Security Bits Logo no alpha channel

Security Bits — 31 May 2020

Feedback & Followups

🇺🇸 Deep Dive 1 — The US Government Revive Their Attacks on Apple

The FBI revealed that it had succeeded in cracking the iPhones belonging to the shooter in the Pensacola Naval Base attack. From reporting it appears the devices were broken into using a hardware passcode brute-forcing device as sold by some grey-hat security companies.

The FBI director and the US Attorney General attacked Apple for not assisting in cracking the devices. The implication was that Apple could have simply opened the phones for them, but that they refused to in order to protect their customer’s privacy. The phrasing was misleading at best. The government describe hardware encryption as being about ‘privacy’, but it’s not, it’s about security, and it’s not about hiding things from the government, but from criminals. A truly secure lock keeps everyone out, any lock that doesn’t isn’t secure. The government being kept out is a side-effect, not the problem to be solved — keeping criminals out is what hardware encryption is all about.

Think of it like a safe in a wild west movie — the safe is designed to keep stuff inside safe from anyone who doesn’t have the key. The reason is to protect the money from the bandits, but as a side-effect, the sheriff can’t get in either.

You can have secure encryption, or you can have a back door, you can’t have both!

Apple responded by pointing out (again), that they handed over lots of data to law enforcement ‘within hours’ of the shooting. Everything they had in iCloud and any other logs or metadata they had was promptly handed over. To describe complete and prompt cooperation like that as Apple refusing to help the government is factually incorrect.

Links

Deep Dive 2 — The BIAS Bluetooth Attack

Security researchers have found a flaw in recent versions of the Bluetooth spec that breaks the security of pairing, allowing attackers to impersonate any previously paired Bluetooth device and access all information that device has access to.

Because this is a problem with the specification, all Bluetooth devices implementing affected versions of the spec are vulnerable.

Affected Apple devices include:

  • iPhone 8 and later
  • 2017 MacBook Pro and later
  • 2018 iPad and later

The group responsible for maintaining the Bluetooth spec (Bluetooth SIG) have promised to release an update to the spec to address the problem. Hardware vendors will then need to produce updated firmware that obeys this new spec and push that out to all devices. That’s going to take time.

For now, the only defence is to disable Bluetooth if you don’t need it. One silver lining is that attackers need to be within Bluetooth range to exploit this vulnerability.

Realistically, many of us will have no choice but to keep Bluetooth enabled, so we just need to be aware that if we’re in a crowded place, or a place we know to be hostile, it might be wise to turn off Bluetooth on our phones!

Links

Deep Dive 3 — The unc0ver iOS Jailbreak

Just days after the release of iOS 13.5 a new Jailbreak has been released that can be run on any iOS device that can run a currently supported version of iOS.

The jailbreak depends on a bug in the iOS kernel, and requires a USB connection to a computer to trigger. The jailbreak does not survive reboots, so you need to have the phone tethered each time you reboot to retain the jailbreak.

Like all jailbreaks, this one depends on an iOS security vulnerability, so it will just be a matter of time until Apple reverse-engineer the jailbreak to find the bug, and then fix it.

Because the jailbreak requires a USB connection it can’t be triggered remotely, so it’s only a security risk in places where you lose physical control of your iOS device, like when crossing borders. Since a reboot removes the jailbreak, it might be wise to power-down your phone when crossing certain borders.

Links

❗ Action Alerts

Worthy Warnings

Notable News

Top Tips

Excellent Explainers

Interesting Insights

Palate Cleansers

Legend

When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
🎧 A link to audio content, probably a podcast.
A call to action.
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊 A link to graphical content, probably a chart, graph, or diagram.
🧯 A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵 A link to an article behind a paywall.
📌 A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩 A tip of the hat to thank a member of the community for bringing the story to our attention.

Leave a Reply

Your email address will not be published.

Scroll to top