PKR POLLS | Prominent tech blogger Keith Rozario has expressed incredulity over allegations that the computer tablets used for the Julau PKR division elections were subject to a “cyber attack”.
In a series of tweets today, Rozario said the Prey application found on the tablet, which PKR deputy presidential candidate Rafizi Ramli described as a “malware” (malicious software), was a “perfectly legitimate” anti-theft software.
“It’s not malware. It belongs to a category of apps called ‘mobile device management’ (MDM). Typically deployed on corporate devices like smartphones to allow the corporation to control them. Yes, control them!” wrote Rozario.
Rozario explained that some companies used MDMs on devices issued to employees as a form of protection should the device be stolen or if the employee was terminated.
“In order to protect the device from an idiot employee or a malicious actor, or even just a disgruntled staff, they typically install an MDM on their devices to do ‘things’.
“Things like remotely wipe the device, or disconnect it from the email server, or just prevent jailbreaking.
“Prey is an MDM, its presence on a device is not a sign of a ‘cyber-attack’,” wrote Rozario, who said he felt compelled to pen these tweets tonight despite being on holiday.
Rozario is a prominent blogger on digital security. Last November, he set up the sayakenahack.com website which allowed individuals to check if they were victims of a major telecommunications data breach.
On the use of Android tablet computers for the PKR voting system, Rozario said it was difficult to protect devices where an untrusted user had physical access to it.
He explained that this was why iPads menu systems in restaurants and ATM machines are secured in metal enclosures.
“We use to say in infosec (information security), that if an attacker has physical access to the device it’s game over,” he said.
Oh FFS — here we go with ‘cyber’ again.— Keith Rozario (@keithrozario) November 10, 2018
I’m actually on holiday at the moment, but I cannot in good faith let this pass.
This is a thread. https://t.co/prX6mcosii
Rozario also asked aloud if the PKR elections should continue, given that the integrity of the election system had repeatedly been questioned.
“After all would either (deputy presidential candidate) Azmin Ali or Rafizi accept a loss, given these shenanigans, particularly if that loss was very slim? What’s the point of continuing it?” he asked.
Rozario also questioned if the back-end systems for the election was secure, given that the tablets were not.
“I’m not a PKR member, but as an IT practitioner I wouldn’t be convinced of the results of such setup. Neither should you,” wrote Rozario as a parting shot.