Tuesday, 16 September 2014

Does your smartphone belong to you?

That expensive smartphone (iPhone, Android, whatever) that you spend your life staring at - is it yours? I mean, really under your control?

Do you have complete mastery over the content that it accesses, the files it downloads and the behaviour that it tracks?

If you buy a digital book will that book always belong to you, or could it disappear one day if the publisher decides to withdraw it?

If you aren't interested in a music band will its latest album appear on your device automatically?

Who has access to information about your personal fitness, such as how long it takes you to complete a run, and how often you exercise?

Apple has, with its iPhone and, to a lesser extent, OS X-based personal computers taken away some of the control that people assume they have over their electronic devices.

Most people don't seem to care, possibly because they don't realise that their £600+ device is actually controlled by Apple rather than them. So when something happens that highlights this fact the result is shock and outrage.

This last week Apple launched a new iPhone and simultaneously made freely available rock band U2's new album Songs of Innocence to 500 million iTunes customers.

This caused many vocal users to express their enormous, four-letter-word-based displeasure via Twitter.

The problem seemed not that Apple was giving away some music but that it was appearing on people's devices without their explicit consent.

That, and the fact many people tie their identities up with music so closely that getting it 'wrong' is more than annoying - it can be insulting.

If Apple had wanted to offer a music album for free it could have sent out vouchers to iTunes users' email accounts or pushed some sort of offer through iTunes itself. Instead it rather arrogantly uploaded the music to people's devices while providing no clear way for them to remove the content.

Days later the company issued a removal tool.

Apple is not the only company to control personal electronics, though. Android devices are ultimately controlled by Google, which is why the company is able to offer remote locking and wiping services, and all your files end up in the cloud unless you are very careful.

Google hasn't (yet) pushed content in the same way as Apple, though, and just two weeks ago it made available a Shaun the Sheep cartoon for free via its Play store. I don't remember a Twitter-storm of angst when that happened, probably because no files were automatically uploaded.

Amazon's Kindle is also controlled remotely and Amazon has, in distinct contrast to Apple's latest stunt, actually removed content from users' devices in the past. In 2009 it deleted copies of 1984 and Animal Farm due to copyright issues. This was an unpopular move because, again, it highlighted the fact that these devices are a means for content consumption and are managed remotely by those who largely sell the content.

We live next to these devices 24/7 and they are so important to us that online surveys abound that ask questions like "Would you rather lose your smartphone or... get a bad haircut/go without sex/something else?" The idea that they are not really ours and under our complete control is more than uncomfortable - it's unbelievable. Which is why so many people get upset when it's pointed out to them in no uncertain terms.

Thursday, 14 August 2014

Aircraft hacking myths busted

Two avionics experts have explained why it is impossible for an attacker to take remote control of a commercial airliner.

Speaking at the Defcon 22 conference in Las Vegas Dr. Phil Polstra and Polly Kadolph explained in detail why some types of attacks are impossible and others are exceptionally unlikely to succeed.

The Register covers some of the technical detail but see below for a non-technical summary:

  • You can't hack the entertainment system and then connect to more important systems, such as the flight controller.
  • There is no way to access critical systems using wireless networks.
  • The way an aircraft's networks are set up means that they are not compatible with the sort of networks familiar to most computer experts.
  • All major control systems can be operated manually by the pilot(s).
  • Pilots won't just blindly follow what they are told by air traffic control (ATC), or someone pretending to be ATC.
  • Pilots always have control of the plane, even if its electronics fail or fall under someone else's control.
  • The auto-pilot can be turned off.