There's been a lot of discussion today about the "new iPhone" that was discovered because some git left it in a Redwood City, California bar. (Un)fortunately, it made it's way to the folks at Gizmodo and it's now a topic of discussion all over the Internet. Given how much Apple likes to control the information about their products, I can't see them intentionally "leaking" the device prior to the official announcement.

There is some benefit to this "leak" in that it cranks up the hype machine to 12. However, this allows a lot of potentially mis-information to be propagated--unchecked by Apple. In general, though, mobile phone manufacturers do not like their products leaked before they are ready for one simple reason: it gives the competition a head start in responding. At least that was the corporate line given to us at Nokia when I worked there :)

The one piece of information that nobody is mentioning in their coverage  is, I think, the most scary. According to the Gizmodo piece, Apple was reportedly able to kill the leaked prototype device remotely. While I can see why such a feature would be beneficial (and maybe Nokia will take the opportunity to copy that feature "with pride"), it raises all sorts of questions: Can Apple remotely kill any iDevice it chooses, not just prototypes? Is the data on the phone recoverable? How "hackable" is this mechanism (i.e. can someone discover this mechanism and hack it for their own purposes)?

As usual, enquiring minds want to know.

Update #1: Numerous people have pointed out both that Apple can remotely disable applications as well as the Remote Wipe functionality that can be activated when a device synchronizes through a Microsoft Exchange server. What I'm talking about is the possibility that Apple can, without a connection to an Exchange server, issue a remote wipe to a device. It's possible that with this prototype device, this did happen through ActiveSync. The thought that Apple could reach into my device and either disable applications or Remote Wipe the device without my knowledge or consent does not sit well with me.

Update #2: And yes, MobileMe does this remote wipe thing as well. So clearly Apple has the capability to do this. It still makes me nervous that a device I've purchased could be wiped at the touch of a button by the company who sold me the product.

A poem that needs no explanation to those who understand it.

This is my network. There are many like it, but this one is mine. My network is my best friend. It is my life. I must master it as I master my life. My network, without me, is useless. Without my network, I am useless. I must send my packets true. I must block packets faster than my enemy who is trying to pwn me. I must pwn him before he pwns me. I will....

My network is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weakness, its strength, its clients, its servers, its switches, its routers and firewalls. I will keep my network clean and ready, even as I am clean and ready. We will become part of each other. We will...

Before God I swear this creed. My network and myself are the defenders of the world. We are the masters of our enemy. We are the saviors of our data. So be it, until there is no enemy, but Peace.

Amen.

One of the products I was most excited about finding out shortly after I joined Check Point was Abra. I'd be more excited if we were shipping the product--that is expected to happen at the end of March--but at least it's announced so I can talk about it a bit more freely :)

The product is pretty simple: you can walk up to any computer, plug your USB stick in, and access a secure virtual environment complete with connectivity to your corporate Intranet, access to applications installed on the host computer, hardware encryption, and simple, centralized management. Abra gives you all this and more!

The technologies that are being employed here are not entirely new. What is unique is how it is all tied together. SSL VPN products (including Check Point's own Connectra) have had the concept of a "Secure Workspace" for quite some time. When you connect to the SSL VPN gateway, you are allowed to run local applications and connect to remote resources. However, the apps operate in a kind of sandbox that restricts how you can get data into and out of the sandbox and what happens to the sandbox after the connection terminates (usually, it disappears).

Now, instead of writing the sandbox data on the local drive, move that onto a USB thumb drive that contains both hardware and software encryption. Add autorun capabilities so that when you insert the thumb drive, you are immediately prompted for authentication, taken into the secure workspace, and automatically connected to the corporate network. Meanwhile, the secure workspace and VPN settings are centrally managed using your existing Check Point Security Gateways.

I'm really excited about the future of this product! You can find out more on the Check Point Abra product pages.

When discussing computer security with people, something I often bring up is this very simple equation:

What this means is that "secure" things tend not be convenient to use. For example, a powered down computer in a metal box secured by locks, and put in a safe protected by armed guards 24x7 might be relatively safe from theft, but it's not very usable, is it?

Conversely, convenient things aren't secure. For example, not having a lock on your house might make it easier for you to come and go as you please, but it sure makes it easy for would-be thieves to get into your house and take whatever they'd like.

Something else to note about this equation. Assuming security and convenience are expressed in terms of real numbers greater than or equal to zero, As convenience decreases towards zero, security increases towards infinity. If security is zero, conveniences doesn't matter (because both inconvenient and convenient things can be insecure). However, if convenience hits zero, then security is undefined. You can't divide by zero. You also can't make something absolutely secure :)

Another thing that comes up in security--computer or otherwise--cost. What is it we are trying to secure? What does it cost to reduce that risk? What is the likelihood that a "loss" will occur and how much will that lost cost? It seems silly, for instance, to spend $100 to secure a $10 item, unless that $10 item has $1,000 (or more) worth of data on it :)

Anyway, this article is not about computer security. It's really about airport security, or rather insecurity. This topic entered my consciousness again when I found out about the idiot who tried to explode something on an international flight landing in Detroit on Christmas Day. My immediate response was "oh crap, they're going to make it more painful to travel again."

And yes, they are. While the TSA hasn't said anything officially yet, there are a number of reports from many sources, including the New York Times, that suggests measures similar to the following will be taking place on all flights inbound to the US:

  • Passengers will have to remain in their seats one hour before landing with no access to anything they may have brought on board or have access to on the airplane (e.g. inflight magazine, pillows, blankets, etc).
  • Passengers will not be told when they will land or be given any clue where they are.
  • Passengers will be subject to extra screening at the boarding gate.
  • Only one carryon item will be permitted to be brought onboard per passenger.

I question how many of these security measures will actually be effective at either deterring or preventing a real security event, which for the purposes of this discussion are a loss of life by one or more passengers caused by the actions of one or more passengers on the plane (e.g. because of a terrorist-type event).

Let's look at what the folks from the TSA have done since September 11, 2001 in order to "improve security" at our nation's airports (notwithstanding the "new rules" being implemented since Friday):

  • Liquid Restrictions: Considering the 3.2oz/100ml or less bottles of liquids in a quart-size plastic bag are subjected to a simple Xray scan and not anything more, one could easily slip in a relatively dangerous liquid past security. Several passengers could, in concert, do this together.
  • Shoes Off: We can thank¬†Richard Reid, the infamous Shoe Bomber¬†for this stupid rule. Again, all they are doing is Xraying the shoes. I'm sure the bad guys can find ways to hide explosives in shoes without getting caught by the Xray.
  • Laptops Out: Don't understand the rationale behind this one at all. I suppose it's to get a better look at everything. I would be more concerned about smaller devices.
  • Need Photo ID: How easy is it to fake an ID or a passport?
  • The¬†No Fly List: How easy is it to fake an ID or a passport and use a name that isn't on the list? Seems like all it does is inconveniences people with names similar to suspected terrorists.
  • Barking The Rules: I've heard a number of personal accounts of TSA agents yelling at everyone in line about what the rules are going through the security line. I've also experienced this myself. They don't exactly do this in a friendly, courteous way.
  • More Secure Cockpit Doors: This is, perhaps, one of the few "good" things that came from the last round of major changes to airport security. This probably did not cost that much in the grand scheme of things and has a measurable impact on the safety of the people of the pilots. It's debatable how much this does for the passengers safety, of course.

This is all, as Bruce Schneier calls it, Security Theater. Stuff that's designed to make us "feel" more secure without actually making us more secure. These measures made traveling inconvenient. The new ones they are implementing are going to make it that much worse. I can think of many ways around all these "restrictions" without a lot of thought. I'm sure a real bad guy could come up with even more, especially given lots of time and motivation!

Having been through Israeli airport security twice in the past 6 months, I can tell you that "better" security (or at least better security theater) is both time-consuming and costly, both in terms of machines and people-power. Persons and belongings are throughly screened before getting anywhere near an airplane, and you don't have to take off your shoes in the process. The TSA screening that comes after my Tel Aviv flight but before my connecting flight home is almost insulting in comparison.

So now what? How do we make our flights more secure, yet not so inconvenient that people don't want to fly?While we can argue about different screening procedures ad-infinitum, the best defense is an aware, active traveling public. As long as passengers remain watchful of suspicious activity and act accordingly, situations that do break out on planes can easily be neutralized before they become serious threats. It certainly happened with this most recent threat.

Ok, I was suckered into something I said I wouldn't do: I actually jaikbroke and unlocked my iPhone. George Hotz, a.k.a. geohot make it so easy with blackra1n. It was a super easy process to do, and if you do a restore, your iPhone is back to its Steve Jobs approved state.

For the most part, I don't want a jailbroken phone. However, Apple (or is it AT&T?) doesn't permit the iPhone to be unlocked in the United States. I don't need that often, but it is handy when I am traveling, which I have done quite a bit lately.

One other thing I can certainly use is the ability to tether, which AT&T still doesn't officially support. However the blacksn0w also enables the IPCC "hack" that allowed you to download a provisioning file that enables tethering (i.e. using your iPhone as a modem). That's also useful when traveling, particularly if there isn't an iPass-compatible WiFi hotspot nearby.

There's a part of me that feels uneasy about this. Geohot and others like him are finding and exploiting security vulnerabilities in the iPhone to inject code into the phone to make it do things Apple didn't want you to do. Whereas we usually hear about the "bad" results of security vulnerabilities--and these exploits could be seriously bad in the wrong hands--this actually gives the user more functionality.

Apple will, of course, study these jailbreak tools and find a way to close the security holes they take advantage of. Typical in the game of cat-and-mouse between vendor and hacker. Of course, if Apple had more customer-friendly policies related to unlocking the device and allowing installation of "unapproved" apps, this problem would mostly go away.

Apple could be using these "hackers" to make their phone as secure as possible. Once Apple believe the phones are invulnerable to these kinds of attacks, they could simply provide easy access to device unlock and allow people to install whatever apps they want. People get the functionality they want with a much more secure device to boot. Everyone wins.

That's just a crackpot theory, of course, and I'm probably wrong about it. I hope I'm not.