Entries Tagged "iOS"

Page 4 of 4

More on Hacking Team's Government Spying Software

Hacking Team is an Italian malware company that sells exploit tools to governments. Both Kaspersky Lab and Citizen Lab have published detailed reports on its capabilities against Android, iOS, Windows Mobile, and BlackBerry smart phones.

They allow, for example, for covert collection of emails, text messages, call history and address books, and they can be used to log keystrokes and obtain search history data. They can take screenshots, record audio from the phones to monitor calls or ambient conversations, hijack the phone’s camera to snap pictures or piggyback on the phone’s GPS system to monitor the user’s location. The Android version can also enable the phone’s Wi-Fi function to siphon data from the phone wirelessly instead of using the cell network to transmit it. The latter would incur data charges and raise the phone owner’s suspicion.

[…]

Once on a system, the iPhone module uses advance techniques to avoid draining the phone’s battery, turning on the phone’s microphone, for example, only under certain conditions.

“They can just turn on the mic and record everything going on around the victim, but the battery life is limited, and the victim can notice something is wrong with the iPhone, so they use special triggers,” says Costin Raiu, head of Kaspersky’s Global Research and Analysis team.

One of those triggers might be when the victim’s phone connects to a specific WiFi network, such as a work network, signaling the owner is in an important environment. “I can’t remember having seen such advanced techniques in other mobile malware,” he says.

Hacking Team’s mobile tools also have a “crisis” module that kicks in when they sense the presence of certain detection activities occurring on a device, such as packet sniffing, and then pause the spyware’s activity to avoid detection. There is also a “wipe” function to erase the tool from infected systems.

Hacking Team claims to sell its tools only to ethical governments, but Citizen Lab has found evidence of their use in Saudi Arabia. It can’t be certain the Saudi government is a customer, but there’s good circumstantial evidence. In general, circumstantial evidence is all we have. Citizen Lab has found Hacking Team servers in many countries, but it’s a perfectly reasonable strategy for Country A to locate its servers in Country B.

And remember, this is just one example of government spyware. Assume that the NSA—as well as the governments of China, Russia, and a handful of other countries—have their own systems that are at least as powerful.

Posted on June 26, 2014 at 6:37 AMView Comments

Details of Apple's Fingerprint Recognition

This is interesting:

Touch ID takes a 88×88 500ppi scan of your finger and temporarily sends that data to a secure cache located near the RAM, after the data is vectorized and forwarded to the secure enclave located on the top left of the A7 near the M7 processor it is immediately discarded after processing. The fingerprint scanner uses subdermal ridge flows (inner layer of skin) to prevent loss of accuracy if you were to have micro cuts or debris on your finger.

With iOS 7.1.1 Apple now takes multiple scans of each position you place finger at setup instead of a single one and uses algorithms to predict potential errors that could arise in the future. Touch ID was supposed to gradually improve accuracy with every scan but the problem was if you didn’t scan well on setup it would ruin your experience until you re-setup your finger. iOS 7.1.1 not only removes that problem and increases accuracy but also greatly reduces the calculations your iPhone 5S had to make while unlocking the device which means you should get a much faster unlock time.

Posted on April 29, 2014 at 6:47 AMView Comments

Was the iOS SSL Flaw Deliberate?

Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement.

The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is a single line of code: a second “goto fail;” statement. Since that statement isn’t a conditional, it causes the whole procedure to terminate.

The flaw is subtle, and hard to spot while scanning the code. It’s easy to imagine how this could have happened by error. And it would have been trivially easy for one person to add the vulnerability.

Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.

EDITED TO ADD (2/27): If the Apple auditing system is any good, they would be able to trace this errant goto line not just to the source-code check-in details, but to the specific login that made the change. And they would quickly know whether this was just an error, or a deliberate change by a bad actor. Does anyone know what’s going on inside Apple?

EDITED TO ADD (2/27): Steve Bellovin has a pair of posts where he concludes that if this bug is enemy action, it’s fairly clumsy and unlikely to be the work of professionals.

Posted on February 27, 2014 at 6:03 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.