Your Tech Story

encryption

Gmail

How to send a secure email in Gmail?

Email is an essential communication tool in today’s digital world. Sending a secure email is, therefore, crucial to protecting our privacy and security. Gmail is one of the most popular email services globally, and hence it’s important to know how to send a secure email in Gmail.

One can enable Two-factor Authentication (2FA) in Gmail. Two-factor authentication (2FA) is a security feature that requires users to provide two forms of identification before accessing an account. This extra layer of security makes it difficult for cybercriminals to gain access to your Gmail account even if they have your password.

Gmail
Image Source: pcmag.com

To enable 2FA in Gmail, go to your Google Account settings, click on “Security,” and then enable “Two-Step Verification.” You can choose to receive a verification code via SMS, a phone call, or an authenticator app.

Also Read: Is Microsoft going to unbundle Teams and Office?

A strong password is crucial in keeping your Gmail account secure. Avoid using easily guessable passwords such as “password,” “123456,” or your name. Instead, use a combination of letters, numbers, and special characters.

Additionally, do not reuse passwords across multiple accounts. You can use a password manager to generate and store strong passwords for your Gmail account. Use Encryption to Protect Email Content

Encryption is a method of encoding data to make it unreadable to unauthorized users. Gmail uses Transport Layer Security (TLS) to encrypt email content in transit. However, if you want to add an extra layer of security, you can use end-to-end encryption.

End-to-end encryption encrypts email content from the sender’s device to the recipient’s device, making it difficult for anyone to intercept or read the email content. You can use third-party tools such as ProtonMail, Tutanota, or Virtru to send encrypted emails in Gmail.

Gmail’s Confidential mode is a feature that allows you to add an extra layer of security to your email. When you enable Confidential mode, you can set an expiration date for the email, and you can also choose to require a passcode to open the email. Additionally, Confidential mode emails are protected from forwarding, copying, printing, or downloading.

To use Confidential mode in Gmail, compose your email as usual, but before you hit send, click on the lock icon located at the bottom of the compose window. This will enable Confidential mode, and you can set the desired settings before sending the email.

Avoid Clicking on Suspicious Links and Attachments. Phishing emails are a common tactic used by cybercriminals to steal sensitive information. Always verify the authenticity of the email before clicking on any links or attachments. Additionally, you can use anti-malware software to scan any attachments before opening them.

Regularly updating your Gmail account and devices is crucial in keeping them secure. Software updates often include security patches that fix vulnerabilities that cybercriminals can exploit. Make sure you update your Gmail account settings, software, and devices regularly to stay protected.

Also Read: What is Auto-GPT and why does it matter?

In conclusion, sending a secure email in Gmail is crucial in protecting your privacy and security. By enabling two-factor authentication, using strong passwords, encrypting email content, using Gmail’s Confidential mode, avoiding clicking on suspicious links and attachments, and regularly updating your Gmail account and devices, you can keep your Gmail account and email content secure.

iCloud

Apple to Start Encrypting iCloud Backups

On Wednesday, Apple introduced its plans to enable users to encrypt additional types of iCloud info on its servers, such as full backups, photos, and notes.

The Advanced Data Protection feature will inhibit Apple from viewing the material of a portion of the most confidential or sensitive data stored on its web server and will prevent Apple from providing the information of an encoded backup to law enforcement.

iCloud
Image Source: wired.com

According to Apple, encoded backups would be opt-in and available in the United States even before the end of this year.

Although Apple initially encrypted much of the data it contains on servers, the whole device backups containing text messages, contacts, as well as other necessary details were not end-to-end encoded, and Apple originally had access to the information of the backups.

The move will impress security advocates, who have originally defined unencrypted iCloud backups as a weak link in Apple’s privacy policy. It also implies that if Apple’s servers were ever hacked, user data would not be revealed.

Read More: Apple lets developers charge up to $10,000 per app

It could offend law enforcement, which has relied on Apple’s policy of not encrypting backups to get contents in investigations even though Apple’s iMessage and devices are encrypted.

The FBI criticized Apple’s new feature in a statement on Wednesday, saying that it would “hinder” the bureau’s ability to “protect the American people from criminal acts,” according to the Wall Street Journal.

Source: cnbc.com

Apple notably battled the FBI’s endeavor to persuade it to unlock an encrypted iPhone utilized by a terrorist in San Bernardino, California, through the courts. Apple stated at the time that an iCloud backup on its servers was an alternative for obtaining the same data.

Encryption is generally opposed by law enforcement officials around the world since it enables suspects to go dark and refuses to acknowledge law enforcement access to potential evidence that they might have earlier access to under lower levels of security.

In an interview in 2018, Apple CEO Tim Cook stated that one major consideration in Apple’s decision-making regarding end-to-end encrypted iCloud backups is the fact that customer expects Apple to be able to assist them to recover their data. If users forget their passwords and have Advanced Data Protection enabled, Apple will be unable to reinstate the account since it lacks the required encryption key.

On Wednesday, Apple further introduced two additional security features. Users will have the option to use a physical key as second-factor authentication for Apple ID logins soon. Another update enables users who are vulnerable to major security risks to verify that their text messages are not being intercepted.

Last year, Apple introduced a system to inspect for inappropriate content including child sexual abuse content that used a complex system that would still enable

Apple encrypts user photos on its servers during an evident attempt to appease law enforcement. Privacy advocates argued that the system would mainly enable Apple to scan people’s hard drives. According to The Wall Street Journal, the system’s development has been halted.

dave logo

Popular Banking Application Dave Suffer Major Security Breach Putting Millions at Risk

As the future looks digital, an integral part of IT infrastructure has been developing security measures. With most companies taking their business online, the protection of customer privacy is vital to enterprises. Over the past decade or so, we have seen a steep rise in cyber-attacks and security breaches. Many popular and large companies have fallen prey to such attacks, leading to a loss in credibility and customer loyalty. Recently, banking application Dave.com added itself to the list of enterprises hit by such cybersecurity attacks. Here’s a look at how bad the data breach is, and what it means for the company.

Dave’s Data Breach

Digital finance and banking app Dave.com, which is also a prominent tech unicorn confirmed they had fallen prey to a major security breach. Today, a hacker published on a forum, details regarding over 7,516,625 of Dave’s users. As per a report provided to ZDNet, the company claimed that the breach occurred through one of their former business partners. The origin of the breach, therefore, was through an engineering analytics platform Waydev. The company served as one of Dave’s third-party service providers earlier, and it was through their breach that a hacker gained access to Dave’s records. 

The fintech company allows users to receive cash advances for bills by linking their bank accounts and, therefore, avoid overdraft fees. Subscribers also have the option of taking extra money on loan, up to $100, following which they can borrow more after repaying the original investment.

Control Measures

The company verified that they have plugged the hacker’s entry point and that they have started to notify users regarding the breach. Furthermore, the company is in the process of resetting app passwords to prevent further pilferage. A spokesperson for the company made it clear that Dave had started taking appropriate control measures as soon as they became aware of the breach. 

The incident prompted an investigation, which is still underway to find the exact cause of the breach. Furthermore, the company is collaborating on the ongoing investigation with the FBI. These bodies will analyze claims stating that a hacker cracked Dave’s passwords in an attempt to sell their customer data. To add more resources and assist the investigation, the company has brought in CrowdStrike, which is a leading cyber-security firm.

Public Data Now

ZDNet learned about the breach on Saturday morning when a reader tipped them regarding the fact a hacker was offering people user data via RAID. The information was viable on a platform that has recently gained a reputation for being the best place to leak secure data and other databases. The hacker who goes by the name ShinyHunters is one who has a reputation, having done this before countless times. The name is associated with several high profile hacks, including that of companies like Wishbone, Tokopedia, and Mathway among others.

As of now, data from the app is available via a free download for members who unlock access to it using forum credits. The data on view includes real names, emails, birth dates, addresses, and contact numbers of millions of customers. For a few unfortunate users, the details also include information related to their credit/debit cards and even their Social Security Numbers. However, Dave confirmed that such data was under encryption and hence would not be accessible to the public. 

The company also stated that while the hacker claims to have passwords included, they are hashed out using a function called bcrypt. However, Dave also confirmed that as of now, they have no evidence to verify that hackers executed anything while they had access to user data.

Dave, which offers cash advance services and overdraft protection will now have to take steps to reaffirm the users of their security. Since the breach resulted in over 7.5 million records being sold via auction and then released for free, the company will have to overhaul their security protocol.

encryption

Only the paid users of Zoom can now enjoy end-to-end encryption

The beginning of the lockdown period marked the rise of the videoconferencing app, Zoom. During the initial days of quarantine, Zoom seemed to make a fortune out of it. Every single meeting starting from attending online classes to professionals attending business conferences took place on this platform. But, after a month or so, the security system of Zoom was compromised. It became vulnerable to uninvited guests joining random meetings and causing disputes. To make Zoom’s videoconferencing platform secure enough, the company paused launching any new features thus devoting all time for its security. A few weeks back, Zoom announced about end-to-end encryption for its users. But, the company declared yesterday that the advantage is only for the paid users.

End-to-end encryption scheme of Zoom

After a bunch of meeting with investors, civil liberties groups, and child-sex abuse fighters, CEO of Zoom, Eric Yuan confirmed that the company will only provide end-to-end encryption for the paid customers. He says that it is important for the community to enforce the law for free calls. The users who just signed in with an email id didn’t go through a proper identity verification thus making Zoom vulnerable in the first place. So, the company finally announced and confirmed today about its new policy.

Eric also said that it is better to work along with the FBI as many users sign in with an abusive motive. After the pandemic spread across the world, Zoom became the most important video conferencing app. But, the business backfired as encryption became the main topic of concern. Jon Callas, a technologist said that Zoom’s compromise to get rid of the troublemakers is reasonable. Every one of us witnessed how the breach in the security system caused chaos among Zoom users.

Encryption plan and end-to-end model

The main reason behind lifting off end-to-end encryption for all users is that the criminals can easily get away with their illegal activities. But, there still exist controversial perspectives as some think it will affect the non-paid customers. Every cybercriminal is usually a non-paid user but not the other way around. But, the filtration process is tough when Zoom allowed millions of users to host and attend meetings only by singing with email id.

Zoom also hired Stamos, a former Chief Security Officer at Facebook. He says that apart from providing end-to-end encryption to paid users the platform is also upgrading its existing safety. The current end-to-end encryption is for paid customers and enterprise accounts as their profiles are highly scrutinized and verified.

The end-to-end model will reduce illegal activities to a large extent and make the platform more sophisticated and secure. But, the free participants will fall at a sharp rate which is not flattering from the business viewpoint. The end-to-end encryption is mainly provided in case of charged business or for the nonprofits. An outside spokesperson of the company has said that the encryption model is still in progress and it still hasn’t decided the final customer base.

Preventing child pornography and child sex abuse

Many videoconferencing platforms have faced shortcomings in its way. But, Zoom’s reputation got crushed when the degree of child-sex abuse increased via its platform. Many complaints have been launched that the sexual predators live steam abuse threatening child safety. So, strong encryption for every user will make it difficult for the police to find the culprits and easier for abusers to carry on their filthy work. It also threatens the security and privacy of users who exchange sensitive content. This might lead to harassment and future blackmailing.

Eric also focused on the fact that no user can simply dial into an encrypted meeting. So, there are high chances that many business clients will stop using the app as well. But, no matter what, Zoom will make law enforcement its top priority.

Conclusion 

Amidst the stricter law enforcement, Zoom also announced that they don’t share information with law enforcement unless and until it is necessary, like child abuse. It still not possible for any random users to get into a meeting and get unnoticed. The end-to-end model is important to ensure child safety and protect future victims.

Encryption

Google’s end-to-end encryption for messages may finally be rolling out anytime soon

Google has been working on its messaging system for a while now. The company’s target is to establish end-to-end encryption for RCS. Yesterday, Google decided to bring the latest news of its messaging system under the spotlight. And, there are high chances the company might be finally achieving end-to-end encryption for RCS.

Since, RCS has the true potential to wipe out the existence of SMS and MMS, providing end-to-end encryption will be cherry on the cake. Google, in 2018, has launched a chat platform with end-to-end encryption for RCS which reached the U.S customers next year. In 2019, many companies like AT&T, Verizon, and T-Mobile also assured its customers of new RCS standards. But, currently Google is up to some real change for RCS.

What is RCS end-to-end encryption?

RCS stands for Rich Communication Services and is the future of messaging. Though it can replace SMS and MMS, the adaptation rate for RCS is relatively slow. If en-to-end encryption is incorporated in the RCS it will give a strong competition to iMessage. For all these years iMessage has provided end-to-end encryption unlike RCS. End-to-end encryption means the message sent will be encrypted from the sender’s device and can only be decrypted from the receiver’s device. This ensures privacy and a secure system to reduce the chances of leaking information.

For this purpose, Google has built Google Messages 6.2 which will ensure end-to-end encryption for RCS. The app includes 12 new strings that refer to encryption. The question that still lies unanswered is if both the sender and the recipient need to use the Google Messages app. The exact requirements to use this feature are yet to be revealed.

Google mentioned that a good internet connection is mandatory for both the sender and the receiver. If a strong internet connection is not established, Google Messages will offer you an alternate option for sending the message. It can be in the form of either SMS or MMS which won’t be encrypted. Hence, the app will ask for your consent before sending the message without encrypted RCS.

Google’s first RCS chat platform dates back to 2018

In 2018, Google launched some new features for making the messaging experience better for Android phones. For the first time, Google introduced RCS and named it “Chat” for the consumers. It didn’t release a new app but tried to modify the existing Android messages. Google has always been a fan of RCS and tried convincing other big companies in the world to do so as well. But, Google has to admit it is Apple that came up with end-to-end encryption for iMessage in the first place.

Many people might have confusion if Chat is different from Google Chat. The answer is yes as Chat is carrier-based service. But, back in 2018, Chat wasn’t end-to-end encrypted. After one year, in 2019, Google announced that the RCS chat will become Android’s primary texting app. But, this service only rolled out for the people of the U.S. One of the biggest advantages of the chat was that the users didn’t need to download an extra app to enable chat features. The Android users use the default messaging app so only a good internet connection was a pre-requisite.

Challenges faced by RCS

Previously, the challenges faced by RCS were there weren’t enough carriers who wanted to switch to RCS. Moreover, they were not end-to-end encrypted making it easier for the government to demand information. Throughout all these years with Google trying its best to establish RCS, Apple hasn’t spoken a single word in this matter. But, now the scenario is different.

In 2019, the four biggest U.S carriers namely Verizon, AT&T, T-Mobile, and Sprint also announced that they will over RCS in 2020. But, RCS faced many problems in the past and still things might turn a little messy. The main reason to expect the probability of success for RCS to be low because these companies will release their app.

Conclusion

If the RCS for the app created by other companies intersects and generate conflict with that of Google’s RCS, everything will become a big mess. Fingers crossed that the Android users just don’t end up preferring iPhone over Android to avoid this chaos. If this happens Google’s attempt to establish secure end-to-end encryption for RCS will go in vain.