Apple encryption is a balance between user convenience and total security, new study shows - AppleInsider

Apple encryption is a balance between user convenience and total security, new study shows - AppleInsider

Apple encryption is a balance between user convenience and total security, new study shows - AppleInsider

Posted: 14 Jan 2021 07:56 AM PST

A new study says the iPhone isn't as locked down as it could be for the sake of user convenience — but there are steps that you can take to secure your data.

Most important data today is encrypted at rest and end-to-end encrypted when being transferred, like with Apple's iMessage. This means most bad actors cannot get to your most precious data without first unlocking your device.

This system prevents all but the most serious criminals and nation states from accessing your data, but there are flaws. Once a criminal has access to a flaw it can be exploited to gain access to sensitive data. Not all flaws lead to full-device unlock but rather expose specific datasets within the encrypted device.

A study performed at Johns Hopkins University and examined by Wired describe some of the flaws in Apple's approach. Apple uses an internal hierarchy to decide which data receives which form of encryption.

"On iOS in particular, the infrastructure is in place for this hierarchical encryption that sounds really good," says Maximilian Zinkus, a PhD student at Johns Hopkins. "But I was definitely surprised to see then how much of it is unused."

This means Apple has additional levels of encryption and security that isn't being tapped by the operating system or installed applications. Apple is a consumer brand, however, and may not want a device so locked down a user's data is in danger of being lost forever.

If a user loses their password and other authentication methods, data locked behind encryption becomes useless. It is assumed this is why most iCloud data isn't end-to-end encrypted in Apple's servers. Dropping a phone in a lake and losing everything is one thing, forgetting a password and losing your supposedly safe iCloud data is another.

The study focused on a specific set of states a smartphone can be in — Before First Unlock and After First Unlock. If you reboot your iPhone it is in a "complete protection" state that makes it difficult for even advanced forensic tools to access.

The complete protection state is removed after you've entered your password, which is why the state is referred to as After First Unlock. This is your normal mode of encryption with a hierarchical structure to protect specific datasets.

Apple uses something called the Secure Enclave to protect data. It is a physically separate chipset designed to hold security keys in a place not located in the main operating system. You can only access the Secure Enclave After First Unlock and after each biometric or password authentication.

The iPhone 12 and iPhone 12 Pro are protected by the Secure Enclave

The iPhone 12 and iPhone 12 Pro are protected by the Secure Enclave

The Secure Enclave protects keys to your most important data like iMessage and Health data. Less protected encryption keys can appear in your quick access memory, which is what forensic tools tend to target. Apple's protections are enough to keep all but the most well-funded criminals out.

"Apple devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and we work constantly to add new protections for our users' data," an Apple spokesperson told Wired. "As customers continue to increase the amount of sensitive information they store on their devices, we will continue to develop additional protections in both hardware and software to protect their data."

The Apple spokesperson said that the methods used in the Johns Hopkins study are very expensive and prohibiting to all but the biggest criminals and governments. The exploits examined also require physical access to the device and stop working as soon as Apple patches them.

Cellebrite forensic tools can access data using iOS vulnerabilities

Cellebrite forensic tools can access data using iOS vulnerabilities

The problem is when bad actors want into your device that it has in-hand, it has options. Advanced forensic tools are available from companies like GrayKey or Cellebrite are readily purchased by the United States police forces and public schools.

While these devices are too expensive for the common criminal, they are priced for easy government accessibility. Apple tends to patch vulnerabilities used by these devices fast, but new flaws are found all the time.

What Apple can do

Studies like those conducted at Johns Hopkins are crucial for Apple and other tech companies in the fight for encryption. If anything, this study proves that while iPhone customers are protected from nearly any threat, the government still has access to data when necessary.

Apple is under heavy scrutiny from governments around the world about device encryption. If Apple pushes security further and makes users able to lock down their data more, the scrutiny could get worse, or even drive legislation to end all encryption.

There is a future where Apple can provide more user protections, but not without legal ramifications. Apple has previously been rumored to consider fully encrypting iCloud data, but the FBI apparently dissuaded them. More likely, Apple realized that users could lose their data inadvertently if it is too heavily guarded.

As the Apple spokesperson stated, Apple rides a line between security and convenience. Face ID and Touch ID help keep a device safe while customers benefit from easy access to an encrypted device. The next iPhone could have multiple forms of biometrics for even more security at unlock, but that will still only go so far.

What you can do to further protect data

Of course, the everyday user should not fear a forensic team snatching up their iPhone to examine their latest selfies, but it is healthy to know how to protect yourself.

Emergency SOS mode

First, know about the emergency modes and reboot shortcuts on your device. If you hold down the volume up button and power button at the same time for five seconds, it triggers an emergency lockdown.

This prevents your device from unlocking with biometrics, and gives you the option to shutdown the phone or call 911. If you shutdown the phone, it will be back to Before First Unlock to provide maximum data protection.

This mode is handy for that moment when you might need to hand over your iPhone to a school teacher or an investigator and you feel the need to protect your data. This also helps with police officers who cannot ask for a password but can sometimes legally request biometric unlocks.

Use an alphanumeric passcode

Many forensic tools rely on guessing passcodes on the device using algorithms. The longer your password, the harder it is to crack.

By adding a couple of letters and a special character you'll increase the time it takes to guess the passcode from hours to hundreds of years. You'll still need to remember the password too, however.

Erase all data after 10 failed passcodes

Users should also be aware of a setting that resets the iPhone to factory settings after 10 failed passcode attempts. After a five failed attempts, you'll be blocked by a timer that gets longer and longer until you're waiting a full hour after the ninth attempt. No normal iPhone use will accidentally cause your device to erase all data.

Local backups

If you want to go to the most extreme level of data protection, consider removing sensitive data from iCloud. You can perform a local iCloud backup by connecting your iPhone to your Mac.

Doing this will enable a local encrypted option, which will secure the backup behind a password you choose. Forget the password and the backup is lost forever though.

Continue as normal

Apple is already doing everything it can to thwart bad actors from breaching your data. Your iCloud data is safe too, and can only be accessed when a proper warrant is presented.

Use your iPhone as normal and live your life. The likelihood of an average iPhone user encountering a forensic tool or wealthy criminal seeking what's on your iPhone is slim to none. The protections Apple provides is enough to keep your data safe and will only improve with time.

Can you screen record telegram secret chat - TandaaBiashara

Posted: 26 Jan 2021 04:07 AM PST

[unable to retrieve full-text content]Can you screen record telegram secret chat  TandaaBiashara

Telegram vs Signal: Which WhatsApp Alternative Is Better - Guiding Tech

Posted: 26 Jan 2021 08:00 AM PST

WhatsApp's new privacy policy has created quite a stir. That's why most folks are looking at Signal and Telegram as the alternative. You can find out which is a better alternative to WhatsApp in this post.

Telegram vs signal

Both Telegram and Signal empathizes to protect user privacy and security. Their approach is different. Let's understand the difference between Telegram and Signal based on how they handle user data and protect their privacy.

Security and Privacy

Telegram's distinctive feature is security. It claims that all its activities, including chats, groups, and media shared between participants, are encrypted. This means that they won't be visible without being deciphered first.

Telegram provides end-to-end encryption using its own proprietary messaging protocol called MTProto. It is not entirely open-source and lacks scrutiny from outside cryptographers.

Encryption

Unlike Signal, Telegram holds the encryption keys with itself. Meaning, if asked or pressured by the government on a relevant basis, the company might consider handing out user encryption keys.

The app lets you set self-destruct timers on messages and media that you share which can range from two seconds to one week through its built-in feature 'Secret Chat'. It also offers end-to-end encryption, leaving no trace on Telegram's servers.

Security

Signal uses Open Whisper System to E2E (end-to-end) encrypt all conversations by default. It's an open-source encryption algorithm. The encryption keys are stored on users' phones and computers and not on any server, thus eliminating any spoofing potential.

Signal's verification method beats every other messenger app. Users can verify each other's profiles by verifying Safety Numbers or scanning QR codes that contain this unique set of numbers and mark the profile as verified.

Signal verification method

As for voice calls, Signal offers an option to 'Always relay calls' so that all calls go through the Signal server to avoid revealing your IP address to your contact.

The service is designed to minimize the data retained about Signal users. Signal collects as little metadata as possible and does not store metadata, logs, or information on its users.

WhatsApp claims to be end-to-end encrypted but the company closely guards its code. While there's no reports of the code getting compromised, but that cannot be

Messaging and Features

The basic chat experience with text, emoji, GIF, stickers, and media files remains more or less the same between Signal and Telegram. However, there are some small observations in our testing.

Telegram stickers

In general, Telegram felt fluid, responsive, and better equipped compared to Signal. Telegram also offers interactive stickers, live emojis, and more customization options such as changing themes, wallpaper, etc.

With Telegram, you can create groups with up to 200,000 members and it allows you to share a media file with up to 1.5 GB in size.

Signal is comparatively new in the IM (Instant Messaging) space. But it has covered the basics here. The service supports self-destructing messages, and it offers a Note to Self add-on to collect thoughts and ideas. In terms of customization, Signal recently added the ability to change theme and wallpaper to its service.

Backup and Restore

Telegram beats every other rival out there with its superior backup solution. It's one of the reasons why many of us at GuidingTech prefer Telegram over WhatsApp.

Telegram is a truly cloud-based cross-platform solution. You don't need your phone to use Telegram on the desktop. It's available on all platforms, including iOS, Android, Windows, Mac, Linux, and Web. Simply sign in using your mobile number, and all your chat, media, and files are right there without any transfer process.

Signal on iOS uses QR code to transfer user data from one device to another. On Android, you can manually move the backup file from your old device to the new one and restore the data. If you have lost your old phone, there is no way to restore Signal data on the new device.

Signal backup

WhatsApp uses third-party cloud services such as Google Drive or iCloud to backup/restore chat data. However, there is no direct way to transfer chat history from Android to iPhone or vice versa.

When it comes to Backup and restore, I would put Telegram right at the top, followed by WhatsApp and Signal, respectively.

Cross-Platform Availability

Telegram is available on all platforms, including iOS, Android, Windows, Mac, Web, and even Linux. Signal is accessible on mobile and desktop platforms as well. But once again, we found Telegram apps on Windows and Mac to be better built than Signal.

Also on Guiding Tech

Which One Is Right For You

That's a tricky question to answer. Allow me to elaborate. No matter how many features and security add-on a company packs in their IM offering, it all boils down to how many contacts from your address book are using the service in the first place. Telegram recently crossed 500 million milestones, so there is a good chance that your friends and family are already on the platform.

Signal's security features are class-leading, but it's a new kid around the corner, and you will have to make some efforts to get people on-board with Edward Snowden and Elon Musk's preferred platform.


The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.

WhatsApp vs Signal vs Telegram: Which is More Secure - India Today

Posted: 09 Jan 2021 12:00 AM PST

Whatsapp currently is the largest messaging service in the world with over 2 billion monthly active users. Following that, Telegram accounts for 400 million and Signal stands at a ballpark of 10-20 million monthly active users. Simply looking at the raw numbers would suggest that WhatsApp is hugely popular and almost ubiquitous while Telegram is catching up and Signal seems to have just joined the million downloads race. However, numbers do not often tell you the entire story, hence here we do a comprehensive comparison of the three app's security and features.

Features:

Whatsapp

WhatsApp offers almost every feature you might need. You get support for group chats with up to 256 members. You can also broadcast messages to multiple contacts at the same time. It also supports voice and video calls, both for individuals and groups. However, for group video calls, you are restricted to 8 users at any time. Further, WhatsApp also offers a Status feature (also called WhatsApp stories) similar to Instagram stories.

Whatsapp also allows you to share all sorts of files and documents, but there are file size limits to adhere to. For photos, videos, and audio files, the limit is 16 MB. However, documents can be up to 100 MB. You can also share live location with your contacts and I am sure many users find this feature helpful.

And since WhatsApp is meant for general users, it offers seamless backup and restore functionality through cloud services like Google Drive and iCloud. And the best part is that cloud backup is completely free.

Telegram

Telegram app offers so many features that it's incredible. Similar to WhatsApp, you get the basics such as chats, group chats, and channels. However, unlike WhatsApp's 256 member limit, Telegram brings support for groups with up to 200,000 members. It also offers multiple group-specific features such as bots, polls, quizzes, hashtags, and a lot more which can make group experiences a lot more fun.

The app also offers a unique feature, self-destructing messages (like Snapchat) which is great if you're sending messages that you don't want to remain on the recipient's device for eternity. The size limit for sharing files on Telegram is a whopping 1.5 GB. The app now has both voice and video call on Android and iOS devices, which is great because video call support was a big omission from the app.

Signal

Signal offers its users secure messaging, voice, and video calls and all communications are end-to-end encrypted. Further, you can create groups, however, you don't have the option to broadcast messages to multiple contacts at once. Plus, Signal has recently added support for group calling as well.

It has a feature similar to the self-destructing messages of Telegram. The best feature of Signal is "Note to Self". Unlike WhatsApp, you don't have to create a single-member group to send notes to yourself. On Signal, the feature is available natively and you can jot down your thoughts and ideas while messaging with your friends and family.

Apart from that, Signal allows you to relay voice calls to its servers so your identity remains concealed from your contacts. The feature is somewhat similar to what a VPN does. There are also emojis and some privacy stickers, but they are very limited in comparison to WhatsApp and Telegram.

Security:

Whatsapp

The end to end encryption (E2E) introduced in 2016 on WhatsApp is available on every single mode of communication that the app enables. So all your messages, video calls, voice calls, photos, and anything else you share are end-to-end encrypted. WhatsApp uses the E2E protocol developed by Open Whisper Systems, which is the name behind Signal messenger. That's a good thing, because the Signal protocol is open source, widely peer-reviewed, and is generally considered one of the best protocols for implementing end-to-end encryption in messaging platforms.

However, WhatsApp does not encrypt backups (cloud or local). Also, it does not encrypt the metadata which is used to carry communication between two endpoints. This is one of the major criticisms of WhatsApp's security model. While metadata does not allow anyone to read your messages, it lets authorities know whom and when you messaged someone, and for how long.

All in all, WhatsApp does a pretty decent job of ensuring security for its users. That being said, WhatsApp has suffered a couple of major privacy nightmares, especially the recent issue with group chats getting indexed on Google search. That issue has been fixed, however, it was not a good look for the messaging app.

Telegram

Telegram does offer some level of protection to its users. While Telegram supports E2E encryption, it's not enabled by default. The only way to use E2E encryption on Telegram is to use its secret chats feature. However, Telegram states that it manages its message storage and decryption keys in a way that one would require court orders from multiple legal systems around the world to be able to access any of your data. The company says that it has shared 0 bytes of data with third-parties and governments to this date.

Telegram groups are not encrypted because Secret Chats are only supported for single-user communication. Moreover, Telegram's desktop client doesn't support E2E encryption on any platform other than macOS.

Signal

Signal is by far the best when it comes to security, be it on the back-end or the user-facing side of the service. Signal uses the open-source Signal Protocol to implement end-to-end encryption. And just like WhatsApp, the E2E encryption covers all forms of communication on Signal.

Signal goes one step further than others and encrypts your metadata too. To protect user privacy from all corners, Signal devised a new way to communicate between the sender and the recipient and it's called Sealed Sender. Basically, with Sealed Sender, no one will be able to know not even Signal who is messaging whom, which ensures ultimate privacy. Signal by default encrypts all the local files with a 4-digit passphrase. And if you want to create an encrypted local backup then you can do that as well. The app now also supports encrypted group calls.

All in all, in terms of security and privacy protection, Signal stands head and shoulder above WhatsApp and Telegram and that makes it the most secure messaging app between the three.

What data does each app collect?

Following is the list of data that each of the three messaging apps collects from their users:

WhatsApp
Device ID
User ID
Advertising Data
Purchase History
Coarse Location
Phone Number
Email Address
Contacts
Product Interaction
Crash Data
Performance Data
Other Diagnostic Data
Payment Info
Customer Support
Product Interaction
Other User Content

Telegram
Contact Info
Contacts
User ID

Signal
None. (The only personal data Signal stores is your phone number)

Also Read: https://www.indiatoday.in/technology/news/story/in-a-moment-of-purge-twitter-and-other-tech-companies-finally-ban-trump-and-his-supporters-1757380-2021-01-09

Also Read: https://www.indiatoday.in/technology/news/story/google-removes-free-speech-app-parler-from-play-store-1757406-2021-01-09

Also Read: https://www.indiatoday.in/technology/news/story/sony-playstation-5-digital-edition-launch-delayed-in-india-1757419-2021-01-09
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more