The Guessed-A-Digit Edition Monday, March 21, 2016

Researchers Find Flaw In Apple's iMessage, Decrypt iCloud Photo, by Ellen Nakashima, Washington Post

To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.

[...] To prevent the attack from working, users should update their devices to iOS 9.3. Otherwise, their phones and laptops could still be vulnerable, Green said.

Privacy Rules

Apple 'Privacy Czars' Grapple With Internal Conflicts Over User Data, by Julia Love, Reuters

Inside Apple, the trio of experts known among employees as the privacy czars are both admired and feared.

[...] Following a popular philosophy in Silicon Valley known as "privacy by design," product managers start collaborating early with the privacy engineering and legal teams, former Apple employees said. For complicated matters, the privacy taskforce steers the issue to a senior vice president, and particularly sensitive questions may rise to Cook.

Key principles include keeping customer data on their devices - rather than in the cloud, on Apple servers - and isolating various types of data so they cannot be united to form profiles of customers.

Encryption Maths

Untangling iOS PIN Code Security, by Héctor Martín Cantero

A lot has been written about the Apple vs. FBI saga. However, the truth about exactly what it all means from a technical standpoint is scattered among many sources, amidst quite a bit of misinformation. This post is my attempt to provide, in a question and answer format, what I consider to be the current knowledge of the state of affairs, from the perspective of a security researcher.

The Behind-the-Scenes Fight Between Apple And The FBI, by Adam Satariano and Chris Strohm, Bloomberg

Not once during the two-hour presentation did Cook & Co. mention what would prove to be the most consequential software development of all. Tucked inside the new OS was a dramatic change to how Apple encrypts data on iPhones. The new system made it impossible for government investigators—and even Apple itself—to pull information from a device without a passcode.

Following the event, Apple gave the Federal Bureau of Investigation early access to iOS 8 so it could study how the new system would change evidence-gathering techniques, according to people familiar with the software's development. The agency quickly realized Apple had closed an important access point used for years by agents to collect information about criminal suspects. Many in the FBI were stunned. Suddenly, photos, text messages, notes and dozens of other sources of information stored on phones were off-limits.

Barack Obama’s Careful Encryption Stance, by Jean-Louis Gassée, Monday Note

I believe our President understands all of this, that he believes unbreakable cryptography is the lesser of two bad choices…but he must weigh what he says. Can we really expect him to say that the FBI is wrong? Instead, he lets the FBI push hard, absorbs some of the reflected Law and Order sunshine, and allows the San Bernardino case to take the long, arduous road to the Supreme Court. And Backdoor legislation will be introduced, discussed and discussed, with the Tech Industry up in arms – and dollars – against it.

Edward Snowden: Privacy Can't Depend On Corporations Standing Up To The Government, by Jon Gold, NetworkWorld

Relying on corporations to protect private data is bad enough in a vacuum – but Snowden pointed out that many tech giants have already proven more than willing to hand over user data to a government they rely on for licensing and a favorable regulatory climate.

We Have A Phone!

Live Blogging A New Phone, In 1877, by Adrienne Lafrance, The Atlantic

Walter: Hey everybody! We’re here with live developments from the telephone event. This could be huge. Revolutionary, even. You probably already know the idea: this new tube-like speaking instrument makes it so people can speak freely over the distance of many miles—hearing one another as if they’re in the same room.

Samuel: Still waiting for Alexander Graham Bell at this point.


One Year Later, Apple's 12-inch MacBook Has Become My Favorite Laptop, by Dan Ackerman, CNET

More and more, I'm drawn to the 12-inch MacBook, compromises and all. Looking back over the past year, it's the system I've most often grabbed for mission critical on-the-go use, and that makes me think my original qualified recommendation was overly cautious.

Telepaint Review, by Craig Grannell, Stuff

Developer Acid Nerve describes its new game as ‘Portal meets Lemmings’. That’s fair, but the premise also appears to propel you into a future world of interior decorating where technology has gone mad.


Apple Pay Has A Siri Problem, by Katherine Boehret, The Verge

When a tool like Apple Pay works, it's like magic. You lift your phone, use fingerprint recognition to confirm the purchase, and walk away. The Wallet app in iOS shows you a list of your recent transactions, and adding credit cards is a simple process. But if Apple Pay fails enough times or isn't accepted at enough places, people forget it exists or think it's not worth trying to use. It's a lot like Siri in that way: too many failed attempts and you'll never open it again — at least not on purpose.

I Am Funnier And Franker On Google Chat, But What’s The Truth About Instant-message Me?, by Morwenna Ferrier, The Guardian

Since instant messenger (specifically Gmail’s chat function) moved from a novelty to my constant companion, I’ve become more aware of the gulf between how I talk to people online and how I talk to them in person.

Goodnight, Antarctica: Researchers Won’t See Sun For Six Months, by Eric Berger, Ars Technica

The first day of spring causes most people in North America to think longingly of warmer days ahead in the summer months. But at the southern edge of the world—specifically, the US Amundsen-Scott South Pole Station—a northern spring marks the last time southern researchers will see the sun for six months.

Bottom of the Page

As usual, by the time Tim Cook steps on the stage to start off the introduction of the special edition iPhone, I'll be in dreamland. See you all tomorrow.


Thanks for reading.