2020, the year that has seemed to both last forever and at the same time flash past in the blink of an eye, has finally come to an end. It’s certainly been a roller coaster of a year, and the world of encryption had its ups and downs as well.
Venafi is rounding up the top encryption stories of the year. Whether it’s the good, the bad, or the ugly, here are the biggest encryption stories that went down in 2020. Read on to see if there are any that you might have overlooked in the midst of pandemic distraction!
Billions of devices open to Wi-Fi eavesdropping attacks
In February, before the age of masks and social distancing really took effect, a major vulnerability in Wi-Fi chips was revealed by ThreatPost. This chip, present in billions of devices worldwide, allows malicious actors to eavesdrop on Wi-Fi communications.
Researchers at ESET found that the bug (CVE-2019-15126) came from the use of an all-zero encryption key in chips made by Broadcom and Cypress, and the resulting data decryption breaks Enterprise security protocols. These vulnerable chips were found in smartphones, tablets and laptops, along with several generations of products from Apple, Amazon, and Samsung.
The estimate of a billion devices being impacted was even thought to be a conservative one! ESET did immediately disclose the bug and gave manufacturers time to create firmware upgrades and OS updates to protect users’ devices.
Worldwide espionage operation with a Swiss company uncovered
US and German Secret Services were found to be involved in a worldwide wiretapping operation by Cryptoleaks, ZDF and the Washington Post. A secret-service dossier revealed spying was used with manipulated encryption devices.
New documents from the CIA and the German Federal Intelligence Services prove that they spent decades using manipulated encryption devices to bug over 100 countries. Messages between government agencies, authorities, embassies and military agencies were routinely intercepted. “Operation Rubicon”, as it was called, was considered “one of the most successful intelligence operations of the post-war period”.
Zoom delivers end-to-end encryption to all users
Back in June, Zoom finally implemented an end-to-end encryption strategy for all users, not just those with paid subscriptions. Previously, Zoom only offered this security to paid users, while unpaid users were left to remain on the unencrypted version. While Zoom tried to justify the move by saying it would allow law enforcement to track criminals online more freely, the furious backlash proved that users were not buying it.
Check out our previous Encryption Digest article to learn more about this story.
UK Government may block Facebook’s plans for end-to-end encryption
Facebook definitely understands the importance of providing all users with the protection of end-to-end encryption, but they have come up against surprising opposition from the UK government via legislation known as a Technical Capability Notice (TCN). Not only does this notice stipulate a weakened form of encryption, but also provides for law enforcement agencies to monitor communications.
While Facebook itself hasn’t directly addressed these requests, the director of the Open Rights Group has publicly slammed the UK government for its lack of respect for personal privacy.
"There are legitimate concerns about investigating crime,” said Jim Killock”. “But the government should not facilitate crime by making personal security harder."
- What Happens When You Neglect Encryption and Cybersecurity? [Encryption Digest 53]
- The Changing World Of Encryption: TLS Deployments In 2020
- Encryption Is Critical, but Will Fail Without Key Management
- Fighting for Privacy as a Fundamental Human Right [War on Encryption]