Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed

“Snoop onto them… as they’d snoop onto us.” Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. To accompany a blog post on what Marlinspike and his team of researchers learned, Signal produced a demonstration video featuring the above line of dialogue from the movie “Hackers.” In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. The vulnerabilities would amount to an ironic turn for Cellebrite, which makes its money hacking into smartphones. Its customer base includes the U.S. government and some authoritarian regimes, although the Israeli company recently announced it would stop doing business with Russia or […]

The post Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed appeared first on CyberScoop.

Continue reading Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed

Signal wants to protect protesters’ privacy with new face-blurring feature

Protesters worried about government or corporate surveillance will soon have a new tool to protect themselves. Signal, the popular encrypted messaging app, will release a feature that enables users to blur faces in photos they share, Signal Foundation co-founder Moxie Marlinspike said Wednesday. The feature will be built into forthcoming versions of Signal for Android and iOS to automatically detect faces and obscure them. For faces that aren’t detected, the user can manually blur the image before sending, Marlinspike said. The announcement comes as U.S. authorities have increased their efforts to monitor protests following the police killing of George Floyd, an unarmed black man. The U.S. Department of Justice has given the Drug Enforcement Administration new authority to “conduct covert surveillance” of some protesters, according to a memo obtained by BuzzFeed News. (Exact details of the surveillance remains unclear.) More than 10,000 people have been arrested in protests against systemic racism since Floyd’s killing on May […]

The post Signal wants to protect protesters’ privacy with new face-blurring feature appeared first on CyberScoop.

Continue reading Signal wants to protect protesters’ privacy with new face-blurring feature

Free Speech Advocates Blast Amazon Over Threats Against Signal

Secure-messaging firm Signal was told by Amazon not to use its AWS servers for domain-fronting, a technique used to enable communications in countries such as Egypt, Oman, Qatar and UAE where the service is banned. Continue reading Free Speech Advocates Blast Amazon Over Threats Against Signal

Threatpost News Wrap, September 29, 2017

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed. Continue reading Threatpost News Wrap, September 29, 2017

Signal Testing New Private Contact Discovery Service

Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book. Continue reading Signal Testing New Private Contact Discovery Service

Google Allo a Clash of Privacy and Functionality

Google Allo has an end-to-end encryption capability powered by Signal, but it’s not turned on by default because it would interfere with an artificial intelligence powering Google Assistant. Continue reading Google Allo a Clash of Privacy and Functionality