Posts

Showing posts from March, 2016

Bruteforcing an iPhone: Where is the Key?

Image
There's been rumors the terrorist's iPhone would be cracked with a help of NAND mirroring. I doubt this can be done. If it could it'd mean the iPhone design is not that secure. The root of the problem the FBI has is the contents of the NAND memory is wiped out after 10 unsuccessful PIN code attempts. I think this is a simplification. If the memory is protected, it is encrypted, likely with AES-256, which is unbreakable (unless there is a backdoor...). Encrypting information is always the easy part. Protecting encryption keys is the hard one. I don't know how iPhones protect encryption keys but I believe the keys are not stored in an external memory. I believe they never leave the application processor. And really "wiping out the contents" of an iPhone means wiping out the encryption key. Without that key and assuming AES-256 holds, even zillions of copies of the external flash would not help. This brings me to an interesting IoT - related observation:...

Smartscrapers

Image
The other day I had an interesting conversation with a commercial real estate developer. They told me that for every building they erect, they build a cloud. This cloud is an integral part of the building. It is a virtual representation of everything that is happening inside, sucking real time data from tens of thousands sensors: occupancy, temperature, ambient light, air quality, ... Everything. My surprise was not what I heard but who told me that. For years at Silvair we've been touting lighting networks as infrastructure networks that collect and carry real time sensory data in buildings. We've been communicating that vision to lighting companies. Big and small. And they have been slow getting it. After all, for all those years, they were making light sources that had to be provided power. And the pitch of "your lamp is a sensory data router" was not getting through. And then I realized that what lighting companies and communication infrastructure vendors di...

Bluetooth Mesh

Image
Bluetooth is a great technology. But the standard is broad and evolving quickly, so things that are clear for insiders may be confusing for others. When we exit the 2016, there will be three fundamental variants of Bluetooth: Classic, Smart and Mesh. Classic is the one that started it all back in 1990's. It is based on the fundamental technology referred to as BR/EDR (Basic Rate / Enhanced Data Rate). It is a streaming radio, used primarily for audio, although there are many other profiles serving scenarios like file / object exchange and products like computer peripherals. BR/EDR is connection - oriented, forming a star topology with a master device in the middle, capable of being in a connection with up to seven slave devices at the same time. Trust relationship is in pairs (master - slave) and slaves do not see each other and cannot exchange data with anybody but the master. Smart is based on a fundamentally different technology, called LE (Low Energy). LE was originally ...

Passive WiFi: The Fine Print

Image
News about the passive WiFi breakthrough circled and confused the world. It is supposed to use 10 thousand times less power compared to standard WiFi. Yet still being 100% compatible, as demonstrated on the video . People keep repeating the story on and on and not many took the effort to read the original paper and especially the fine print. So what is in the fine print? Here are the quotes: "...the power-consuming RF components such as frequency synthesizers and power amplifiers are delegated to a single plugged-in device in the network. This device provides the RF functions for all the passive Wi-Fi devices in the vicinity by transmitting a single-frequency tone..." "...we set the plugged-in device to transmit its tone at a frequency that lies outside the desired Wi- Fi channel..." "We set Pt , Gt , Gr and Gpassive to 30 dBm, 6 dBi , 0 dBi, and 2 dBi respectively." What they mean is the system is powered by a +30dBm 1 Watt (!!!) transmitte...