free chatting app on iOS, and it seems to act as a fusion of WhatsApp, Snapchat, and Wickr. The app prompts you for your email address or phone number in order to create your account, and then you are brought to a fairly simple interface with three tabs across the bottom: Chats, Contacts, and More. Let’s go tab-by-tab:

Expand
Expanding
Close

We showed you Box’s big 3.0 rewrite of its iPhone and iPad app earlier this year and today the cloud service is adding a major feature for its users: Box Notes. Box introduced its Notes feature to users last month, and now it is extending support for Box Notes to iPhone and iPad users.

The company says it’s focus on security for business users makes its approach to collaborative note capturing and sharing differently than other offerings. Box’s new Notes feature on iPhone and iPad is presented in the same app as other media stored in the cloud service as it’s a single app to know and manage.

Expand
Expanding
Close

Security researcher Andreas Kurtz has discovered that versions of iOS 7, including iOS 7.1.1 (the current release), iOS 7.1, and iOS 7.0.4 do not encrypt email attachments in the bundled Mail application. This is an issue itself, but more worrisome as iOS, according to Apple, is supposed to encrypt email attachments. Here’s a page from Apple’s website indicating that:

Expand
Expanding
Close

FileVault has been included in Macs by Apple since the release of Panther many years ago. In Apple’s most recent release, OS X Lion, the company included FileVault that brought new ways of encryption. FileVault lets you encrypt your entire drive with a master password to protect key-chain passwords, files, and more. FileVault 2 uses a separate partition to store the FileVault login information.

Cnet pointed us to a new report from password recovery company PassWare, who claimed it can decrypt Apple’s FileVault 2 in under 40 minutes. Obviously, this is a big concern because FileVault contains so much of users’ information.

PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition (so the machine must assumedly be running?). From there, a user can uncover keychain files and login passwords that can be used to unlock the whole HDD/SSD.

PassWare conveniently makes PassWare 11.3 available to do this, but you will have to throw down a lofty $995 to get the software. PassWare makes this software primarily available for law enforcement.

Expand
Expanding
Close

Popular game platform Steam, owned by Valve, has been hacked (via PC Gamer). Hackers were able to get into a Steam database, which included encrypted credit card information and passwords of many of its users. Steam isn’t sure at this point if the encryption of the credit card numbers or passwords have been obtained, but warns users to be on the look out for malicious activity. Steam’s Gabe Newell said in a statement to users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

Steam is currently keeping their forums closed down while they investigate the situation. The Steam platform hasn’t been knocked down, however. Gabe’s full statement after the break:

Expand
Expanding
Close