[HN Gopher] Always-on Processor magic: How Find My works while i...
___________________________________________________________________
Always-on Processor magic: How Find My works while iPhone is
powered off
Author : todsacerdoti
Score : 134 points
Date : 2021-09-30 21:17 UTC (1 hours ago)
(HTM) web link (naehrdine.blogspot.com)
(TXT) w3m dump (naehrdine.blogspot.com)
| mensetmanusman wrote:
| So this is why the government will never force Apple to have easy
| to remove batteries.
| nojito wrote:
| Why would they waste their time on Bluetooth tracking when your
| location pings cell towers and WiFi hotspots?
| rvz wrote:
| It's what Apple doesn't announce or tell us in their updates that
| are the most interesting things to discover rather than the
| features they show us in their keynotes.
|
| Keep that in mind.
| EGreg wrote:
| Can a faraday cage backpack work well to block any of this stuffv
| pininja wrote:
| It's implemented as Bluetooth LE it seems, so I assume anything
| RF blocking for Bluetooth should do what you want.
| imglorp wrote:
| Some of it. There is still the ultrasonic channel: beacons are
| emitted by various tv's, stores, etc. which can be used to
| capture location and other data and exfiltrate from the phone
| with the right software running. And of course the regular
| microphone can capture conversations and media.
|
| If the bag is not opaque, there is still an optical channel.
|
| Plus there are still accelerometers and magnetometers which can
| do rough inertial and geo location estimation.
|
| The bag may help with some exfiltration routes, but it can
| store locations and other info and upload it when it gets a
| signal back.
| theodric wrote:
| And all it takes to defeat it is one of Alex Jones' Faraday
| baggies (or a microwave), probably
| nudpiedo wrote:
| I like a lot apple products and how they achieved popularizing
| many technologies, being the next one LIDAR but, for the first
| time ever I feel this is just going way too far. Sure I want to
| find my stolen phone even when it is off, but it is way too much
| loss of freedom having a permanent personal tracker even when the
| phone is off...
| normalocity wrote:
| The ship has long since sailed on this point, powered on or
| not.
|
| There's research that's talked about in the book, "Data and
| Goliath" that explains how the behavior of people specifically
| trying to avoid being tracked is sufficiently different from
| most other people that, even if you turn off your phone
| (sometimes ESPECIALLY if you turn off your phone) that act can
| be a behavioral marker used to correlate your activities with
| other people who do similarly, and your location can be largely
| deduced by process of elimination anyway.
|
| It's a fascinating read.
| [deleted]
| carom wrote:
| Then just turn it off in Settings.
| user-the-name wrote:
| The Find My network is designed so that only you can track your
| own devices using it, nobody else can.
| eminence32 wrote:
| It's also interesting that this low-power mode is sufficiently
| low power for Apple to be feel comfortable sipping battery power
| continually. Any guesses about how much power this mode actually
| uses?
| semi-extrinsic wrote:
| Other Bluetooth LE devices like an AirTag can last beyond one
| year on a CR2032 battery, so consuming about 2 milli-watt-hours
| (mWh) per day.
|
| An iPhone has at least 10 000 mWh battery capacity (depends on
| model), so in 1 month something like this consumes around 0.6
| percentage points of battery.
| Iolaum wrote:
| So according to the post iphones now have an AOP (Always on
| Processor) running a proprietary operating system with access to
| other phone components. Do we know if other manufacturers also
| include such a processor?
|
| A quick google search showed a relevant apple patent [0] and a
| similar qualcomm processor product for wearables [1] which
| suggests to me this (always on processors on consumer
| electronics) "is out there ..."
|
| [0]: https://patents.google.com/patent/US20150362980A1/en [1]:
| https://www.eenewspower.com/news/12nm-always-processor-slash...
| pantalaimon wrote:
| The iPhone already runs a proprietary operating system.
| mov31tmov31t wrote:
| These sorts of low-power coprocessors are quite common. You can
| buy Cortex-A/Cortex-M combos from multiple manufacturers on
| digikey.
|
| It's not just big application processors that have them,
| either; some microcontrollers like the ESP32 have them as well.
| Someone wrote:
| Not for phones or wearables, but
| https://en.wikipedia.org/wiki/Intel_Management_Engine:
|
| _"The Intel Management Engine (ME), also known as the Intel
| Manageability Engine, is an autonomous subsystem that has been
| incorporated in virtually all of Intel 's processor chipsets
| since 2008.
|
| [...]
|
| The Intel Management Engine always runs as long as the
| motherboard is receiving power, even when the computer is
| turned off."_
| AceJohnny2 wrote:
| > _now have an AOP (Always on Processor)_
|
| They've long had this. It's how they turn on when picked up (by
| tracking the motion sensor) or when touching the screen
| (tracking capacitive sensor)
| [deleted]
| cronix wrote:
| Do not try and power off the device. That's impossible.
| Instead... only try to realize the truth.
|
| The truth?
|
| There is no off.
|
| From the Matrix, or something.
| lapetitejort wrote:
| Sure you can power off your device! Just take out the batt--
| oh...
| esalman wrote:
| Swappable battery is a trend that should return- to both
| phones and electric vehicles.
| nojs wrote:
| Maybe I missed it in the article but how does it work with
| Bluetooth exactly -- how does that help my find my phone over a
| long distance? What's the Bluetooth connecting to and how does
| the phone get the request?
| [deleted]
| elldoubleyew wrote:
| The idea is that someone else's apple device finds it, then you
| can see where the last place someone was in bluetooth range of
| your device.
| [deleted]
| Jtsummers wrote:
| The Find My Network is, basically, every Apple device out in
| the world. Using bluetooth in this fashion, all the other
| devices participating in the network and in the area of the
| phone (or AirTags, they work similarly) will receive the
| bluetooth broadcast. They'll then communicate that to Apple's
| system. So when _you_ go to find _your_ device, its most recent
| known location can be provided to you. They 've got some
| cryptographic mechanisms in place (I haven't researched them)
| that ensure that the systems receiving the broadcast don't know
| anything other than that it is an "I'm an Apple Device and
| here's some cryptographic data" message.
| nojs wrote:
| Do you mean that every Apple device in the world acts as a
| proxy to forward Bluetooth requests from nearby (off) devices
| containing their location, automatically? E.g my laptop is
| pinging data to Apple about random nearby phones all the time
| that it sees with Bluetooth?
| Jtsummers wrote:
| Unless they opt out of it, yes. Which is pretty easy to do,
| pretty sure it's an option during initial device
| configuration, but regardless it's in the system settings.
| Which is pretty easy to navigate. There's even a search
| option at the top to help you find it instead of navigating
| to the setting.
| xg15 wrote:
| If you know about it.
| notjesse wrote:
| Yes, essentially.
| olliej wrote:
| And all of the data is encrypted so that no one other than
| the actual device owner can get any of the location
| information for their device. No one else, including apple
| can locate a device using the find my network.
| Gigachad wrote:
| Not only a proxy. The other random devices use their known
| location to add to the data to show where the device was
| found. It's all encrypted with the key of the lost device
| owner so apple can not read it.
| m0zg wrote:
| Yep, that's not going to spark conspiracy theories and damage the
| brand at all, just like the backdoor they've recently put in. /s
|
| Again, why would $3T company damage its brand like that? It's not
| "for children" and certainly not to "find your phone". There's
| something going on there.
| Jtsummers wrote:
| Apple has made it easier for users to locate lost (by being
| misplaced, forgotten, or stolen) devices with a feature that
| the user can opt out of on a temporary or permanent basis.
|
| What is controversial about this?
| m0zg wrote:
| If there is such a capability (a rather technically involved
| one, I might add, all the way down to the silicon), do you
| really believe Apple can't turn it on at CIA/NSA's request
| without popping that dialog? And you wouldn't even know due
| to gag orders. And before you say this can't happen in the
| US, I can give you a few publicized examples of illegal
| spying on US citizens just in the past few years.
| user-the-name wrote:
| Even when on, the system is designed so that Apple
| themselves can't use it.
| Jtsummers wrote:
| People have been carrying around portable GPS devices in
| their pockets for over a decade now. This threat is not
| new, and if you fear it, don't carry around a GPS device or
| one that will connect to other devices to get its location
| reported to a central server.
| xg15 wrote:
| In other words, don't use modern technology?
|
| Don't you think there should be a law so a device has to
| at least indicate it has an "always on" component?
| xg15 wrote:
| > _What is controversial about this?_
|
| I'll predict that almost no one opted out of this for the
| simple reason that they didn't know this feature even
| existed. This is the "Hitchhiker's guide to the galaxy"
| method of faking consent.
| notjesse wrote:
| Many will misinterpret it. We have seen how much the public
| can fundamentally misunderstand technical information over
| the past year.
|
| People will just see that: 1. You can never disconnect your
| iPhone from the grid and stop it from being tracked. Even if
| you turn it off. 2. Governments, companies, and other (from
| the conspiracy theorist's standpoint) will be able find you
| whenever they want.
|
| I am sure there are some legitimate security concerns here,
| but Apple seems to have taken reasonable steps to provide a
| pretty awesome feature which has solved a lot of risky edge
| cases.
| xg15 wrote:
| > _1. You can never disconnect your iPhone from the grid
| and stop it from being tracked. Even if you turn it off. 2.
| Governments, companies, and other (from the conspiracy
| theorist 's standpoint) will be able find you whenever they
| want._
|
| Ok, I'll bite and play the conspiracy theorist. What
| reasonable steps prevent some three letter agency (or Apple
| itself for commercial reasons) from abusing the Find My
| network to do exactly that?
| user-the-name wrote:
| Many Hacker News people, who are prone to conspiratorial
| thinking will.
|
| Regular people, not so much.
| dcow wrote:
| Is Matthew Green some industry security personality that people
| respect? I appreciate this write up, it's interesting. But it
| seems motivated by his little Twitter rant the other day. Who is
| he beyond some Twitizen in a Guy Fawkes mask who hates HN? I
| don't particularly like his demeanor, at least from his rather
| naively uninformed tantrum the other day. Didn't seem very
| professional or respectable so I just wrote him off.
| dcow wrote:
| Get a load of this I've got BIG NEWS I hope you're ready for my
| thread.
| dcow wrote:
| So it turns out APPLE did something I didn't know about.
| dcow wrote:
| My iPhone doesn't turn off anymore when I power it off if I
| select the option that says "go into low power mode so that
| my phone can still send beacons". Can you BELIEVE this?
| dcow wrote:
| FURTHER, unlike Google who would never let you turn this
| feature off, Apple does, but I have to GO INTO SETTINGS
| to find it OMG. And what a jokeshow marketing team Apple
| has because the name is a little confusing.
| dcow wrote:
| Somehow those bumbling buffoons over on HN found my tweet
| and half of them LIKE this feature. WTF! They're even
| discussing this thread like they like to do.
| 0xdeadb00f wrote:
| Thanks. Genuinely gave me a laugh. I predict HN mods
| won't be so humorous about it though.
| sillysaurusx wrote:
| You're gonna get yourself rate limited. It's no fun.
| dcow wrote:
| You mean "a little bird told you I was going to get rate
| limited", don't worry I gotchu.
| Jtsummers wrote:
| No, HN will rate limit you if you post too quickly. I've
| been hit with it when I was involved in a back-and-forth
| in the past (part of the reason I added a 2-minute delay
| to my posts becoming visible, plus it gives me a chance
| to reconsider if they're worth posting or make edits).
| dcow wrote:
| I know. I was just being deliberately annoying. Matthew
| Green's twitter thread includes an incorrect (but he has
| now walked it back since he's obviously now read the
| teardown we're supposed to be discussing here and which
| I've played my fair share in derailing) post about how "a
| little bird told him it works this way". Just more
| twitter bravado at the time.
| pmcjones wrote:
| https://en.wikipedia.org/wiki/Matthew_D._Green
| josh2600 wrote:
| Matthew Green wrote zerocash, the protocol behind zcash, and he
| teaches cryptography at John Hopkins.
|
| When it comes to cryptography he knows enough to have opinions.
| It's hard to opine about black box systems, which is why open-
| source is so important. It's hard to trust what you can't
| verify.
| dcow wrote:
| I don't disagree but like if you want an open system why are
| you using an iPhone? Maybe Green is a little guilty of
| slurping up Apple's privacy marketing?...
| backspace_ wrote:
| Everyone is quite an absolute word. How are non apple users
| slurping up Apple's privacy marketing?
| dcow wrote:
| Edited.
| burkaman wrote:
| You can read more of his iPhone-related writing here:
| https://blog.cryptographyengineering.com/category/apple/
|
| I'm not sure how concerned he is that it's closed source, I
| think in this case he was just surprised that the
| implementation details and security considerations weren't
| documented anywhere: https://twitter.com/matthew_d_green/st
| atus/14433822078386217...
|
| Note that he was relatively positive about this feature
| when it came out two years ago:
| https://blog.cryptographyengineering.com/2019/06/05/how-
| does.... It seems like the motivation for this tweet was
| "wow I do a lot of iPhone security research and I didn't
| know this worked when the phone is off, I'm surprised Apple
| doesn't document the details of this anywhere." Remember
| that it's hard to interpret tone through the internet, and
| as someone that doesn't get a ton of engagement on Twitter,
| he probably doesn't feel like he's writing for a mass
| audience.
| dcow wrote:
| This is no surprise to me knowing Apple's history.
| Honestly I think I was just annoyed by his twitter
| personality, but I guess I shouldn't find "twitter
| personas found to be annoying" surprising either.
| CloudDeltaNine wrote:
| Matthew Green is a well known Cryptography professional and has
| a ton of write ups on his also well known blog.
|
| https://blog.cryptographyengineering.com/
|
| You seem a little judgemental and obviously unaware.
| trangus_1985 wrote:
| "who hates HN"
|
| This site, and this community, is great in my opinion. But it's
| not without valid criticism, especially considering the impact
| it can and has made in the industry and tech society.
|
| "naively uninformed tantrum"
|
| I'm unable to find the posts you're talking about.
| dcow wrote:
| Sorry if my distaste for these "I'm so cool look at me go"
| Twitter rants is seeping out here. If you go to his profile
| and scroll back a few days of posts you'll find them. Anyway
| it looks like he's humbled and corrected himself after seeing
| this writeup. Maybe I'll give him another chance.
| 0xdeadb00f wrote:
| Heck, _I_ hate HN.
| pininja wrote:
| Very interesting read. This seems to be implemented as a
| Bluetooth LE app running on the ultra-low power "always on
| processor" used for a variety of features, like "wake-up on
| motion."
|
| Much like an Tile or AirTag is implemented. No comment on what
| this is capable in the future.. but for now this shows power
| usage / signal strength / proximity of other "actually on"
| devices are a limitations of this feature.
|
| What's impressive is the mesh network effect of all these iPhones
| / iDevices to locate a "lost" device. I'll be thankful if I
| manage to use this to retrieve a lost phone. I'll be pretty
| shocked if I'm "spied on" with this style of device.
| TaylorAlexander wrote:
| The chances of you being directly spied on are low. The chances
| of someone being spied on who could influence the world around
| you is much higher. So a journalist could be spied on right
| before the break a big story, potentially leading to a cover
| up. That's the problem with stuff like this. Even if you have
| "nothing to hide" you might rely on someone who does.
| trangus_1985 wrote:
| If you're not familiar with it, their platform security team
| releases a whitepaper about the technical details of their
| security. Regardless of how you feel about Apple, these
| documents are incredibly well done and interesting to read. The
| Find My section may have more information, as will their
| contract tracing docs (which use a riff of the same technology)
|
| https://covid19.apple.com/contacttracing
|
| I highly recommend anyone interested in security or privacy to
| read this from start to finish:
|
| https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...
| saagarjha wrote:
| Unfortunately that document mentions the AOP just once, only
| confirming its existence. It doesn't actually describe what
| it does.
| trangus_1985 wrote:
| They do yearly updates, the 2022 doc will very likely have
| more information. Regardless, the 2021 doc has some key
| foundations of the technology that are worth knowing.
|
| The contract tracing docs _should_ be almost the same
| technology, and knowing how that works _should_ be a good
| start. At least, from my eyeing the OP's article as a lay
| person.
| saagarjha wrote:
| AOP has been a thing since iPhone 6s, so they're not
| particularly rushed in documenting it.
| trangus_1985 wrote:
| I can't go too into details, but now that the AOP is
| doing cryptographical operations and key escrow, the
| internal bus is likely to show up in future documents.
| Maybe not the AOP but certainly the mechanisms it uses to
| interact with the find my network. It may also be a
| separate find my network whitepaper.
| saagarjha wrote:
| I certainly hope so!
| bushbaba wrote:
| > I'll be pretty shocked if I'm "spied on" with this style of
| device.
|
| Why? There's plenty of devices in the wild constantly looking
| for wifi connection attempts, BLE Scans. Even cellular provider
| track locations in real-time by logging what cell towers you're
| using and associated signal strength.
|
| Just search for a place in google maps, and note the "Popular
| Times". How do you think they got that data :D
| nimbius wrote:
| I think this is important research if only for the fact that it
| illuminates the states of CPU as they apply to threat models for
| users. It wasnt too long ago that many state sponsored Android
| hacks were revealed to work due to 2 separate unlock states in
| the system, and so long as an initial unlock had been performed,
| most of the phone could be hacked through services that were
| running in the background on the network.
| [deleted]
___________________________________________________________________
(page generated 2021-09-30 23:00 UTC)