Announcement

Collapse
No announcement yet.

The Apple/FBI passcode thing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Apple/FBI passcode thing

    I'm surprised there's not a thread on this yet, or maybe there is one and I'm just not seeing it. Many other sources available, but this is the first place I heard of it. Apparently, the FBI has got a court to order Apple to create a way for them to get unlimited tries at unlocking an iPhone. Apple says they won't do it.

    http://www.macrumors.com/2016/02/17/...an-bernardino/

    I'm inclined to agree that, once such a thing exists, limits on its use will be largely imaginary.
    "My in-laws are country people and at night you can hear their distinctive howl."

  • #2
    There is no such thing as a "secret back door" in technology. Once you open a back door, it's no longer secure. Period. End of story. The belief that only the Good Guys will have access to this is very naive.

    Now, I understand the frustration by the FBI who wants to gain access to information that the San Bernardino shooters had on the phone. I think one of the things they requested from Apple was to somehow install a patch that would remove the 10-strikes-you're-out passcode policy so they could brute force their way in. The thing is, if such a patch existed, it would mean there was, in fact, a back door. One that I think would actually be quite easy for anyone to use if you were savvy enough with a jailbroken phone.

    Comment


    • #3
      Apple has a great case here. It'll be interesting to see if the FBI will push it. Because I don't think "build us a whole new operating system" falls under reasonable help.
      I has a blog!

      Comment


      • #4
        Originally posted by TheHuckster View Post
        I think one of the things they requested from Apple was to somehow install a patch that would remove the 10-strikes-you're-out passcode policy so they could brute force their way in.
        They want Apple to essentially create a new version of iOS that bypasses the phones security features and allows them to leverage external computing power to brute force the passcode. The FBI is huffing paint if they think such a thing is a totally safe one time deal for one phone and anyone who buys that the FBI is only going to use this once is likewise huffing paint.

        Basically, the FBI is asking Apple to effectively compromise its entire product line and customer base. Even putting aside the disastrous security implications it would be disastrous from a purely business stand point for Apple. They would need to start all over again on R&D and everyone would basically have to buy a new phone.

        The modern iPhone is a sort of suicidal black box. Any attempt at brute forcing it has to be run on the phone itself. But its device ID ( and thus key to its encryption ) cannot be retrieved by software running on the phone. Nor can it be retrieved with firmware because updating the firmware causes the phone to wipe the existing keys. Thus losing access to the data anyway.

        The iPhone commits suicide if you try to brute force it on a software or hardware level. Even putting aside the iOS protections, the hardware design and architecture itself make brute forcing it's device ID effectively impossible. Even if you did somehow manage to find a way to leverage an external brute force attack on the device ID, the hardware has inbuilt protections that would drag the process out for years.

        As for the device ID that the iPhone uses as the basis of its encryption; It is set during manufacturing and exists within a closed pipeline basically. Neither Apple nor the manufacturer know the device ID that gets set let alone record it and neither can even retrieve it.

        That's why the FBI is having so much trouble to begin with and why they're asking to brute force the passcode instead of the encryption. The encryption would take years even if they could hook the phone up to an external computer network.

        Brute forcing the passcode on the other hand would take about 20-30 minutes if it was possible to do it with an external computer network and without the phone committing data suicide on the 10th failed attempt.

        Comment


        • #5
          There has to be some middle ground between "Fuck your company, give us full access" and "Fuck you, you get NOTHING".

          Like have Apple download messages, send them to the FBI, then wipe the phone so the FBI can't figure out how to do it.
          Violence has resolved more conflicts than anything else. The contrary opinion that violence doesn't solve anything is merely wishful thinking at its worst. - Starship Troopers

          Comment


          • #6
            Originally posted by Greenday View Post
            There has to be some middle ground between "Fuck your company, give us full access" and "Fuck you, you get NOTHING".

            Like have Apple download messages, send them to the FBI, then wipe the phone so the FBI can't figure out how to do it.
            There is no middle ground. All data on an iPhone, including texts, photos, etc have been encrypted by default since iOS8 I think it was. There is no way to retrieve the messages without, in essence, undermining decades worth of security R&D.

            Creating a back door is letting the genie out of the bottle. If Apple succeeds, they prove its possible and it will be replicated in the wild by hackers. Even if every engineer involved has his tongue cut out and gets shipped off to Gitmo. There's also no way the FBI is just going to do this once. Once there's a precedent they'll just go "well you did it last time" every time they want something.

            It would be the death of Apple as a business. No one wants a smart phone the American government has full access too. People will abandon ship to the next company with solid security measures. As will The Terrorists(tm).

            Then next up the FBI will be trying to order Samsung or HTC to break their phones for example. And it'll just move its way through the brand names till no smart phone manufacturer will touch the American market and no international market will touch American smartphones. -.-

            Comment


            • #7
              I read an article (can not find it again) the other day that said Apple has done this (backdooring a phone/bypassing security) before but with older versions of the IPhone OS. I assume that from that article, say last 2 versions, have the stronger encryption/wipe feature.
              I'm lost without a paddle and I'm headed up sh*t creek.

              I got one foot on a banana peel and the other in the Twilight Zone.
              The Fools - Life Sucks Then You Die

              Comment


              • #8
                Originally posted by Racket_Man View Post
                I read an article (can not find it again) the other day that said Apple has done this (backdooring a phone/bypassing security) before but with older versions of the IPhone OS. I assume that from that article, say last 2 versions, have the stronger encryption/wipe feature.
                Might that be this article?

                http://www.thedailybeast.com/article...es-before.html
                "You are who you are on your worst day, Durkon. Anything less is a comforting lie you tell yourself to numb the pain." - Evil
                "You're trying to be Lawful Good. People forget how crucial it is to keep trying, even if they screw it up now and then." - Good

                Comment


                • #9
                  Originally posted by Racket_Man View Post
                  I read an article (can not find it again) the other day that said Apple has done this (backdooring a phone/bypassing security) before but with older versions of the IPhone OS. I assume that from that article, say last 2 versions, have the stronger encryption/wipe feature.
                  iOS7 and earlier to be specific. Since iOS8 all data on the phone, including text messages, photos and the like, are encrypted by default. Prior to that, it was not encrypted by default and could be extracted without having to crack said encryption. So yes, it use to be possible to extract some information from older phones if the owner did not go out of their way to enhance the phone's security.

                  That's not exactly backdooring though. As no encryption was in place to begin with on the data extracted. The data was just there and could be copied off of the phone. With the current generation that's not possible.

                  What the FBI is currently doing is basically using a legal ass pull applying a statute from 1789 that essentially lets them compel assistance from Apple. A judge in NY already rebuffed the government for trying to use the statute in this manner the last time they tried it. To quote him:

                  Judge Orenstein:

                  Thus, as far as I can tell, the government proposes that I use the All Writs Act in an entirely unprecedented way. To appreciate just how unprecedented the argument is, it is necessary to recognize that the government need only run this Hail Mary play if its arguments under the electronic surveillance and disclosure statutes fail.

                  The government thus asks me to read into the All Writs Act an empowerment of the judiciary to grant the executive branch authority to use investigative techniques either explicitly denied it by the legislative branch, or at a minimum omitted from a far-reaching and detailed statutory scheme that has received the legislature's intensive and repeated consideration. Such a broad reading of the statute invites an exercise of judicial activism that is breathtaking in its scope and fundamentally inconsistent with my understanding of the extent of my authority.

                  Comment


                  • #10
                    John McAfee says he'll do it for free:

                    http://truthinmedia.com/mcafee-will-...no-phone-free/
                    I has a blog!

                    Comment


                    • #11
                      Apple suing McAfee into oblivion in 3..2..1..

                      Comment


                      • #12
                        Originally posted by Kheldarson View Post
                        John McAfee says he'll do it for free
                        He also sounds like a colossal prick. The entire last three paragraphs of that article are just overwhelming with their superiority complex. He compares his genius to Mozart, and claims he and his team will do in three weeks what major tech companies and government intelligence can't.

                        It seriously sounds like one of those stereotypical CoD kids who posts rants about how they're a Real Navy SEAL Sniper™ with a thousand confirmed kills, but with a keyboard instead of a gun.
                        "The hero is the person who can act mindfully, out of conscience, when others are all conforming, or who can take the moral high road when others are standing by silently, allowing evil deeds to go unchallenged." — Philip Zimbardo
                        TUA Games & Fiction // Ponies

                        Comment


                        • #13
                          This topic came up on another board I go to sometimes. No one there is taking the side of the government, except for one or two of the "Government is always right" types.

                          One of the members there had an interesting theory on this: He believes that the government doesn't expect to actually find anything on their phone. They've just always hated that something exists that they can't easily crack, and they're using this as an excuse to force back doors into things. Never let a good tragedy go to waste, right?
                          --- I want the republicans out of my bedroom, the democrats out of my wallet, and both out of my first and second amendment rights. Whether you are part of the anal-retentive overly politically-correct left, or the bible-thumping bellowing right, get out of the thought control business --- Alan Nathan

                          Comment


                          • #14
                            McAfee is a self absorbed idiot wanted in at least 3 countries for being a drug addled alcoholic. So... -.-

                            Even right now he's got a DUI/drug charge in Tennessee he's fighting if I remember right.


                            Originally posted by MadMike View Post
                            One of the members there had an interesting theory on this: He believes that the government doesn't expect to actually find anything on their phone. They've just always hated that something exists that they can't easily crack, and they're using this as an excuse to force back doors into things. Never let a good tragedy go to waste, right?
                            Pretty much. The San Bernardino shooters destroyed/wiped all of their personal electronics ( phones, laptops, computers ) as well as all documents, etc. What the FBI have is the guy's work phone, not his personal cell ( which he wiped/destroyed ). He didn't give a rat's ass about his work phone, hence its intact.

                            The FBI has tried to use this tactic twice before. The first time the judge allowed them to request any possible assistance from Apple but pointedly stated she would *not* compel Apple to defeat their own encryption. Only render any reasonable assistance in bypassing the passcode if possible.

                            The second time they tried it, the judge shut them down and told them off.

                            This is their third attempt and they're banking on it being a Terrorist Phone(tm) to finally get what they want.

                            Comment


                            • #15
                              Originally posted by Canarr View Post
                              Yes that was the article. Thanks
                              I'm lost without a paddle and I'm headed up sh*t creek.

                              I got one foot on a banana peel and the other in the Twilight Zone.
                              The Fools - Life Sucks Then You Die

                              Comment

                              Working...
                              X