The RISKS Digest
Volume 29 Issue 31

Thursday, 3rd March 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Navigation app sends Israeli soldiers into Palestinian area, two dead
YNetNews via Mark Thorson
Over a thousand suitcases not transported on Leap Day
Debora Weber-Wulff
Palo Alto school's medical privacy case
John R Levine
No Surprise: Health IT in the ER, new `error' categories
Erik Hollnagel
SSLv2 Support Compromises TLS Connections
Ars Technica
IRS identity theft story—wanna bet it is much, much bigger?
Paul Saffo
"OpenSSL update fixes Drown vulnerability"
Fahmida Y. Rashid
Hack the Pentagon
Alister Wm Macintyre
Re: A 12-year-old girl is facing criminal charges for using certain emoji. She's not alone.
David Weil
Court orders Facebook to release WhatsApp data
James Hughes
ISIS turns to foreign encryption products as Apple-FBI fight rages in U.S.
Daily Dot
Amazon Quietly Removes Encryption Support from its Gadgets
NY Judge rules in Apple's favor (Alister Wm Macintyre
Re: Best Explanation for the Apple FBI Hack ...
John Levine
Ted Lee
Simson Garfinkel
EFF and 46 Technology Experts Ask Court To Throw Out Unconstitutional Apple Order
Apple vs FBI - the Apple logo obscures the issue
Peter Houppermans
Info on RISKS (comp.risks)

Navigation app sends Israeli soldiers into Palestinian area, two dead

Mark Thorson <>
Tue, 1 Mar 2016 15:58:30 -0800
They asked for the shortest route to their destination, but did not specify
avoiding Palestinian areas.  They passed roadside warning signs, drove into
the area, and were allegedly attacked.  More soldiers were sent into the
area to rescue them, and two Palestinians were killed.,7340,L-4773114,00.html

Over a thousand suitcases not transported on Leap Day

Debora Weber-Wulff <>
Tue, 1 Mar 2016 16:04:29 +0100
It's Leap Day, a comp.risks high holiday!

In Germany, the Düsseldorf airport reportedly has 1200 suitcases
stacked up, the local news reports, because the system did not recognize
29 Feb as a proper date.

The automatic luggage distribution system refused to transport some, but not
all, of the 25 to 50 thousand suitcases it deals with a day. The airport
speaker suggested that air travelers pack important things such as medicines
in their hand luggage.

Prof. Dr. Debora Weber-Wulff, HTW Berlin, 10313 Berlin +49-30-5019-2320

Palo Alto school's medical privacy case

"John R Levine" <>
3 Mar 2016 16:11:10 -0500
Cystic Fibrosis is a serious genetic disease.  C.C. is a child who has a
genetic marker for CF but does not have the disease, a relatively common
situation.  C.C. only knows about the marker from a genetic screening during
treatment for an unrelated condition as an infant.  A CF web site claims 4%
of all people have a recessive CF gene and hence a CF marker.

C.C.'s family moved from Singapore to Palo Alto in 2012 and enrolled him at
his neighborhood middle school and provided his medical information as part
of the enrollment process.  People who have CF get dangerous lung infections
and should not meet each other due to risk of cross-infection.  Two siblings
who have CF attend the school, and when a school employee improperly told
their parent (Mrs. X.) of C.C.'s genetic marker, she demanded C.C. be
removed.  C.C.'s parents provided a leter from C.C.'s doctor that he did not
have CF and posed no risk, but the school relied on a letter from a "top
Stanford doctor" who had never examined C.C., later revealed to be
Dr. Carlos Milla, and ejected him anyway and moved him to a school several
miles away. C.C.'s family sued, the school backed down, and in 2014 the
district court dismissed the case on the bases that he was back in school
and the school's concern about a threat to Mrs. X's children was reasonable.

C.C.'s parents, the Chadams, appealed the decision to the Ninth Circuit on
the bases that they suffered damages under the Americans with Disabilities
and Rehabilitation Acts, that the court had made unwarranted factual
assumptions when it dismissed the case, and that the school had revealed
even more of C.C.'s private medical data to Mrs. X.

What makes this case more than routine is that the U.S. government
intervened in January with an amicus brief supporting the Chadams.  The
government's brief argues that the school discriminated against C.C. based
on its belief that he had a disability (CF), and that the schools did not
demonstrate that C.C. was a "direct threat" (which would have been hard
since he was and is not.)

This case combines a privacy failure with a medical failure—C.C.'s
medical information should not have been disclosed, and even if it were, the
school's actions were not supported by medical evidence or necessity.  As
often happens, a privacy failure compounds failures of other sorts.

(This summmary is from court documents in this case, public information on
the courts' web sites.)

No Surprise: Health IT in the ER, new `error' categories

Erik Hollnagel <>
Tue, 1 Mar 2016 09:28:20 +0100
As ER doctors and nurses grapple with the transition to digitized record
systems, these mistakes seem to be happening more frequently.  “There are
new categories of patient safety errors'' in emergency rooms that didn't
exist before the push to use electronic record systems, said Raj Ratwani,
scientific director at MedStar Health's National Center for Human Factors in
Healthcare in Washington, D.C.

  Not really surprising. But I wish they would stop calling it "patient
  safety errors" when it is rather increased difficulty in adjusting to
  (ever changing) working conditions. The 'error', if any, is of the people
  who developed, designed, and purchased the technology.

SSLv2 Support Compromises TLS Connections

"Bob Gezelter" <>
Tue, 01 Mar 2016 06:20:43 -0700
Ars Technica reports that over 13 million sites still permit clients to
request use of SSLv2, despite long-known flaws. Of these sites, 97,000 are
among the top one million sites on the WWW.

In short, while SSLv2 is not the default, it is possible for it to be
requested. This enables an attack against the servers private key.

It is recommended that all sites verify that SSLv2 support is completely
disabled. An update to OpenSSL related to this vulnerability is soon to
be release.

The Ars Technica article is at:

IRS identity theft story—wanna bet it is much, much bigger?

Paul Saffo <>
Thu, 03 Mar 2016 12:35:32 -0800

I will bet $$$ that this is just the tip of an iceberg, as it is
breathtakingly stupid for the IRS to have been snookered by a KBA attack.

"OpenSSL update fixes Drown vulnerability" (Fahmida Y. Rashid)

Gene Wirchenko <>
Wed, 02 Mar 2016 09:47:31 -0800
Fahmida Y. Rashid, InfoWorld, 1 Mar 2016
The Drown attack decrypts TLS sessions on servers supporting SSL v2
and using RSA key exchange

selected text:

An international team of researchers has uncovered an attack that can
compromise encrypted network traffic in a matter of hours.

The Drown (Decrypting RSA with Obsolete and Weakened Encryption) attack
successfully decrypts TLS (transport layer security) sessions by exploiting
a vulnerability in the older SSL v2 protocol that exposes private RSA
keys. Once again, old cryptography is breaking the security of all online
communications.  mobile social collaboration faces heads

Drown is different from other attacks against TLS in that it doesn't need
servers to be using the older version; the attack will succeed as long as
the targeted system supports SSL v2. The cross-protocol attack
(CVE-2016-0800) could lead to decryption of any encrypted session using
SSL/TLS protocols as long as the server supports SSL v2 and uses RSA key
exchange, the researchers said in their technical paper.

"In the future we must ensure that all obsolete crypto is aggressively
removed from all systems. If it's not, it's going to come back to bite us,
sooner or later," Ristic said.

  [Don't forget all the other flaws, brought to light by the IEEE SSP
  best paper by Beurdouche et al., noted in RISKS-28,58.  PGN]

Hack the Pentagon

"Alister Wm Macintyre \(Wow\)" <>
Thu, 3 Mar 2016 05:16:56 -0600
The U.S. Department of Defense (DoD) has invited hackers participate in
"Hack the Pentagon", to find & report vulnerabilities in some of their

Volunteers must be US citizens who pass a background check.

Beware, background checks may get you on OPM, which gets hacked thru an NSA
back door.

A new US agency has been launched to replace some of OPM activity, the
National Background Investigations Bureau (NBIB).

I hope the replacement system learns from the mistakes of OPM.  This kind of
data does not need to be on the Internet, it should be on an intranet.

That way NSA back doors do not reveal the data to as many adversaries.

  [On an intranet?  But the Dark Net is not all that invisible...  PGN]

Re: A 12-year-old girl is facing criminal charges for using certain emoji. She's not alone. (RISKS-29.30)

David Weil <>
Wed, 2 Mar 2016 11:50:28 -0500
Does this mean that the authorities are going to make (school) libraries
censor all symbol-based swearing from their collections?  If I'd had a smart
phone when I was twelve, I might have done this too—because that was the
way the comic books I read depicted swearing.

(There are a bomb, a knife, 2 skulls, 2 guns, and 3 symbols that look like
explosions.) [However, even for those who are trope-o-philes rather than
trope-o-phobic, it may be difficult to distinguish one expletive from
another.  %^&#@!  PGN]

Court orders Facebook to release WhatsApp data

James Hughes <>
Thu, 03 Mar 2016 09:31:14 -0800
A court had ordered Facebook to provide data from WhatsApp, a messaging app
it owns, in connection with a criminal investigation into drug
trafficking. Police in Sao Paulo questioned Facebook's VP for Latin America
Diego Dzodan on Tuesday, and he remained in jail overnight.

  This could easily escalate to jailing random employees to extort a
  backdoor. This would be easier in some countries than others.

ISIS turns to foreign encryption products as Apple-FBI fight rages in U.S. (Daily Dot)

Lauren Weinstein < <>>
March 2, 2016 at 12:00:50 PM EST

  Prompted by a case related to the ISIS-inspired terrorist attack in San
  Bernardino, the intense discussion heavily focused on thwarting the
  Islamic State.  But ISIS supporters online didn't seem worried at all.
  Instead, they've spent the week--and longer--promoting strong encryption
  tools from outside the United States that the American government cannot
  touch with legislation.  In the last month, Islamic State supporters have
  promoted security software from Finland, Romania, America, France, the
  Czech Republic, Canada, Panama, Germany, Switzerland, Saint Kitts and
  Nevis, and other nations, a Daily Dot review found.

Amazon Quietly Removes Encryption Support from its Gadgets

Lauren Weinstein <>
Thu, 3 Mar 2016 13:26:06 -0800
  While Apple is fighting the FBI in court over encryption, Amazon quietly
  disabled the option to use encryption to protect data on its
  Android-powered devices.  The tech giant has recently deprecated support
  for device encryption on the latest version of Fire OS, Amazon's custom
  Android operating system, which powers its tablets and phones. In the
  past, privacy-minded users could protect data stored inside their devices,
  such as their emails, by scrambling it with a password, which made it
  unreadable in case the device got lost or stolen.  With this change, users
  who had encryption on in their Fire devices are left with two bad choices:
  either decline to install the update, leaving their devices with outdated
  software, or give up and keep their data unencrypted.

NY Judge rules in Apple favor

"Alister Wm Macintyre \(Wow\)" <>
Mon, 29 Feb 2016 21:24:37 -0600
A federal judge has ruled that Apple does not have to unlock iPhone in a New
York drug case, where the All Writs Law was used,

This is NOT the San Bernardino case, but there are similarities.
* All Writs Act used in both cases.
* NY case is an iPhone running iOS 7.
* San Bernardino case asks for a lot more than was asked in NY case.

According to news media reports, Judge James Orenstein wrote:

“The U.S. government's argument doesn't justify "imposing on Apple the
obligation to assist the government's investigation against its will.''

“The government posits a reading so expansive—and in particular, in such
tension with the doctrine of separation of powers—as to cast doubt on the
AWA's constitutionality if adopted.''

“Nothing in the government's arguments suggests any principled limit on how
far a court may go in requiring a person or company to violate the most
deeply rooted values to provide assistance to the government the court deems

Orenstein said law enforcement is inappropriately trying to use powers that
it hasn't been given by Congress.

The feds say they will appeal this case.

To avoid confusion, be aware that there are about 60,000 cases of law
enforcement demanding that Apple unlock individual iPhones, about a dozen of
them from the feds, including the San Bernardino terrorist iPhone.  A ruling
in one case is not a binding precedent on other cases, and some people can
even defy the US Supreme Court with impunity.

The antique nature of the All Writs Law is not relevant, unless you also
want to throw out the US Constitution, which has the same age.

Re: Best Explanation for the Apple FBI Hack ... (Garfinkel, R-29.29)

"John Levine" <>
1 Mar 2016 02:18:02 -0000
> There is an error in Rebecca Mercuri's analysis of the FBI-Apple issue.

Well, maybe.

> FBI can image the phone (phone "cloning" is something else, BTW), but FBI
>cannot image the secure enclave.

Indeed they cannot, because the Secure Enclave was introduced in the A7
processor used in the iPhone 6 series, and the A6 processor in the San
Bernadino iPhone 5C doesn't have one.

As I read the Apple document, the main CPU in the A6 contains the secret
random UID and only has instructions to use it as part of a key for
encryption or decryption.  So it seems like the claim is correct that if
Apple wrote and installed a new GovtOS, that OS could use the crypto
instructions to test entered passcodes, but not add the time delays or do
the data wipe.

For that matter, why couldn't GovtOS just try all of the passcodes itself
and display the one that worked on the welcome screen?  Seems a lot easier
than entering them all by hand or via some remote data source, although I
suppose that would make it more obvious what a privacy disaster it was.

Re: Best Explanation for the Apple FBI Hack ... (Garfinkel, R-29.30)

Ted Lee <>
Mon, 29 Feb 2016 20:29:46 -0600
Simson Garfinkel wrote:

> FBI can image the phone (phone "cloning" is something else, BTW), but FBI
> cannot image the secure enclave.

Simson said essentially what I said, but got this almost irrelevant point
wrong.  The 5c under question does not have the secure enclave.  What is not
clear from the white paper is how much of the software (aka firmware) in the
secure enclave is burned in silicon and how much is booted from the file
system.  I am guessing that just like for the application processor the
lowest level boot code is burned in hardware and everything else is pulled
in from the file system (after passing the signature check.)  What the
secure enclave does is complicated enough it would seem necessary to be able
to update it ("securely", of course) when a bug needs to be fixed or some
design enhancement made.  It is clear, for instance, that the Touch ID code
is updateable, since that is one of the publicly announced changes in one of
the recent IOS updates.  So I suspect a court order to do the same sort of
thing on, say, a iPhone 6, that they are asking be done on the 5c would be
technically possible—just more complicated.

BTW, I don't know how many people reading this noticed that there were some
recent press reports that Apple is already designing fixes for the
vulnerabilities in the present state of affairs, including those in the
iCloud backup process that allows Apple to accede to warrants for backups.

See, for instance, among several similar articles,

Re: Best Explanation for the Apple FBI Hack ... (Levine, R-29.29)

Simson Garfinkel <>
Tue, 1 Mar 2016 07:12:15 -0500
John Levine helpfully indicated that the Apple iPhone in question is a 5C
which does not have a "Secure Enclave."

I was confused, because I had referred to the current Apple iOS Security
Guide [1].  The operative Security Guide for the iPhone 5c is Apple's May
2012 Security Guide [2], which is no longer available on the Apple website,
but which is available on a course website at MIT [2].

In the previous Security Guide, Apple uses the term "tangled" to describe
the combination of the hardware AES key with the user's PIN. (The current
Security Guide's use of the word "entangled" comes from quantum computing,
although there is no quantum computer within the iPhone.) On the 5c is AES
key is burned into the Apple processor.

The important difference, as John and I discussed in several private emails,
is that the hardware does not enforce wiping of the key, which is enforced
by Apple's operating system. This means that if you can perform a forensic
removal and restore of the memory in the iPhone 5c, you can do a brute force
attack, with an 80msec delay between each attempt.

So the question is this: how can you remove and restore the memory of the
iPhone 5c?  Oxygen Forensics [3], one of the leading iPhone forensics
providers, claims that the passcode is required for memory
extraction. Another way is to use the JTAG interface, but I've found no
indication online that this is possible with an iPhone 5C. It may be
possible remove the surface mount memory chips and try to set up some kind
of socket arrangement, so that the memory can copied out and repeatedly
rewritten as the next 10 codes are tried. To get an idea of how hard this
would be, look at the iFixIt teardown photos of the iPhone 5c [4]. The
memory module is evident in Step 10, the Toshiba THGBX2G7B2JLA01 128 Gb (16
GB) NAND flash. Good luck getting that off without damaging the A6 processor
on the other side. I haven't heard of anyone doing this in practice.

I wrote an article about back in 2012 that discussed these issues in more
depth [5].


However, Apple's Security Guide specifically discusses another approach for
extracting the key. Once it's extracted, you can mount an attack on your

"A 256-bit AES key that's burned into each processor at manufacture. It
cannot be read by rmware or software, and is used only by the processor's
hardware AES engine. To obtain the actual key, an attacker would have to
mount a highly sophisticated and expensive physical attack against the
processor's silicon. The UID is not related to any other identifier on the
device including, but not limited to, the UDID."

EFF and 46 Technology Experts Ask Court To Throw Out Unconstitutional Apple Order

"EFF Press" <>
March 3, 2016 at 4:09:14 PM EST
Cindy Cohn, Executive Director,, +1 415-436-9333 x108
David Greene, Civil Liberties Director,, > +1 415-436-9333 x143

EFF and 46 Technology Experts Ask Court To Throw Out Unconstitutional Apple
Order Forcing Apple to Write and Sign Code Undermining iPhone Security
Violates First Amendment

Riverside, California—The Electronic Frontier Foundation (EFF) and 46
technology industry experts, including inventors of modern cryptography,
told a federal court today that forcing Apple to write and sign computer
code disabling crucial iPhone security features that protect millions of
users violates the company's free speech rights.

The Federal Bureau of Investigation (FBI) should not be allowed to, in
 effect, stand over the shoulders of Apple programmers and force them to
 create and sign off on code that would decimate the iPhone;s security, EFF
 said. The signed code would send a clear message that it's OK to undermine
 encryption that users rely on—a view the government endorses but Apple
 fiercely opposes. EFF made its arguments in a friend-of-the-court brief
 filed today in U.S. District Court for the Central District of
 California. The brief was signed by 46 technologists, security researchers,
 and cryptographers, including digital signature pioneers Martin Hellman and
 Ronald Rivest.  [...]

Apple vs FBI - the Apple logo obscures the issue.

Peter Houppermans <>
Tue, 1 Mar 2016 09:34:20 +0100
To quote the (sadly) late Louise Rennison: "Honestly, what planet do these
people live on?  Any why isn't it farther away?"

Let me give a different slant to this, amalgamating a number of aspects into
one article.  My apologies for the length but, paraphrasing Mark Twain, I
don't have time to shorten it.  Please note that this is opinion, I'm not a

To recap:

- Apple was ordered to assist in accessing an iPhone 5C, the only device
  the San Bernadino shooters had not wiped;
- To do so, Apple would have to break its own security, and create
  forensic tools that as yet do not exist;
- The order states it would be a one-off, never to be repeated, limited,
  unique (etc., etc.) exercise;
- Apple has filed a later motion that shows other pending cases by the
  FBI, so much for the one-off, but we'll get back to that.

The technical bit:

- There has as yet not been even the most remote assessment of this
  being possible, although the 5C is rumoured to be the last model with
  *some* softness in its protection;
- There have been no statements as to what would happen in the purely
  theoretical case that Apple would and could do this, and then fails;
- It is not possible to lift the data from the device and run it on (n)
  virtual machines to crack it because the encryption is tied to a unique
  chip in the device that is designed to defy analysis.  In other words,
  lifting the data from the device means trying a lot more passwords than
  just a 4 digit PIN (how do we know it's only 4 digits?).
- As the phone is the property of the State, it was supposed to be
  managed via a Mobile Device Management system (MDM) which would have
  allowed changing the PIN.  This went wrong, so from a technical
  perspective this is asking a Super Secure Safe manufacturer to publicly
  crack their own safe AFTER the receiving bank had set its own
  combination and forgot what it was.

The real problem in my opinion:

- By going public instead of following informal channels, this order
  demands that Apple commits commercial seppuku by publicly undoing many
  man years of security development.
- The US legal system relies on precedent.  It is so fundamental that
  there is no established way to *prevent* precedent setting, and that
  renders any success of this case a template for repeat ad infinitum
- Both FBI council and judge should be familiar with the principle of
  precedent, which makes "this is a one-off statements" not just
  questionable and misleading, but actively alarming.
- The thickness of the terrorist sauce poured over this case alone is
  enough to set off alarm bels.  Experience shows that the more emotional
  pressure is exerted, the more one must look underneath to see what the
  attempt at emotional distraction seeks to conceal.

My theory:

- Establishing such a precedent will initiate an absolute FLOOD of demands,
  affecting every US provider of equipment and services of note.  The aim of
  such a campaign of simple brute harassment would be to make it simply more
  economical for such companies to build in a backdoor than to fight lawsuit
  after lawsuit.  Capitalism works.  Some evidence is already apparent of
  this harassment as the on-off clearly wasn't as shown by Apple's latest
  filing.  In this context it is worth noting that the FBI has been a long
  standing and vocal critic of iOS security;

- The next thing that happens to such a precedent is scope creep.  Now it
  would used to access data of evil people with suspected links to terror
  (note that that is very carefully already one step removed from "people
  suspected of being terrorists themselves"), but eventually that will be
  worn down, precedent after precedent to "anyone we feel like investigating
  because, well, hey, the sun is shining and we are bored".

- In short, the long con appears to be a play to get the beloved backdoors
  in place, this time the attack vector is a campaign of aggressive legal
  harassment using the above precedent. The FBI doesn't have to worry about
  costs as it uses the tax payer's money and it gives their flood of lawyers
  something to do, but the companies so attacked are not just facing costs,
  see below.

Conclusions and questions:

- FBI as well as DoJ are publicly stating here that "the fate of the world"
  (to slide along with the hyperbole) depends on access to the one and only
  device the San Bernadino killers did NOT bother wiping (and to which they
  should have had access if not for technical error).  Thus, they casually
  admit that they were unable to gather enough alternative intelligence,
  despite multi-billion dollar budgets and unprecedented vaguely legalised
  data access powers since 9/11: they need the data on that single
  off-the-shelf consumer device so desperate that they are quite prepared to
  harm the security of billions.  What on earth have they then done with
  those budgets and powers?  Methinks Congress ought to know.

- The implications of a win are that it will no longer be possible to
  protect ANY information held on US provided equipment and services.
  Consumers might as well buy a Chinese knock off for the level of security
  it brings.  One would presume that Huawei et al are praying on their knees
  that the FBI and DoJ win this because it will pretty much bar US providers
  from selling into markets that respect the right to privacy, and that is
  not just Europe.  A win for the DoJ and FBI is would be the last straw for
  Silicon Valley companies already reeling from the EU canceling Safe
  Harbor.  It confirms my opinion that in matters privacy, security plays
  but a quiet second fiddle - law comes first (to be exact, security
  actually plays *third* fiddle, but that's for another day).

- It is worth noting that FBI and DoJ appear not to be above misleading the
  American public and the Court (from what I have gathered, it appears the
  judge merely went along with FBI's talk about one-off, which is troubling
  in itself). Any talk about this affair being "once, "a one off", "an
  exception", "a special case" and "limited" is wilful misdirection and no
  doubt will now be used by any defence lawyer seeking to discredit the
  agency's statements in Court.  Oops.

- Is it really a good idea to set a precedent that it is quite OK to legally
  compel a company to commit commercial suicide when it has not broken any

And finally:

- Don't get me wrong, I am for law enforcement having the tools to do their
  job, but with great power comes great responsibility and I have as yet not
  seen any movement towards the required transparency and accountability for
  such powers to be exercised.  Edward Snowden's revelations should have
  been a wake up call, but not much has changed.

- Asking Apple to remove its security because bad people use it is
  equivalent to asking Volvo to remove all car safety measures because
  criminals use their cars to ram-raid shops.  If I recall correctly,
  harming a large volume of people at once is supposed to be the
  *terrorists'* modus operandi.

- Given that the FBI considers iPhones so uncrackable, are Apple now their
  phone provider of choice? :)

Please report problems with the web pages to the maintainer