Privacy – Lifeboat News: The Blog

Feb 22
2016

Is San Bernardino iPhone Fully Encrypted?

Here is a question that keeps me up at night…

Is the San Bernardino iPhone just locked or is it properly encrypted?

Isn’t full encryption beyond the reach of forensic investigators? So we come to the real question: If critical data on the San Bernardino iPhone is properly encrypted, and if the Islamic terrorist who shot innocent Americans used a good password, then what is it that the FBI thinks that Apple can do to help crack this phone? Doesn’t good encryption thwart forensic analysis, even by the FBI and the maker of the phone?

In the case of Syed Rizwan Farook’s iPhone, the FBI doesn’t know if the shooter used a long and sufficiently unobvious password. They plan to try a rapid-fire dictionary attack and other predictive algorithms to deduce the password. But the content of the iPhone is protected by a closely coupled hardware feature that will disable the phone and even erase memory, if it detects multiple attempts with the wrong password. The FBI wants Apple to help them defeat this hardware sentry, so that they can launch a brute force hack—trying thousands of passwords each second. Without Apple’s help, the crack detection hardware could automatically erase incriminating evidence, leaving investigators in the dark.

Mitch Vogel is an Apple expert. As both a former police officer and one who has worked with Apple he succinctly explains the current standoff between FBI investigators and Apple.

The iPhone that the FBI has is locked with a passcode and encrypted. It can only be decrypted with the unique code. Not even Apple has that code or can decrypt it. Unlike what you see in the movies, it’s not possible for a really skilled hacker to say “It’s impossible“” and then break through it with enough motivation. Encryption really is that secure and it’s really impossible to break without the passcode.

What the FBI wants to do is brute force the passcode by trying every possible combination until they guess the right one. However, to prevent malicious people from using this exact technique, there is a security feature that erases the iPhone after 10 attempts or locks it for incrementally increasing time periods with each attempt. There is no way for the FBI (or Apple) to know if the feature that erases the iPhone after 10 tries is enabled or not, so they don’t even want to try and risk it.

oceans_of_data-s So the FBI wants Apple to remove that restriction. That is reasonable. They should, if it is possible to do so without undue burden. The FBI should hand over the iPhone to Apple and Apple should help them to crack it.

However, this isn’t what the court order is asking Apple to do. The FBI wants Apple to create software that disables this security feature on any iPhone and give it to them. Even if it’s possible for this software to exist, it’s not right for the FBI to have it in their possession. They should have to file a court order every single time they use it. The FBI is definitely using this situation as an opportunity to create a precedent and give it carte blanche to get into any iPhone without due process.

So the answer to your question is that yes it is that secure and yes, it’s a ploy by the FBI. Whether it’s actually possible for Apple to help or not is one question and whether they should is another. Either way, the FBI should not have that software.

Feb 19
2016

Northrop Grumman Corporation to Unveil Naval Capabilities at WEST 2016

Northrup Grumman’s new Cyber Situational Awareness (CSA), which is a set of web-based tools designed to visualize, understand, and share cyber databases being showcase at the WEST 2016 navel conference on February 17.

Northrop Grumman Corporation (NYSE: NOC) has announced that it will be showcasing key naval capabilities at the WEST 2016 navel conference on February 17, 2016. The corporation will unveil its full-spectrum cyber solutions, biometric defense solutions, unmanned aircraft and much more at the event. WEST 2016 is co-sponsored by AFCEA and the US Naval institute in San Diego. Northrop Grumman is a platinum sponsor of the conference, which is themed “how we make the strategy work.”

The defense contractor will be showcasing its sea serving operations and capabilities that will help the US armed forces combat challenges and difficulties more efficiently. It is also expected to display how it integrates cyber-technology into all of its defense segments. The key highlight of its cyber-suite is its Cyber Situational Awareness (CSA), which is a set of web-based tools designed to visualize, understand, and share cyber databases.

Northrop Grumman is committed to building resilience into its cyber solutions to protect and defend critical information of the armed forces. The cyber solution focuses on delivering complete end-to-end mission capabilities, including situational awareness, real-time mission analytics and damage assessment, and utmost integrated security. The defense contractor’s Blue WASP software tool will also be on display at the conference. The tool alerts navy boats of attacks against US navy vessels.

Feb 18
2016

Man vs machine: Bio-chip implants will make us stronger but an open target for hackers

Absolutely; it will and that is the real danger in technology. This is why security roles will be increasingly in demand over the next 7 to 10 years.

Kaspersky director Marco Preuss looks at the future of biometric technology and bio-cybersecurity.

Feb 11
2016

UK lawmakers slam government plan to scoop up data

UK cracking down on their government’s eaves dropping efforts.

The British government’s bill that calls for far-reaching data collection powers gets slammed in parliament. Critics say it would be most intrusive collection regime among Western democracies.

Feb 4
2016

Perspectives on the Cyber Physical Human World

The 6th annual European Smart Grid Cyber Security conference (7th – 8th March 2016)

Boy! I wish I could attend this meeting. I can imagine all of the conversations now “Quantum” & “Cyber Attacks” with some good old AI thrown in the mix. I am also guess that the 2 articles this week on the NSA maybe brought up too.

SMi Group reports: The MITRE Corporation will be presenting at the SMi’s 6th annual European Smart Grid Cyber Security conference (7th – 8th March 2016)

Feb 4
2016

NSA Plans to ‘Act Now’ to Ensure Quantum Computers Can’t Break Encryption

Another article just came out today providing additional content on the Quantum Computing threat and it did reference the article that I had published. Glad that folks are working on this.

The NSA is worried about quantum computers. It warns that it “must act now” to ensure that encryption systems can’t be broken wide open by the new super-fast hardware.

In a document outlining common concerns about the effects that quantum computing may have on national security and encryption of sensitive data, the NSA warns that “public-key algorithms… are all vulnerable to attack by a sufficiently large quantum computer.”

Quantum computers can, theoretically, be so much faster because they take advantage of a quirk in quantum mechanics. While classical computers use bits in 0 or 1, quantum computers use “qubits” that can exist in 0, 1 or a superposition of the two. In turn, that allows it to work through possible solutions more quickly meaning they could crack encryption that normal computers can’t.

Feb 3
2016

NSA Says it “Must Act Now” Against the Quantum Computing Threat

NSA states it must act now against the “Quantum Computing Threat” due to hackers can possess the technology. I wrote about this on Jan 10th. Glad someone finally is taking action.

The National Security Agency is worried that quantum computers will neutralize our best encryption – but doesn’t yet know what to do about that problem.

Jan 29
2016

USENIX Enigma 2016 — NSA TAO Chief on Disrupting Nation State Hackers

Rob Joyce, Chief, Tailored Access Operations, National Security Agency.

From his role as the Chief of NSA’s Tailored Access Operation, home of the hackers at NSA, Mr. Joyce will talk about the security practices and capabilities that most effectively frustrate people seeking to exploit networks.

Watch all Enigma 2016 videos at:
http://enigma.usenix.org/youtube

Jan 29
2016

Imagining Football’s Future Through the Super Bowl of 2066

Scalpers offered contact lenses guaranteed to fool any ocular-based biometric ticketing technology.

He was right, of course, which explains all those people arriving at the stadium in all the usual ways. Some came by autonomous cars that dropped them off a mile or more from the stadium, their fitness wearables synced to their car software, both programmed to make their owner walk whenever the day’s calories consumed exceeded the day’s calories burned. Others turned up on the transcontinental Hyperloop, gliding at 760 miles per hour on a cushion of air through a low-pressure pipeline, as if each passenger was an enormous bank slip tucked into a pneumatic tube at a drive-through teller window in 1967. That was the year the first Super Bowl was played, midway through the first season of Star Trek, set in a space-age future that now looks insufficiently imagined.

And so hours before Super Bowl 100 kicked off—we persist in using that phrase, long after the NFL abandoned the actual practice—the pregame scene offered all the Rockwellian tableaux of the timeless tailgate: children running pass patterns on their hoverboards—they still don’t quite hover, dammit—dads printing out the family’s pregame snacks, grandfathers relaxing in lawn chairs with their marijuana pipes.

Jan 28
2016

How to Make Your Own NSA Bulk Surveillance System

Existing off-the-shelf components are all you need to spy like the NSA, says a UC Berkeley researcher.