Bruce Schneier@Schneier on Security
//
The UK government has reportedly ordered Apple to create a backdoor for accessing end-to-end encrypted data in iCloud. This demand, made under the Investigatory Powers Act, seeks blanket access to all encrypted content, not just specific accounts. The law, known as the "Snoopers' Charter," prohibits Apple from even revealing the demand.
The Washington Post reported that the UK government served Apple with a “technical capability notice” requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This has caused alarm among privacy advocates and tech experts with many seeing it as an emergency. Experts warn that complying with the order could weaken user trust and expose sensitive data to misuse, also a backdoor for the government puts everyone at greater risk of hacking, identity theft, and fraud. It is being reported that Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide.
References :
- Casey Newton: Reports on Apple's potential response to the UK's demand to access encrypted iCloud data.
- jonnyevans: UK orders Apple to let it access everyone’s encrypted data
- Tao of Mac: UK Government Orders Apple to Create Global iCloud Encryption Backdoor
- Deeplinks: The Electronic Frontier Foundation (EFF) strongly opposes the UK's demand, emphasizing that weakening encryption undermines privacy and security.
- Schneier on Security: The Washington Post is that the UK government has served Apple with a “technical capability notice� as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand.
- www.macrumors.com: UK Government Orders Apple to Create Global iCloud Encryption Backdoor
- gbhackers.com: UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
- techcrunch.com: UK government demands Apple backdoor to encrypted cloud data report
- CyberInsider: U.K. Secretly Ordered Apple to Create Encryption Backdoor
- gbhackers.com: UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
- Carly Page: Government officials in the UK have reportedly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data. Apple will likely stop offering its encrypted cloud storage offering, Advanced Data Protection, to users in the country
- tomas-svojanovsky.medium.com: The UK’s Secret Demand for an Apple Backdoor: What It Means for Your Privacy and Apple’s Encryption Battle
- cyberinsider.com: U.K. Secretly Ordered Apple to Create Encryption Backdoor
- 9to5Mac: It’s being reported that the British government secretly ordered to create a backdoor into all content uploaded by users anywhere in the world.
- The Register - Security: UK Home Office silent on alleged Apple backdoor order
- Matthew Green: Let’s be clear about what this article is saying. The U.K. has a law that allows it to issue “technical capability notices� to companies. These notices require the company to effectively disable, or secretly backdoor, their encryption mechanisms.
- Matthew Green: The U.K. may be preparing to issue Apple an order that forces them to (secretly) disable encryption.
- 9to5mac.com: 9to5Mac reports on the UK government's secret order for Apple to create a worldwide iCloud backdoor.
- Six Colors: This article discusses the implications of the UK government's order for Apple to implement a backdoor for end-to-end encryption.
- The Internet Review: This article discusses the UK government's mandate for Apple to create a global iCloud encryption backdoor.
- Open Rights Group: UK government seeks to break encryption in secret, with minimal accountability and potentially global impacts. They're failing in their primary duty to protect British citizens in a world where cybersecurity threats are increasing. Privacy = security. We must protect encryption!
- Anonymous ???????? :af:: It will affect users around the world: The UK's demands for Apple to break encryption is an emergency for us all. Weakening encryption violates human rights!
- arstechnica.com: The UK demands Apple break encryption to allow gov’t spying worldwide, reports say Apple last year opposed UK's secret notices demanding encryption backdoors.
- CCC: It will affect users around the world: The UK's demands for Apple to break encryption is an emergency for us all. Weakening encryption violates human rights!
- Metacurity: UK government demands Apple create an encrypted cloud backdoor
- www.computerworld.com: UK orders Apple to let it access everyone’s encrypted data
- Anonymous ???????? :af:: Government officials in the UK have reportedly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data.
- Ars Technica: UK demands Apple break encryption to allow gov’t spying worldwide, reports say Apple last year opposed UK's secret notices demanding encryption backdoors.
- www.bbc.co.uk: The UK government seeks to break encryption in secret, with minimal accountability and potentially global impacts. They're failing in their primary duty to protect British citizens in a world where cybersecurity threats are increasing. Privacy = security. We must protect encryption!
- Mark Nottingham: What can Apple do in the face of a UK order to weaken encryption worldwide? Decentralise iCloud, to start.
- @PrivacyMatters: Mastodon post on the UK demanding Apple to create a backdoor to access all iCloud content.
- securityaffairs.com: UK Gov demands backdoor to access Apple iCloud backups worldwide
- techcrunch.com: The UK government's secret demands for backdoor access to encrypted iCloud accounts is a "global emergency", critics have warned
- The Tuta Blog: Tuta.com: Apple to backdoor encryption? Round 2
- www.cybersecurity-insiders.com: UK Home Office Seeks Access to Apple iCloud Accounts
- SecureWorld News: A secret order issued by the United Kingdom's government is sparking global alarm among privacy advocates and cybersecurity experts.
- Carly Page: The UK government's secret demands for backdoor access to encrypted iCloud accounts is a "global emergency", critics have warned
- www.cybersecurity-insiders.com: CyberSecurity Insiders article about details on Home Office Apple iCloud access
- securityboulevard.com: UK Is Ordering Apple to Break Its Own Encryption
- securityboulevard.com: The United Kingdom has made a bold demand to Apple, purporting to require the company to create a backdoor to access encrypted cloud backups of all users worldwide.
- blog.cryptographyengineering.com: U.K. asks to backdoor iCloud Backup encryption
- www.helpnetsecurity.com: The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
- www.scworld.com: Reported UK-ordered iCloud encryption backdoor slammed
- Freedom of the Press: social.freedom.press topic about officials issued a secret order to Apple to create a backdoor for “blanket� access to encrypted data on its iCloud service for users worldwide.
- freedom.press: 📩 U.K. officials issued a secret order to Apple to create a backdoor for “blanket� access to encrypted data on its iCloud service for users worldwide. Read about how to protect yourself in our digital security newsletter (and subscribe):
- Help Net Security: The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
Classification:
- HashTags: #AppleEncryption #UKGovernment #PrivacyConcerns
- Company: Apple
- Target: Apple iCloud
- Product: iCloud
- Feature: Advanced Data Protection
- Type: HighRisk
- Severity: Major
@www.forbes.com
//
A new report by Citizen Lab and the EFF Threat Lab has uncovered critical security vulnerabilities within the popular Chinese social media application, RedNote. The analysis, conducted on version 8.59.5 of the app, revealed that RedNote transmits user content, including viewed images and videos, over unencrypted HTTP connections. This exposes sensitive user data to potential network eavesdroppers, who can readily access the content being browsed.
Additionally, the report highlights that the Android version of RedNote contains a vulnerability that could allow attackers to access the contents of files on a user's device. The app also transmits device metadata without adequate encryption, sometimes even when using TLS, potentially enabling attackers to learn about a user's device screen size and mobile network carrier. Despite responsible disclosures to RedNote and its vendors NEXTDATA and MobTech in late 2024 and early 2025, no response has been received regarding these critical security flaws.
References :
- citizenlab.ca: The report highlights three serious security issues in the RedNote app.
- Deeplinks: The EFF Threat Lab confirmed the Citizen Lab findings about Red Note.
- www.forbes.com: Is RedNote Safe? Here's What Millions of TikTok Users Need to Know
- Deeplinks: Crimson Memo: Analyzing the Privacy Impact of Xiaohongshu AKA Red Note
Classification:
|
|
FlagThis - #privacyconcerns
