On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker<\/em>, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering<\/em>, and an ad filter<\/em> describes this feature very well indeed.<\/p>\n Google is an advertising company, it is not in their interest to destroy the advertising industry. They’re trying to solve a subtly different problem \u2014 the rise of ad blockers!<\/p>\n <\/p>\n Google started by questioning why ad blockers were becoming so popular. They concluded, correctly IMO, that one of the big factors is that many ads cross the line and are positively user hostile. Angry users are motivated enough to go out and seek ways toget rid of the noise-making page-blocking junk that’s ruining their web browsing experience.<\/p>\n If you take that as a given, then it makes sense that what’s needed is a tool that blocks the obnoxious ads, but lets all the other ads through. In other words, you need an ad filter!<\/p>\n For a filter to work it needs a set of rules to apply. Google could have made up their own rules, but they realised (quite correctly IMO), that that would never fly \u2014 it would be seen by many as Google abusing their market dominance. Instead, Google decided to program their filter to apply a set of rules established by the Coalition for Better Ads<\/a> an industry group that Google are members of.<\/p>\n So what do the Coalition for Better Ads think is unacceptable?<\/p>\n So, Google’s Chrome browser blocks ads from advertisers that breach the Coalition for Better Ads’ standards, and displays all other ads.<\/p>\n This week the source code for the iOS 9 boot loader was leaked online. Perhaps unsurprisingly, Apple named their iOS boot loader iBoot<\/em>.<\/p>\n A boot loader’s job is to start the process of booting an operating system. When you power on a device the very first thing that happens is that the device’s firmware loads and initialises the hardware, it then hands over to the bootloader which boots the OS. When you have a secure boot system, like Apple does, the boot loader is the trust-anchor for that secure process, so it’s very important code.<\/p>\n A secure boot system is designed to only boot code that has been digitally signed by a trusted key. In this case, it means that if everything is functioning normally, it’s impossible to boot an iOS device into an OS that has not been digitally signed by Apple. This provides protection from all sorts of malicious attacks, but, it also prevents permanent jailbreaks (those that survive reboots). This is why bugs in iBoot are exactly the kind of thing jail breakers would give their right arm for, and why Apple always has to patch their OS each time a successful jailbreak is found, because if a device can be jailbroke, it cann’t be secured!<\/p>\n What happened this week is that the iOS 9 version of iBoot was published on GitHub. Apple used the DMCA to get it taken down, but short of a time machine, there is no way to un-publish something like this, so it’s now out there.<\/p>\n It looks like the source for this leak was the jailbreaking community. It seems that an intern working at Apple snuck the code out back when iOS 9 was current, and gave it to friends of his in the Jailbreaking commuity who promised to never ever share it. It seems they kept their promise for a long time, but as is inevitable, it eventually leaked.<\/p>\n So, is this something regular users need to worry about? Nope!<\/p>\n The security provided by iBoot is based on sound cryptography, not obscurity. Assuming there are no bugs in the implementation, knowing how it works does not let you in because you need Apple’s private key to digitally sign OSes, and that key did not leak.<\/p>\n Notice the assumption in the above paragraph? Thats where things get a little grey, and why Apple were keen to get the leaked code taken down. iBoot was written by humans, so, it almost certainly has bugs in it. Those bugs can be found without seeing the source code but it’s much easier to find these things when you can see the source code!<\/p>\n So, today, there are both bad guys and good guys pouring over the code trying to find bugs that could be used to bypass iBoot’s security protections (not all bugs have security implications).<\/p>\n Since this code was written Apple have released iOS 10 and iOS 11, so the code that’s now public is not the code running in a fully patched and up-to-date iOS device today. But, the code running today is descended from iOS 9, so it is entirely possible that a security-affecting bug found in the iBoot 9 source code could work against iOS 11.<\/p>\n Ultimately, right now, this leak only has the potential to have a security impact in the future. It has no impact on your device’s security today. Some day it might, but then again, nothing may ever come of this. This is nothing more than a possible future problem, and a bit of an embarrasment for Apple (how did the intern get the code, and get it out?).<\/p>\n Another bug has been found in how iOS interprets text in messages. This time the bug is in iOS itself rather than in the Messages app, so it has a broader reach and is crashing some 3rd party messaging apps as well as Apple’s own Messages app. Facebook Messenger, Gmail, Outlook, & WhatsApp are known to be affected, but others could be too.<\/p>\n The bug is in how iOS11 deals with a single Indian character \u2014 the Telugu. If you send someone a message that contains that character using one of the affected apps, their iOS device will first have a springboard crash, and after it recovers from that, the app in question will crash each time you try launch it. Notice that unlike with the previous text bomb<\/em>, this one doesn’t crash the whole OS, so while it can deprive you of access to some of your messaging apps, it won’t stop your phone from booting, which definitely makes this bug less disruptive.<\/p>\n Also lessening the damage is that fact that a work-around has been found to recover access to at least the Messages app if this happens to you (and the same approach may work with other apps too). You’ll need a friend to send you another message that doesn’t contain the Telugu character, then open the app, and without opening it, delete the thread that has the Telugu character in it.<\/p>\n Thankfully, a fix is on the way very soon. The problem does not exists in the latest iOS 11.3 beta, and Apple have promised a patch for iOS 11.2 “soon”, probably as part of iOS 11.2.6.<\/p>\n Security Medium 1 \u2014 Google’s Ad Filter On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed. Google […]<\/p>\n","protected":false},"author":4,"featured_media":13191,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,214],"tags":[2323,46,1359,126,50,569],"class_list":["post-14509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-ads","tag-apple","tag-google","tag-ios","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2017\/10\/security_bits_logo_300px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/14509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=14509"}],"version-history":[{"count":5,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/14509\/revisions"}],"predecessor-version":[{"id":14534,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/14509\/revisions\/14534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/13191"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=14509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=14509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=14509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
Links<\/h4>\n
\n
Security Medium 2 \u2014 iBoot Leak<\/h3>\n
Links<\/h4>\n
\n
Security Medium 3 \u2014 the iOS Telugu Text Bug<\/em><\/h3>\n
Links<\/h4>\n
\n
Notable Security Updates<\/h3>\n
\n
Notable News<\/h3>\n
\n
\n
Suggested Reading<\/h3>\n
\n
\n
\n
\n
\n
\n
Palate Cleansers (both from Allison)<\/h3>\n
\n