Tanggapan seorang hacker iOS soal Apple vs FBI

Sebuah artikel menarik dari seorang ahli keamanan mobile yang juga seorang hacker iOS legendaris Will Strafach (@chronic) yang membahas beberapa poin soal perseteruan Apple vs. FBI yang lagi ramai dibicarakan.

3. Although the passcode attempt counter on the iPhone 5c can be handled without much work, the FBI request to allow it to electronically make passcode attempts is a considerable issue. This would specifically require Apple to modify the source code of SpringBoard (which powers the lock screen) to specifically add code that enables this capability, and sign it with the company’s production certificate so that the device will run the code. The reason Apple stresses that this is a “backdoor” in its statement is because the order is specifically requesting that Apple make a modification that serves no purpose other than to weaken iOS security by allowing brute force attempts. As touched upon in point #2, this will look horrible for Apple if it complies.

4. Here’s something pretty vital that no one has mentioned yet: The custom signed RAM disk that the FBI is requesting will not be possible to boot using the regular TSS restore servers, which check the validity of firmware files that are being loaded during each restore.

To allow restoration to a custom firmware, Apple would need to either: (a) make changes to the way its restore server works for this specific case, potentially causing major security concerns if any sort of mistake is made (which could make this an unreasonable / burdensome request, or (b) bring the device onto its internal network and load the firmware using the restore server used internally, since it can be assumed that such an in-house server exists for the purpose of restoring to unreleased firmware versions.

Selengkapnya bisa dibaca di sini.

Samsung Galaxy Back-door

Backdoor di Samsung Galaxy telah ditemukan oleh developer Replicant.

Dikutip dari FSF:

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone’s storage.

Syukurlah, tanpa OSS backdoor ini mungkin tidak akan pernah ditemukan.