For anyone enjoying my photography, I’m maintaining my favorite photos on 500px.
Looking for a way to get your family fit, and reward them for reaching fitness goals? Want to tie video game or computer time to your child’s activity? Fitcubs does the heavy lifting for you! Fitcubs lets you register all of your children’s Fitbit accounts under one app, and automatically assigns rewards based on rules you create inside Fitcubs. Watch your children automatically accrue rewards for video game time, computer time, treats, or anything else you want, as Fitcubs continually monitors their Fitbit data. Have rewards automatically accrue based on different types of activity, calories burned, or steps walked. At a glance, you can see your child’s activity for each day, the rewards they’ve accrued, and quickly check off rewards when your child decides to redeem it. Timers and alarms will let you know how much time your child has remaining, and alert you when their video game time is up! It doesn’t get any easier than this!
For more information, visit fitcubs.com
In early 2014, I provided material support in what would end up turning around what was, in their own words, the US Army’s biggest case in a generation, and much to the dismay of the prosecution team that brought me in to assist them. In the process, it seems I also prevented what the evidence pointed to as an innocent man, facing 25 years in prison, from becoming a political scapegoat. While I would have thought other cases like US v. Manning would have been considered more important than this to the Army (and certainly to the public), this case – US v. Brig. Gen. Jeffrey Sinclar with the 18th Airborne Corps – could have seriously affected the Army directly, and in a more severe way. It was during this case that President Obama was doing his usual thing of making strongly worded comments with no real ideas about how to fix anything – this time against sexual abuse in the military. Simultaneously, however, the United States Congress was getting ramped up to vote on a military sexual harassment bill. At stake was a massive power grab from congress that would have resulted in stripping the Army of its authority to prosecute sexual harassment cases and other felonies. The Army maintaining their court martial powers in this area seemed to be the driving cause that made this case vastly more important to them than any other in recent history. At the heart of prosecuting Sinclair was the need to prove that the Army was competent enough to run their own courts. With that came what appeared to be a very strong need to make an example out of someone. I didn’t have a dog in this fight at all, but when the US Army comes asking for your help, of course you want to do what you can to serve your country. I made it clear, however, that I would deliver unbiased findings whether they favored the prosecution or not. After finishing my final reports and looking at all of the evidence, followed by the internal US Army drama that went with it, it became clear that this whole thing had – up until this point – involved too much politics and not enough fair trial.
I received word from the editor-in-chief that the author of an accepted paper has permission to publish it on his website, and so I am now making my research available to anyone who wishes to read it. The following paper, “Identifying back doors, attack points, and surveillance mechanisms in iOS devices” first appeared published in The International Journal of Digital Forensics and Incident Response in March 2014′s publication. The Editor-in-Chief is Eoghan Casey, with the Information Security Institute, John Hopkins University, Maryland. The editorial board consists of researchers from Google, Microsoft, LG, The Mitre Corporation, and a number of universities. This paper was the basis for my talk at the HOPE/X conference in NYC in July 2014. Please enjoy.
Security firm Stroz Friedberg has published findings validating the technical claims of my latest research, by independently reproducing them against iOS 7 and iOS 8 Beta 4 (NOTE: as I mentioned, Apple has already begun addressing these issues in Beta 5). Interestingly, the firm has also published an open-source proof of concept tool named unTRUST to allow users to remove pairing records from their iOS devices without wiping the device. I haven’t yet had a chance to test it, but this is most certainly good news. It also demonstrates that there is enough of a security threat that such proof-of-concept tools have come into existence.
I’m just learning of this paper myself and had not been previously contacted by the firm; and I think that is a good practice in validating someone else’s research – to evaluate and reproduce it independently. Whereas journalism, on the other hand, should always involve reaching out to the researcher to make sure people get their facts straight.
Direct link to the published paper can be found at the link below:
A few days after I gave a talk at the HOPE/X conference titled, “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices”, ZDNet published what their senior editor has described privately to me as an opinion piece, however passed it off as a factual article in an attempt to make headlines at my expense. Now that things have had time to settle down, I’ve taken the time to calmly write up a post-mortem describing what actually happened as well as some behind-the-scenes details that may shed some light on the drama we’ve seen from ZDNet and one of its writers over the past couple of weeks. Let me say first that this is the last time I will address this matter, and have no desire to continue to discuss it, or engage with ZDNet or their writer. In fact, I haven’t engaged with either parties since this all transpired a week or so after my talk, in spite of repeated attempts to bait me with more personal attacks and false claims of harassment.
At HOPE/X, I gave a very carefully-worded talk describing a number of “high value forensic services” that had not been disclosed by Apple to the consumer (some not even to developers), such as the com.apple.mobile.file_relay service, which I admitted to the audience as having “no better word for” to describe than as a “backdoor” to bypass the consumer’s backup encryption on iOS devices. A number of news agencies reached out to me, and I took time to explain to each journalist that this was nothing to panic about, as the threat models were very limited (specifically geared towards law enforcement forensics and potentially foreign espionage). Also, that I did not believe there was any conspiracy here by Apple. Reporters from ARS Technica, Reuters, The Register, Tom’s Guide, InfoSec Institute, and a number of others spoke to me and got all the time they wanted. You can see that these journalists each published relatively balanced and non-alarmist stories; even The Register, who prides themselves on outlandish headlines, if you read their story, was actually quite level headed about the matter. A number of other news agencies, who had not reached out to me, published sensationalist stories with fabricated claims of an NSA conspiracy, secret backdoors, and other ridiculous nonsense. I tried very hard to throw cold water on those ideas both in my talk and in big letters on my first blog entry, with”DON’T PANIC” and instructions for journalists.
ZDNet was among the news agencies that had initially published a sensationalist story without approaching me first for questions.
Apple’s new, relaxed NDA rules appear to allow me to talk about the iOS 8 betas. I will hold off on the deep technical details until the final release, as I see that Apple is striving to make a number of improvements to the overall security of their product. What I will say is that so far, things look quite promising. Shortly after my talk at HOPE/X, citing my paper, “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices”, along with a proof of concept, Apple released Beta 5, and a number of the “high value forensic services” I’d outlined in my paper have now been disabled wirelessly, including the packet sniffer service that got many upset (note: we’ve known about the packet sniffer for years, but it was never disclosed to consumers that it was active outside of developer mode). Apple’s fixes are clearly still a work in progress, and not all of my security concerns have been addressed yet, but it does show that Apple does care about the security of their product, and likely wants to prevent their APIs from being abused by both malicious hackers and government. Given that a number of my threat models involved government spying, it feels good to know that Apple has taken my research seriously enough to address these concerns. Keep in mind, the threat model we’re dealing with also includes foreign governments, many of which have long histories of spying on our country’s diplomats. I’ve instructed a number of counter-forensics classes to diplomatic infosec personnel, and the threats of spying on data are very real for these people, to the degree that a lot of cloak-and-dagger goes into play on both sides, especially when visiting technologically hostile countries.
Up in the mountains of northern Maine are a number of peaceful, hidden moss-covered streams. They’re not difficult to find, you just need to look for the culverts on mountain roads, and then you can follow them on foot deep into the forest. While there are a number of hiking trails all over New England, there’s also a lot of untouched public (or at least unoccupied) land that you can explore. Folks are generally laid back around these areas, so if you accidentally happen onto someone’s land, nobody generally minds. In Maine, there is a lot of public and private land that is used for hunting, so during hunting season, you’ll want to make sure that your’e wearing something bright. If someone doesn’t want you on their land, you’ll see a keep out sign. If you don’t, it’s probably public land or the owners don’t mind if you use it. Gotta love it in the country.
I’ve heard a number of people make an argument about Apple’s authentication front-ending the services I’ve described in my paper, including the “file relay” service, which has opened up a discussion about the technical definition of a backdoor. The primary concern I’m hearing, including from Apple, is that the user has to authenticate before having access to this service, which one would normally expect would preclude a service from being a backdoor by some (but not all) definitions. This is a valid point, and in fact I acknowledge this thoroughly in my paper. Let me explain, however, why this argument about authentication is more complicated and subtle than it seems.
Most authentication schemes are encapsulated from weakest to strongest, and are also isolated from one another; certain credentials get you into certain systems, but not into others. You may have a separate password for Twitter, Facebook, or other accounts, and they only interoperate if you’re using a single sign-on mechanism (for example, OAuth) to use that same set of credentials on other sites. If one gets stolen, then, only the services that are associated with those credentials can be accessed. Those authentication mechanisms are often protected with even stronger authentication systems. For example, your password might be stored on Apple’s keychain, which is protected with an encryption that is tied directly to your desktop password. Your entire disk might also be encrypted using full disk encryption, which protects the keychain (and all of your other data) with yet another (usually stronger) password. So you end up with a hierarchy of authentication mechanisms that get protected by stronger authentication mechanisms, and sometimes even stronger ones on top of that. Apple’s authentication scheme for iOS, however, is the opposite of this, where the strongest forms of authentication are protected by the weakest – creating a significant security problem in their design. The way Apple has designed the iOS authentication scheme is that the weakest forms of authentication have complete control to bypass the stronger forms of authentication. This allows services like file relay, which bypasses backup encryption, to be accessed with the weakest authentication mechanisms (PIN or pair record), when end-users are relying on the stronger “backup encryption password” to protect them.