Archive for the ·

Encryption

· Category...

Police “decrypts” your phone

Comments Off

CNET has an interesting article about how warrants to access suspects mobile phones are handled by two of the big mobile OS providers; Apple and Google. Focusing on Apple, the article mentions cases where the police has to wait for Apple to perform the unlocking, while Google “resets the password and further provides the reset password to law enforcement”.

From a technical perspective, it is not clear what kind of unlocking is performed; whether it is the SIM code, screen lock, or account password. It is interesting that the article mentions decryption, but it is probably a misunderstanding, or wrong wording: Android phones do not use encrypted storage by default, and in fact, if you have a model with a removable memory card, you can read that in any SD card reader. Accessing the embedded phone storage is also easy if it already unlocked (using fastboot / adb). iPhones does not use encrypted storage by default either, to be best of my knowledge. The article does indeed state that “It’s not clear whether that means Apple has created a backdoor for police [...] , or whether it simply is more skilled at using the same procedures available to the government.”.

From a privacy and security point of view, it is clear that it is irrelevant what the default security setting is. It can simply not be trusted to perform the task a user would expect. Rather, one should use take matters into own hands, and use software that has been proven to not contain backdoors for police or others. The only option is free and open source software, which has been vetted by security experts and the community.

Comments Off

Encryption

Comments Off

In the wake of the recent internet traffic monitoring law passed in Sweden, it is highly overdue to get serious about encryption. First off, e-mail encryption, focusing on PGP/GPG. Below are a some useful links:

Enigmail: PGP/GPG extension for Mozilla Thunderbird.

FireGPG: GPG extension for Mozilla Firefox. Brings e-mail encryption to Gmail, and any other website with GPG content.

GpgOL is a plugin for Microsoft Outlook 2003, by the maintainers of GnuPG.

GPGoe is a GPG plug-in for the Microsoft Outlook Express.

For even more links about PGP/GPG and related tools, see Folkert van Heusden’s collection of information.

Comments Off