Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 8

Apple, Graylock, And Context

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. How's it going today? This episode of mornings with Mark. I want to dive into a story that's been circulating around and got picked up by the New York Times. It's out on the first Purge Bloomberg picked it up around apple and how they're blocking law enforcement tool.

That would be clear a few weeks ago Lorenzo and Joseph at motherboard. I published as part of a series. I'm looking at my phone cracking and access to mobile devices. They've published this story originally weeks ago and it's around the time out for an iPhone or iOS device and how it stops responding to the USB for after a certain amount of time.

So essentially what happens is when your iPhone is locked you can still plug it into a trusted computer in order to do background synchronisation and things like that. And I'm in a previous update to iOS 11 Josephine Lorenzo and found out that applehead change the time for the USB lock out from never down to a week and I had a potential impact on a tool called and gray key from a company called Greylock.

Now, this is a tool that sold the law enforcement's to give them a lot of law enforcement agencies that use me around the world to give them access to iPhones now. It's not obviously endorsed by Apple it if uses an oven durability it exploit this vulnerability in order to gain access.

And so that vulnerability was that there was a flaw on how the USB port trust in various computers have so Apple Authority address is my shortening up the time. I too weak and with the latest build in iOS 12, it looks like that week is going down to an hour.

For the average user. This really doesn't have any impact, right and this doesn't have any Major Impact for the average user but the stories that are going around now. I want a game, you know, this is really broken a month ago by my motherboard Amor several weeks ago by motherboard happy now that it's picking up steam and buy me a p by Bloomberg by everybody in the in the mainstream.

The positioning is what I want to talk about. The position is that this is an explicit move by Apple to stop law enforcement from getting access to phones incorrect flat-out wrong original report from motherboard was in the context of law enforcement gaining access because it was part of a larger story a larger series of posts that looked at the overall issue of accessing mobile devices and vulnerabilities within mobile systems.

So there was a bigger context there the latest pickup this week is very specifically saying this is a move by Apple to stop law enforcement. I would say that wholeheartedly incorrect. This move is very much in line with apples previous statements previous positions around trying to make iOS. Prices as secure as possible and I mentioned a little bit earlier that this move to change the timeout for trusted USB connections.

Does it really impact regular users and that's critical because it really it because of that lack of an impact. That means that they're tightening up the security posture without sacrificing usability. That's a win for us as iOS users. Now the fact that there was a third party company that was using a vulnerability that they did not report to Apple in order to profit and happen to have law enforcement as a Target customer that's outside of this.

Yes. That's an interesting fact and that's unfortunate for law enforcement for that third party company, but for the millions and millions and millions of iOS users you're safer because of this what this means is that somebody with malicious intent or with legal in 10 can't get your device and then access it without you knowing right there closing of under building.

This is what we do in Software and Hardware security all the time if there's a bun durability we look at it. We fix it. We resolved it to the people are safer and more secure. That's exactly what apple is doing here by reducing this time out down to our legitimate users should never see the difference.

Where is any malicious attempt or any surreptitious attempt through legal means I don't think Sartorius is necessarily the word want to say, you know, there's that gray area of law enforcement access but if law enforcement access is using a security mistake a vulnerability to gain access. Well, that's a problem.

There's already An approved law enforcement access mechanism for iOS devices and that's iCloud iCloud is fully compliant with law enforcement there with your additional order. They will gain access to the iCloud account a number of cases of highlighted that that's the way forward that that has been successful for evidence Gathering of that's not successful in every case.

But again number of cases law. Norsemen is having challenges with number of iOS users is massive, right? So we need to keep it in context in. This is where I really kind of took exception to how things have been reported. I tweeted out actually, you know better headline for The Verge article least would have been Apple closes security loophole.

You know, it's that's the challenge I have with his is being reported as a malicious move from Apple to block law enforcement is dissing Jam. Can we speak this morning? This is brutal. It's not disingenuous. I'd say you know, what is borderline because it's not a move by Apple to block that Apple has full cooperation of law enforcement as you would expect through iCloud.

The difference is they want to make that device as secure as possible that device goes with us everywhere. It's a massive privacy and security risk for us as users. Every time they can tighten at security up War better or whether or not law enforcement can have access is it different question and that there are existing legal means in every modern country to get that that's through iCloud.

Through a subpoena. That's your compelling you to unlock the device. There are mechanisms in place. We don't need to weaken the security of systems to give additional was it in this case Apple was blocking law enforcement. They were simply fixing a mistake and closing a vulnerability that went unreported and profited by any number of law enforcement agencies.

So there's a larger question. If law enforcement is supposed to be protecting what role do they have in finding vulnerabilities or if they find him on Realty reporting it back to the manufacturer to repair it. So despite my fumbling around my porch this morning despite my inarticulate seeing their despite my in articulation.

I think the point is is made when motherboard wrote the story a few weeks ago. It was within a larger context. Unfortunately the most recent round of me pick up on this is within a very specific a slant and I don't think it's inappropriate one. And because this is just Apple fixing upon her ability and the fact that Block Force One was explaining that vulnerability out reporting it is an issue and the fact that law enforcement was relying on an undocumented access.

It is an issue the fact that there is a fully compliant access through other legal means is that are just technical means that's how long for son is getting the evidence it again, I fully support law enforcement. They should be doing everything they can to gain access to these devices.

It's our job is the community. It's our job as Citizens to put up the guard rails with in which that they should operate have for me. I want a devices as secure as physically possible and because I take it everywhere I map to lose it or not to leave it somewhere.

It's apt to be stolen and we want to make sure that that doesn't expose our use our digital lives unnecessarily apples move to shorten the USB timeout and lockouts down to an hour is a good one. It's a win for users. Let me know what you think of me up online at Mark NCAA in the comments down below.

Where is always by email me at Mark end. CA, it's it. It's an interesting question. It's a question that crosses several boundaries. I'm interested in hearing your feedback. Let me know. Let's get a discussion started. I hope you're set up for a fantastic day and I'll see you tomorrow.

Good morning, everybody. How's it going today? This episode of mornings with Mark. I want to dive into a story that's been circulating around and got picked up by the New York Times. It's out on the first Purge Bloomberg picked it up around apple and how they're blocking law enforcement tool.

That would be clear a few weeks ago Lorenzo and Joseph at motherboard. I published as part of a series. I'm looking at my phone cracking and access to mobile devices. They've published this story originally weeks ago and it's around the time out for an iPhone or iOS device and how it stops responding to the USB for after a certain amount of time.

So essentially what happens is when your iPhone is locked you can still plug it into a trusted computer in order to do background synchronisation and things like that. And I'm in a previous update to iOS 11 Josephine Lorenzo and found out that applehead change the time for the USB lock out from never down to a week and I had a potential impact on a tool called and gray key from a company called Greylock.

Now, this is a tool that sold the law enforcement's to give them a lot of law enforcement agencies that use me around the world to give them access to iPhones now. It's not obviously endorsed by Apple it if uses an oven durability it exploit this vulnerability in order to gain access.

And so that vulnerability was that there was a flaw on how the USB port trust in various computers have so Apple Authority address is my shortening up the time. I too weak and with the latest build in iOS 12, it looks like that week is going down to an hour.

For the average user. This really doesn't have any impact, right and this doesn't have any Major Impact for the average user but the stories that are going around now. I want a game, you know, this is really broken a month ago by my motherboard Amor several weeks ago by motherboard happy now that it's picking up steam and buy me a p by Bloomberg by everybody in the in the mainstream.

The positioning is what I want to talk about. The position is that this is an explicit move by Apple to stop law enforcement from getting access to phones incorrect flat-out wrong original report from motherboard was in the context of law enforcement gaining access because it was part of a larger story a larger series of posts that looked at the overall issue of accessing mobile devices and vulnerabilities within mobile systems.

So there was a bigger context there the latest pickup this week is very specifically saying this is a move by Apple to stop law enforcement. I would say that wholeheartedly incorrect. This move is very much in line with apples previous statements previous positions around trying to make iOS. Prices as secure as possible and I mentioned a little bit earlier that this move to change the timeout for trusted USB connections.

Does it really impact regular users and that's critical because it really it because of that lack of an impact. That means that they're tightening up the security posture without sacrificing usability. That's a win for us as iOS users. Now the fact that there was a third party company that was using a vulnerability that they did not report to Apple in order to profit and happen to have law enforcement as a Target customer that's outside of this.

Yes. That's an interesting fact and that's unfortunate for law enforcement for that third party company, but for the millions and millions and millions of iOS users you're safer because of this what this means is that somebody with malicious intent or with legal in 10 can't get your device and then access it without you knowing right there closing of under building.

This is what we do in Software and Hardware security all the time if there's a bun durability we look at it. We fix it. We resolved it to the people are safer and more secure. That's exactly what apple is doing here by reducing this time out down to our legitimate users should never see the difference.

Where is any malicious attempt or any surreptitious attempt through legal means I don't think Sartorius is necessarily the word want to say, you know, there's that gray area of law enforcement access but if law enforcement access is using a security mistake a vulnerability to gain access. Well, that's a problem.

There's already An approved law enforcement access mechanism for iOS devices and that's iCloud iCloud is fully compliant with law enforcement there with your additional order. They will gain access to the iCloud account a number of cases of highlighted that that's the way forward that that has been successful for evidence Gathering of that's not successful in every case.

But again number of cases law. Norsemen is having challenges with number of iOS users is massive, right? So we need to keep it in context in. This is where I really kind of took exception to how things have been reported. I tweeted out actually, you know better headline for The Verge article least would have been Apple closes security loophole.

You know, it's that's the challenge I have with his is being reported as a malicious move from Apple to block law enforcement is dissing Jam. Can we speak this morning? This is brutal. It's not disingenuous. I'd say you know, what is borderline because it's not a move by Apple to block that Apple has full cooperation of law enforcement as you would expect through iCloud.

The difference is they want to make that device as secure as possible that device goes with us everywhere. It's a massive privacy and security risk for us as users. Every time they can tighten at security up War better or whether or not law enforcement can have access is it different question and that there are existing legal means in every modern country to get that that's through iCloud.

Through a subpoena. That's your compelling you to unlock the device. There are mechanisms in place. We don't need to weaken the security of systems to give additional was it in this case Apple was blocking law enforcement. They were simply fixing a mistake and closing a vulnerability that went unreported and profited by any number of law enforcement agencies.

So there's a larger question. If law enforcement is supposed to be protecting what role do they have in finding vulnerabilities or if they find him on Realty reporting it back to the manufacturer to repair it. So despite my fumbling around my porch this morning despite my inarticulate seeing their despite my in articulation.

I think the point is is made when motherboard wrote the story a few weeks ago. It was within a larger context. Unfortunately the most recent round of me pick up on this is within a very specific a slant and I don't think it's inappropriate one. And because this is just Apple fixing upon her ability and the fact that Block Force One was explaining that vulnerability out reporting it is an issue and the fact that law enforcement was relying on an undocumented access.

It is an issue the fact that there is a fully compliant access through other legal means is that are just technical means that's how long for son is getting the evidence it again, I fully support law enforcement. They should be doing everything they can to gain access to these devices.

It's our job is the community. It's our job as Citizens to put up the guard rails with in which that they should operate have for me. I want a devices as secure as physically possible and because I take it everywhere I map to lose it or not to leave it somewhere.

It's apt to be stolen and we want to make sure that that doesn't expose our use our digital lives unnecessarily apples move to shorten the USB timeout and lockouts down to an hour is a good one. It's a win for users. Let me know what you think of me up online at Mark NCAA in the comments down below.

Where is always by email me at Mark end. CA, it's it. It's an interesting question. It's a question that crosses several boundaries. I'm interested in hearing your feedback. Let me know. Let's get a discussion started. I hope you're set up for a fantastic day and I'll see you tomorrow.