Slashdot Mirror
Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com)
An anonymous reader writes: After a couple shot 14 people in San Bernardino, CA before being killed themselves on December 2nd, the authorities recovered a locked iPhone. Since then, the FBI has complained it is unable to break the device's encryption, in a case that it has implied supports its desire for tech companies to make sure it can always have a way in. Today the Associated Press reports that a US magistrate judge has directed Apple to help the FBI find a way in. According to NBC News, the model in question is an iPhone 5c, but Apple has said that at least as of iOS 8 it does not have a way to bypass the passcode on a locked phone.
"Judge orders arsonist to unburn-down house"
Good luck with that.
There's no word on exactly which model of iPhone was recovered
Huh? The article clearly states a model:
According to NBC News, the model in question is an iPhone 5c
I wouldn't be surprised if this was nothing more than a joint PR stunt to mislead people into assuming privacy on their cellphone so they wouldn't be afraid to use it for sensitive information. Government has nothing to win by disclosing they have a backdoor, neither does the cellphone manufacturer. Even thinking lo-fi decryption, how long must the passcode be before brute-forcing gets more inconvenient for the government than for the user?
to revive the dead people.
Apple to setup a cloud system to try to brute force PBKDF2???
Once the phone bricks itself from the tampering, it won't be an issue.
In the USA, we like stuff watered down, like beer, television, and freedom.
Unlock code: 072 (Virgins)
All you gotta do is put the password here and it opens right up. What's that? You don't know the password? Neither do we.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Is it contempt of court to refuse to try and do something that one already knows they cannot possibly do?
File under 'M' for 'Manic ranting'
It stands to reason that the purpose of trying to decrypt the phone after the event, and after the death of the perpetrators, is to see if there might be any information that might implicate other individuals as accomplices or sympathizers, so that those individuals can be investigated. But if it is not possible for Apple to decrypt the phone, then other avenues of investigation will need to be considered.
Of course, mathematics being what it is, and lawyers and judges being who they are, it is not the least bit surprising that the latter should be ignorant of the former. It's a unique form of hubris to think that one can somehow circumvent a secure cryptographic system by the mere force of law, as if jurisprudence supersedes mathematical truth.
I don't understand why he keeps posting dead links.
Minimum threshold fixed. Thanks!
They can be set so 10 failed tries wipes the phone. They can also set larger passwords than 4 digits.
fock it. Clap, clap, clap
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Maybe they should ask one of the 5,000,000 various reporters, journalists, and random people eating popsicles if they saw what looked like an iPhone passcode written down somewhere in their house while it was being ransacked live on television a day or two after the attack.
No problem. 0000. Nope. 0001. Nope. 0002. Nope...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I assume they would image the drive first...
“He’s not deformed, he’s just drunk!”
But they do have an inflated sense of power and get all pissy when people don't do the impossible if they demand it.
Do not look at laser with remaining good eye.
Or you know the FBI can look through all the phone records and use their other sources of information. These people had twitter, they know that, they can also easily find their email accounts.
It's the FBI being whiney.
Do not look at laser with remaining good eye.
You can't order someone to do the impossible. For practical purposes, breaking the end to end encryption on an iphone is impossible. Who better than the people who developed the software to know this??
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
If the OS was updated to IOS 9 then there's this fun hack...
Maybe Apple could try a web search to find other vulnerabilities.
Just a thought.
Sent from my ENIAC
That's 10,000 possibilities. It seems someone could put together a lego robot to try all 10,000. If they were forced to wait 60 minutes between attempts it would be 416 days at most.
Iirc iPhones use hardware encryption when the reset is hit it changes the hardware key. So then that backup is worthless.
Minimum threshold fixed. Thanks!
The problem is that cryptography is mathematics and doesn't know the difference between criminals and innocent people.
It also doesn't know the difference between law enforcement requests to unlock the phone and criminal requests.
If they can get into a criminal's phone, they can get into anybody's phone. If they can get into anybody's phone, any criminal who gets the key can get into anybody's phone. As to "how likely is it for the criminals to get the keys?"... well, pretty much every system (FBI, DHS, Apple, etc) that could theoretically hold the keys has been breached at some point. Holding that capability also makes a huge target. So "Very Likely", even to the point that when things were previously unlockable, hackers were doing so already.
Thus it comes down to "Do you want to allow criminals to access your iPhone so that law enforcement can also access a criminal's iPhone?" at that level. And in the event that a smart criminal had an indication that Apple could defeat the encryption and lockout, they'd just store the important data in a place that no company controlled or had access to.
@Whee
No. In short: The iPhone's encryption is tied to the physical hardware. Within the chips themselves lies a full 256-bit AES encryption key. The 4-digit pin simply unlocks the encryption key from the chips. They are tamper resistant and you can't just write software to get around their protection of the full encryption key as it's all hardware enforced.
For a full explanation, see my previous post earlier in the article: http://yro.slashdot.org/commen...
Or apple could simply have implemented proper encryption in which they actually can't help. Given that the government is not their primary customer, I don't think they care that much about helping them. If anything, the government probably wants a phone that can't be hacked by Apple (or anyone with Apple's secrets) for themselves, even if they don't want others to have that.
That only works if the key is stored on the device, and the text the user types is merely a password to authorize use of the key, which would be a damn silly implementation.
Actually isn't that how it works on a modern iPhone, the key to decrypt storage is only on-device? What makes it not silly is that to "erase" a phone prior to transfer to someone else all that needs to be done is that the on-device key is destroyed and replaced with a new key by which data on media will now be encrypted/decrypted.
The FBI is trying to find out whether Apple is telling the truth. If not, great, they have their data. If yes, they at least get Apple to reveal everything about their hardware, firmware and software to provide Big Brother with something to work on.
My question is, will we ever know whether is phone is cracked?
Prove anything by multiplying Huge Number times Tiny Number
> Except for the Criminal Rights crowd
You mean like the Son's of Liberty? THAT "criminal rights" crowd.
You're such an ignorant moron.
A Pirate and a Puritan look the same on a balance sheet.
Just so that the debate here is a little more well-informed:
The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
1) Disable the auto-erase feature
2) Allow the FBI to brute force submit password guesses to the phone, and
3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.
I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
You can see why Apple wanted to get very far away from the business of being in a position to be asked constantly by law enforcement to help decrypt its phones, just for the sheer volume of requests that will be coming if they do....
The right to encryption and by extension privacy is more important than any one crime. The State has to accept its limitations, not wail and moan about how its 'not fair' they cant have absolute control over humans. Some things are beyond government's reach, accept it.
Good-bye
What could be learned from that phone that could not be collected from all the other electronics the couple owned and used?
Without accessing that phone the govt could find who the couple have called and texted, subpena social media sites for their exchanges, and collect who knows how much information under an NSL from Internet Service Providers.
I find it difficult to believe that something so nefarious or so important exists on that phone and that phone alone that can't be gathered elsewhere through other fashions.
This feels like the govt trying to flex its muscle using a high profile case in order to persuade public opinion regarding encryption and back doors.
Remember folks: a backdoor for one is a backdoor for all. And who cares about a back door when you have an intelligence agency monitoring all the comings and goings of the front door.
"If it ain't broke, it doesn't have enough features yet"
Comment removed based on user account deletion
There was no pardon, pardons are for crimes. This was the one agency exercising its perogative to override another agency under the President's authority. The reason for the veto was that the patents in question were part of an industry standard and thus under FRAND terms. Samsung was violating those FRAND conditions in an effort to squeeze Apple.
Can't Apple just turn over the iCloud backups?
Problem? Problem? How is that a problem? The power structure can make anyone it wants a criminal just by having bullshit laws. Turing was a "criminal" by UK law at the time. There was a time it was "criminal" to shelter escaped slaves in the US. Or to consume alcohol. It is criminal even now to use certain drugs and substances on your own goddam body.
Cryptography is a little like free speech. If it is only effective for people you like, it isn't real.
They are ALL set so 10 failed passwords wipe the phones (although it would take you 2 hours to do so as it progressively time locks). You can't just hack an Apple iPhone like you do an Android; they have designed a very good security chip and to circumvent it would require insane amounts of engineering.
Custom electronics and digital signage for your business: www.evcircuits.com
iCloud backups are also fully encrypted. Apple is the only business that 'gets' security it seems like.
Custom electronics and digital signage for your business: www.evcircuits.com
Yup, and brute force decrypting the icloud backups would be much much more difficult than brute forcing the likely 4 or 6 digit PIN code on the device.
You can't take down co-conspirators with that kind of quitter talk.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The perpetrators are contained. Finding out why they did it has time and can be done slowly and the old-fashioned way. The only thing they are doing here is to push (again) stupidly for a thing that makes everybody much less safe: backdoors. They must not be allowed to make the current global computing infrastructure even less secure as it is today, just to cater to their laziness. These people are more of a threat than any criminal could ever be.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If apple did it right, they cannot supply any of that with reasonable effort (or possibly at all).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It will not. Even full fascism is not enough to screen people reliable in larger numbers. It can simply not be done. Trying to can cause an incredible amount of damage though, as the aftermath of 9/11 demonstrates very nicely.
The answer to crimes like these is resilience: Put them in context, see that they are not more tragic than if these people had been run over by cars (just as horrible, but accepted as an everyday risk), mourn them and move on. But do not panic and sacrifice a free society or give lying snake-oil vendors like the FBI or the NSA more power just because they claim they can do something. They cannot. But it is not required to do anything as these events are so exceptionally rare and society is not threatened by them at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If Apple did this right, then they cannot do that. And doing this right is likely not that hard if you have a small number of really capable people doing it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That gets you the AES-256 encrypted image.
When he says "wipes the phone" what he really meant is "wipes the decryption key from the secure hardware storage" and you're fucked. Then it's brute force for thousands of years time.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
No. They need to pull the encryption-keys from a secure microcontroller. If you can throw a lot of money and time at the problem, that is doable. To get an idea, I recommend "Hacking the Xbox" by Bunny. One PhD by one very smart guy that invested several years. The iPhone will be much harder. Also, the people that _can_ do it may not want to work for the FBI in the first place.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They would need to image the secure microcontroller holding the key. That is a bit harder. Might take a few years of research by some really bright people and some really expensive equipment.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The key isn't in an image-able bit of memory. It's in the secure chip. And that secure chip can't be removed from the device without fucking the key, as it's paired with a burned-in value in the CPU. The password try delay is enforced by that chip, and that chip erases itself after 10 tries unless you disable that feature, which (presumably) Apple will not be able to do, because that preference would be stored on-chip.
The only off-phone method you'd have is directly attacking the AES-256 encrypted image by brute-forcing the whole key. Good luck with that.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
After reading Apple's iOS Security Guide white paper, it is doubtful that Apple can write any kind of software to load onto the device to permit any of those options. This is because once the device is locked, it will not install any updates to the operating system. The boot firmware is already installed and automatically runs when the device is turned on. Updating the operating system requires the device password. These functions are cryptographically secured. See the section "Keybags," subsection "Escrow Keybag" in the paper. The auto-erase and time delay features are enforced by the Secure Enclave in hardware, and cannot be circumvented.
why? guilt is not in question. It's just a precedent thing. fbi is overfunded and now they have something to do. Why don't they use these resources on future crimes unrealated? I'll tell you why. because it's easier and more fun to tinker with this. fuck the fbi, do something useful for us.
All three of those numbered items are hardware-enforced by the secure enclave chip. If they could be disabled in this way, the cryptosystem as a whole would be essentially worthless.
So two hours time and any fool can trivially wipe any iPhone? Um, that doesn't sound okay at all.
Actually, this might not be right – the 5c uses an Apple A6; the secure enclave was introduced with the A7.
"We provide a product that works as advertised, and it can't be broken into" might be slammed by some pundits, but it's certainly not going to make them look bad to their potential customers.
> Mine isn't set to wipe after 10.
Easily fixable. Settings -> Touch ID and Passcode -> Turn on "Erase Data" at the bottom.
They would need to image the secure microcontroller holding the key.
I have a hard time believing that can't be done already, unless there is an internal, on the die self destruct triggered by 'improper' access.
“He’s not deformed, he’s just drunk!”
You can turn the feature off- but under what circumstances would you want someone to have access to your phone for two hours and it continue to have all your personal stuff on it?
Remember that restoring an iphone is trivial once its in your possession, from itunes or icloud.
Anyway, it's not on by default.
I was just referring to the problem with the concept of "Effective encryption (that protects against criminals) with a backdoor (to fight against criminals)". "Secure/Effective" and "Backdoored" are mutually-exclusive in encryption.
@Whee
idk if it's been stated before, but the court order sounds more like "help us brute force the key" not "help us decrypt the data". I guess philosophically it's one in the same, but slightly technically different. Here's the exact text.
important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware. Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis. If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
From one point of view, it could be said that I did not say the encryption scheme would be broken in that case. It would be the misappropriation of "legitimate" keys used to access the back door of the encryption system.
From another point of view, if the point of the encryption is to prevent any but explicitly-authorized entities - as defined by the data holder and assumed to not include the pool of "and whoever has backdoor keys to the encryption system" - from accessing the data, the very existence of a backdoor breaks the encryption scheme (though not the cipher-generation algorithm) to a degree as it both creates an unknown third party "authorized entity" and a larger attack surface against which a successful attack can compromise the security of your data.
The encryption scheme, taken as a whole, is the entirety of everything from the key storage to (in)secure hardware to the strength of the key against various attacks to the cipher algorithm and stuff in between and around. So the algorithm that generates the encrypted result and reverses that process may be "very secure", but the scheme as a whole can have other faults. Like "password written on a post it note and stuck to the back" or "intercept the self-destruct process to be allowed to brute-force 10,000 4-digit possibilities" to "offload the stored key and use knowledge of the pin-to-key process to extract the key by brute force on an external system".
Encryption cipher algorithms as we know them today is not "unbreakable". It's just "currently so hard to break that it cannot feasibly be assumed to be doable in a useful time period." But a sticky note with the password renders even an "unbreakable" quantum cipher useless in short order. So you protect the key.
If you are the only one in control of the key, you can make your own choices (within some limitations) on where that key exists and who/what has access to it. The moment there is a back door, you no longer have control over the fully-inclusive key set to your data and the people who do have proven that there is a strong potential for their backdoor key to become compromised, thus compromising the security of your data.
@Whee
And why exactly do you believe that one of the world's most capable tech companies does not use such elementary and well-understood precautions?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Maybe they shouldn't have shot him before they had the password?
Of course news about a fake are Fake News.
I don't know, mandated back doors maybe?
“He’s not deformed, he’s just drunk!”
In the UK a person has a legal obligation to hand over a password to encrypted data when asked nicely by the people with guns.
However, a block of random data is indistinguishable from an encrypted file. So when asked to "decode" a couple of MB of random numbers it should be reasonable to require the authorities to prove that there is actual content within - and that an unlock key exists. This may sound like a philosophical point, but unless the data in question has been encrypted, a person cannot be asked to provide the key.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
NO!
If he had it on icloud, Apple could turn it over. The icloud backups are encrypted BY APPLE.
Check page 4:
www.apple.com/privacy/docs/legal-process-guidelines-us.pdf
Here's some guidelines:
http://manhattanda.org/sites/d...
There's a part where the document sort of complains that users aren't required to back everything up to icloud, because they can just ask for anything in icloud at all and get it in plaintext immediately (as documented by the first link).
If you promise to encrypt "hunter2" your end with AES-256, is it encrypted? Sure, but it's also here on plaintext, in transit, and if asked, you could certainly retrieve it. Even though it's clearly my password that you can't see :P
You have three options:
The first is a 4 digit PIN.
The second is a 6 digit PIN.
The third is any passphrase of any length.
It's trivially obvious which mode it is in- the first two bring up a number pad and have 4 or 6 boxes to fill in, the third brings up a screen with a keyboard.
> Were I so desperate to get into the phone, I'd image it
Right, so now you have an AES-128 image sitting around, and you destroyed the key when you imaged it. Unless they dicked up the AES-128, it should be pretty hard to break that. The key in question isn't the PIN, obviously, the PIN protects the key.
If the iPhone 5c had Touch ID this wouldn't be a problem, they could just use the persons finger to unlock the device. This illustrates why Touch ID is a bad idea if you care about your privacy. Since we only have ten fingers and the auto erase doesn't activate until after 10 failed attempts, the only thing needed to get into a Touch ID phone is a court order. The Fifth Amendment protection against self incrimination only applies to the contents of your mind, it's established precedent that it doesn't apply to your body (i.g. blood, DNA, finger prints, etc.) or property.
Just so that the debate here is a little more well-informed:
The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
1) Disable the auto-erase feature
2) Allow the FBI to brute force submit password guesses to the phone, and
3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.
I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
You can see why Apple wanted to get very far away from the business of being in a position to be asked constantly by law enforcement to help decrypt its phones, just for the sheer volume of requests that will be coming if they do....
One per software release?
Once they have the image that does 1,2 and 3 of your points they don't need to ask Apple to do anything on an individual phone basis.
blindly antisocialist = antisocial
Just use the fingerprints of the criminals. Or clone the phone and brute-force the pin-code.
Or use all the rest of the logging taking place to see who they communicated with and when, and ignore the little data on the phone. A phone is just a computer. The problem is, politicians don't realise this.
Are you telling me that the default behaviour of an iphone is to destroy the keys if someone punches in some random unlock shit 10 times?
Imma have some fun with this.
"Hey that's a nice phone, mind if I have a look?"
Russian lawmakers consider banning state officials from using foreign-made smartphones, such as iPhones, over spying concerns: https://www.rt.com/politics/ip...
The FBI tells Apple to decrypt but the attempt "fails". Apple sells more to non-friedly countries. US security agencies open the back doors they previously arranged with Apple, and savour the intel.
Yeah, and they already have:
http://www.nbcnews.com/storyline/san-bernardino-shooting/apple-fights-order-unlock-san-bernardino-shooters-iphone-n519881
geek. lawyer.
To me the problem is not the inability to crack the information on the iPhone. But the fact these two got into the country with no red flags, no surveillance and not even a hint of what they were doing.
What do you mean - "got in"? Unlike Ted Cruz, the guy was actually Born in the USA.
Of course news about a fake are Fake News.
Just so that the debate here is a little more well-informed: The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would: 1) Disable the auto-erase feature 2) Allow the FBI to brute force submit password guesses to the phone, and 3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock. I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html:
Addendum: how did Apple's "old" backdoor work?
One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can't they do it today?
But the most likely explanation for this policy is probably the simplest one: Apple was never really 'cracking' anything. Rather, they simply had a custom boot image that allowed them to bypass the 'passcode lock' screen on a phone. This would be purely a UI hack and it wouldn't grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn't encrypt all of the phone's interesting data using the passcode, the unencrypted data would be accessible upon boot.
No way to be sure this is the case, but it seems like the most likely explanation.
Of course news about a fake are Fake News.
My apologies. Rereading my initial post, I realize I made a mistake. I did say "UDID", but I meant "UID".
These are two separate numbers within the phone. The UDID is known to the OS and can be queried. But it is not a part of the encryption key.
The UID is burned in to the silicon and is only known within the encryption system itself. Not even software running at the kernel level can query the UID.
All they need to do is use one of those password cracker devices: http://thumbs.randomenthusiasm...
is Lisa's birthday, right? Everyone at apple should know that one.
-- these are only opinions and they might not be mine.
We'll start at the beginning with the low-hanging fruit, and build from there.
From Apple this translates as follows: "we didn't get what we wanted prowling in the dark corridors".
Assume the Tor position! All your child porn R not belong to us!
Translation: Shit happens. Because human nature. [long sigh]
Where for the love of God is the adamant denial that they can actually build such a thing for the device in question? If the only barrier to accessing this device's data is a long night of hammering out source code, then I think this backdoor already exists, like a door that opens onto the back side of the second floor which is sealed from active use because no exterior stairwell has so far been erected.
"But we'd have to drain the moat and relocate the alligators to set the foundation! It would take weeks." Doesn't matter. If that's your last and most severe impediment, the door in my opinion already exists.
Others would argue that the mere possibility of providing a backdoor after the fact calls the competence and unbending will of your organization into a harsh light.
Pfffffft. What reasonably people find acceptable concerning their physical security in practice seems to have almost no bearing on how people behave with respect to their digital assets. Perhaps eventually as a society—in another generation or two—we'll get there.
Here's one simple distinction. Criminals who break into your house can be shot with a gun. Things you can shoot with a gun go to a different (more vivid) mental lobe in the human brain. Cyberfilth is almost impossible to shoot with a gun. Bleach might be a better option, but you're going to need to bring Dow Chemical Company onside with your plan, just for starters.
William Gibson: Reasonable behaviour is already here — it's just not very evenly distributed.
To avoid flattery, it's probably best to frame this sentiment as "no reasonable person's future progeny would find that acceptable", because I've seen the "reasonable" people now living and breathing among us, and let me tell you, it isn't pretty.
Rhetorically, Apple is in a bit of a rush here to close this one gap sooner rather than later, out of thousands of similar gaps.
You see "irony" here? Wow. Just wow.
News flash for Tom Cook. The "same people" who authored the American constitution granting powers to the American state also engineered its limitations. It's a human process sometimes called "striking a balance".
Furthermore, allow me to hazard a guess: the same people who toiled cea
Blow it out your ass, you bootlicking piece of shit. Tim is standing up for our right to privacy, in the face of massive pressure from idiots and thugs. I've always admired him, and never more so than today.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
If I have physical access to your iPhone I bet I can wipe the data a lot faster than that, particularly if I'm allowed some simple tools like a hammer and a chisel and a microwave.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Everybody seems to get this wrong. This is real encryption, guys, and is intended to be proof against simple things like rich nation-states determined to break it no matter how long it takes. It's not going to be brute-forced in millennia, or even in a few billion years. Unless there's something fundamentally wrong with our understanding of computation, it's not going to be brute-forced using only the resources of the Solar System. Taking a look at the Kardashev Scale (which I keep thinking of as the Kardashian Scale), a mere Type III civilization (one that uses the resources of an entire large galaxy) isn't likely to brute-force it either, since it looks like only a hundred billion times the power of a Type II and we're talking about AES-256, unless they can make enough sufficiently powerful quantum computers.
You can sometimes convince a cryptographer that something is secure because of the difficulty involved in breaking it, but nowadays it seems like they want to make things resistant to Kardashev Type II civilizations at the very least.
Given a Kardashev Type III civilization and an iPhone I wanted broken, I'd probably either have it imaged at the atomic level and processed in a planetary server farm, or have a few billion brilliant cryptographers gather on a planet and try to come up with an actual break of AES. Either would be more promising than brute-forcing the key.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Then neither side would make this public as these would need to be kept secret at this time. No, this is the FBI trying to call Apples bluff. Thing is, I think it is not a bluff at all. Oh, sure, if you throw, say, 100 Million and 10 really capable people at the problem, they would get the phone open and it may even take less than a year. But the FBI cannot legally order Apple to spend that effort.
In any case, it will be very interesting so see how this unfolds. I predict Apple is going to win and we all will have a better world for it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The Judge has told us to help you get into the iPhone. When you turn it on, you need to guess the passcode. You have 10 attempts. Guess well. You're welcome in advance for the help.
Sincerely,
Apple
The right to encryption and by extension privacy is more important than any one crime. The State has to accept its limitations, not wail and moan about how its 'not fair' they cant have absolute control over humans. Some things are beyond government's reach, accept it.
Furthermore - maybe if they didn't just wantonly kill the suspects (aim to disable) and then allow the press to ransack the suspect's home then maybe, just maybe I might have some sympathy for the FBI here.
But no - they fucked up and and now are asking for Apple to bail them out.
Make sure everyone's vote counts: Verified Voting
Lol, it's so cute how I can push your buttons. :)
Anyway, to answer the questions you asked at your link.......
Which sites & do you get paid by ads on them? Finish the answer & point them out so I can verify this...
Lol, like I would tell a scumbag like you specifically what sites I run. Thanks, but I don't need some shitbag like you trying to DDOS me or hack my sites.
To answer your second question, some some make money from ads, some some sell products.
So choke on it, baby, that's about as much info as I'll give out to a pedophile like you.
Just cruising through this digital world at 33 1/3 rpm...
The company's terminology? You mean "secure enclave"? That's a fairly common, industry-standard term in the field of data security, though it is more commonly used in the context of networks rather than parts of a specific device. And Intel also uses that term. But if your hatred for Apple runs so deep that you can't stand to use Apple's terminology while talking about an Apple product, I suppose we could call it a Trusted Execution Environment....
Check out my sci-fi/humor trilogy at PatriotsBooks.
This is not how I want our government to operate.
Governments must NOT have back doors. The threat of such power outweighs the benefit.
I could not believe the amount of stupid this story generated here and in the rest of the media. Only 5 posts here referenced the definitive white paper that explains in gloriously gory detail what Apple did to secure the iPhone 5 and later models.
If Apple implemented this encryption system correctly, as described in that document, it cannot be broken*, even with a custom iOS image, because all key material and control over the internal parameters, preferences, and machine-state of the Secure Enclave are dependent on iOS tossing the correct user PIN/PASSPHRASE over the wall to that chip. Until that is done, the only way to decrypt the storage on that iPhone is to brute force AES-256.
IMO: The FBI is pursuing a Hail Mary and the judge is buying it hook line and sinker**, because they are even more ignorant that the FBI and the rest of of us here about how this security system works. If anything this will be used by the Gov. to attempt to stir Legislators to get backdoors mandated. As anyone with half a functioning braincell knows, mandating such is pure, undiluted, stupid! And I think the Gov. knows this. I think they simply don't give a shit.
*without a truly heroic effort from top shelf hackers, who make absolutely zero mistakes in their execution.
**I don't think this judge believes that Apple did what that White Paper claims they did. It will be interesting to see if Apple can prove that the system is implemented correctly, because I think that will be a key factor in how this all settles out, and what comes next.
The point behind the phrase "thousands of years" isn't to be accurate in any way, but to instead show that it is an insurmountable task which would require a fantastic amount of resources for a ludicrous amount of time in order to do.
And, "thousands of years" is also a subset of a few billion years, so you can still take it literally and it would be true, if inaccurate.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
It it just prevents 10% of you paranoid delusional rants, it's a good start! just keep poking the bear.
Latest news is: within 24 hours of getting custody of the phone, a Government Technician, without asking, and having no mandate, no permission, to do so, CHANGED the password!!! That action just might have lost data that had not been uploaded to iCloud since 1-1/2 months BEFORE the massacre in the County "GUN FREE ZONE"!!! Government again inserts foot into mouth, then shoots foot, hits brain!