Hong Kong News

Nonpartisan, Noncommercial, unconstrained.
Wednesday, Mar 29, 2023

We can make our phones harder to hack but complete security is a pipe dream

We can make our phones harder to hack but complete security is a pipe dream

Even the latest iPhone scare won’t persuade us to choose safety over convenience
Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Lockdown is effectively an alternative operating system mode. To turn it on, go to settings, choose it and restart your device. When you do, you find yourself with a rather different iPhone. Browsing the web is clunkier, for example, because Lockdown blocks many of the speed and efficiency tricks that Safari uses to render web pages. Some complex but widely used web technologies, like so-called just-in-time JavaScript compilation, which allow websites to run programs inside your browser, are disabled unless you specifically exclude a website from restriction. Still, more people might be persuaded to plump for greater security after vulnerabilities were revealed on Apple devices.

Lockdown also limits all kinds of incoming invitations and requests (for example, from FaceTime) unless you have specifically asked for them. In messages, the phone won’t show link previews and will block all attachments with the exception of a few standard image formats. Nor will it allow access to anything physically plugged into it. And so on.

The result of engaging Lockdown is that you have an iPhone that is more secure but less convenient to use. And, in a way, that is the most significant thing about Apple’s decision. As the security guru Bruce Schneier puts it: “It’s common to trade security off for usability and the results of that are all over Apple’s operating systems – and everywhere else on the internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.”

Ever since people started to worry about computer safety, the issue has been framed as striking a balance between security and convenience. Up to now, convenience has been winning hands down. Take passwords. Everyone knows that long, complex passwords are more secure than simple ones, but they’re also hard to remember. So, being human, we don’t use them: in 2021, the five most commonly used passwords were: 123456, 123456789, 12345, qwerty and password.

In the era of mainframe computers and standalone PCs, this kind of laxity didn’t matter too much. But as the world became networked, the consequences of carelessness have become more worrying. Why? Because there is no such thing as a completely secure networked device and we have been adding such devices to the so-called Internet of Things (IoT) on a maniacal scale. There are something like 13bn at the moment; by 2030, the tech industry thinks there might be 30bn.

The conventional adjective for these gizmos is “smart”. They can be “hi-tech” items such as smart speakers, fitness trackers and security cameras, but also standard household things such as fridges, lightbulbs and plugs, doorbells, thermostats and so on. From a marketing point of view, their USPs are flexibility, utility and responsiveness – in other words, convenience.

But smart is a euphemism that tactfully conceals the fact that they are tiny computers that are connected to the internet and can be remotely controlled from a smartphone or a computer. Some are made by reputable companies, but many are products of small outfits in China and elsewhere. They come with default usernames and passwords (such as “admin” and “password”) that buyers can change (but usually don’t). Because they’re networked, they are remotely accessible by their owners and, more importantly, by others. And there are billions of them out there in our homes, offices and factories.

Security researchers use the term “attack surface” to describe the number of possible points where an unauthorised user can access a system, extract data and/or inflict damage. The smaller the surface, the easier it is to protect. Unfortunately, the corollary also holds. In our Gadarene rush into the Internet of Things we are creating an attack surface of near-infinite dimensions.

The strange thing is that we already know what the consequences of this are like and yet seem unperturbed by them. In 2016, the security community was transfixed by a number of huge distributed denial-of-service attacks that caused outages, internet congestion and in one case overwhelmed the website of a prominent security guru.

Such attacks used to be conducted by botnets of thousands of infected PCs but the 2016 ones were carried out by a botnet that included perhaps half-a-million infected “smart” gizmos. The Mirai malware that assembled the botnet scoured the web for IoT devices protected by little more than factory-default usernames and passwords and then enlisted them in attacks that hurled junk traffic at an online target until it could no longer function.

Mirai is still around, so you might not be the only entity benefiting from those fancy new networked lightbulbs. The cost of convenience will be higher than we think. So upgrade those passwords.
#NSO 
Newsletter

Related Articles

Hong Kong News
Close
0:00
0:00
Jamie Dimon is being deposed over JPMorgan Chase role in Epstein lawsuits
Brand new security footage has just been released to the public showing the Active shooter Audrey Elizabeth Hale drove to Covenant Church School in her Honda Fit this morning, parked, and shot her way into the building
Social Media censoring users for saying the true
Smart Iranian fashion designer teaching dummy TV anchors lesson about reality
AMERICA, 2023
U.S. charges FTX's Bankman-Fried with paying $40 million bribe
Fallen 'Crypto King' Who Owes Millions to Investors Was Kidnapped and Tortured
Regulators blame social media for SVB's rapid collapse: 'Complete game changer'
AOC explains why she opposes banning TikTok
Singapore’s Prime Minister says China and US need to stabilize relations because world can't afford a confict between the two superpowers
In a dramatic U-turn against His Government: Judicial Reform Legislation Must Be Halted, Says Israeli Defense Minister Yoav Gallant
Gordon Moore, a co-founder of Intel Corporation, died at 94
Powell: Silicon Valley Bank was an 'outlier'
Bordeaux town hall set on fire in France pro democracy protest
Police violence in Paris
Paris: Some of the police are stepping down and showing solidarity with the protesters.
Donald Trump arrested – Twitter goes wild with doctored pictures
NYPD is setting up barricades outside Manhattan Criminal Court ahead of Trump arrest.
Credit Suisse's Scandalous History Resulted in an Obvious Collapse - It's time for regulators who fail to do their job to be held accountable and serve as an example by being behind bars.
Goldman Sachs cuts outlook for European bank debt over Credit Suisse crisis
Paris Rioting vs Macron anti democratic law
'Sexual Fantasy' Assignment At US School Outrages Parents
The US government has charged Chinese businessman Guo Wengui with leading a $1 billion fraud scheme that cheated thousands of followers out of their money.
Credit Suisse to borrow $54 billion from Swiss central bank
The BBC problem about China
Russian Hackers Preparing New Cyber Assault Against Ukraine
"Will Fly Wherever International Law Allows": US Warns Russia After Drone Incident
If this was in Tehran, Moscow or Hong Kong
Announcing GPT-4
TRUMP: "Standing before you today, I am the only candidate who can make this promise: I will prevent World War III."
China is calling out the US, UK, and Australia on their submarine pact, claiming they are going further down a dangerous road
A brief banking situation report
We are witnessing widespread bank fails and the president just gave a 5 min speech then walked off camera.
Donald Trump's asked by Tucker Carlson question on if the U.S. should support regime change in Russia?.
'No relation to the American SVB': India's SVC Bank acts to calm depositors amid brand name confusion.
Good news: The U.S. government is now guaranteeing all deposits, held by, Silicon Valley Bank, and the funds are available as of today
Silicon Valley Bank exec was Lehman Brothers CFO
In a potential last-ditch effort, HSBC is considering a rescue deal to save Silicon Valley Bank UK from insolvency
Saudi Arabia has announced a major breakthrough in diplomacy with Iran after two years of intense talks
Elon Musk Is Planning To Build A Town In Texas For His Employees
The Silicon Valley Bank’s collapse effect is spreading around the world, affecting startup companies across the globe
City officials in Berlin announced on Thursday that all swimmers at public pools will soon be allowed to swim topless
Fitness scam
Market Chaos as USDC Loses Peg to USD after $3.3 Billion Reserves Held by Silicon Valley Bank Closed.
A primitive judge in Australia sparked outrage when he told a breastfeeding woman to leave his courtroom for being “a distraction"
Barcelona is feeling the heat as they face corruption charges over payments to former vice-president of Spain's referees' committee, Jose Maria Enriquez Negreira
Banking regulators close SVB, the largest bank failure since the financial crisis
Silicon Valley Bank: Struggles Threaten Tech Startup Ecosystem"
The unelected UK Prime Minister Rishi Sunak, an immigrant himself, defends new controversial crackdown on illegal migration
Old clip of Bill Gates saying Ukraine is a big, fat, corrupt sinkhole is going viral
×