Backdoor found in 2G mobile data encryption standard
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
AP NEWS
Security flaw found in 2G mobile data encryption standard
BERLIN (AP) — Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Telegraph
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet…
Facebook wants to analyze encrypted WhatsApp messages "for ads"
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
Android Authority
Report: Facebook wants to analyze encrypted WhatsApp messages for ads
Facebook has hired a team of researchers to "crack" WhatsApp encryption without actually decrypting it. Why? For ads, according to a report.
#Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
#UK #Privacy #Encryption
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption.
If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC.#UK #Privacy #Encryption
edri@eupolicy.social - 🚨Recent POLITICO Europe leak revealed that US and EU officials have agreed to cooperate on measures to turn public opinion against #encryption.
Experts' statements by EDRi and Global Encryption Coalition have called out against this plan:
➡️https://edri.org/our-work/eu-us-plan-offensive-to-legitimise-police-access-to-data-civil-society-responds-amid-growing-fears-press-release/
➡️https://www.globalencryption.org/2023/04/statement-on-eu-us-cooperation-against-encryption/
Experts' statements by EDRi and Global Encryption Coalition have called out against this plan:
➡️https://edri.org/our-work/eu-us-plan-offensive-to-legitimise-police-access-to-data-civil-society-responds-amid-growing-fears-press-release/
➡️https://www.globalencryption.org/2023/04/statement-on-eu-us-cooperation-against-encryption/
European Digital Rights (EDRi)
EU-US plan offensive to legitimise police access to data, civil society responds amid growing fears - Press Release - European…
Through the letter, the organisations called out the clear and deliberate plans to disregard international human rights standards.
On the security of the Linux disk encryption LUKS
2023-05-03
In the past few days, there have been uncertainties and concerns about the #LUKS (“Linux Unified Key Setup”) disk #encryption, which is widely used on Linux. We publish our assessment of this here.
dys2p – https://dys2p.com/en/2023-05-luks-security.html
https://archive.is/KQxTH
https://archive.is/ELYH2
2023-05-03
In the past few days, there have been uncertainties and concerns about the #LUKS (“Linux Unified Key Setup”) disk #encryption, which is widely used on Linux. We publish our assessment of this here.
dys2p – https://dys2p.com/en/2023-05-luks-security.html
https://archive.is/KQxTH
https://archive.is/ELYH2
0xor0ne@infosec.exchange - Nice short blog post by Aditya Dixit explaining how to intercept and manipulate AES encrypted traffic used by mobile applications
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
law-enforcement-working-party-document-encryption.pdf
1.6 MB
Leaked EU Document Shows #Spain Wants to Ban End-to-End #Encryption
https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/
Law Enforcement Working Party document, encryption
https://www.documentcloud.org/documents/23819681-law-enforcement-working-party-document-encryption
https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/
Law Enforcement Working Party document, encryption
https://www.documentcloud.org/documents/23819681-law-enforcement-working-party-document-encryption
This media is not supported in your browser
VIEW IN TELEGRAM
KryptEY - Secure E2EE communication
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
new apps available in F-Droid app may not emmediatly show on the F-Droid web site ( ie when you share the link app it returns a 404 error ) some extra time is needed for both to be availablehttps://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
SimpleX Chat: private and secure cross platform messenger without any user IDs (not even random)
:~
Website : https://simplex.chat/
SimpleX Chat (SimpleX Chat - e2e encrypted messenger without any user IDs - private by design!)
https://f-droid.org/packages/chat.simplex.app/
Quick start – https://simplex.chat/docs/guide/readme.html
#SimpleXchat #security #privacy #encryption #E2EE
#FLOSS
:~
E2E-encrypted messages with markdown and editing
:~ E2E-encrypted images and files
:~ Decentralized secret groups — only users know they exist
:~ E2E-encrypted voice messages
:~ Disappearing messages
:~ E2E-encrypted audio and video calls
:~ Portable encrypted database — move your profile to another device
:~Incognito mode —
unique to SimpleX Chat
Website : https://simplex.chat/
SimpleX Chat (SimpleX Chat - e2e encrypted messenger without any user IDs - private by design!)
https://f-droid.org/packages/chat.simplex.app/
Quick start – https://simplex.chat/docs/guide/readme.html
#SimpleXchat #security #privacy #encryption #E2EE
#FLOSS
Criminalization of encryption : the 8 december case – La Quadrature du Net –
#lqdn #France #encryption #surveillance
Mixing fantasies, bad faith and technical incompetence, a police story has been constructed around the (good) digital practices of the accused, with the aim of staging a “clandestine group”, “conspirative”, “conspiratist” and therefore… terrorist
We are facing the fantasy of a State demanding total transparency from everyone at the risk of being called a “suspect”, a State whose desire for widespread surveillance seems limitless. In this context, we reaffirm our rights to privacy, intimacy and the protection of our personal data. Encryption is, and will remain, an essential element of our civil liberties in the digital age.
#lqdn #France #encryption #surveillance
The U.K. Government Is Very Close To Eroding Encryption Worldwide | Electronic Frontier Foundation –
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
Electronic Frontier Foundation
The U.K. Government Is Very Close To Eroding Encryption Worldwide
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the
Media is too big
VIEW IN TELEGRAM
Online Safety Bill
What happens next?
Third reading - a final chance to amend the bill – is scheduled for 6 September.
On Tuesday 18 July, the House of Commons agreed a Carry-over Motion as follows: That the period on the expiry of which proceedings on the Online Safety Bill shall lapse in pursuance of paragraph (13) of Standing Order No. 80A, as extended by the Order of 13 March 2023 (Online Safety Bill: Carry-over Extension), shall be further extended by 103 days until 31 October 2023.
Online Safety Bill - Parliamentary Bills - UK Parliament – https://bills.parliament.uk/bills/3137/news
#OnlineSafetyBill #UK #BigBrother #surveillance #encryption #e2ee
Music & clip by Killing Joke - Full Spectrum Dominance - 2023
The final day of report stage – a chance to closely scrutinise elements of the bill and make changes – took place on 19 July. What happens next?
Third reading - a final chance to amend the bill – is scheduled for 6 September.
On Tuesday 18 July, the House of Commons agreed a Carry-over Motion as follows: That the period on the expiry of which proceedings on the Online Safety Bill shall lapse in pursuance of paragraph (13) of Standing Order No. 80A, as extended by the Order of 13 March 2023 (Online Safety Bill: Carry-over Extension), shall be further extended by 103 days until 31 October 2023.
Online Safety Bill - Parliamentary Bills - UK Parliament – https://bills.parliament.uk/bills/3137/news
#OnlineSafetyBill #UK #BigBrother #surveillance #encryption #e2ee
Music & clip by Killing Joke - Full Spectrum Dominance - 2023
Changes to UK Surveillance Regime May Violate International Law | JusticeOrg -
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Just Security
Changes to UK Surveillance Regime May Violate International Law
Proposed changes to the UK Investigatory Powers Act 2016 may violate international human rights law.
Privacy Companies Push Back Against EU Plot To End Online Privacy
An urgent appeal has been relayed to ministers across the #EU by a consortium of tech companies, exacting a grave warning against backing a proposed regulation focusing on child sexual abuse as a pretense to jeopardize the security integrity of internet services relying on end-to-end encryption and end privacy for all citizens.
In a open letter a total of 18 organizations – predominantly comprising providers of encrypted email and messaging services – have voiced concerns about the potential experimental regulation by the European Commission (EC), singling out the “detrimental” effects on children’s #privacy and #security and the possible dire repercussions for #cybersecurity.
#BigBrother #EUChatControl
#ChatControl #Encryption
An urgent appeal has been relayed to ministers across the #EU by a consortium of tech companies, exacting a grave warning against backing a proposed regulation focusing on child sexual abuse as a pretense to jeopardize the security integrity of internet services relying on end-to-end encryption and end privacy for all citizens.
In a open letter a total of 18 organizations – predominantly comprising providers of encrypted email and messaging services – have voiced concerns about the potential experimental regulation by the European Commission (EC), singling out the “detrimental” effects on children’s #privacy and #security and the possible dire repercussions for #cybersecurity.
#BigBrother #EUChatControl
#ChatControl #Encryption
Europol Seeks to Break Mobile Roaming Encryption
EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.
This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.
Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.
Via @reclaimthenet
#Europol #BigBrother #Encryption #Router
EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.
This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.
Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.
Via @reclaimthenet
#Europol #BigBrother #Encryption #Router
#Google refuses to deny it received #encryption order from #UK #government.
https://therecord.media/google-refuses-to-deny-it-received-uk-tcn
#why #surveillance #privacy
https://therecord.media/google-refuses-to-deny-it-received-uk-tcn
#why #surveillance #privacy
therecord.media
Google refuses to deny it received encryption order from UK government
U.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K. — a mechanism to access encrypted messages that Apple reportedly received.
UK Tribunal Blocks Secret Gov’t Case Against Apple Encryption
A government that demands invisibility in court is one step away from disappearing accountability altogether.
With a necessary reality check, a #UK tribunal has told the government that, no, it cannot hold a secret legal battle against #Apple over #encryption. The Investigatory Powers Tribunal (#IPT), the body meant to oversee the country’s surveillance powers, has dismissed efforts by the Home Office to keep the entire case hidden from public view. And in doing so, it has delivered a quietly important win for press freedom and digital rights. Although, things are far from over.
@reclaimthenet
#BigBrother #OnlineSafetyBill #OnlineSafetyAct
A government that demands invisibility in court is one step away from disappearing accountability altogether.
With a necessary reality check, a #UK tribunal has told the government that, no, it cannot hold a secret legal battle against #Apple over #encryption. The Investigatory Powers Tribunal (#IPT), the body meant to oversee the country’s surveillance powers, has dismissed efforts by the Home Office to keep the entire case hidden from public view. And in doing so, it has delivered a quietly important win for press freedom and digital rights. Although, things are far from over.
@reclaimthenet
#BigBrother #OnlineSafetyBill #OnlineSafetyAct
Telegram pledges to exit the market rather than "undermine encryption with backdoors" | TechRadar
Telegram's CEO, Pavel Durov, has said Telegram would rather exit a market than undermine encryption with backdoors.
This comes as France and other governments push for a legal backdoor for police access to private and encrypted messages.
#Telegram #Encryption #BigBrother
#EncryptionBackdoor #EU
Telegram's CEO, Pavel Durov, has said Telegram would rather exit a market than undermine encryption with backdoors.
This comes as France and other governments push for a legal backdoor for police access to private and encrypted messages.
#Telegram #Encryption #BigBrother
#EncryptionBackdoor #EU
#TBOT Show 7: The Significance of Dorsey’s Bitchat, Worlds First eSIM Hack, Mexico’s Digital ID, New Show Source Insights
Took a week off and now I’m back. 😎 (with a new addition to the show?!) (also - big sorry for the show being 40 minutes)
WATCH THE SHOW ON SUBSTACK
https://odysee.com/@takebackourtech:f/tbot-show-7:6
Here’s the stories for the week:
Jack #Dorsey’s #Bitchat - The Real Story: The tech mogul Jack Dorsey released a censorship proof messaging app in late June - named Bitchat. It runs a #bluetooth #mesh network, end to end #e2e #encryption, and rolling IDs and is picking up traction. I share my thoughts on the app, and concerns I have - but that’s not even the real story. I think Jack has a bigger message than just the app.
World’s First #eSIM Hack: A security lab out of Poland just demonstrated a hack on one of the largest SIM providers for IoT devices. We’ll get techy in our understanding and ask the question, could this impact our phones?
#DigitalID, Coming Soon To #Mexico: The Mexican government has signed a new #Biometric #ID law, known as the CURP. How is this enforced and what does it mean for Mexican residents? Find out today.
Decentralized #Video Conferencing: Recently I’ve been relying more on video conferences instead of calling people, especially while traveling. Good thing I’ve got the #Jitsi app, I’ll show you my setup!
#videocall
New Show, “Source Insights”: You follow #TBOT to stay informed on tech freedom. Now go deeper with a new weekly show “Source Insights”, where Hakeem shares his tools, lifestyle and productivity tips, entrepreneurial advice, wisdom from guides, and personal experiences.
Go deeper, join me as a Source Seeker. Unlock access with a paid subscription.
UNLOCK ACCESS
🪄 We aim for our show to be well-researched, well-informed and focused on the most impactful stories
⭐️ PLUS - Each story comes with recommendations and there’s one cool tech trick or open-source solution every week.
We’ll be publishing full posts and clips of each of these stories soon.
Share this post with your crew. 🚢
👩💻Get private phones, laptops, and tablets
📲SIM Swap Survival Guide Webinar
Took a week off and now I’m back. 😎 (with a new addition to the show?!) (also - big sorry for the show being 40 minutes)
WATCH THE SHOW ON SUBSTACK
https://odysee.com/@takebackourtech:f/tbot-show-7:6
Here’s the stories for the week:
Jack #Dorsey’s #Bitchat - The Real Story: The tech mogul Jack Dorsey released a censorship proof messaging app in late June - named Bitchat. It runs a #bluetooth #mesh network, end to end #e2e #encryption, and rolling IDs and is picking up traction. I share my thoughts on the app, and concerns I have - but that’s not even the real story. I think Jack has a bigger message than just the app.
World’s First #eSIM Hack: A security lab out of Poland just demonstrated a hack on one of the largest SIM providers for IoT devices. We’ll get techy in our understanding and ask the question, could this impact our phones?
#DigitalID, Coming Soon To #Mexico: The Mexican government has signed a new #Biometric #ID law, known as the CURP. How is this enforced and what does it mean for Mexican residents? Find out today.
Decentralized #Video Conferencing: Recently I’ve been relying more on video conferences instead of calling people, especially while traveling. Good thing I’ve got the #Jitsi app, I’ll show you my setup!
#videocall
New Show, “Source Insights”: You follow #TBOT to stay informed on tech freedom. Now go deeper with a new weekly show “Source Insights”, where Hakeem shares his tools, lifestyle and productivity tips, entrepreneurial advice, wisdom from guides, and personal experiences.
Go deeper, join me as a Source Seeker. Unlock access with a paid subscription.
UNLOCK ACCESS
🪄 We aim for our show to be well-researched, well-informed and focused on the most impactful stories
⭐️ PLUS - Each story comes with recommendations and there’s one cool tech trick or open-source solution every week.
We’ll be publishing full posts and clips of each of these stories soon.
Share this post with your crew. 🚢
👩💻Get private phones, laptops, and tablets
📲SIM Swap Survival Guide Webinar
Odysee
#TBOT Show 7: The Significance of Dorsey’s Bitchat, Worlds First eSIM Hack, Mexico’s Digital ID, New Show Source Insights
Took a week off and now I’m back. 😎 (with a new addition to the show?!)