How could Apple help bypass an iPhone Pin?

February 17, 2016 Leave a comment

This week BBC news reported that Apple would not help the FBI bypass the pin on one of their phones

The FBI have apparently asked Apple to create two assistive technologies :

“Firstly, it wants the company to alter Farook’s iPhone so that investigators can make unlimited attempts at the passcode without the risk of erasing the data.

Secondly, it wants Apple to help implement a way to rapidly try different passcode combinations, to save tapping in each one manually.”

Ignoring who is right or wrong in this matter – these are not uncommon requests – I’ve been asked by various governments and “three letter agencies” in the past to do exactly the same thing, which I too have politely declined.

Reading between the lines, the FBI requests would indicate an admission that the actual cryptography within the iPhone is robust and correctly implemented – and that there are no discovered back doors which would allow the FBI access to the data without Apple’s help.

So we can assume that the FBI cannot usually access data stored on iPhones. What help can Apple give?

Read more…

Advertisements
Categories: Encryption, Privacy Laws Tags: , ,

Elective Age Ratings, Breaking down Age-Label

February 9, 2016 Leave a comment

age-de-xml_age-label-de_startbild_282x297This week I was introduced to the web site age-appropriate rating system Age-Label, sponsored by OMK in Germany. Proposed as a standard for self-regulation of web sites, it allows owners to insert a small xml file “age-de.xml” in the root of their websites which defines the appropriate age ratings of the site, or subsections of such. I dug deep into the system and did some trawling across the internet to find out how used it is.

You can read an English translation of the standard online.

It would seem like a good idea – instead of relying on a third party to analyse the content of your site and make a determination on what age groups it’s appropriate for, web site owners can define it for themselves. The XML file also allows you to specify different sections of your website for different age readers.

Of course, this requires some appropriate technology on the readers device to look for, interpret, and act on the age-de.xml file – but if you imagine a world where the majority of sites are (honestly) tagged, and browsers use the xml data, and parents set the browsers with the appropriate age information, we could indeed go a long way towards protecting minors from inappropriate content.

Read more…

Smarthome 102 – Electrical

November 26, 2015 1 comment

Following on from my article on Plumbing your smarthome here are my top tips for electrical work when you’re designing or remodeling a home. I’ve bought surprisingly featured homes designed with expansion and maintenance in mind, and also homes that though well built,were not built to be smart, maintainable or upgraded.

Don’t forget that most countries require permits for electrical additions, even if it’s just adding a new outlet so the more you plan ahead, the better use you can make of your electricians time.

1. Run Neutral wires to each switch location. 

More common now than a decade ago, but still I see new homes with no neutral in switchboxes. This may seem obscure, but most modern smart switches need live and neutral to operate – but most lighting switches work on live only. Make sure your electrician runs neutral wires to all switch locations so you can add smart switches at some point in the future. Read more…

Categories: SmartHome

SmartHome 101 – Plumbing

November 22, 2015 1 comment

Simon’s tips and tricks when you’re creating a smart home with a pencil, or hammer. Taking a moment to think about how your plumbing is going to be laid out, considering future upgrades and accessibility for repair and replacement will make things much easier for you.

For Electrical tips, see Smarthome 102

1. Don’t put a shower head or controls on an outside wall. 

Okply.jpgThis one should be obvious – if you install your shower controls on an outside wall, there’s no way to EVER get behind them. This may not be something you’re worried about now, but what about in a few years when you want to replace the diverter valve with the newest technology?

If possible make sure that there’s an interior wall behind your shower controls, and best, a closet – because you can easily cut a hole in the closet drywall to get to the valve, and that won’t mean having to re-tile your shower. Read more…

Categories: SmartHome

One more thing you don’t want to know about bitlocker..

November 17, 2015 Leave a comment

This week I found another item to add to my infamous “10 Things You Don’t Want to know about Bitlocker” post – research just published by  Synopsys hacker Ian Hakan shows there’s been a trivial bypass for Bitlocker without pre-boot for a long time – seemingly since 2000!

So No. 11 – If you don’t use pre-boot Bitlocker can be easily bypassed by someone with a rogue domain server.

Thankfully Microsoft jumped in with a fix in MS15-122 security bulletin – but you have to wonder if this exploit has been known by certain parties for longer?

 

 

 

Categories: Uncategorized

CIO Review IoT Special Edition, November 2015

November 10, 2015 Leave a comment

cioreview

CIO Review and I have collaborated a few times around the smart home security and IoT space. They kindly asked me to write something for the November IoT Special Edition, published this week.

You can find me at p47, but the whole edition is valuable reading.

http://magazine.cioreview.com/magazines/November2015/IOT/

Categories: IOT, SmartHome Tags:

Smart Home or Dumb Home/Smart Cloud?

November 5, 2015 Leave a comment

q400dAt the end of my street, tucked between some bushes and a tree in someone else’s garden, is a weathered beige box. I’d never noticed it before this week, but it’s become very important to me, because that dirty, unloved box is responsible for whether my smart home automation works, or not.

Yes, that beige box in someone else’s garden is where my home cable connects to the community coax network.

I’ve come to the realization that my smart home is actually pretty dumb on its own – without a connection to internet services, a lot of my clever rules and technology simply fail to work. My doorbell camera doesn’t send me video, my IFTTT rules to work the Hue Lights fail, and I can’t even open my Wink-connected door locks.

Amazon’s Echo is another victim of connectivity – it seems so clever, but when you step back and think about it – it only understands two words/four syllables – Ah-Mah-Zon and for the alternate name, Ah-Lex–Ah. All the other language processing is done in the cloud, so you can “turn off” my home voice recognition just by unplugging the coax in that anonymous roadside box.  Read more…

Categories: SmartHome Tags: ,