Apple buffs up iMessage security with quantum computer-proof encryption


iMessage on an Android phone

Dhruv Bhutani / Android Authority

TL;DR

  • Apple is creating a new form of encryption for iMessage.
  • This new layer of encryption aims to prevent harvest now, decrypt later attacks.

Today’s encryption is good enough to defend against most encryption cracking attempts. But will today’s encryption hold up when pitted against more powerful computers in the future? Apple is not waiting to find out and is updating the security protocol for its messaging app to handle attacks from quantum computers.

According to Bloomberg, Apple is introducing a new form of encryption meant for iMessage called PQ3 cryptographic protocol. This new encryption layer will work alongside the company’s existing encryption tools.

PQ3 was designed to prevent what’s known as harvest now, decrypt later attacks. This is an attack where the perpetrator — like a nation-state hacker — extracts as much encrypted data as they can get. They then sit on that data, waiting for a future when quantum computers are powerful and reliable enough to crack the encryption.

The day when quantum computers become capable enough to tear through most encryption is referred to by experts as “Q-day.” There’s no agreement on when Q-day will arrive, with some believing it could happen in the coming decades. Given that Apple is taking this precaution now suggests that the company believes this day will come sooner than later.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

Source…

Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps…

Source…

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices


Spyware Firms

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry.

The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.

“Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality,” the company said.

The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch and Telegram.

Specifically, a network of fictitious personas linked to RCS Labs, which is owned by Cy4Gate, is said to have tricked users into providing their phone numbers and email addresses, in addition to clicking on bogus links for conducting reconnaisance.

Another set of now-removed Facebook and Instagram accounts associated with Spanish spyware vendor Variston IT was employed for exploit development and testing, including sharing of malicious links. Last week, reports emerged that the company is shutting down its operations.

Cybersecurity

Meta also said it identified accounts used by Negg Group to test the delivery of its spyware, as well as by Mollitiam Industries, a Spanish firm that advertises a data collection service and spyware targeting Windows, macOS, and Android, to scrape public information.

Elsewhere, the social media giant actioned on networks from China, Myanmar, and Ukraine exhibiting coordinated inauthentic behavior (CIB) by removing over 2,000 accounts, Pages, and Groups from Facebook and Instagram.

While the Chinese cluster targeted U.S. audiences with content related to criticism of U.S. foreign policy towards…

Source…

Partial Screen Sharing To Better Security For Data, New Tweaks In First Developer Preview Here


Android 15 Features: Google has announced the Android 15 Developer Preview for developers across the globe. The company also highlighted a range of features that are a part of the preview build. The significant changes revolve around privacy and safety and a few minor tweaks. Google will likely introduce more features in the forthcoming builds. Here is a report for a detailed context about the features in the recent build.

Latest Privacy Sandbox: The new Android incorporates the latest Privacy Sandbox for improved privacy and personalised ad experience in apps. The update brings “Android AD Services up to extension level 10.”

Also Read: Android 15 Developer Preview Is Here: Eligible Devices To What’s New, Things You Need To Know

Tweaks In Health Connect: The platform to collect health and fitness data will be tweaked to introduce support for data types across nutrition, fitness and more.

Enhanced File Safety: Via the new APIs, the files can be secured using cryptographic signatures to avoid tampering and improve security. It will also offer protection from malware and unauthorised file access that may compromise a smartphone.

Android 15 Developer Preview can be installed on select Pixel smartphones. (Image:Google)

Partial Screen Sharing: With the new option, users can record just the app window and not the complete screen. Plus, developers can also customise the experience for their apps. However, user consent shall be required before using the feature.

Improved Camera Controls: Targeted to creators, the company also highlighted that developers can control the brightness of the preview and adjust the flash intensity for photography.

Efficient Performance: The Android Dynamic Performance Framework, which allows apps (and games) to interact with the power and thermals of Android gadgets, will get new capabilities. The new power-efficiency mode will suggest apps “prefer power saving over performance” in the long run and in other scenarios. Plus, it can adjust the CPU and GPU workloads. The new ADPF can also interpret the thermal throttling status of a device.

Also Read: Android 15: Your Wish To Check Battery Health On Your Pixel Smartphone May Be Fulfilled Next Year;…

Source…