By Jake Edge
August 21, 2013
Being able to remotely track or delete the personal data (i.e. "wipe") from
a lost
or stolen phone can be rather
useful features. Unfortunately, most of the solutions for doing so come
with strings attached. Generally, the app provider, a random attacker, or an employer can
trigger the tracking or wiping, which is likely not what the phone owner
had in mind. CyanogenMod, an
alternative Android distribution, is taking
another approach to the problem, one that will only allow the owner
of the
device to remotely track or wipe it.
Phones and other devices are frequently misplaced, and sometimes stolen.
In the former case, tracking the phone down, either by its GPS location or
by simply ringing it, is helpful. For stolen phones, the location may be
of use to law enforcement, but being able to delete all of the personal
information stored on the device is an important, possibly even critical,
feature.
On August 19, the project announced
CyanogenMod Account, which is an optional service to provide these
features. As one might expect from a project like
CyanogenMod, all of the code is
open source, and the project is encouraging both potential users and
security researchers to scrutinize it.
The idea, as outlined in the announcement, is to preserve the privacy of
users and to protect them from the service being abused. "We cannot track
you or wipe your device. We designed the protocol in such a way that makes
it impossible for anyone but you to do that." That stands in direct
contrast to Android Device
Manager, for example, which stores location information on Google's
servers. In
addition, that code is closed, so it will be difficult for anyone to verify
what, exactly, it does. There are other Android solutions, of course, but
seemingly none that are open source—or focused on user privacy.
The new feature has not yet been added to the CyanogenMod nightlies, but
can be found
on GitHub for those interested in testing. Some more details about the
implementation, and its privacy protection, can be found in a Google+
post. There are three pieces to the puzzle: an app running on the phone,
code on the CyanogenMod servers, and a JavaScript client running
in a browser. To communicate, the browser and device set up a secure
channel, mediated by
(but not visible to) the server.
In order to set up that channel, the browser generates a public/private key
pair and
prompts the user for their password. The password is cryptographically
hashed (using an HMAC,
hash-based message authentication code)
with the public key and sent to the server, which forwards it to the
device. The device can extract the public key by reversing the hash
operation using the password (which it must also have). It then creates a
symmetric session key that it encrypts with the transmitted public key and
sends it to the browser. The server cannot decrypt this session key because
it doesn't have the private key, but the browser can, so a secure
channel is established.
At that point, the browser can request location information or ask the
device to wipe the personal data stored on it. It could also request the
device to ring, which could be handy if it is simply lost under the sofa
cushion. Other actions (e.g. remotely taking pictures) are obviously
possible as well.
So far, the main criticism of the feature is its web-based nature. A
man-in-the-middle attacker could potentially feed dodgy JavaScript to the
user's browser, which could, in turn, send password information onward.
That problem should mostly be mitigated by using HTTPS to connect to the
CyanogenMod
server—but what if that server itself has been compromised? Based on
recent events, it is not just "traditional" attackers that are being
considered here, but also shadowy government "security" agencies with
secret orders to force the project to serve malware. That is an
unfortunate failure mode for all web services these days (and, sadly,
probably long in the past as well), but the code is open, so one can at
least run
their own server—and await a (presumably unlikely) visit from said shadowy
entities.
The announcement also mentions plans for further services to be added to
CyanogenMod Account. One of those is a "Secure SMS" system that Moxie
Marlinspike is
currently working on, presumably along the lines of his TextSecure
application. In the meantime, the track and wipe feature will eventually
make its way into the nightlies and then into a release. Before too long,
CyanogenMod users will have a superior solution to the lost phone problem.
Comments (4 posted)
Brief items
"Java is found everywhere [...] even in your car" - I assume that's a threat?
—
Michael Stum
YOU WOULD HAVE TO BE SOME KIND OF LUNATIC TO USE THIS IN
PRODUCTION CODE RIGHT NOW. It is so alpha that it begins the Greek
alphabet. It is so alpha that Jean-Luc Godard is filming there. It
is so alpha that it's 64-bit RISC from the 1990s. It's so alpha
that it'll try to tell you that you belong to everyone else. It's
so alpha that when you turn it sideways, it looks like an ox. It's
so alpha that the Planck constant wobbles a little bit whenever I
run the unit tests.
—
Nick Mathewson
Comments (3 posted)
Version
1.6 of the QEMU hardware emulator is available. New features include
live migration over RDMA, a new 64-bit ARM
TCG target, support for
Mac OS X guests, and more; see
the changelog for details.
Comments (12 posted)
Tom Lechner, the comic book artist and developer behind the Laidout impositioning application, has adapted Laidout's signature paper-folding tool into an HTML5 program. The Laidout folder allows the user to fold a variety of paper sizes into booklets, pamphlets, and other bound materials, and unfold them into a flat layout with proper margin edges and page orientations automatically calculated. We first covered Laidout in 2010.
Comments (none posted)
GNOME has set up an official mirror of its entire set of source repositories on GitHub. Alberto Ruiz describes the move as "a starting point for people
wanting to have a public branch where they can publicize their work
even if they don't have a GNOME account. It should also help
maintainers keep track of the work people is doing out there with
their code." The announcement also notes that there is no plan to support pull requests from GitHub branches.
Full Story (comments: 1)
Version 1.0 of the devpi server tool is available. Devpi allows users to deploy a cache of the Python Package Index (PyPI), or to run a completely internal PyPI instance.
Full Story (comments: none)
A new stable release of the Gnu Privacy Guard (GnuPG) encryption suite is available. Version 2.0.21 introduces several changes to gpg-agent, adds support for ECDSA SSH keys, and can now be installed as a "portable" application on Windows systems.
Full Story (comments: none)
Firefox 23.0.1 has been released. This version enables mixed content blocking
along with other updates and bug fixes. The
release
notes contain additional information.
Comments (38 posted)
Newsletters and articles
Comments (none posted)
At the Canonical Design blog, Tingting Zhao has written a detailed look at defining and articulating the "tasks" that are given out as prompts in usability testing. This includes finding the correct amount of detail, as well as navigating the distinction between closed- and open-ended tasks, or "direct" and "scenario" tasks. With scenario tasks, for example, "some participants may experience uncertainty as to where to look and when they have accomplished the task. Others may be more interested in getting the test done, and therefore do not put in as much effort as what they would in reality."
Comments (none posted)
On his blog, Miguel de Icaza
touts C# (and F#) async as a superior model for doing asynchronous programming to the mechanisms offered by other languages. He notes that using callbacks for asynchronous programming turns programmers into "
glorified accountants" in much the same way goto statements did, as Edsger Dijkstra's famous "Go To Statement Considered Harmful" paper described.
"
And this is precisely where C# async (and F#) come in. Every time you put the word "await" in your program, the compiler interprets this as a point in your program where execution can be suspended while some background operation takes place. The instruction just in front of await becomes the place where execution resumes once the task has completed."
Comments (86 posted)
Continuing our recent usability theme (
GNOME usability and
Ubuntu usability), Jos Poortvliet has some
tips and lessons learned from a usability workshop that he and Björn Balazs ran at this year's
Akademy. "
The goal was to teach developers how to do 'basic usability testing at home' by guiding users through their application and watching the process. To help developers who didn't make it (and those who did but can use a reminder) I hereby share a description of the process and some tips and notes." Videos from two of the tests are shown as well.
Comments (1 posted)
Over at
The Washington Post, Timothy B. Lee
looks at the
ZMap network scanning tool that was announced (
slides [PDF]) at the
USENIX Security conference on August 16. "
In contrast, ZMap is "stateless," meaning that it sends out requests and then forgets about them. Instead of keeping a list of [outstanding] requests, ZMap cleverly encodes identifying information in outgoing packets so that it will be able to identify responses. The lower overhead of this approach allows ZMap to send out packets more than 1,000 times faster than Nmap. So while an Internet-wide scan with Nmap takes weeks, ZMap can (with a gigabit network connection) scan the entire Internet in 44 minutes." Beyond just the tool itself, Lee also looks at the results of some of the research that ZMap has facilitated in areas like HTTPS adoption, security flaw fixing, and when the internet sleeps.
Comments (9 posted)
Libre Graphics World (LGW) covers
the initial release of PrintDesign, a new vector graphics editor that
started out as a refactoring of the aging sK1 illustration program. The
preview release is a work in progress, but LGW notes the project's
"good progress for about half a year of work, especially if you
consider that some newly added features are unavailable due to the
recently started UI rewrite." The review also comments that
PrintDesign seems to be targeting desktop publishing, which makes it
distinct from the Inkscape vector editor.
Comments (none posted)
Page editor: Nathan Willis
Next page: Announcements>>
