Cassandra - Midweek Review: Cables, Chargers, Cameras and Companies: Hacking Apple and Others (amended)
By Graham K. Rogers
Trade and China are still in the news for all the wrong reasons. The golden goose is being sued again. Not all cables or chargers are created equal. DEFCON produced its usual share of insecurities and there is no doubt that some of our accessories and devices may need protection.
A quick update on the ongoing fabricated trade dispute with China. Brandy Betz (Seeking Alpha) writes, ". . . Apple (NASDAQ:AAPL) gains 4.9% after the U.S. delayed the 10% tariff on some Chinese goods (including cell phones, laptops, and game consoles) until December 15," adding that China says it will continue talks. This is odd as the new levies, which would have affected some Apple products, were due to be applied as from 12 September but are now delayed 3 months.
Perhaps there is some pragmatism appearing in the US side, although I doubt this from previous input. My take: holidays. The delay might mean that Thanksgiving and Christmas gift buying is less affected than if the extra 10% had been applied as originally announced.
Some commentators are beginning to link the trade dispute with ongoing public order in Hong Kong and suggested that the Chinese appear to be losing face on two fronts. Those who live in Asia will understand how significant the idea of losing face is. It may be that China bites the bullet - having already used the word, Terrorist, despite many actions being caused by police infiltrators - and move troops in to take back control. That would have a significant effect on companies that trade in Hong Kong and China (as well as the people of course), including Apple. It would not be unusual for other countries, including the USA to retaliate in some way, perhaps by imposing sanctions.
There have been a couple of leaks from online sources about what will be coming in iOS 13, and not all of them will work for me, particularly regarding Photos and image use, which is one of my main purposes for using the iPad. The new interface does not suit the way I am used to working, especially with the lack of controls for B&W image editing. There will be more I am sure, but some current issues may be improved as the full release approaches. I had to pull out of the Catalina beta program with the way it was working, particularly with iCloud and files, and I am worried that some of the changes may find their way to iOS.
Current Photos editing interface on iPad (iOS 12)
One new feature (apparently) is a sanitized OCR for Notes, Ivan Mehta writes on The Next Web. Certain words that are written using the Apple Pencil are not converted in the same way. Some words (he writes) are not converted, like "ass" which means donkey in British English; and then there are all the foreign words that would need Apple to have a foul language lexicon. Censorship may not be the way.
With a number of shootings in the USA recently - the whole gun thing there is beyond me - there have been the usual and predictable Left and Right reactions which people in foreign lands tend to look at with incredulity. A movie called The Hunt has been a casualty, not because the studio withdrew it over concerns at a sensitive time, but because it was criticized by the commander in chief who also took a pot-shot at Hollywood elites, closely mirroring what had been transmitted a short while earlier on Fox News.
While other films have been delayed, or even withdrawn over sensitive events, this smacks of a new censorship (See also, Caspar Salmon, The Guardian; Reuben Baron, CBR). There are several views on both sides, with Owen Glieberman in Variety (for example) saying that the decision was right, but over the question of timing. If it was censorship (he writes) it was the wrong call.
I had known that, among other companies, Apple makes use of Amazon's servers for some iCloud data, but this is a trigger for some in the USA to bring on another class action lawsuit, because Apple advertises that iCloud data is stored on its servers. So even if the servers are dedicated to Apple's use; and Apple does make use of some of its own data centers in different locations around the world, which would mean shunting of some data for the purposes of efficiency, this is not good enough for some. The golden goose is being sued again. As Mikey Campbell (AppleInsider) - who goes to considerable length to outline the setup - explains, this has all been public knowledge for several years.
We have seen criticism of Apple, Google and Amazon for their respective use of humans to listen in to messages from their various systems, with the idea being that human checking of user input helps ensure that the AI is interpreting instructions correctly. Now Facebook - whose own record of misuse of user data is not the best in the world - has been found doing the same with input from Messenger. Joe Maring (iMore) points out that users would have opted in to the voice transcribing service, although is not convinced that this is the best way this should work. As far as I was concerned, this is a one-on-one service that should not need AI or any interaction from a 3rd party. Any bets that there will be no class action litigation against Facebook on this?
I often criticize users who buy cheap lookalike cables and chargers intending to save a few pennies, yet really buying a heap of trouble. Many smartphone fires have been caused by cheap replacement cables (and batteries) that are not built to the proper specifications. In late 2016, when I was hunting down cables, disks and a thumb drive for the MacBook Pro with its USB-C ports, I spotted a USB charger in central Bangkok that looked just like the Apple one, but was considerably cheaper. I bought a couple and
had one disassembled by one of my students.
He showed me the poor workmanship and cables used in the device. This included the solder (with its lower melting point) in the Chinese-made charger, rather than the alloy to connect components that Apple uses. Such a device is designed to carry certain levels of power and the cables used by a responsible company are chosen to minimize risk.
A tale of two chargers
This weekend, Joseph Cox (Vice) wrote about meeting a hacker (MG) at the DEFCON hacking conference. MG had adapted a lightning to USB cable and this allowed him to log in to Cox's Mac. The cable "had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer." This may be theory for now, but remember tear-downs of the Lightning cable show that there are 4 chips inside and that it is in effect a mini-computer, which is why some of Apple's accessories appear to be expensive: some people only look on the outside.
So far, cables from Apple have been modified and are being sold at a cost of $200, which is relatively cheap when the amount of damage that could be done (or data downloaded) is considered. The hackers intend to produce their own in the future. Instead of beware Geeks bearing Gifs (a take on Greeks bearing gifts from The Aeneid) we should now be wary of those offering cables. I am reasonably confident that Apple will be acquiring its own set and testing thoroughly.
It is not only cables that are at risk. Over the weekend, in TechRadar, Antony Spadafora, writes about a ransomware proof of concept that was tested on a Canon camera. An insecurity (also shown at DEFCON) could affect internet-connected DSLR cameras that use Picture Transfer Protocol (PTP) infecting a camera with ransomware. Although this was tested using a high end Canon, because this is the most popular brand, it is a problem that could affect any camera that uses PTP. The hackers told Canon who have updated security for their cameras. I checked the Nikon site and as yet there are no updates for my D850 although this is not WiFi-equipped. It does however use Bluetooth for JPEG transfers. I only use RAW and send those via a cable, either to the Mac or the iPad Pro.
DEFCON was big news over the weekend and as well as these (and other) hacking reports, one of the most interesting items for me was that the USAF had also been at the conference with a setup asking hackers to try and break in. While the AirForce does have its own teams to write, check and hack (red teams) their mission critical applications, they are pragmatic enough to realize that a fresh set of eyes may find something everyone had missed. Mark Pomerleau (C4ISRNet) outlines the reasons for the attendance and how this was accomplished despite some opposition within conservative military circles. There is also some background to what is already being done to make sure the sophisticated software used, for example in jet aircraft, is being examined currently. From the sounds of things, they will be back next year.
Also on a military note, it is reported by Jonathan M. Gitlin (ArsTechnica) that the Navy intends to reduce the number of confusing touchscreens in mission critical operations and return to switches and dials where appropriate. Despite years of development, some of the interfaces are not as clear as the developers think they are. I guess when you are faced with the possibility of incoming missiles in a Force 9 gale, on/off is a better choice than tap and slide.
Navigation using touch screens has been a major problem for the Navy, with some serious collisions in the last few years. Gitlin wonders whether this step backwards might also be beneficial in the car industry. The last time I went to the UK, my hire car had a sophisticated setup screen with menus within menus that left me confused. Once I found a radio station, I was fine; and I left the iPhone on the seat to give me GPS directions.
Using iPhone for GPS
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)