Mobile device encryption is currently the topic of many heated discussions in the tech world, and this has everything to do with Amazon’s decision to leave consumer data unprotected, by silently leaving out encryption on Fire OS 5. (Latest update at the end)
Amazon’s decision was brought to light on Thursday, at the RSA conference in San Francisco.
Fire OS 5 Encryption
The news that Amazon has decided to stop encryption of the data customers have on its mobile devices, including tablets and other devices, stunned everyone sitting in the room, which mostly comprised of Cybersecurity heavyweights attending the conference.
At a different time and under different circumstances, this news might not have elicited such a dramatic reaction. But right now, with Apple in the midst of an encryption battle and “encryption” being the focal point of the tech world, Amazon’s decision certainly comes as a shock.
Amazon’s Unencrypted Fire OS 5 vs. Apple’s Data Protection Battle
On the one hand, the world sees Apple fighting tooth and nail to protect user data, and on the other Amazon is seen doing exactly the opposite.
For the past many weeks, Apple has been battling it out with the FBI on whether the company should allow hacking into an encrypted phone to help the FBI. Obviously, FBI wants Apple to help them. But Apple says that helping the FBI means compromising data protection of billions of iPhones and iPads used globally.
On the Amazon front, users upgrading to Fire OS 5 from their Kindle Fire, Amazon Fire, Amazon Fire Stick or Amazon Fire HD, will have their local information stored in plain text and open for cyber attacks.
This was confirmed by users on Amazon forum. They reported that updating to Fire OS 5 removes support for full device encryption.
People using Kindle and other Fire devices for business purposes expressed concern, saying without encryption; they can no longer use Amazon devices.
Last night, a Twitter user, David Scovetta, expressed his disappointment in a tweet that said, “When Apple fights the good fight, Amazon removes encryption as option from Fire OS5.”
The question being asked is: Why would Amazon deprecate its encryption standards?
An Amazon Spokesperson tried to clarify, “When we released Fire OS 5, we removed some enterprise features that we found customers weren’t using.”
“All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”
The Long and Short of Encryption
Encryption is used to protect a device. This means attackers that are trying to gain access to data from an encrypted device only see data that looks gibberish.
On the other hand, if the device is not encrypted, attackers can get their hands on every bit of sensitive information the device holds; including emails, text messages, credit card details, pictures, videos, app data and passwords.
In the current scenario, one can only imagine the horrifying consequences of losing an Amazon Fire device.
Experts at the RSA conference said that Amazon’s decision goes against all basic mobile device security principles.
An executive at cybersecurity company LogRhythm, James Carder said, “I’m not buying it.” He said Amazon just lost a customer for “Amazon Echo,” its newly updated voice controlled device.
Retired Marine Corps Gen. Peter Pace opined that through his years in the military, he learned that even the U.S. cannot offer protection from today’s highly sophisticated hacking tools. He suggested that he’s in no hurry to make data more vulnerable.
How Can Fire OS Users Protect Their Devices?
As of now, users have a few options open to ensure their devices are encrypted.
They can stop upgrading to OS 5; they can upgrade and hope their device doesn’t fall into wrong hands; or just stop using their Fire devices.
If you’re an Amazon Fire device user, is one of these options for you?
But none of these options are ideal, and we can only hope that Amazon decides to take action and perhaps “undo” the damage.
Scavenging the Amazon forums led us to some positive comments, amidst a whole lot of rumblings:
“If you used your Jetta as a drag racer you have no grounds to complain if they lowered the acceleration and top speed so that you can’t use it that way any more.”
“Everyone who buys and uses a Fire agrees to the Amazon.com Condition of Use which state that Amazon can end services and/or device capabilities at any time with no warning and that they can upgrade software on devices at any time with no warning.”
“If a person buys a new device with Fire OS 5 they would have no complaints.”
Update: Good News on Amazon Fire OS 5 Encryption
March 5: The company released a statement saying it will restore optional full disk encryption to Fire OS 5 in a software update “coming this spring.”
Amazon originally said that it removed encryption support because it was an “enterprise feature” that “consumers weren’t using.”
The subsequent uproar and news reports apparently did the trick and the company decided to reverse course with a Fire OS 5 software update.