Hardware hack for San Bernadino iPhone 5c possible but risky

Posted by:
Date: Thursday, March 10th, 2016, 07:49
Category: Hardware, iPhone, News, security

lockediphone5c

The data onboard the iPhone 5c at the heart of the decryption/unlocking scandal could be accessible via a hardware technique.

This hardware technique, apparently, isn’t for the faint of heart.

In recent days, the American Civil Liberties Union’s technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone’s password.

Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone’s password.

The forensic technique to get at the data, known as “chip off,” involves removing a NAND flash memory chip and copying its data. If successful, this would yield a decryption key that can be restored if it is erased after incorrect guesses.

(more…)

Husband of San Bernadino shooting survivor takes Apple’s side in iPhone encryption controversy

Posted by:
Date: Tuesday, March 1st, 2016, 12:36
Category: iPhone, Legal, News, security, Software

lockediphone5c

While a recent poll has suggested that the majority of Americans support the FBI and would have Apple decrypt the San Bernadino shooter’s iPhone 5c, Apple apparently has the backing of the husband of one of the survivors of the terrorist attack, which left 14 people dead and 22 others seriously injured, after he changed his mind over the case.

Salihin Kondoker, whose wife Anies Kondoker was shot three times in the attack but avoided the main hall after taking a trip to the bathroom, filed a friend of the court brief siding with Apple in its dispute with the FBI. Writing in a letter to Judge Sheri Pym, Kondoker, Kondoker explains how his opinion on the case turned when he delved deeper into the longer term implications of the FBI’s order.

(more…)

Malware, leaked emails, code samples point to HackingTeam’s return on the Mac

Posted by:
Date: Tuesday, March 1st, 2016, 07:27
Category: Developer, News, security, Software

trojanhorse

HackingTeam has apparently returned.

A group of researchers has uncovered what appears to be malware from the HackingTeam group. The group had surfaced last July, creating malware-as-a-service software.

Recently, a sample of the group’s work, posted to the Internet, revealed 400 gigabytes worth of the group’s private e-mail and source code.

The sample was uploaded on February 4 to the Google-owned VirusTotal scanning service, which at the time showed it wasn’t detected by any of the major antivirus programs. A technical analysis published Monday morning by SentinelOne security researcher Pedro Vilaça showed that the installer was last updated in October or November, and an embedded encryption key is dated October 16, three months after the HackingTeam compromise.

(more…)

Justice Department looking to have Apple help extract data from 12 additional iPhones

Posted by:
Date: Tuesday, February 23rd, 2016, 07:12
Category: iPhone, Legal, News, security

lockediphone5c

The plot thickens.

In the midst of the controversy between Apple and the Department of Justice regarding the unlocking of the San Bernadino shooter’s iPhone, the U.S. Department of Justice is pursuing additional court orders that would force Apple to help federal investigators extract data from twelve other encrypted iPhones that may contain crime-related evidence.

The revelation comes nearly one week after a U.S. federal judge ordered Apple to assist the FBI with unlocking an iPhone belonging to suspected San Bernardino terrorist Syed Rizwan Farook. Apple strongly opposed the court order last week in an open letter to customers.

(more…)

Apple releases updated iOS 9.2.1 variant to make amends for handsets affected by Error 53

Posted by:
Date: Thursday, February 18th, 2016, 13:00
Category: Hardware, iOS, iPhone, News, security

error53

A bit of an apology from Apple following the “Error 53” controversy.

Apple on Thursday released an updated version of iOS 9.2.1, bypassing what the company has admitted to be a factory test of the Home button during start up.

Apple released an updated version of iOS 9.2.1 to restore newer iPhones that were disabled by Error 53. This iOS update will prevent future iPhones from experiencing Error 53 if they have their Home buttons repaired by a third-party repair shop. This update can only be installed by connecting the iPhone to iTunes on a Mac or PC, not over the air.

(more…)

Federal judge orders Apple to help FBI unlock San Bernadino shooter’s iPhone 5c

Posted by:
Date: Wednesday, February 17th, 2016, 08:19
Category: iOS, Legal, News, security, Software

lockediphone5c

A few months after the San Bernadino shootings, Apple was ordered by a U.S. federal judge on Tuesday to help the FBI unlock the iPhone 5c used by shooter Syed Farook. According to court papers, Apple “declined to provide [assistance] voluntarily.”

The judge ruled Tuesday that Apple had to provide “reasonable technical assistance” to the government in recovering data from the iPhone 5c, including bypassing the auto-erase function and allowing investigators to submit an unlimited number of passwords in their attempts to unlock the phone. Apple has five days to respond to the court if it believes that compliance would be “unreasonably burdensome.”

Prosecutors have argued that the “government was unable to complete the search because it cannot access the iPhone’s encrypted content.” The FBI argued that Apple has the “technical means” to assist the government and, in a statement, U.S. attorney Eileen M. Decker said that the order was a “potentially important step” in finding out “everything we possibly can” about the San Bernardino attack.

(more…)

Apple acquires security firm LegbaCore

Posted by:
Date: Wednesday, February 3rd, 2016, 08:10
Category: security, Uncategorized

legbacore

When in doubt, buy one of the best security firms you can get your hands on.

Back in November of 2015, Apple quietly acquired security consultancy firm LegbaCore. The acquisition was initially revealed back in December by security researcher Trammell Hudson during a presentation at the 32C3 conference. The acquisition was further corroborated by a series of tweets from founder Xeno Kovah and the company’s website, which states that it is “not accepting any new customer engagements.”

The specific details are unclear, although Kovah and his partner Corey Kallenberg are working full-time at Apple, although their specific roles are unclear. Kovah only stated that he and Kallenbeg would be working on “low level security” at the company.

(more…)

Apple releases iOS 9.2.1, OS X 10.11.3 updates

Posted by:
Date: Tuesday, January 19th, 2016, 16:53
Category: iOS, News, OS X, Software, Yosemite

applelogo1

They’re not huge updates according to Apple, but they could make a difference.

Apple on Tuesday released iOS 9.2.1 and OS X 10.11.3, the company stating that both updates contain security and bug fixes.

More specifically, iOS 9.2.1 contains a fix for an issue “that could prevent the completion of app installation when using an MDM server.”

(more…)

Proposed bill in New York state could allow backdoor access for law enforcement, threatens fines for non-compliance

Posted by:
Date: Thursday, January 14th, 2016, 09:27
Category: Legal, News, security

Gay Marriage NY

Let the arguments begin.

A new bill proposed in New York could require that all phone manufacturers be required to implement a way for law enforcement agencies to access and decrypt user devices. This bill is somewhat similar to the Investigatory Powers Bill currently being debated in the UK, which Apple has voiced its opposition towards. Apple and Tim Cook have repeatedly stated that government agencies should not have any access to user devices or data, whether be through a built-in backdoor or other means.

The bill is currently making its way through the new York state assembly and specifically states that “any smartphone manufactured on or after January 1, 2016, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.” Failure to meet such a requirement would impose a $2,500 on each infringing device.

(more…)

Apple CEO Tim Cook criticizes White House policies towards encryption

Posted by:
Date: Wednesday, January 13th, 2016, 10:21
Category: News, security

appletimcook

In spite of how well received last night’s State of the Union was, Apple CEO Tim Cook still had harsh words for the Obama administration regarding encryption last night.

Cook, who’s currently in favor of unbreakable encryption, offered the following statement:

“The White House should come out and say ‘no backdoors’ Cook said. That would mean overruling repeated requests from FBI Director James Comey and other administration officials that tech companies build some sort of special access for law enforcement into otherwise unbreakable encryption. Technologists agree that any such measure could be exploited by others.”

(more…)