Archive for Apple

Surprise! Cops Can Already Crack iPhones…. So Why Are The Feds In Need Of Apple’s Help?

Posted in Commentary with tags on January 22, 2020 by itnerd

It appears that contrary to what US President Donald Trump and US Attorney General William Barr say, many police departments across the United States already have the ability to crack mobile devices, including the iPhone. And they have been doing so successfully:

Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones. OneZero obtained documents from law enforcement agencies in New York, California, Florida, Texas, Washington, Colorado, Illinois, Ohio, Michigan, New Mexico, and Massachusetts.

These agencies included district attorneys’ offices, local police departments, and county sheriffs’ offices. The number of offices with access to phone-cracking tools across the country is likely far greater than what OneZero uncovered. Not all agencies responded to OneZero‘s request for documents. Some departments and offices claimed the records were exempt from public release. Others told OneZero they would need several months and thousands of dollars to provide the information.

And what further backs up the fact that the arguments made by Trunp and Barr are totally bogus are the following two examples:

Law enforcement doesn’t need Apple’s help to crack iPhone. Thus the only reason that Trunp and Barr are making a stink about this is that they want backdoors in iOS (and likely other operating systems) so that data from smartphones can be obtained at any time for any reason. And it’s beyond crystal clear that this is the case. Hopefully when Apple CEO Tim Cook meets Trump at Davos this week, he can point out just how misguided this all is. And how stupid he looks by trying to push a narrative that is clearly false.

Seeing As The FBI Has Unlocked An iPhone 11, Why Do They Need Apple’s Help To Unlock An iPhone 5 & 7?

Posted in Commentary with tags , , on January 16, 2020 by itnerd

Following up on the latest Apple v. FBI fight where the FBI wants Apple to unlock an iPhone 5 and 7 that belongs to a suspect in a terror incident, despite they fact that the FBI has the ability to do this on their own without Apple’s involvement, comes news that the FBI has apparently got the capability to unlock an iPhone 11 which has far higher levels of security than the iPhone 5 and 7 that they want Apple to unlock:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone. 

So given the facts above, why precisely does the FBI need Apple’s help to unlock an iPhone 5 and 7 given that they’ve unlocked something way more sophisticated from a security standpoint?

They don’t need Apple’s help. This is simply a stunt to get Congress to force companies like Apple to weaken the encryption on smartphones, computers, or anything else so that they can have access to them at any time for any reason. Or put another way, the FBI wants a backdoor into your device. As I have mentioned before, this is a bad idea. And as reports like these come out that show that this is an incredibly cynical attempt to push a political agenda, I would hope that the blowback that results makes those who are pushing this political agenda think twice.

The FBI Could Access The iPhones At The Center Of The Latest Apple v. FBI Fight At Any Time….. So Why Don’t They?

Posted in Commentary with tags , on January 15, 2020 by itnerd

Yesterday I posted a story about the latest Apple v. FBI fight in which I called for some sort of middle ground that would stop stuff like this from happening. In the last few hours, this story has evolved.

First US President Donald Trump took to Twitter to push for the unlocking of the iPhones that are at the center of this fight:

And at about the same time, it came to light that the iPhones that are at the center of this are an iPhone 5 variant and an iPhone 7 variant. Why is that important? Well, the FBI already has the ability to unlock them without needing Apple to do it for them. Whether the FBI via a company like Cellebrite who was the company that the FBI used to unlock the San Bernardino shooter’s iPhone 5C a few years ago gets it done, or using a device like the ones sold by Grayshift which allegedly the FBI already owns, or using a vulnerability called “checkm8” that is present in every iPhone up until the iPhone X, the FBI could unlock these phones at any time.

So why are the FBI and Trump demanding Apple unlock these phones? It’s simple:

  • If Apple could somehow do this, it would set a precedent and the FBI would in theory have the ability to access any iPhone. Including current models which are much harder to crack.
  • If Apple refuses then they could push Congress to create legislation to force Apple to give them the ability to access any iPhone they want by painting them as the bad guy.

The fact is that this fight isn’t about these specific iPhones, it’s as I said yesterday about being able to access any iPhone of anybody that is of interest to them. And the FBI and company are just leveraging these iPhones to get to that end goal. This has nuanced my view of this situation a bit. I still feel that there needs to be some sort of middle ground when it comes to situations like this. But this is a pretty brazen and cynical attempt to get more than a compromise when it comes to this issue. It will be interesting to see what happens when this ends up in court. Which it will.

The Latest Apple v. FBI Fight Shows That We Need A Middle Ground For Situations Like This

Posted in Commentary with tags , , on January 14, 2020 by itnerd

Yesterday a story hit news that the FBI via US Attorney General William Barr is demanding the help of Apple to unlock the phone of a Saudi citizen who went on a deadly shooting last month at a naval air station in Pensacola, Fla. that killed three and wounded eight.

“This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence,” Mr. Barr said. He called on technology companies to find a solution and complained that Apple had provided no “substantive assistance,” a charge that the company strongly denied on Monday night, saying it had been working with the F.B.I. since the day of the shooting.

Here’s what Apple said in response:

In a statement Monday night, Apple said the substantive aid it had provided law enforcement agencies included giving investigators access to the gunman’s iCloud account and transaction data for multiple accounts.

The company’s statement did not say whether Apple engineers would help the government get into the phones themselves. It said that “Americans do not have to choose between weakening encryption and solving investigations” because there are now so many ways for the government to obtain data from Apple’s devices — many of which Apple routinely helps the government execute.

So it seems like we are headed towards another FBI v. Apple fight. But let’s be clear. What this is all about is to ensure that the FBI or any other law enforcement agency or government can access any smart phone for any reason any time they want. While I understand that the FBI among others wants to protect people from any threat that exists, I don’t believe that this gives them the right to say that the rights of citizens get over-ridden because of this. I say that because if you look at Attorney General Barr’s statement, he wants technology companies to “find a solution” to allow him and those underneath him to get whatever it is they want at will. And it’s safe to say that they want backdoors into iOS, Android, or whatever OS they see fit that gets them past whatever security or encryption that the device in question has. Giving any government a backdoor into any OS is a bad idea as governments tend to have pretty poor track records of keeping stuff like that out of the wrong hands. Which means when the backdoor leaks out, we’re all screwed. This is on top of the potential privacy issues that could be at play.

Thus here’s my ask of everyone that is involved. Tech companies and governments need to find some sort of middle ground for situations like this. One where the needs of both sides are represented and nobody, especially you and I, loses. Because having each of them at their respective extreme ends of the spectrum isn’t working for either party. And as a result this fight will simply keep going on and on with no real resolution. Or worse yet, a government will simply take some draconian action to get what they want and inadvertently affect their citizens in a negative way. And neither of those are desirable outcomes.

 

How To Check If The New Car That You Want Has Apple CarPlay AND Android Auto Included

Posted in Commentary with tags , on January 2, 2020 by itnerd

I had a client of mine tell me a story about their hunt for a new car. In short, they went to the dealer, got the specs, test drove the car, and liked it. Then they asked if it came with Apple CarPlay. The dealer said no. They then got up and walked out of the dealership. In their case, Apple CarPlay was a critical item for them. Thus if a car didn’t have it, they weren’t interested in that car. Then they had a question for me, how can they tell up front what cars come with Apple CarPlay.

Now their reaction isn’t unique. Having Apple CarPlay and/or Android Auto is a major selling point for car buyers. And any car company that doesn’t have one, the other, or both may lose a sale. Fortunately for car buyers, this is easy to research before you go to the dealership. Both Apple and Google maintain compatibility lists which you can see via the links below:

Now if I were you, I would be looking to have both Android Auto and Apple CarPlay in your next new vehicle. Here’s why. At some point down the road (excuse the pun) you may want to go from Team Android to Team iPhone or vice versa for your next new smartphone. Thus a car that supports both is one that will cause you way less frustration as Android Auto and Apple CarPlay are far easier to use than most if not all car makers built in systems. Thus checking to see if the car that you’re interested in has both is a worthwhile investment in your time as there are car companies that only support one of these systems. Porsche for example only supports Apple CarPlay for reasons that you can read about here. No Lexus vehicle that I am aware of supports Android Auto, and only some 2019 model year vehicles support Apple CarPlay. My last example comes from sister brand Toyota. A small number of 2019 model year vehicles and a larger number of model year 2020 vehicles support CarPlay. But only a small number of 2020 Toyota vehicles support Android Auto. Thus you need to do your homework before going to the dealer.

Finally, one last piece of advice that I would have is once you choose your vehicle, which is to make sure the dealer sets up your phone and walks you through how everything works. This is something that I strongly feel that this should be a given when you buy a car these days. But I hate to say that it isn’t. In many cases they do nothing other than pair your phone via Bluetooth and that’s it. So if that happens to you, you do have another option. Both Apple and Google have tutorials that can get you started with either of their systems. I’d peruse those to help you use both these systems in your shiny new car.

A Great Reason To Update Your Apple Watch, iPhone, and Mac ASAP: Apple Fixes A FaceTime Bug That Appears To Be Very Serious

Posted in Commentary with tags on December 10, 2019 by itnerd

Apple as many of you are aware released a number of software updates today. Specifically:

  • watchOS 5.3.4
  • watchOS 6.1.1
  • macOS Catalina 10.15.2
  • Security Update 2019-002 Mojave
  • Security Update 2019-007 High Sierra
  • tvOS 13.3
  • iOS 12.4.4
  • iOS 13.3
  • iPadOS 13.3
  • Safari 13.0.4

I spent part of my day reading through the security info of all these updates. That is something that I do as a matter of course because it helps me to judge if I need to install an update now or if it can wait a day two. And after reading through the security info, users of following OSes should update ASAP

  • iOS 13
  • iPadOS 13
  • iOS 12
  • macOS Catalina
  • watchOS 5
  • watchOS 6

The reason being is that all of these OSes share a FaceTime bug in common. Specifically this one (copied from this page related to watchOS 5.3.4):

FaceTime

Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to a device with iOS 12 installed

Impact: Processing malicious video via FaceTime may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8830: Natalie Silvanovich of Google Project Zero

The key part is that this was reported by Google’s Project Zero team. Now Google Project Zero doesn’t report trivial bugs. They only report the most serious ones. Thus whatever this bug that allow “arbitrary code execution” from a malicious video via FaceTime has to be pretty serious. Which means that you by default must take it seriously because there’s a very good chance that if it isn’t already being exploited, it will be now.

As an aside, in case you are wondering why watchOS is on this list, the Apple Watch Walkie Talkie feature uses FaceTime audio, and it has historically been buggy.

Thus if I were you, I would set aside some time to update your Apple Watches, iPhones running iOS 12 or 13, and Macs running Catalina ASAP as there is likely a clear and present danger that you need to protect yourself from.

UPDATE: Macrumors is reporting that another serious flaw that is related to AirDrop on iOS has been fixed. That’s another reason to update ASAP. Strangely, this issue isn’t listed in the security info for iOS 13.3. Nor is it listed in the release notes for iOS 13.3. Strange.

My Apple Watch Would Not Install watchOS 6.1.1 ….. Here’s How I Fixed It

Posted in Commentary with tags on December 10, 2019 by itnerd

Today Apple released watchOS 6.1.1 and I decided to update my Apple Watch from the watch itself at the same time that I was was updating my iPhone. By that I mean using the software update function on each device so that they would update independently of each other. I have done that before and nothing bad has happened. But this time that turned out to be a mistake as the watchOS update would not install. It prompted me with an “Install” button  on the Apple Watch. Then it went to “verifying”, and then it put me back to “Install”. I tried rebooting the Apple Watch and that did not help.

So after I updated my iPhone to iOS 13.3, I tried doing the update from there and got exactly the same behavior. That was interesting. I tried rebooting the iPhone and that didn’t help either. So I tried this as my next troubleshooting step:

  • I opened the Watch app on my iPhone
  • I went to General > Usage > Software Update.
  • I then deleted the update file and tried  to download and install the update again. What was curious about that was that it sat there for a very long time and said it couldn’t communicate with my Apple Watch. Then it deleted the update. Weird.

Now by doing that, I got a different issue. It downloaded the update, but it said that It could not communicate with the Apple Watch. I checked the Bluetooth settings and it said it was connected. But I figured that it wasn’t really connected, so I put both the Apple Watch and iPhone into airplane mode and then took it out of that mode and let them connect to each other. I then tried updating again and it worked.

So, it seemed that I had a couple of problems and I believe that it all started with me trying to update my iPhone and Apple Watch at the same time. That’s something that I will not be doing again going forward. Instead I will do the watchOS update from my iPhone after I install the iOS update. That seems to not only the safer choice, but it would have saved me an hour of troubleshooting this. But hopefully my pain is your gain if you find yourself in a similar situation.

UPDATE: Apparently, many other people are in a similar situation with watchOS 6.1.1:

The symptoms above are the same ones I had before I was successfully able to upgrade. And on top of that, one person responded directly to my Tweet trying to solicit help from Apple Support on Twitter:

Clearly there’s some sort of issue with watchOS 6.1.1. I’ll be keeping an eye on this.