Tag: Apple

CIA spent last 10 years cracking Apple’s encryption

CIA spent last 10 years cracking Apple’s encryption

The CIA has been trying to crack Apple’s encryption for nearly 10 years.

According to a report by The Intercept, the CIA began trying to crack Apple’s encryption in 2006 using funds from the “black budget.”  The researchers who worked on breaking down Apple’s privacy wall were purportedly based at Sandia National Laboratories.

Although the report did expose the CIA’s effort, it did not tell us much about whether or not the agency succeeded in meeting their objectives.  What it did tell us was Apple became a big enough thorn in the eyes of these secretive agencies that they had to invest heavily to crack the privacy barrier put in place to protect consumers.

Apple isn’t the only tech giant on the radar when it comes to issues regarding national security.  Companies such as Facebook, Google and Microsoft have all been probed by government agencies.  How much information exchanged hands within the last couple years is unknown, but as the stories continue to unearth themselves it is clear that there are growing distrusts between these companies and their users.

Google and Apple both announced recently that it has either made or will make changes to the encryptions to protect the privacy of consumers.  Apple said last September that it altered its encryption method on the iPhone so that even the company couldn’t access its users’ data.

Apple rules its ecosystem with an iron fist, but the same can’t be said about Google and its partners utilizing the Android platform.  Google may have the intentions of beefing up the system’s security features, but to apply them on most Android-based handsets around the world is a task that’s nearly impossible.

Microsoft Windows also vulnerable to ‘FREAK’ encryption flaw

Microsoft Windows also vulnerable to 'FREAK' encryption flaw

Computers running all supported releases of Microsoft Windows are vulnerable to “FREAK,” a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

The flaw was previously thought to be limited to Apple’s Safari and Google’s Android browsers. But Microsoft warned that the encryption protocols used in Windows — Secure Sockets Layer and its successor Transport Layer Security — were also vulnerable to the flaw.

“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” Microsoft said in its advisory. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems.”

Microsoft said it will likely address the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch. In the meantime, Microsoft suggested disabling the RSA export ciphers.

The FREAK (Factoring RSA Export Keys) flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours. Once a site’s encryption was cracked, hackers could then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor,” Matthew Green, a Johns Hopkins cryptographer who helped investigate the encryption flaw, wrote in a blog post explaining the flaw’s origins and effects. “This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today.”