Security News

The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity.

WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. "With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users' message history," the company said in a whitepaper.

With Windows 11, Microsoft is integrating the Microsoft Teams chatting feature into the Windows Taskbar. Microsoft Teams Chat feature is based on Microsoft Teams desktop client and Microsoft is basically extending Teams capability by bringing the dedicated button right to your taskbar.

Which brings me to last week's news that Australian and US law enforcement agencies seeded a backdoored encrypted chat app named AN0M into the criminal underworld, then intercepted word of a great many crimes and swooped to arrest those responsible. Late last week, FBI International Operations Division legal attaché for Australia Anthony Russo added another important piece of information: speaking to Australian newspapers he said one reason for discontinuing use of AN0M was that it produced too much intelligence.

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.

The FBI has revealed how it managed to hoodwink the criminal underworld with its secretly backdoored AN0M encrypted chat app, leading to hundreds of arrests, the seizure of 32 tons of drugs, 250 firearms, 55 luxury cars, more than $148M, and even cocaine-filled pineapples. "The CHS offered this next generation device, named 'AN0M,' to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute AN0M devices to some of the CHS's existing network of distributors of encrypted communications devices."

As FBI Special Agent Nicholas I. Cheviron wrote in the affidavit in support of a search warrant, while the FBI might have dented the supply of encrypted messaging devices, the demand didn't go away. "The continued for these encrypted device platforms by criminals is significant," he wrote.

In the "Largest and most sophisticated law enforcement operations to date," a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals. The FBI and the Australian Federal Police started cooperating three years ago in Operation Ironside, creating a fake encrypted messaging platform called Anom that was sold exclusively to criminals, allowing law enforcement to listen in on their messages and conversations.

The Australian Federal Police has revealed it was able to decrypt messages sent on a supposedly secure messaging app that was seeded into the criminal underworld and promoted as providing snoop-proof comms. Europol and the FBI will detail their use of the app in the coming hours.

A worldwide Microsoft Teams outage is blocking users from logging into their accounts, and preventing those already logged in from sending and receiving messages. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this widespread incident.