Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
I don't know. That said, is a suspect in a criminal case at the hearing for their computer search warrant?
I May Just Have to Buy an iPhone Now
- Thread starter RJM62
- Start date
I don't know. That said, is a suspect in a criminal case at the hearing for their computer search warrant?
tyndall
Pre-takeoff checklist
- Joined
- Jan 11, 2009
- Messages
- 321
- Display Name
Display name:
LawnDart
When you write secure software, the idea is to make it so you can't break in. Because if you can break in, someone else can too. Now, if you wrote it to the best of your abilities and someone else hacked it, are you really the best choice to write a hacking tool?
There are people who have spent their lives hacking the iPhone, finding bugs that Apple never knew about. Should they also be commanded to find a way in as well? Why? or why not?
eetrojan
Pattern Altitude
They haven't won anything until the hearing process and, if necessary, appeal process are over.
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
The did win the initial round, thus the court order... Right?
Soooooo...
Apple was considered a "criminal"... Even though all they did was design and sell I Phones???
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
I am all for writing the software as secure as possible. I don't want hacking or invasion of privacy.
I do want access when there is a legitimate court order to access the information that could foil another terrorist attack.
I'm miffed why that is so hard to understand. If it was a home computer this would not even be a question.
Unbeliever
Pre-takeoff checklist
Looks like someone hasn't read the court order. They haven't won, yet.
The last item in the order:
Apple asked for and got an extra 3 days, which prompted the "comply immediately" motion from the DoJ. As of this post, we're still in the 8 day period for Apple to write a response to convince the Court to change its mind. Basically, it was "here's the order, but you're allowed to immediately appeal".
https://www.documentcloud.org/documents/2714001-SB-Shooter-Order-Compelling-Apple-Asst-iPhone.html
--Carlos V.
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
Really, who??
I understand the war hasn't been won, but did they not win the first battle???
denverpilot
Tied Down
Unlikely. They had the password.
If you think you're holding something in your hand that might kill people, you don't tell someone across town to change the password on it.
Unless you're a complete moron.
Matthew
Touchdown! Greaser!
Dunno how iSecurity works: wouldn't whomever changed the P/W know what the new one is?
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
No doubt... If that story is true, and there is nothing more to it that isn't being told, they effed it up.
denverpilot
Tied Down
It's the fact that none of these changing stories make any sense that essentially proves we aren't getting the truth.
Every one they release makes them look stupider. And remember they all have to go through a PAO who is supposed to spin them positively in some way. And they're using the national level PAOs and staff now...
I think we'd all be appalled at how stupid whatever really happened is. They thought they'd just get a friendly judge to fix their massive screwup.
As if the whole thing wasn't a massive screwup long before the phone was looked at...
Every one they release makes them look stupider. And remember they all have to go through a PAO who is supposed to spin them positively in some way. And they're using the national level PAOs and staff now...
I think we'd all be appalled at how stupid whatever really happened is. They thought they'd just get a friendly judge to fix their massive screwup.
As if the whole thing wasn't a massive screwup long before the phone was looked at...
Unbeliever
Pre-takeoff checklist
Nice goal post move. From an absolute "they won, law has been made, comply" to "only won the first battle."
Think of it in tennis scores. "Advantage DoJ".
--Carlos V.
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
We always knew there were appeals coming, thus no goal post move.
My only mistake was assuming everyone was aware of that.
silver-eagle
En-Route
My company owns the security on both my phone and pc. I am quite sure if asked they could alter the password or issue a disruct code. It was only a couple of years ago I read about users with encrypted drives crossing the border. The feds are more than allowed to the device, but not the unlock code.
What I am not sure of is if the software used on the phone is native android or some 3rd party extra. If third party, going to android/google would not resolve the decryption issue. There is no external indication. So flashing the device might not do a thing.
Let me add this concept to the argument. Would you want your car's computer data accessed by the feds while they make a case for anything against you? Said car COULD BE the key to your whereabout is thIs something they have a real need to? Court order (based on this Apple case) says GM has to pay to build the appropriate software to pierce your car's computer security. It's all in ram. What's the problem?
What I am not sure of is if the software used on the phone is native android or some 3rd party extra. If third party, going to android/google would not resolve the decryption issue. There is no external indication. So flashing the device might not do a thing.
Let me add this concept to the argument. Would you want your car's computer data accessed by the feds while they make a case for anything against you? Said car COULD BE the key to your whereabout is thIs something they have a real need to? Court order (based on this Apple case) says GM has to pay to build the appropriate software to pierce your car's computer security. It's all in ram. What's the problem?
RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
It's hard to understand because it's impossible. What you want assumes that all government agents are honest, that all courts are honest and conduct their business in the open (certainly not the case with FISA), that tomorrow's cops and courts will also be honest and conduct their affairs justly, that no one who has access to the key will ever lose it, that no government server holding the keys will ever be hacked, and that the information will never wind up in criminal hands.
Furthermore, because whatever backdoor key Apple provides to the U.S. government will also have to be provided to other governments where the company does business, multiply all the above by 196 to get some idea of the chances of keeping such a back door a secret.
I've had my personal information breached nine times (that I know of). Two of those times the U.S. government was the entity from whom it was taken. Forgive me if I don't share your starry-eyed admiration and blind faith in the government's competence in the area of data security.
Rich
Last edited:
denverpilot
Tied Down
Here's some other info I just found.
The original request was to have Apple assist with getting the data, something they've done many times before. They attempted to comply.
When the Feds realized they screwed the pooch by ordering the password change in an inappropriate way while not using APPLE'S PROVIDED TOOLS FOR MANAGING COMPANY OWNED DEVICES, that effectively locked Apple out of the device and they said so.
Feds THEN doubled down and asked for the hack to get around the wipe code be WRITTEN by Apple. Apple said no.
At this stage of the request, Apple could have written it and would NOT have had to hand over that firmware to the Feds. Simply use it themselves to get the data desired.
(We've already discussed that there are other ways to get this data and it's highly unlikely there's real national security level data on this phone anyway...)
When Apple refused, the request for the court order changed significantly and upped the ante again, to the worst possible case...
The current court order now demands the firmware be made AND DELIVERED to the Feds for future use.
And THAT is what Apple is fighting.
The court order demands the firmware image that disables the security be handed over to a government agency.
There's no reasonable reason for that at all, and at the very least, Apple will appeal that part of it.
Apple PROVIDED a way for San Bernadino to properly manage their phone. They didn't. Feds screwed themselves by forcing a password change that was unnecessary and locked themselves out of their own evidence chain.
Asking the manufacturer to make you a skeleton key that you get to keep because you totally ****ed up, is ridiculous.
This screams that there's some "little tyrant" personality in charge of all of these decisions over at FBI and they're telling SB stupid things, "change the password", and Apple stupid things, "Just make us a key!" who has no freaking clue what they're doing. They're already embarrassed they missed terrorists right under their noses who did completely obvious things that screamed "terrorism" and should have been watched, and all while working for a local government agency.
I told you this story was going to be about someone being embarrassed. They keep doubling down, and tossing weight around like a bull in a china shop, which is a standard personality trait for that type of failure bothering a ticked off Type A.
So any bets on who the hatchet was about to fall on, who promised some politician they'd "fix this"?
The original request was to have Apple assist with getting the data, something they've done many times before. They attempted to comply.
When the Feds realized they screwed the pooch by ordering the password change in an inappropriate way while not using APPLE'S PROVIDED TOOLS FOR MANAGING COMPANY OWNED DEVICES, that effectively locked Apple out of the device and they said so.
Feds THEN doubled down and asked for the hack to get around the wipe code be WRITTEN by Apple. Apple said no.
At this stage of the request, Apple could have written it and would NOT have had to hand over that firmware to the Feds. Simply use it themselves to get the data desired.
(We've already discussed that there are other ways to get this data and it's highly unlikely there's real national security level data on this phone anyway...)
When Apple refused, the request for the court order changed significantly and upped the ante again, to the worst possible case...
The current court order now demands the firmware be made AND DELIVERED to the Feds for future use.
And THAT is what Apple is fighting.
The court order demands the firmware image that disables the security be handed over to a government agency.
There's no reasonable reason for that at all, and at the very least, Apple will appeal that part of it.
Apple PROVIDED a way for San Bernadino to properly manage their phone. They didn't. Feds screwed themselves by forcing a password change that was unnecessary and locked themselves out of their own evidence chain.
Asking the manufacturer to make you a skeleton key that you get to keep because you totally ****ed up, is ridiculous.
This screams that there's some "little tyrant" personality in charge of all of these decisions over at FBI and they're telling SB stupid things, "change the password", and Apple stupid things, "Just make us a key!" who has no freaking clue what they're doing. They're already embarrassed they missed terrorists right under their noses who did completely obvious things that screamed "terrorism" and should have been watched, and all while working for a local government agency.
I told you this story was going to be about someone being embarrassed. They keep doubling down, and tossing weight around like a bull in a china shop, which is a standard personality trait for that type of failure bothering a ticked off Type A.
So any bets on who the hatchet was about to fall on, who promised some politician they'd "fix this"?
timwinters
Ejection Handle Pulled
And everyone else here is having a hard time understanding why you don't understand.
Oh, and I don't think "miff" is the word you wanted. At least I hope not.
James331
Ejection Handle Pulled
- Joined
- Apr 18, 2014
- Messages
- 20,309
- Display Name
Display name:
James331
If they are not just, or constitutional, YES.
Something about bad men and good men who do nothing...
jesse
Touchdown! Greaser!
I've seen a couple people in this thread imply that the government has the compute power already to brute-force an AES-256 key. Could someone please let me know what leads them to believe this compute power actually exists? I seriously doubt it.
The government could throw all the compute power they want at trying to brute-force an AES-256 key and likely wouldn't get it finished while any of us are still alive. This would be an incredibly expensive endeavor that would tie up all of their compute resources. It's clearly not an option.
Even if they built a couple hundred nuclear powerplants (how the hell would they hide that), and then built some massive supercomputer (which would require all those plants), exponentially more powerful then anything that exists today...It'd still take more time then the universe has existed or will likely exist.
That is how GOOD properly implemented modern encryption is. This is something I don't think most people grasp at all. The world's entire GDP couldn't even pay for the electricity it would take to crack an AES-256 key.
Based on what I know about this field I would say it's highly improbable that the Feds could possibly brute-force the encryption and their only real path is to force Apple to do this. I also think they really don't care about the data on the device - this is just a convenient excuse to try and establish the precedence.
The government could throw all the compute power they want at trying to brute-force an AES-256 key and likely wouldn't get it finished while any of us are still alive. This would be an incredibly expensive endeavor that would tie up all of their compute resources. It's clearly not an option.
Even if they built a couple hundred nuclear powerplants (how the hell would they hide that), and then built some massive supercomputer (which would require all those plants), exponentially more powerful then anything that exists today...It'd still take more time then the universe has existed or will likely exist.
That is how GOOD properly implemented modern encryption is. This is something I don't think most people grasp at all. The world's entire GDP couldn't even pay for the electricity it would take to crack an AES-256 key.
Based on what I know about this field I would say it's highly improbable that the Feds could possibly brute-force the encryption and their only real path is to force Apple to do this. I also think they really don't care about the data on the device - this is just a convenient excuse to try and establish the precedence.
Last edited:
wsuffa
Touchdown! Greaser!
News today is that the county had MDM software licensed, but never required that it be installed on the device. And they're paying $4/month per device for the license.
http://wtop.com/politics/2016/02/basic-software-that-held-key-to-shooters-iphone-went-unused/
(quote) The case would not have existed if the county government that owned the iPhone had installed a feature on it that would have allowed the FBI to easily and immediately unlock the phone. San Bernardino County had bought the technology, known as mobile device management from MobileIron Inc., but never installed it on any of the inspectors’ phones, including Farook’s, said county spokesman David Wert said. (end quote)
According to the news, NO. But they were given 5 days to make the case after the order was issued.
Actually it would be. Most SSDs have a feature to encrypt the drive with a security code required at boot. Somewhere else I posted a link to Intel's info on their SSDs. Likewise, programs like TrueCrypt and PGP can encrypt the hard drive - TrueCrypt allowed hidden containers, multi-boot and "self destruct on failure".
Should the government compel Intel to develop software to unlock their encrypted drives? Should the distributors of TrueCrypt (which was open-source) be required to hack their dual boot/self-destruct system, and if so, who would you force to do it? Should the makers of PGP be required to provide a back-door (putting at risk some government contractors that are required to use the system)?
Standard negotiating technique. Try this, then negotiate down a bit.
It makes more sense when one considers that failure of the FBI and other agencies to get "back door" legislation through Congress.
There are agencies that have more computational power than the FBI. Whether they have enough to brute-force it is a different question, for which no one here will have an answer. At least not an answer they can share.
That said, the real issue here is the "self-destruct" feature. Even if it COULD be brute-forced, the risk of triggering the self-destruct is pretty high, which would render it totally unusable.
FastEddieB
Touchdown! Greaser!
- Joined
- Oct 14, 2013
- Messages
- 11,421
- Location
- Lenoir City, TN/Mineral Bluff, GA
- Display Name
Display name:
Fast Eddie B
Just tuning into Sunday's "This Week In Tech".
They're teasing this topic with the episode title "Apple vs. the DOJ".
Usually informed debate on such topics, and this should be a relatively timely take.
They're teasing this topic with the episode title "Apple vs. the DOJ".
Usually informed debate on such topics, and this should be a relatively timely take.
paflyer
Final Approach
Not when the "T" word is uttered by the cops.
paflyer
Final Approach
BECAUSE BY DOING SO THEY GIVE THE GOVERNMENT THE KEYS TO EVERY IPHONE USER'S PHONE.
eetrojan
Pattern Altitude
Just imagine what the police and prosecution would do to gather evidence if there were no checks and balances on how they gather it.
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
I don't think so. It was said yesterday that it could be done on one phone, in a secure place at Apple, without the Feds present.
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
I agree 100%.
Matthew
Touchdown! Greaser!
I'd think the feds would have to be present in order to maintain the chain of custody of the evidence? I don't think the FBI is going to hand over the phone to Apple and say, "Here, see what you can do with it."
paflyer
Final Approach
Absolutely no question.
paflyer
Final Approach
There is nothing more dangerous than an "embarrassed" government.
paflyer
Final Approach
BULL****.
paflyer
Final Approach
Yeah, especially when Apple tells the feds the secret message on the phone is
DONT FORGET TO DRINK YOUR OVALTINE
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
I find this interesting...
http://m.nydailynews.com/news/national/apple-unlocked-70-iphones-refusal-article-1.2536178
http://m.nydailynews.com/news/national/apple-unlocked-70-iphones-refusal-article-1.2536178
paflyer
Final Approach
"For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess," Apple said on its privacy website.
denverpilot
Tied Down
Schneier is on point as usual on this one...
https://www.schneier.com/blog/archives/2016/02/decrypting_an_i.html
https://www.schneier.com/blog/archives/2016/02/decrypting_an_i.html
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
It's still interesting... Many folks think Apple is doing this because of some moral high ground. Obviously that's laughable.
paflyer
Final Approach
"What the FBI wants to do would make us less secure, even though it's in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order.
"Either everyone gets security or no one does. Either everyone gets access or no one does. The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all."
Kritchlow
Final Approach
- Joined
- Dec 2, 2014
- Messages
- 7,729
- Display Name
Display name:
Kritchlow
Than why did they unlock the previous 70 phones? Sounds to me like they already set the precedence.
jesse
Touchdown! Greaser!
Not what I was saying. Brute forcing the actual AES-256 key is entirely different from brute-forcing the way the key is derived. Brute forcing the way the key is derived when the key is likely a 4 digit pin is really silly simple. Of course, they can't do that, because of the self-destruct feature.
The government *could* very likely extract the encrypted data from the device. They could then attempt to brute-force the AES-256 key all they want. I keep seeing people say this is a path the Feds could easily take. But what they don't realize is nobody can brute-force an AES-256 key right now. There's not enough compute power in the world to accomplish it within my lifetime using the technology that exists today or will exist 10 years from now (unless there's some absolutely major breakthrough in computer science, but that's very unlikely).
I would bet an awful lot of money that the NSA can't brute-force properly implemented AES-256. They can attack how the keys are derived (if for example a simple pin derives them).
Now I wouldn't be surprised if the NSA were capable of getting into this phone..but it wouldn't be by brute-force...it would be by writing the same thing Apple would write and signing it with Apple's cert which they've probably already stole. The problem though -- is they can't do this..because if the news got out Apple would shut that path down and they'd lose that capability.
Last edited: