Sunday, June 23, 2013

The New MacBook Air's Wi-Fi is Crappy

According to reports from Apple employees and the assorted hordes of the internet, we’re not the only ones having trouble with the Wi-Fi on the new MacBook Air. So, are we just holding it wrong, or have Ives and Co made a little whoopsie?

A couple of thousand disenfranchised Apple customers seem to have descended on the Apple Support Forums, all with problems with their shiny new MacBook Airs. The problems they’re seeing sound eerily similar to those we’re experiencing with our machines: Wi-Fi will initially connect, but after a minute or two the connection will stop working, and a total reboot is needed to be able to connect again. The problem is made worse when the Air is on a desk, quite possibly something to do with the Wi-Fi antenna being (*we think*) in the black plastic strip along the bottom of the screen.

An anonymous source at one of Apple’s retail stores in London has also told me they’ve had “well above average” complaints and returns (in a few cases) of Airs owing to Wi-Fi issues. While it’s impossible to be sure of the accuracy of that, if true, it’s indicative of a pretty major problem.

Given that people are having these problems with every creed and colour of Wi-Fi router (and that we’ve been seeing the same problem on a bunch of different Wi-Fi networks) it certainly seems like there’s a problem with the new Air’s Wi-Fi system. Whether it’s just a software bug, hardware problem or idiot users holding it wrong remains to be seen, however. Are you having trouble?

Wednesday, June 19, 2013

iOS Mobile Hotspot crackable in 50 seconds

iPhone and iPad users who use their iOS device to share a 3G/4G connection are being advised to change the default Mobile Hotspot password, after researchers showed it was possible to crack them in under sixty seconds. Apple supplies mobile hotspot users with a preconfigured password when they enable the feature, but the default is generated from a limited number of dictionary words, researchers at the University of Erlangen in Germany discovered. With some GPU-accelerated brute-force shuffling, the team managed to break into any iOS hotspot using the default password within 50s.

Key to the security loophole is the method by which Apple generates the pre-configured codes. The company begins with a list of around 52,500 4-6 character words (which were apparently shared with an open-source Scrabble crossword game), the paper, Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots [pdf link] says. iOS then appends a four digit, randomly created number to the word.

By intercepting the WiFi handshake, and trying a brute-force attack where all possible combinations were tried in short order, the researchers were able to come up with any potential password based on those conditions. However, it took them around 49 minutes to do so.

Further exploration, though, revealed that though Apple has 52,500 words to choose between, iOS only in fact picks from 1,842 of the options on the list. Based on that assumption, the researchers could trim their attack by more than 96-percent, and – by also using a faster brute-force setup – cut down the hack time to less than a minute. Interestingly, iOS seems to prefer “suave”, “subbed”, and “headed” for its word of choice.

The exact speed of the crack is very much dependent on what processing power you have available at the time. To achieve the sub-50s rate, the researchers needed to call upon the combined power of four AMD Radeon HD 7970 GPUs: that’s not likely to be something your average hacker in a coffee shop will be carrying.

Nonetheless, the team suggests that all iOS users should change the default password iOS suggests to one of their own alternatives. As for rival platforms, brief analysis of Windows Phone 8 indicates Microsoft only uses a randomly generated 8-digit number, and thus could also be susceptible to cracks.

Android security, though, is at the mercy of manufacturers. While the researchers discovered that Google’s official build comes up with highly secure passwords, based on Java’s UUIDs, they also found that some OEMs change the default to something more straightforward (such as “1234567890″ on HTC phones) and thus introduce potentially exploitable flaws.

Monday, June 3, 2013

Charger can hack Apple devices with ‘alarming ease’, researchers claim

A modified mobile phone charger could be used to hack Apple devices in under a minute, researchers will claim at a conference next month.
"That was easy..."

Researchers from Georgia Tech claim that a readily available 3” circuit board, easily concealed in a docking station or battery, could be used to exploit weaknesses in mobile security with “alarming ease”. They claimed that on a limited budget and with little time, they had developed an ‘exploit’ that could easily attack any Apple iOS device within a minute.
In a summary of their talk to be given at the Black Hat conference next, month, the three researchers say “In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.”
Forbes reported that Apple have not yet responded to the hack, called ‘Mactans’, which does not yet exist outside the researchers' work. Although it is the first publicised malicious hack using such a method, the iOS power port has been used by enthusiasts to gain additional control over the operating system, called jailbreaking.

The researchers, who have given no further details of the hack, say, “Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
The current version of the device could easily be made even more convincing, the researchers say: “To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.”