The Year of Encryption

POSTED BY Steffen Sorrell

“Milk and cookies kept you awake, eh Rubin? You’d better come up.”

The release of the latest in Google’s Nexus line of the devices, the 6 (phablet) and 9 (tablet) has signalled first general availability of Android 5.0, aka Lollipop. The preceding weeks have seen the iOS ecosystem of devices gradually be updated to its latest iteration, iOS 8.

Although these operating systems come with a number of bells and whistles; Material Design for Android, 3rd party keyboards for iOS; crucially, there has been a development under the hood that most consumers either don’t care about (ignorance is bliss) or didn’t have the nous to do anything about (#nogeek).

Both operating systems are now encrypted by default, and the keys aren’t held by the service provider. Not only does this mean that a black hat will find it more difficult to remotely access the device, but also would create, as FBI director James Comey so delicately put it, “a closet that could never be opened”.

The past 2 years have seen an ever increasing number of widely publicised digital security events: reports of mass-surveillance, several high-profile hacks and vulnerabilities that, ultimately, expose our flaws no matter how clever we (think) are: we can’t think of everything, and often make mistakes when we do.

The digital world today requires help in the form of encryption. No longer is it sufficient to install a virus checker: on mobile, these never really worked properly anyway. Therefore, the steps taken by Apple and Google are absolutely necessary in an age where increasingly sophisticated attacks are ever more common. Developers are too often oblivious to attacks or consider a security breach low-risk: in our report on Smart Homes, for example, we examine the state of the residential gateway, often woefully secured from attacks owing to poor long-term support.

Comey might have a problem with Apple and Google, but the reality is greater than the toys he just threw out of the pram. We should all be working to secure the Internet and devices connected to it rather than potentially exposing a huge subset of users. Indeed, in a post-Snowden world, the chances of a suspected criminal being stupid enough not to encrypt his or her own data is extremely low.