Archive for October 16, 2017

Monday, October 16, 2017

Disabling Xcode 9 Font Smoothing

Mike Ash uses mach_override and LLDB to patch Xcode 9’s new Swift/Core Text–based editor to get proper code rendering with Monaco 9. This is described in the first episode of Ash’s new podcast (RSS).

Previously: Disabling Xcode 8 Font Smoothing.

Localized App Store Keywords

Sensor Tower (PDF):

Understanding localization is a key component to sound App Store Optimization (ASO). Each App Store utilizes more than one set of localized keywords. This is Apple’s attempt at solving for the fact that multiple languages are spoken within a country. For instance, Spanish speaking users in the US need to find your app when they search in Spanish. This guide was created to help you understand which localizations are indexed in the top App Stores worldwide.

Via Evgeny Cherpak:

I can’t say I fully understand it now, but I learned some valuable things, like I can double or triple my keywords[…]


SearchAds is very helpful - sure they take a big cut from the revenue, but for my paid app its still worth it as you can see here[…]

Windows 10 Mobile, the End of the Line

Zac Bowden:

Microsoft’s Corporate Vice President for Windows, Joe Belfiore, has today clarified the company’s stance with Windows 10 Mobile and what it’s currently doing in the mobile space. In a series of tweets on Twitter, Belfiore states that as an individual end-user, he has switched to Android, and that Windows 10 Mobile is no longer a focus for Microsoft.

Dan Luu:

Internal vs. external perspectives on Windows Phone

In case you were wondering why there’s so much junk in the app store: MS paid people to upload garbage directly to the app store

KRACK: Breaking WPA2 by Forcing Nonce Reuse

Key Reinstallation Attacks (Hacker News):

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Dan Goodin (Hacker News):

The site went on to warn that visiting only HTTPS-protected Web pages wasn’t automatically a remedy against the attack, since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.


KRACK works by targeting the four-way handshake that’s executed when a client joins a WPA2-protected Wi-Fi network. Among other things, the handshake helps to confirm that both the client and access points have the correct credentials. KRACK tricks the vulnerable client into reinstalling an already-in-use key. The reinstallation forces the client to reset packet numbers containing a cryptographic nonce and other parameters to their initial values. KRACK forces the nonce reuse in a way that allows the encryption to be bypassed. Ars Technica IT editor Sean Gallagher has much more about KRACK here.

Graham Sutherland:

The beahaviour of accepting a retransmitted packet comes from the WPA2 standard, which makes the fix situation a little awkward. KRACK abuses the feature of allowing retransmission of lost packets, which is important in 802.11 protocols. “It’s a feature, not a bug”.

Matthew Green (Hacker News):

I don’t want to spend much time talking about KRACK itself, because the vulnerability is pretty straightforward. Instead, I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?


One of the problems with IEEE is that the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they’re hard for ordinary security researchers to access. Go ahead and google for the IETF TLS or IPSec specifications — you’ll find detailed protocol documentation at the top of your Google results. Now go try to Google for the 802.11i standards. I wish you luck.


The second problem is that the IEEE standards are poorly specified. As the KRACK paper points out, there is no formal description of the 802.11i handshake state machine. This means that implementers have to implement their code using scraps of pseudocode scattered around the standards document. It happens that this pseudocode leads to the broken implementation that enables KRACK. So that’s bad too.


The critical problem is that while people looked closely at the two components — handshake and encryption protocol — in isolation, apparently nobody looked closely at the two components as they were connected together.


As an Android user is there any mitigation for this other than ditching my handset and switching to an iPhone or waiting (hopelessly) for a patch from my vendor.

This really does highlight the absolute disaster zone that the Android handset market has become as far as updates are concerned. I’m sure the Pixels will get a fix relatively quickly but almost every other Android user is going to be left in security limbo.

Juli Clover:

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore’s Rene Ritchie this morning.

Rene Ritchie:

Apple’s AirPorts, including Express, Extreme, and Time Capsule don’t seem be affected, even if using one as a bridge.

Update (2017-10-17): Nick Heer:

I get why security researchers are dialling up the campaigns behind major vulnerabilities. CVE numbers aren’t interesting or explanatory, and the explanations that are attached are esoteric and precise, but not very helpful for less-technical readers. A catchy name gives a vulnerability — or, in this case, a set of vulnerabilities — an identity, helps educate consumers about the risks of having unpatched software, and gives researchers an opportunity to take public credit for their work. But, I think the histrionics that increasingly come with these vulnerabilities somewhat cheapens their effect, and potentially allows other very serious exploits to escape public attention.

Update (2017-10-18): Glenn Fleishman:

However, just because every device in the world could have its traffic sniffed doesn’t mean that every device will. Remember that Wi-Fi is local area networking: attackers must be within range of their targets.


Even worse are Internet of Things devices that use embedded operating systems with which you never interact directly, many of which can’t be updated at all. Even when products can be updated, dodgy manufacturers and cut-rate prices often result in the abandonment of support for a particular model months after it appears. Updates are often difficult to install and manufacturers don’t notify customers (or have any way to do so), making it unlikely that an average user will learn of a security fix or, discovering it, be able to install it. KRACK will become another tool in an attacker’s kit for recruiting devices like DVRs and nursery webcams into botnet armies.


Public Wi-Fi networks are unlikely to be affected by the KRACK attacks. Most rely on a portal page to control access to an unsecured network, rather than WPA2. If they do employ WPA2 for access, it’s typically to restrict usage to customers, as it doesn’t provide real security from other users on the same network. In either case, you should always treat public hotspots as untrustworthy.

Update (2017-11-01): It’s fixed in macOS 10.13.1.

Update (2017-12-13): Tory Foulk:

Earlier today Apple officially made firmware updates 7.7.9 and 7.6.9 available for its AirPort Wi-Fi base stations, including the AirPort Express, AirPort Extreme, and AirPort Time Capsule. The 7.7.9 update is meant for 802.11ac routers, while the 7.6.9 update is meant for for 802.11n routers. To install the updates to your firmware, you can use either iOS or macOS AirPort Utility app.

According to Apple support documents posted for both the 7.7.9 and 7.6.9 versions of the update, it addresses multiple issues, including the KRACK vulnerabilities that affected many Wi-Fi enabled devices earlier this year.

It’s not clear why, two months ago, Apple told us that the base stations were not vulnerable to KRACK.

Rui Carmo:

My AirPort Express was just bricked by this upgrade (can’t even factory reset it) which is a tremendous pain given that it was the tiny, neat device that provided coverage in my living room, and I have nothing to replace it with a similar form factor (nor planned budget for doing so).

Update (2020-11-27): Joey Dodds:

At Galois, we believe strongly in the value of formal verification, so we think it’s worth examining each of these points. In doing so, we gain some insights into real-world cryptography verification.