Security News
What are the main challenges of exchanging sensitive information using encryption? This takes us into a second challenge affecting the effective exchange of sensitive information using encryption - compliance.
Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year's Galaxy S21. Researchers at Tel Aviv University found what they called "Severe" cryptographic design flaws that could have let attackers siphon the devices' hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that's found in smartphones. In a paper entitled "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design" - written by by Alon Shakevsky, Eyal Ronen and Avishai Wool - the academics explain that nowadays, smartphones control data that includes sensitive messages, images and files; cryptographic key management; FIDO2 web authentication; digital rights management data; data for mobile payment services such as Samsung Pay; and enterprise identity management.
Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. These TEEs run their own operating system, TrustZone Operating System, and it's up to vendors to implement the cryptographic functions within TZOS. The Android Keystore, the researchers explain, offers hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer.
Researchers have detailed what they call the "First successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content."We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics from South Korea's Kookmin University said in a new paper analyzing its encryption process.
The encryption management solutions market is expected to increase by $6.07 billion from 2020 to 2025, and the market's growth momentum will accelerate at a CAGR of almost 17%, according to Technavio. The encryption management solutions market is fragmented, and the vendors are deploying various organic and inorganic growth strategies to compete in the market.
How to enable end-to-end encryption in Facebook Messenger. End-to-end encryption is not enabled by default in Facebook Messenger.
Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so. It would require 317 106 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μs, a reaction time of 10 μs, and a physical gate error of 10-3.
Britain's controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn't used to target child abusers online, despite this being a key cited rationale of linked measures. Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in "Fraud and online harm" increasing, the Internet Society said this week.
Silk could become a means of authentication and unbreakable encryption, according to South Korean boffins. Silk can take on this role, as explained in Nature Communications, because security boffins are increasingly interested in "Physical unclonable functions" - physical objects whose properties are impossible to replicate.
Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack - and with no support from CentOS. You'd think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. Just the same with Red Hat, which backs CentOS. But, with CentOS 8 now no longer officially supported, a CentOS 8 patch for the LUKS flaw is not going to appear.