The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: encryption

WPA3 Standard Officially Launches With New Wi-Fi Security Features

WPA3 Standard Officially Launches With New Wi-Fi Security Features

June 26, 2018Swati Khandelwal
The Wi-Fi Alliance today officially launched WPA3 —the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks . WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data. However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic. Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2's technical shortcomings from the ground. What is WPA3? What New Security Features WPA3 Offers? WP
Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

May 25, 2018Swati Khandelwal
Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things (IoT) devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices. The issue resides in the implementation of Z-Wave protocol —a wireless, radio frequency (RF) based communications technology that is primarily being used by home automation devices to communicate with each other. Z-Wave protocol has been designed to offer an easy process to set up pairing and remotely control appliances—such as lighting control, security systems, thermostats, windows, locks, swimming pools and garage door openers—over a distance of up to 100 meters (330 feet). The latest security standard for Z-Wave, called S2 security framework, uses an advanced key exchange mechanism, i.e., Elliptic-Curve Diffie-Hellman (ECDH) anonymous key agreement protocol, to share unique network keys between the con
Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

March 29, 2018Swati Khandelwal
A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text. Introduced two years ago, APFS ( Apple File System ) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance. Discovered by forensic analyst Sarah Edwards, the bug leaves encryption password for a newly created APFS volume (e.g., encrypting USB drive using Disk Utility) in the unified logs in plaintext, as well as while encrypting previously created but unencrypted volumes. "Why is this a big deal? Well, passwords stored in plaintext can be discovered by anyone with unauthorized access to your machine, and malware can collect log files as well and send them off to someone with malicious intent," Edwards said. The password for an encrypted APFS volume can easily be retrieved by running following sim
Skype Finally Adds End-to-End Encryption for Private Conversations

Skype Finally Adds End-to-End Encryption for Private Conversations

January 12, 2018Mohit Kumar
Good news for Skype users who are concerned about their privacy. Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger. End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages. Signal Protocol is an open source cryptographic protocol that has become an industry-wide standard—which is used in  Facebook Messenger , Whatsapp , and Google Allo for secure messaging. Dubbed Private Conversations , the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. "Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family," the company announced .  "Private Conversations can only be betwe
WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

January 10, 2018Swati Khandelwal
A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps. Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services. The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service. In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean. However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system. Researchers from Ruhr-Universität
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.