E2ee - NEWS POLITE

Apple Upgrades iMessage With PQ3 Quantum Computer-Resistant Encryption Protocol

Apple is introducing a new cryptographic protocol for iMessage that is designed to protect users from sophisticated attacks using quantum computers. The new encryption protocol could safeguard users from scenarios where encrypted data has been stored, only to be decrypted using a quantum computer at a later date. iMessage is the second messaging platform known to introduce support for quantum-security cryptography — Signal’s PQXDH protocol was introduced last year — while adding another layer of security to protect users if keys are compromised.

The company detailed the development of the new PQ3 protocol for iMessage on Wednesday, ahead of its deployment on supported iPhone, iPad, Mac, and Apple Watch models. PQ3 is a quantum-resistant cryptographic protocol designed to protect conversations from being compromised by attackers with quantum computers in the future, according to Apple.

Traditional public key cryptography — used in secure messaging services like WhatsApp, iMessage, and Signal — protect users from powerful computers using difficult mathematical problems. However, powerful quantum computers are said to be capable of solving these problems, which means that even though they don’t currently exist, they can be used to compromise encrypted chats in the future.

Apple also highlights another challenge posed by quantum computers — the “Harvest Now, Decrypt Later” scenario. By storing vast amounts of encrypted data available today, capable attackers can gain access to the data at some point in the future once a powerful enough quantum computer is capable of breaking the traditional encryption used to protect those messages.

iMessage will join Signal in using quantum-resistant cryptography
Photo Credit: Apple

iMessage is the second messaging platform to add support for quantum-security cryptography. Last year, Signal — widely considered the gold standard in encrypted messaging — announced it was rolling out a new PQXDH protocol that would protect users from quantum computers. Apple says that its PQ3 encryption protocol goes one step further than PQXDH by changing post-quantum keys on an ongoing basis — this limits the number of messages that can be exposed if the keys are compromised.

The new PQ3 post-quantum encryption protocol is designed to protect users from existing and future adversaries and will be introduced from the start of a chat, according to Apple. It would need to be combined with the company’s existing encryption, with a hybrid design that means attackers would need to defeat both the traditional encryption and the post-quantum primitives used to protect iMessage conversations.

In order to protect users in case an encryption key is compromised, Apple says that a new post-quantum key is transmitted periodically (instead of with every message), to keep the size of these encrypted messages in check, while allowing users to access the service even in poor network conditions.

The new PQ3 protocol has been reviewed by the company’s Security Engineering and Architecture (SEAR) teams. It has also been reviewed by a team led by Professor David Basin, head of the Information Security Group at ETH Zürich, as well as Professor Douglas Stebila from the University of Waterloo. The company also says that it also contracted a third-party security consultancy independently assessed the PQ3 source code, and found no security issues, according to the company.

Apple says that the upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 will bring support for PQ3, and iMessage conversations on supported devices will automatically start to use the new quantum-security protocol to encrypt messages sent and received on the platform. All supported conversations will be upgraded to the post-quantum encryption protocol this year, according to the company.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Facebook Messenger Turns End-to-End Encryption on by Default for Individual Chats

Facebook Messenger is finally rolling out support for end-to-end encryption (E2EE) by default for individual chats and calls, the company announced on Wednesday. In the coming weeks and months, Facebook parent Meta says existing conversations will be protected by E2EE and new chats will also be protected by the technology. The company says that E2EE Messenger chats will offer the same features as previously unencrypted conversations including the ability to unsend messages, set chat themes, and send custom message reactions.

In a post detailing the launch of the new features, Messenger head Loredana Crisan said that both one-on-one chats and calls on the messaging app will now be protected by end-to-end encryption. Meta collaborated with experts and governments, academics and advocates to ensure a balance of privacy and safety, according to Crisan.

Just like WhatsApp, which is also owned by Meta, chats on Messenger can no longer be accessed by the company — with one exception. Meta will be able to see the contents of E2EE messages when a conversation participant reports the contents of a conversation — WhatsApp offers the same reporting mechanism.

In January 2022, Meta updated Secret Conversations — its opt-in E2EE chats feature on Messenger — with support for features that are available on regular chats. These include the ability to send GIFs and stickers in chats. Users can also set chat themes in secret conversations. Enabling the 24-hour disappearing message mode in E2EE chats will also alert users when another participant takes a screenshot, according to Meta.

Messenger’s E2EE chats have been updated with support for features found on regular chats
Photo Credit: Meta

Meta has been working on enabling encrypted chats by default for years now, and the first indication of the company’s efforts was revealed years ago when Meta CEO Mark Zuckerberg stated that the firm was adding support for default E2EE chats for both Instagram and Messenger.

The company says that it has implemented the Signal Protocol (used on Signal, widely considered the gold standard in encrypted messaging apps) and the firm’s own Labyrinth Protocol.

However, not all users will see their conversations upgraded to E2EE chats immediately. Crisan notes that “it may take some time for Messenger chats to be updated with default end-to-end encryption”, which suggests that the rollout could take a considerable amount of time.

It is worth noting that features like optional E2EE encryption for chats on Instagram are yet to roll out to users in some regions, including India. Gadgets 360 has reached out to the company for details of the rollout to users in the country. Meta is expected to enable E2EE chats by default on Instagram once the Messenger rollout is complete.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Apple Opposes UK Push to Bypass End-to-End Encryption, Says It Will Remove iMessage and FaceTime: Report

Apple has strongly opposed a move by the British parliament to amend an act that would allow the government to order messaging services to weaken the encryption that protects their users. The Cupertino company said it will not compromise the end-to-end encryption that it offers to its iMessage users for one country. UK lawmakers are looking to weaken encryption of messaging services in an attempt to catch criminals, as part of proposed amendments to an existing law.

The Online Safety Bill, which contains proposed amendments to the Investigatory Powers Act (IPA) 2016, has reached the UK parliament for consideration and the government has started a consultation process that will take eight weeks to conclude. One of the proposed amendments will involve requiring services like iMessage and Signal to install technology that will monitor child sexual abuse material (CSAM) on their platforms.

Apple has submitted a detailed, nine-page long note arguing that this demand from the UK government would violate the promise of privacy that it gives to its users, according to a BBC report.

The proposed changes include backdoors into encrypted messaging apps, along with asking companies to reveal details about any new security features they might be planning to deploy to their respective platforms. It is worth noting that creating a backdoor for law enforcement or other forms of lawful interception would also create vulnerabilities that could be misused by hackers and cyberciminals.

Apple has additionally said that it was not willing to weaken its security measures for users globally, specifically for one country.

The iPhone-maker has threatened to remove support for iMessage and FaceTime in the UK, if the government pushes through with the proposed changes to the IPA Act.

Meredith Whittaker, the president of the Signal messaging app was quick to retweet BBC’s report on the issue, applauding Apple’s stern stance against the demands of the UK government.

Apple joins Signal & WhatsApp: they’ll pull services from the UK before compromising privacy + security. This makes sense: the alt to exiting is undermining your reputation, killing the trust of those who rely on you. See: RIM, Blackberry, Saudi Arabia.https://t.co/veVS0P1qMK

— Meredith Whittaker (@mer__edith) July 21, 2023

Previously, Whittaker has also reacted in a manner similar, stating that Signal would rather walk away from the UK, then agree to the proposed changes.

Meta-owned WhatsApp has also opposed the UK’s request to let officials snoop on WhatsApp users’ conversations that are currently protected by end-to-end encryption.

The UK government’s eight-week-long consultation process will take into account the views of the industry. The Home Office responded to the BBC stating that the IPA Act was created to protect the public from “criminals, child sex abusers and terrorists” and that “no decisions have yet been made” while referring to the consultation that is part of the review process.

Will the Nothing Phone 2 serve as the successor to the Phone 1, or will the two co-exist? We discuss the company’s recently launched handset and more on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

WhatsApp, Signal Oppose UK Move to Force Companies to Break End-to-End Encryption

WhatsApp and other messaging services have united to oppose Britain’s plan to force tech companies to break end-to-end encryption in private messages in its proposed internet safety legislation.

Meta-owned WhatsApp, Signal and five other apps signed an open letter saying the law could give an “unelected official the power to weaken the privacy of billions of people around the world”.

Britain’s Online Safety Bill was originally designed to create one of the toughest regimes for regulating platforms such as Facebook, Instagram, TikTok, and YouTube.

The proposals were watered down in November, when a requirement to stop “legal but harmful content” was removed to protect free speech, and instead the focus was put on illegal content, particularly related to child safety.

The British government said the bill in “no way represented a ban on end-to-end encryption, nor would it require services to weaken encryption“.

But it wants regulator Ofcom to be able to make platforms use accredited technology, or try to develop new technology, to identify child sexual abuse content.

The letter signatories said this was incompatible with end-to-end encryption, which enables a message to be read only by the sender and recipient.

“The bill provides no explicit protection for encryption, and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all user,” they said.

The bill poses an “unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws”, they said.

A British government spokesperson said: “We support strong encryption, but this cannot come at the cost of public safety.

“Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms.”

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.