Wednesday Wrapup

We're often told that having a kill switch in our mobile devices — mostly our smartphones — is a good thing. 

At a basic level, that's hard to disagree with. If every mobile device had a built-in kill switch, theft would go down — who would waste their time over a device that probably won't work for very long? 

Here's where the problem lays: It's law enforcement that's pushing so hard for these kill switches.

 We first learned about this last summer, and this past May, California passed a law that requires smartphone vendors to implement the feature. 

In practice, if a smartphone has been stolen, or has been somehow compromised, its user or manufacturer would be able to remotely kill off its usability, something that would be reversed once the phone gets back into its rightful owner's hands.

 However, such functionality should be limited to the device's owner, and no one else. If the owner can disable a phone with nothing but access to a computer or another mobile device, so can Google, Samsung, Microsoft, Nokia or Apple. If the designers of a phone's operating system can brick a phone, guess who else can do the same? 

Everybody from the NSA to your friendly neighborhood police force, that's who. At most, all they'll need is a convincing argument that they're acting in the interest of "public safety."
And we all know how that will play out...


***



 The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool.

 The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. 

But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.
Oh well...

***
Researchers from UC San Diego, University of Michigan, and Johns Hopkins say they've found security vulnerabilities in full-body backscatter X-ray machines deployed to U.S. airports between 2009 and 2013. 

In lab tests, the researchers were able to conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner, plus modify the scanner software so it presents an "all-clear" image to the operator even when contraband was detected.

 "Frankly, we were shocked by what we found," said lead researcher J. Alex Halderman. "A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques."

***
Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014.

 Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014.

 According to the "Gyrophone: Recognizing Speech From Gyroscope Signals" study, the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones.

***
China's Ministry of Agriculture has decided not to renew biosafety certificates that allowed research groups to grow genetically modified (GM) rice and corn.

 The permits, to grow two varieties of GM rice and one transgenic corn strain, expired on 17 August.

 The reasoning behind the move is not clear, and it has raised questions about the future of related research in China.

***