Important Judgement affecting fingerprint protected devices.

A recent ruling by a circuit judge in Virginia could have long casting implications for security features such as Touch ID and other fingerprint protected devices.

According to the Judge, Judge Steven C. Fucci, whilst passwords (and hence password protected devices) are protected under the Fifth Amendment, fingerprints are not.

This means that a police officer can make a criminal defendent give up your fingerprint in order to unlock a device. Uh Oh.

The Fifth Amendment states that “no person shall be compelled in any criminal case to be a witness against himself.”  This protects memorized information and knowledge such as passwords and passcodes, but it DOES NOT extend to fingerprints in the eyes of the law, because, as the judge ruled, giving up a fingerprint is just like providing a DNA or handwriting sample or an actual key, which the law permits.

Interesting.

The case that the judge was ruling on was against a David Baust who is accused of strangling his girlfriend to death. The cops believe that he has video of the crime recorded on his phone. prosecutors are obviously trying to get access to that video and were trying to get the judge to force the defendant (Baust) to unlock it.

Here’s the thing, however: If the phone in question is an iPhone with Touch ID, it is probably passcode locked at this point and, hence, protected by the fifth Amendment. Touch ID requires a passcode after 48 hours of disuse, a restart, or three failed fingerprint entry attempts and it’s pretty unlikely that Baust has had his phone in prison.

Unless the judge’s finding gets overturned, it does seem like this ruling might have some pretty big ramifications for fingerprint protected technology and privacy versus security in the future.

Celebrity nude photo hacks being investigated by Apple.

Unless you’re living under a rock, or some other no-media penetrated secluded villa in the south of France, you will have heard about the hundreds of photos leaked onto the internet. Naked photos, specifically, of celebrities purportedly taken from their iCloud accounts and posted on the dark website Tor, before landing on 4Chan and leaking alll over the internet, as something as viral as naked celebrity photos was always destined to do.

Some of the celebrities involved have claimed that the photos are fake, whilst others have been confirmed to be legitimate.

Bad news.

Apple gave a statement to the guys over at Re/code advising that they will be undertaking a full investigation into the matter, which is great. “We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.

Apple has since today come out with confirmation that the iCloud feature was not breached, instead the hackers were able to access and steal the photos using a targeted attack on user names, passwords and security questions.

From the sauce:

“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud(R) or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

This validates what security experts suggested yesterday – that the hackers were able to get ahold of the photos because of a combination of weak passwords and the lack of two-step verification. Two-step verification is a feature Apple introduced in March last year which requires a security code and a trusted device to log into your iCloud account as well as a password.

Although originally suspected of being used in the hack, it appears that a tool shared a few days ago on Github, a code-sharing website, was not used by the Hackers. This tool would have allowed hackers to repeatedly guess passwords without being locked out of an iCloud or Apple account but was fixed by Apple as of Monday morning. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

As always, if you’re concerned about your privacy we recommend using strong passwords and making use of the two-step verification.  

Strong passwords will include numbers, symbols and a mixture of capitals and lower case letters, and will not create a word or sequence of numbers that can be related to any of your biographical information by anyone but yourself.

To find out more about how to set up two-step verification, visit the Apple support page here. 

Image courtesy of Apple.

Google Acquires Skybox Imaging

One of Google’s more recent acquisitions is Skybox Imaging, an intelligence company that has been making vast inroads in satellite technology which Google will harness to use in mapping. The technology could however also have other far reaching  implications on privacy and business to business competition and spying.

From the Sauce:

‘By the time its entire fleet of 24 satellites has launched in 2018, Skybox will be imaging the entire Earth at a resolution sufficient to capture, for example, real-time video of cars driving down the highway. And it will be doing it three times a day.’

Cool cool, right? But they also rather casually mention:

‘ They are already looking at Foxconn every week and are able to pinpoint the next iPhone release based on the density of trucks outside their manufacturing facilities.’

Oooooh…. Interesting? Useful? A waste of technology? Kinda creepy? NOBODY KNOWS! We appreciate the map stuff though, because just how the hell did people know how to get places before?

iPhone Tip Of The Day!

Want to know where you hang out most often cos you forgot? OR want to keep your battery charge up and how much Apple knows about you down?

We got you!

iOS 7 (On 4S and above) keeps a tab on where you hang out, cos it’s like your closest, stalkiest friend!

Go to Settings>Privacy>Location Services> System Services to see a list of where you’ve been most.

AND

Turn off the feature  in the same place if you find it less fun, more stalky.

Image courtesy of imore.com

Facebook Privacy Change is a comin’

This is going to be a quick one, guys, because going on and on and on about Facebook privacy changes is important but kinda boring, and no doubt you’ll see it repeated many times on your newsfeed.

But just in case you don’t we felt you better know!

Facebook is getting rid of a privacy feature that let users limit who can find them on the social network.

With an announcement on Thursday, Facebook announced that you will no longer have control over whether users can find you when they try to search for you.  The feature is called “Who can look up your timeline by name?”

For those who didn’t have this setting enabled would have, with their eagle eyes, seen it disappear last December, but those who have had it enabled will start to see removal notices in the coming weeks.

According to the Facebook guys, only a single digit percentage of the almost 1.2 Billion people on it’s network used the setting, so they’ve decided to take it away as a privacy option.

So if you had the tick box that let you hide from search enabled, uh, sorry? Now people will be able to see that you have a Facebook account. But keep in mind these words from Michael Richter, Facebook’s Chief Privacy Officer.

“The best way to control what people can find about you on Facebook is to choose who can see the individual things you share.”

It’s important to remember that if you care about your privacy in relation to the information you share on you Facebook Profile, you should check and update your privacy settings often.

The ‘Friend’s Only’ option is your… friend. Friend.

Image courtesy of Facebook & Seattle Wolf.