Encryption - NEWS POLITE

WhatsApp Reportedly Working on Adding a New Label to Indicate Conversations Are End-to-End Encrypted

WhatsApp has been spotted working on a new end-to-end encryption (E2EE) label for individual and group conversations that is reportedly in development. The popular messaging application will show a message within chats that will confirm that the messages sent and received are encrypted and WhatsApp does not store any of the information. The new encryption visibility feature comes just days after Meta published a post highlighting the issues it is facing with E2EE and the resultant delays in implementing third-party chats in Europe following the enactment of the Digital Markets Act (DMA).

Spotted by feature tracker WABetaInfo, the new development was seen in WhatsApp beta for Android 2.24.6.11 for some beta testers. The update was rolled out on March 9 through the Google Play Beta Program. The report claimed that the feature has only reached some beta testers, which points to a limited release. This is likely because it is still in the early stage and the developers intend to make more changes to it.

WhatsApp’s new end-to-end encryption label
Photo Credit: WABetaInfo

As per the report, a new label stating end-to-end encrypted was seen below the space where the Contact name or Group name is shown. The text was preceded by a lock icon. The label disappears after a few seconds, showing the last seen status in individual conversations and participants’ names in group conversations. This appears to be a new layer of encryption visibility within the app.

Interestingly, WhatsApp already shows an E2EE label on the home screen at the bottom of the screen, below all the chats. It also shows the same in voice and video call screens, statuses, and more. Further, users can always go to the Encryption tab on the contact info page and verify encryption manually. As per the report, with this label, the messaging app might be securing a proactive reminder about the encryption status in a place where it is easily visible to the user.

This would be useful given Meta recently highlighted the risk of encryption with third-party chats in Europe. The company, which uses Signal protocol-based Noise Protocol Framework to encrypt data, said that while it will take responsibility for ensuring encryption at the WhatsApp user’s end and during the transit of data, it cannot do the same once the data reaches the third-party platform’s end. Notably, the social media giant has asked messaging apps to sign an agreement with Meta and use either the Signal protocol or another compatible protocol.

Affiliate links may be automatically generated – see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who’sThat360 on Instagram and YouTube.

Threads Rolls Out New Feature to Save Drafts, Allows Users to Take Photos Within the App

Elon Musk Says His AI Startup xAI’s Grok Chatbot Will Go Open-Source

Check out our Latest News and Follow us at Facebook

Original Source

Apple Upgrades iMessage With PQ3 Quantum Computer-Resistant Encryption Protocol

Apple is introducing a new cryptographic protocol for iMessage that is designed to protect users from sophisticated attacks using quantum computers. The new encryption protocol could safeguard users from scenarios where encrypted data has been stored, only to be decrypted using a quantum computer at a later date. iMessage is the second messaging platform known to introduce support for quantum-security cryptography — Signal’s PQXDH protocol was introduced last year — while adding another layer of security to protect users if keys are compromised.

The company detailed the development of the new PQ3 protocol for iMessage on Wednesday, ahead of its deployment on supported iPhone, iPad, Mac, and Apple Watch models. PQ3 is a quantum-resistant cryptographic protocol designed to protect conversations from being compromised by attackers with quantum computers in the future, according to Apple.

Traditional public key cryptography — used in secure messaging services like WhatsApp, iMessage, and Signal — protect users from powerful computers using difficult mathematical problems. However, powerful quantum computers are said to be capable of solving these problems, which means that even though they don’t currently exist, they can be used to compromise encrypted chats in the future.

Apple also highlights another challenge posed by quantum computers — the “Harvest Now, Decrypt Later” scenario. By storing vast amounts of encrypted data available today, capable attackers can gain access to the data at some point in the future once a powerful enough quantum computer is capable of breaking the traditional encryption used to protect those messages.

iMessage will join Signal in using quantum-resistant cryptography
Photo Credit: Apple

iMessage is the second messaging platform to add support for quantum-security cryptography. Last year, Signal — widely considered the gold standard in encrypted messaging — announced it was rolling out a new PQXDH protocol that would protect users from quantum computers. Apple says that its PQ3 encryption protocol goes one step further than PQXDH by changing post-quantum keys on an ongoing basis — this limits the number of messages that can be exposed if the keys are compromised.

The new PQ3 post-quantum encryption protocol is designed to protect users from existing and future adversaries and will be introduced from the start of a chat, according to Apple. It would need to be combined with the company’s existing encryption, with a hybrid design that means attackers would need to defeat both the traditional encryption and the post-quantum primitives used to protect iMessage conversations.

In order to protect users in case an encryption key is compromised, Apple says that a new post-quantum key is transmitted periodically (instead of with every message), to keep the size of these encrypted messages in check, while allowing users to access the service even in poor network conditions.

The new PQ3 protocol has been reviewed by the company’s Security Engineering and Architecture (SEAR) teams. It has also been reviewed by a team led by Professor David Basin, head of the Information Security Group at ETH Zürich, as well as Professor Douglas Stebila from the University of Waterloo. The company also says that it also contracted a third-party security consultancy independently assessed the PQ3 source code, and found no security issues, according to the company.

Apple says that the upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 will bring support for PQ3, and iMessage conversations on supported devices will automatically start to use the new quantum-security protocol to encrypt messages sent and received on the platform. All supported conversations will be upgraded to the post-quantum encryption protocol this year, according to the company.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Facebook Messenger Turns End-to-End Encryption on by Default for Individual Chats

Facebook Messenger is finally rolling out support for end-to-end encryption (E2EE) by default for individual chats and calls, the company announced on Wednesday. In the coming weeks and months, Facebook parent Meta says existing conversations will be protected by E2EE and new chats will also be protected by the technology. The company says that E2EE Messenger chats will offer the same features as previously unencrypted conversations including the ability to unsend messages, set chat themes, and send custom message reactions.

In a post detailing the launch of the new features, Messenger head Loredana Crisan said that both one-on-one chats and calls on the messaging app will now be protected by end-to-end encryption. Meta collaborated with experts and governments, academics and advocates to ensure a balance of privacy and safety, according to Crisan.

Just like WhatsApp, which is also owned by Meta, chats on Messenger can no longer be accessed by the company — with one exception. Meta will be able to see the contents of E2EE messages when a conversation participant reports the contents of a conversation — WhatsApp offers the same reporting mechanism.

In January 2022, Meta updated Secret Conversations — its opt-in E2EE chats feature on Messenger — with support for features that are available on regular chats. These include the ability to send GIFs and stickers in chats. Users can also set chat themes in secret conversations. Enabling the 24-hour disappearing message mode in E2EE chats will also alert users when another participant takes a screenshot, according to Meta.

Messenger’s E2EE chats have been updated with support for features found on regular chats
Photo Credit: Meta

Meta has been working on enabling encrypted chats by default for years now, and the first indication of the company’s efforts was revealed years ago when Meta CEO Mark Zuckerberg stated that the firm was adding support for default E2EE chats for both Instagram and Messenger.

The company says that it has implemented the Signal Protocol (used on Signal, widely considered the gold standard in encrypted messaging apps) and the firm’s own Labyrinth Protocol.

However, not all users will see their conversations upgraded to E2EE chats immediately. Crisan notes that “it may take some time for Messenger chats to be updated with default end-to-end encryption”, which suggests that the rollout could take a considerable amount of time.

It is worth noting that features like optional E2EE encryption for chats on Instagram are yet to roll out to users in some regions, including India. Gadgets 360 has reached out to the company for details of the rollout to users in the country. Meta is expected to enable E2EE chats by default on Instagram once the Messenger rollout is complete.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Apple Opposes UK Push to Bypass End-to-End Encryption, Says It Will Remove iMessage and FaceTime: Report

Apple has strongly opposed a move by the British parliament to amend an act that would allow the government to order messaging services to weaken the encryption that protects their users. The Cupertino company said it will not compromise the end-to-end encryption that it offers to its iMessage users for one country. UK lawmakers are looking to weaken encryption of messaging services in an attempt to catch criminals, as part of proposed amendments to an existing law.

The Online Safety Bill, which contains proposed amendments to the Investigatory Powers Act (IPA) 2016, has reached the UK parliament for consideration and the government has started a consultation process that will take eight weeks to conclude. One of the proposed amendments will involve requiring services like iMessage and Signal to install technology that will monitor child sexual abuse material (CSAM) on their platforms.

Apple has submitted a detailed, nine-page long note arguing that this demand from the UK government would violate the promise of privacy that it gives to its users, according to a BBC report.

The proposed changes include backdoors into encrypted messaging apps, along with asking companies to reveal details about any new security features they might be planning to deploy to their respective platforms. It is worth noting that creating a backdoor for law enforcement or other forms of lawful interception would also create vulnerabilities that could be misused by hackers and cyberciminals.

Apple has additionally said that it was not willing to weaken its security measures for users globally, specifically for one country.

The iPhone-maker has threatened to remove support for iMessage and FaceTime in the UK, if the government pushes through with the proposed changes to the IPA Act.

Meredith Whittaker, the president of the Signal messaging app was quick to retweet BBC’s report on the issue, applauding Apple’s stern stance against the demands of the UK government.

Apple joins Signal & WhatsApp: they’ll pull services from the UK before compromising privacy + security. This makes sense: the alt to exiting is undermining your reputation, killing the trust of those who rely on you. See: RIM, Blackberry, Saudi Arabia.https://t.co/veVS0P1qMK

— Meredith Whittaker (@mer__edith) July 21, 2023

Previously, Whittaker has also reacted in a manner similar, stating that Signal would rather walk away from the UK, then agree to the proposed changes.

Meta-owned WhatsApp has also opposed the UK’s request to let officials snoop on WhatsApp users’ conversations that are currently protected by end-to-end encryption.

The UK government’s eight-week-long consultation process will take into account the views of the industry. The Home Office responded to the BBC stating that the IPA Act was created to protect the public from “criminals, child sex abusers and terrorists” and that “no decisions have yet been made” while referring to the consultation that is part of the review process.

Will the Nothing Phone 2 serve as the successor to the Phone 1, or will the two co-exist? We discuss the company’s recently launched handset and more on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

WhatsApp, Signal Oppose UK Move to Force Companies to Break End-to-End Encryption

WhatsApp and other messaging services have united to oppose Britain’s plan to force tech companies to break end-to-end encryption in private messages in its proposed internet safety legislation.

Meta-owned WhatsApp, Signal and five other apps signed an open letter saying the law could give an “unelected official the power to weaken the privacy of billions of people around the world”.

Britain’s Online Safety Bill was originally designed to create one of the toughest regimes for regulating platforms such as Facebook, Instagram, TikTok, and YouTube.

The proposals were watered down in November, when a requirement to stop “legal but harmful content” was removed to protect free speech, and instead the focus was put on illegal content, particularly related to child safety.

The British government said the bill in “no way represented a ban on end-to-end encryption, nor would it require services to weaken encryption“.

But it wants regulator Ofcom to be able to make platforms use accredited technology, or try to develop new technology, to identify child sexual abuse content.

The letter signatories said this was incompatible with end-to-end encryption, which enables a message to be read only by the sender and recipient.

“The bill provides no explicit protection for encryption, and if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all user,” they said.

The bill poses an “unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws”, they said.

A British government spokesperson said: “We support strong encryption, but this cannot come at the cost of public safety.

“Tech companies have a moral duty to ensure they are not blinding themselves and law enforcement to the unprecedented levels of child sexual abuse on their platforms.”

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Gmail End-to-End Encryption Beta Testing Expanded for Select Workspace Users: All Details

Gmail will allow more customers to gain beta access to the company’s end-to-end encryption feature for its email messaging service, which is a part of Google Workspace. The company’s encryption technology provides an added layer of security to emails and attachments on the Web. Google last year announced that it would bring client-side encryption software by giving users control over the encryption keys and who will have access to their data last year. The service has announced that it will allow more users to apply to beta-test the feature.

Google announced via a blog post that the company is expanding beta access to its client-side encryption (CSE) in Gmail on the Web, for select customers on Google Workspace Enterprise and Education plans.

As of now, Google offers a beta version of CSE on Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar. The feature was added to Google Drive in 2021.

According to the company, eligible customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard can apply to participate in the beta testing until January 20 next year, via Google’s support center. Once rolled out, users will be able to choose to enable end-to-end encryption by selecting a padlock button when writing an email.

“Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google stated. This means that while Google does encrypt user data as it travels to the company’s servers, the company is able to access the contents of the data. CSE eliminates customer privacy concerns by ensuring that only the sender and recipient have the encryption keys to access the data.

Meanwhile, Google on Monday announced new fraud detection techniques for its UPI-based payment app Google Pay as part of the search giant’s efforts to make digital payments more secure in the country. A new feature on Google Pay will alert users in India of any suspicious activities on their accounts by using multi-layered warnings. The app will use machine learning to flag fraudulent activity or suspicious payment requests and flash a warning to users to protect them from fraud on the payment platform.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

IISc Says Team Has Developed Enhanced Data Encryption, Security Device

An Indian Institute of Science team has developed a “record-breaking” true random number generator (TRNG), which can improve data encryption and provide improved security for sensitive digital data such as credit card details, passwords and other personal information. The study describing this device has been published in the journal ‘ACS Nano’, the Bengaluru-based IISc, said in a press release on Friday.

“Almost everything we do on the internet is encrypted for security. The strength of this encryption depends on the quality of random number generation,” says Nithin Abraham, a PhD student at the Department of Electrical Communication Engineering (ECE), IISc.

Abraham is a part of the IISc team led by Kausik Majumdar, associate professor at ECE.

Encrypted information can be decoded only by authorised users who have access to a cryptographic “key”. But the key needs to be unpredictable and, therefore, randomly generated to resist hacking.

Cryptographic keys are typically generated in computers using pseudo-random number generators (PRNGs), which rely on mathematical formulae or pre-programmed tables to produce numbers that appear random but are not.

In contrast, a TRNG extracts random numbers from inherently random physical processes, making it more secure.

In IISc’s “breakthrough” TRNG device, random numbers are generated using the random motion of electrons.

It consists of an artificial electron trap constructed by stacking atomically-thin layers of materials like black phosphorus and graphene. The current measured from the device increases when an electron is trapped, and decreases when it is released. Since electrons move in and out of the trap in a random manner, the measured current also changes randomly. The timing of this change determines the generated random number, the statement said.

“You cannot predict exactly at what time the electron is going to enter the trap. So, there is an inherent randomness that is embedded in this process,” explains Majumdar.

The performance of the device on the standard tests for cryptographic applications designed by the US National Institute of Standards and Technology (NIST) has exceeded Majumdar’s own expectations.

“When the idea first struck me, I knew it would be a good random number generator, but I didn’t expect it to have a record-high min-entropy,” he says.

Min-entropy is a parameter used to measure the performance of TRNGs. Its value ranges from zero (completely predictable) to one (completely random). The device from Majumdar’s lab showed a record-high min-entropy of 0.98, a significant improvement over previously reported values, which were around 0.89.

“Ours is by far the highest reported min-entropy among TRNGs,” says Abraham. The team’s electronic TRNG is also more compact than its clunkier counterparts that are based on optical phenomena.

“Since our device is purely electronic, millions of such devices can be created on a single chip,” adds Majumdar.

He and his group plan to improve the device by making it faster and developing a new fabrication process that would enable the mass production of these chips.

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.