The NSA’s far-reaching powers have been further detailed in an extensive report from The Intercept, which reveals that the agency has conducted an advanced spying operation for years in an effort to spy on mobile operators working on phone encryption. The operation reportedly also targeted bodies that oversee telecom standards, in order to stay updated on new security protocols and identify or even insert vulnerabilities into those communication networks it wanted access to. More →
MIT researchers are working together with the Meteor Development Group on a Mylar project that would allow companies to offer customers fully encrypted Internet services, MIT Technology Review reports. Mylar would extend data security to servers, adding a new layer of encryption to complement the encrypted connection between a personal computer and server. Mylar would actually encrypt the user’s data on a server, requiring the related decryption password in order to access the data. As a result, the data would be safe from prying eyes and various Prism-like spying operations.
It seems like every other week another high-profile company’s servers are hacked. Last November, for example, Adobe suffered a security breach and as many as 150 million users’ may have been affected. Instead of crying about it, two security researchers are using these data dumps to try to thwart the next attackers, with a clever new method called Honey Encryption, reports MIT Technology Review. More →
It seems there’s a new app for iPhone users who feel like they’re being watched. Per Technology Review, the new Silent Circle iOS app encrypts every call, text or email sent from users’ iPhones and thus prevents them from being intercepted by third parties. The app is the brainchild of Phil Zimmermann, the Internet privacy pioneer who developed the Pretty Good Privacy (PGP) email encryption protocol all the way back in 1991. The app is still in its development stages and is being tested out for both iPhone and iPad, and Zimmermann hopes to have it ready to sell by the end of the year as a $20 monthly subscription service, Technology Review reports. More →
The U.S. Army has started a pilot program on June 6th to test the effectiveness of equipping troops with tablets and phones in combat, CNN recently reported. The idea is to provide troops with the ability to send text messages and geotagged images that alert others about their current surroundings. Similarly, the infantry could use the devices to file regular reports and easily view maps, CNN said. So far, the troops have been testing the iPhone and phones powered by Windows Phone and Android, and soldiers have particularly liked the iPhone and Android-powered devices. In addition to smartphones, the Army is also testing the iPad and tablets from Dell and HP. The results of the tests have been so positive that the Army could begin deploying a small amount of troops equipped with smartphones later this year. “Today, we don’t have the level of encryption that we would need to take [a smartphone] overseas and fully integrate it into our mission-command systems,” said Ed Mazzanti, an Army director working on the program. “There could be some limited deployments even this year, tied to tactical radios that supply the encryption that’s needed.” More →
A lawsuit has been filed against Apple, Pandora, and The Weather Channel in the U.S. District Court of Puerto Rico that alleges Apple “intentionally [intercepts] personally identifying information.” The plaintiff, Lymaris M. Rivera Diaz, is charging Apple with unfair trade practices, abuse and fraud, and he believes that Apple shares the iPhone’s unique ID, as well as personal location information, with third party developers such as The Weather Channel and Pandora. Apple’s vice president of software technology, Bud Tribble, testified before the Senate Judiciary Subcommittee on Privacy, Technology, and the Law on Tuesday, and said “Apple does not track users’ locations,” and that the Cupertino-based company has no plans to do so. This is the second lawsuit filed against Apple in regards to the location tracking scandal; The first was filed in Tampa, Florida late last month. More →
Google and Apple testified before the Senate on Tuesday, where both firms were grilled on collecting location information from mobile phones. During the hearing, Senator Al Franken was particularly vocal on the issue. “My wireless companies, Apple and Google, and my apps, all get my location or something very close to it,” Senator Franken said. “We need to address this issue now, as mobile devices are only going to get more popular.” We covered Apple’s response on Tuesday, during which Apple’s vice president of software technology, Bud Tribble, said that “Apple does not track users’ locations,” and that the firm never plans to do so. However, Franken was also concerned that Apple and Google have done little to police third-party applications that are collecting and transmitting location data, and suggested that both companies require developers to alert users of their specific privacy policies. Trimble said Apple already does this, but it has never tossed an application for violating that rule. Google’s director of public policy, Alan Davidson, said Google would consider adding the option. According to The Wall Street Journal, Jessica Rich, the deputy director of the Federal Trade Commission’s consumer-protection bureau said that, despite both firms saying they don’t collect user data, “there’s a lot [the FTC] can do… to challenge,” those claims. More →
While testifying before the U.S. Congress today, Apple’s vice president of software technology, Bud Tribble, tried to clarify concerns that Apple had been tracking owners of its iPhone and iPad Wi-Fi + 3G. Apple has said in the past that it does not track its users and it also recently issued iOS 4.3.3, which reduces and encrypts the crowd-sourced location database cache, but Tribble explained the story in a bit more detail:
We do not share customer information with third parties without our customers’ explicit consent. Apple does not track users’ locations. Apple has never done so and has no plans to do so. An Apple device does not send to Apply any specific information associated with a user. The purpose of the cache is to allow the device to more quickly and reliably respond to location requests. Apple was never tracking an individual user’s location. The data seen on the iPhone was not the location past or present of the iPhone, but the location of cell towers surrounding the phone. Although the cache was not encrypted, it was protected from other apps on the phone.
According to 9to5 Mac, Tribble also explained to the U.S. Congress that, as we know, the iPhone and 3G iPad are able to determine a user’s location using triangulation between nearby Wi-Fi hotspots or cell phone towers. More →
Apple has finally broken its week-long silence over the location-tracking database scandal surrounding iPhones and 3G iPads running iOS 4 and higher. The company states that it never has, and never plans to, track users’ iDevices, and that the purpose of the database file in question — consolidated.db — is to “help your iPhone rapidly and accurately calculate its location when requested.” The company noted that a software update will limit the size of the location file and be available in the next few weeks — the next major iOS release will add a layer of encryption to the file. Apple’s full statement is after the break. Have a look and let us know what you think. More →
It looks as though software developer James Laird has opened Pandora’s box for Apple’s AirPlay music streaming system. Frustrated by the fact that an AirPort Express emulator did not exist, Laird began to look for a solution that would allow him to stream iTunes music without the use of AirPlay. “I was disappointed to find that Apple used a public-key crypto scheme, and there’s a private key hiding inside the ApEx [Airport Extreme],” wrote Laird. “So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.” Laird has published the private key in an open source software project dubbed ShairPort (clever). The software, which is built in Perl and C, will allow users to stream iTunes content to hardware and software designed to talk to ShairPort. Apple has opened up its AirPlay system to third-parties in recent months, but this blows the doors wide open for all those looking to circumvent that red tape-filled process. More →
In a recent blog post, Twitter announced a new measure aimed at keeping its users data a bit more secure as it travels over the wire. Via the “Settings” preference pane, users can now force Twitter communications to always travel over a secure, HTTPS connection. “This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection,” writes Twitter. “In the future, we hope to make HTTPS the default setting.” Enabling the feature also secures traffic traveling to and from the official Twitter applications for both the iPhone and iPad — it will not, however, automatically enable HTTPS on the mobile Twitter website. Unless you have a specific reason not to enable the feature, we highly recommend it. More →
Today, AT&T announced AT&T Encrypted Mobile Voice; “the first carrier-provided two factor encryption service for calls on the AT&T network.” The service, which will be available for BlackBerry and Windows Mobile devices, combines KoolSpan’s TrustChip and SRA International’s One Vault Voice. As the press release explains:
TrustChip is a fully hardened, self-contained crypto engine inserted into the smartphone’s microSD slot. Embedded with AT&T TrustGroup, the KoolSpan TrustChip offers the strength of additional hardware authentication, enables encrypted calling interoperability with a defined group of other AT&T TrustGroup users and can be managed over-the-air. […] SRA’s One Vault Voice integrates the security functions of the TrustChip with a feature rich application that provides an intuitive user interface. This powerful combination allows users to easily place and receive encrypted calls by integrating with the mobile phone’s standard operation and address book to provide a user friendly and seamless security option.
Probably not something you are going to be using, but pretty cool nonetheless. Hit the read link for the full press release. More →
In accordance with government wishes, Saudi Arabia’s three mobile wireless companies have shut down BlackBerry messaging services to their users. The Saudi Communications and Information Technology Commission cited security concerns when it announced on August 3rd that: “the manufacturer of the devices [RIM] couldn’t meet the regulatory requirements of the commission and it is not in accordance with the regulations and conditions of licenses issued to service providers, at its present state.” The AFP reports that any wireless company that does not turn off the encrypted messaging service could face up to a $1.3 million fine. The BlackBerry devices are still able to make and receive phone calls. Services are due to be suspended in the United Arab Emirates beginning on October 11th. More →