iOS 11 的無線網路與藍芽關假的讓 EFF 不爽...

這次 iOS 11 的無線網路與藍芽需要到 Settings (設定) 裡面才能有效關掉的設計,讓 EFF 不爽寫了一篇文章:「iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security」。

On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”

不過藍芽的洞真的不少,儘量避免吧... +_+

加州的手機防竊提案讓失竊率下降不少...

2013 的時候提過「加州的手機防竊提案...」,後來在 2015 年生效:

In a press release sent to reporters on Thursday, George Gascón said that since the law went into effect on July 1, 2015[,]

在兩大陣營都有類似的功能:

Such a kill switch has become standard in all iPhones ("Activation Lock") and Android phones ("Device Protection") since 2015.

而執行到現在已經兩年了,手機的失竊率下降不少:「San Francisco DA: Anti-theft law results in huge drop in stolen phones」。

[S]martphone-related robberies have fallen 22 percent from 2015 to 2016. When measured from the peak in 2013, "overall robberies involving smartphones have declined an astonishing 50 percent."

變成要找人殺肉才能處理,增加被竊後的處理難度與成本...

iOS 上 Spotlight Search 如果很慢...

看到「Disabling Slack Indexing Seems to Improve Spotlight Performance on iOS」這篇講 iOS 的 Spotlight Search 很慢的問題,作者後來找到與 Slack 有關?到這邊關掉就正常了:

Settings > General > Spotlight Search > toggle Slack off

我是沒遇到... 不過先寫起來,如果以後遇到時應該會有幫助。

Uber 戰火蔓延到 Unroll

最近 Uber 的 CEO 被 Tim Cook 叫去喝咖啡的事情被報導出來:「Uber’s C.E.O. Plays With Fire」,裡面提到了 Uber 試著要「辨別」使用者的 iPhone,而這違反蘋果的政策:

To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.

而 Uber 的搞法是針對蘋果總部所在地點屏蔽這個功能:

So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code for people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.

然後被蘋果工程師抓到,於是 Tim Cook 把人叫來喝咖啡:

The ruse did not last. Apple engineers outside of Cupertino caught on to Uber’s methods, prompting Mr. Cook to call Mr. Kalanick to his office.

另外提到了 Uber 從 Unroll.me 買來 Lyft 的帳單資料當作分析:

Using an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft’s business. (Lyft, too, operates a competitive intelligence team.)

而更精彩的在 Hacker News 上的這串爆了不少料,提到 Unroll 會把所有信件掃下來,丟到 S3 上面:

I worked for a company that nearly acquired unroll.me. At the time, which was over three years ago, they had kept a copy of every single email of yours that you sent or received while a part of their service. Those emails were kept in a series of poorly secured S3 buckets. A large part of Slice buying unroll.me was for access to those email archives. Specifically, they wanted to look for keyword trends and for receipts from online purchases.

The founders of unroll.me were pretty dishonest, which is a large part of why the company I worked for declined to purchase the company. As an example, one of the problems was how the founders had valued and then diluted equity shares that employees held. To make a long story short, there weren't any circumstances in which employees who held options or an equity stake would see any money.

I hope you weren't emailed any legal documents or passwords written in the clear.

而在 FAQ 的「If I delete my Unroll.Me account, what will happen to all of my previously rolled up emails?」裡則是說我們沒有存你的信件:

這爆米花要多買一些了...

iOS 透過無線網路的 RCE...

在「About the security content of iOS 10.3.1」這邊的說明:

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero

這描述看起來就不太妙...

玩 Pokémon Go 抓怪用的 iPhone 手機殼...

看到「This iPhone thong case will help you catch 'em all in 'Pokémon Go'」這個,光看圖就知道意思了:

應該是用 3D Printer 做出來的:

If this sounds familiar, it's basically the commercialized, rubberized version of the 3D-printed Poké Ball "aimer" case that one guy made.

不過這不能丟 Curveball 啊 XDDD

把主力手機從 iPhone 換到 Android

上次主力用 Android 應該是 HTC Desire 時代了,那個時候跑得是 2.2。

總算把 LG G2 (D802) 刷完機器了 (刷了半年,每次都卡關 XDDD),這次刷了 CyanogenModOpen GApps,儘量都用 command line 來刷。

adb devices # 看裝置順便打 RSA public key 進去
adb shell # 進去後可以 ls/su 看一看
adb push filename.zip /sdcard/
adb reboot recovery

Android Marshmallow (6.0) 另外多了對權限的管理,這也是想刷到 6.0 的原因之一,使用者可以隨時 revoke 掉某些權限 (沒有處理好的會 crash XD):

Android Marshmallow introduces a redesigned application permission model: there are now only eight permission categories, and applications are no longer automatically granted all of their specified permissions at installation time. An opt-in system is now used, in which users are prompted to grant or deny individual permissions (such as the ability to access the camera or microphone) to an application when they are needed for the first time. Applications remember the grants, which can be revoked by the user at any time.

其他安裝的流程主要都是苦工了,尤其是 2FA 是少數為了安全性只能一個一個換的東西 (不提供 export,都是用手機提供的 HSM 避免被盜走),剛好趁機會把自己與公司用到的 2FA 帳號分開。

Android 上的 Google Authenticator 不怎麼好用 (不能調整位置,另外不希望隨時都給密碼),測了測 Red Hat 出的 FreeOTP Authenticator 算是比較好用的,就把 FreeOTP Authenticator 拿來給個人用,Google Authenticator 拿來給公司的帳號用。

繼續熟悉現在的 Android 環境,應該會有一陣子不習慣...

Amazon Fire 會把加密系統弄回來

FBIApple 的戰爭開打後,愈來愈多安全與隱私問題被重新拿出來檢驗,而 Amazon 也決定將 2015 年拔掉的加密功能搬回 Fire OS 裡:「Amazon Reverses Course, Encryption Returning for Fire Devices」:

Amazon.com Inc. will restore encryption as a security option on its tablets and other devices that use the Fire operating system, following a customer backlash driven by increased sensitivity about data protection as Apple Inc. grapples with the FBI over access to a terrorist’s iPhone.

預定是今年春天加回來:

Amazon reversed course late Friday night, saying in an e-mail that it would restore encryption as an option on Fire devices with a software update “this spring,“ without being more specific.

愈來愈多公司與產品都認定加密是「基本功能」,無論你有沒有接觸到敏感資料。

蘋果裝置的報廢過程:香港

Bloomberg 的「Where Your iPhone Goes to Die (and Be Reborn)」這篇稍微描述了 Apple 裝置回收後的報廢過程。

報導是寫香港的報廢工廠,但受限於與蘋果的合約就不能具名說是誰:

While global brands including HP, Huawei, Amazon and Microsoft also have detailed protocols for recycling their products, Apple’s are the most rigid and exacting, according to people involved in the processes, who declined to be identified because they’re not authorized to speak about clients.

不過 Bloomberg 的人有跟蘋果官方取得一些訪問資料:

"I think people expect it of us, I think our customers hold us to a high standard," Lisa Jackson, Apple’s head of environmental affairs, said by phone from the company’s Cupertino headquarters. "It’s difficult, because these are incredibly complex pieces of product."

另外也有提到取得時的成本:

After a quick test, the recycler will either buy the phone or offer to scrap it for free. In the U.S., payouts for working phones range from $100 for the smallest-capacity iPhone 4, to $350 for the largest iPhone 6 Plus. More stringent testing then shows whether the handset can be resold or must be scrapped.

以及 Bloomberg 做的一些圖表,可以看到各種處理的原則以及回收的大概流程: