Flaw Discovered In Apple iMessage Encryption, Reminding Us That Compelled Backdoors Are Idiotic

from the encryption-is-hard dept

One of the points that seems to be widely misunderstood by people who don't spend much time in computer security worlds, is that building secure encryption systems is really hard and almost everything has some sort of vulnerability somewhere. This is why it's a constant struggle by security researchers, cryptographers and security engineers to continually poke holes in encryption, and try to fix up and patch systems. It's also why the demand for backdoors is idiotic, because they probably already exist in some format. But purposely building in certain kinds of backdoors that can't be closed by law almost certainly blasts open much larger holes for those with nefarious intent to get in.

Case in point: over the weekend, computer science professor Matthew Green and some other researchers announced that they'd discovered a serious hole in the encryption used for Apple's iMessage platform, allowing a sophisticated hacker to access encrypted messages and pictures. And, Green, who has been vocal about the ridiculousness of the DOJ's request against Apple, notes how this is yet more evidence that the DOJ's request is a bad idea:

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

It's worth noting that the flaw that he and his team found would not have helped the FBI get what it wants off of Syed Farook's iPhone, but it's still a reminder of just how complex cryptography currently is, at a time when people are trying to keep everyone out. Offer up any potential backdoor, and you're almost certainly blasting major holes throughout the facade.

Apple is getting ready to push out a software update that will fix the flaw shortly. And this, alone, is yet another reason why the DOJ's case is so dangerous -- since the method it wants to use to get into Farook's phone is via its capabilities to push software updates. Patching software holes is a major reason to accept regular software updates, but the FBI is now trying to co-opt that process to install unsafe code. That, in turn, may prompt people to avoid software updates altogether, which in most cases will make them less safe.

Filed Under: complexity, cryptography, doj, encryption, fbi, imessage, matthew green, privacy
Companies: apple

Green Bubbles: How Apple Quietly Gets iPhone Users To Hate Android Users

from the design-choices-matter dept

Paul Ford, once again, has written up something fascinating. He discusses something I had no idea happened: when an iPhone user texts with another iPhone user using iMessage, the outgoing texts appear in calm blue bubbles. When an iPhone user texts with a non-iPhone user (or an iPhone user using something other than iMessage -- meaning mainly Android users, obviously), those outgoing texts are in a harsh green. Here are the two examples Paul shows, starting with the iPhone to iPhone: And then the Android to iPhone: As noted, I had no idea that this happened, because I don't own an iPhone. There is one slight functional reason for this: users may have to pay for SMS messages, but not for iMessages, and thus it could have an impact on a bill. But here's the more interesting tidbit, which is the crux of Ford's article: lots of people absolutely hate those green bubbles. As he notes, if you do a Twitter search on "green bubbles" you'll see an awful lot of anti-green-bubble sentiment. Here are just a few examples I quickly found (Paul has others in his article).

Those are just some of the anti-green-bubble messages from the past 24 hours. There are actually a lot more, and it goes on and on. It's kind of amazing just how many people are tweeting about their hatred for green bubbles.

Ford, then goes into a really interesting discussion on the nature of product management and design choices -- the kind of thing that Apple doesn't do on a whim -- to get to the real point: Apple is likely choosing harsh, ugly green bubbles on purpose. As a petty way to put down Android users:

Apple must know by now that the people of the blue bubbles make fun of the people of the green. And I guess if I worked at Apple I’d be pretty psyched with this reaction. After all, what is a more powerful brand amplifier than social pressure? If people who converse in green bubbles start to feel relatively poor, or socially inferior, because they chose to use a less-expensive pocket supercomputer than those made by Apple, that could lead to iPhone sales. Ugly green bubbles = $$$$$ and promotions.

But I think the ugly green bubbles are the result of a mean-spirited, passive-aggressive product decision, marketed in a mean-spirited way. Certainly it’s not a crisis in capitalism. This is not to say that Google is good and Apple is bad; they’re both enormous structures that have so much power that they can manufacture their own realities (except for Google Glass, then not so much).

The bubbles are a subtle, little, silly thing but they are experienced by millions of people. That amplifies that product descision into a unsubtle, large, serious-yet-still silly thing. The people who are tweeting about green bubbles are following Apple’s lead. It’s not unprecedented; Apple has done stuff like this before, like giving Windows machines on its network a “Blue Screen of Death” icon. But people spend so much time texting that it adds up.

Beyond highlighting Apple's apparent pettiness (and lack of ability to allow users to customize things for themselves), it also highlights how very minor design decisions do matter in a fairly big way. I recognize that some people like to get into tech fanboy wars: iPhone v. Android, Mac v. Windows v. Linux, Playstation v. Xbox, etc. That's going to happen, even if it mostly seems like a waste of time. But, really, using subtle design choices to highlight and further such fights seems to show such a childish attitude to competition. Good competitors focus on making their own products better, not demeaning the competition. It's when they run out of good ideas that the focus shifts to attacking the competition. Apple has done so many things right with the iPhone in pushing the barriers of innovation, it would be better if they just focused on making the overall customer experience better, rather than trying to offer subtle digs at non-iPhone users.

Filed Under: android, design choices, green bubbles, imessage, sms
Companies: apple