Google is kicking off a new publicity campaign today to pressure Apple into adopting RCS, the cross-platform messaging protocol that's meant to be a successor to the aging SMS and MMS standards. From a report: The search giant has a new "Get The Message" website that lays out a familiar set of arguments for why Apple should support the standard, revolving around smoother messaging between iPhone and Android devices. Naturally, there's also a #GetTheMessage hashtag to really get those viral juices flowing. For most people, the problems Google describes are most familiar in the form of the green bubbles that signify messages to Android users in Apple's Messages app. While the iPhone app uses Apple's own iMessage service to send texts between iPhones (complete with modern features like encryption, support for group chats, and high-quality image and video transfers), they revert to old-fashioned SMS and MMS when texting an Android user. Not only are these messages shown in a color-clashing green bubble but also they break many of the modern messaging features people have come to rely on.

An anonymous reader quotes a report from The Register: The head of WhatsApp will not compromise the security of its messenger service to bend to the UK government's efforts to scan private conversations. Will Cathcart, who has been at parent company Meta for more than 12 years and head of WhatsApp since 2019, told the BBC that the popular communications service wouldn't downgrade or bypass its end-to-end encryption (EE2E) just for British snoops, saying it would be "foolish" to do so and that WhatsApp needs to offer a consistent set of standards around the globe. "If we had to lower security for the world, to accommodate the requirement in one country, that ... would be very foolish for us to accept, making our product less desirable to 98 percent of our users because of the requirements from 2 percent," Cathcart told the broadcaster. "What's being proposed is that we -- either directly or indirectly through software -- read everyone's messages. I don't think people want that."

Strong EE2E ensures that only the intended sender and receiver of a message can read it, and not even the provider of the communications channel nor anyone eavesdropping on the encrypted chatter. The UK government is proposing that app builders add an automated AI-powered scanner in the pipeline -- ideally in the client app -- to detect and report illegal content, in this case child sex abuse material (CSAM).

The upside is that at least messages are encrypted as usual when transmitted: the software on your phone, say, studies the material, and continues on as normal if the data is deemed CSAM-free. One downside is that any false positives mean people's private communications get flagged up and potentially analyzed by law enforcement or a government agent. Another downside is that the definition of what is filtered may gradually change over time, and before you know it: everyone's conversations are being automatically screened for things politicians have decided are verboten. And another downside is that client-side AI models that don't produce a lot of false positives are likely to be easily defeated, and are mainly good for catching well-known, unaltered CSAM examples.

In the US government's ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms. From a report: Last month, the US Department of Commerce's National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer. In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE.

U.S. law let's companies like Google and Amazon's Ring doorbell/security camera system "share user footage with police during emergencies without consent and without warrants," CNET reported this week. They add that after that revelation "came under renewed criticism from privacy activists this month after disclosing it gave video footage to police in more than 10 cases without users' consent thus far in 2022 in what it described as 'emergency situations'."

"That includes instances where the police didn't have a warrant." "So far this year, Ring has provided videos to law enforcement in response to an emergency request only 11 times," Amazon vice president of public policy Brian Huseman wrote. "In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay...." Of the 11 emergency requests Ring has complied with so far in 2022, the company said they include cases involving kidnapping, self-harm and attempted murder, but it won't provide further details, including information about which agencies or countries the requests came from.

We also asked Ring if it notified customers after the company had granted law enforcement access to their footage without their consent.

"We have nothing to share," the spokesperson responded.
CNET also supplies this historical context: It's been barely a year since Ring made the decision to stop allowing police to email users to request footage. Facing criticism that requests like those were subverting the warrant process and contributing to police overreach, Ring directed police instead to post public requests for assistance in the Neighbors app, where community members are free to view and comment on them (or opt out of seeing them altogether)... That post made no mention of a workaround for the police during emergency circumstances.
When CNET asked why that workaround wasn't mentioned, Amazon response was that law enforcement requests, "including emergency requests, are directed to Ring (the company), the same way a warrant or subpoena is directed to Ring (and not the customer), which is why we treat them entirely separately."

CNET notes there's also no mention of warrantless emergency requests without independent oversight in Ring's own transparency reports about law enforcement requests from past years.

CNET adds that it's not just Amazon. "Google, Ring and other companies that process user video footage have a legal basis for warrantless disclosure without consent during emergency situations, and it's up to them to decide whether or not to do so when the police come calling...." (Although Google told CNET that while it reserves the right to comply with warrantless requests for user data during emergencies, to date it has never actually done so.) The article also points out that "Others, most notably Apple, use end-to-end encryption as the default setting for user video, which blocks the company from sharing that video at all... Ring enabled end-to-end encryption as an option for users in 2021, but it isn't the default setting, and Ring notes that turning it on will break certain features, including the ability to view your video feed on a third-party device like a smart TV, or even Amazon devices like the Echo Show smart display."

The bottom line? [C]onsumers have a choice to make about what they're comfortable with... That said, you can't make informed choices when you aren't well-informed to begin with, and the brands in question don't always make it easy to understand their policies and practices. Ring published a blog post last year walking through its new, public-facing format for police footage requests, but there was no mention of emergency exceptions granted without user consent or independent oversight, the details of which only came to light after a Senate probe. Google describes its emergency sharing policies within its Terms of Service, but the language doesn't make it clear that those cases include instances where footage may be shared without a warrant, subpoena or court order compelling Google to do so.

As reported by CNET, Google will allow law enforcement to access data from its Nest products -- or theoretically any other data you store with Google -- without a warrant. PetaPixel reports: "If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency -- for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing person cases," reads Google's TOS page on government requests for user information. "We still consider these requests in light of applicable laws and our policies."

An unnamed Nest spokesperson did tell CNET that the company tries to give its users notice when it provides their data under these circumstances. Google "reserves the right" to make emergency disclosures to law enforcement even when there is no legal requirement to do so. "A provider like Google may disclose information to law enforcement without a subpoena or a warrant 'if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency,'" a Nest spokesperson tells CNET.

While Amazon and Google have both said they would hand over a user's data to law enforcement without a warrant, Arlo, Apple, Wyze, and Anker, owner of Eufy, all confirmed to CNET that they won't give authorities access to a user's smart home camera's footage unless they're shown a warrant or court order. These companies would be legally bound to provide data to the authorities if they were shown a legal document. But, unlike Google and Amazon, they will not otherwise share camera footage with law enforcement, even if they had an emergency request for data. Apple's default setting for video cameras connected via Homekit is end-to-end encryption which means the company is unable to share user video at all. In an updated statement, a Google spokesperson clarified that they have never sent Nest data to authorities, "but it's important that we reserve the right to do so."

They added: "To reiterate, and as we've specified in our privacy commitments, we will only share video footage and audio recordings with third-party apps and services that work with our devices if you or a member of your home explicitly gives us permission, and we'll only ask for this permission in order to provide a helpful experience from an approved partner (such as a home security service provider)."

Between 1850 and 1855, someone published a series of unusual ads in the British newspaper The Times. They were made up of a series of seemingly random letters, apparently gobbledygook. An anonymous reader adds: Almost 200 years later, a group of codebreakers has finally been able to decrypt some of them and read what they said, discovering that they were actually encrypted messages from a rescue expedition in the Arctic Ocean.

Tech companies should move ahead with controversial technology that scans for child abuse imagery on users' phones, the technical heads of GCHQ and the UK's National Cybersecurity Centre have said. From a report: So-called "client-side scanning" would involve service providers such as Facebook or Apple building software that monitors communications for suspicious activity without needing to share the contents of messages with a centralised server. Ian Levy, the NCSC's technical director, and Crispin Robinson, the technical director of cryptanalysis -- codebreaking -- at GCHQ, said the technology could protect children and privacy at the same time.

"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter," they wrote in a discussion paper published on Thursday, which the pair said was "not government policy." They argued that opposition to proposals for client-side scanning -- most famously a plan from Apple, now paused indefinitely, to scan photos before they are uploaded to the company's image-sharing service -- rested on specific flaws, which were fixable in practice. They suggested, for instance, requiring the involvement of multiple child protection NGOs, to guard against any individual government using the scanning apparatus to spy on civilians; and using encryption to ensure that the platform never sees any images that are passed to humans for moderation, instead involving only those same NGOs.

An anonymous reader quotes a report from TechCrunch: The Russia-linked hacking group behind the infamous SolarWinds espionage campaign is now using Google Drive to stealthily deliver malware to its latest victims. That's according to researchers at Palo Alto Networks' Unit 42 threat intelligence team, who said on Tuesday that the Russian Foreign Intelligence Service (SVR) hacking unit -- tracked as "Cloaked Ursa" by Unit 42 but more commonly known as APT29 or Cozy Bear -- has incorporated Google's cloud storage service into its hacking campaigns to hide their malware and their activities.

APT29 has used this new tactic in recent campaigns targeting diplomatic missions and foreign embassies in Portugal and Brazil between early May and June 2022, according to Unit 42. "This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide," the researchers said. "When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign." Unit 42 disclosed the activity to both Dropbox and Google, which took action. In May, the group was found to be using Dropbox in a campaign targeting diplomats and various government agencies. A Dropbox spokesperson told TechCrunch it disabled the accounts immediately.

The FBI operation in which the agency intercepted messages from thousands of encrypted phones around the world was powered by cobbled together code. From a report: Motherboard has obtained that code and is now publishing sections of it that show how the FBI was able to create its honeypot. The code shows that the messages were secretly duplicated and sent to a "ghost" contact that was hidden from the users' contact lists. This ghost user, in a way, was the FBI and its law enforcement partners, reading over the shoulder of organized criminals as they talked to each other.

Last year, the FBI and its international partners announced Operation Trojan Shield, in which the FBI secretly ran an encrypted phone company called Anom for years and used it to hoover up tens of millions of messages from Anom users. Anom was marketed to criminals, and ended up in the hands of over 300 criminal syndicates worldwide. The landmark operation has led to more than 1,000 arrests including alleged top tier drug traffickers and massive seizures of weapons, cash, narcotics, and luxury cars. Motherboard has obtained this underlying code of the Anom app and is now publishing sections of it due to the public interest in understanding how law enforcement agencies are tackling the so-called Going Dark problem, where criminals use encryption to keep their communications out of the hands of the authorities. The code provides greater insight into the hurried nature of its development, the freely available online tools that Anom's developers copied for their own purposes, and how the relevant section of code copied the messages as part of one of the largest law enforcement operations ever.

The U.K. government has tabled an amendment (PDF) to the Online Safety Bill that could put it on a collision course with end-to-end encryption. TechCrunch reports: It's proposing to give the incoming internet regulator, Ofcom, new powers to force messaging platforms and other types of online services to implement content-scanning technologies, even if their platform is strongly encrypted -- meaning the service/company itself does not hold keys to decrypt and access user-generated content in the clear. The home secretary, Priti Patel, said today that the governments wants the bill to have greater powers to tackle child sexual abuse.

"Child sexual abuse is a sickening crime. We must all work to ensure criminals are not allowed to run rampant online and technology companies must play their part and take responsibility for keeping our children safe," she said in a statement -- which also offers the (unsubstantiated) claim that: "Privacy and security are not mutually exclusive -- we need both, and we can have both and that is what this amendment delivers." The proposed amendment is also being targeted at terrorism content -- with the tabled clause referring to: "Notices to deal with terrorism content or CSEA [child sexual exploitation & abuse] content (or both)."

These notices would allow Ofcom to order a regulated service to use "accredited" technology to identify CSEA or terrorism content which is being publicly shared on their platform and "swiftly" remove it. But the proposed amendment goes further -- also allowing Ofcom to mandate that regulated services use accredited technical means to prevent users from encountering these types of (illegal) content -- whether it's being shared publicly or privately via the service, raising questions over what the power might mean for E2E encryption.

jd writes: NIST has announced winners of its post-quantum cryptography battle of the giants.

CRYSTALS-Kyber has been chosen for standard encryption, CRYSTALS-Dilithium, Falcon, and SPHINCS+ were chosen for digital signatures. Falcon is recommended by NIST as a backup for Dilithium where shorter keys are needed, and SPHINCS+ uses a different mathematical technique than all of the other submissions, so if it is found that there's a flaw in the maths for the others, then there's something to fall back on.

There is still a final round for public key encryption algorithms. The remaining candidates are BIKE, Classic McEliece, HQC, and SIKE.

The mailing list members probably wish that they could use Slashdot's moderation system about now, as some of the discussions have been extremely heated. This was especially true for the signature system Rainbow, which is used by the ABC Mint crypto-currency, which was rejected after what was claimed to be a catastrophic flaw was reported, with allegations that it could be broken over a weekend on a laptop, followed by counter-allegations that many of the other algorithms had significant flaws in them also. (This is likely why SPHINCS+ is a backup.)

Another area that was hotly debated was CPU design flaws, particularly HertzBleed, which got the well-known crypto maestro Bernstein rather annoyed. As SIKE is a final round candidate, NIST seem to be satisfied with his explanation for why CPU design flaws should not be considered. It is to be seen how this debate progresses.

An anonymous reader quotes a report from Ars Technica: In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service.

Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data.

After receiving the researchers' report privately in March, Mega on Tuesday began rolling out an update that makes it harder to perform the attacks. But the researchers warn that the patch provides only an "ad hoc" means for thwarting their key-recovery attack and does not fix the key reuse issue, lack of integrity checks, and other systemic problems they identified. With the researchers' precise key-recovery attack no longer possible, the other exploits described in the research are no longer possible, either, but the lack of a comprehensive fix is a source of concern for them. "This means that if the preconditions for the other attacks are fulfilled in some different way, they can still be exploited," the researchers wrote in an email. "Hence we do not endorse this patch, but the system will no longer be vulnerable to the exact chain of attacks that we proposed." Mega has published an advisory here. However, the chairman of the service says that he has no plans to revise promises that the company cannot access customer data.

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. From a report: Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.

The team discovered that dynamic voltage and frequency scaling (DVFS) -- a power and thermal management feature added to every modern CPU -- allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely. The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose -- or bleed out -- data that's expected to remain private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs. The researchers have already shown how the exploit technique they developed can be used to extract an encryption key from a server running SIKE, a cryptographic algorithm used to establish a secret key between two parties over an otherwise insecure communications channel.

The developers behind the open source MongoDB, and its commercial service counterpart MongoDB Atlas, have been busy making the document database easier to use for developers. From a report: Available in preview, Queryable Encryption provides the ability to query encrypted data, and with the entire query transaction be encrypted -- an industry first according to MongoDB. This feature will be of interest to organizations with a lot of sensitive data, such as banks, health care institutions and the government. This eliminates the need for developers to be experts in encryption, Davidson said. This end-to-end client-side encryption uses novel encrypted index data structures, the data being searched remains encrypted at all times on the database server, including in memory and in the CPU. The keys never leave the application and the company maintains that the query speed nor overall application performance are impacted by the new feature.

MongoDB is also now supporting time series data, which are important for monitoring physical systems, quick-moving financial data, or other temporally-oriented datasets. In MongoDB 6.0, time-series collections can have secondary indexes on measurements, and the database system has been optimized to sort time-based data more quickly. Although there are a number of databases specifically geared towards time-series data specifically, such as InfluxDB, many organizations may not want to stand-up an entire database system for this specific use, a separate system costing more in terms of support and expertise, Davidson argued. Another feature is Cluster-to-Cluster Synchronization, which provides the continuous data synchronization of MongoDB clusters across environments. It works with Atlas, in private cloud, on-premises, or on the edge. This sets the stage for using data in multiple places for testing, analytics, and backup.

Apple demonstrated "passkeys" at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good. TechCrunch reports: Passkeys are based on the Web Authentication API (WebAuthn), a standard that uses public-key cryptography instead of passwords for authenticating users to websites and applications, and are stored on-device rather than on a web server. The digital password replacement uses Touch ID or Face ID for biometric verification, which means that rather than having to input a long string of characters, an app or website you're logging into will push a request to your phone for authentication.

During its WWDC demo of the password-free technology, Apple showed how passkeys are backed up within the iCloud Keychain and can be synced across Mac, iPhone, iPad and Apple TV with end-to-end encryption. Users will also be able to sign in to websites and apps on non-Apple devices using an iPhone or iPad to scan a QR code and Touch ID or Face ID to authenticate. "Because it's just a single tap to sign in, it's simultaneously easier, faster and more secure than almost all common forms of authentication today," said Garrett Davidson, an Apple engineer on the Authentication Experience team.

Several readers have shared the following report: Messaging apps that offer end-to-end encryption can claim that they're protecting their users by saying that they've thrown away the key -- metaphorical and literal -- and can't undo what's been scrambled in transmission. Telegram, however, claims it protects every user whether they use E2EE or not, saying that government data requests have to pass an especially high muster before they would comply and that they have never acceded to such request. Not so, a report claims. Der Spiegel reports from sources that Telegram has fulfilled a number data requests from Germany's Federal Criminal Police Office involving terror and child abuse suspects. Still more data requests for other criminal cases have been more or less ignored. [...] The German government has been pressuring Dubai-based Telegram to cooperate with its investigations into right-wing extremist groups who have been using the messaging platform to spread their cause and coordinate action. Telegram has ramped up its own enforcement actions recently, but its user and group bans have been as comprehensive as lawmakers have been looking for.

Google has halted businesses from using RCS for promotion in India, the company's biggest market by users, following reports of rampant spam by some firms in a setback for the standard that the company is hoping to help become the future of SMS messaging. From a report: Rich Communication Services, or RCS, is the collective effort of a number of industry players to supercharge the traditional SMS with modern features such as richer texts and end-to-end encryption. Google, Samsung and a number of other firms including telecom operators have rolled out support for RCS to hundreds of millions of users worldwide in recent years. Google said last month that RCS messaging in the Messages app for Android had amassed over 500 million monthly active users. The problem, however, is that scores of businesses in India including top banks and other lending firms have been abusing the feature to send unsolicited promotional materials to any individual's phone number they can find in the country.

On Monday night, some Spotify users went to download their favorite podcasts and were met with an error. By Tuesday morning, the issue was resolved. What was the source of the massive disruption impacting some of the platform's biggest producers? An expired security certificate. From a report: The SSL security certificate is what keeps a website secure by enabling encryption, giving it the "s" in HTTPS. For Megaphone, the podcast advertising and publishing platform Spotify acquired in 2020, the certificate expired Monday evening. Shortly thereafter, publishers and listeners for Megaphone-hosted podcasts experienced service disruptions. "Megaphone experienced a platform outage due to an issue related to our SSL certificate," a Spotify spokesperson told NPR. "During the outage, clients were unable to access the Megaphone CMS and podcast listeners were unable to download podcast episodes from Megaphone-hosted publishers. Megaphone service has since been restored." The entire outage lasted for about nine hours, with Megaphone publishing real-time updates of the issue. Some podcast publishers took to Twitter to express their frustration business implications of the outage, according to Verge.

"Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers," reports CSO Online. (They describe the ESXi servers as "a bare-metal hypervisor for creating and running several virtual machines that share the same hard drive storage.") Called Cheerscrypt, the bad app is following in the footsteps of other ransomware programs — such as LockBit, Hive and RansomEXX — that have found ESXi an efficient way to infect many computers at once with malicious payloads.

Roger Grimes, a defense evangelist with security awareness training provider KnowBe4, explains that most of the world's organizations operate using VMware virtual machines. "It makes the job of ransomware attackers far easier because they can encrypt one server — the VMware server — and then encrypt every guest VM it contains. One compromise and encryption command can easily encrypt dozens to hundreds of other virtually run computers all at once."

"Most VM shops use some sort of VM backup product to back up all guest servers, so finding and deleting or corrupting one backup repository kills the backup image for all the hosted guest servers all at once," Grimes adds....

The gang behind Cheerscrypt uses a "double extortion" technique to extract money from its targets, the researchers explain. "Security Alert!!!" the attackers' ransom message declares. "We hacked your company successfully. All files have been stolen and encrypted by us. If you want to restore your files or avoid file leaks, please contact us."

Swiss-based encrypted email provider ProtonMail today announced a restructuring of its privacy-first services, bringing them under a new unifying brand name: Proton. "Today, we are undertaking our biggest step forward in the movement for an internet that respects your privacy. The new, updated Proton offers one account, many services, and one privacy-by-default ecosystem. You can now enjoy unified protection with a modernized look and feel. Evolving into a unified Proton reflects our growth from an end-to-end encrypted email provider to an entire privacy ecosystem, allowing us to deliver even more benefits to the Proton community and make privacy accessible to everyone," the company said. MacRumors adds: Previously, users could only subscribe to each service the company offered individually. Going forward, the new Proton offers one account to access all the services offered in the company's privacy-by-default ecosystem, including Proton Mail, Proton VPN, Proton Calendar, and Proton Drive, all of which can be accessed from proton.me. All Proton services remain available as a free tier, with more advanced features and more storage available via paid plans. The free Proton tier includes up to 1GB of storage and one Proton email address, as well as access to Proton's encrypted Calendar and VPN services. Further reading: Proton Is Trying to Become Google -- Without Your Data.