17.8 C
London
Wednesday, August 16, 2017
Home Tags Apple iMessage

Tag: Apple iMessage

The DOJ wants Apple return to security levels present in iOS 7, before default encryption. Two weeks ahead of a scheduled court date, Apple continues to publicly battle the FBI's request to unlock one of its iPhones.
Senior Vice President of Software Engineering Craig Federighi on Sunday penned an opinion piece for the Washington Post, which suggests that compliance will set mobile security back at least three years. The U.S. Justice Department, he said, believes security on iOS 7 was "good enough," so Apple should roll back to the security level of that operating system. "But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers," Federighi wrote. "What's worse, some of their methods have been productized and are now available for sale to attackers who are less skilled by often more malicious." Apple decided to encrypt its mobile operating system by default beginning with iOS 8, meaning device-level data is inaccessible even to Cupertino, so the company cannot turn over things like phone passcodes and iMessage chats to the feds. But following a December terrorist attack in California, the government is itching to access an iPhone 5c issued to one of the shooters, Syed Rizwan Farook, by his employer, the San Bernardino Health Department. The FBI wants Apple to create a new mobile operating system, which could disable a feature that wipes the gadget after 10 incorrect password guesses—"intentionally creating a vulnerability that would let the government force its way into an iPhone," Federighi said. "Once created, this software—which law enforcement has conceded it wants to apply to many iPhones—would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all," he added. The tech titan is even willing to take its fight against the FBI over iPhone backdoors all the way to the Supreme Court, where it would have the support of numerous industry heavyweights. Oral arguments are set for March 22 in federal court.
Just like in the movies, smart cyber criminals will simply use Russian technology instead. The majority of encryption products on the market today are developed outside the United States, according to a new report, raising serious doubts about whether the U.S. government could actually limit encryption tools by building backdoors for law enforcement access. Of the 865 hardware or software products incorporating encryption that the report's authors surveyed, 546 products originate from foreign countries. If the U.S. passes a law requiring encryption products to have backdoors for law enforcement, what's to stop the bad guys from using an encryption tool from a country that doesn't have such a law? There's nothing too Earth-shattering about a report that simply takes inventory of encryption products available worldwide. Moreover, the authors are quick to note that their tally is a work in progress and is probably on the low side. But it comes at a pivotal time in the debate over how much access law enforcement should have to citizens' data in the U.S. and other Western nations. Apple, Google, and other companies are embroiled in a tussle with the FBI, which wants access to iMessage and other communications tools for investigative purposes. To facilitate this, state lawmakers in New York and California have introduced bills that would ban the sale of encrypted smartphones, though Congress is pushing back on that.  Law enforcement agencies face numerous challenges as they try to outmaneuver the most advanced cyber criminals and terrorists, who will be savvy enough to avoid encryption tools from countries that pass backdoor laws. The problem is ensuring that law-abiding citizens aren't caught in the crossfire. As the report's authors wrote, "Any national law mandating encryption backdoors will overwhelmingly affect the innocent users of those products."
The ENCRYPT Act comes after New York and California moved to weaken smartphone encryption. Two members of Congress are trying to stop states from weakening encryption. Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Tex.) introduced a bill on Wednesday that would stop states from mandating that a company intentionally weaken its smartphone encryption to facilitate law enforcement action. The bill, known as the ENCRYPT Act, is surprisingly short, saying simply that no state or local muncipality can place restrictions or rules upon device manufacturers, app developers, or product sellers. More specifically, it targets the idea of forcing companies to more easily allow those local governments to "have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service." The bill was presented to Congress just weeks after New York and California lawmakers introduced their own bills that would ban the sale of encrypted smartphones. Since Apple and Google encrypt their most recent operating systems by default, though, that would make it difficult to sell iPhones or Android-based devices in those two states. Neither bill has seen activity since being introduced, however. "Different rules in different states create a myriad of issues and will actually make it more difficult for law enforcement officials. We need a unified approach to this issue that both protects security and privacy while enabling law enforcement to keep us safe," Rep. Farenthold said in a statement. "The California and New York proposals do not solve the problem. We need to keep free market and trade between the several states robust, not promote a false sense of security and require things like backdoors and golden keys that can be exploited by hackers." "The ENCRYPT Act makes sure that this conversation happens in a place that does not disrupt interstate commerce," Rep. Lieu said. Regardless of what happens on Capitol Hill, all these bills again bring up the issue of encryption. Law enforcement officials have criticized Apple and Google for hardening their communication platforms. Indeed, if an iMessage user were to communicate with another, it would be impossible for Apple, as well as law enforcement, to intercept that communication. Law enforcement agencies say such features put the public at risk. Apple and Google, among others, say they're protecting individual rights to privacy and security, and have no plans to alter their OSes.
An extra layer of security isn't just for iCloud users anymore. Apple brings two-step verification to its FaceTime and iMessage apps. Apple is extending the reach of its two-step verification process to protec...
Apple has strengthened security for its text and video messaging applications by adding two-factor authentication (2FA), but security experts say more could be done to protect users. The ability to use 2FA was added to Apple’s iTunes and iCloud accounts in March 2013, but Apple has extended the security functionality to iMessage and FaceTime only now. By requiring users of iMessages and FaceTime on iPhone, iPad and Mac computers to enter a security code after the usual username and password, makes it more difficult for hackers to take over accounts. The added protection means that even if a hacker is able to steal a valid username and password, they will not be able to access user accounts without an SMS text code or emergency recovery code. This will prevent hackers from taking over accounts to send messages to contacts to get them to share personal information. Apple advises users not to store the recovery code on a mobile device or computer because that could give an unauthorised user a way to access Apple accounts.   While welcoming the move, Rik Ferguson, vice president of security research at Trend Micro told The Guardian that more should be done to secure user accounts. He points out that Apple’s two-step authentication is not the same as fully-fledged 2FA, which typically requires a physical second factor like a token, card or biometric. Ferguson said two-step authentication used by Apple, Google and Facebook is simply two things the user knows, but does not require them to have anything physical to authenticate themselves. Two-step authentication methods that do not have a physical element are much more easily subverted because they rely or text SMS messages that could be diverted by attackers. To enable the extra security, iMessage and FaceTime users need to access to My Apple ID, select “Manage your Apple ID” and sign. Next, select “Password and Security” and under “Two-Step Authentication” select “Get Started” and follow the instructions. At a recent security conference in London, Global Identity Foundation chief executive Paul Simmonds criticised the technology security industry for failing to provide a universally acceptable method of authentication. “We do not architect for de-perimeterisation, we have an obsession with control, we lack an identity that can be used across all entities,” he said. For example, Simmonds said FaceTime, Google Voice and Skype can be used securely only within a company using something like Silent Circle encryption services, but there is no interoperability outside that private locus of control. The Global Identity Foundation believes that, by taking a different approach to identity in which only authoritative sources can assert attributes, it will be possible to create a global identity system that will be truly privacy enhancing; that scales globally. The organisation also hopes the system can support all entities in a single identity eco-system that is globally accepted by all parties who need to rely on a digital identity with a known level of trust. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Apple enabled 2FA for iCloud in September.
Suit complains of misleading and anti-competitive behavior.
The company is moved to make a statement after a researcher presents a hack that could allow the company to read iMessages. October 18, 2013 5:58 AM PDT (Credit: James Martin/CNET) Apple has said time and again in the wake of the NSA snooping sca...