Law enforcement agencies are looking for dents to invade user privacy through the loopholes in Android and iOS ecosystems

If you believe that your data and information is perfectly safe and is well-protected by your phones, or if you think that when your phone offers you ‘end-to-end’ encryption and it really keeps your data protected, then you are wrong!

Recently, three researchers from Johns Hopkins University carried out research about the individual protection that our phones provide. However, to their sheer disappointment, they found out that there are serious loopholes in the infrastructure of the type of protection both Android and iOS provide. And any knowledgeable person or law enforcement agencies can access our data if they have the right tools to know and exploit these vulnerabilities.

Although Apple’s protection and security system are better than Android’s, it is certainly not the best. For instance, the researchers found that a lot of sensitive information is stored within the built-in apps on Apple which is protected through a weak ‘after first unlock’ (AFU)system. Now, normally, Apple’s Complete Protection system lets the memory of decryption keys to be evicted a little while after the phone is locked, but in the case of sensitive information stored in built-in apps, this memory of the decryption keys does not get evicted immediately and can be accessed by law enforcement agencies or any other skilled person who can then exploit this user’s information if the phone is switched on and in locked mode.

Another vulnerability comes through the iCloud backup service. The researchers found out some counter-intuitive features in Apple’s iCloud service that increase the risk of getting the user’s private information exposed to anyone who is looking for a backdoor. It can be through some law enforcers or a criminal with all this knowledge.

Android on the other hand is far worse! It has a fragmented architecture and inconsistent Android updates and problems with its software. It does not even have the AFU protection because, after the first unlock, the decryption keys of Android remain in the memory forever and are never evicted.

Aside from these factors, integration of our operating system with Google’s various services and products like Gmail, Drive, etc. also increases the users’ vulnerability as these apps offer rich data that can be accessed by anyone with the right tools and the right knowledge.

The recent events threatening the US national security are quite unsettling and law enforcement agencies are already trying to find these loopholes through which they can access the private information and data of the users. Now, this research further reinforces the fact that our phones are not at all protecting us actually!


Read next: 6 in 10 of Businesses Do Not See It Necessary to Inform Customers That They Are Being Tracked, Survey

No comments:

Post a Comment