Amazon's Kindle devices run a custom version of Android that, until today, supported full-disk encryption. Now they don't.
The latest update to Amazon's Fireos disabled full-disk encryption. If you run the update and then lose your device, whomever finds it will be able to see any private or sensitive information you've stored on it (if you don't run the update, you won't get patches and your device will be liable to being taken over by hackers).
The move comes as Apple and the FBI are fighting in court over whether the government can force companies to make tools to backdoor their own security measures, and as the US Congress is contemplating legislation that would ban effective encryption in US-manufactured devices.
Ironically, Amazon's Kindle/Fire platform does use encryption: Digital Rights Management. The company uses DRM to control how you use your ebooks (though publishers can opt out if they choose to), and refuses outright to carry audiobooks unless rightsholders allow them to encrypt them with Amazon's DRM.
For privacy and encryption advocates, this move goes against the recent trend to make encryption available by default, and puts Amazon customers’ data at risk, given that they won’t be able to protect the information in their tablets and phones with encryption.
“This is a terrible move as it compromises the safety of Kindle Fire owners by making their data vulnerable to all manner of bad actors, including crackers and repressive governments,” Ari Balkan, a coder, human rights activist, and owner of a Kindle Fire, told Motherboard. “It’s clear with this move that Amazon does not respect the safety of its customers.”
Amazon Quietly Removes Encryption Support from its Gadgets
The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They’ve assigned several writers to expand on themes in the Canadian national anthem, and my line was “We stand on guard for thee.”
In a paper for IEEE Security, researchers from Cyberpion and Israel’s College of Management Academic Studies describe a “Password Reset Man-in-the-Middle Attack” that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it’s protected by two-factor authentication.
U.S. Girl Scouts as young as 5 years old will soon be able to earn their first-ever cybersecurity badges. 18 of these merit patches will be launched by the Girl Scouts of the USA starting in September, 2018.
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]