We are working on a secure application and one of the requirements is when the user prints the data is sent encrypted.
AirPrint seems to support TLS encryption but only on 'newer' printers. https://developer.apple.com/videos/play/wwdc2016/725/
There doesn't appear to be any obvious way to restrict our application to printing to these newer, secure printers. For example, UIPrinter does not seem to reveal this information.
Is there a way to restrict this? The only even slightly relevant option I've found is that it appears a configuration profile can be used to restrict the whole device to printing to specific IP addresses, but this is quite a different concept to allowing printing to any encrypted printer.
Note: I am aware of the inherent insecurities around printing, however ensuring that the data does not pass over the network un-encrypted is still a worthwhile endeavor and one Apple generally seem supportive of.
AirPrint API does not have an endpoint for JUST TLS printers.
Apple have a keynote on AirPrint security and what their recommendations/allowances are with security. https://developer.apple.com/videos/play/wwdc2016/725/
In short, TLS will be managed by the iOS itself. If TLS is available it will preference this and use it. Otherwise will fallback to NON-TLS.
Related
Today I saw a news feature on the TeenSafe app. They showed features such as locking out an iPhone and eavesdropping on the text messages sent by a phone. I understand how this might be possible on Android but how can this be done on a non-jailbreaked iPhone?
This is interesting, but it sounds kind of scary though knowing someone else is tracking your every move. Anyway, I read their website and I saw this:
How does TeenSafe work
TeenSafe Control uses Mobile Device Management (MDM) Protocol, similar to the way corporations secure devices used on their networks in order to protect their network from Internet threats. An MDM certificate is installed on your teen’s iPhone and paired with the TeenSafe Control App on your iPhone, giving you the power to control it remotely. TeenSafe Control’s proprietary method of incorporating MDM makes it difficult for your teenager to disable or remove it. In cases where they find a way, we will alert you via email.
You can look up on Mobile Device Management to find out more.
Ok, I found out here:
http://www.bewebsmart.com/parental-controls/monitor-imessage-with-teensafe/
Basically, you need your teen's iCloud username and password and iCloud backup has to be enabled for the device. So no special magic here and it's not perfect.
I'm trying to submit an app to the App Store, but I got stuck with this question
Does your app implement one or more encryption algorithms that are
proprietary or yet to be accepted as standard by international
standard bodies (such as, the IEEE, IETF, ITU, and so on)?
The only cryptography the app is using is for the api requests that go over https.
What is the correct answer (Yes/No) in my case?
See https://itunespartner.apple.com/en/apps/faq/Managing%20Your%20Apps_Trade%20Compliance and note that "just using https" would be covered under "An app uses or accesses only encryption algorithms provided in iOS or Mac OS for its security features".
So you would answer No to the specific question you are asking about.
I currently have a need to disable the bluetooth security on a Bixolon SRP-350IIObe thermal printer. The pairing process of having to type in the pin to connect to the printer isn't a positive thing for my use case of this printer. The printer is currently in iOS only mode, using MFI.
According to bixolon's documentation it should be possible as bixolon states the following
3-4 Register this Printer form the search results.
- If a security setting is enabled, register after entering the PIN Code.
(PIN Code=Pass Key: password of the Bluetooth device, Default code: 0000)
Source:
http://www.bixolonusa.com/upload/download/srp-350iiobe_bluetooth%20connection%20manual_english_rev_1_00.pdf
I have been searching out the information through the bixolon site's documents, but have yet to find any information on how to achieve this.
Any help or ideas on a resolution would be appreciated.
Edit:
In light of receiving downvotes with no justification as to why I feel that perhaps I should include more of a reason as to the need to disable the security setting on my own SRP350. I plan to have many of these printers and I won't be doing the pairing work on them so it will be easier to just tell someone how to pair without the passcode issue. I am writing against the bixolon api and the pairing process will be done by non tech oriented people at offsite locations between the printer and iOS devices.
Thank you.
After more digging it would appear the utility to achieve the bluetooth settings and pin code changes is called Unified POS Utility. The disc is included with the printer and the utility will run on a windows machine. After connecting to the printer you can go to the VMSM (Virtual Memory Setting Manager) and then bluetooth settings. It is in this menu you can edit the pin code and even disable the need for a security layer during the pairing process.
The download for the utility is found here > http://www.bixolonusa.com/html/en/download/download_product.xhtml?prod_id=82
I need to develop some simple demonstration of an application reading a file over HTTPS and saving it to the local memory (internal or external) of an iOS device (e.g., an iPhone), in a way that it is only accessible to it. So, application-specific file encryption is required.
The "Advanced App Tricks" page of the Apple iOS Developer Library, in the "Protecting Data Using On-Disk Encryption" section, seems to imply that a file encrypted on disk, via either Default (i.e., iOS filesystem) or "Complete" Data Protection, would be accessible by all applications, after the user types the device's lock code.
If that is the case, could someone please suggest the best way of implementing file encryption per-application on an iOS device, with a password request when a user tries to open the file? Any sample code would also be very helpful.
Also, does "software encryption" apply to iOS anymore? Both Default and Data Protection encryption seem to be hardware-based.
Thanks!
Application files are not accessible between Apps. Each App is individually sandboxed.
In all cases the document is talking about the access available to "Your App"/ It is never accessible to another App. But see below. Sone of the protection options help cover what and when "Your App" has access to the file when in the background.
JailBroken iOS devices will have greater file system access so adding "Data Protection" will protect from this vector.
See the document session on The iOS Environment and particularly the section "The App Sandbox" iOS Environment
Hardware encryption: There are a few things that hardware encryption provide. 1. Speed. 2. The encryption method can not be changed, that is as with software encryption there is no code that could be compromised. 3. The key can not be accessed. The key is in some manner placed/created in the hardware and the hardware will does not allow read access (there are occasionally very secure export capabilities). The device is asked to perform crypto functions on data and returns data. Examples of this are smart cards, HSMs, TPMs and TPM Equivalents, the iPhone has a TPM Equivalent and that is used for the Keychain. By chance my wife and I were discussing this very topic yesterday. :-)
As far as I know, for encryption of bulk data, iOS does use special hardware instructions to aid AES encryption for speed but that would not be considered hardware encryption due to the key being available in software. There is a little guessing here due to the lack of information about the Apple A-series ARM chips, it is true of the Intel chips in Macs.
We've got a self-built mobile device which can transfer data via Bluetooth SPP to a PC. On the market there are numerous devices acting as mobile printers via Bluetooth. Some of them use a custom ASCII-based printing language, e.g. the label printers from Zebra.
So there is the idea of printing via SPP from our device.
Sadly there is not too much usable information on the internet on this special topic.
Can you recommend any printer (at least A4) capable of printing via Bluetooth SPP with publicly available protocol specs?
Or do you have any hints where to start?
Bluetooth printers typically use profiles other than SPP. There are several flavors, some printers will support a variety of them:
1) BPP - Basic Print Profile can send simple text-based data, no need for printer-specific drivers
2) HCRP - Hard Copy Cable Replacement Profile is used to send the same data format as you would over a wire, typically requires printer-specific drivers to format the data.
3) BIP - Basic Imaging Profile allows transfer of photos, etc.
4) OPP - Object Push Profile is also sometimes used to transfer files
So in general, you are not going to be able to just use SPP to talk to a normal printer, although these other profiles may sit on top of SPP.