PanamaTimes

Sunday, Jun 16, 2024

We can make our phones harder to hack but complete security is a pipe dream

We can make our phones harder to hack but complete security is a pipe dream

Even the latest iPhone scare won’t persuade us to choose safety over convenience
Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Lockdown is effectively an alternative operating system mode. To turn it on, go to settings, choose it and restart your device. When you do, you find yourself with a rather different iPhone. Browsing the web is clunkier, for example, because Lockdown blocks many of the speed and efficiency tricks that Safari uses to render web pages. Some complex but widely used web technologies, like so-called just-in-time JavaScript compilation, which allow websites to run programs inside your browser, are disabled unless you specifically exclude a website from restriction. Still, more people might be persuaded to plump for greater security after vulnerabilities were revealed on Apple devices.

Lockdown also limits all kinds of incoming invitations and requests (for example, from FaceTime) unless you have specifically asked for them. In messages, the phone won’t show link previews and will block all attachments with the exception of a few standard image formats. Nor will it allow access to anything physically plugged into it. And so on.

The result of engaging Lockdown is that you have an iPhone that is more secure but less convenient to use. And, in a way, that is the most significant thing about Apple’s decision. As the security guru Bruce Schneier puts it: “It’s common to trade security off for usability and the results of that are all over Apple’s operating systems – and everywhere else on the internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.”

Ever since people started to worry about computer safety, the issue has been framed as striking a balance between security and convenience. Up to now, convenience has been winning hands down. Take passwords. Everyone knows that long, complex passwords are more secure than simple ones, but they’re also hard to remember. So, being human, we don’t use them: in 2021, the five most commonly used passwords were: 123456, 123456789, 12345, qwerty and password.

In the era of mainframe computers and standalone PCs, this kind of laxity didn’t matter too much. But as the world became networked, the consequences of carelessness have become more worrying. Why? Because there is no such thing as a completely secure networked device and we have been adding such devices to the so-called Internet of Things (IoT) on a maniacal scale. There are something like 13bn at the moment; by 2030, the tech industry thinks there might be 30bn.

The conventional adjective for these gizmos is “smart”. They can be “hi-tech” items such as smart speakers, fitness trackers and security cameras, but also standard household things such as fridges, lightbulbs and plugs, doorbells, thermostats and so on. From a marketing point of view, their USPs are flexibility, utility and responsiveness – in other words, convenience.

But smart is a euphemism that tactfully conceals the fact that they are tiny computers that are connected to the internet and can be remotely controlled from a smartphone or a computer. Some are made by reputable companies, but many are products of small outfits in China and elsewhere. They come with default usernames and passwords (such as “admin” and “password”) that buyers can change (but usually don’t). Because they’re networked, they are remotely accessible by their owners and, more importantly, by others. And there are billions of them out there in our homes, offices and factories.

Security researchers use the term “attack surface” to describe the number of possible points where an unauthorised user can access a system, extract data and/or inflict damage. The smaller the surface, the easier it is to protect. Unfortunately, the corollary also holds. In our Gadarene rush into the Internet of Things we are creating an attack surface of near-infinite dimensions.

The strange thing is that we already know what the consequences of this are like and yet seem unperturbed by them. In 2016, the security community was transfixed by a number of huge distributed denial-of-service attacks that caused outages, internet congestion and in one case overwhelmed the website of a prominent security guru.

Such attacks used to be conducted by botnets of thousands of infected PCs but the 2016 ones were carried out by a botnet that included perhaps half-a-million infected “smart” gizmos. The Mirai malware that assembled the botnet scoured the web for IoT devices protected by little more than factory-default usernames and passwords and then enlisted them in attacks that hurled junk traffic at an online target until it could no longer function.

Mirai is still around, so you might not be the only entity benefiting from those fancy new networked lightbulbs. The cost of convenience will be higher than we think. So upgrade those passwords.
#NSO 
Newsletter

Related Articles

PanamaTimes
0:00
0:00
Close
Inside El Salvador’s 40,000 Inmate Mega-Prison
Toyota, Mazda, Honda, and Suzuki have committed fraud; falsified safety test results
El Salvador's Bitcoin Holdings Reach $350 Million
Teens Forming Friendships with AI Chatbots
WhatsApp Rolls Out Major Redesign
Neuralink's First Brain Implant Experiences Issue
Apple Unveils New iPad Pro with M4 Chip, Misleading AI Claims
OpenAI to Announce Google Search Competitor
Apple Apologizes for Controversial iPad Pro Ad Featuring Instrument Destruction
German politician of the AFD party, Marie-Thérèse Kaiser was just convicted & fined $6,000+
Changpeng Zhao Sentenced to Four Months in Jail
Biden Administration to Relax Marijuana Regulations
101-Year-Old Woman Mistaken for a Baby by American Airlines: Comical Mix-Up during Flight Check-in
King Charles and Camilla enjoying the Inuit voice singing performance in Canada.
New Study: Vaping May Lower Fertility in Women Trying to Get Pregnant
U.S. DOJ Seeks Three-Year Sentence for Binance Founder Changpeng Zhao
Headlines - Thursday, 23 April 2024
Illinois Woman Wins $45M Lawsuit Against Johnson & Johnson and Kenvue for Mesothelioma Linked to Baby Powder
Panama's lates news for Friday, April 19
Creative menu of a Pizza restaurant..
You can be a very successful player, but a player with character is another level!
Experience the Future of Dining: My Visit to an AI-Powered Burger Joint
Stabbing rampage terror attack in Sydney, at least four people killed, early reports that a baby was among those stabbed.
Iran fired more than 300 drones and missiles at Israel overnight. Israel Reports Light Damage After Iran Launches Large Strike.
I will never get enough of his videos and the pure joy and beauty of these women!!
Scientists at the University of Maryland have developed an "invisibility cloak", for AI using adversarial patterns on a sweater, making the wearer nearly undetectable to standard object detection methods.
Lamborghini Bids Farewell to Its Best-Selling Sports Car: The Huracán
Sam Bankman-Fried Appeals 25-Year Prison Sentence for $8bn FTX Fraud
OJ Simpson, ex-NFL star who was acquitted of murder, dies aged 76
British Backpacker Imprisoned in Notorious Bolivian Prison: Family Raises Funds for Legal Fight and Essentials
Argentina: Venezuela Cuts Power to Embassy after Opposition Meeting
El Salvador Offers 5,000 Passports to Skilled Foreign Workers: Tax-Free Relocation and Citizenship
Panama Papers Trial Begins: Founders of Mossack Fonseca Face Money-Laundering Charges
75 Becomes the New 65: Retiring in Your 60s Unrealistic as Life Expectancy Increases and Costs Rise
Total Solar Eclipse of 2021: 32 Million Witness the Mystical, $1.5bn Spectacle Sweep Across North America
New shopping experience…
New world, new reality, let’s get used to it
UK Company Passes Milestone in Developing Space-Based Solar Power, Aiming to Power a Million Homes and Provide Constant Energy
Mexico Breaks Diplomatic Ties with Ecuador after Police Storm Embassy, Arrest Former Vice President
Monty Python were so ahead of their time
If there's a will, there's a way!
Rules about how to dress are important, but not so much if you have a lot of money.
Body Armor Firm Showcases Stab-Proof Vest in Demo on CEO
Mexico Cuts Diplomatic Ties with Ecuador After Embassy Stormed in Quito
Here is a tattoo idea, for engineers
Zoraya Ter Beek, a 28-year-old woman from the Netherlands, will undergo euthanasia in May due to severe mental health challenges
Here's a video featuring Fidel Castro, where he discusses his stance against war and his commitment to preserving life, positions that have put him at odds with the USA:
Woman reaches behind and steals gun from a security guard and shoots three people while getting detained in Chile
Take a walk around the safe and thriving downtown San Salvador.
Joe Biden criticised by Trump campaign for declaring Transgender Day of Visibility on Easter Sunday
×