×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Patents Power Adapter That Recovers Lost Passwords

Soulskill posted more than 2 years ago | from the charging-for-security dept.

Crime 210

Sparrowvsrevolution writes "Apple has patented a power charger that also serves as a password recovery backup. If a user forgets his Macbook's password, for instance, he simply plugs in the cord, and it would provide a unique ID number stored in a memory chip in the adapter that acts as a decryption key, unscrambling an encrypted copy of the password stored on the machine. The technique, according to the patent, incentivizes better password use by avoiding traditional password recovery techniques that annoy users and lead to disabled or easily-guessed passwords. The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

210 comments

good idea (-1)

Anonymous Coward | more than 2 years ago | (#38610792)

but it was worthless the moment it got patented

Re:good idea (2)

GameboyRMH (1153867) | more than 2 years ago | (#38611346)

It was worthless before and it's still worthless now. I'm not even upset that they patented this trivial and non-novel idea.

Re:good idea (2, Interesting)

RyuuzakiTetsuya (195424) | more than 2 years ago | (#38611458)

I keep hearing this about patents.

If it's trivial and non novel then why is no one doing it or previously put a patent on it?

It's not trivial or non-novel. it's just not being done.

Reasonably stupid (5, Insightful)

Anrego (830717) | more than 2 years ago | (#38610814)

Well that's a reasonably stupid idea. Store the password with something many users are going to carry around with their laptop...

And even if you didn't.. you forget your password on the road, then what? And this is less annoying than having to answer a previously entered question?

Re:Reasonably stupid (5, Insightful)

Lumpy (12016) | more than 2 years ago | (#38611028)

"And even if you didn't.. you forget your password on the road, then what? "

you suffer the consequences. You know life has those.

Re:Reasonably stupid (2, Insightful)

asdf7890 (1518587) | more than 2 years ago | (#38611130)

you suffer the consequences. You know life has those.

Consequences? In a world where it is McDonald's fault people are fat, tobacco's fault people can't breath, the insurance industry's fault that medical care for their fat tar-filled bodies is expensive, and people are up in arms in the UK because the NHS won't stump up for free reversal surgery because their elective operation done on the cheap turns out to have been a bad idea? There are too many people out there who fail to acknowledge they are responsible for any consequences.

Re:Reasonably stupid (5, Insightful)

RingDev (879105) | more than 2 years ago | (#38611180)

I would admit that there are too many people who fail to acknowledge their responsibilities, but I would venture that there are even more people who make a living by convincing/tricking people into failing to acknowledge their responsibility.

-Rick

Re:Reasonably stupid (1)

Noughmad (1044096) | more than 2 years ago | (#38611396)

Why is this modded down? You're totally right, we the people never want to face any consequences, even if the actions are obviously stupid. One problem of our society is that in many cases we don't have to.

You mentioned McDonalds and the healthcare, but I'd say it all starts earlier, in schools. Teachers can't do anything without parents getting all up in arms, so the kids can get away with anything. Student loans and credit cards all exist to create an illusion of no consequences.

Re:Reasonably stupid (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38611044)

OR, provide two power adapters... one that has your master PW and other that is a sort of "valet key" equivalent of power adapters that you take with you.

Re:Reasonably stupid (3, Insightful)

Jazari (2006634) | more than 2 years ago | (#38611096)

As the summary says, this is not for laptops. But I find it a very good idea for all kinds of other devices, and well deserving of a patent.

Re:Reasonably stupid (1)

Anonymous Coward | more than 2 years ago | (#38611226)

actually the summary says

"The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."

Not that it is "not for laptops".

Re:Reasonably stupid (2)

voidptr (609) | more than 2 years ago | (#38611306)

It'd also be useful in cases where people have two chargers. Some people keep a charger / docking station / cinema display plugged in on the desk at work or home, and a spare charger in the bag for traveling. That way you don't have to unplug and pack the one at work every day, or worry about accidentally forgetting it one day.

Re:Reasonably stupid (0, Flamebait)

gtall (79522) | more than 2 years ago | (#38611190)

Umm...just a guess, how about, get this, two power adapters. One, you could, duh, leave at home. It be the one with the magic codes, and another you could, like, bring with you...gnarly, eh?

Re:Reasonably stupid (0, Troll)

Anonymous Coward | more than 2 years ago | (#38611244)

So you have pointed out you don't need the one at home and failed to address the scenario of your parent. Of course, using "gnarly" would be a great indicator your posts won't be insightful or helpful.

Re:Reasonably stupid (1)

ByOhTek (1181381) | more than 2 years ago | (#38611282)

but the patent says the one with the code should be left at home to keep it secure. You just totally screwed that pooch.

Re:Reasonably stupid (1)

LDAPMAN (930041) | more than 2 years ago | (#38611326)

Actually, since the new Apple monitors have built-in power adapters for a laptop I'm assuming that this could use that power adapter as the recovery device. your normal power adapter that you take on the road would not have the key. This is actually not a bad idea.

Re:Reasonably stupid (1)

EvilBudMan (588716) | more than 2 years ago | (#38611202)

I would hope that only Apple would have the back door to this one and just because they patent it doesn't mean they will use it. I think cell phones is where it would be applied and not laptops if applied though. You know they are one of the few manufactures with a proprietary cable and no HDMI out for such expensive devices rolling on a 30% profit margin while Foxconn only gets under 1% for actually building Apples mobile devices. Now we have lots of Android devices that Apple wont be capable of putting out of business by use of their patents.

Apple is way overpriced and now they have lost their best salesman. Many people will buy their Kindle Fire and say that's enough. $200 vs what could be $600 for an Apple which is better but Amazon along with the android market is catching up to Apple on the number and quality of apps. 30% margins in electronics is only for the wealthy if you ask me.

Right it's a dumb idea.

Not so stupid (4, Insightful)

mschaffer (97223) | more than 2 years ago | (#38611344)

The more junk they cram in the power adapters, the harder it is for 3-rd party companies to make copies without Apple's consent.

Re:Reasonably stupid (0)

Anonymous Coward | more than 2 years ago | (#38611356)

I cant believe apple came up with this stupid idea!
So if you loose your laptop with charger, thats great! Thanks tothe adapter anyone can take it!

And in one move (5, Insightful)

Kazymyr (190114) | more than 2 years ago | (#38610816)

Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else. Wanna bet?

Re:And in one move (-1, Redundant)

djsmiley (752149) | more than 2 years ago | (#38610860)

Someone mod this guy up.

Re:And in one move (5, Funny)

djsmiley (752149) | more than 2 years ago | (#38611024)

Not to mention the extra sale this can add to a mac book sale

Sir, you also want our "mobile adapter" - it allows you to charge your mac book anywhere, and if someone was to steal it, they wouldn't be able to reset your password using it! Brilliant isn't it? We do it in black, or white.

Re:And in one move (5, Insightful)

TheGatesofBill (637809) | more than 2 years ago | (#38610878)

Can you get Magsafe power adapters from anyone else anyways? I've never seen any, and a quick Googling says no.

Re:And in one move (1)

Anonymous Coward | more than 2 years ago | (#38610958)

Exactly. Apple even managed to stop the people buying used/damaged bricks that would chop off the magsafe connector and put it on new adapters.

Re:And in one move (5, Informative)

slartibartfastatp (613727) | more than 2 years ago | (#38611056)

Can you get Magsafe power adapters from anyone else anyways? I've never seen any, and a quick Googling says no.

Our friends from China say "yes, you can" [dealextreme.com]. I burned two original magsafe PA, then bought this one by U$ 30 (w/ shipping) two years ago. Still working.

Re:And in one move (3, Interesting)

dubbreak (623656) | more than 2 years ago | (#38611456)

I bought one from there too (85w [dealextreme.com] for my macbook, since I thought it might run cooler).

The led on the magsafe connector doesn't work, but the adapter works great and was a lot cheaper than the official one. Apparently the t-style magsafe aren't very robust and the internal cable gets wrecked. Of course Apple doesn't make that part of the adapter easily replaceable like the power cord (which is much less likely to get wrecked). They really should make it a replaceable part. Dell builds a sturdier power adapter for their entry level laptops (at least in my experience).

Re:And in one move (5, Insightful)

Speare (84249) | more than 2 years ago | (#38611116)

I'll repeat a post I wrote on this previously.

I really liked the MagSafe(tm) concept when Apple first came out with it, but Apple has been such a fucking prick about the damned things. They don't offer any significant range of options to use the plug, and they actively stymie all attempts of the marketplace to fill that void. Want a piggy-back battery to supply power to the laptop? Apple doesn't make one. Want to tie in with a docking station? Apple doesn't make one. At first, when asked about third party adoption of the plugs, they were "oh, well, I guess they'll start coming out any time now." Then it was "oh, well, guess nobody's trying to license them." Then when manufacturers tried to license them, they were refused. So one manufacturer decided to eat the waste and rely on the doctrine of First Sale. They BOUGHT Apple(tm) adapters, chopped off the white wallwart transformer, and soldered the MagSafe(tm) pigtail to their own battery packs, and they were still attacked by Apple's lawyers. WTF, Apple. People have varying needs to make use of your products. Step up to offer the solution, or get out of the way.

Re:And in one move (0)

Anonymous Coward | more than 2 years ago | (#38610896)

There's a third party power brick for MacBooks? Apple already owns the MagSafe connector concept.

There exists third party external batteries for iPhone/iPod but those all have to pay for the Dock connectors.

Re:And in one move (2)

TheRaven64 (641858) | more than 2 years ago | (#38611254)

There are, but only if you order them directly from China. They can't be sold in the US / EU due to the magsafe patent.

Re:And in one move (5, Informative)

IVI V K (2022732) | more than 2 years ago | (#38610956)

Apples magsafe power supply uses as patented magnetic connector.
As far as i know there is no 3rd party power block available for mac laptops due to this connector.

They have already "killed" this accessory market.

Re:And in one move (1)

Borland (123542) | more than 2 years ago | (#38610972)

Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else. Wanna bet?

This is rather diabolical if you're right. Oh I'm sure any 3rd party could figure out what piss-ant encryption solution they're providing and duplicate the feat. But if it's protected by patents -- well, that's a lawsuit for you. Not only are you infringing on IP, but you're circumventing protections.

Is there a tech equivalent of the phrase, "for the children!"? We're doing it for the consumer, the consumer sir!

Apple tax (1)

sakdoctor (1087155) | more than 2 years ago | (#38610982)

As if they need a technical restriction, when they're so heavy handed with the legislative restrictions.
I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".

It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.

Re:Apple tax (3, Funny)

ackthpt (218170) | more than 2 years ago | (#38611034)

As if they need a technical restriction, when they're so heavy handed with the legislative restrictions.
I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".

It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.

It's only an Apple Tax (same as a Microsoft Tax) if you go that way.

Every time you buy into some proprietary technology you sell a little piece of your soul.

Re:Apple tax (-1, Flamebait)

tyrione (134248) | more than 2 years ago | (#38611408)

As if they need a technical restriction, when they're so heavy handed with the legislative restrictions. I'd never buy, for example a phone, that didn't have a micro USB charger, or a stereo that had a wacky propitiatory interface like an "ipod dock".

It shouldn't be legal to block or tax 3rd party accessory makers, and what's needed is more forced standards for consumer screwing companies like Apple.

It's only an Apple Tax (same as a Microsoft Tax) if you go that way.

Every time you buy into some proprietary technology you sell a little piece of your soul.

Spare me. You wreak of a Stallman acolyte.

Re:Apple tax (2)

bkaul01 (619795) | more than 2 years ago | (#38611562)

It's only an Apple Tax (same as a Microsoft Tax) if you go that way.

Every time you buy into some proprietary technology you sell a little piece of your soul.

OK ... good luck building your own non-proprietary car, TV, computer hardware, etc.

Re:And in one move (1)

mcmonkey (96054) | more than 2 years ago | (#38611040)

I'm a PC, but I'm guessing this also means Macs aren't the kind of folks who might have one power adapter at home and another one for traveling.

I have 3 different adapters I might use with my ThinkPad between home, work, and traveling. Would you need a matched set of adapters with the same memory chip in each? Would using an adapter with a different chip change the encoding on the passwords?

Re:And in one move (2)

tlhIngan (30335) | more than 2 years ago | (#38611136)

I'm a PC, but I'm guessing this also means Macs aren't the kind of folks who might have one power adapter at home and another one for traveling.

I have 3 different adapters I might use with my ThinkPad between home, work, and traveling. Would you need a matched set of adapters with the same memory chip in each? Would using an adapter with a different chip change the encoding on the passwords?

Thta's the entire point. The password is encrypted using the "home charger" key. Presumably, you'd travel with a travelling charger or something else, this way if your Mac is stolen, they can't recover your password (which otherwise defeats the purpose of stuff like FileVault full disk encryption).

This is meant for home users where the laptop never strays outside the house - they can recover the password easily. It just provides a more convenient way to recover the password.

Presumably, the other methods of password recovery (single user mode, boot DVD) still work, though you lose your keychain (and all the saved passwords) when you do this.

Re:And in one move (1)

Samalie (1016193) | more than 2 years ago | (#38611066)

Actually, if Apple was smart about this, they could open up a bigass revenue stream for both themselves and 3rd parties...

Licence the magsafe adapter (Yeah, I know, unlikely, but hear me out) for a hefty sum to a number of quality 3rd parties, but do NOT license the crypto power brick.

That way, we, as the consumer, can purchase a non-crypto power brick to carry with us when we travel, leaving the crypto power brick safely at home where it belongs.

Of course, this is Apple, so they'll be smart towards only their own bottom line...they'll make 2 power brick themselves - and worse yet, they'll do it the most consumer unfriendly way...the crypto power brick will be an addon to your order, with only the non-crypto power brick being sold with the system - effectively mostly-forcing every Mac owner to have 2 power bricks at an extra expense.

Re:And in one move (1)

idontgno (624372) | more than 2 years ago | (#38611218)

Kills the 3rd party accessory market. Because you won't be able to get "crypto" power blocks from anyone else.

Which, I'm sure, Apple deeply deeply regrets. Given their broad and enthusiastic support of the accessory aftermarket.

Let's face it. Apple learned from their failed experiment in licensing out their technologies for others to manufacture [wikipedia.org]: you don't EVER undercut your own market. If you do license it out, you make sure your license fee revenues more than compensate for the lost sales.

Re:And in one move (1)

LDAPMAN (930041) | more than 2 years ago | (#38611360)

There is not a third party market for laptop power supplies. Only Apple makes the MagSafe connector. You do have a point for iPad and iPhone devices.

I wonder how this is better (4, Insightful)

chispito (1870390) | more than 2 years ago | (#38610842)

Than a normal USB security token? It seems like a power adapter is likely to be taken with the user. A smaller token could be carried on the person of the user. Or you can just write your password on a post-it in your wallet.

Re:I wonder how this is better (1)

LostCluster (625375) | more than 2 years ago | (#38610938)

For two factor authentication it's something you know (password) and something you have (the power cord) if both are required to use the computer. Letting one without the other log in seems less secure.

Re:I wonder how this is better (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38610984)

This isn't two factor. This new adapter requires you to have either the password OR the power adapter. Since this is sort of the inverse of two factor, can we call this 1/2 factor?

Re:I wonder how this is better (1)

Overzeetop (214511) | more than 2 years ago | (#38611574)

Why not just store it on the computer, then. Something you know (password) and something you have (computer). There's no advantage to the power brick being your second authentication, as it's useless without the computer.

This seems like a pretty cool idea until you realize that you are likely to store your adapter (password key) with the computer, and it's probably nearly as likely to be stolen along with the laptop in it's carrying case. Better to have a USB on a keyring. (Not that Steve Jobs would be caught dead with a keyring...well, I guess that's not a real argument anymore).

Re:I wonder how this is better (0)

Anonymous Coward | more than 2 years ago | (#38610980)

Than a normal USB security token? It seems like a power adapter is likely to be taken with the user. A smaller token could be carried on the person of the user. Or you can just write your password on a post-it in your wallet.

That was my first thought as well. They might use the power adaptor because many Apple devices do not have a USB connector. Still don't like the idea very much though.

Re:I wonder how this is better (2)

azadrozny (576352) | more than 2 years ago | (#38611106)

I agree. A separate USB device to store all your device passwords in one spot is better. I would prefer this to having to keep each charger paired with a specific device. I keep one or two chargers on our kitchen counter, since our phones, eReaders, MP3 players, and most other devices all charge using the same micro or mini USB connector. Power adapters for new devices get tossed in a bin in the basement, usually never to be hear from again.

Re:I wonder how this is better (4, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#38611404)

It's different in one very important way: you are much less likely to lose the power adaptor than the security token. You'll use the power adaptor every day or two, while you'll only use the security token when you get locked out of your device. It's like the original iPod dock: my iPod was the only mobile device I owned that never had the battery go flat. The dock plugged into my HiFi so I could listen to music at home and so I had a reason for always dropping it in the charger. Every other mobile device got plugged in when I noticed it needed charging (Apple, cleverly, no longer includes the dock, so loses this advantage).

erm (1)

Iniamyen (2440798) | more than 2 years ago | (#38610868)

Why not have it on a microSD card?

Re:erm (2)

yodleboy (982200) | more than 2 years ago | (#38610900)

why not resign themselves to the fact that users that care about security will use strong passwords and the built in tools already in place to protect themselves and the other 95% will not bother.

Re:erm (1)

SScorpio (595836) | more than 2 years ago | (#38610952)

iPhone, iPad, iPod. This is Apple we are talking about hear. What is the MicroSD card you speak of? If a user ever needs more space they've made it never easy to just needing to buy a new larger capacity.

Re:erm (2)

DJRumpy (1345787) | more than 2 years ago | (#38611092)

Why bother with this at all? You can already enable your Mac accounts to use your Apple ID to log into your Mac. This is in addition to your regular login by the way. If you forget your password you can reset it in the cloud and then use that to re-log in to any device you've setup to allow that type of authentication.

From the Apple Help:

Allow user to reset password using Apple ID
An administrator can select this checkbox to let a user who has forgotten the login password to reset the password after entering an Apple ID.

Re:erm (1)

TheRaven64 (641858) | more than 2 years ago | (#38611414)

How easy is it to lose the power adaptor you leave at home plugged into the same socket for its entire life? How easy is it to lose something about as big as a thumb nail? Which of these would you rather use for emergency recovery?

This is a *terrible* idea (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38610870)

Password use *one way* hashing systems for a reason.

Thank you Apple, for once again eliminating desktop security.

Tautology (2)

sakdoctor (1087155) | more than 2 years ago | (#38611162)

All hashes are one way because data is thrown away. You can't even reverse simple checksums like CRC32.

This system doesn't store a plaintext password. It's like a secondary authentication system. Think SSH: You can authenticate using a password OR public key cryptography.

Re:Tautology (1)

icebraining (1313345) | more than 2 years ago | (#38611426)

This system doesn't store a plaintext password.

How so, if the patent has an image of a dialog saying: "Password Retrieved. Your Password is XXXXX"?

The power adapter itself doesn't store the password, but the system does.

iPhones, long battery life? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38610892)

So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones

Given the number of people I see charging up their smartphones in the office, I'd say the Apple patent people haven't quite grasped that smartphone battery life is a long way from what many people would like.

(Also, given that most non-computer devices like iPhones charge over USB, this seems distinctly less impressive. 'Put some data on some flash memory inside the battery charger' and transmit it over the USB connection hardly requires the kind of ingenuity that sending passwords up a DC power cable to a laptop does.)

Why combine it with a power adaptor? (1)

slim (1652) | more than 2 years ago | (#38610928)

OK, it's a daft idea for various security related reasons -- but that's fine. People patent daft ideas all the time; doesn't mean they plan to implement them.

What I don't get is, why bring power adapters into it? Why not patent a more general case, then if someone builds it into a power adapter, the patent covers it. If someone builds it into (say) an MP3 player, the patent covers that too.

So, Apple think all their users are single... (5, Insightful)

PSVMOrnot (885854) | more than 2 years ago | (#38610930)

Security is only as strong as it's weakest password recovery method.

This whole idea completely forgets that the whole purpose of your password might be to stop you little-brother/offspring/tech-illiterate-housemate (ie: anyone who lives with you) from screwing up your device.

new socil engineering technique (0)

Anonymous Coward | more than 2 years ago | (#38610946)

"I forgot my charger at home. May I borrow yours?"

Re:new socil engineering technique (2)

Bucky24 (1943328) | more than 2 years ago | (#38611100)

Hmm I can see this being pretty popular if there's an easy way to grab the password. Otherwise you've got the power adapter but no laptop that will be unlocked with it.

I wonder if Apple will also stop chargers from charging any laptop that doesn't have the same password hash?

hah! (0)

Anonymous Coward | more than 2 years ago | (#38610950)

I've have over 15 mac laptops, never had a problem with any of them, EXCEPT 13 out of 15 needed a new power adaptor. I dont like this idea one bit.

another bogus patent from Apple (0)

Anonymous Coward | more than 2 years ago | (#38610962)

1. what's wrong with storing the key on a flash drive instead? Only that it wouldn't be patentable?
2. goodby one-way password hashing?

besides not being feasible, this idea is 1) not new 2) trivial, so it should not pass the patent review board. That is, if there was one.

Re:another bogus patent from Apple (1)

RyuuzakiTetsuya (195424) | more than 2 years ago | (#38610996)

The whole point, i suspect, is that people forget flash drives. Or have several and don't know which one they stored their password on.

OTOH, they tend to only have one and only one charger, and that's significantly harder to lose.

Re:another bogus patent from Apple (1)

djsmiley (752149) | more than 2 years ago | (#38611072)

You've never worked in my office then..

day in day out users "forget" their chargers. What happens infact is they leave it at home because they are a lazy slob and don't want to carry it / lean over and unplug it. I know this, because I offered some users a spare charger and then they explained how much better it is now they don't need to carry / lean over.

Re:another bogus patent from Apple (1)

Bucky24 (1943328) | more than 2 years ago | (#38611110)

On the flip side, if someone wants to steal their stuff, it's a lot harder to know which flash drive has the password. It's fairly easy to recognize the charging cable.

Re:another bogus patent from Apple (1)

Aladrin (926209) | more than 2 years ago | (#38611134)

On the other hand, you can put that flash drive in the safe and not have to pull it out every day... Only when you forget your password.

Re:another bogus patent from Apple (1)

RyuuzakiTetsuya (195424) | more than 2 years ago | (#38611240)

Except when you and your machine are in Ogdenville and your safe with your pen drive is in North Haverbrook.

Re:another bogus patent from Apple (1)

alen (225700) | more than 2 years ago | (#38611154)

apple patents something as soon as the work is done. they don't wait for it to become usable in a device.

I'm gonna patent... (1)

ackthpt (218170) | more than 2 years ago | (#38610990)

... a paper clip which is capable of encrypting eBooks.

I suppose its better than going to the Apple store, shuffling your feet and mumbling sheepishly you somehow forgot your password, but what if I have a power adaptor and swiped your phone, can I now hack it?

Re:I'm gonna patent... (1)

Asic Eng (193332) | more than 2 years ago | (#38611586)

but what if I have a power adaptor and swiped your phone, can I now hack it?

No you would need my adapter as well as my phone. When you set the password, then a backdoor key is stored in the adapter. You could do the same thing with any USB stick - essentially the patent is just about putting the USB stick into the power supply.

Circumvent (0)

Anonymous Coward | more than 2 years ago | (#38610994)

So, I plug in a device that can read this special number from a power adapter, and not only can I unlock the user's device -- I can actually see their password (which they likely use elsewhere)! Some hacker will eventually build this for $20 in parts, and I can amaze my friends. Sounds like fun.

Re:Circumvent (1)

Bucky24 (1943328) | more than 2 years ago | (#38611158)

From what I can tell (from TFS) the adapter only has a number that acts as a decryption key. You wouldn't be able to get the actual password from just the adapter itself. Though it may be possible to figure out the password based on just the decryption key. I'm not very well versed in cryptography, so if someone who is wants to correct me on this, feel free.

Re:Circumvent (1)

ackthpt (218170) | more than 2 years ago | (#38611358)

From what I can tell (from TFS) the adapter only has a number that acts as a decryption key. You wouldn't be able to get the actual password from just the adapter itself. Though it may be possible to figure out the password based on just the decryption key. I'm not very well versed in cryptography, so if someone who is wants to correct me on this, feel free.

Either accomplished by it being the Original Power Adator or something you twiddle with software, presumably when the i(insert Apple product here) is connected to the Power Adator and already unlocked. Sucks to be you, if you are like me and keep multiple Power Adators at various locations, rather than lugging the thing around with my like some kind of Cupertino-required parasite.

Re:Circumvent (1)

icebraining (1313345) | more than 2 years ago | (#38611522)

Though it may be possible to figure out the password based on just the decryption key.

It's not, at least not using any common cryptographic algorithm. Keys are supposed to be randomly generated.

OSX Password recovery is trivial as it is (4, Informative)

slaker (53818) | more than 2 years ago | (#38611030)

Seriously?

Boot while holding down Apple-S
mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

Bam. Administrator access and all the password resetting glory you need thereafter.

I don't even have a Mac and I know how to do it. How fucking easy does it need to be?

Re:OSX Password recovery is trivial as it is (0)

Anonymous Coward | more than 2 years ago | (#38611138)

I can't find 'Apple-S' on my iDrek!

Re:OSX Password recovery is trivial as it is (0)

Anonymous Coward | more than 2 years ago | (#38611174)

Easier, because your average consumer doesn't even know how to drag and drop let alone use a text-only interface.

What's really laughable about this, though, is that they mention security in the article as if they believe there is any to begin with... for anyone who wants to break in, it's easy enough already.

Re:OSX Password recovery is trivial as it is (1)

ackthpt (218170) | more than 2 years ago | (#38611380)

Easier, because your average consumer doesn't even know how to drag and drop let alone use a text-only interface.

What's really laughable about this, though, is that they mention security in the article as if they believe there is any to begin with... for anyone who wants to break in, it's easy enough already.

The first line of security, and most oft employed, is Ignorance.

Re:OSX Password recovery is trivial as it is (2, Insightful)

Sez Zero (586611) | more than 2 years ago | (#38611342)

Seriously?

Boot while holding down Apple-S

I tried this, but it is asking for my FileVault password. Now what?

Re:OSX Password recovery is trivial as it is (1)

mkiwi (585287) | more than 2 years ago | (#38611418)

Anyone can change the admin password with the right tools on both Mac and Windows (I'd assume Linux has that capability, too). However, saved passwords on the Mac are stored inside something called the "keychain" that stores its hash separate from the system's root.

By default, the keychain is configured to have the same password as the person logged in, but if you do the procedure you just described, you'd still need to know the original password to access any saved passwords, certificates, etc.

In other words, if you change the root password with the boot CD/recovery partition other methods and you forget the original keychain password, you're SOL for getting anything good as a result of your work.

Re:OSX Password recovery is trivial as it is (1)

Noughmad (1044096) | more than 2 years ago | (#38611598)

Unless whole-disk encrption is used, all data on the disk can be accessed from a LiveCD or a LiveUSB.

Huh? (4, Insightful)

Brooklynoid (656617) | more than 2 years ago | (#38611046)

From TFA: "So the idea may make the most sense for long-battery-life devices like...iPhones"

In what universe is an iPhone a "long-battery-life" device?

Re:Huh? (1)

Frankie70 (803801) | more than 2 years ago | (#38611166)

In what universe is an iPhone a "long-battery-life" device?

It is a long battery-life device - as long as you are holding it correctly.

Re:Huh? (1)

Speare (84249) | more than 2 years ago | (#38611192)

In what universe is an iPhone a "long-battery-life" device?

A laptop is only good for a couple hours away from the power adapter. If the laptop goes in a carrying case, the power adapter goes in the case too.

A phone, even a thirsty smart phone, can last a day or two. People walk away from their power adapter for significant periods of time.

Re:Huh? (0)

Anonymous Coward | more than 2 years ago | (#38611390)

Not if you're actively using it. Nor is an Ipod Touch - only three or four hours of active surfing or game-playing.

Re:Huh? (0)

Anonymous Coward | more than 2 years ago | (#38611606)

My nokia that I am using since 15+ years has DAYS(!) of battery-life.

yea... i am one of those who does not need (new) cellphones... i worked hard to achieve that from the moment i got my first call on my, then new, cellphone...

Did i mention i also have no TV? That was a much easier achievement.. xD

Follow the money (1)

jbrandv (96371) | more than 2 years ago | (#38611052)

It seems to me this was done, not for security, but for business reasons. Now Apple can use the DMCA to keep other companies from making a power adapters for Apple products.

Blind patent filing. (0)

pro151 (2021702) | more than 2 years ago | (#38611084)

They are just patenting every hair-brained idea they come up with for future fees and lawsuits. Don't innovate, litigate!

Useless (1)

volpe (58112) | more than 2 years ago | (#38611132)

The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home.

And even then, it's only secure if nobody breaks into your home. And you'll need a separate power adapter for use outside home. Under these conditions, you can ditch the home power adapter and replace it with a piece of paper with the password written on it.

War on general-purpose computation. (1)

Arancaytar (966377) | more than 2 years ago | (#38611146)

This is just a rather ridiculous convenience/security tradeoff for now, but it will be interesting once the enhanced power adapter becomes required.

Think of the possibilities. Every device and accessory, even every component of the computer, could have cryptographic protection built right into the hardware in a way that cannot be reverse-engineered. A secure computer can only contain secure hardware (and vice versa), only approved devices can be connected to an approved computer, only an approved computer can run an approved operating system, and only an approved operating system can establish an internet connection. It will be a glorious future.

How about this (4, Interesting)

mysidia (191772) | more than 2 years ago | (#38611252)

Put another chip in the wall outlet, that will communicate with a charger device using BPL, Data over Powerline, short range communications, RFID, or bluetooth; e.g. a "Password recovery" agent installed in a device somewhere else in the home plugged into another wall outlet, or built in to the outlet itself. wireless AP, linksys box, NAS, TVs, other home appliances would be good candidates to form a BPL-enabled self-organizing P2P network for facilitation of password recovery and theft prevention.

Some of the devices could incorporate a GPS location reading. If the device's location has changed significantly, then it is less familiar.

When the user logs into their computer, and authenticates, there will be a program they run on their computer to cause the power unit to "learn" which will scan the BPL or bluetooth for other devices.

Require the presence of other "familiar" home devices, for the password recovery procedure to be initiated.

This could also help if the charger got damaged or lost... just plug a new one in, enter the "House PIN #", and have it build the same shared secret key based on the identities of the familiar devices surrounding it that have an agreed upon shared key.

Also, high theft-risk non-mobile devices could enter an auto-lockdown mode, if powered on and no "familiar devices" are around.

How to get people to use better passwords (0)

gurps_npc (621217) | more than 2 years ago | (#38611280)

1. Outlaw password expiration. Instead replace with a system that notifies you of the last time and location you logged in. Not by email (spam) - but as the first page you log in. Your home locks don't expire, nor do they keep a determined thief out. Their main purpose is to tell you someone broke into your house because the lock is punched out of the door. Passwords should act the same way.

2. Outlaw passwords for things that don't need passwords at all. I.E. news sites.

3. For sites that need a password, but not a secure one (like Slashdot), use minimal password system - i.e. you give them 9 things (food/music/etc.) you hate, plus one you like and when you log on, select which the thing you like, that are confirmed by a permanent cookie on your PC. If the cookie gets erased/you use a new PC, they email you a new cookie.

4. For things that need a secure password, outlaw the top 1000 most popular passwords. If people try to use them, say Not allowed, too easily guessable. If they use one from the top 100, give an insulting warning message, such as "a 40 year old atari computer could guess that password in 10 seconds"

5. Teach people to use password algorythms: i.e. base password of 6 letters/numbers + 1 additional letter found in your username + 1 from the website's url. (i.e. Pa55w0 + 2nd letter from my usrename + 3rd letter from website. For Slasdot that would be Pa55w0ua

So, are they skimming passwords now? (1)

mschaffer (97223) | more than 2 years ago | (#38611324)

Makes you wonder what Apple is doing now...without your consent or knowledge.

Cool, just added it to my charger (5, Funny)

iamacat (583406) | more than 2 years ago | (#38611340)

All it took is sticking a PostIt note on the side. Can I now patent moving the sticky to the inside of my closet, where it will be more secure from friends and allow me to take the charger for travel?

Figure 3 in the diagram... (0)

Anonymous Coward | more than 2 years ago | (#38611462)

...kinda worries me. Does this mean Apple is going to file lawsuits against anyone who has a GUI tool that asks someone their user name and password?

Alternate solution (0)

Anonymous Coward | more than 2 years ago | (#38611504)

write your password on a post-it and stick it to your power brick. Much cheaper.

Future products (1)

rhizome (115711) | more than 2 years ago | (#38611604)

It's not going to stay "power adapter with password," that's just the simplest and most abstract (read: absent real hints of product plans) example they came up with for the purposes of the patent.

I predict that eventually the communications will go elsewhere, for a push-button support system like OnStar for AppleCare. Subscription fees FTW!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...