How could Apple help bypass an iPhone Pin?
This week BBC news reported that Apple would not help the FBI bypass the pin on one of their phones
The FBI have apparently asked Apple to create two assistive technologies :
“Firstly, it wants the company to alter Farook’s iPhone so that investigators can make unlimited attempts at the passcode without the risk of erasing the data.
Secondly, it wants Apple to help implement a way to rapidly try different passcode combinations, to save tapping in each one manually.”
Ignoring who is right or wrong in this matter – these are not uncommon requests – I’ve been asked by various governments and “three letter agencies” in the past to do exactly the same thing, which I too have politely declined.
Reading between the lines, the FBI requests would indicate an admission that the actual cryptography within the iPhone is robust and correctly implemented – and that there are no discovered back doors which would allow the FBI access to the data without Apple’s help.
So we can assume that the FBI cannot usually access data stored on iPhones. What help can Apple give?
Elective Age Ratings, Breaking down Age-Label
This week I was introduced to the web site age-appropriate rating system Age-Label, sponsored by OMK in Germany. Proposed as a standard for self-regulation of web sites, it allows owners to insert a small xml file “age-de.xml” in the root of their websites which defines the appropriate age ratings of the site, or subsections of such. I dug deep into the system and did some trawling across the internet to find out how used it is.
You can read an English translation of the standard online.
It would seem like a good idea – instead of relying on a third party to analyse the content of your site and make a determination on what age groups it’s appropriate for, web site owners can define it for themselves. The XML file also allows you to specify different sections of your website for different age readers.
Of course, this requires some appropriate technology on the readers device to look for, interpret, and act on the age-de.xml file – but if you imagine a world where the majority of sites are (honestly) tagged, and browsers use the xml data, and parents set the browsers with the appropriate age information, we could indeed go a long way towards protecting minors from inappropriate content.
Smarthome 102 – Electrical
Following on from my article on Plumbing your smarthome here are my top tips for electrical work when you’re designing or remodeling a home. I’ve bought surprisingly featured homes designed with expansion and maintenance in mind, and also homes that though well built,were not built to be smart, maintainable or upgraded.
Don’t forget that most countries require permits for electrical additions, even if it’s just adding a new outlet so the more you plan ahead, the better use you can make of your electricians time.
1. Run Neutral wires to each switch location.
More common now than a decade ago, but still I see new homes with no neutral in switchboxes. This may seem obscure, but most modern smart switches need live and neutral to operate – but most lighting switches work on live only. Make sure your electrician runs neutral wires to all switch locations so you can add smart switches at some point in the future. Read more…
SmartHome 101 – Plumbing
Simon’s tips and tricks when you’re creating a smart home with a pencil, or hammer. Taking a moment to think about how your plumbing is going to be laid out, considering future upgrades and accessibility for repair and replacement will make things much easier for you.
For Electrical tips, see Smarthome 102
1. Don’t put a shower head or controls on an outside wall.
This one should be obvious – if you install your shower controls on an outside wall, there’s no way to EVER get behind them. This may not be something you’re worried about now, but what about in a few years when you want to replace the diverter valve with the newest technology?
If possible make sure that there’s an interior wall behind your shower controls, and best, a closet – because you can easily cut a hole in the closet drywall to get to the valve, and that won’t mean having to re-tile your shower. Read more…
One more thing you don’t want to know about bitlocker..
This week I found another item to add to my infamous “10 Things You Don’t Want to know about Bitlocker” post – research just published by Synopsys hacker Ian Hakan shows there’s been a trivial bypass for Bitlocker without pre-boot for a long time – seemingly since 2000!
So No. 11 – If you don’t use pre-boot Bitlocker can be easily bypassed by someone with a rogue domain server.
Thankfully Microsoft jumped in with a fix in MS15-122 security bulletin – but you have to wonder if this exploit has been known by certain parties for longer?
CIO Review IoT Special Edition, November 2015
CIO Review and I have collaborated a few times around the smart home security and IoT space. They kindly asked me to write something for the November IoT Special Edition, published this week.
You can find me at p47, but the whole edition is valuable reading.
Smart Home or Dumb Home/Smart Cloud?
At the end of my street, tucked between some bushes and a tree in someone else’s garden, is a weathered beige box. I’d never noticed it before this week, but it’s become very important to me, because that dirty, unloved box is responsible for whether my smart home automation works, or not.
Yes, that beige box in someone else’s garden is where my home cable connects to the community coax network.
I’ve come to the realization that my smart home is actually pretty dumb on its own – without a connection to internet services, a lot of my clever rules and technology simply fail to work. My doorbell camera doesn’t send me video, my IFTTT rules to work the Hue Lights fail, and I can’t even open my Wink-connected door locks.
Amazon’s Echo is another victim of connectivity – it seems so clever, but when you step back and think about it – it only understands two words/four syllables – Ah-Mah-Zon and for the alternate name, Ah-Lex–Ah. All the other language processing is done in the cloud, so you can “turn off” my home voice recognition just by unplugging the coax in that anonymous roadside box. Read more…
Speaking at Mobility Live 2015 on the 28th Oct.
This week, 28th October I’ll be participating on the IOT panel at Mobility Live 2015 in Atlanta, GA. The topic is “The New World of IoT” – I’ll be joined with peers from Stanley Black & Decker, Accenture and Siteminis Inc.
NY State vs Microsoft customer data disclosure update 4
A quick followup to my blogs of May 2015 here, September 2014 here and July 2014 here, where the NY State court is trying to compel Microsoft to hand over emails from one of their servers in Ireland. The case is still ongoing, and recently went through a session with the appeals court – you can find the rough transcript online.
In it the two sides argue the legal difference between warrants and subpoenas, and whether our emails should be considered “the business records of a company”.
This far reaching case will have ramifications for governments and service providers which way it goes – Microsoft argue that if it goes against them, that means Russia will be able to obtain records from US Mail.ru servers without the US government having a say, and the US government argue that if they loose, companies can simply offshore their customers data to block US Government inspection.
Which way do you think it will go? Comment below.
Why I want all my lights to be smart…
This week Theo Priestley of Forbes posted an interesting article, where he posed a couple of interesting questions:
An average home in the UK can potentially run to over 15 or so light bulbs, but how many would a consumer realistically want to be smartly enabled and connected to the internet ? And again, just what is the value they’re going to receive from controlling them remotely ?
As I sit in my office I have 9 light bulbs around me – I know I’m not in the UK, but I’m British and I don’t remember the UK being particularly starved of bulbs last time I visited. Perhaps Theo meant “light switches” in which case I only have 5 – but the first question he asks is why we want them all to be smart?
My answer is the following – when I get up at 4 am for a flight I don’t want to wake my wife up. I also don’t want to trip over on my way across the room to the light switch. Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments