GreasedGradient

Some tidbits while tinkering.

Category: Uncategorized

New iOS 7.1 location changes

One of the best things about iOS 7.1 is the new changes for location changes in the background even after closing an app. I have an app idea that needs to be running with iBeacon, but previous updates were too slow and unreliable.
This also works the same way with geofencing, however I can’t see an effect with IFTTT at the moment.
Apple really should inform about these sorts of changes though, as the effect on privacy with geofencing apps is probably something that should be considered.
Will wait and see about the effect on battery life too though.

iPhone5s fingerprint reader

While initially very excited about the potential involved in the iPhone5S fingerprint reader (I’m particularly hopeful for increased locking of handsets) I’ve grown sour on the expansion of the fingerprint beyond the initial lock screen, and perhaps some specific Apple usage.

Why?

Because while Apple is incredibly careful to say no-one can access your fingerprint, articles such as this by Wired means that if the API is opened up, you will lose the ability to maintain that certain actions taken on the phone were not taken by you. While this doesn’t worry me too much personally, the real issue for me, is a little deeper.

If the API is open, what is the restriction on applications, while not actually getting access to the fingerprint, gaining access to the knowledge of the fingerprint ID, and collecting additional information, matching that ID on the phone to the fingerprint activity?  In fact, this is natural and would be absolutely required for the apps to do personalisation.  However, if this ID is common between apps, and the OS itself, the usage of this fingerprint with SSO would allow people to profile that individual user to a fingerprint.

What’s the difference with SSO you ask?  Rejection.  Or the ability to physically map these items to someone else under duress.  Later, when people map their fingerprints to passwords, their internet banking etc. the incidence of robbing resulting in the attacker taking your entire fortune away will increase significantly.

So two main issues, the profiling with very strong physical user mapping, and users with SSO over-using the convenience factor are what worries me if they open the API.

Two main solutions:

  1. If the API is opened, apps should never be able to map an ID to a user.  This means the fingerprint sensor (and SSO API) should profile per-app IDs completely random.  The side-channel aspects of this will be hard to contain, such as apps performing per-ID mapping based on real-time usage reported to a server.  But completely random ID’s should make this essentially the same issue as now.
  2. Rejecting App usage of fingerprint should be an OS level function, also resetting the ID used by a particular fingerprint.
  3. Requiring apps to use fingerprint + password, for things like banking apps, should be an API-supported function.  As should things like a duress password.

Managing all of this in a typically Apple “simple, magic” way with all of a sudden the worlds most popular fingerprint reader is going to be a monumental task.  And one that will take a great deal of care.

Kudos to Apple for not taking this as an early launch feature and harming peoples security.  One of the only issues I have is that it is likely some in the Android camp won’t take a measured view on this, and might mess up the party for everyone…

iOS7 is out

Really, really excited at the possibilities in iOS7 with increased focus on security, and elements like trust for the computer you connect to, and notifications of additional users on iMessage.  It is fantastic that Apple is becoming more mature in its look at security, but a pity that issues like lock screen bypass are back…

If you’re keen on security, never go a new iOS version until a few of the bugs are ironed out…

iOS Wireless Hotspot Cracking

As has been reported, the wireless hotspot feature of iOS has been cracked.

We keep getting examples of how while protocols are theoretically broken, it’s almost always more effective to go after the endpoint, either in terms of breaking the password, or breaking the actual password sharing, allowing an attacker to bypass actually having to break a protocol.

It highlights why, even though I’m sure the password generation was done with good intentions (something you could feasibly type on mobile devices without having to try multiple times, and probably based on a risk assessment of short-lifetime sharing in this case), we need to be careful about exactly how we make things easy for the user. If this had used a larger keyspace, and perhaps changed passwords each time you shared (I noticed this when using the feature myself, but changed the password manually, and don’t have sharing on for very long to make the attack feasible).

Security usability has come a long way, but still has a huge way to go until people can actually use the upper-end security features available in modern OS’s, without feeling trapped, or just not understanding the risks. We also need to be careful about unintended consequences, and making sure risk analysis still hold up after users actually get involved.

Best Feature of iOS 7

For me, hands down the best feature of iOS 7 is the new ‘fetch’ API enabled as part of the notification service of iOS.  Previously, notifications were a 1-way message, and I’m sure I’m not alone in wondering why, if the app has registered, and been allowed to send notifications, there wasn’t a way to send a payload with the notification to avoid the user having to manually get into an app to do an update.
The fetch mechanism allows an app to have a special wake state to download information based on a wake-up event triggered from a notification.  So hopefully, no more need to manually update Words with Friends just because a single person has updated their move!

I’m keen to test it out soon, and see what protection is in place to stop apps from abusing this service to download large portions of data.  I would have preferred a small payload to be allowed in an individual notification, as this would be less likely to cause users to have unintended downloads, but this ‘fetch’ method is more flexible for those hosting their own server infrastructure, so it’s a great thing overall.