Archive | Apple

Apple, China and human rights

The Chinese government’s crackdown on the internet continues with the news that Apple has removed all major VPN apps, which help internet users overcome the country’s censorship system, from the App Store in China.

Techcrunch: Apple removes VPN apps from the App Store in China »

Tense nervous headache? Perhaps your name is Tim Cook. For poor Tim has woken up this Sunday morning with a giant headache, and its name is China.

Techcrunch: Apple’s capitulation to China’s VPN crack-down will return to haunt it at home »


Wikileaks #Vault7 Dark Matter – bad news for Apple

Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Wikileaks #Vault7 Dark Matter »


Apple, please help to save private e-mail encryption

After the latest Mac OS upgrade (Sierra) – GPG encryption of mail doesn’t work. Apparently, the GPGTools-people need to do a lot of reverse engineering. And as they kindly offer the world encryption for free their resources are limited.

This might lead to people turning away from e-mail encryption, at a point in time where more people ought to take it up. This should be an argument strong enough for Apple to give the GPG-team a helping hand.

But there are also other implications that ought to catch Apple’s attention:

  • If GPG does not work, people might refrain from updating their Mac OS.
  • All new Macs are delivered with Sierra, forcing people who have invested in new Apple hardware either to quit using e-mail encryption or using a cumbersome workaround.
  • People who still want GPG/PGP encryption might – or rather will – turn away from the Mac platform to Windows or Linux.

It is clearly in Apple’s best interest to get GPG mail encryption working again.



“Apple Removes New York Times Apps From Its Store in China”

Apple, complying with what it said was a request from Chinese authorities, removed news apps created by The New York Times from its app store in China late last month.

The move limits access to one of the few remaining channels for readers in mainland China to read The Times without resorting to special software. The government began blocking The Times’s websites in 2012, after a series of articles on the wealth amassed by the family of Wen Jiabao, who was then prime minister, but it had struggled in recent months to prevent readers from using the Chinese-language app.

NYT: Apple Removes New York Times Apps From Its Store in China »


Apple vs. FBI – here we go again…

When the FBI asked a court to force Apple to help crack the encrypted iPhone 5c of San Bernardino shooter Rizwan Farook in February, Bureau director James Comey assured the public that his agency’s intrusive demand was about one terrorist’s phone, not repeated access to iPhone owners’ secrets. But now eight months have passed, and the FBI has in its hands another locked iPhone that once belonged to another dead terrorist. Which means they may have laid the groundwork for another legal showdown with Apple.

Wired: The FBI wants to get into the locked iPhone of another dead terrorist »


The issue of the iPhones audio jack

The new iPhones doesn’t have a traditional 3.5 mm audio jack. Some say this is just a natural step in development, like when the computer floppy disks were dropped. But there might be more into it than that.

Nilay Patel in the Verge:

Restricting audio output to a purely digital connection means that music publishers and streaming companies can start to insist on digital copyright enforcement mechanisms. We moved our video systems to HDMI and got HDCP, remember?

Cory Doctorow, BoingBoing:

Once all the audio coming out of an Iphone is digital — once there’s no analog output — Apple gets a lot more options about how it can relate to its competitors, and they’re all good for Apple and bad for Apple’s customers. Just by wrapping that audio in DRM, Apple gets a veto over which of your devices can connect to your phone. They can arbitrarily withhold permission to headphone manufacturers, insist that mixers be designed with no analog outputs, or even demand that any company that makes an Apple-compatible device must not make that device compatible with Apple’s competitors, so home theater components that receive Apple signals could be pressured to lock out Samsung’s signals, or Amazon’s.

Perhaps worst of all is the impact on security research: because the DMCA has been used to attack researchers who disclosed defects in DRM-restricted technologies, they are often unable or unwilling to come forward when they discover serious vulnerabilities in technologies that we rely on. The Iphone audio interface is two-way: it supports both input and output. A bug in that interface turns the phone to carry with you at all times, to all places, into a covert listening device. A DRM system on that interface makes that bug all-but-unreportable, guaranteeing that it will last longer and hurt more people before it finally becomes public.


When you plug an audio cable into a smartphone, it just works. It doesn’t matter whether the headphones were made by the same manufacturer as the phone. It doesn’t even matter what you’re trying to do with the audio signal—it works whether the cable is going into a speaker, a mixing board, or a recording device. (…)

In other words, if it’s impossible to connect a speaker or other audio device to an iPhone without Apple software governing it, then it’s simple for Apple to place restrictions on what devices or functions are allowed. Because US law protects DRM technologies, it may be illegal to circumvent that restriction, even if you’re doing it for completely lawful purposes. Having created the possibility of restricting audio output to select devices, Apple will be under pressure to use it. TV and film producers insist on having the power to decide which devices can receive video. Can we really believe they will leave audio alone if outputs become entirely digital?

• EFF: The End of Headphone Jacks, the Rise of DRM »
• TechDirt: Why Apple Removing The Audio Jack From The iPhone Would Be A Very, Very, Very, Bad Move »
• The Verge: Taking the headphone jack off phones is user-hostile and stupid »
• BoingBoing: How a digital-only smartphone opens the door to DRM (and how to close the door) »


Apple vs. the FBI — who won?

From the Associated Press Washington desk:

The FBI said Monday it successfully used a mysterious technique without Apple Inc.’s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world’s leading technology companies.

The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how.

Justice Department cracks iPhone; withdraws legal action »

But is this really a mystery? I wrote about this some three weeks ago. That was when the ACLU demonstrated that breaking locked iPhones is almost common knowledge in the tech community:

One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »

Never the less many questions remain unanswered. And the FBI is not about to open up. Ars Technica:

Apple likely can’t force FBI to disclose how it got data from seized iPhone »

Here, it is important to understand what this really has been all about:

[The FBI] is not as interested in solving the problem as they are in getting a legal precedent, [Richard] Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”

The Register: Former US anti-terror chief tears into FBI over iPhone unlocking case — They’d just send it to the NSA if they really wanted access, says Clarke »

Now, what about Apple? Have all of this bruised the iPhones reputation when it comes to security?

Well, it shouldn’t. As mentioned, there already are known ways to break into a locked iPhone.

But facts is not the same as the public perception. The general notion is that this is something entirely new.

And, as a matter of fact, the authorities can open up a locked iPhone. Apple do have a very real public relations problem on its’ hands.

Inevitably, Apple will have to beef up the iPhones security shortly. That may, in turn, lead to new conflicts with the FBI & Co.



Richard Clarke on the Apple vs. FBI case

“[The FBI] is not as interested in solving the problem as they are in getting a legal precedent,” Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”

The Register: Former US anti-terror chief tears into FBI over iPhone unlocking case — They’d just send it to the NSA if they really wanted access, says Clarke »


The real issue with the San Bernardino shooters iPhone

The trench war over the San Bernardino shooters iPhone continues. The FBI demands that Apple should create a special OS to circumvent the “auto erase” function that, if activated, would make the phones contents unavailable after ten failed attempts to unlock it. And Apple is fighting the request.

However, it turns out that all of this might be unnecessary. There are other ways to access the content, as demonstrated by the ACLU.

It is unlikely that FBI didn’t know about this possibility — as it is a commonly used technique in the industry.

ACLU:s Technology Fellow Daniel Kahn Gillmor explains…

“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.”

So, what is going on here?

“If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it’s a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we’re asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.”

Of course, it might just be about government incompetence. But never the less, the result would be the same: A judicial trojan horse for weakening device security all over the line.

Having seen what US government agencies have been up to — it is more likely than not that this is all about Big Brother deceptiveness.

• ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »
• Security Affairs: Snowden accuses the FBI of lying about his ability to unlock the iphone of the San Bernardino terrorist. “that’s horse sh*t.” he said. »