hngopher.com

       [HN Gopher] The Mitto AG surveillanve case - or why we must neve...
       ___________________________________________________________________
        
       The Mitto AG surveillanve case - or why we must never backdoor
       encryption
        
       Author : starsep
       Score  : 104 points
       Date   : 2022-05-11 08:00 UTC (15 hours ago)
        
 (HTM) web link (tutanota.com)
 (TXT) w3m dump (tutanota.com)
        
       | keraf wrote:
       | The Russian shell company as a proof of involvement of Russian
       | intelligence services puzzles me quite a bit. I thought this
       | could be done remotely without the need of a local branch. It
       | sounds more like it has been established there to sell these
       | backdoored encryption products on their market. Or am I missing
       | something?
        
       | DerekBickerton wrote:
       | Phones in general are terrible for opsec. Even if you've flashed
       | a Pixel with GrapheneOS[0] you can't reliably determine if you
       | have malware on your device. They're totally opaque. So are
       | computers in general: They're largely black boxes which we have
       | no insight to and can't readily inspect what they're doing at any
       | given moment. Also: Welcome to the Internet!
       | 
       | [0] https://grapheneos.org/
        
         | daniel-cussen wrote:
         | Thanks, I love it already!
         | 
         | You know one time my computer was compromised I actually tried
         | to clear the malware without reinstalling the OS. Like breaking
         | out of a prison without outside help, just like sending
         | commands trying to kill the virus beyond its capacity to hide
         | itself, move around inside the computer, defend itself against
         | my commands, extend and capture, all that.
         | 
         | Maybe it's possible.
         | 
         | The other thing is at a some point code transitions into
         | medicine. A friend was describing codebases of like 15000
         | lines, that they had tumors. And they won't go away just like
         | that, you have to try to contain them from spreading, help them
         | become benign, it's more like medicine at that point. Like you
         | can't sequence every cell, you can't debug completely, you
         | can't clear all malware. Just like in the body there's germs
         | going around, there's lots of cells whose DNA gets modified
         | over time due to radiation, all kinds of shit going on and you
         | can't just debug them one by one.
        
       | ajsnigrutin wrote:
        
       | driverdan wrote:
       | This isn't "breaking news" as this site claims. The source was
       | published in 2021:
       | https://www.bloomberg.com/news/articles/2021-12-06/this-swis...
        
       | hulitu wrote:
       | > The Mitto AG surveillanve case - or why we must never backdoor
       | encryption
       | 
       | But encryption is already backdored. See the article.
        
         | danw1979 wrote:
         | The vulnerabilities allegedly exploited in the article (in SS7)
         | have nothing to do with encryption being backdoored.
         | 
         | It's a bit of a weird conclusion to make...
         | 
         | Maybe they are saying that if the PSTN ran with strong
         | encryption and authentication _and_ that encryption wasn't
         | backdoored, this thing that is alleged to have happened
         | wouldn't have happened ?
        
           | db48x wrote:
           | SS7 may or may not have been intentionally backdoored at the
           | time, but its development also predates the invention of the
           | RSA algorithm upon which all modern security is founded. A
           | key-exchange system like RSA or its successors is really
           | required to do end-to-end encryption, and some sort of CA
           | system is necessary if you are going have any hope of
           | verifying that you are talking to the correct phone on the
           | other end.
        
           | xvector wrote:
           | I believe that is exactly their point.
        
       | raincom wrote:
       | Don't trust any company that sells "Swiss neutrality" in the name
       | of security. Mitto AG is the 21st century Crypto AG, who sold
       | secure phones to almost all countries, so that the five eyes can
       | spy on diplomatic communications.
        
       | tinus_hn wrote:
       | The problem of course is that accepting such a backdoor presumes
       | there is some benevolent institution that can be trusted to
       | fairly regulate use of the backdoor.
        
         | Kalium wrote:
         | More than that, it also presumes that no other institution will
         | ever find said backdoor and put it to use for their own
         | purposes.
        
       | IAmEveryone wrote:
       | The headline is editorializing beyond what's supported by the
       | article. That technology, SS7, wasn't intended as a backdoor. It
       | was about network management. As such, it may have been possible
       | to gain access to it far easier than it would be to some
       | intentional backdoor.
        
       | mrjin wrote:
       | So it's really from the two options:
       | 
       | 1. Rock solid encryption without any backdoor, protecting
       | everyone at the cost of being unable to decrypt some vital info.
       | 
       | 2. Encryption with backdoor, decrypting any message at at the
       | cost of potentially exposing everyone.
        
       | rossdavidh wrote:
       | Looks like a misspelling of "surveillance".
        
       | chrisweekly wrote:
       | Mods: title typo: surveillanVe
        
       ___________________________________________________________________
       (page generated 2022-05-11 23:02 UTC)