Schneier on Security

Clive Robinson • February 7, 2025 5:28 PM

@ SocraticGadfly, AL, ALL,

With regards “using devices” and,

“The real answer…”

The honest answer is “don’t”

Or more correctly,

“Do not use any device that has known or unknown to you external communications”

Thus anything based on Apple or Google mobile device OS’s is a very definate “No No”. Likewise any OS from Microsoft that’s less than two decades old (though I normally say three decades).

Unlike most readers here I have the advantage of knowing how to design and build “Microcontroller devices” which do not have external communications except through “strongly mandated interfaces”. As well as having designed minimal OS’s for them (think BIOS++) that I can “re-grind” for most microcontrollers from 8bit upwards.

This gives me a level of “communications security” and other EmSec that few others here can get, unless they are prepared to put the work in.

The simple fact is you can get the source code and programming books for a number of OS’s for microcontrollers. You can if you hunt around get the likes of the original FIG-Forth source for the Z80, 6502, and 68000. You can also get a Forth based system that will run on PC’s as an intermediate “boot-loader” or OS in it’s own right. That back in the early days of PCI interface cards, enabled “one driver” for Intel, Sun and other RISC based CPU’s.

There are Open Source versions of DOS-lookalikes and K&R C-Compilers like Small C, and even a version of BBC Basic that was allegedly one of the best basics back in the 1980’s.

Interestingly for reasons I won’t go into you can get “Modern 6502’s” that people build Apple][ look alikes with. If you “build your own” or buy a kit, you can limit the external communications and with enough “box bashing” and some EMC skills stop TEMPEST and EmSec attacks both passive and active.

Likewise there are ZX80/81 and Spectrum kits out there and people build them for “the real retro gamer” feel.

With the source code and a little effort you would be surprised just what you could build.

But if you can do the EmSec stuff then there are plenty of “Open Source” “Single Board Computers”(SBCs) that are pocket change in price and have more computing power, memory and interfacing than most Mini-Computers up into the early 1990’s

As I’ve mentioned before MicroChip have a 1USD chip that someone ported an early version of BSD Unix onto which has all the ROM, RAM and IO you would need “on chip”. You can get a “dev kit” for pocket change and design your own PCB and get them etched for around 5USD.

Thus your level of security and technology is upto you if you put a little effort into it.

If you want to put less in then in the US go and find your local “rocket club” or many Maker clubs and a number of Amateur Radio Clubs that encourage electronic builders. You never know you might get a fun hobby or even a new job capability.

Though word of warning, I’ve turned way to many hobbies into professional career work, and the result is you loose another hobby and the fun that went with it. Which is why I do cooking, preserving and charcuterie as some of my hobbies these days (which is kind of “full circle” as I became a chef to pay my way through higher education as I had unfortunately become an “orphan”).

Clive Robinson • February 8, 2025 5:07 PM

@ CommentorGPT,

With regards,

“I would appreciate some comment on this from those who know more than me.”

The answer to your question is,

“It’s not what the technology does it’s the perception of the use it is put to.”

It’s part of the “Observer Problem”.

The first thing to realise is even the AI of future fantasy that is currently being touted by the industry is not going to be “aware” in the way humans currently are in society.

Further that all technology is a “tool”, that is put to “use”, by a “Directing Mind” for a purpose / goal.

The actual notion of if that “use” is “good or bad” is decided by usually independent “observers” looking on in “judgment” oft well after the event.

What is “good or bad” is decided by an individuals perspective. In part by how it effects them, and in part by how it effects others. This perspective is based on their mores and morals and those of the social grouping they are part of.

It’s why I and others get up-tight about “think of the children” etc. It’s a way to manipulate society by pretending to be doing good whilst the actual intent is to do considerable harm to society.

Not long ago Apple introduced a form of “Device Side Scanning” supposedly to find CSAM. Sounds all very noble untill you realise that the mechanism will scan anything and everything on your personal device. Worse as part of that it will bypass any and all security measures on the device like encryption. Simply because it will be able to scan whilst it’s in the form that a “Human User” can use (ie plaintext).

Long before Apple got “shot down in flames” for even suggesting “Device Side Scanning” I had been cautioning that,

“No Secure Messenger APP, was secure.”

And that is as true today as it was when I said it. Today I look “prophetic” back then I was regarded as “paranoid” (not for the first time 😉 Funny how quickly things change when your advasary thinks “Might is right” and they “Must be the good guys” where as the exact opposite is actually true in both cases (as recent news about the UK Gov and Apple demonstrates).

The reason for my view point was and still is “simple engineering design”. That is on consumer and commercial devices the “communications end-point” is on the same device as the “encryption end-point” with no effective segregation, and that is very bad design just about all around, and not just from the privacy asspect.

Why bad? Well importantly the “system design” of such devices enables an “end run attack” from the “open communications” to the “private plaintext” space where the user has the “Human Computer Interface”(HCI / UI) where things are not protected by any privacy measures.

So as an attacker, why even try breaking the encryption, when you can just “put a shim in the drivers for the IO devices” where everything is unencrypted and in “plaintext” (something that has been done before with on device banking apps).

When you design a “secure system” the most important word is not “secure” but “system”.

Because the “system” like a chain is “only as strong as the weakest link”. It matters not a jot how strong individual links are. You need to either “design out” weak links or find a way to mitigate them (for various reasons I prefer “effective mitigation”).

Device side scanning which is rapidly going to become the next major “privacy battle” is put at the weakest link on any consumer or commercial device, and as such it effectively destroys that devices security thus user privacy.

The “mitigation” solution is to use “off device security” whereby you move the “security end-point” off the consumer / commercial device way beyond the “communications end-point” where no remote attacker can perform a “reach around” or “end-run” attack.

To see this consider you use “Perfect Secrecy” in the form of a “One Time Pad” and use pencil and paper, where you encipher and decipher in an entirely different room to your consumer / commercial device (how military ComCens were set up during WWII and later).

The privacy of the message depends on an attacker not being able to get at,

1, The Plaintext.
2, The OTP Key Material (KeyMat).

At either the 1st party or 2nd party in the communication end point locations (a little “field-craft” with flash paper an ash tray and a match tends to solve a lot).

Thus the problem has shifted from “securing the device” to “securing the KeyMat” (with securing privacy there is always “a problem” just like a bubble under wall paper when you hang it, the trick is knowing how to mitigate it).

But importantly, from the attackers perspective such as the UK-Gov, they can not just “hover it up” remotely at “near zero cost”. They will have to expend “considerable resources” and as part of the process make “considerable noise” neither of which they will wish to do because it will “Tip their hand” and in all probability alert the “target of interest”.