[Updated] More Apple iOS source code leaks (iBoot)

Yet more Apple source code has been leaked, this time around the iBoot elements of IOS. Although from an older build of IOS (9x) it should be close to the current implementation. Initially leaked on Reddit  by a user named apple_internals and subsequently removed, now posted in Github for maximum availability. An good article on Motherboard does some initial analysis and impact analysis. It’s a shame jailbreaking has gone out of Vogue, this will make it a lot simpler to do.

[Update] Apple has released the following statement” Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

A DMCA notice has been sent to Github to take down the source code.

Further Microsoft Patents: Is the Windows Phone back on?

I have mentioned a couple of times that  keeping an eye on patent applications filed by Microsoft can give you a glimpse of things to come. Much like the surface book series was preempted by the key technologies patented, there is now more patent applications for the much debated  Microsoft mobile terminal (sometimes referred to by the internal (?) project name Courier). A good summery in Arsthecnica, showing more and more of the expected device.

A true physical “man in the middle” attack

There has been known weaknesses with the various key less entry solutions among cat manufacturers, the debacle on the system used by JEEP springs to mind. Now we see a weakness in the Mercedes Benz solution. In a video released by the West Midlands Police in the UK we see thieves sniffing out the key code from the key inside of the house, and then transfers it to a sender by the car to open and start the car. Time to look at at NFC blocking key storage I suppose.

Note to Oneplus: Remember to clean up devices after QA

There has been a lot of discussions on the amount of data transmitted by Oneplus devices to the mother ship. A security researcher suing the monikor  Elliot Alderson  decided to dig deeper to find out what data was being sent. As he dug through the OS (OxygenOS) on his phone he discovered an EngineerMode app. This app (assumed to be an internal testing tool for QA) gives access to all aspects of the phone, including rooting. A quick check for Oneplus owners it to enter *#808# SSID, which will bring up the app if present.  A hcak (for now) requires physical access.

KRACK: Key Reinstallation Attacks

Mathy Vanhoef and Frank Piessens of KU Leuve have discovered a critical flaw in the way WPA2 encryption for all known WiFi implementations. Some time to caveat on the width of the discovery, the attacker needs physical access to the network, and will only see non-encrypted transmissions. Until the vendors patch their implementations the only interim solution is to treat your home WiFi as you would a public WiFi, using HTTPS and in an ideal world VPN form the individual client.
This overview on Github shows the current state of fixes from the vendors. I somewhat sadly note that the majority of my HW is under the “No Known Official Response” category!

 

Microsoft Eye Control for Windows 10

A challenge raised to Microsoft first Hackathon from Steve Gleason (Ex NFL Player with ALS) to find a solution for ALS sufferers to access and use computers, in particular in the advanced stages of ALS where eye control is the only bodily function still under the patients control. A hack team under the moniker “Ability Eye Gaze” took on the challenge and ended up demoing a fully functional wheelchair completely managed by your eyes.
Satya Nadella announced the project as the winner of the 2014 Hackathon. When the core windows team looked closer at the design an team was assigned to look at the feasibility of implementing it in Windows as a standard feature.
At the start of this years Hackathon Satya announced that the solution has been integrated into Windows 10 as “Eye Control” and is targeted for release in this years Fall Update. Requires fairly specialized HW to work, but has a lot of potential. Combine this with voice control, and we are one step closer to dumping our Keyboards snf Mouses.

Intel’s Coffee Lake CPU’s will not work with today’s Z270 Motherboards

PC World quotes a tweet reply from Asrok confirming that the Coffeee Lake CPU’s will not be compatible with the current Z270 motherboards. This does not impact consumers directly, but has a massive impact on home builders and the need to update to a Z370 motherboards for further CPU upgrades. Nice, if true, for AMD and their new Ryzen CPU’s that works with the z270 boards. Is AMD coming back as a contender?

USB-C power bank for laptops

For those of us that have ultralight laptops with USB-C charging there has been a major gap in the power bank market: a power bank that can charge our laptops. There has been a number of vapor ware solutions touted, but now there is a commercially available alternative. Mophie has just launched the powerstation USB-C XXL, a 19,500mAh, USB-C PD 30W Fast Charge powerbank for sale in the US. Will eventually be available elsewhere, already in the Apple Stores. Currenlty promoted for Apple devices, will let you

Is a new generation of SurfaceBook’s around the corner?

Paul Thurrott (a long term trust able source on what goes on inside Microsoft) posted an update yesterday noting that the 1TB SurfaceBook has for a long time been unavailable and is now gone from the Microsoft Store. He observes that this is a typical Microsoft move before a major upgrade, and is quoting the existing rumors that a new line will be introduced in October. As the second generation was mainly an CPU / RAM / HD upgrade, can Microsoft again surprise us with their continued overtures in the HW space?