Hong Kong News

Nonpartisan, Noncommercial, unconstrained.
Saturday, Dec 21, 2024

We can make our phones harder to hack but complete security is a pipe dream

We can make our phones harder to hack but complete security is a pipe dream

Even the latest iPhone scare won’t persuade us to choose safety over convenience
Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Lockdown is effectively an alternative operating system mode. To turn it on, go to settings, choose it and restart your device. When you do, you find yourself with a rather different iPhone. Browsing the web is clunkier, for example, because Lockdown blocks many of the speed and efficiency tricks that Safari uses to render web pages. Some complex but widely used web technologies, like so-called just-in-time JavaScript compilation, which allow websites to run programs inside your browser, are disabled unless you specifically exclude a website from restriction. Still, more people might be persuaded to plump for greater security after vulnerabilities were revealed on Apple devices.

Lockdown also limits all kinds of incoming invitations and requests (for example, from FaceTime) unless you have specifically asked for them. In messages, the phone won’t show link previews and will block all attachments with the exception of a few standard image formats. Nor will it allow access to anything physically plugged into it. And so on.

The result of engaging Lockdown is that you have an iPhone that is more secure but less convenient to use. And, in a way, that is the most significant thing about Apple’s decision. As the security guru Bruce Schneier puts it: “It’s common to trade security off for usability and the results of that are all over Apple’s operating systems – and everywhere else on the internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.”

Ever since people started to worry about computer safety, the issue has been framed as striking a balance between security and convenience. Up to now, convenience has been winning hands down. Take passwords. Everyone knows that long, complex passwords are more secure than simple ones, but they’re also hard to remember. So, being human, we don’t use them: in 2021, the five most commonly used passwords were: 123456, 123456789, 12345, qwerty and password.

In the era of mainframe computers and standalone PCs, this kind of laxity didn’t matter too much. But as the world became networked, the consequences of carelessness have become more worrying. Why? Because there is no such thing as a completely secure networked device and we have been adding such devices to the so-called Internet of Things (IoT) on a maniacal scale. There are something like 13bn at the moment; by 2030, the tech industry thinks there might be 30bn.

The conventional adjective for these gizmos is “smart”. They can be “hi-tech” items such as smart speakers, fitness trackers and security cameras, but also standard household things such as fridges, lightbulbs and plugs, doorbells, thermostats and so on. From a marketing point of view, their USPs are flexibility, utility and responsiveness – in other words, convenience.

But smart is a euphemism that tactfully conceals the fact that they are tiny computers that are connected to the internet and can be remotely controlled from a smartphone or a computer. Some are made by reputable companies, but many are products of small outfits in China and elsewhere. They come with default usernames and passwords (such as “admin” and “password”) that buyers can change (but usually don’t). Because they’re networked, they are remotely accessible by their owners and, more importantly, by others. And there are billions of them out there in our homes, offices and factories.

Security researchers use the term “attack surface” to describe the number of possible points where an unauthorised user can access a system, extract data and/or inflict damage. The smaller the surface, the easier it is to protect. Unfortunately, the corollary also holds. In our Gadarene rush into the Internet of Things we are creating an attack surface of near-infinite dimensions.

The strange thing is that we already know what the consequences of this are like and yet seem unperturbed by them. In 2016, the security community was transfixed by a number of huge distributed denial-of-service attacks that caused outages, internet congestion and in one case overwhelmed the website of a prominent security guru.

Such attacks used to be conducted by botnets of thousands of infected PCs but the 2016 ones were carried out by a botnet that included perhaps half-a-million infected “smart” gizmos. The Mirai malware that assembled the botnet scoured the web for IoT devices protected by little more than factory-default usernames and passwords and then enlisted them in attacks that hurled junk traffic at an online target until it could no longer function.

Mirai is still around, so you might not be the only entity benefiting from those fancy new networked lightbulbs. The cost of convenience will be higher than we think. So upgrade those passwords.
#NSO 
Newsletter

Related Articles

Hong Kong News
0:00
0:00
Close
It's always the people with the dirty hands pointing their fingers
Paper straws found to contain long-lasting and potentially toxic chemicals - study
FTX's Bankman-Fried headed for jail after judge revokes bail
Blackrock gets half a trillion dollar deal to rebuild Ukraine
Steve Jobs' Son Launches Venture Capital Firm With $200 Million For Cancer Treatments
Google reshuffles Assistant unit, lays off some staffers, to 'supercharge' products with A.I.
End of Viagra? FDA approved a gel against erectile dysfunction
UK sanctions Russians judges over dual British national Kara-Murza's trial
US restricts visa-free travel for Hungarian passport holders because of security concerns
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Political leader from South Africa, Julius Malema, led violent racist chants at a massive rally on Saturday
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
'I am not your servant': IndiGo crew member, passenger get into row over airline meal
Singapore Carries Out First Execution of a Woman in Two Decades Amid Capital Punishment Debate
Spanish Citizenship Granted to Iranian chess player who removed hijab
US Senate Republican Mitch McConnell freezes up, leaves press conference
Speaker McCarthy says the United States House of Representatives is getting ready to impeach Joe Biden.
San Francisco car crash
This camera man is a genius
3D ad in front of Burj Khalifa
Next level gaming
BMW driver…
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Unlike illegal imigrants coming by boats - US Citizens Will Need Visa To Travel To Europe in 2024
Musk announces Twitter name and logo change to X.com
The politician and the journalist lost control and started fighting on live broadcast.
The future of sports
Unveiling the Black Hole: The Mysterious Fate of EU's Aid to Ukraine
Farewell to a Music Titan: Tony Bennett, Renowned Jazz and Pop Vocalist, Passes Away at 96
Alarming Behavior Among Florida's Sharks Raises Concerns Over Possible Cocaine Exposure
Transgender Exclusion in Miss Italy Stirs Controversy Amidst Changing Global Beauty Pageant Landscape
Joe Biden admitted, in his own words, that he delivered what he promised in exchange for the $10 million bribe he received from the Ukraine Oil Company.
TikTok Takes On Spotify And Apple, Launches Own Music Service
Global Trend: Using Anti-Fake News Laws as Censorship Tools - A Deep Dive into Tunisia's Scenario
Arresting Putin During South African Visit Would Equate to War Declaration, Asserts President Ramaphosa
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
The Changing Face of Europe: How Mass Migration is Reshaping the Political Landscape
China Urges EU to Clarify Strategic Partnership Amid Trade Tensions
The Last Pour: Anchor Brewing, America's Pioneer Craft Brewer, Closes After 127 Years
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
BBC Anchor Huw Edwards Hospitalized Amid Child Sex Abuse Allegations, Family Confirms
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Distorted Mirror of actual approval ratings: Examining the True Threat to Democracy Beyond the Persona of Putin
40,000 child slaves in Congo are forced to work in cobalt mines so we can drive electric cars.
×