What is an encryption backdoor?

The backdoor talk on encrypted services is going round again Reports have appeared The UK government is trying to open up Apple iCloud end-to-end encryption (E2EE) device backup provided. Officials were said to be leaning against Apple to create a “backdoor” on a service that would allow state officials to access clear data.

The UK has the drastic power to limit the use of strong encryption by technology companies. 2016 update to state oversight authority. According to a report by Washington PostUK officials are putting demand on Apple using the Investigative Power Act (IPA). The Icloud AdvancedData Protection (ADP) service is seeking “blanket” access to data that is designed to protect against third-party access, including Apple itself.

Apple’s ADP services technology architecture is designed so that even the tech giants don’t hold encryption keys. End-to-end encryption (E2EE) – Allow Apple to promise to have “zero knowledge” about user data.

a Back door It is a term that is typically deployed to describe a secret vulnerability inserted into code to bypass security measures to enable third parties or otherwise undermine them. For iCloud, this order will allow UK intelligence agents or law enforcement to access your encrypted data.

The UK government routinely refuses to confirm or reject reports of notifications issued under the IPA, but security experts warn that it is such a secret order It could have a global impact If an iPhone manufacturer is forced to weaken its security protections, it will be available to all users that it offers to all users, including non-UK users.

The presence of software vulnerabilities presents a risk that could be exploited by other types of agents. It can also be to deploy hackers or other bad actors who want to access for the creepy purpose of stolen identity theft or trying to get and sell sensitive data, or ransomware.

This may explain why the main phrase used mainly on state-driven attempts to access E2EE is this visual abstraction of the backdoor. Seek for Vulnerability Something intentionally Adding it to your code makes trade-offs easier.

To use an example: With regard to physical doors, in a building, wall, etc., it is never guaranteed that only the property owner or key holder will use that entry point exclusively.

The presence of openings creates access possibilities. For example, someone could get a copy of the key, or even break the door and push his way.

Conclusion: There are no completely selective entrances and exits that exist to allow only certain people to pass. It logically continues that if someone else can enter, someone else might be able to use the door.

The same access risk principle applies to vulnerabilities added to software (or in fact hardware).

Concept of Nova (“No one is us”) Backdoors have been floated by security services in the past. This particular type of backdoor is based on an assessment of its technical capabilities to exploit certain vulnerabilities that are usually superior to everything else. Essentially, it’s an ostensibly more secure backdoor that only your own agents can access exclusively.

However, in its very nature, technology skills and abilities are a moving feat. Evaluating other unknown technical capabilities is not an accurate science either. The concept of “nobus” is already in a questionable assumption. Third-party access creates the risk of opening fresh vectors for attacks, such as social engineering techniques aimed at targeting people with “authorized” access.

Naturally, many security experts have dismissed Novas as a fundamentally flawed idea. Simply put, access creates risk. Therefore, promoting backdoors is to counter strong security.

However, regardless of these clear and current security concerns, The government continues to push backdoors. So that’s why we have to talk about them.

The term “backdoor” also means that such requests can be secret rather than public, just as backdoors are not public entry points. In the case of Apple’s iCloud, requests to compromise encryption made under the UK IPA cannot be legally disclosed by the recipient via a “technical competency notification” or TCN. The intent of the law is that such background is a design secret. (It is important to note that leaking TCN details to the press is one mechanism to avoid information blocking, but Apple has not yet published these reports.)

According to the rights group Electronic Frontier Foundationthe term “backdoor” is used to refer to a private account and/or password created to grant unknown access to the system using the backdoor (and the “trapdoor”). It dates back to the 1980s. However, for many years, the term has been used to label a wide range of attempts to break down, avoid, or compromise effective data security through encryption.

The backdoor is back in the news again, but it’s important to note that data access requests go back decades, thanks to the UK chasing Apple’s encrypted iCloud backups.

For example, returning to the 1990s, the US National Security Agency (NSA) is a way of processing burned voice and data messages with the aim of allowing encrypted communications to be intercepted. We have developed encrypted hardware. “Clipper Tip” used the Key Escrow system as is known. This means that encryption keys were created and stored by government agencies to facilitate access to encrypted data if desired by state officials.

The NSA’s attempt to pack tips at baked-in-backdoors failed to have a lack of adoption after a backlash of security and privacy. The Clipper chip is believed to help dismantle cryptographers’ efforts to develop and spread strong cryptographic software to protect data against government control.

Clipper chips are also a good example of where attempts to mandate system access have been made public. It is worth noting that backdoors do not necessarily have to be a secret. (In the case of the UK iCloud, the state agents clearly wanted Apple users to gain access without knowing it.)

Additionally, the government has been working to drum public support and pressure service providers to follow data, including claiming that access to E2E is necessary to combat child abuse and terrorism. frequently deploy requests to access. or prevent other heinous crimes.

However, backdoors have a way to come back to bite the creator. for example, China Support Hacker Behind the federal government-mandated compromise on eavesdropping systems Last fall – Thanks to federal laws that required backdoor access 30 years ago (in that case data other than E2EE data), clearly gained access to data from US telecom operators and ISP users, and was deliberately deliberately. The risk of burning blankets to the system is emphasized.

Governments should also worry about foreign backdoors creating risks for their citizens and national security.

There have been multiple instances that Chinese hardware and software suspected of having a background for many years. Concerns about potential backdoor risks have led several countries, Including the UKto take steps to remove or limit the use of Chinese high-tech products, such as components used in critical communication infrastructure in recent years. Fear of backdoors can also be a powerful motivation.

Flash News

Stop taking too long to reply to the text. You are blocking your friendship

Botswana Diamonds secures licenses for AI exploration

US Steel appoints three American board directors after Nippon deal

“Pod Save America” host calls on Democrats to cut Israeli military aid

Trump hopes Harvard will pay far more than $200 million Columbia has settled, sources say

Google says it will sign the EU AI practice code