Toggle light / dark theme

Here is a question that keeps me up at night…

Is the San Bernardino iPhone just locked or is it properly encrypted?

Isn’t full encryption beyond the reach of forensic investigators? So we come to the real question: If critical data on the San Bernardino iPhone is properly encrypted, and if the Islamic terrorist who shot innocent Americans used a good password, then what is it that the FBI thinks that Apple can do to help crack this phone? Doesn’t good encryption thwart forensic analysis, even by the FBI and the maker of the phone?

iphone-01In the case of Syed Rizwan Farook’s iPhone, the FBI doesn’t know if the shooter used a long and sufficiently unobvious password. They plan to try a rapid-fire dictionary attack and other predictive algorithms to deduce the password. But the content of the iPhone is protected by a closely coupled hardware feature that will disable the phone and even erase memory, if it detects multiple attempts with the wrong password. The FBI wants Apple to help them defeat this hardware sentry, so that they can launch a brute force hack—trying thousands of passwords each second. Without Apple’s help, the crack detection hardware could automatically erase incriminating evidence, leaving investigators in the dark.

Mitch Vogel is an Apple expert. As both a former police officer and one who has worked with Apple he succinctly explains the current standoff between FBI investigators and Apple.


The iPhone that the FBI has is locked with a passcode and encrypted. It can only be decrypted with the unique code. Not even Apple has that code or can decrypt it. Unlike what you see in the movies, it’s not possible for a really skilled hacker to say “It’s impossible“” and then break through it with enough motivation. Encryption really is that secure and it’s really impossible to break without the passcode.

What the FBI wants to do is brute force the passcode by trying every possible combination until they guess the right one. However, to prevent malicious people from using this exact technique, there is a security feature that erases the iPhone after 10 attempts or locks it for incrementally increasing time periods with each attempt. There is no way for the FBI (or Apple) to know if the feature that erases the iPhone after 10 tries is enabled or not, so they don’t even want to try and risk it.

oceans_of_data-sSo the FBI wants Apple to remove that restriction. That is reasonable. They should, if it is possible to do so without undue burden. The FBI should hand over the iPhone to Apple and Apple should help them to crack it.

However, this isn’t what the court order is asking Apple to do. The FBI wants Apple to create software that disables this security feature on any iPhone and give it to them. Even if it’s possible for this software to exist, it’s not right for the FBI to have it in their possession. They should have to file a court order every single time they use it. The FBI is definitely using this situation as an opportunity to create a precedent and give it carte blanche to get into any iPhone without due process.

So the answer to your question is that yes it is that secure and yes, it’s a ploy by the FBI. Whether it’s actually possible for Apple to help or not is one question and whether they should is another. Either way, the FBI should not have that software.

Hack-Jet

When there is a catastrophic loss of an aircraft in any circumstances, there are inevitably a host of questions raised about the safety and security of the aviation operation. The loss of Air France flight 447 off the coast of Brazil with little evidence upon which to work inevitably raises the level of speculation surrounding the fate of the flight. Large-scale incidents such as this create an enormous cloud of data, which has to be investigated in order to discover the pattern of events, which led to the loss (not helped when some of it may be two miles under the ocean surface). So far French authorities have been quick to rule out terrorism it has however, emerged that a bomb hoax against an Air France flight had been made the previous week flying a different route from Argentina. This currently does not seem to be linked and no terrorist group has claimed responsibility. Much of the speculation regarding the fate of the aircraft has focused on the effects of bad weather or a glitch in the fly-by-wire systemthat could have caused the plane to dive uncontrollably. There is however another theory, which while currently unlikely, if true would change the global aviation security situation overnight. A Hacked-Jet.

Given the plethora of software modern jets rely on it seems reasonable to assume that these systems could be compromised by code designed to trigger catastrophic systemic events within the aircraft’s navigation or other critical electronic systems. Just as aircraft have a physical presence they increasingly have a virtual footprint and this changes their vulnerability. A systemic software corruption may account for the mysterious absence of a Mayday call — the communications system may have been offline. Designing airport and aviation security to keep lethal code off civilian aircraft would in the short-term, be beyond any government civil security regime. A malicious code attack of this kind against any civilian airliner would, therefore be catastrophic not only for the airline industry but also for the wider global economy until security caught up with this new threat. The technical ability to conduct an attack of this kind remains highly specialized (for now) but the knowledge to conduct attacks in this mold would be as deadly as WMD and easier to spread through our networked world. Electronic systems on aircraft are designed for safety not security, they therefore do not account for malicious internal actions.

While this may seem the stuff of fiction in January 2008 this broad topic was discussed due to the planned arrival of the Boeing 787, which is designed to be more ‘wired’ –offering greater passenger connectivity. Air Safety regulations have not been designed to accommodate the idea of an attack against on-board electronic systems and the FAA proposed special conditions , which were subsequently commented upon by the Air Line Pilots Association and Airbus. There is some interesting back and forth in the proposed special conditions, which are after all only to apply to the Boeing 787. In one section, Airbus rightly pointed out that making it a safety condition that the internal design of civilian aircraft should ‘prevent all inadvertent or malicious changes to [the electronic system]’ would be impossible during the life cycle of the aircraft because ‘security threats evolve very rapidly’.Boeing responded to these reports in an AP article stating that there were sufficient safeguards to shut out the Internet from internal aircraft systems a conclusion the FAA broadly agreed with - Wired Magazine covered much of the ground. During the press surrounding this the security writer Bruce Schneier commented that, “The odds of this being perfect are zero. It’s possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in the history of mankind anyone’s done that.” Of course securing the airborne aircraft isn’t the only concern when maintenance and diagnostic systems constantly refresh while the aircraft is on the ground. Malicious action could infect any part of this process. While a combination of factors probably led to the tragic loss of flight AF447 the current uncertainty serves to highlight a potential game-changing aviation security scenario that no airline or government is equipped to face.

Comments on Hack-Jet:

(Note — these are thoughts on the idea of using software hacks to down commercial airliners and are not specifically directed at events surrounding the loss of AF447).


From the author of Daemon Daniel Suarez:

It would seem like the height of folly not to have physical overrides in place for the pilot — although, I realize that modern aircraft (especially designs like the B-2 bomber) require so many minute flight surface corrections every second to stay aloft, that no human could manage it. Perhaps that’s what’s going on with upcoming models like the 787. And I don’t know about the Airbus A330.

I did think it was highly suspicious that the plane seems to have been lost above St. Peter & Paul’s Rocks. By the strangest of coincidences, I had been examining that rock closely in Google Earth a few weeks ago for a scene in the sequel (which was later cut). It’s basically a few huge rocks with a series of antennas and a control hut — with nothing around it for nearly 400 miles.

Assuming the theoretical attacker didn’t make the exploit time-based or GPS-coordinate-based, they might want to issue a radio ‘kill’ command in a locale where there would be little opportunity to retrieve the black box (concealing all trace of the attack). I wonder: do the radios on an A330 have any software signal processing capability? As for the attackers: they wouldn’t need to physically go to the rocks–just compromise the scientific station’s network via email or other intrusion, etc. and issue the ‘kill’ command from a hacked communication system. If I were an investigator, I’d be physically securing and scouring everything that had radio capabilities on those rocks. And looking closely at any record of radio signals in the area (testing suspicious patterns against a virtual A330’s operating system). Buffer overrun (causing the whole system to crash?). Injecting an invalid (negative) speed value? Who knows… Perhaps the NSA’s big ear has a record of any radio traffic issued around that time.

The big concern, of course, is that this is a proof-of-concept attack — thus, the reason for concealing all traces of the compromise.


From John Robb - Global Guerillas:

The really dangerous hacking, in most situations, is done by disgruntled/postal/financially motivated employees. With all glass cockpits, fly by wire, etc. (the Airbus is top of its class in this) it would be easy for anybody on the ground crew to crash it. No tricky mechanical sabotage.


External hacks? That is of course, trickier. One way would be to get into the diagnostic/mx computers the ground crew uses. Probably by adding a hack to a standard patch/update. Not sure if any of the updates to these computers are delivered “online.”

Flight planning is likely the most “connected” system. Easier to access externally. Pilots get their plans for each flight and load them into the plane. If the route has them flying into the ground mid flight, it’s possible they won’t notice.

In flight hacks? Not sure that anything beyond outbound comms from the system is wireless. If so, that would be one method.

Another would be a multidirectional microwave/herf burst that fries controls. Might be possible, in a closed environment/fly by wire system to do this with relatively little power.

—-

There has been continuous discussion of the dangers involved with fly-by-wire systems in Peter Neumann’s Risk Digest since the systems were introduced in the late 1980s. The latest posting on the subject is here.

Investigator: Computer likely caused Qantas plunge