Don’t worry, the backdoor to your data already exists

iPhone Passcode
ymgerman/123rf
Risk assessment: we’re not even safe in the air anymore. Every time you log into a device and have it connected to the space we call the Internet, it most likely checks for automatic updates … unless you’ve turned them off. Depending on how urban you are, it might be a good idea to do so. Because the very developers you’ve purchased your software from most likely also provided hackers with a pre-installed backdoor. Sort of.

In a recent article on Ars Technica, Leif Ryge discusses the importance of the ongoing encryption battle between Apple and FBI. The FBI demands that Apple develops a new operating system (likely a modified version of iOS); one that would assist the FBI in catching criminals without having to turn to Apple for help –this would also set a nefarious precedent. The Feds also demand that Apple’s devices no longer delete certain data after a limited number of failed PIN unlocking attempts. It would effectively let anyone abuse your phone for hours on end, should they get their hands on it.

There’s also a push for Apple to provide the FBI with a “backdoor” to their operating system — even Apple is calling it such. But that backdoor has existed for a long time; it simply takes the right key to get access, and that’s something the FBI is very interested in. Giving in to those demands would put other IT companies in an awkward position, and unlikely to succeed in refusing the FBI themselves. The clincher is that other countries could follow in the those tracks. After all, if the iPhone is accessible by the United States, why shouldn’t it be the same in, say, China?

But before we start concerning ourselves with whether China will be hacking their way through smartphones on an international level, there’s already a major security flaw to address. Because in pretty much every software update you receive, be it on your computer, tablet, or phone, there’s a hacking buffet awaiting the one that gets a hold of that update’s master key. Assume that this is your operating system for one moment, take a few steps back and breathe.

How often is your device automatically updated (assuming you have that option turned on)? How about the entire OS? For an OS, it most likely checks whether or not you’re using an authentic version of the software before starting the update. At that very moment, it will often use the previously mentioned master key. There can be several keys to get access to your system, and due to their nature, they’re cryptographic single points of failure. They are access points rather than safeguards, should they fall into the wrong hands.

If you’re having a bad day, and a poorly mannered hacker passes by your digital life, they might infer it’s a good day to check for someone with a false sense of security. Provided the conditions are right, the hacker could be in a position to pose as an authentic update to your device. In a worst case scenario, this then equals a malicious automatic update delivered directly to you, one which the hacker tricks your device into believing is real. It wouldn’t look dangerous. For all you’d know it looks like an update with puppy eyes, meant to improve your system stability and ask you to play around with all the new toys/features.

“But,” you ask, “if this key is so powerful, what happens if it’s not just some lone hacker that gets access to that key?” Massive damage, perhaps. It all depends on the intentions of your hacker. The crucial point is that they essentially will have the ability to do as they please with your device. All due to a deliberately placed security system that’s getting outrun by both governments and criminal organizations.

Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Gaming

How you can give your PS4 a fresh start with a factory reset

Learn the many ways you can factory reset your PS4. From reverting your settings to factory to doing a full wipe and reinstalling the latest PlayStation firmware, we cover it all here, step by step.
Deals

Best deals on smart locks so you’ll never have to worry about unlocked doors

Is your front door locked? We found the best deals on smart home door locks that take the worry out of wondering if your home is secure. You can lock or unlock your doors remotely and some models let you control locks with voice commands.
Virtual Reality

Oculus Rift vs. HTC Vive: Prices drop, but our favorite stays the same

The Oculus Rift and HTC Vive are the two big names in the virtual reality arena, but most people can only afford one. Our comparison tells you which is best when you pit the Oculus Rift vs. HTC Vive.
Computing

Microsoft’s Windows 95 throwback was just an ugly sweater giveaway

Microsoft's "softwear" announcement wasn't what we had hoped for. Thursday's announcement was not the new line of wearable tech or SkiFree monster sweater we wished for. But it did deliver the 90s nostalgia we wanted.
Computing

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.
Deals

The best MacBook deals for December 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.
Computing

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.