ExtraBITS for 21 March 2016
In breaking news this week, the Department of Justice may have caved to Apple in the Apple/FBI encryption battle, and you need to update your old Kindle right away! In other ExtraBITS, Bloomberg reveals that the Apple/FBI battle has been brewing since before the release of iOS 8, Apple may be protected from the FBI by a federal statute, a new iOS trojan can infect non-jailbroken iPhones, Game Center remains broken in iOS 9, John Oliver explains the battle over encryption, and so-called “typosquatters” are targeting Mac users.
Department of Justice Moves to Postpone iPhone Court Hearing — In breaking news, the U.S. Department of Justice is seeking to “vacate” a hearing set for 22 March 2016, saying that an “outside party” has demonstrated a possible method for unlocking the iPhone involved in the San Bernardino terrorist attack, which, if successful, would eliminate the need for assistance from Apple. This postponement feels more like legal maneuvering than some technical breakthrough. While it may not mean the end of the case, it might be an indication that the FBI feels that its chances of
compelling Apple to create the equivalent of a backdoor are dropping and is looking for a face-saving way out.
Update Your Old Kindle Tonight — If you have an old Kindle sitting around that you haven’t used or updated in a while, dust it off and update it tonight. Otherwise, Amazon warns that it won’t be able to connect to the Kindle Store or sync with Amazon’s servers. All you need to do is fire up the Kindle and choose Sync and Check for Items in the main menu. If you don’t see this warning in time, it’s not the end of the world. After 21 March 2016, you can still update your Kindle via USB to enable it to connect once again with the Amazon
Bloomberg Charts the Buildup to the Apple/FBI Battle — The conflict between Apple and the FBI has been building since the release of iOS 8, and Bloomberg has now published a behind-the-scenes look at the lead-up to the FBI taking the fight public. Based on interviews with more than a dozen government officials, technology executives, and attorneys, the article provides insight into the thinking that drives each side. It’s well worth a read for anyone tracking the case.
Apple Defense Bolstered by CALEA — Apple may have support in its fight with the FBI from an unexpected source — a federal statute designed to give law enforcement certain access to telecommunications infrastructure. Susan Crawford, who is a professor at Harvard Law School and served as President Barack Obama’s Special Assistant for Science, Technology, and Innovation Policy in 2009, suggests in this Backchannel article that Section 1002 of the Communications Assistance for Law Enforcement Act (CALEA) explicitly withholds from the government the
authority “to require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. Since specific statutes, like CALEA, trump general ones, like the All Writs Act, Crawford believes the FBI will have to go back to Congress if it wants reinterpret what’s allowed by CALEA.
AceDeceiver: First iOS Trojan Exploits Apple’s FairPlay DRM — Security firm Palo Alto Networks has discovered a new family of iOS malware that can infect non-jailbroken devices. Called “AceDeceiver,” this is not something for most Mac users with iOS devices to worry about now, since the exploit relies on a separately infected Windows machine (and it displayed malicious behavior only when the user was located in China). The attack vector is novel in that it relies on flaws in Apple’s FairPlay digital rights
management code and malware that masquerades as iTunes to install apps without the user’s knowledge. Although Apple’s code review failed to catch the malware initially, the company has now removed AceDeceiver from the App Store.
Game Center Still Broken after Six Months of iOS 9 — Writer Craig Grannell points out how Game Center has been broken since the release of iOS 9. That might seem minor, since Game Center isn’t an especially popular app, but many multiplayer turn-based games depend on Game Center to function, so many of them now work inconsistently. Unfortunately, this is more evidence of the decline in Apple’s software quality.
John Oliver Explains the Battle Over Encryption — Are you struggling to understand the battle between Apple and the FBI over iPhone encryption? Or perhaps you’re having trouble explaining it to a non-technical friend? In this 18-minute video, HBO’s John Oliver lays out the entire case, explaining the details and what’s at stake. Impressively, the piece gets everything right at a technical level and even captures the nuance in the positions of both sides. It’s also pretty funny, but be aware that Oliver uses some strong language (this is HBO, after all). Don’t miss the fake Apple commercial at the end!
“Typosquatters” Targeting Mac Users — Threatpost reports that so-called “typosquatters” — groups who buy domain names similar to famous ones for nefarious purposes — have been attempting to trick Mac users into installing malware disguised as an Adobe Flash update. In our testing, none of the “.om” domains Threatpost mentions attempted to do this, but regardless, never install software updates from unknown sites, and even if it’s a known site, check the URL first to ensure that it’s authentic! Even better, don’t install Adobe Flash at all; if
you have to use Flash, use the automatically updated copy built into the Google Chrome Web browser.