Aussie Security Forces Testing Apple's iOS

lukehopewell1 writes "Australia's Defence Signal Directorate (DSD) is testing the national security capability of Apple's iOS mobile operating system for use on federal networks that transmit national security data. If the operating system is certified as secure, Australian Defence Force personnel, government aides as well as ministers and senators at all levels could see iPads deployed as standard."

What could possibly go wrong?

[Noryungi]

Wasn't there a hack, published recently, that allowed a user to bypass all security & protections on an IOS device, simply through the standard connector?

I just don't understand how you can seriously evaluate the security of a mainstream COTS OS and expect it to survive more than 5 minutes versus a dedicated attack, not to mention an attack financed by a rogue state. Even industrial controls are becoming more and more endangered -- see stuxnet.

Other devices, such as the Blackberry, should be banned as well, as the French intelligence has been requesting for quite some time now. And don't even mention the words "Windows", "Mobile" and "Security" in the same sentence, please.

Re:What could possibly go wrong?

[Bert64]

The problem with phones as a whole, not just the iphone, is that the device is generally capable of booting without the user having to enter any form of key material...
Therefore, even if the device is encrypted, the key must also be stored on the device, where someone with sufficient skill will be able to extract it.

Re:What could possibly go wrong?

[joh]

Wasn't there a hack, published recently, that allowed a user to bypass all security & protections on an IOS device, simply through the standard connector?

No, not all, just some. There are different levels of protection, some were broken and some not. iOS has some newer APIs for that which aren't widely used yet by apps, but they're there and used right they're secure.

Re:What could possibly go wrong?

Well, specific apps could have their own dedicated encryption which requires a passphrase, or Bluetooth RSA token, or whatever.

Re:What could possibly go wrong?

The French intelligence has backtracked last year on their initial recommendation against Blackberry devices, following on a study conducted by the secret services. Blackberry are now deployed in most ministries in France.

Re:What could possibly go wrong?

[Linux+Torvalds]

Well, Hitler certainly regretted his choice of iOS.

Re:What could possibly go wrong?

[mjwx]

Between this, sex scandals in the navy and 10% of our forces being to pudgy to deploy, I'm losing faith in our Diggers.

I just don't understand how you can seriously evaluate the security of a mainstream COTS OS

Indeed, didn't the CIA or some such American agency develop a specification for this kind of thing. Shouldn't a sensitive comms device be built from the ground up with encryption at the very least rather then just wrapped around the outside.

Re:What could possibly go wrong?

[MikePikeFL]

I'm not sure if this is what you were referring to, but this is immediately what I thought of when I saw this article:

http://www.youtube.com/v/uVGiNAs-QbY

And the paper: http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf

I got these from a friend a few days ago, and then was astounded to see this article on Slashdot. The method requires jailbreaking (a whole other problem), but uses built-in system functions to dump various keychain creds!

Re:What could possibly go wrong?

[hawkbat05]

BlackBerry has been tested under FIPS 140-2, CC and CAPS and has been approved for NATO RESTRICTED, UK IL3 and Canada Protected B (among others). It's all available for review here. BlackBerry also supports S/MIME and/or PGP, device and media card encryption, DoD CAC/smartcards (for two factor authentication to the device), Bluetooth encryption, AES256 encryption between the device and it's BlackBerry Enterprise Server, several options for secure remote wipe of the data (even if there is no cellular connection) and all of this can be enforced from a centrally administered server and compliance verified from there as well. Show me how iPhone or Android can even come close to not only the certifications but the security features that can be easily audited for compliance. The only other phone that beat some of this is the Sectera Edge by General Dynamics (which can encrypt voice as well) but I wouldn't call their solution COTS. I know that reads like an advertisement but BlackBerry is really the only one doing all of that (afaik anyway).

Re:What could possibly go wrong?

[ozmanjusri]

Even industrial controls are becoming more and more endangered -- see stuxnet.

Stuxnet required a few things to be in place to work:

• The Windows operating system,
• Step 7 SCADA system (that runs on Windows)
• a Siemens PLC.

There's one of these things that's been implicated in most other exploits as well. See if you can guess which it is...

Re:What could possibly go wrong?

This will be for information at in-conf or protected. We do have the SME-PED for higher levels of data which is built as you imagine.
http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32

Government has a lot of general purpose computing needs and buying expensive, proprietary solutions makes the cost go up dramatically per unit and limits the available application pool.

It's all about weighted risk. You don't need to batten down the hatches for every piece of govt data. Government is not exempt from balancing usability and security.

Re:What could possibly go wrong?

[Dabido]

And don't even mention the words "Windows", "Mobile" and "Security" in the same sentence, please.

Hypocrite. :-)

Re:What could possibly go wrong?

If interested, I did a short post on this aspect of the recent attack, as I thought the vast majority of the reported stories glossed over, or simply ignored, the fact the iOS lets devleopers choose which level of protection they would like when storing sensitive information. As it turns out, the default permissions for keychain items were not susceptible to the attack that was demoed. http://labs.neohapsis.com/2011/02/28/researchers-steal-iphone-passwords-in-6-minutes-true-but-not-the-whole-story/

Not secure

They can be jailbroken. What does that say about the security of the OS?

Re:Not secure

All mobile OS can be jailbroken. Blackberry's certification excluded the bootloader from testing .

Oh no!

[Rik+Sweeney]

I can already see it happening:

Commander (To his troops): Gentlemen, you have a new assignment. I have sent you a link to a PDF containing the details...

Re:Oh no!

It already does happen, unfortunately Outlook is involved.

G'day mate!

[bazmail]

What's that skip? Uncle Drongo's got a compound fracture of the tibia? There's a bladdy app for that mate!!!

yes, quite

[FuckingNickName]

private wireless networks that handle material of national security.

Lol, national security WiFi network.

to use iOS products in a secure manner

OK... what? When was iOS last developed as a military grade secure system?

Both the iPhone and iPad incorporate DSD-approved cryptographic algorithms and DSD-approved cryptographic protocols

Ooo. So does my undergraduate homework. But I sure as fuck hope it's not deployed anywhere, because it's not been designed or audited for anything at this level, and it is sure to have a million implementation problems. Nor am I available to audit every single code fix and functionality update.

Re:yes, quite

[geogob]

to use iOS products in a secure manner

OK... what? When was iOS last developed as a military grade secure system?

Does it have to be? In the military (or in general one should say), security is a relative thing. Although the device may not be suited for some security level and/or requirements, it may be fine for others. There's no such thing as a "military grade security". But there are many military security grades, for some of which off the shelf devices are totally adequate.

Re:yes, quite

[FuckingNickName]

Any policy which relies on Apple's software, e.g. its implementation of "cryptographic protocols", must be wrong. The best one can hope for is hardware-based restrictions, i.e. (i) no physical connection to an insecure network; (ii) heavy firewalling and packet inspection to make sure the client system is not misbehaving; (iii) no wireless whatever, because a full analysis of the source is required to make sure nothing in the iPad can be exploited to cause it to retransmit sensitive data.

(assuming every line of iPad software source and firmware isn't being audited, including all updates)

Re:yes, quite

Governments have a range of different needs. Wifi, as much as I may feel in inappropriate, may be the most suitable for a particular need. I imagine "national security" has been thrown in as a catch-all for "government data". If you want to see how particular levels of classification need to be secured, you can read the ISM - it's available for anyone to read online. http://www.dsd.gov.au/infosec/ism/index.htm

If DSD is doing a full crypto eval, they'll be poking at the implementation problems. Trying to do this at this late stage looks pretty painful to me, but may be doable. The process of evaluating will likely make the platform more secure for the average user as vulnerable items are fixed, even if it ultimately fails evaluation.

Re:yes, quite

[rtb61]

Sure there is, it's called hard wired and air gap with no portable media drives or connectors. Absolutely never ever anything on wireless in the hands of politicians. The whole thing must be some way early April fools joke. No who the hell is the politicians responsible for looking for stupid ways to throw away lots of money, on grossly overpriced under performing technology.

Re:yes, quite

A code review is generally part of the process.

Re:yes, quite

[FuckingNickName]

Worrying about strong crypto on a wifi device is like worrying about the locking mechanism on a safe with a window.

Anecdote

When I graduated from my IT Security and Cryptography degree I saw most of the morons of the class ending up working for ASIO and the DSD, so I wouldn't trust the DSD to certify that my CAT-5 patch cables have connectivity let alone an proprietary operating system. All they do is use inflexible checklists and frameworks to make their decisions on, they can't think outside of the box, and that's where the problems are going to lie.

Re:Anecdote

[Bert64]

Security standards as a whole are like that, based on checklists, and the checklists have flaws in them which vendors will often exploit...

For instance, one of the requirements may be "must encrypt all user data using a recognised encryption algorithm", however they will miss something like where the key should be stored, so you end up with the key being stored on the device where its easily retrieved thus rendering the encryption pretty worthless.

On the other hand, the threat is often overhyped... The majority of people who would steal something like an ipad are petty criminals who care about how much cash they can get by selling the device, they couldn't care less what data it contains.

Re:Anecdote

[damaged_sectors]

When I graduated from my IT Security and Cryptography degree I saw most of the morons of the class ending up working for ASIO and the DSD, so I wouldn't trust the DSD to certify that my CAT-5 patch cables have connectivity let alone an proprietary operating system. All they do is use inflexible checklists and frameworks to make their decisions on, they can't think outside of the box, and that's where the problems are going to lie.

Was one of them a kind of chubby, dark haired, autistic looking guy, works at Russell, carries an umbrella (always), and catches the bus to Civic?

Coz if he can't keep track of his briefcase I sure wouldn't trust him with anything smaller. He seems to have a little problem with literacy too....

Re:Anecdote

[dlt074]

The majority of people who would steal something like an ipad are petty criminals who care about how much cash they can get by selling the device, they couldn't care less what data it contains.

however, the majority of people who steal government iPads for the purpose of spying are interested in the data it contains.

Re:Anecdote

Dude....I know the guy !!!!!

Well, I don't know him...but he changes to the bus that runs out to Nicholls from Civic.

We used to catch the same one...ehhehehe

Great ongoing revenue stream

And every Agency would have to pay on an annual basis for an Enterprise License to be "allowed" to side-load their own applications to the devices.

Why were iPads even considered? That sort of restricted access should rule them out at the first step.

Re:Great ongoing revenue stream

[damaged_sectors]

And every Agency would have to pay on an annual basis for an Enterprise License to be "allowed" to side-load their own applications to the devices.

Why were iPads even considered? That sort of restricted access should rule them out at the first step.

Well it's obvious really:- Victoria increased the number of doctors there by giving tree iPads, now it's time to boost ASIO recruiting. I know it makes me want to endure the "intrusive vetting" in order to work with cheezel scented fat fucks for a low wage, and hey, once a month you get to play paintball out the back of the airport. Sign me up.

The criminals

[bazmail]

Obviously the convicts in HMS Prison Australia have heard of this "jail breaking" thing and want in.

Phew! Not so bad!

[Chas]

For a moment I thought you were going to say a Flash app...

Whatever...

I've seen the stuff the DSD approves - they don't seem very strict.

Its like they only devote the idiots on the team to approving devices.

Re:Whatever...

You certainly have access to privileged information then.

Or you visited the EPL website. One of the two.

http://www.dsd.gov.au/infosec/epl/index.php

This must be a joke

I had to check on the calendar to see if it's April 1st already.

WTF?

Re:Phew! Not so bad!

Well, it means more attentive troops if they can't get distracted playing silly Flash games, right?

oh dear

[ewe2]

these are the same geniuses who thought laptops could travel in APCs.

general gets idea from daughter

explanation is simple, high level officials daughter shows him shiney new ipad and says "look daddy it is soooo cool, the us generals will laugh at you if you bring a notepad and paper to a meeting"... deal to implement ipads nationwide done.

when confronting unarmed civilians, software works

the results will obviously be better than launching weapons/mercenaries (hired goons) at them. we're seeing numerous millions of damaged/hungry/scared kids yet today. we have the ability. is the will missing?

Spiderman Pyjamas

[xixax]

Information technology used *anywhere* in the Aussie government should be approved by Defense Signals Directorate, the assessment doesn't mean it's going to be used by military personnel ("security forces") for sensitive tasks.

I'm not surprised they are evaluating the iPhone/iPad. It's trendy, is probably cheaper than Blackberry (AFAIK only currently evaluated smart phone product) and it has all the hallmarks of classic "Spiderman Pyjamas" for style aware executives. Probably more a case of people having private iPhones and being underwhelmed by the available approved options.

No doubt they'll get pressure to assess Andriod next.

Re:Phew! Not so bad!

[naz404]

The U.S. Department of Defense uses Flash/Flex as solutions for a number of their coordination tools, especially for mapping and data visualization.

Not kidding. Looks like a simplified real deal command-and-conquer RTS app.

Flash is pretty much the go to guy for easy-to-build rich GUIs, which even AAA game titles (Like Starcraft II, Streetfighter IV, etc) use Flash for their GUIs via Scaleform technology.

How are they testing it?

[Haedrian]

Since iOS is closed source, are they simply black-box testing it? Because I'm sure that'll work wonders.

It says they're working with apple, but I'm pretty sure if there are outstanding bugs either apple doesn't know about them, or won't show them off and lose out on this project.

Lets face it

[Colin+Smith]

It's not like Australia's defence forces really matter.

China decide they want Australia's coal, gas, uranium and other mineral wealth, they're just going to roll in and take it.

Or exchange it for cheap crap the way the Americans did.
 

Re:Lets face it

[grantek]

Or exchange it for cheap crap the way the Americans did.

Like iPads!

Re:Lets face it

[Gumbercules!!]

China already do take our gas, coal and other mineral wealth. We're making out like bandits selling it to them (how's that recession working out for you, rest of the World?) and their economy is still going strong, based on them buying it from us at a price they can bear. That's way easier for them than trying to mount an invasion of a country half a world away, by sea because there's no land between us and them, and without damaging the infrastructure necessary to pull said minerals out of the ground and ship them back to China.

Re:Lets face it

[Colin+Smith]

Boy, you jumped right into that one.
 

Re:Phew! Not so bad!

[__aapspi39]

hey, this is an apple thread, we don't want to hear about geeky stuff in here!!!

adjust your field amplifier or leave now please!!!

Re:Phew! Not so bad!

[naz404]

oops sorry!

umm...

Google is Evil and Adobe is LaZy!!!

Smartphone needs Trusted Compting

Simply said, the only way to get this secure is by leveraging Trusted Computing to create trusted zone and trusted execution. A lot of company are looking at the "Bring your Own PC/Laptop/Smartphone" but how do you ensure the insecure user zone (where people download all kind of shitty apps) wont get access to the corporate data? The only answer is Trusted Computing.

People as to stop thinking about Trusted Computing as being a DRM model. It is not! It's a security tool, nothing else! Learn about it!

If Apple use it to control what you can and cannot do with your phone, you'll simply change to Android or whatever.

Did somebody forget to tell the DSD about PWN-2OWN

Last PWN-2-OWN didn't OSX get hacked first? How long will it take hackers from China/US etc. to PWN those .... Government sponsered or not - I'd give 'em about 5 seconds ..... When has Apple EVER been concerned with security .... "You dont need Anti-Virus - It's a MAC !!! .." - the primary security model of Capertino .... Apple OSX is just BSD with a pretty GUI running on Intel hardware - I hope the DSD can take care of 20+ years of retro Unix/Linux/BSD hacks in their auditing/certification of the code - Oh and well .... reverse dns lookups on people downloading GeoHots *jail-breaking* apps and adding a trojan backdoor if DSD domains are noticed to be downloading the *jail-break* .... Nah - never happened

Apple snapshots?

[darth+dickinson]

Correct me if I'm wrong, but doesn't Apple randomly take snapshots of all the data on their iThings for bug tracking/troubleshooting purposes? If so then that right there should disqualify them.

Re:Apple snapshots?

How the hell are they going to process millions of 16 or 32 GB snapshots?

They will, if you authorize it, take the crash logs. They also certainly know which devices are tied to your account. And, obviously, there's Genius and Ping and whatever other nonsense in iTunes that you can set up.

Re:Did somebody forget to tell the DSD about PWN-2

The proof is in the pudding:

With the market penetration of Macs, even though it is less than Windows, if Macs had the same amount of security issues, there would be people screaming in the streets how easily a Mac is infected. So, it isn't just numbers, but percentages of computers infected that stand out. So far, I have seen one "infection", and this was someone who downloaded the Trojanized iWork '09 a couple years ago. Other than Trojans, Macs are not hackproof, but tend to be too much of a bother to try to compromise as opposed to Windows.

This also applies to Linux. Yes, there is an occasional compromise here and there, but it isn't on the scale of Windows where it is almost a foregone conclusion that a Windows box will get compromised given time.

Ob

[Hognoxious]

It's a hoax. Using anything Apple related would be against rulesone, three and five.

How can iOS be considered secure if...

[Heretic2]

...there are tools to compromise its keychain in a few minutes?

iOS is NOT secure...

One key thing to consider. If the iOS operating system was secure, it couldn't be jailbroken. As such, there has yet to be a version of the operating system that could be considered secure. Until such time as Apple releases a version of the iOS operating system that can't be jailbroken, then it can't be considered "secure".