Crypt Conundrum in Cupertino

 The Federal Bureau of Investigation has asked the engineers at Apple that developed the iPhone's password encryption to code a decryption key to allow the bureau to access the phone of the San Bernardino shooter. However, this proposal has not generated a positive response from those engineers due to their beliefs regarding the encryption they have made.

1a. Integrity; though the FBI demands the code solely to gain access to one iPhone and stipulates it will only want this code for that phone, it may use it subsequently to gain access to other iPhones, hence going back on their promises.

1b. Law enforcement usually seizes smartphones such as these in order to use data stored on them as evidence, which causes their need for decyrption.

2a. The user turns on their phone; well, it would either be off completely or in standby mode. If turned off, the phone will boot the operating system from its storage media, loading relevant files, applications and drivers into memory. If in standby mode, the phone will display the login screen. After either process is done, you swipe your finger along the screen in order to summon the password entry screen. On this screen, a keyboard appears with which you can type your password. When you are done, the password is checked against the hash stored on the phone; should the hash decode to the typed password, then access to the phone shall be granted.

2b. The FBI using this master key on other iPhones would allow them a backdoor into anyone’s phone and additionally to track data and communications sent and received; many would be devastated to hear this and may possibly result in protest.

3. Engineers feel emotional turmoil creating an antithesis to their own encryption; they had coded it passionately to secure data and documents effectively, but now they would be undoing this security and all the work they had done would be for nothing. In addition, many of the engineers in relevant departments are friends with one another, sharing common values of perhaps arguing until they win and a constant, religious devotion to their handiwork. The violation of these principles would not sit well socially with the engineers.

The reliability of the decryption could possibly be impacted by this emotional turmoil. As such, the decryption either may not work and cause errors when the FBI attempts to decrypt the phone or even corrupt data and the phone should the Apple engineers have programmed routines for that to happen when the phone detected attempts to break the encryption. Perhaps the system may do nothing at all, but display dialog boxes and other such things that make the system appear to be decrypting itself. A side effect of this would be the relief of most end-users since their phones would not be effected should the decryption pretend to operate as per the bureau’s criteria and the relevant privacy and security issues would not apply.

In addition the integrity problem surrounding the FBI should it use the decryption on any other iPhone, privacy issues would also arise due to the effectively unlimited access the bureau would have to citizens’ iPhones and possibly those outside their jurisdiction. Hence, any communications made and received could be intercepted and possibly used without consent of those people.

This privacy problem could also become much more pervasive should hackers outside of the FBI get a hold of the decryption code. They would then be able to access the communications of others at their own disposal and use them against those people for frivolous purposes such as blackmail or fraud. They could also plant viruses or malware on the iPhones in order to continue such activity or to corrupt the system, posing a security risk to users.

4. A possible solution to this problem would to perhaps create the decryption, but first produce an update that users can download that renders them invulnerable to the decryption so that the FBI can only ever crack one phone while the rest are un-tampered and are not tracked further by the bureau. As with the decryption, this update may not be reliable either; for it may not operate at all and still allow the decryption to work, or it may corrupt data on the storage media or whatnot. Though, the update would also display a dialog box or other sort of message as follows: “We have been asked by the Federal Bureau of Investigation to write code that would allow it access to the iPhone of the suspect of the recent San Bernardino shooting (i.e. decrypting it). This level of access would create vulnerabilities for many iPhone users, so we have created this update to prevent that code from running on any other devices.” This way, Apple can maintain good standing among its consumers due to its integrity and the update and not lose sales to competitors such as Microsoft or the numerous manufacturers of Android-based phones. Also, the engineers would be able to rectify some of the social and emotional turmoil created for them since their encryption, in the end, would still stand victorious as would their values and devotion. Given all these factors and that the FBI would be able to still obtain the necessary evidence; this may be the best possible solution.

The article can be found here: http://www.theguardian.com/technology/2016/feb/22/apple-vs-fbi-engineers-breaking-encryption-unholy

1, 17, 39, 86, 125, 167

6 articles

comment your articles here

Google Now On Tap

At the company's I/O 2015 keynote moments ago, Google unveiled a new feature that lets Android's personal assistant examine whatever is happening on your screen and automatically take relevant actions.

With an email about movies on screen, you can simply tap and hold on the screen and Google Now will present detailed Cards for each of the films. ...  If you're texting someone about dinner ideas, Google Now can automatically pull up restaurant ratings and the hours for any place mentioned in the conversation.

When you tap and hold the home button, Google gives you options that are a best guess of what might be helpful to you in the moment.   But if you need something specific, you can also get Google to help by saying "Ok Google" from any screen, and any app. For example, if you’re listening to Twenty One Pilots on Spotify, you can say "Ok Google, who’s the lead singer" and get your answer right away.

Google Now's expanded functionality comes amid rumours that Apple is working to build a service resembling Google's for iOS 9, slated to be unveiled at the company's own developer conference early next month.   Microsoft also recently announced that its Cortana assistant is coming to Android, but with the scope of what Google is trying to pull off here, Now on Tap could render Cortana obsolete when Android M is released in Q3.

Link: http://www.theverge.com/2015/5/28/8677147/google-now-on-tap-announced

Criterion A — The issue and stakeholder(s) [4 marks]

1. (a) Describe one social/ethical concern related to the IT system in the article.

One ethical/ social concern related to the IT system is privacy, as by using the new google now on tap feature, it will look on your screen and find key words that you are currently searching to “guess what might be helpful to you in the moment”

(b) Describe the relationship of one primary stakeholder to the IT system in the article.

Users of android devices will find this IT system much more convenient when searching things on the web. As they need to take a picture or look at messages, then the system is able to help them search what they are looking for.

Criterion B — The IT concepts and processes [6 marks]

2. (a) Describe, step by step, how the IT system works. (Google now on tap)

• Using the phone's camera, the user takes a photo or using the phone’s messaging app, it will detect key words that the user might find helpful in searching
• Then user holds the “home” button to activate the google now app
• Then the system then picks up key words on the screen or the picture that is displayed on the screen. Using edge detection for pictures and key words for words
• Then the system looks through the database to which results would best fit the thing that is being searched.
• Then the result will be displayed on the screen.  

(b) Explain the relationship between the IT system and the social/ethical concern described in

Criterion A.

• Because the system is able to see what is on your display and is search relevant items based on your display. Privacy idssues come in as the potential of hacking into the server to see what is on your screen, or what you have been previously searching for will be known if it were to get hacked.

Criterion C — The impact of the social/ethical issue(s) on stakeholders [8 marks]

3. Evaluate the impact of the social/ethical issues on the relevant stakeholders.

Users of this android device will find this new system very useful as they are able to search for relevant things or “things that might be helpful to them” with just one button away. By using that simple system, it makes  searching for data much easier as it will pick up the keywords from the user’s screen. This is good for google as they developed new software together with edge detection, databases and some artificial intelligence. to search data much quicker. However, the data that is being searched from the user’s screen. Then hacking the system of google will result security and privacy issues as it will invade the security of google’s servers and the privacy of the user’s phone as it hacks into their display and know what is going on.  If google’s servers would be hacked then it would cause a huge leak in other various data as google stores data in its database. Also it would be seen who has been searching what allowing more privacy and security issues to occur. For the user it will be an invasion of privacy as if the data is being hacked , the hacker would know what kind of data the user is searching and could be able to get personal information about the user. To conclude, this system will help benefit google as they are able to create new technology similar to AI from databases, edge detection and their knowledge of AI to help the user’s experience in searching data much quicker. However because of this system, if it were to be hacked, then the privacy and security of google will be infiltrated together with the user as the hacker would know where the data is stored and what data the user is looking for.

4.Evaluate one solution that addresses at least one problem identified in Criterion C

One solution that will help the problem of hacking would be to improve the security of the software by using encryption. Although google has a very strong security in their data, the sending of data from the mobile device to the google's server must have a security

Singapore Airlines WiFi on planes

Singapore Airlines plans to introduce inflight mobile phone and Internet access in May this year, beginning with its flagship Airbus A380 fleet.

The airline is polling selected members of its KrisFlyer frequent flyer loyalty program to participate “in an online survey about your attitudes towards inflight mobile and Internet services, which we are planning to introduce from May 2011” according to the email invitation.

The survey asks travellers for their opinions on pricing packages such as SGD$25 (that’s $20 Aussie and US, and £120 and €14) for 30MB, as well as if mobile phone calls and SMS messages should be permitted.

Should passengers be allowed to make and take calls at 30,000 feet they’ll pay plenty for the privilege, with calls being charged at international roaming rates.

As it’s up to each country to decide what those rates are – and with Singapore Airlines effectively being its own ‘country’ in terms of providing a fully controlled and self-contained telecoms system on board each plane – those rates could literally be sky high.

Mobile phone users will face high roaming charges, if SQ allows voice calls to be made – many passengers would prefer voice calls to be blocked

SQ’s inflight Internet and mobile service, which may carry the KrisNet brand in keeping with the KrisWorld in-flight entertainment system, is expected to debut on the Airbus A380 before being installed onto the airline’s A340-500 and Boeing 777-300ER aircraft.

Passengers will be able to access the Internet on any device from a smartphone to a tablet or laptop, as Singapore Airlines will support connections through both Wi-Fi wireless networking (using a series of low-power hotspots located throughout the plane) and 3G (via tiny ‘pico-cell’ stations).

The satellite uplink equipment for Singapore Airline's OnAir system fits snug into an overhead luggage bin.

It will employ the popular OnAir technology, jointly developed by IT company SITA and Airbus, and currently used by over 20 airlines (including Air New Zealand's current trial of in-flight Internet) which feeds the Wi-Fi and 3G signals through to Inmarsat’s SwiftBroadband satellite network.

Mark scheme:

a) Describe one social/ethical concern related to the IT system.

-privacy/security: The connection could be unsecure which means that users on the same wifi could potentially access other peoples information.

- increase of laptop usage in flight, people could steal information if laptop is unattended

-Misuse: users could access inappropriate or illegal websites on the airplanes wifi connection.

b) Describe the relationship of one primary stakeholder to the IT system

- Users of the wifi connection who use the network to browse the internet or download files.

- Network manager who has to make sure everything is working properly and that the connection is strong throughout the whole plane

- The airline gets paid for every data plan purchased

- ISP that provides the service gets paid by the airline.

c) Describe, step-by-step, how the IT system works.

Electronic Device searches for a hotspot and detects it in order to connect to it 

Like any home network with a wireless router, the user can choose to enable his/her device to access information shared through WiFi without using cables to connect to a physical data port. Many aircraft also have data port connections from which data is transmitted or received and you can plug in your device. However, without an internet connection, WiFi won’t be able to connect to the outside world.

Inflight WiFi works much the same way. A wireless router doesn’t access the internet by itself. A data connection is necessary, which can be achieved with a high-speed data (HSD) connection. High-speed data, also referred to as broadband or inflight internet, is the means by which the aircraft supports internet access. Wireless routers certified for aircraft use link up with the HSD equipment to provide inflight WiFi.

3. Evaluate the impact of the social/ethical issues on the relevant stakeholders.

-  Positive for Users
-  Contact family (instant messaging), keeps people updated, keeps customers happy.
- Negative
-Expensive, Slow connection, Not stable, impractical.

- Positive for network provider

- Get paid, boost reputation, free advertising

-Negative: could ruin reputation if system does not work or goes offline

-Positive for airline
- seen as innovative, new idea, Unique selling point, more customers
-Negative: can be seen as just another way of getting money from customers as it could be slow and not work well.

4.Evaluate one solution that addresses at least one problem identified in Criterion C

-To prevent users from accessing illegal websites, they could implement a simple filter than could filter inappropriate or illegal websites

- the problem with this is that some websites that aren’t inappropriate could be caught up in the filter

-To make sure the users information is secure on the network the airline could include a leaflet in the package that could tell the user how to browse safely and protect their personal details.

- network administrator should make sure the connection is secure and have a reliable security system that is difficult to breach.

Barclay's vein scanner

Future of Banking 

Your vein pattern is established in the womb, and stable throughout your life, says Hitachi's Ravi Ahluwalia.

Apple's Touch ID was hacked by a German hacker roughly a day after its launch, replicating the last fingerprint that had touched the glass iPhone surface with kit that included a scanner, a printer, and a bit of glue. The vulnerabilities in fingerprint recognition are not exactly secret. And so the race for alternative bio-metrics is on.

It is spurred by a new abundance of cheaply produced sensors - mostly from east Asia - and software connecting them with cloud services. Low interest rates also provide a rich environment for tech investment.Barclays is bringing out finger vein authentication for UK business customers this year.

It is a technology Hitachi developed in Japan that is now being used in cash machines there and in Poland.

When near-infrared light is transmitted through your finger, part of it gets absorbed by the haemoglobin in your veins.

And so Hitachi's VeinID scanners can authenticate you by your resulting vein pattern.

Mr Ahluwalia says his company has explored finger vein authentication on trading floors in France and Northern Europe.

And British startup Sthaler is working with Hitachi and BT on a "pay-by-finger" solution it has trialed at several music festivals. It calls it FingoPay.

"You place your finger on [the] scanner, they'd confirm your name or last few digits of your credit card, and the payment is made in real time," says Mr Ahluwalia.

The future of banking maybe in your veins.

Criteria A:

1. Reliability of the technology may not be 100% reliable to the users and the banks. The technology might mis-read the vein patterns or the veins pattern may change due to injuries. Or the technology is poorly manufactured by the company and doesn’t work correctly.
2. A stakeholder Banks who have implemented these devices and IT systems into their security system

Criteria B:

-Client register account with the bank, decides if they want to use the biometric system.

-If yes then client then proceeds and fill in details the bank requires eg consent forms, personal details and others

- Client’s chooses finger they want to use

- Vein patterns are scanned and analyzed to find unique points using algorithms.

- Data is stored in a secure server which is hosted either by the bank or a third party team

-Client comes and use the bank service, bank ask for the confirmation, client then let the device scan, if the pattern matches the one on the bank’s database then proceed to next step

-Client take out money or does what the client wants.

-System updates the information that the client just made or it is made in real time

The reliability of the device may cost the client valuable time and may cause unwanted problems, The device malfunctions and doesn’t scan correctly repeatedly therefore the client cannot continue with the transaction or the process. Also the vein patterns in the finger may have changed due to injuries the client may have had.

Criteria C:

Advantages for client may include

-The client is more easily recognizable by the bank good for client

-More secured and personalized banking system

-Hard to get authorized by others

-Client may no longer need to memorise a password

Disadvantages for client may include

-Client would have to be there personally every time

-The price of this system may be higher than a normal banking system

-Not available everywhere in the world

-Information could potentially be hacked and used in an illegal way

Advantages for the bank may include

-The bank easily recognizes its client therefore it has a more efficient workplace

-People would trust the bank more with this type of security

-More efficient and time saving process

-Gain more money from the deals they make with this system

-Less security issues

Disadvantages for the bank may include

-The client is not pleased with the amount the bank charges for this system

-Bank personnel may not know that the client registered for the vein system

Criteria D:

Security/Privacy

-The bank could give the client a pin number/card so it would be harder to hack into

-Server room needs a keycard to enter and a password is also require which is only known to the authorized personnel

-Firewall is installed on the banks servers

-data stored is encrypted

-Decoy server is setup to protect the actual server

-Client can update the biometric so that the system at anytime they want so the data is up to date

Reliability

-The device is always checked and maintain

-drivers on the device are up to date

-Client is asked to repeat the vein check a couple of times to make sure the system has the right information