Tag Archive for: EndtoEnd

Facebook Messenger is testing secure storage for end-to-end encrypted chats

/in


What you need to know

  • Meta is testing secure backups for end-to-end encrypted Messenger chats.
  • Messenger will also make chats E2E encrypted by default for some people.
  • The company is also rolling out more tests on its E2E encrypted messages.

Meta is rolling out a number of tests to make end-to-end encryption a dominant security feature in Facebook Messenger, including secure storage to back up your end-to-end encrypted chat history.

This week, Facebook began testing a secure storage feature that makes it easier to access your Messenger conversation history if you lose your device or want to restore chat history on a new phone. 

Source…

New Research Confirms Need for End-to-End API Security

/in


Up until just a few years ago, web applications were the dominant platform for all things digital and APIs were tools used to address development corner cases. Driven by mobile device ubiquity, the adoption of the cloud, and the move towards agile, more iterative microservices-based development methodologies, APIs are now the connective tissue for everything we do digitally. The apps we use on our devices for work and pleasure, our favorite shopping, money management, travel web site, and even the cars we drive all use APIs heavily.

Built for machine to machine communications and inclusive of the desired function and payload, developers have come to love APIs for their ability to connect application elements and cloud services together quickly to create engaging user experiences. Attackers, who are developers at heart, love them for the same reasons, but with malicious end goals in mind. To dig into the details behind the explosive use of APIs, the security challenges they represent and how best to address those challenges, Cequence Security recently teamed with ESG to conduct a survey of 366 IT and cybersecurity professionals.

Cybersecurity Live - Boston

Containers and Cloud Drive API Growth

The survey found that over the next two years, organizations using APIs solely for their web and app development will nearly triple and 41% will use APIs for most of their development, nearly double that of today. Factors driving API usage include the move towards iterative, modular application development methodologies where APIs connect different components to each other. As a proof point, 71% of respondents stated that in two years, at least half of their apps would be microservices based, growing significantly from the current 39%.

API usage

Validating the trend towards deploying the applications where it makes the most sense, cloud vs. datacenter vs. hybrid, 35% of organizations stated that 30% or more of their apps and websites were deployed in the cloud currently, growing to 67% of organizations in two years. In summary, the usage of cloud-native, microservices-based architectures will outpace the growth of cloud-resident applications, meaning many organizations will support hybrid application environments.

API…

Source…

Decentralising end-to-end encryption with a new security protocol

/in


Researchers at Carnegie Mellon University have devised a new security protocol to decentralise E2E, enabling users to store their messages in a more flexible network.

Messaging services like WhatsApp and Telegram use end-to-end encryption (E2E) to secure messages sent and received. Their systems uses a single company’s server to store encrypted information.

Complete dependence on a single firm’s server prevents users from being able to control how their private messages are being handled.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Researchers at Carnegie Mellon University have devised a new security protocol to decentralise E2E, enabling users to store their messages in a more flexible network.

The system is an extension of the steady group key settlement (GKA) — a previously developed safety protocol that permits a group of people to send and receive messages without relaying on a message group supervisor. “If your message is routed through one server and the company raises the prices or shuts down, you could switch to another server seamlessly,” the team noted.

Also Read | Quantum computers pose security threats, report says

If users are using a central server run by a company to communicate, but it gets blocked or shut down, they could switch to a self hosted server that is physically in one of their homes, the team noted.

“If that’s blocked too, or if the whole Internet is shut down, they could switch to using a mesh network in which nearby devices connect over Bluetooth,” the team said in a paper titled ‘Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees’.

“Right now, messaging app companies are in charge of users, when really it should be the other way around,” one of the researchers noted. “Users should have the freedom to choose how their messages are handled.

Source…

Finally! Ring Doorbells get End-to-End Encryption, but There’s a Big Catch

/in


Amazon’s Ring unit is moving ahead with plans to allow end-to-end encryption (E2EE). U.S. customers can turn it on now, with the feature rolling out to other countries any second now.

But there’s always a catch. You need to remember a huge random passphrase. And a lot of features will stop working—including the ability to resell your device on the used market.

Is it a dark pattern? If it walks and swims and quacks like one, then it probably is. In today’s SB Blogwatch, we’ve got a bad feeling about Ring.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Turning into random objects.

I’m Sorry, Dave; I’m Afraid I Can’t Do That

What’s the craic? Jay Peters reports—“Ring’s end-to-end encryption … available now”:

More secure
Ring’s end-to-end encryption for video streams is leaving technical preview, is now available to US users, and is currently rolling out globally. … The opt-in feature makes it so that your video streams can only be viewed by you on an enrolled iOS or Android device.

Ring first announced video end-to-end encryption in September 2020 and launched the technical preview in January. … If you use two-step authentication to provide extra security to your account, Ring now supports authenticator apps, which [is] more secure than SMS.

And Steven J. Vaughan-Nichols adds—“Amazon is finally delivering it”:

Use E2EE—I will be
Did you know that that handy video your Ring doorbell takes … isn’t private? … Not only are your videos kept in the Amazon Web Services (AWS) cloud, [but they’re] transmitted in the clear.

A sufficiently motivated hacker, or your local police force, can easily watch who’s walking by your door. Until now. … If you decide to install this optional privacy feature, you’ll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair.

You’ll also need to set a passphrase, which you must remember. … If you lose it, you’re out of luck. [But] if you value your privacy, and you still like the convenience…

Source…