Tag: iPhone

Categories
Links Writing

New York DA Wants Apple, Google to Roll Back Encryption

New York DA Wants Apple, Google to Roll Back Encryption:

[Manhattan District Attorney Cyrus Vance Jr.] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers alike.

Instead, Vance said, he only wanted the encryption standards rolled back to the point where the companies themselves can decrypt devices, but police cannot. This situation existed until September 2014, when Apple pushed out iOS 8, which Apple itself cannot decrypt.

“Tim Cook was absolutely right when he told his shareholders that the iPhone changed the world,” Vance said. “It’s changed my world. It’s letting criminals conduct their business with the knowledge we can’t listen to them.”

Vance cited a recording of a telephone call made from New York City’s Riker’s Island jail to an outside line. In the call, a defendant in a sex-crimes case tells a friend about the miraculous powers of the new smartphone operating systems.

“Apple and Google came out with these softwares that can no longer by encrypted by the police,” the defendant allegedly said, mixing up encryption with decryption. “If our phones [are] running on iOS 8 software, they can’t open my phone. That might be another gift from God.”

Correct me if I’m wrong but if you’re able to quote the conversation they had about the encryption of the device, then isn’t it the case that law enforcement can, in fact, listen in to at least some of these supposedly sophisticated criminals? Regardless of their adoption of consumer-grade (i.e. incredibly common) tools and security protocols?

But more to the point: it has never been the case that government agencies have been able to compel, or access, all of the information they might find useful in the course of their investigations. That’s normal. Government agencies enjoyed incredible access to persons’ information for the course of a decade or so, as technology companies matured into firms that took the security and privacy of their customers seriously. Asking for the industry to return to a less-mature state is bad for everyone.

Finally: while domestic agencies might be worried about the situations where they cannot access the data at rest on the device, you can be sure that governmental staff who are abroad are very happy that they can use their devices with the knowledge that even foreign state actors will be challenged in accessing the data at rest which is stored on their smartphones. American (and Canadian) law enforcement agencies are understandably pushing for greater access to information but, by the same token, their success would mean that their compatriots in China, Brazil, France, Israel, and other friendly and unfriendly states would be able to lawfully gain entry to foreign agents’ devices. I’m pretty sure that diplomatic staff and military personel abroad are pleased that such an attack vector has been narrowed by Apple’s actions.

Categories
Links Photography

IPPAWARDS | iPhone Photography Awards

Just gorgeous photos that show just how much you can actually do with an iPhone’s camera.

Categories
Links

Guide to Hardening iOS 5

The Australian Department of Defence, Intelligence and Security division, has produced a particularly good walkthrough for hardening the iOS environment (.pdf). I’d recommend it to the curious and for system administrators who are interested in evaluating/contrasting their own iOS deployments.

Categories
Links Writing

The Problems With Smartphone Password Managers

In today’s era of hyperbolic security warnings one of the easiest things that people can do to ‘protect’ themselves online is select super hard passwords to crack, stuff them in a centralized password manager, and then only have to remember a single password to access the rest in the manager. I’ve used a password manager for some time and there are real security benefits: specifically, if a single service that I’ve registered with is hacked then my entire online life isn’t compromised, just that one service.

Password manager companies recognize the first concern that most people have surrounding their services: how do the managers protect the sensitive information they’re entrusted with? The standard response from vendors tends to reference ‘strong security models and usage of cryptography. Perhaps unsurprisingly, it is now quite apparent that the standard responses really can’t be trusted.

In a recent paper (.pdf), researchers interrogated the security status of password managers. What they found is, quite frankly, shocking and shameful. They also demonstrate the incredible need for third-party vetting of stated security capabilities.

The abstract for the paper is below but you should really just go read the whole paper (.pdf). It’s worth your time and if you’re not a math person you can largely skim over the hard math: the authors have provided a convenient series of tables and special notes that indicate the core deficiencies in various managers’ security stance. Don’t use a password manager that is clearly incompetently designed and, perhaps in the future, you will be more skeptical of the claims companies make around security.

Abstract:

In this paper we will analyze applications designed to facilitate storing and management of passwords on mobile platforms, such as Apple iOS and BlackBerry. We will specifically focus our attention on the security of data at rest. We will show that many password keeper apps fail to provide claimed level of protection

Access the paper (.pdf)

The Problems With Smartphone Password Managers

Categories
Writing

Stupid Problem with BlackBerry Data

I use my mobile phones a lot and most batteries just barely last me through a day on a single charge. With my iPhone and Windows Phone, when the batteries are almost exhausted, various functions (including radios) are disabled to make the last bit of juice last as long as possible. My BlackBerry does the same thing.

I’m fine with this.

What’s I’m not fine with is the following: once I charge the BlackBerry and the radios are re-activated, I have to pull the battery and fully reboot the device to get access to the various services that course through the BIS. If I don’t pull the battery, I get a warning that my plan doesn’t cover data services and thus I cannot access the phone’s various Internet-related functions. On the face of things, it seems that after charging the device, RIM’s software fails to indicate to their network infrastructure that I have a data plan and thus can access the BIS.

Needless to say, this is absurd.

I cannot believe that I’m the only person running into this and regardless of whether the problem is with my particular carrier, or the device, it isn’t something that I should ever experience. These are the kinds of problems that should be sorted out well before a device is put in the consumer’s hands.

Categories
Aside Links

Self-Mutating Trojans Come to Android

Symantec is warning that the next generation of smartphone viruses has come:

Researchers from security vendor Symantec Corp. have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.

A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.

This is a clever means to avoid the rudimentary analysis systems that the major vendors use to ID malware. It’s also (another) indication of how important antivirus is going to become for the mobile marketplaces. I suspect that, by the end of the year, a lot of users (on iOS, Android, and the rest) are going to wish that the post-Steve Jobs smartphones on the market today met Jobs’ initial thoughts regarding smartphones when Apple released the iPhone. Specifically, he held that:

He didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses, or pollute its integrity

While our pocket computers are better now that apps are available, I can’t help but think that Jobs’ earliest worries are now looming at today’s potential nightmares.

Categories
Writing

A Comment on GPS and Smartphones

There are a great number of concerns around GPS chips being integrated into smartphones; surveillance, third-party tracking, and profiling (to say nothing of bad results!) are all issues that technologists ‘in the know’ warn of. I don’t want to talk about any of these issues.

No, I want to say this: of the smartphones that I’ve used in the past 6 months (iPhone 3GS, Samsung Focus, BlackBerry Bold 9900, BlackBerry Torch 9800) the BlackBerry devices have the most reliable, accurate, and speedy GPS functionality. The Focus was unreliable, at best, and while the 3GS’s UI was the best it was slower and less accurate than what I enjoy with the aforementioned BlackBerry devices.

For many people the GPS is a nicety, icing on the cake. For me, I rely on my GPS and maps integration to get from points A to B. The integration between Google Maps and the iPhone was excellent, if not the fastest. Integration on the Windows Phone was poor, largely because they missed my market: I’m a conscientious traveller and so prefer public transit. Windows Phones are absolutely unable to parse transit information in any of the major or minor cities I’ve visited over the past several months. If they can’t even do a non-US world city then the integration is not ready for prime time.

While the Google Maps/GPS integration on BlackBerry has an archaic UI – it really, really, looks like it was developed several years ago (because it was) – it’s fast and reliable. UI beauty is of critical importance for getting novices to use new technologies, but UI alone is insufficient to sell consumers on the value of a device over the long term. On this basis the Windows Phone OS failed outright and iOS trailed the ‘older’, ‘archaic’ and ‘aging’ BlackBerry OS 7.1 device I’m using right now.

Categories
Links

Should Microsoft Mandate a Windows Phone Hardware Mute Switch?

testingdavid:

 The audio controls stick to the lock-screen when the phone is locked, in the same screen location but always present to allow even quicker control and obviate the need to tap the volume rocker in order to play, pause or skip on the lock-screen. Interestingly, the “vibrate” or “ring + vibrate” button, which I call the mute switch, does not remain on the lock-screen, and requires that the user press the volume rocker to display it when the phone is locked. This means that to mute a Windows Phone, the user must take the phone out of their pocket, tap the power button, tap the volume rocker, and finally tap the mute switch. With the current iPhone design, the user need only reach into their pocket and flip the hardware switch to prevent all unexpected noises.

The answer to David’s question is clear and unequivocal: YES! While having an excess of rarely needed/used hardware buttons and toggles can diminish the quality of a device, a deficiency of such buttons/toggles can do the same thing. It sounds small, but the ability to rapidly and easily mute a device is a key professional feature of a device.

Categories
Links

Android & iPhone Update History

calmscape: Android & iPhone Update History

The seriousness of Android’s (lack of) security updates cannot be overstated. Phones that do not receive security updates can be subject to many of the most serious security attacks – such as man in the middle attacks, certificate-based MITM attacks, browser-based attacks, and so forth – and users remain ‘locked’ to their phones because of years-long contracts.

In essence, Android users on lengthy contracts with carriers are forcibly, contractually, linked to long-term security sinkholes.

This is an absolutely inexcusable situation, and one that Google, phone vendors, or carriers should be legislatively mandated to remedy.

Categories
Links

Management and RIM

This is an incredibly mixed article on RIM, but one section in particular stood out to me as either bad reporting, incompetent journalism, or Apple fanboyism.

Success also bred hubris about RIM’s position in the market. By late 2009, it was clear that the iPhone and Android had redefined the smartphone, and that RIM needed to adapt. The company had to target consumers more aggressively, not just business customers. It also had to drastically improve the BlackBerry’s user interface and web-browsing capabilities, not to mention attract developers to write more applications for the BlackBerry platform. Smartphones became less about communication—RIM’s biggest strength—and more about consuming media.

What’s more, the company itself was becoming increasingly complex. RIM produces multiple handsets, each with different screen sizes and internal hardware. RIM will even customize the same device to suit the needs of different carriers. Apple, in contrast, produces just one iPhone model per year. The product complexity at RIM takes a firm hand to manage, and that becomes more difficult when the entire organization is undergoing a seismic shift.

I agree: adaptation was signalled (though not necessarily entirely evident) in 2009. I agree: the company had to update it’s UI and OS to match that of their competitors.

Factually incorrect: Apple produces a single version of their iPhone (they have CDMA and GSM versions, as well as multiple ‘lines’ of their product by year, as well as some version that have or don’t have cameras according to businesses’ needs).

It strikes me that, while RIM certainly has challenges, focusing on the number of devices is of variable importance. If a company has a routine or standardized production and policy cycle that accommodates different radio technologies, then the radio technologies themselves are of minimal importance for overall production of new and updated devices. What the author actually means to say is that there was an emphasis on radios rather that UI innovation. This is arguably accurate – I have a Bold 9900 at the moment, and the UI is dated – but the hardware is incredible.

RIM is, and has been, a hardware company for quite some time. Other than Nokia there is no company that even comes close to competing (and I say this as an ex-iPhone owner, and the current owner of a Samsung Windows Phone device). The real test is watching to see if RIM becomes a Nokia, or transcends the problems that beset Nokia.

At best, BB 10 will enable transcendence. At worst, it will herald RIM turning into the world’s (arguably) best mobile hardware vendor in the world.