Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday June 10 2019, @11:48AM   Printer-friendly
from the we'll-see dept.

Submitted via IRC for SoyCow4463

The clever cryptography behind Apple's "Find My" feature

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

"Now what's amazing is that this whole interaction is end-to-end encrypted and anonymous," Federighi said at the WWDC keynote. "It uses just tiny bits of data that piggyback on existing network traffic so there's no need to worry about your battery life, your data usage, or your privacy."

[...] That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. "If Apple did things right, and there are a lot of ifs here, it sounds like this could be done in a private way," says Matthew Green, a cryptographer at Johns Hopkins University. "Even if I tracked you walking around, I wouldn't be able to recognize you were the same person from one hour to the next."

In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by AthanasiusKircher on Monday June 10 2019, @09:35PM (2 children)

    by AthanasiusKircher (5291) on Monday June 10 2019, @09:35PM (#853896) Journal

    True, though if you actually have access to the source code, you should be able to compile it yourself if you so choose. I realize many people may not choose to do that, but it's possible with open source. It's not when the source is not available.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by EvilSS on Monday June 10 2019, @09:51PM (1 child)

    by EvilSS (1456) Subscriber Badge on Monday June 10 2019, @09:51PM (#853906)
    Yea, but you still can't verify the back end software being run by Apple, even if you compile it. To do that, Apple would have to let literally anyone come in at any time and run their own hash function generator against the binaries they are running in production to verify they match the binaries compiled from the open code. I don't see that happening. Now you could have an outside auditor do it, but again, you are forced to trust a third party. After all, the auditor could be bribed or otherwise influenced.
    • (Score: 2) by pkrasimirov on Tuesday June 11 2019, @01:19PM

      by pkrasimirov (3358) Subscriber Badge on Tuesday June 11 2019, @01:19PM (#854185)

      It goes a long way from there. You should be able to check the hashing program too. You should be able to install and use a new one if you want, like SHA-384 or SHA3-512. It should match the checksum of the binary you compiled from source, byte-for-byte. Meaning you need the exact compiler settings and configuration directives. And the exact compiler.

      And check that drivers/kernel do not add some "instrumentation" for "debugging", "monitoring", "telemetrics" etc.

      Also what happens when the information is decrypted? You can check the code does not save it or retain it anywhere but better also check there is no other process to read this memory meanwhile. Including in the Intel Management Engine or equivalent.

      Eventually inevitably it goes to "all or nothing" as the crazy RMS always repeated. But we don't want to be crazy, do we? So we just trust Apple because they say they care for our privacy. And Google because they are not evil. And then the others because we already trust some, they are the same.

      Yeah, Apple said they don't track me. But they will immediately tell me where is my phone if I ask them. Awesome!