MyAppleMenu

The Side-Channel Edition Friday, March 22, 2024

Unpatchable Vulnerability In Apple Chip Leaks Secret Encryption Keys, by Dan Goodin, Ars Technica

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Apple In Courts

US Sues Apple For Illegal Monopoly Over Smartphones, by Lauren Feiner, The Verge

The US Department of Justice and 16 state and district attorneys general accused Apple of operating an illegal monopoly in the smartphone market in a new antitrust lawsuit.

The DOJ and states are accusing Apple of driving up prices for consumers and developers at the expense of making users more reliant on its iPhones. It alleges that Apple “selectively” imposes contractual restrictions on developers and withholds critical ways of accessing the phone, according to a release.

Apple's iMessage Encryption Puts Its Security Practices In The DOJ's Crosshairs, by Andy Greenberg, Andrew Couts, Wired

For well over a decade, Apple has been praised by privacy advocates for its decision in 2011 to end-to-end encrypt iMessage, securing users' communications on the default texting app for all its devices so thoroughly that even Apple itself can't read their messages. Years before WhatsApp switched on end-to-end encryption in 2016, and before Signal—now widely considered the most private end-to-end encrypted messaging platform—even existed, Apple quietly led the way with that security feature, baking it into a core piece of the Apple ecosystem.

So it's ironic that, now that the US Department of Justice has hit Apple with a landmark antitrust lawsuit, alleging that it has sought for years to monopolize the smartphone market and gravely harmed consumers in the process, iMessage's end-to-end encryption has become Exhibit A for an argument about Apple's privacy hypocrisy—that Apple's allegedly anticompetitive practices have denied users not only better prices, features, and innovation, but also better digital security.

The Lock-in Problem At The Heart Of The Apple Monopoly Lawsuit, by Victoria Song, The Verge

We’ve all known for years about green bubbles and that you can’t bring your Apple Watch to an Android phone. What the DOJ is saying is that, altogether, this series of protective policies makes it extremely difficult for an iPhone user to leave its walled garden, limiting competition so much that it breaks the law.

Apple’s War On Streaming And Super Apps Helped Set It Up For An Antitrust Battle, by Emma Roth, The Verge

However, the DOJ’s lawsuit claims that Apple doesn’t want users or companies in the US to benefit from super apps. It notes that during a board of directors presentation, Apple cited super apps as a “major headwind” to boosting iPhone sales in countries where they’re popular because of “[l]ow stickiness” and “[l]ow switching costs.” If someone benefits from using a super app, they don’t necessarily need to be tied to any one ecosystem — like Apple’s.

The iPhone maker sees super apps as “‘fundamentally disruptive’ to ‘existing app distribution and development paradigms’ and ultimately Apple’s monopoly power,” the lawsuit reads. That’s why it’s allegedly blocking developers from putting them on the App Store by requiring super apps to display mini programs in a “flat, text-only list” rather than as individual icons or tiles. The company also doesn’t allow super apps to categorize mini programs in their apps, preventing them from showing recently played games or a list of titles from the same developer.

Apple CarPlay Is Anticompetitive, Too, US Lawsuit Alleges, by Andrew J. Hawkins, The Verge

“By applying the same playbook of restrictions to CarPlay, Apple further locks-in the power of the iPhone by preventing the development of other disintermediating technologies that interoperate with the phone but reside off device,” the lawsuit says.

The inclusion of CarPlay, as well as digital key functions through Apple’s Wallet feature, came as a surprise to some analysts, who say that the DOJ may be misunderstanding the utility and functions of the phone-mirroring system.

Apple Slams DOJ Case As Misguided Attempt To Turn iPhone Into Android, by Natasha Lomas, TechCrunch

In a briefing with journalists following the DOJ’s announcement this morning, Apple dismissed these market definitions as gerrymandering on the part of government lawyers trying to make a monopoly case stick where it argues there is none.

[...]

The wider argument Apple is making is the suit targets an experience consumers value, which drives loyalty and leads them to prefer iPhones over Android smartphones in the first place — something it suggests the DOJ’s case entirely fails to factor in. And by seeking to undo core differentiating (and valued) features of its mobile ecosystem a successful outcome for the government would result in reduced consumer choice.

Apple Responds To Major Lawsuit Filed By U.S. Department Of Justice, by Joe Rossignol, MacRumors

In a statement shared with MacRumors, Apple said the lawsuit is "wrong on the facts and the law," and the company vowed to "vigorously defend" itself.

Apple Says It Spent Three Years Trying To Bring Apple Watch To Android, by Chance Miller, 9to5Mac

In response to the DOJ’s assertion, Apple confirmed for the first time that it at one point considered Android support for the Apple Watch. After a three-year investigation, Apple says that it determined an Apple Watch with Android support wasn’t doable because of technical limitations. As such, it scrapped the idea.

Apple's iPhone Is Not A Monopoly Like Windows Was A Monopoly, by Matt Rosoff, TechCrunch

The key section in the DOJ’s case begins on page 66, entitled, “Apple has monopoly power in the smartphone and performance smartphone markets.” The argument comes down to barriers to entry.

[...]

But in terms of barriers to entry, Apple could argue that product differentiation and integration is not the same as foreclosing competition. A fully integrated platform with built-in apps for particular features like web browsing and videoconferencing is easy and convenient and customers choose it, and continue to choose it, because they prefer it, not because they’d like to switch to Android and are blocked by artificial barriers.

U.S. Versus Apple: A First Reaction, by Jason Snell, Six Colors

What I’ve learned in observing three decades of government interaction with tech is that the most likely outcome is one that doesn’t make a whole lot of sense. I could create a list of Apple behaviors that I consider to be anticompetitive and unfriendly to consumers, but many of them are barely touched on in this document.

So my prediction is that this will be a long, drawn-out process that will end up with Apple changing some of its policies. Some of those changes will be substantial and will alter how the company operates; others will be pointless and cause no appreciable effect; and still others will degrade the experience of iPhone users without increasing competition. Meanwhile, other Apple policies that stifle competition, degrade the user experience, and cost users money will just go on as usual, unchanged and unchallenged.

The Antitrust Case Against Apple Argues It Has A Stranglehold On The Future, by Makena Kelly, Vittoria Elliott, Wired

The Department of Justice said Thursday that any potential remedy was on the table for Apple—implying that even breaking up the company is a possibility. But Allensworth says it is unlikely the government would pursue that outcome. The proposed remedies could more likely force Apple to change its "technological and contractual restrictions on app development, and on interoperability with other phones,” she says. “That is something that could be very meaningful, if that remedy were fully realized and overseen in a good way. But it still leaves Apple basically in control of the ecosystem,” Allensworth says.

Paul Swanson, antitrust partner at the law firm Holland & Hart, sees potential difficulties ahead for the suit. “They're alleging that Apple is excluding competition in the smartphone market by making their products stickier, by making it very attractive to stay within their ecosystem. And the way that Apple does that, according to the DOJ, is that it doesn't cooperate nicely with other companies,” he says. But Swanson says antitrust laws don’t generally require companies to work with others. “A business doesn't violate antitrust laws by terminating or refusing to work with another business.”

Stuff

Apple Releases iOS 17.4.1 And iPadOS 17.4.1 With Bug Fixes And Security Improvements, by Juli Clover, MacRumors

According to Apple's release notes, the iOS 17.4.1 update includes important security updates and bug fixes.

iPadOS 17.4.1 Fixes QR Code Scanning Bug, by Juli Clover, MacRumors

The iPadOS 17.4.1 update that Apple released this morning addresses a bug that could prevent certain iPads from being able to scan QR codes.

Apple Releases visionOS 1.1.1 With Bug Fixes, by Juli Clover, MacRumors

According to Apple's release notes for the update, visionOS 1.1.1 introduces "important bug fixes and security updates." The software is recommended for all users.

Alfred 5.5, by Agen Schmitz, TidBITS

Running with Crayons jumps to version 5.5 of its Alfred with new workflow components and improvements for the keyboard-driven launcher.

Retrobatch 2.1, by Agen Schmitz, TidBITS

Flying Meat has released Retrobatch 2.1, bringing a new Lookup Table (LUT) node to the bulk image processing utility to alter the color and tone of images.

Use The 'Days Since' App To Quit Your Bad Habits, by Khamosh Pathak, Lifehacker

There will be times when you will break a streak; you'll eat a bag of Doritos or have a drink. You're only human, after all. This is where you can reset the counter and begin again. What I like is that the app will let you make a note when you’re resetting a counter, so you can look back at the history of all your resets and your streaks and you can gain valuable insights into your behavior.

Bottom of the Page

Let me see if I get this right… If iPhone is new Windows, then Apple Watch is the new Internet Explorer?

~

Thanks for reading.