Sunday, February 28, 2016

CAC closed down Ren Zhiqiang's weibo

Ren Zhiqiang is a retired Chinese real estate tycoon, a member of the Beijing Municipal Committee of the Chinese People's Political Consultative Conference, and a blogger on Sina Weibo with 38 million followers. Nicknamed "Big Gun Ren", he is known for his outspoken criticism of the Communist Party. [ ]

CAC (Cyber Space Administration of China) today requested Sina and Tencent close down his weibo accounts.  In addition, the CAC claimed on CCTV that Ren Zhiqiang published illegal information on Weibo. []

This is noteworthy because Ren Zhiqiang as a powerful individual in China has never get his accounts blocked before despite his sharp criticism against the Chinese government. His weibo is regularly censored however.  Most weibo account blocking happens in the dark without any notice. This is one of the few times where an account blocking is publicly announced by the censorship authority.

A similar event happened last time in 2013. CAC publicly suspended weibo account of He Bing (何兵), the vice president of China University of Political Science and Law, for spreading rumors. []

Thursday, February 18, 2016

Apple V.S FBI and how you can secure your iPhone right now

You might have read Apple's opposition of hacking its own iPhone. You can read an in-depth analysis about the technical obstacles of FBI hacking the iPhone and how Apple can in fact help the FBI bypass the security measures.

This is not the focus of this blog post, however. I am here to help you secure your iPhone in case of an FBI search or search from law enforcement agencies in other countries.

1) You need to have an iPhone 5S, or later.  5S and later have an additional hardware called Secure Enclave, which will protect the integrity of the authentication process even if iOS is compromised. (which is what FBI demanded)
In Apple's own words,  The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.

2) Make a backup of your iPhone locally with iTunes

3) Download Apple Configurator 2 from the Mac App Store.

4) Create a profile to enforce strong password protection and pair-lock.
Open the Apple Configurator 2.
Create a profile by File - New profile
Go to the General Tab, and configure as shown
go to password and configure as shown

Go to Restriction Tab and configure as shown. Pay special attention at the setting marked in red

Exit and save the profile

5) Now that you have the profile, use USB to connect your iPhone with and click prepare in the main interface. You have to turn off find my phone before the preparation if it's turned on. 

Click through the steps, but choose to supervise the device. Also remember to add the profile created in the previous step. 
6) Now let the configurator do its prepare the iPhone. All data currently on your iPhone will be erased!
7) Wait till iPhone is prepared and shows you the welcome screen. In the welcome screen, set up normally but set it up as a new iPhone.
8) On your iPhone, go to Setting- General-Reset- Reset Location & Privacy. This will make your iPhone even distrust the computer your configured it with.

Congratulations! Now you have an iPhone that's beyond most agencies reach when turned off (perhaps not the NSA). However, do remember to turn off your iPhone when a physical take over might occur. Leaving your iPhone on might enable a much larger attack surface.