| Author | Message | ||
     Court |
Interested in hearing opinions from folks more knowledgeable than I in security. Looks like the F.B.I. is pretty much a clown car of techies and . . .personally. . . I think the government has no business telling Apple to compromise their security. I'm all for Tim Cook telling them to pound salt. But . . . . I am all ears. http://www.businessinsider.com/fbi-confirms-shoote rs-icloud-password-reset-2016-2 http://www.businessinsider.com/tim-cook-has-warned -that-an-iphone-order-threatens-customers-security -2016-2?IR=T&_ga=1.257343950.490012486.1453997163 | ||
| Natexlh1000 |
I tend to agree. If they can't crack it with what they got, I'm wondering why they are being paid. It's not like the clowns are still out there. They are all ventilated up. What can they possibly get from the phone that is stored locally? selfies? browser history? They can get the calls and texts from the phone carrier, right? | ||
| Pwnzor |
My understanding is that every bit of data transmitted to and from every wireless device is stored in one of three giant server farms in places like Oak Ridge, Tennessee. I can't imagine what would be on the phone that "they" hadn't already intercepted. Pictures of potential targets, maybe? | ||
| Aesquire |
Apparently, Apple is refusing to write software to hack their own security system. The stated reason is they just don't want such software to exist at all, much less hand it to Anyone who might abuse it. An unstated reason is Apple's "cloud" already got hacked with a massive celebrity nude picture and phone sex videos release on the internet. If they want to keep popular they MUST seem to be more security aware of their customers data. A "rumored" ( from anon sources presumably from Apple ) reason is the FBI already hacked the phone, and just wants cover for that, at the expense of Apple's reputation. I'm all for catching terrorists. I'm amused/angry that these particular terrorists were not called terrorists at first, because of this Administration's attitude toward the War they won't name. But now they are since it suits them. I'm passed urinated off at the refusal, for many reasons, some good, most bad, for this, and the previous, regimes refusal to admit who is at war with us. If you can't admit who is at war with you, how can you fight them? Declaring "AQ" the enemy is insane, since all they have to do is change their name and they are no longer officially the enemy. Just like ACORN changed their name to keep getting your money from Congress after Congress passed a bill cutting off their funding. I understand the politicians don't want to admit that Obedient Islam is the Enemy of Western Civilization. They fear that doing so will make moderate Muslims ( lazy or muslim just to get along ) into Obedient ones. If I had an answer better than honesty and the destruction of the Enemy's ability to fight, I'd sure be suggesting it. In any case, if the question of government power vs. individual freedom is in front of me, going for Freedom is almost always the best answer, or at least the least harmful one. | ||
| Aesquire |
BTW, I don't own any Apple stuff. I admire the genius of a lot of their hand held gear, I can pick up a i-thingee music player and figure out how to play tunes in seconds. That's not the case with most mp3 players I own, with poorly marked buttons and arcane menu trees. I don't go along with the proprietary nature of their home computing gear, and have long refused to pay 3 or 5 times the price for a drive that is identical in every way except an Apple firmware "feature" to drives that I can just plug into a PC. I'm probably misinformed as to the personality of the companies founder and the sense of humor he applied to how his company treats employees, and customers. But if I'm not, he was a Royal Jerk. And I simply, stubbornly refuse to join the "In Crowd" and worship a Company, or it's Products, to the point of spending what seems to me to be way too much money to buy the latest toy. Then again I have an obsolete Samsung S4 I paid 96 cents for, so I'm obviously a tight fisted Luddite. Now, excuse me while I shop for parts for the next PC I'm going to assemble for a buddy. ( I do about 2-3 a year ) He wants serious gaming capability, a 20 second boot time ( I don't know why, he never shuts his off ) and enough storage to back up the internet. I'm hoping to keep it under $600. | ||
| Xdigitalx |
I could care less. I don't use any Apple products. I never will. Someone said, allowing the software to be wriiten allowing the Iphone to be hacked would open a can of worms. Can Android or Windows phones be hacked now? If so... then Apple should do it. Truth is, the can is already open. Terrorists/criminals are using the Iphone for good reason, FBI trying to seal it up. Personally, I am not giving up any rights or freedom by allowing Apple to write software in order to hack into a desired iphone. That type of phone should never be allowed for public useage, I would understand the FBI/CIA or other coverts to using such a device... but not general public. We never had this type of security before, now that we have it..., it is considered your right?? I am on the fence but mostly on the gov side on this. Apple is effectively giving criminals and terrorists the ability to stay concealed. Huge can of worms there if you asked me. | ||
| Sifo |
We never had this type of security before, now that we have it..., it is considered your right?? We've always had the fourth amendment. Our government has never had the right to open our mail. Just because communication technology has changed, this fundamental right for privacy hasn't. If only we had a government worthy of the trust you talk of giving to it. Our founders knew better. | ||
| Xdigitalx |
I have an android... are you saying...because of that fact... I don't have any forth amendments rights?? Anyone without that type of iphone...also... have given up their forth amendments rights?? | ||
| Airbozo |
"Apple is effectively giving criminals and terrorists the ability to stay concealed. Huge can of worms there if you asked me." The FBI and government love that this comes to light from the phone of a terrorist. I will never understand why some people fight tooth and nail for the 1st and 2nd amendments, but forget the rest or consider them less important. The courts have ruled on countless occasions that the 4th amendment provides U.S. citizens the right to privacy. Just because that citizen later becomes a terrorist, does not negate the rights of the rest of us. Specifically the FBI is not asking Apple to hack the phone or write software with a back door. The FBI is asking Apple to rewrite portions of the code that disable the 10 tries and you're out security feature, load it on the phone and then return it. That feature will erase all local data if the password is entered wrong 10 times, negating a brute force password attack. It's actually a very clever, simple form of security that has been in use long before Apple had it in their phones. Apple is concerned about developing that code, because once it exists, it will never go away. And let's face it, our government and Apple itself are pretty pathetic about keeping secrets... I am not a fan of Apple. They do not innovate, they litigate. Their biggest asset is that they are one of the best marketing firms in history. However, In this fight I stand with them. My 4th amendment rights are no less important than my 1st or 2nd. Imagine if our government forced gun manufacturers to manufacture firearms that had a kill switch accessible only by them? Or a backdoor that allowed them to tell how many times you fired said weapon and where it was at all times? How would you feel about that? | ||
| Aesquire |
Secure in their persons and papers. Your phone is a DIFFERENT thing than your refrigerator or your old Ma Bell Princess Phone. You have outsourced part of your brain. How many phone numbers do you remember now? My sister, who works for ( Redacted ) told me today that she uses her phone for almost all communications. Searches for movie times, restaurant menus and orders both. The "outsourced your brain" comment comes from her. No fan of Apple. But. What if you were ordered by the police to work for them and create a new tool for them to spy on others? No pay, just a demand to do creative work. Or else. Sounds a lot like Slavery to me. Didn't we already fight a war about that? | ||
| Sifo |
What if you were ordered by the police to work for them and create a new tool for them to spy on others? Well that would be as crazy as the government mandating that you purchase a product or service, or be fined for not doing so. | ||
| Brighton |
If the firmware can be made to work ONLY on that one iphone, then every court in the country (and other countries) is going to ask for a version for THEIR special case. And Apple will need to set aside an entire department just to keep up with all the courts. If the firmware can be made to work on EVERY iphone, then you can be assured it will be stolen and sold just as soon as it leaves Apple: Think of the Snowden's we haven't heard of because they did it for the money. | ||
| Hootowl |
It's bs anyway. They have the device. Pull the storage. They don't need to have the OS running. They can take an identical device that they do have a key for and clear text the entire drive. That'll give them huge chunks of 'known' data to help them crack the other one. They don't need apple's help. | ||
| Brighton |
Hootowl, If I understand what you're saying, that just won't work. One interesting fact about this case: The iphone in question was NOT the murderers' personal phone. It was a phone lent to him by the county that he worked for. The murderers destroyed their own phones. So if they were smart enough to do that, they probably never used the work phone for anything they wanted to keep secret. | ||
| Hootowl |
No, you're obviously not getting it. The key is obviously different. However, lots of the data on the storage device will be the same. This will help them break the encryption. I agree there will likely be nothing of interest on the device, as previously stated. They're wasting time and money pursuing this. | ||
| Xdigitalx |
No big deal... in a few years they will have written entirely new software for the new stereo vision iphone 8 running on some super fast 8g system ... that iphone and software we are speaking of today may or may not even exist in 10 years. (or 2 years)So... where will your 4th amendment rights be then?? I think they be still in your pocket nicely tucked away as they are today. What if he DID make calls to some other entity during those 18 minutes?? eh... tid for tat I guess. | ||
| Aesquire |
http://time.com/4229601/real-reason-apple-is-fight ing-the-fbi/ | ||
| Brighton |
Hootowl, your approach would take a tremendous amount of compute power and time, perhaps lifetimes. Else encryption wouldn't be the hot topic that it is. The only real approach is to allow unlimited password tries, but at nanosecond computer speeds, i.e. no forced pause between tries. And that's exactly what the F.B.I. is asking for: unlimited password attempts with absolutely no pauses in between: Brute Force. And even then it might take quite a long time, depending on the encryption algorithm, the overall speed of the device and the type of input used, etc. | ||
| Froggy |
Android since I believe 3.0 has supported full device encryption (I've encrypted my Xoom tablet running Honeycomb), and it is on by default on 6.0 and newer. Apple fairly recently (I believe with the 5S) started doing the same. The iPhone is no more the choice phone for terrorists than anything else out there, Apple is doing the right thing by telling the FBI to pound sand. Like said before, if they did break the encryption for the FBI, it is a slippery slope, and then next thing you know they will be forced to put a master key into it, defeating the point of encryption. | ||
| Hootowl |
You're misunderstanding the problem. Wiping the phone is a function of the OS. By removing the OS from the equation, you remove the self destruct. Even if they could boot the phone to a no destruct OS, they would still be left with manually entering unlock codes. Since they can decrypt a phone with a known key, they have huge chunks of unencrypted data they can use to eliminate large numbers of the wrong key. I believe they call this 'pruning'. It won't take a lifetime. The government has a tremendous number of cycles they can throw at this problem. Since they can prune, it's not pure brute force. Hell, fireeye has broken the private keys the chinese hackers use, and they have nowhere near the resources nsa has. | ||
| Henshao |
Physical access is total access. The FBI is just crying because they (apparently) don't have the budget for the equipment and personnel necessary to read data directly from the hardware. | ||
| Brighton |
Here is my guess (more of a hope) about how this plays out: The tech companies, including all the biggies, with BIG money, are lining up against the F.B.I. The companies will scream to elected officials about the big losses they will incur because of this. The companies will tell their lobbyists to get going. Our political system being what it is (MONEY), the politicians will get in-line. So, if the courts don't do the right thing, the bought-and-paid-for politicians will. | ||
| Hootowl |
Like I said, it's all bs anyway. There's nothing on the phone. If they really wanted it they would have given apple a national security letter and we would have never heard about it. They probably just want to force apple to do this to set precedent. | ||
| Henshao |
Set a precedent or get a budget increase. | ||
| Brighton |
Hootowl wrote Since they can decrypt a phone with a known key, they have huge chunks of unencrypted data they can use to eliminate large numbers of the wrong key. Your assumption that "pruning" is possible overlooks the obvious: If I'm building a modern encryption system I'd first do the research to avoid obvious known gotchas. It's not your grandfather's encryption anymore. Your approach is a KNOWN GOTCHA. Yes, the Allies broke the German and Japanese codes back in WWII. But that was ~70 years ago. The mathematics for modern-day encryption just didn't exist back then. - | ||
| Ourdee |
So, just thinking out loud here: FBI wants a sneaky back-door that lets them update a system without the password. Forget the password and how long it takes to guess it with unlimited tries. The back-door wanted would allow you to update the program to have a second parallel password like 0000 installed. Why use brute force if you can replace the pins in a lock with a set of short pins on top of the original pins that you lop off an amount of that pin equal to your short pins. If you have thoughts that you don't want others to know, you keep your mouth shut.  | ||
| Airbozo |
Hootowl, Being involved with companies that use encryption on their devices, your suggestions would probably not work. The encryption is designed with just that option in mind and it would use several unique keys on the phone itself to help with the encryption. Since the MAC address can be spoofed as well as other unique keys, they most likely use a combination of all of them with some other key thrown in for good measure. It is as much a science as mystical art (OK not really but it sounded good and that came from one of my crypto-engineer friends). Ourdee, The FBI is not asking for back door. They would like one, but they are really just asking to have the ability to try a brute force password attack on the phone without it deleting the data after 10 failures. This also seems a bit odd to me since wiping the data is not a simple thing. On a hard drive with a capacity of 250MB, it takes about 4-5 days to truly "erase" the data by repetitively writing ones and zeros to the media. Even after several passes of doing this, data can still be recovered using specific software. When I was responsible for wiping data from medical device disks we routinely used 5 passes. This took over a week per drive to complete. It ended up taking so long on the big disks we ended up using a drive shredder because it was cheaper than just buying a new disk. One of the coolest security device I worked on would actually fry itself if you opened the chassis. Small wires were embedded around key components, then attached to unique capacitors and then the whole motherboard was encased in an epoxy like substance. If it detected tampering, current would flow and the device would melt from the inside out. That was the last line of defense, so no one could get to the keys embedded in the device. | ||
| Hootowl |
Assuming you're correct, and having part of the answer doesn't help, and pruning doesn't help reduce the number of possible keys, there's still good old fashioned cracking. You're a fool if you think NSA can't recover it. https://freedom-to-tinker.com/blog/haldermanhening er/how-is-nsa-breaking-so-much-crypto/ | ||
| Airbozo |
"You're a fool if you think NSA can't recover it. " I would tend to agree. I know only a very minor fraction of the computer hardware they have too. I've heard rumors about this: http://www.dwavesys.com/quantum-computing | ||
| Court |
That's amazing. I was at Salk Institute for a symposium a couple weeks ago. I was treated to listening to Rudy Tanzi and some folks discussing their research. That was the first I knew of the folding. The DWave implications are huge. |
