Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: When do you stop owning Technology? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
When do you stop owning Technology?

If you are ever curious, yes the handlers do participate in events that do not include keyboards, packet analysis tools or malware reverse engineering. At an event here in Phoenix, AZ, USA it was clear that a piece of technology in development deserves some attention. As a lead in to the discussion the event clearly posted, no filming. The Security staff were very helpful in taking photos of folks during intermission and when the event was not taking place but vigilant in telling participants to stop during the course of the event.

This may seem like a soft subject for a diary piece but each of the handlers is entrusted with access to information that our readers post. In turn we all hold each other and ourselves to a high level of professional and personal ethics. but ... Not everyone has the same opinion on what is right or what is wrong. That brings me to the technical piece of this entry that is relevant to the above topic.

Fox News [1] is running a story about how Apple has filed patent for technology that can disable iPhones from filming at live events. After some searching I found a good source for explaining the patent in more detail [2].

In summary, the device will be able to receive commands through the infrared receiver. Keep in mind, Apple has several patents that never seem to surface as technology but this one, due to events last night, strikes as a concept to follow.

At what point do you stop owning your technology? Opposite of that where is the line to cross when it comes to protecting intellectual property?

Considering the world of extreme disclosure we are in, technology like this could be greatly useful in classified spaces and in areas of high sensitivity. For security operators that control sensitive spaces this is a technology that could be excited and useful but be aware that this could be a sign of the times to come.

 

[1] http://www.foxnews.com/scitech/2011/06/16/new-apple-technology-stops-iphones-from-filming-live-events/?test=latestnews

[2] http://www.patentlyapple.com/patently-apple/2011/06/apple-working-on-a-sophisticated-infrared-system-for-ios-cameras.html

Richard Porter

--- ISC Handler on Duty

email: richard at isc dot sans dot edu

twitter: packetalien

Richard

161 Posts
ISC Handler
So regarding the iphone blocker, why couldn't an aspiring video-journalist just tape a little piece of opaque aluminum foil over the IR sensor to disable that patent?
Moriah

133 Posts
One way around that would be to have the camera pick up the IR signal. (CCDs are IR-sensitive, and most cameras have imperfect IR filtering.) But that just changes the problem to "what if someone has a hacked iPod?"

I doubt this technology will ever be good enough to protect classified information. They're trying to stop casual recording.
Anonymous
Well, since at least the 1960 when I first got into photography, any decent camera store will be glad to sell you an IR filter, so you could still make your video and not receive the IR signals. A better way to work this <begin public disclosure of better patent idea> would be to have the IR transmitter at the event send an ENABLING signal to the phone, and have the phone check with BIG BROTHER to see if it was OK for the camera to operate. Of course, you wouldn't be able to take any pictures unless you received the IR signal, and also the GPS location info, so they could tell you were at the concert and being allowed to take pictures. With that ap[proach, they could even check the phone number and only allow registered journalist or whatever to use theri cameras. <end public disclosure of better patent idea>
Moriah

133 Posts
Just imagine what technology like this would mean to people in countries like Syria and Yemen. Can humanity afford to allow regimes to block the possibility to document events?
JanS

10 Posts
Simple, don't use an iPhone. Or use an old one, or not even a phone, why not use use a proper camera after all, and get a better recording?
JanS
3 Posts
The camera is no good for this kind of work, because if they catch you and take the camera, you have lost the pictures, but with a phone, you transmit the pictures to another jurisdiction where they cannot get to them as fast as you take the pictures; therefore, even if they kill you and smash your iphone, twitter is already broadcasting your pictures to the whole world.
Moriah

133 Posts
Any device manufacturer (and service provider) who comes up with such ideas ought to talk to a lawyer first. The moment a supplier exercises control over what a buyer does with a device in an area that is unregulated is the moment they become liable for when that control does not work, or when it is overreaching - especially in international sales there is a nightmare of often conflicting laws. In the case of Apple we are talking about high value products, which are bought by people that are typically mobile (i.e. there is never any certainty on what jurisdiction they will be in at any given time). Contractual exclusions don't always work either, aspects like negligence cannot be overrruled by contract.
The second issue is that of retro-fitting features, or taking them away. Sony has already lost in court on the removal of their "Other OS" menu option in the PS3. This amounted to selling a product with a documented set of features and then removing those after purchase, which in some countries is a clear violation of trade description laws. It's like buying a car with alloys, and getting it back with steel rims after you bring it for a service..
I think Apple is on a dangerous slope here as there is more and more reaction to their opaque approach to approval, and they seem to have learned nothing from their iTunes DRM event - it got too hard to maintain so they forced suppliers to drop that requirement so it could be phased out. Apple needs to start thinking about what they are: a supplier who protects the quality of their goods, or an extension of law enforcement with all the associated liabilities, variables and changing-of-minds by politicians who are in need of new scary things now the "terrorist" thing is no longer working..
Thirdly: its a patent. The unintentional side effect will be that if others implement it, Apple still gets the blame as they must have supplied a license..

In summary - whoever came up with the idea of patenting this concept needs a course in public relations. Apple did itself no favors here at all IMHO.
Moriah
2 Posts
I think the approach here is to SELL the HARDWARE as a peice of equipment whose only claim to functionality is that it will run software designed for it, and to LICENSE the SOFTWARE for a defined period of time to run only on that peice of hardware, so the user only owns the hardware, and Apple owns the software. After the time period expires on the software, you can upgrade the software to the new version, or use the hardware for a paperweight. Of course, the new version of the software comes with a new license agreement too. :-(
Moriah

133 Posts
AFTERTHOUGHT: This is how the cable companies regulate the behavior of your set top box, isn't it?
Moriah

133 Posts
This seems similar to VCR/DVR manufacturers putting copy-protection capability into their devices. I don't see why Apple would be on any shakier legal ground than them. They're not making the decision about what events can be recorded, they're just providing enabling technology for event organizers.
Barmar

8 Posts
MY set top box? Sorry, I haven't had cable for 12 years.

And I've never had a cell phone in North America.

And stories like this ain't gonna change either of those facts any time soon.

It's bad enough I run a couple of Windows boxes, busily communicating with Microsoft, just waiting for stealth updates/commands.
Barmar
22 Posts

Sign Up for Free or Log In to start participating in the conversation!