There seems to be a new development with regard to what I guess people might think of as being the best of the best in the consumer products range. Apple's Iphones. I am not sure, but I think this might also impact the iPad, but this sort of went past me as I read about this.
I am supposed to build my LED project but the project is on hold, though I suspect that people might find this kind of news interesting, and presumably there is merit to this vulnerability. I am thinking this is an intentional backdoor, as an intended weakness, but what do I know, I can only speculate.
This article dates back to only yesterday, 22. June 2018.
https://www.zdnet.com/article/a-hacker-figured-out-how-to-brute-force-an-iphone-passcode/ ("A hacker figured out how to brute force iPhone passcodes")
"The attack allows any would-be-hacker to run as many passcodes as they want, without destroying the data."
I know that "hacking" is both a generic non negative word for tinkering with something, however the media tend to use "hacking" as a just negative loaded word implying criminality, so I find it amusing that znet uses the phrase 'hacking' in the title and 'security researcher' in the article text. Maybe the author of the article didn't write the headline perhaps I am thinking.
So, some time ago (in 2016 I think), there was a congress hearing in USA ("House Judiciary Committee"), in which Apple had to show up in regard to this hearing, which was at a time when the Federal Bureau of Investigation claimed that they could not bypass the password protection without making the phone they wanted to get into inaccessible by being locked out of it. Later, there were news of some Israeli company who is mentioned as having helped the FBI in this regard. (Random reference to this linked to below.) What they did with the actual phone I have no idea. I don't remember reading about anything from opening up that one particular phone, or if they found anything interesting at all. I believe Apple was initially asked by the FBI to provide a tool for breaking into this mobile phone made by Apple, and afaik Apple denied providing this type of tool. I think it is fair to say that Apple is not interested in having this public image of someone that sells phones, that per design would be accessible by law enforcement, and who knows who else. It should be pointed out that there is also a parallel discussion/problem to this, where security researchers and others knowledgeable in the subject matter, and afaik the last development to that, is that security experts seem to agree that there is no secure way to create a mandated backdoor in products for law enforcement without such a backdoor being vulnerable to being used by others. I guess with the seemingly non-stop news about terrible computer security, who will notice yet another news article about some new vulnerability to phones, the internet, or computer hardware in general.
http://www.dailymail.co.uk/news/article-3514875/Israeli-firm-helped-FBI-crack-San-Bernardino-gunman-s-cellphone-without-Apple-s-help.html (FBI's demand for Apple to develop a tool)
And the znet article above links to this other article again, which in turn links to a Forbes article, about a US based company that supposedly is selling boxes that can break into iPhones as I understand it:
https://www.zdnet.com/article/graykey-box-promises-to-unlock-iphones-for-police/ (article from 19. March 2018)
Here's also a link to a recent, but article by Bruce Schneier, unrelated to the ihpone article, regarding what is described as "Security is failing just as technology is becoming autonomous (...)".
https://www.theregister.co.uk/2018/06/22/security_failing_iot_schneier/ ("Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage", Autonomous vehicles related)
As someone that aren't that into electronics nor computer programming, what I believe I have learned, is that the very idea of something in particular being secure, or providing security, that doesn't fare well if the
IMPLEMENTATION of a design has flaws or if there are other vulnerabilities associated with a product.
Then there is the imo scary thing where the design itself isn't secure. One example that I can think of would be the NSA sponsored 'dual elliptic curve deterministic random bit generator' that was incorporated into a standard and is believed to have defeat secure SSL/TLS encryption for years, and was used for seven years between 2006 and 2014 according to the Wikipedia entry on the subject (is anyone unwittingly still using the Dual_EC_DRBG, and is it even possible? I have no idea). I honestly don't understand how it can be insecure, but apparently NSA paid NIST (or RSA Security it was perhaps) a lot of money to have it included in the standard, and NSA is said to have been working on it, and is believed to know the inns and out of it, probably being backdoor.
https://en.wikipedia.org/wiki/Dual_EC_DRBGhttps://blog.cryptographyengineering.com/2013/09/18/the-many-flaws-of-dualecdrbg/ (An 2013 article that discusses the ways in which the 'Dual_EC_DRBG' is believed to be insecure.)
I can see how people like their smartphones, with the high res screens, camera feature for both stills and video, and whatnot, but I never liked smart phones, and I don't go around thinking that consumer products like mobile phones, or the internet, have good security. :|
One more thing, for those that thinks that espionage is a laudable and wholesome activity and with people that can do no wrong, I remember reading through the book 'Privacy on the line' by Whitfield Diffe and Susan Landau, and I remember this one moment about how espionage against others, I think would obviously be something that would be sabotaging any negotiations between two parties, if you sought to learn what lowest offer another part would be willing to accept for any upcoming agreement. Then ofc, there is the whole privacy need issue, or just 'privacy' as it is unfortunately called, and with the internet of things and insecure thingies, you might as well include 'personal safety' as being at risk when you can't fully trust your refrigerator, your door lock, your car, your phone, your pacemaker or other gadgets. I want to add that I sometimes come across a video showing a discussion panel about what is said to be secure and anonymous research into public data, something Landau have talked about in those debates, but it really unnerves me what kind of research this is, as I don't know anymore if Landau is pushing for a new technology in a world where privacy needs aren't respected by anyone, or if I am just misunderstanding what kind of technology this might be. I worry that all the data and meta data off 'personal data' used by corporations will become this kind of whitewashed activity that not only is "legal", but somehow secure, as if things could still be private yet with all that data being analyzed. I think at least that 'anonymous' should not be synonymous with 'privacy' given the context of it all.
Privacy ought imo be about peoples general and specific privacy needs, and never '
a product', nor '
a right' as such, otherwise there can obviously be no principled understanding when treating something supposed to be as serious, and more to the point, as personal to the individual, if being nothing more than a pragmatic concern, with regards to laws or other inane ideas that goes around in the name of "privacy".
Home
Help
Search
Login
Register
