Read the full post at darknet.org.uk
Read the full post at darknet.org.uk
Allwinner, a Chinese system-on-a-chip company that makes the processor used in many low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices, apparently shipped a version of its Linux kernel with a ridiculously easy-to-use backdoor built in. All any code needs to do to gain root access is send the text "rootmydevice" to an undocumented debugging process.
The backdoor code may have inadvertently been left in the kernel after developers completed debugging. But the company has been less than transparent about it: information about the backdoor was released and then apparently deleted through Allwinner's own Github account. The kernel, linux-3.4-sunxi, which was originally developed to support Android on Allwinner's ARM processors for tablets, has also been used to develop a community version. The kernel was also the basis for porting over various versions of Linux to Allwinner's processors, which are used in the Orange Pi and Banana Pi micro-PCs (developer boards compatible with Raspberry Pi) along with a number of other devices.
The way Allwinner has distributed its Linux kernel has been frustrating to many developers. The company has not encouraged or participated in community development and has been accused of numerous violations of the GPL license for the Linux kernel. The kernel "drops" by Allwinner include a number of binaries that are essentially closed source, as well as code released under other licenses—largely to support the graphics engines of its processors.
Jonathan Zdziarski, a leading independent Apple iOS security researcher and forensics expert, has a theory about the FBI's newly discovered potential route into the iPhone 5C used by San Bernardino shooter Syed Farook. In a blog post, Zdziarski wrote that the technique the FBI is planning to use to get around having to compel Apple to help bypass the phone's security is likely a method called NAND mirroring—a hardware-based approach that, while effective, is far from the "golden key" software the FBI had sought.
The FBI reported in its filing to delay a hearing on its dispute with Apple, originally scheduled for March 22, that an outside company had approached the FBI with a solution to the "self-destruct" issue preventing the FBI from repeatedly guessing the device's four-digit PIN. In that filing, FBI officials said that they needed just two weeks to certify that they could use the alternative approach to gain access to the phone.
Based on a number of factors, Zdziarski said that the company in question was likely one of the FBI's external forensics contractors and that it was unlikely that it had found a "zero day" software technique to bypass the password. "Whatever technique is being used likely isn't highly experimental (or it'd take more time)," Zdziarski noted. "Chances are the technique has been developed over the past several weeks that this case has been going on."
Former antivirus developer and presidential wannabe John McAfee claimed a couple of weeks ago to have the perfect solution to the FBI-Apple stand-off. He offered to crack the iPhone for the FBI for free. This would let the government agency gain access to the phone while freeing Apple from any demands to assist. So confident was McAfee of his ability to help out that he said he'd eat a shoe on TV if he couldn't get into the phone.
It will probably not come as much of a surprise to anyone to learn that the FBI has not been beating down McAfee's door.
Perhaps they were unconvinced by the strategy that the man outlined. He said that he and his team would primarily use "social engineering," which is to say, manipulating people into telling you what you want to know through gaining their trust. It can be a powerful technique, but it certainly isn't a panacea. It's often less effective when the victims are aware that you're trying to socially engineer them (for example, by announcing your intent to do so on the Internet). It's less effective still when the people holding the information are in fact dead. McAfee may be persuasive, but probably not so persuasive as to be able to coax a corpse to give up its PIN.