I usually do not comment on new products, but what I read about the new iPhone X made wonder if we are finally getting closer to the infinite number of science fiction computers that can really interact directly with a human being.
I guess that everyone remembers HAL 9000 from “2001: A Space Odyssey” (1968), and it had plenty of ancestors and an infinite number of descendants.
Have a very Happy New Year!
… and to start 2017 on a great note, I write again about Hardware Vulnerabilities with comments on Cloud and Mobile Security.
The opportunity for this blog entry has been provided to me by the talk “What could possibly go wrong with <insert x86 instruction here>? Side effects include side-channel attacks and bypassing kernel ASLR” by Clémentine Maurice and Moritz Lipp at Chaos Computer Club 2016 which I suggest to watch (it lasts 50 minutes and it is not really technical despite its title).
A super-short summary of the talk is that it is possible to mount very effective side- (in particular time-) channel attacks on practically any modern Operating System which allow to extrafiliate data, open communication channel and spy on activities like keyboards inputs. All of this using only lecit commands and OS facilities, but in some innovative ways.
The reason for which these attacks are possibile is that the hardware does not prevent them, actually some hardware features, added to improve performances, make these attacks easier or even possible (see also my previous post on Hardware Vulnerabilities about this). So from the Security point of view these Hardware features should be considered as Vulnerabilities.
What is it possible to do with these techniques? Considering Cloud, it is possible to monitor the activities of another Virtual Machine running on the same hardware, extract secrect cryptography keys (but this depends on how the algorithm and protocols are implemented), establish hidden communication channels etc.
Similarly for Mobile, it is possible to have a totally lecit App to monitor the keyboard activity, or 2 Apps to establish a hidden communication so that one reads some data and the other sends it to a remote destination, all without violating any security rule (actually each one having very limited privilegies and restricted setups).
Morevoer it seeems easy to embed this kind of attacks in lecit applications and current anti-virus seem to lack the capabilities needed to intercept them. Indeed the activites performed to implement these attacks look almost identical to the ones performed by any program and it seems that only a particular performance monitoring could discover them.
According to JBN, with a sequence of moves it is possible to bypass iOS 6.x passcode lock, to directly access the address book and from here to make calls, get emails, SMS, pictures etc.
I am just curious to know if this is a planned “feature”, a back-door or just a bug and in this last case how someone managed to discover it.
The security consequences for iPhones’ owners who have their phones stolen, lost or just borrowed, should be obvious.
Andrea Pasquinucci 