AWS Device Farm 可以遠端操作

AWS 又推出新的功能,這次 AWS Device Farm 讓使用者可以遠端互動跟機器操作:「AWS Device Farm Update – Remote Access to Devices for Interactive Testing」。

在「Test Devices List」這邊可以找到很多舊版本的機器可以互動操作 (尤其是 iOS 系列的機器),就可以拿來測各種舊版本的 bug report 了...

對 ECDSA 實體非破壞性的 Side Channel 攻擊

用很簡單的設備透過 Side Channel 攻擊取得 ECDSA private key:「ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels」。這次 Side Channel 只需要簡單的線圈,透著一塊玻璃也 okay:

文章裡面提到是 Tracker Pre,查了一下二手價是 USD$80:

這邊抓出了 ADD 產生出的訊號:

然後就可以利用這些訊號重建出 private key:

After observing the elliptic-curve DOUBLE and ADD operations during a few thousand signatures, the secret signing key can be completely reconstructed.

下面中獎的 library 有點多,可以看到主要是以 constant-time implementation 或是 side-channel mitigation technique 來解這個問題。

Apple 打算把 iCloud 加密用的 Key 放到用戶端

在經過最近 FBIApple 的戰鬥中 (FBI–Apple encryption dispute),Apple 正規劃把 iCloud 加密所使用的 key 放到用戶端裝置上,而非放在伺服器端:「Apple to Hand iCloud Encryption Key Management to Account Holders」:

In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering what it calls “Zero Knowledge” cloud storage. By that, SpiderOak retains no information about whatever is stored in its cloud service, nor the means of gaining access to it.

也就是加解密都放在 client 端處理,server 端只是 storage。

這類型最大的問題是 server 端沒辦法運用資料,但 iCloud 的確可以放掉這些功能 (搜尋之類的),純粹當 storage 使用,藉以讓使用者自己裝置保護。

而蘋果在使用者的裝置上把類似於 HSM 的系統做的頗強大... 不知道 Android 有沒有機會也跟進。(雖然我自己是用 Apple 家的東西...)

Amazon Fire 會把加密系統弄回來

FBIApple 的戰爭開打後,愈來愈多安全與隱私問題被重新拿出來檢驗,而 Amazon 也決定將 2015 年拔掉的加密功能搬回 Fire OS 裡:「Amazon Reverses Course, Encryption Returning for Fire Devices」:

Amazon.com Inc. will restore encryption as a security option on its tablets and other devices that use the Fire operating system, following a customer backlash driven by increased sensitivity about data protection as Apple Inc. grapples with the FBI over access to a terrorist’s iPhone.

預定是今年春天加回來:

Amazon reversed course late Friday night, saying in an e-mail that it would restore encryption as an option on Fire devices with a software update “this spring,“ without being more specific.

愈來愈多公司與產品都認定加密是「基本功能」,無論你有沒有接觸到敏感資料。

蘋果裝置的報廢過程:香港

Bloomberg 的「Where Your iPhone Goes to Die (and Be Reborn)」這篇稍微描述了 Apple 裝置回收後的報廢過程。

報導是寫香港的報廢工廠,但受限於與蘋果的合約就不能具名說是誰:

While global brands including HP, Huawei, Amazon and Microsoft also have detailed protocols for recycling their products, Apple’s are the most rigid and exacting, according to people involved in the processes, who declined to be identified because they’re not authorized to speak about clients.

不過 Bloomberg 的人有跟蘋果官方取得一些訪問資料:

"I think people expect it of us, I think our customers hold us to a high standard," Lisa Jackson, Apple’s head of environmental affairs, said by phone from the company’s Cupertino headquarters. "It’s difficult, because these are incredibly complex pieces of product."

另外也有提到取得時的成本:

After a quick test, the recycler will either buy the phone or offer to scrap it for free. In the U.S., payouts for working phones range from $100 for the smallest-capacity iPhone 4, to $350 for the largest iPhone 6 Plus. More stringent testing then shows whether the handset can be resold or must be scrapped.

以及 Bloomberg 做的一些圖表,可以看到各種處理的原則以及回收的大概流程:

AWS Device Farm 支援手機上的 Web Application 測試

AWS Device Farm 支援在 iOSAndroid 上測試 Web Application 了:「AWS Device Farm Update – Test Web Apps on Mobile Devices」。

支援愈來愈多東西了...

AWS Device Farm 支援 iOS Device 了

AWS 前幾天宣佈將在 8/4 發表 AWS Device Farm 支援 iOS 的消息,剛剛看到了:「AWS Device Farm adds support for iOS – Test your iOS, Android and Fire OS apps against real devices in the AWS Cloud」。

在「Device List」這邊可以看到所有支援的機種,iOS 的部份包括了 iPadiPhoneiPod Touch,看起來只有比較新的機種有支援...

AWS Device Farm 將支援 iOS 裝置

剛剛在 Twitter 上先看到了:「Coming Soon – AWS Device Farm Support for iOS Apps」。

We plan to launch support for iOS on August 4, 2015 with support for the following test automation frameworks:

應該是有跟蘋果合作吧,感覺會是成千上萬隻的量在跑... XD

AWS 推出的 Device Farm

AWS Device Farm 正式啟用了,可以測 AndroidAmazonFire OS 手機:「AWS Device Farm – Test Mobile Apps on Real Devices」。

有支援各種測試框架:

也可以設定手機的狀態:

然後各種 screenshot:

以及測試時的資源使用狀態:

價錢就如同之前提到的,USD$0.17/min 或是單隻包月 USD$250 (大約是測一整天的價錢):

Pricing is in units of device minutes, basically the duration of a single test run on a particular device. You get 250 minutes at no charge as part of a Free Trial; after that you pay $0.17 per device minute. You can also opt in to our unmetered testing plan; you can perform unlimited testing on any supported Android or FireOS device for a flat monthly fee of $250.

AWS 推出 Device Farm (行動裝置測試平台)

AWS 最近動作很多,預定在 2015/07/13 推出 AWS Device Farm,可以讓使用者直接租機器測試,價錢則是 USD$0.17/minute,或是租用一整個月 USD$250/month (一個裝置):

Pricing is based on device minutes, which are determined by the number of devices you use and the duration of your tests. AWS Device Farm comes with a free tier of 250 device minutes. After that you are charged $0.17 per device minute. As your testing needs grow, you can opt for our unmetered testing plan, which allows unlimited testing for a flat monthly fee of $250 per device.

等推出了之後再來研究看看,另外問問看公司內的同事來安排測試好了?