The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | apple

IPhone with soldering iron

There is a lot of hand wringing about the announcement that the FBI, with outside help, has been able to break into Syed Farook’s iPhone. This is not at all the same situation we would have if Apple had agreed to create the FBI requested version of the operating system. The important difference is scalability.
With this announcement we now know that law enforcement can break into any iPhone (of that generation or earlier at least) given sufficient effort. That effort is the key. It appears that the phone hack requires disassembling the phone and desoldering at least one chip at a minimum. It might actually be more complicated and cumbersome.
This is absolutely not something that any government is going to do thousands of times, it can not be done quickly and would probably leave evidence of the activity. This is fine for investigations of high value cases, but is absolutely useless for mass surveillance.
Contrast that with what could happen if Apple had created the security bypass operating system. Once created it would certainly be compelled in many different cases. Governments around the world would all demand access to the tool. That tool would allow rapid software only compromise of the phones without physical modification. This kind of attack scales to large numbers much more easily. Fortunately it would still require physical access to the phone, but that could obtained in many ways both overt and covert. I suspect that the compromised OS could be delivered through a modified phone charger for example.
Doubtless many companies will be working to make their devices secure against this kind of physical attack as well as making the kind of FBI requested modification actually impossible. In the meantime, the effort required to compromise each phone ensures that only a very few phones belonging to very narrowly targeted individuals will be unlocked. I can live with that.

· · ·

Eric Holder

In the article below Attorney General Eric Holder said ““It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy”

This is simply not true, and harkens back to the discredited arguments made by the FBI in the 1990’s about the Clipper Chip. It is hard enough to make secure computing systems, and we are not very good at it as all the breaches demonstrate. Intentionally introducing a vulnerability, which is the essential nature of back door or law enforcement access, is madness. If there is a back door, then keys exist, and can be compromised or reverse engineered. It is an added complexity to the system, which is almost certain to introduce other vulnerabilities. Its use would not be restricted to the US. Once it exists every government will demand access.

Social media and the cloud have tilted the balance of power absurdly towards law enforcement. This argument that they must retain access to encrypted cell phones is fatuous.

Holder urges tech companies to leave device backdoors open for police – The Washington Post

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · ·

Apple Store Chicago

Apple is getting taken to task for a couple of security issues.

First, their recently announced “Random MAC address” feature does not appear to be as effective as expected. The idea is that the iOS 8 device will use randomly generated MAC addresses to ping WiFi base stations when it is not actively connected to a WiFi network. This allows your phone to identify known networks and to use WiFi for enhanced location information without revealing your identity or allowing you to be tracked. Unfortunately the MAC only changes when the phone is sleeping, which is really rare with all the push notifications happening all the time. The effect is that the “random” MAC addresses are changed relatively infrequently. The feature is still good, but needs some work to be actually very useful.

Second, people are noticing their passwords showing up in Apples iOS 8 predictive keyboard. The keyboard is designed to recognize phrases you type frequently so it can propose them to you as you type, thus speeding message entry. The problem is that passwords often follow user names, and may be typed frequently. Research is suggesting that the problem is from websites that fail to mark their password fields. Apple is smart enough to ignore text in known password fields, but if it does not know that it is a password, then the learning happens. It is not clear that this is Apple’s fault, but it is still a problem for users. Auto-fill using the latest version of 1Password should protect against this.

Play

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me onFacebookTwitter, and Google+.

· · · · ·

IPhone lock screen iOS8

Since it was introduced, Apple has had the ability to decrypt the contents if iPhones and other iOS devices when asked to do so (with a warrant).

Apple recently announced that with iOS 8 Apple will no longer be able to do so. Predictably, there has been a roar of outrage from many in law enforcement. [[Insert my usual rant about how recent trends in technology have been massively in favor of law enforcement here]].

This is really about much more than keeping out law enforcement, and I applaud Apple for (finally) taking this step. They have realized what was for Anonymizer a foundational truth. If data is stored and available, it will get out. If Apple has the ability to decrypt phones, then the keys are available within Apple. They could be taken, compromised, compelled, or simply brute forced by opponents unknown. This is why Anonymizer has never kept data on user activity.

Only by ensuring that they can not do so can Apple provide actual security to it customers against the full range of threats, potentially least of which is US law enforcement.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me onFacebookTwitter, and Google+.

· · ·

HiRes

The Internet is on fire with discussions of the recent release of stolen nude photos of over 100 female celebrities. This is a massive invasion of their privacy, and it says something sad about our society that there is an active market for such pictures. While this particular attack was against the famous, most of us have information in the cloud that we would like to stay secret.

While there is not a definitive explanation of the breach the current consensus is that it was probably caused by a vulnerability in Apple’s “Find My iPhone” feature. Apparently the API interface to this service did not check for multiple password failures, a standard security practice. This allowed attackers to test effectively unlimited numbers of passwords for each of the accounts they wanted to access.

Because most people use relatively weak passwords, this attack is quite effective. Once they gained access to the accounts, they could sync down photos or any other information stored in iCloud.

Of course, the first rule of secrecy is: If it does not exist, it can’t be discovered.

If you do want to create something that you would be pained to see released publicly, then make sure you keep close control of it. Store it locally, and encrypted.

Wherever you keep it, make sure it has a strong password. Advice for strong passwords has changed over time because of the increasing speed of computers. It used to be that fancy pneumonics would do the trick but now the fundamental truth is: if you can remember it, it is too weak.

This is particularly true because you need to be using completely different passwords for every website. Changing a good password in a simple obvious way for every website is obvious. It might prevent brute force attacks but if some other attack gives access to your password, the attacker will be able to easily guess your password on all other websites.

You need to be using a password manager like 1Password (Mac), LastPass, Dashlane, etc. Let the password manager generate your passwords for you. This is what a good password should look like: wL?7mpEyfpqs#kt9ZKVvR

Obviously I am never going to remember that, but I don’t try. I have one good password that I have taken the time to memorize, and it unlocks the password manager which has everything else.

UPDATE: There appears to be some question about whether this vulnerability is actually to blame.

· · ·

IOS8 MAC Randomization

News just broke of a new feature in iOS 8 announced at Apple’s WWDC which was not covered in the big keynote. Advertisers and retail outlets have been using Wi-Fi to track mobile devices for some time. I talked about a network of Wi-Fi tracking trashcans last year in the podcast.

This works because, by default, most mobile devices are constantly on the lookout for Wi-Fi networks. The device communicates with visible base stations to see if they are known, if they are secure, and what they are called. That communication reveals the MAC address of the device’s Wi-Fi.

Like the address on your house, your phone number, or IP addresses, MAC addresses are globally unique identifiers. Everything that can speak Wi-Fi has its own individual MAC address. This makes it a great hook for tracking. If someone sets up a bunch of Wi-Fi base stations, most mobile devices going by will try to connect, giving it their MAC address. By looking at the pattern of those connections, the device can be tracked. 

More sophisticated solutions have even used signal strength to triangulate the location of devices within a small area.

The big news is that Apple is going to randomize the MAC addresses of iOS 8 devices when they are probing for networks. If the device were to probe network base stations A, B, and C they would all see different MAC addresses and think that they were tracking different devices. The iPhone or iPad would still use its real MAC when establishing a full connection, but would not provide it to all of the networks it only probes but never actually uses.

This is a really small change which provides significant privacy gains. It is similar to the decision Apple made to use randomized IPv6 addresses by default, rather than ones which uniquely identify the computer or mobile device.

Of course, Apple is also working hard to track us all with iBeacons at the same time….

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · ·

Play

Standard-Profile-Picture.jpgIn episode 18 of The Privacy Blog Podcast for March 2014 I talk about:

  • Zombie iPhone Bluetooth settings
  • Proposed Australian encryption regulations
  • More from the Mt. Gox and bitcoin saga
  • The cat and mouse of censorship and circumvention in Turkey

· · · · · ·

Mar/14

19

Check your phone for evil Tor app

TorAppLogo

Fake Tor browser for iOS laced with adware, spyware, members warn | Ars Technica

There are a number of different Tor anonymity service apps in the Apple iOS app store. According to several people at Tor, one of them is unofficial and loaded with adware and spyware.

The bad one is “Tor Browser”. If you have it, you should un-install it immediately.

Apple has been requested to remove the app from the store, but no action has been taken so far.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

· · · ·

iPhone control panelApple Keeps Turning Bluetooth On When You Update Your iPhone

Recent iOS updates have automatically re-enabled Bluetooth for many users who keep it turned off for battery conservation or privacy reasons.

The increasing use of iBeacons and other Bluetooth based tracking systems make this a bigger privacy worry than before. Tracking via Bluetooth is now a widely and actively used tool in retail and other areas.

Conspiracy theorists suggest that Apple is doing this intentionally to increase the usefulness of iBeacons to track people, and thus encourage their adoption. While this is an appealing idea, the jury is still out on this one.

If you are concerned about this kind of tracking, you can quickly disable Bluetooth in the control center on your iPhone by sweeping up from the bottom of just about any screen and tapping the Bluetooth button. It is fairly easy and convenient to keep Bluetooth turned off most of the time, and just enable it when you want to use a wireless headset or other Bluetooth device for a short while.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

· · ·

Play

Standard Profile Picture

In episode 17 of The Privacy Blog Podcast for February, 2014 I talk about:

  • The just completed RSA Security conference
  • How an email can expose your location
  • A guy who suffered extortion because his username was so valuable.
  • What happened in the latest Bitcoin fiasco
  • Exactly how secure Apple’s iMessage protocol is
  • And finally how insurance companies may drive changes in cyber security

· · · ·

Older posts >>