Here are the encryption stories that we’re looking at this week. In this edition, read about encryption challenges for IoT, European Union backlash against backdoors and the ripple effect of the ShadowHammer attack.
Imagine buying a home-security camera with the capability to punch through firewalls and share your data with millions of other connected devices, peer-to-peer. Imagine your baby monitor connected to a worldwide network of other shared devices all homing in to the same Chinese based manufacturing mothership. Imagine the outdated code is replete with stale vulnerabilities that expose it to remote compromise from any P2-peer that can connect.
For a nominal fee, you can buy an unencrypted IoT device requiring zero authentication and fully functional with the scan of a barcode. The only thing more ear-catching than that is finding out how many have already been sold. Read the full article.
The Right to Remain Private: Europe Resists Encryption Backdoors
Taking a page from Australia’s book, the FBI is pushing to have near-unlimited access to consumer and corporate encrypted communications, chasing cybercrime down its own dark alleys. “It can’t be a sustainable end state for there to be an entirely unfettered space that’s utterly beyond law enforcement for criminals to hide,” argues FBI director Christopher Wray at RSA last month. While intended to shine a light, privacy advocates fear government mandated encryption backdoors will backfire, becoming state-sanctioned snooping on one of the last free frontiers of privately-encoded messaging.
Kaspersky confirmed that at least six other firms fell victim to what is now seen as a trojan attack. ShadowHammer struck a blow to ASUS earlier this year as the malware took down its systems from the inside, hidden in its machines in a wide-sweeping supply-chain attack. While unfortunate, the fact that several Asian gaming corporations got similarly “pwned” adds some consolation to the Taiwanese electronics giant.