Yazılar

U.S. Lawmakers Warn UK: Encryption Backdoor Order to Apple Threatens Global Cybersecurity

/in /tarafından

Senior U.S. lawmakers have expressed sharp criticism over the United Kingdom’s order requiring Apple to create a backdoor into its end-to-end encrypted services, warning that such a move could weaken global cybersecurity and violate privacy rights.

What Happened?

  • U.S. House Judiciary Chair Jim Jordan and Foreign Affairs Chair Brian Mast sent a joint letter to UK Home Secretary Yvette Cooper, urging a reconsideration of the order, known as a Technical Capability Notice (TCN).

  • The TCN compels Apple to make encrypted user data accessible to UK authorities, prompting Apple to withdraw its Advanced Data Protection feature in the UK earlier this year.

Creating a backdoor… introduces systemic vulnerabilities that can be exploited by cybercriminals and authoritarian regimes,” the lawmakers warned.

Key Concerns from U.S. Lawmakers:

  • Global Implications: Because Apple serves users worldwide, any security backdoor would have ramifications for U.S. citizens and others outside the UK.

  • International Law Violation? The lawmakers argue the UK’s TCN may breach the U.S.-UK CLOUD Act agreement, which prohibits orders requiring decryption.

  • Secrecy and Transparency Issues: UK law forbids Apple from disclosing the existence of the order—even to the U.S. Department of Justice, its own home government.

  • Human Rights Risk: The TCN “conflicts with international human rights standards,” they said, citing European Court of Human Rights precedent protecting encryption under the right to privacy.

Apple’s Position:

Apple has consistently refused to build backdoors into its devices, stating that doing so would compromise the security of all users, not just those under investigation. The company is challenging the TCN at the UK’s Investigatory Powers Tribunal.

UK Government Response:

The Home Office maintains that access to individual data would still require a separate judicial warrant, not blanket access. However, critics argue that weakening encryption—even with controls—creates irreparable security risks.

Why You Should Avoid Using One-Time Passwords Sent by Text

/in /tarafından

One-time passwords (OTPs) sent via text are a common method for accessing mobile apps and services, but cybersecurity experts caution against their use due to various security risks. Text-based OTPs are vulnerable to phishing, SIM swapping, and message interception, making them less secure compared to other methods.

Alternative authentication options include authenticator apps, which generate time-sensitive codes and reduce the risk of interception. However, these apps are not foolproof and can still be compromised by sophisticated phishing attacks. Mobile app push notifications offer better security by verifying identity through an app notification, but they are also susceptible to certain types of attacks.

For improved security, hardware security keys provide a more robust solution but involve additional costs and inconvenience. Multi-device passkeys offer an advanced alternative to traditional passwords and OTPs, leveraging public key cryptography to enhance security. Despite the availability of these methods, OTPs via SMS are expected to remain in use due to their cost-effectiveness and ease of use, even though they are less secure compared to newer technologies.