“iPhone Remains Findable After Power Off” what I can’t keep up anymore.
So I guess “power off” doesn’t mean “off” anymore, it means the device stays on and does some kind of low-power nearfield communication. I’m trying to decide how I feel about this.
The off switch is buried in the “Find My” settings dialog, weirdly in a tab called “Find My Network” which might make you think it’s intended to… find your network… but actually I think this is some kind of branding gone wrong.
I wonder what the attack surface of their “powered off you can only find the phone” mode looks like. I hope it doesn’t use weird exploitable SSL libraries that haven’t been updated since 2012.
In other news I updated my phone to iOS 15 and put it down to charge last night. When I woke up it was hot, and my battery has gone from 100% to 15% since 7:30am. I gotta get off this ecosystem.
Wow, this thread somehow inspired an insane comment thread on HN which is 50% people saying they’ve known about this feature for a year and only an idiot would be surprised by it, 50% people expressing surprise that the feature even exists. news.ycombinator.com/item?id=286929…
For the record (inspired by the many excellent comments on HN) I have no specific beef with this feature: I’d just like to know how it works. I think a proper explanation of it would be security-relevant and I would expect to see something about it in the iOS Security Guide.
A little bird told me the phone writes a series of pre-computed cryptographic beacons to the UWB chipset, but little birds are no substitute for official documentation.
Wow, ok! This post does some proper reverse engineering and shows that the “Always On Processor” interfaces with the Bluetooth chip to implement this functionality. Great to have an answer. naehrdine.blogspot.com/2021/09/always…
My tweet above (two higher in the thread) was apparently wrong. The Find My keys get exported to the Bluetooth chipset. I still wonder how exploitable the whole mess is while the phone is off. Should we care?
Uh, yeah.
Ok, update: the Find My beacons are spooled out to storage, rather than the keys themselves. Which presumably are safe in the SEP. Thanks @naehrdine for the second look. (Also anyone who cares about Apple RE should follow @naehrdine)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Ok, look people: Signal as a *protocol* is excellent. As a service it’s excellent. But as an application running on your phone, it’s… an application running on your consumer-grade phone. The targeted attacks people use on those devices are well known.
There is malware that targets and compromises phones. There has been malware that targets the Signal application. It’s an app that processes many different media types, and that means there’s almost certainly a vulnerability to be exploited at any given moment in time.
If you don’t know what this means, it means that you shouldn’t expect Signal to defend against nation-state malware. (But you also shouldn’t really expect any of the other stuff here, like Chrome, to defend you in that circumstance either.)
You should use Signal. Seriously. There are other encrypted messaging apps out there, but I don’t have as much faith in their longevity. In particular I have major concerns about the sustainability of for-profit apps in our new “AI” world.
I have too many reasons to worry about this but that’s not really the point. The thing I’m worried about is that, as the only encrypted messenger people seem to *really* trust, Signal is going to end up being a target for too many people.
Signal was designed to be a consumer-grade messaging app. It’s really, really good for that purpose. And obviously “excellent consumer grade” has a lot of intersection with military-grade cryptography just because that’s how the world works. But it is being asked to do a lot!
New public statement from Apple (sent to me privately):
“As of Friday, February 21, Apple can no longer offer Advanced Data Protection as a feature to new users in the UK.”
Additionally:
"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
This will not affect:
iMessage encryption
iCloud Keychain
FaceTime
Health data
These will remain end-to-end encrypted. Other services like iCloud Backup and Photos will not be end-to-end encrypted.
What is this new setting that sends photo data to Apple servers and why is it default “on” at the bottom of my settings screen?
I understand that it uses differential privacy and some fancy cryptography, but I would have loved to know what this is before it was deployed and turned on by default without my consent.
This seems to involve two separate components. One that builds an index using differential privacy (set at some budget) and the other that does a homomorphic search?
Does this work well enough that I want it on? I don’t know. I wasn’t given the time to think about it.
Most of cryptography research is developing a really nice mental model for what’s possible and impossible in the field, so you can avoid wasting time on dead ends. But every now and then someone kicks down a door and blows up that intuition, which is the best kind of result.
One of the most surprising privacy results of the last 5 years is the LMW “doubly efficient PIR” paper. The basic idea is that I can load an item from a public database without the operator seeing which item I’m loading & without it having to touch every item in the DB each time.
Short background: Private Information Retrieval isn’t a new idea. It lets me load items from a (remote) public database without the operator learning what item I’m asking for. But traditionally there’s a *huge* performance hit for doing this.
The new and revived Chat Control regulation is back. It still appears to demand client side scanning in encrypted messengers. But removes “detection of new CSAM” and simply demands detection of known CSAM. However: it retains the option to change this requirement back.
For those who haven’t been paying attention, the EU Council and Commission have been relentlessly pushing a regulation that would break encryption. It died last year, but it’s back again — this time with Hungary in the driver’s seat. And the timelines are short.
The goal is to require all apps to scan messages for child sexual abuse content (at first: other types of content have been proposed, and will probably be added later.) This is not possible for encrypted messengers without new technology that may break encryption.