TechDigits

Tech news
Wednesday, Feb 08, 2023

We can make our phones harder to hack but complete security is a pipe dream

We can make our phones harder to hack but complete security is a pipe dream

Even the latest iPhone scare won’t persuade us to choose safety over convenience
Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Lockdown is effectively an alternative operating system mode. To turn it on, go to settings, choose it and restart your device. When you do, you find yourself with a rather different iPhone. Browsing the web is clunkier, for example, because Lockdown blocks many of the speed and efficiency tricks that Safari uses to render web pages. Some complex but widely used web technologies, like so-called just-in-time JavaScript compilation, which allow websites to run programs inside your browser, are disabled unless you specifically exclude a website from restriction. Still, more people might be persuaded to plump for greater security after vulnerabilities were revealed on Apple devices.

Lockdown also limits all kinds of incoming invitations and requests (for example, from FaceTime) unless you have specifically asked for them. In messages, the phone won’t show link previews and will block all attachments with the exception of a few standard image formats. Nor will it allow access to anything physically plugged into it. And so on.

The result of engaging Lockdown is that you have an iPhone that is more secure but less convenient to use. And, in a way, that is the most significant thing about Apple’s decision. As the security guru Bruce Schneier puts it: “It’s common to trade security off for usability and the results of that are all over Apple’s operating systems – and everywhere else on the internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.”

Ever since people started to worry about computer safety, the issue has been framed as striking a balance between security and convenience. Up to now, convenience has been winning hands down. Take passwords. Everyone knows that long, complex passwords are more secure than simple ones, but they’re also hard to remember. So, being human, we don’t use them: in 2021, the five most commonly used passwords were: 123456, 123456789, 12345, qwerty and password.

In the era of mainframe computers and standalone PCs, this kind of laxity didn’t matter too much. But as the world became networked, the consequences of carelessness have become more worrying. Why? Because there is no such thing as a completely secure networked device and we have been adding such devices to the so-called Internet of Things (IoT) on a maniacal scale. There are something like 13bn at the moment; by 2030, the tech industry thinks there might be 30bn.

The conventional adjective for these gizmos is “smart”. They can be “hi-tech” items such as smart speakers, fitness trackers and security cameras, but also standard household things such as fridges, lightbulbs and plugs, doorbells, thermostats and so on. From a marketing point of view, their USPs are flexibility, utility and responsiveness – in other words, convenience.

But smart is a euphemism that tactfully conceals the fact that they are tiny computers that are connected to the internet and can be remotely controlled from a smartphone or a computer. Some are made by reputable companies, but many are products of small outfits in China and elsewhere. They come with default usernames and passwords (such as “admin” and “password”) that buyers can change (but usually don’t). Because they’re networked, they are remotely accessible by their owners and, more importantly, by others. And there are billions of them out there in our homes, offices and factories.

Security researchers use the term “attack surface” to describe the number of possible points where an unauthorised user can access a system, extract data and/or inflict damage. The smaller the surface, the easier it is to protect. Unfortunately, the corollary also holds. In our Gadarene rush into the Internet of Things we are creating an attack surface of near-infinite dimensions.

The strange thing is that we already know what the consequences of this are like and yet seem unperturbed by them. In 2016, the security community was transfixed by a number of huge distributed denial-of-service attacks that caused outages, internet congestion and in one case overwhelmed the website of a prominent security guru.

Such attacks used to be conducted by botnets of thousands of infected PCs but the 2016 ones were carried out by a botnet that included perhaps half-a-million infected “smart” gizmos. The Mirai malware that assembled the botnet scoured the web for IoT devices protected by little more than factory-default usernames and passwords and then enlisted them in attacks that hurled junk traffic at an online target until it could no longer function.

Mirai is still around, so you might not be the only entity benefiting from those fancy new networked lightbulbs. The cost of convenience will be higher than we think. So upgrade those passwords.
#NSO 
Newsletter

Related Articles

TechDigits
Close
0:00
0:00
Charlie Munger, calls for a ban on cryptocurrencies in the US, following China's lead
First generation unopened iPhone set to fetch more than $50,000 at auction.
Almost 30% of professionals say they've tried ChatGPT at work
Interpol seeks woman who ran elaborate exam cheating scam in Singapore
What is ChatGPT?
Tesla reported record profits and record revenues for 2022
Microsoft is finalising plans to become the latest technology giant to reduce its workforce during a global economic slowdown
Tesla slashes prices globally by as much as 20 percent
After Failing To Pay Office Rent, Twitter May Sell User Names
FTX fraud investigators are digging deeper into Sam Bankman-Fried's inner circle – and reportedly have ex-engineer Nishad Singh in their sights
TikTok CEO Plans to Meet European Union Regulators
U.S. Moves to Seize Robinhood Shares, Silvergate Accounts Tied to FTX
Coinbase to Pay $100 Million in Settlement With New York Regulator
FTX assets worth $3.5bn held by Bahamas securities regulator
Former FTX CEO Bankman-Fried finally arrested in Bahamas after U.S. files charges
Corruption works: House Financial Services Chair Waters doesn't plan to subpoena her donor, Sam Bankman-Fried, to testify at hearing on FTX collapse
Yellen hints at ‘national security’ probe into Twitter purchase
Elon Musk reinstates Donald Trump's Twitter account.
George W. Bush and Barack Obama will hold back-to-back disinformation conferences
Solar + Powerwall ensures you never lose power, even if the grid goes down
This man paid for strangers' grocery and it moved them to tears
Meta introduces a new version of Mark Zuckerberg
Virtual Reality on billboards: BMW advertisement on Times Square
Apple CEO Tim Cook says coding should be taught as early as elementary school: 'It's the most important language you can learn'
Apple Executive Resigns After Viral TikTok Shows Him Making Crude Jokes
Huawei is not only better technology, but also protecting users better: Apple Warns Of Security Flaw For Iphones, Ipads And Macs
Mark Zuckerberg warns many teams will ‘shrink’ as Meta revenue drops
Elon Musk reportedly begged for forgiveness after his affair with Google co-founder Sergey Brin's wife
J.P. Morgan’s wealth management guru has some advice for recent college graduates on managing money and building wealth
Pentagon widens scope of UFO-hunting unit
Bezos' girlfriend Lauren Sanchez gives $1M to group focused on migrant kids at US-Mexico border
Hong Kong gets its first metaverse churches with avatars and virtual preachers
The ‘Dirty Quid Pro Quo’ Between Democrats and Big Tech
Elon Musk swore in March not to sell any Bitcoin, but Tesla cashed out 75% of its Bitcoin holdings amid the crypto winter just months later
Crypto winter continues at Gemini as another round of layoffs hits Winklevoss crypto exchange
Ex-CIA engineer Joshua Schulte convicted over massive data leak
EU to build new top-secret bunker
Elon Musk fathered twins with one of his executives last year
Apple launches Lockdown Mode to block spyware attacks on at-risk users
Australia floods worsen as thousands more Sydney residents evacuate
Women's own body dissatisfaction appears to influence their judgment of other women's body sizes
Hacker claims to have obtained data on 1 billion Chinese citizens
British Army's Twitter and YouTube accounts restored after hack
Google will delete location history for visits to abortion clinics after overturning of Roe v. Wade
Elon Musk, Jeff Bezos, Other Top Billionaires Lose $1.4 Trillion In Worst Half Ever
Philippines orders critical news site to shut down
Social media companies could be sued for addicting children to their digital-drug in California 
Airport chaos: European travel runs into pandemic cutbacks
The teen who tracks Elon Musk's jet agreed to stop monitoring Mark Cuban's flights on Twitter after the billionaire offered business advice
YouTube Shorts Claims 1.5 Billion Global Users As TikTok Rivalry Heats Up
×