Apple's War Against Jailbreaking Now Makes Perfect Sense 321
An anonymous reader writes "Apple has always been extremely anti jailbreaking, but it might now have a good reason to plug up the exploits. As Hardware 2.0 argues, Apple's new iOS 7 Activation Lock anti-theft mechanism which renders stolen handsets useless (even after wiping) unless the owner's Apple ID is entered relies on having a secure, locked-down OS. Are the days of jailbreaking iOS coming to a close?" I can see a whole new variety of phone-based ransom-ware based on this capability, too.
iPhone Tracks Everywhere You've been (Score:0, Interesting)
http://www.guardian.co.uk/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears
Lest we forget:
"Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised."
"The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program."
"For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010."
And now we find out that Apple signed up to PRISM, the system that the FISC court already said was illegal under the constitution:
https://www.eff.org/deeplinks/2013/06/government-says-secret-court-opinion-law-underlying-prism-program-needs-stay
They simply kept the ruling secret and did it anyway.
Re:The problem is... (Score:3, Interesting)
Yeah because no thief has ever put it into another iPhone box and shrink wrapped it and sold it as new before...
If this were really about theft... (Score:5, Interesting)
There is a simple solution to theft - initialize each device with a unique key, and give a copy of that key to the owner. By all means pre-load it with trust for the vendor key as well so that it can auto-update by default, but the master key goes to the user. The key might be a $2 USB drive in a little envelope that says "keep safe and don't open unless you want to modify the OS software - Vendor may not be able to repair devices without this key."
The average user just sticks the key in a drawer and gets the default experience. A user who wants to unlock the device just downloads their alternate firmware installer of choice and it will ask them to insert their key so that it can reflash the phone. Users could also disable the Vendor's keys if they wish. By all means let users generate their own keys and install those on the device as well (obviously this will require the previous key). In the case of business-owned phones the business would procure the phone and keep the key, and thus they can stay in control of the hardware even if they allow employees to use it.
Now users can reflash at will, but if somebody steals the phone they will be unable to do so. It would have minimal cost, and since the defaults are all idiot-proof those who don't care about the feature can ignore it and as long as they don't remove the Vendor key the vendor can still do anything they can do today. However, it would establish that the person who paid for the phone is the one who owns it. Since the key is a tangible object, it can be transferred if the owner wishes to do so, and I'd just make it a read-only simple USB drive so that it could be copied if desired as well - just like a car key.
Re:Phone-based ransom-ware? (Score:5, Interesting)
In our business we have had several thousand 4's stolen over the last 2 years. We have 0 recourse to recover them. Apple admits they see them popping up all over the world under other names but can't recall or stop them from being used.
Bricking them or recovering them was a request of many businesses and officers of the law. Dry up the demand and you will slow down the theft.
Re:The problem is... (Score:5, Interesting)
Re:It's always made sense (Score:4, Interesting)
They want to prevent anyone else from starting an app store in competition with theirs.
Except that makes it more difficult to explain in condescending terms of how Apple knows what is best for its customers.
Re:The problem is... (Score:5, Interesting)
...it will simply cripple the trust of the secondary market...
I think it will just change the protocol for selling on eBay or Craigslist. Sellers will probably learn to post a picture of the phone, turned on, showing the date... and also the serial number or something. If you can get into the settings, then it wouldn't be locked. But really, sending a bricked phone is no different from sending a broken phone or no phone at all, so I think this all falls into the "fraud" dept.
FWIW, there were five things which immediately went through my head when I saw them announce Activation Lock. In order, they are:.
- "If iOS7 can be jailbroken, Activation Lock is useless"
- "There needs to be a simpler way to 'release' a phone from your ownership". (I once went into "Find My iPhone" and was able to see all three iPads I've ever owned and the last three iPhones I've had. It turns out that it takes some deliberate navigating, on the part of the user, to indicate that they no longer own a device. That needs to be simpler.
- It needs to be *verifiable* by the buyer that a device isn't "owned" by anybody. Otherwise, the device could be locked at any time in the future. (or... there needs to be a way for someone with a locked phone to track down the person with locking rights on a phone so that they can say "Hey... remember that phone you sold back to BestBuy last Spring? They never released you as the owner". Almost like doing a title-search on a piece of property.
- Apple will probably need some kind of arbitration dept. for the "This dude sold me his phone and won't release his lock rights" or "I can't find the person who has lock rights" issues.
- If this is something which people have to turn on in the phone before it gets stolen, it's going to be useless. Almost nobody is going to take the time to enable it, which means a small fraction of stolen phones will get activation-locked, which means there will be a small deterrent to theft.
I eagerly await the rollout of iOS7 to see how Apple deals with these issues.
Re:Phone-based ransom-ware? (Score:5, Interesting)
Ah, starting with an ad hominem, good job.
No, your plan isn't completely unworkable, but unless you are completely confident in your random number generator (possible, but hard), you have the potential for a really expensive recall when someone works it out. With 10 digits, you have about 33 bits of entropy. That's not a trivial search space, but it may be possible to brute force if it's something you can do over the local network. If you can do 1000/second, it will probably take about 1-2 months. 10,000/second, and you can do it in a week. Pretty obvious network traffic though. If, however, your random number generator is a lot less random than you think, then in this kind of thing you may end up with only 16 bits of entropy (random number generator errors in the past have resulted in a lot less than half the expected entropy). In that case, at 1000/second you could probably brute force it in about half a minute, and definitely do it in slightly over a minute.
And that's assuming the only flaw is in the random number generator. A more common error in implementing this kind of system would be a timing error in checking the code. If the time taken to process the key is related to the number of digits that you got right, then you can easily target a phone to disable, even with a strong random number generator.
Sure, it's possible to do it right. It's just a lot easier to do it wrong. There's only one way of doing it right and there are hundreds of ways of doing it wrong...
Use the EMEI instead (Score:5, Interesting)
Actually there is a much simpler way to go about this problem (with theft) which would leave both Apple and the NSA out of the loop.
Every cellphone is equipped with an EMEI number [wikipedia.org] which works similar to a network MAC address. It is a unique hardware identifier for each phone - on a global scale.
The EMEI is visible in the settings/control-panel section of any modern phone, and often also printed on either the box the device is supplied in, or a piece of paper inside. And it is used by every carrier on the planet as a part of the calling infrastructure.
All the carriers would need to do, is to allow a "blacklist" of EMEI numbers, so when your device is stolen you simply report the EMEI to the carrier and they blacklist it. To prevent abuse each device could be supplied with an anti-theft key generated by the initial operator or by the manufacturer (so only the holder of both the EMEI and theft-key can have it blacklisted).
The technical capability to do this already exists. Some operators have even implemented it in trials. Their reasons for not using it today is the fact that not all operators actually want to bust customers with stolen phones, and this system would be kind of pointless if only half the carriers implement it.
Enter regulation. The political system could easily pass a law that forces all carriers to implement this kind of EMEI-based anti theft system. It would take little to design, it would work for every phone on the planet regardless of make/model, and it would include only known technology (just a few bits and pieces to extend the existing EMEI database plus a front-office system to operate it).
Not implementing this is pure laziness (from carriers).
- Jesper