STARSET_MirrorHow Law Enforcement Gets Around Your Smartphone’s Encryption
包括美国在内的世界各地的立法者和执法机构越来越多地呼吁在保护数据的加密方案中设置后门,认为这关系到国家安全。但最新研究表明,由于Android和iOS的安全机制存在缺陷,各国政府已经有了一些方法和工具,不管是好是坏,它们都可以访问被锁定的智能手机。
Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.
约翰霍普金斯大学的密码学家利用苹果和谷歌的公开文档以及他们自己的分析来评估Android和iOS加密的健壮性。他们还研究了超过10年的报告,这些报告涉及执法部门和犯罪分子以前绕过或目前可以使用特殊黑客工具的移动安全功能。研究人员深入研究了当前的移动隐私状况,并为这两大移动操作系统如何继续改进其保护提供了技术建议。
Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs, and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.
“这真的让我震惊,因为我参加这个项目的时候认为这些手机真的很好地保护了用户数据,”约翰霍普金斯密码学家马修格林说,他负责这项研究。“现在我从项目中走出来,认为几乎没有什么东西能得到足够的保护。那么,为什么我们需要一个给执法部门的后门?这些手机实际上提供的保护是如此糟糕”
“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”
原文来自Wired
翻译:STARSET_Mirror翻译组
审校:STARSET_Mirror翻译组
