WingNews logo WingNews
top | item 27438992

(no title)

sorbits | 4 years ago

> This is how police should get around the problems presented with encryption.

By adding a backdoor to E2E encryption? That is pretty much what they have been asking for :)

Amazing that criminals still pick some unknown device over an existing solution with a proven track record.

This is not the first time something like this has happened:

- https://en.wikipedia.org/wiki/EncroChat

- https://en.wikipedia.org/wiki/Sky_Global

discuss

order

rstuart4133|4 years ago

> By adding a backdoor to E2E encryption? That is pretty much what they have been asking for :)

Not really. At least in Australia's case they asked for the ability to access data on the end point while it is unencrypted, which it must be when a human consumes it. They didn't want to backdoor encryption, just bypass it. And they didn't just ask for it - they got it.

Specifically, the Assistance and Access bill (2018) [0]. The "Assistance" in the title allows them to demand assistance from a software company (eg, Google / Microsoft / Apple) in developing an app (or a modified version of an existing app) that that won't trigger the OS's warnings while it provides access to data while it is unencrypted. The "Access" in the bills title refers to the fact they can they demand the software developer force the app to be "upgraded" to the "spy" version on targeted devices via their normal security patch mechanisms.

As you can probably gather from the date of the bill, this law has been in place or about 2 years now. But it probably wasn't in place when this started, as the law was passed New Years Eve, 2018, which explains all this social engineering cloak and dagger stuff.

When I first saw the story I thought it was odd they publicising a hack that only works when nobody knows about it. But now I think about it, my guess is they publicised it because they won't need to use it again. They've legislated far easier ways to spy on a phone.

[0] https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...

asimpletune|4 years ago

tl;dr hacking is allowed, abusing gov't authority to compel is cheating.

I don't think it's really the same as "what they were asking for" at all.

a.) they didn't compel a company to secretly do it for them

b.) the back door is targeted, I.e. not mass surveillance

As far as I understand, they did the work themselves (modified android OS), and their methods were targeted. A "bad guy" could only get this special, hacked phone, from other "bad guys". This wasn't the same thing as, sending a mole to get work at Cisco and install an undetectable zero-day in all communication infrastructure switches world-wide. And it's definitely a far cry from forcing apple to make a modified iOS on their behalf.

No, they pretty much did what hackers do, and as far as I'm concerned, that's fair game.