Category Archives: Hacking

Examining The Apple iPhone Planned Obsolescence Conspiracy

Apple has the money and the know how… are they making your old iPhone suck through planned obsolescence just to force you into the checkout line for a new one?

Planned Obsolescence isn’t just a conspiracy theory. You can read the 1932 pamphlet, widely-considered the origin of the concept, here. The argument in favor of it is it’s effect on the economy; more products being produced and sold means an active, thriving market. Of course there is an obvious ethical problem of selling people a product that won’t continue to work as it should for as long as it should. Several companies openly admit they do it. For Apple, it works like this: Whenever a new iPhone comes out, the previous model gets buggy, slow and unreliable. Apple dumps money into a new, near perfect ad campaign and the entire first world and beyond irrationally feels silly for not already owning one, even before it’s available. Each release marks the more expensive iPhone with capabilities the last one can’t touch. This is already a great marketing plan and I’m not criticizing Apple’s ability to pull it off as described. The problem is planned obsolescence; some iPhone owners notice the older model craps out on them JUST as the newest iPhone hits the retail shops. Apple has the money and the know how… are they making your old iPhone suck just to force you into the checkout line for a new one?

Full disclosure, I’m biased: I owned an iphone for long enough to live through a new product release and mine did, indeed, crap out as described above. Slow, buggy, and unreliable it was. With that anecdote under my belt I might be satisfied to call this e-rumor totally true but in the interest of science I collected further evidence. I combed the messageboards to see who had good points and who is just the regular internet nutjob with a stupid theory. To examine the evidence, I’m gonna start with this fact:

Fact 1: Apple’s product announcements and new product releases come at regular intervals. So, if the old iPhones stop working correctly at that same interval there would be a coinciding pattern. The tricky part is finding the data but the pattern of release dates is a good place to start because it is so clear. Other companies could be doing this type of fuckery but it would be harder to track. Not only does Apple time their releases but they do it at a faster pace than most. The new iPhones tend to come out once a year but studies show people keep their phones for about 2-3 years if they are not prompted or coerced to purchase a newer model.

Fact 2: Yes, it’s possible. There are so many ways the company would be able to slow or disable last year’s iPhone. It could happen by an automatic download that can’t be opted out of, such as an “update” from the company. Apple can have iPhones come with pre-programmed software that can’t be accessed through any usual menu system on the iPhone. There can even be a hardware issue that decays or changes based on the average amount of use. There can be a combination of these methods. The thing is, so many people jailbreak iPhones, it seems like someone might be able to catch malicious software. There are some protocols that force updates, though. hmmm.

Fact 3: They’ve been accused of doing this every new release since iPhone 4 came out. his really doesn’t look like an accident, guys. This 2013 article in the New York Times Magazine by Catherine Rampell describes her personal anecdote, which, incidentally is exactly the same as the way my iPhone failed me. When Catherine contacted Apple tech support they informed her the iOS 7 platform didn’t work as well on the older phones, which lead her to wonder why the phones automatically updated the operating system upgrade in the first place.

Earlier on the timeline, Apple released iOS 4 offering features that were new and hot in 2010: features like tap-to-focus camera, multitasking and faster image loading. The iPhone 4 was the most popular phone in the country at the time but it suddenly didn’t work right, crashing and becoming too slow to be useful.

The iPhone 4 release made the iPhone 4 so horrible it was basically garbage, and Apple appeared to have realized the potential lost loyalty and toned it down. The pattern of buggy and slow products remained, though, When iOS 7 came out in 2013, it was a common complaint online and people started to feel very sure Apple was doing it on purpose.

Fact 4: Google Trends shows telltale spikes in complaints that match up perfectly with the release dates. The New York Times(2014) called this one and published Google queries for “iphone slow” spike in traffic for that topic. Look at Google trends forecasting further spikes because the pattern is just that obvious:

Does Apple Ruin Your iPhone on Purpose? The Conspiracy, Explained

Apple has a very loyal customer base, though. Rene Ritchie wrote for iMore, saying this planned obsolescence argument is “sensational,” and a campaign of “misinformation” by people who don’t actually understand how great an iPhone really is(barf). Even though the motive is crystal clear, the arguement that Apple is innocent isn’t complete nonsense, either: Apple ruining iPhones could damage customer loyalty. People espousing this argument claim an intentional slowdown is less likely than just regular incompatibility due to new software features. The latter point is a good one, considering how almost all software manufacturers have a hard time adjusting new software to old operating systems. Cooler software usually needs faster hardware and for some ridiculous reason no one has ever come out with an appropriately customizable smartphone and Apple woudl likely be the last on the list.

Christopher Mims pointed out on Quartz: “There is no smoking gun here, no incriminating memo,” of an intentional slowdown on Apple’s part.

There is really no reason to believe Apple would be against this kind of thing, even if planned obsolescence were a happy accident for the mega-corporation. Basically, if this is happening by accident it’s even better for Apple because they don’t have to take responsibility and it likely helps push the new line. Apple is far from deserving the trustworthy reputation they’ve cultivated under Steve Jobs, as the glitzy marketing plan behind the pointless new Apple Watch demonstrates.

Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

“Rowhammering” Attack Gives Hackers Admin Access

A piece of code can actually manipulate the physical memory chip by repeatedly accessing nearby capacitors in a burgeoning new hack called Rowhammering. Rowhammer hacking is so brand new no one’s actually done it yet. Google’s Project Zero security initiative figured out how to exploit an aspect of a physical component in some types of DDR memory chips. The hack can give the user increased system rights regardless of an untrusted status. Any Intel-compatible PCs with this chip and running Linux are vulnerable – in theory. Project Zero pulled it off but it isn’t exactly something to panic about unless you are doing both those things: using DRAM and running linux.

A lot of readers might be susceptible to this security hack but most won’t want to read the technical details. If you are interested you can check out the project zero blog piece about it.  The security flaw is in a specific chip, the DRAM, or dynamic random-access memory chip. The chip is supposed to just store information in the form of bits saved on a series of capacitors. The hack works by switching the value of bits stored in DDR3 chip modules known as DIMMs. so, DRAM is the style of chip, and each DRAM houses several DIMMs. Hackers researching on behalf of Project Zero basically designed a program to repeatedly access sections of data stored on the vulnerable DRAM until the statistical odds of one or more DIMMS retaining a charge when it shouldn’t becomes a statistical reality.

IN 2014, this kind of hack was only theoretical until, scientists proved this kind of “bit flipping” is completely possible. Repeatedly accessing an area of a specific DIMM can become so reliable as to allow the hacker to predict the change of contents stored in that section of DIMM memory. Last Monday(March 9th, 2015) Project Zero demonstrated exactly how a piece of software can translate this flaw into an effective security attack.

“The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software,” David Kanter, senior editor of the Microprocessor Report, told Ars. “This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack.”

Why it’s called Rowhammering.

The memory in a DDR-style chip is configured in an array of rows and columns. Each row is grouped with others into large blocks which handle the accessable memory for a specific application, including the memory resources used to run the operating system. There is a security feature called a “sandbox”, designed to protect the data integrity and ensure the overall system stays secure. A sandbox can only be accessed through a corresponding application or the Operating System.  Bit- flipping a DDR chip works when a hacker writes an application that can access two chosen rows of memory. The app would then access those same 2 rows hundreds of thousands of times, aka hammering. When the targeted bits flip from ones to zeros, matching a dummy list of data in the application, the target bits are left alone with the new value.

The implications of this style hack are hard to see for the layman but profound in the security world. Most data networks allow a limited list of administrators to have special privileges. It would be possible, using a rowhammer attack, to allow an existing account to suddenly gain administrative privileges to the system. In the vast majority of systems that kind of access would allow access into several other accounts. Administrative access would also allow some hackers to alter existing security features. The bigger the data center, the more users with accounts accessing the database, the more useful this vulnerability is.

The Physics of a Vulnerability

We’re all used to newer tech coming with unforeseen security problems. Ironically, this vulnerability is present in newer DDR3 memory chips. This is because the newer chips are so small there is actually and is the result of the ever smaller dimensions of the silicon. The DRAM cells are too close together in this kind of chip, making it possible to take a nearby chip, flip it back and forth repeatedly, and eventually make the one next to it – the target bit that is not directly accessible- to flip.

Note: The Rowhammer attack being described doesn’t work against newer DDR4 silicon or DIMMs that contain ECC(error correcting code), capabilities.

The Players and the Code:

Mark Seaborn, and Thomas Dullien are the guys who finally wrote a piece of code able to take advantage of this flaw. They created 2 rowhammer attacks which can run as processes. Those processes have no security privileges whatsoever but can end up gaining  administrative access to a  x86-64 Linux system. The first exploit was a Native Client module, incorporating itself into the platform as part of Google Chrome. Google developers caught this attack and altered an instruction in Chrome called CLFLUSH and the exploit stopped working. Seaborn and Dullien were psyched that they were able to get that far and write the second attempt shortly thereafter.

The second exploit, looks like a totally normal Linux process. It allowed Seaborn and Dullien to access to all physical memory which proved the vulnerability is actually a threat to any machine with this type of DRAM.

The ARS article about this has a great quote by Irene Abezgauz, a product VP at Dyadic Security:

The Project Zero guys took on the challenge of leveraging the concept of rowhammer into an actual exploit. What’s impressive is the combination of lots of deep technical knowledge with quite a bit of hacker creativity. What they did was create attack techniques in which flipping just a single bit in a specific location allows them to execute any code they want with root privileges or escape a sandbox. This is impressive by itself, but they added to this quite a few creative solutions to make it more likely to succeed in a real world scenario and not just in the lab. They figured out ways for better targeting of the specific locations in memory they needed to flip, improved the chances of the attack to succeed by creating (“spraying”) multiple locations where a flipped bit would make the right impact, and came up with several ideas to leverage this into actual privileged code execution. This combination makes for one of the coolest exploits I’ve seen in a while.

Project Zero didn’t name which models of DDR3 are susceptible to rowhammering. They also claim that this attack could work on a variety of operating platforms, even though they only tried it on a Linux computer running x86-64 hardware, something that they didn’t technically prove but seems very believable considering the success and expertise they seem to carry behind that opinion.

So, is Rowhammering a real threat or just some BS?

There isn’t an obvious, practical application for this yet. Despite how powerful the worst-case scenario would be, this threat doesn’t really come with a guarantee of sweeping the internet like some other, less-recent vulnerability exploits. The overwhelming majority of hacks are attempted from remote computers but Seaborn and Dullien apparently needed physical access to incorporate their otherwise unprivlidged code into the targeted system. Also, because the physical shape of the chip dictates which rows are vulnerable it may be the case that users who want to increase security to protect against this exploit can just reconfigure where the administrative privileges are stored and manipulated on the chip. Thirdly, rowhammering as Project Zero describes actually requires over 540,000 memory accesses less than 64 milliseconds – that’s a memory speed demand that means some systems can’t even run the necessary code. Hijacking a system using rowhammering with these limitations is presently not a real threat.

People used to say the same thing about memory corruption exploits, though. For examples: buffer overflow or a use-after-free both allow hack-attempts to squeeze malicious shell code into protected memory of a computer. Rowhammering is differnt because it is so simple. It only allows increased privileges for the hacker or piece of code, which is a real threat if it becomes developed as thoroughly as the development of memory corruption exploits has. The subtle difference might even be hard to grasp now, but now that the work has been done it’s the usual race between security analysts who would love to protect against it and the criminal world trying to dream up a way to make it more viable. Rob Graham, CEO of Errata Security, wrote further on the subject, here.

In short, this is noteworthy because a physical design flaw in a chip is being exploited, as opposed to a software oversight or code efficacy problem. A piece of code is actually affecting the physical inside of the computer during the attack.

Or, as Kanter, of the Microprocessor Report, said:

“This is not like software, where in theory we can go patch the software and get a patch distributed via Windows update within the next two to three weeks. If you want to actually fix this problem, we need to go out and replace, on a DIMM by DIMM basis, billions of dollars’ worth of DRAM. From a practical standpoint that’s not ever going to happen.”

Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY