They are all at it

https://www.theregister.com/2025/04/03/eu_backdoor_encryption/

Our latest Cyber & Cognitive Conflict Compass (4C) is out: Austria busts Russian #disinfo, Serbia hit with #Pegasus spyware, Lazarus fakes job offers, FamousSparrow sharpens malware, UK rolls out #AI facial recognition and the German coalition talks discuss encryption #backdoors and expansive surveillance. #Cyber never sleeps.

https://internationalcybersecurity.substack.com/p/disinformation-data-breaches-and

"We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to worry that the NSA might again start monitoring domestic communications.

Because of the Signal chat leak, it’s less likely that they’ll use vulnerabilities in Signal to do that. Equally, bad actors such as drug cartels may also feel safer using Signal. Their security against the US government lies in the fact that the US government shares their vulnerabilities. No one wants their secrets exposed.

I have long advocated for a "defense dominant" cybersecurity strategy. As long as smartphones are in the pocket of every government official, police officer, judge, CEO, and nuclear power plant operator—and now that they are being used for what the White House now calls calls "sensitive," if not outright classified conversations among cabinet members—we need them to be as secure as possible. And that means no government-mandated backdoors.

We may find out more about how officials—including the vice president of the United States—came to be using Signal on what seem to be consumer-grade smartphones, in a apparent breach of the laws on government records. It’s unlikely that they really thought through the consequences of their actions.

Nonetheless, those consequences are real. Other governments, possibly including US allies, will now have much more incentive to break Signal’s security than they did in the past, and more incentive to hack US government smartphones than they did before March 24.

For just the same reason, the US government has urgent incentives to protect them."

https://www.schneier.com/blog/archives/2025/03/the-signal-chat-leak-and-the-nsa.html

Are Encryption Backdoors Putting Your Organization at Risk?

In this clip, @sherridavidoff and @MDurrin explain why encryption backdoors are a nightmare for organizations, creating security gaps that cybercriminals can exploit.
Watch this full episode of Cyberside Chats to hear Sherri and Matt break down Apple’s battle against the UK’s demands for backdoor access, the worldwide backlash, and what it all means for cybersecurity professionals.

We'll cover:
Why backdoors are a double-edged sword for security
Historical backdoor failures that left organizations exposed
Pro tips to strengthen your security posture against evolving encryption policies

Watch the full video: https://youtu.be/5HhNKMIJkCQ
Listen to the podcast: https://www.chatcyberside.com/e/the-encryption-battle-security-savior-or-cyber-risk/

"In a moment of clarity after initially moving forward a deeply flawed piece of legislation, the French National Assembly has done the right thing: it rejected a dangerous proposal that would have gutted end-to-end encryption in the name of fighting drug trafficking. Despite heavy pressure from the Interior Ministry, lawmakers voted Thursday night (article in French) to strike down a provision that would have forced messaging platforms like Signal and WhatsApp to allow hidden access to private conversations.

The vote is a victory for digital rights, for privacy and security, and for common sense.

The proposed law was a surveillance wishlist disguised as anti-drug legislation."

https://www.eff.org/deeplinks/2025/03/win-encryption-france-rejects-backdoor-mandate

"The fundamental issue is simple: encryption is mathematics and mathematics doesn’t discriminate between a government investigator and a criminal hacker — a back door is a back door and if it’s there, anyone can enter.

There’s also a contradiction at play. If politicians dream of making the UK a technology hub they should not be working to undermine the foundations of cyber security, on which a workable tech industry relies.

The government should withdraw its misguided mandate. Instead of surreptitiously cutting the brake cables on the technological car, it should be working to strengthen security and privacy of the technology that forms the nervous system of our world. Business leaders must also take a role, making it clear that these dangerous moves are unacceptable, and pushing the companies they license technology from to deploy encryption, and other protections, without which their interests and those of their customers will be vulnerable.

We have ceded so many of the core operations of our lives and institutions to tech, we must recognise that strong encryption isn’t the enemy of security — it is security. The argument that weakening encryption will make any of us safer is as wrong as it is dangerous."

https://www.ft.com/content/a934150f-e0f5-4e75-a2d1-a3671ea52ca0

India wants #backdoors into clouds, email, SaaS, for tax inspectors

"India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications."
https://www.theregister.com/2025/03/09/asia_tech_news_roundup/

Over 1,000 WordPress Sites Infected with JavaScript Backdoors enabling persistent Attacker Access.

"Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a analysis last week.

https://cside.dev/blog/thousands-of-websites-hit-by-four-backdoors-in-3rd-party-javascript-attack

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors:
Creating four backdoors facilitates the attackers having multiple poin... https://www.schneier.com/blog/archives/2025/03/thousands-of-wordpress-websites-infected-with-malware.html

Swedish government wants to get access to your encrypted messaging communication.
Exactly how are they thinking of doing that?
I am no tech specialist, even I have been online since early 1990s. I may very well miss something or be ignorant of some aspects, but..

OK, let's say Swedish government wants backdoors to messaging apps.
Signal refuses and leaves Sweden.
So, is the Swedish government going to demand that of everyone messaging app?
Signal, WhatsApp, etc, they are centralised, so could perhaps work.

But what about smaller, "unknown", decentralised messaging services? Like SimpleX? How are you going to get them to comply?

Or XMPP/Jabber with OMEMO encryption? That is a not an app, not even a messaging service, but a protocol, similar to email.
Do you think every developer of an XMPP app is going to comply? That is, if you are even capable of finding them? And that goes for the XMPP servers, as well. "Anyone" can set up an encrypted XMPP server.

1/2

Loi contre le narcotrafic: la droite tente d’imposer des «portes dérobées» dans les messageries chiffrées

Les sénateurs ont adopté un amendement, soutenu par #BrunoRetailleau et Gérald Darmanin, qui imposerait des «#backdoors» dans les systèmes de #chiffrement des messageries sécurisées. Les députés pourraient revenir sur cette mesure décriée par les experts en cybersécurité.

Par @JeromeHourdeaux › https://www.mediapart.fr/journal/france/050325/loi-contre-le-narcotrafic-la-droite-tente-d-imposer-des-portes-derobees-dans-les-messageries-chiffrees?at_medium=rs-cm&at_campaign=mastodon&at_account=mediapart

Latest issue of my curated #cybersecurity and #infosec list of resources for week #09/2025 is out!

It includes the following and much more:

➝ Chinese #AI-powered Surveillance Tool
➝ North Korean Hackers Linked to $1.5 Billion ByBit #Crypto Heist;
➝ Orange Group Confirms #Breach
➝ #Backdoors for Law Enforcement in EU;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-09-2025

Three questions about Apple, encryption, and the U.K. - Two weeks ago, the Washington Post reported that the U.K. government had issued a... https://blog.cryptographyengineering.com/2025/02/23/three-questions-about-apple-encryption-and-the-u-k/ #cybersecurity #encryption #backdoors #security #apple

I'm too exhausted to be enraged any more over people legislating about things they don't understand.

#Backdoors #Criminals

https://tuta.com/blog/france-surveillance-nacrotrafic-law

Encryption backdoors are like leaving the door open for a totalitarian society... I don't see why people are unable to understand this...

"If they're going to cave into Zuck's demand to facilitate spying on Instagram users, do we really think they'll resist Kier Starmer's demands to remove Signal – and any other app that stands up to the Snooper's Charter – from the App Store?

It goes without saying that the "bad guys" the UK government claims it wants to target will be able to communicate in secret no matter what Apple does here. They can just use an Android phone and sideload a secure messaging app, or register an iPhone in Ireland or any other country and bring it to the UK. The only people who will be harmed by the combination of the British government's reckless disregard for security, and Apple's designs that trade the security of its users for the security of its shareholders are millions of law-abiding Britons, whose most sensitive data will be up for grabs by anyone who hacks their accounts."

https://pluralistic.net/2025/02/25/sneak-and-peek/

Essential reading! #Apple #TCN #surveillance #iCloud #ADP #backdoors #HomeOffice #YvetteCooper #IPA #IPCO #GCHQ

RE: https://bsky.app/profile/did:plc:vlzi7vqz2whmv6ys6osecli4/post/3lj3t2x47cc2p

An iCloud Backdoor Would Make Our Phones Less Safe

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users i... https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html

It is misleading to suggest that evil parties can be controlled by imposing backdoors on common systems such as Telegram, Signal, or WhatsApp.

They are motivated enough to use other systems proficiently and work around them.

You, so-called democratic governments, are cultivating an illusion and allowing other evil entities to abuse that power. It happened in the past and will happen again in the future.
Stop it, idiots.

#control #government #abuse #backdoors #paragon
https://swedenherald.com/article/signals-ceo-then-were-leaving-sweden

European Court of Human Rights Confirms: Weakening Encryption Violates Fundamental Rights

In a milestone judgment—Podchasov v. Russia—the #European Court of #HumanRights ( #ECtHR) has ruled that weakening of #encryption can lead to general and indiscriminate #surveillance of the #communications of all users and violates the #HumanRight to #privacy.

https://www.eff.org/deeplinks/2024/03/european-court-human-rights-confirms-undermining-encryption-violates-fundamental