The Contrarian Response To Apple’s Need For Encryption

On December 2, 2015, [Syed Rizwan Farook] and [Tashfeen Malik] opened fire at a San Bernardino County Department of Public Health training event, killing 14 and injuring 22. This was the third deadliest mass shooting in the United States in recent memory, and began a large investigation by local, state, and federal agencies. One piece of evidence recovered by the FBI was an iPhone 5C belonging to one of the shooters. In the days and months after the shooting, the FBI turned to Apple to extract data from this phone.

A few days ago in an open letter to customers, [Tim Cook], CEO of Apple, stated they will not comply with FBI’s request to build a backdoor for the iPhone. While the issue at hand is extracting data from an iPhone recovered from the San Bernardino shooting, [Cook] says building a new version of iOS to extract this data would allow the FBI to unlock any iPhone. Needless to say, there are obvious security implications of this request.

Apple does not publish open letters to its customers often. Having one of the largest companies on the planet come out in support of privacy and encryption is nearly unprecedented. There is well-founded speculation this open letter to the public will be exhibit A in a supreme court case. Needless to say, the Internet has gone a little crazy after this letter was published, and rightly so: just imagine how better off we would be if AT&T said no to the NSA in 2002 – [Snowden] might just be another IT geek working for a government contractor.

CalvinThere is a peculiar aspect of public discourse that doesn’t make any sense. In the absence of being able to say anything interesting, some people have just decided to add a contrary viewpoint. Being right, having a valid argument, or even having evidence to support assertions doesn’t matter; being contrary is far more interesting. Look at any comment thread on the Internet, and you’ll find the longest comment chain is the one refuting the parent article. Look up the ratings for a cable news channel. You’ll find the highest rated show is the one with the most bickering. When is the last time you saw something from the New York Times, Washington Post, or LA Times on Facebook or your favorite news aggregator? Chances are, it wasn’t news. It was an op-ed, most likely one that was espousing a view contrary to either public opinion or public policy.

As with any headline event on the Internet, the contrarians have come out of the woodwork. These contrarians are technically correct and exceedingly myopic.

Continue reading “The Contrarian Response To Apple’s Need For Encryption”

Dry Ice is Nice for Separating Broken Phone Screens

Smartphones are the opium of the people. If you need proof, just watch the average person’s reaction when they break “their precious”. Repairing smartphones has become a huge business. The most often broken item on phones is of course the front glass. In most cases, the screen itself doesn’t break. On newer smartphones, even the touchscreen is safe. The front glass is only a protective lens.

The easiest way to repair a broken front glass is to swap the entire LCD assembly. For an iPhone 6 plus, this will run upwards of $120 USD. However, the glass lens alone is just $10. The problem is that the LCD, digitizer and front glass are a laminated package. Removing them without breaking the wafer thin LCD glass requires great care. The hardest part is breaking down the optical glue securing the glass to the LCD. In the past that has been done with heat. More recently, companies from China have been selling liquid-nitrogen-based machines that cool the assembly. Now immersing a phone screen in -196° C liquid nitrogen would probably destroy the LCD. However, these machines use a temperature controller to keep a surface at -140° C. Just enough to cause the glue to become brittle, but not kill the LCD.

[JerryRigEverything] doesn’t have several thousand dollars for a liquid nitrogen machine, but he does have a $5 block of dry ice. Dry ice runs at -78.5°C. Balmy compared to liquid nitrogen, but still plenty cold. After laying the phone screens down on the ice for a few minutes, [Jerry] was able to chip away the glass. It definitely takes more work than the nitrogen method. Still, if you’re not opening your own phone repair shop, we think this is the way to go.

Broken phones are a cheap and easy way to get high-resolution LCD screens for your projects. The problem is driving them. [Twl] has an awesome project on for driving phone screens using an FPGA. We haven’t seen it done with iPhone 6 yet though. Anyone up for the challenge?

Continue reading “Dry Ice is Nice for Separating Broken Phone Screens”

Replacing The iPhone 6 Button Bricks The Phone

News comes from The Guardian that the iPhone 6 will break because of software updates due to non-authorized hardware replacements. Several thousand iPhone 6 users are claiming their phones have been bricked thanks to software updates if the home button – and the integrated TouchID fingerprint sensor – were replaced by non-Apple technicians.

For the last few iPhone generations, the TouchID fingerprint sensor has been integrated into the home button of every iPhone. This fingerprint sensor provides an additional layer of security for the iPhone, and like everything on smartphones, there is a thriving market of companies who will fix broken phones. If you walk into an Apple store, replacing the TouchID sensor will cost about $300. This part is available on Amazon for about $10, and anyone with a pentalobe screwdriver, spudger, and fine motor control can easily replace it. Doing so, however, will eventually brick the phone, as software updates render the device inoperable if the TouchID sensor is not authorized by Apple.

According to an Apple spokeswoman, the reason for the error 53 is because the fingerprint data is uniquely paired to the touch ID sensor found in the home button. If the TouchID sensor was substituted with a malicious TouchID sensor, complete and total access to the phone would be easy, providing a forehead-slapping security hole. Error 53 is just Apple’s way of detecting devices that were tampered with.

In fairness to Apple, not checking the authenticity of the touch ID would mean a huge security hole; if fingerprint data is the only thing keeping evil balaclava-wearing hackers out of your phone, simply replacing this sensor would grant them access. While this line of reasoning is valid, it’s also incredibly stupid: anyone can get around the TouchID fingerprint sensor with a laser printer and a bit of glue. If you ever get ahold of the German Defense Minister’s iPhone, the fingerprint sensor isn’t going to stop you.

This is a rare case where Apple are damned if they do, damned if they don’t. By not disabling the phone when the TouchID sensor is replaced, all iPhones are open to a gaping security hole that would send the Internet into a tizzy. By bricking each and every iPhone with a replacement TouchID sensor, Apple gets a customer support nightmare. That said, the $300 replacement cost for the TouchID sensor will get you a very nice Android phone that doesn’t have this problem.

Using Over 3000A to Rapidly Charge an iPhone

Earlier this week I had the pleasure of doing something very stupid with another YouTuber. We wanted to see what would happen if you push over 3000A through an iPhone. The result? Fire. You get fire.

To perform this experiment we prepared a few different setups for maximum electrocution. The first was with the tried and true technique of re-wrapping a transformer to put out low volts at high current — essentially, a DIY spot welder. Now while most of those use a little transformer taken out of a microwave, I happened to have an industrial transformer about four times the size. Once re-wrapped to become a step-down transformer, it can produce approximately 1000A @ 1V … Or if you plug it into a 240V outlet, upwards of 2000A @ 2V — all depending on the resistance of whatever you’re putting in-between the contacts.

During the actual test we read about 1400A going through the iPhone with an ammeter. Which puts an iPhone 6 at a resistance of about 0.0014 ohms.

Continue reading “Using Over 3000A to Rapidly Charge an iPhone”

Immersive Theatre via iBeacons with Dustin Freeman

Combining backgrounds in math and theater, [Dustin Freeman] works on immersive, interactive theatrical experiences. During the day [Dustin] is a Spatial Interaction Engineer at Occipital, who makes the Structure Sensor. In his spare time [Dustin] works on digital theatre projects that bring the theatre goer far past the traditional row of seats.

The concept of immersive theatre is similar to ‘escape the room’ challenges and choose your own adventure experiences, in that the participants control the outcome of the experience by making decisions from the information supplied to them. [Dustin] explains in his talk that the feeling of trying to beat the clock that exists in escape the room challenges is not helpful in Floodlight’s The Painting. Floodlight is a theatre production company and The Painting is the immersive theatre experience put together by [Joshua Marx], professor of acting at San Jose State and [Dustin Freeman] who presented this 2015 Hackaday SuperConference talk.

Continue reading “Immersive Theatre via iBeacons with Dustin Freeman”

Your Unhashable Fingerprints Secure Nothing

Passwords are crap. Nobody picks good ones, when they do they re-use them across sites, and if you use even a trustworthy password manager, they’ll get hacked too. But you know what’s worse than a password? A fingerprint. Fingerprints have enough problems with them that they should never be used anywhere a password would be.

Passwords are supposed to be secret, like the name of your childhood pet. In contrast, you carry your fingers around with you out in the open nearly everywhere you go. Passwords also need to be revocable. In the case that your password does get revealed, it’s great to be able to simply pick another one. You don’t want to have to revoke your fingers. Finally, and this is the kicker, you want your password to be hashable, in order to protect the password database itself from theft.

In the rest of the article, I’ll make each of these three cases, and hopefully convince you that using fingerprints in place of a password is even more broken than using a password in the first place. (You listening Apple and Google? No, I didn’t think you were.)

Continue reading “Your Unhashable Fingerprints Secure Nothing”

iPhone Jailbreak Hackers Await $1M Bounty

According to Motherboard, some unspecified (software) hacker just won a $1 million bounty for an iPhone exploit. But this is no ordinary there’s-a-glitch-in-your-Javascript bug bounty.

On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.

But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.

Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.

We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.

And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)