Slashdot Mirror
Edward Snowden Calls For Google To Side With Apple On Encryption Debate (techinsider.io)
An anonymous reader writes: Edward Snowden, the most famous whistle blower in the world, is calling for Google to side with Apple and against the FBI in the "most important tech case in a decade." On Tuesday, the FBI asked Apple to help it crack the password on an iPhone belonging to a shooter in the high profile San Bernardino case. Apple CEO Tim Cook quickly responded with a public letter denying the request, calling it "an unprecedented step which threatens the security of our customers." Google creates Android, the most-used mobile operating system for smartphones in the world. Google has been nowhere near as firm as Apple about its stance on un-compromised encryption - Android is famously an open sourced platform that anyone can modify. Snowden issued his message in a tweet.
Thus far it seems Apple is not cooperating.
I don't have a problem with the specific thing that Apple is being asked to do. They aren't being asked to break the encryption they are being asked to change the firmware on the device to one that doesn't have an artificial throttle on the number of brute force attempts per second; and to disable the wipe command that is engaged with 10 wrong guesses.
My question is a side one. Apple has described that for every secure enclave in its iPhones (region of the core processing chips), they inscribe a unique ID -- completely unknown and irretrievable by Apple or its suppliers -- that serves as a private key during encryption operations. This way you cannot unlock an iPhone's contents without the correct passphrase/passkey and the phone's unique ID in your possession.
How does a chip manufacturer inscribe a unique code into every chip? As I understand it, chips are produced by successive masks (film) with the circuit pattern layered on each mask.
Is one of the masks getting printed with the unique set of codes? Are the masks printed and changed with every wafer, after the unique codes are changed and discarded? Seems like a very intense way of having to put a unique code on each chip.
Or, if you remember film cameras from like the 80s/90s, where they could burn a date into the corner of the negative, do IC making masks have the ability to dynamically burn a changing code during exposure of the wafer??
Thanks for any knowledge you can offer on this point!
It seems more that Apple cannot cooperate, which is what will keep the FBI from storming their facilities in the long run; their "unwillingness" to cooperate is simply cheap PR riding on the back of their inability to do so.
Don't get me wrong, their inability to cooperate is a good thing, it means they don't have a backdoor, nor do they mirror keys without user knowledge. Spinning it as them standing up to the FBI, rather than facts and science doing the same, is just hilarious, though.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Ok, maybe this will be overstating it a bit for effect, but here goes:
In a sense, Google as an organization is a bit more conflicted in its mission, because its mission is/was to make the world's information free and available. Along the way it came up with services that customers liked, and they found that customers also benefitted from not being hacked, so they have some good security along with those services. But from the start it's mission wasn't the front line of being a secure service.
Apple is different. It designs and puts devices in people's hands which they come to regard as personal, inviolable, and private modes of communicating, and keeping information to themselves.
Merely from a practical view, I would say that Google should support Apple, just because in the future, if this case falls, they may find themselves in the same position of having to help the government over and over with increasingly mandatory tasks...
So the solution is for Apple to pony up some cash for lobbyists in DC?
"Google has been nowhere near as firm as Apple about its stance on un-compromised encryption - Android is famously an open sourced platform that anyone can modify. "
The way that sentence has been structured, there is an implicit suggestion that an open-sourced platform implies weak encryption.
What would you rather have? Security through obscurity?
Apple hasn't said they couldn't cooperate, they said that they wouldn't. It seems likely there is at least something they could do if they were willing to cooperate.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Yup, said this in my followup comment, where I also requested that my post be harmlessly modded out of view.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The fact is that open source is much more secure, simply for the fact that hiding things makes it easier to incorporate known bugs as well as more difficult to find them because there are less people reading the code.
Now that goes against encryption, as the point of encryption is simply to hide things... however we are talking about a method to allow privacy and security and the road which the message takes (the protocol and endpoints) must be open to be secure.
This talk explains it all quite well - https://archive.org/download/3...
Really, listen to it you'll probably learn something novel if you can think the whole way through it.
I dont know how Apple does it on its chips but other companies have done it via one-time-programmable fuses.
I'm not certain about Apple but the way similar tech does this is to have read/write nvram but then burn an addressable fuse on the write line so it cannot ever be written again.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The government is not going to pay the true cost of this operation. Suppose the developer ordered to create this code quits instead, as indeed he must do, to protect his personal integrity. Yes developers can be bought on the market but it takes months to years to bring a developer up to speed on a particular piece of software. This can costs millions. I doubt the government will pay the true cost for this.
This will destroy the trust enjoyed by apple and its OS. The value of this asset can not be estimated. "He who robs my purse steals trash." The government does not intend to pay for this.
By Citizens United, corporations have rights. Therefore anything they do to Apple they can do to you. The government will be able to destroy the honor of any individual with integrity, with a simple court order, turning her into a government fink.
He's one of my better twitter follows
I have long been one of those to poke fun at Apple fanbois and their walled garden. But Tim Cook's ethical stance is making me seriously consider my next phone choice.
Public/government information should be free, but what's mine should stay mine.
Come on Google, Facebook, Microsoft, Intel, AMD, Cisco, Twitter, Yahoo, Motorola - be Spartacus! Collectively you can face down the Leviathan!
Prove anything by multiplying Huge Number times Tiny Number
They want to cooperate as it helps back off the antitrust dogs, and not because the issue is lessened but simple tit-for-tat. See also political donations.
But in this case, "The NSA can peek into US products at will" belief makes worldwide sales fall. So that overrides the bottom line even more.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
or they secretly already cooperated and are legally prevented to disclose their compliance.
I don't use twitter very often, but his tweets are very interesting
I don't know the specifics on how this works in this case but I know enough about electronics that I can speculate.
One means to have a write once memory is with the use of "fuses", the fuse is a small etched wire that with enough current will open like a fuse. This would be done with a write at a voltage much higher than that normally used for a read. I would further suspect that to prevent someone from changing the written value the write function itself would have a fuse, blow that fuse and the chip is incapable of taking on a new value.
So, each chip off the line would have an identical mask. The chip would be tested for function, the crypto key written, tested that the key was written correctly, then the write fuse blown, tested again, and if it passes on all steps it would be shipped for use in a device.
Speculating further the pins to write the crypto key might only be exposed before it is packaged. Probes would be placed on the chip before it is packaged to write a crypto key. The chip verified, and if it passes it would be packaged and used in a device.
What those crypto key values might be depends on the crypto system used. It might just be a sequential number, like a serial number. It might be randomly generated, to prevent attack by somehow obtaining the serial number. It might be created by some crypto algorithm, such as being a large prime number or something.
I do not know of any technology that allows for on the fly changes to the mask used to burn the chips. Trying to retrieve the written value would require destructive evaluation of the chip. This process would seem to be quite expensive and unreliable. As the chip would be destroyed an identical chip would have to be made to recover the data that this chip was used to encrypt.
Depending on the algorithm is it possible the data retrieved could appear as valid but incorrect. What that means is that the person may have encrypted the King James Bible but what came out from the decryption with the wrong key was Moby Dick. With the original chip destroyed from attempting to read the crypto key its not like you can go back and try to read it again.
It is also possible that I have no idea of what I'm talking about.
I am armed because I am free. I am free because I am armed.
I am very surprised that Apple have taken a stance like this.
This move demonstrates Apple's keen business sense; it's good to see this kind of move from an Apple sans Jobs. Who's got the inside story? Anywho, if you take a quick look around you'll see the news chock-full of stories about how the US' spy regime has harmed business. This may be the difficult road, but it is the only one that does not lead down a dark hole of business failure, let alone being expected to do anything and everything like this for the government in the future.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Just to reiterate a point - the phone in question is an iPhone 5C which doesn't have a secure enclave. A7 SoCs and above with the secure enclave do all the PIN verification in hardware, enforcing the timeouts and the 10 incorrect guess wipes. But since the iPhone 5C doesn't have this, it's a software check that does it. (However, it doesn't mean Apple can just load on a new firmware update to a locked phone - doing so could wipe the phone as well).
So it is theoretically possible to write code that allows unlimited guesses. Whether or not you can load it on a phone is another question altogether (and I wouldn't be surprised if you couldn't without wiping the phone).
As for the SoC part - no, they don't pattern the masks with the ID. What happens is in practically every SoC in existence, there is a bit of memory that is one-time programmable. Effectively, it's an array of fuses (we call them fuses, but in reality, they're antifuses). You can blow the fuses which often sets various configuration options (e.g., blow one fuse, and the JTAG interface is disabled, blow another fuse, and you disable some block, or half the cache or whatever). You can also blow fuses that have special properties - e.g., a memory area that cannot be read by software, but hardware can access it. This is often done by initial programming software - you program in a serial number and the software blows the right fuses for that serial number. That software can also generate the hardware keys for encryption - by generating a random key using the key generator block (usually a random number generator) of the cryptographic engine, then using that to blow the key fuses. If the software doesn't report the key to the manufacturing hardware, then no one knows the key, not even Apple.
OTP fuses can be blown during the hardware test phase of chip production as well. Special pads on the die that aren't brought out of the package can be used to access and blow the OTP fuses. This is typically done for the unique identifier portion
For small lots, it's often easier to do it in software during production - customers will buy chips with areas of the OTP unblown to which they can use vendor-provided tools to blow them. Larger runs can be blown at the factory.
The OTP array is not strictly a 2D array of fuses - there's metadata like a valid bit (the row of memory is programmed - used by boot firmware to determine if it needs to engage the encryption unit), a lock bit (to prevent bits from being written - stuff like serial numbers and unique IDs will have the lock bit blown to prevent people from blowing fuses in that row and changing the ID), the bits themselves and special wiring that connects each bit with the appropriate piece of hardware.
It would greatly improve the safety of bicycles to have car drivers that wouldn't run their ass over because they didn't see them. Huh I suppose then only the poor would actually be in control of their vehicles.
http://linux.slashdot.org/stor...
http://news.slashdot.org/story...
Yes I already know they already have self driving motorcycles in india but I said bicycles.
https://www.youtube.com/watch?...
Minimum threshold fixed. Thanks!
Yup, said this in my followup comment, where I also requested that my post be harmlessly modded out of view.
You two are not even vaguely close to being the first to recognize this, so no harm done.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I believe that this is possible. Further, before you mount the die, during the automated testing phase you could easily allow the test unit to make connections to the die in order to allow programming of the nonvolatile areas, then "blow the fuses" by application of specific voltages/currents so the device cannot be modified using the same process ever again. If you use a random enough data source for setting the key, it will be logically impossible to do anything but brute force the key.
Of course, it is all academic. If you have access to the physical device, it should be possible, though likely very difficult, to determine what you need to know to access the data on the phone, even without the pin. At the very least, one should be able to attach to the device, dump the encrypted content, duplicate it onto a emulated device and brute force the pin without having to worry about busting the original phone. Apple could do this if they wanted but it's going to take internal knowledge of the device's design and the software that runs it. I don't see this being dangerous to privacy as it's really just an attack that is going to require extended physical access to the phone by an army of people who are equipped with the necessary hardware, software and tools along with the necessary technical data. Surely Apple can do this for ONE phone.
My guess here is that if the FBI really wants to do this, they can easily force Apple to release the necessary technical data with appropriate NDA's and hire it done. My guess is they don't want it that badly but they will do what they can to hold Apple's feet to the fire by asking the judge for sanctions given his orders are not being followed. Apple may eventually find themselves in some seriously uncomfortable situations if they truly mean to press this.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Better than life in prison for exposing government overreach
The oldest technique is to just burn some data into flash before soldering the chip onto the board. A more hardcore approach is to put a noise-sampling hardware generator to generate the keys on-chip, store keys in volatile memory with power traces on the top layer to defeat micro-probe attacks (you would have to scrape away the power connections get to the memory cells) and clock-limiting circuits to defeat overclocking attacks, etc. Dallas Semiconductor (now Maxim) has been making chips like this since the 90's, so you can put one in your homebrew secure system. https://www.maximintegrated.co...
I feel sad for you that you don't realize the contributions he's made to privacy rights. Interesting coming from an AC too
the challenge for providers is not how to comply with the law, but how to maintain customer trust while removing themselves from the burdensomme and dangerous position of having to be subject to it in the first place.
apples enclave is...as loathe as i am to admit it as a non-fanboy....genius. The system allows them to protect users and in doing so protect their brand. At the same time, it thwarts legislative intervention because apple has taken such a hands-off approach to the way ios does pki.
sadly though google doesnt have to stand with them on this. in fact it may benefit them not to speak out at all, as this would call attention to their own PKI system and its similar nature: absolve the manufacturer from the legal process entirely.
Good people go to bed earlier.
I respect Apple's stance although I have no love for their business practices.
To me this just says that they have crunched numbers and found this to be the fiscally sound stance to take. They are the richest company - I hope there is a reason beyond faux status symbols and "ooooh shiny".
All of those companies will lobby whatever they think is best for their bottom line even if they're in opposition to everything else - even themselves.
I'm sure Cisco would love to sell you network encryption options while also selling the equipment to allow mass collection of that encrypted data for attempted cracking. Why sell weapons to only one side?
The Apple docs use the word "fused" so I think they're using the same technique as PROM circuits, except they're not directly readable. Essentially every bit is wired to a circuit breaker, you start with all 1s and intentionally trip some to burn in a fixed patterns of zeros and ones the first time you power it up. If they use the on-chip RNG to initialize it it's possible that not even the manufacturing facility knows what value it has encoded, only the chip itself. Looks like a real tin foil hatter designed this system and did it well.
Live today, because you never know what tomorrow brings
Been to Moscow? It's pretty cool, and definitely beats life in prison
Apple actually is capable of cooperating (in this particular case), since the relevant device is an iPhone 5c (i.e. three generations old), which pre-dates the protections provided by TouchID and the Secure Enclave. Specifically, because the iPhone 5c and earlier devices lack the Secure Enclave, it means that the OS itself is what's responsible for wiping the device after too many failed attempts and for enforcing the delay between login attempts that limits the effectiveness of brute force attacks. As such, replacing the OS installed on the device with a compromised version that has those countermeasures stripped allows the FBI to engage in brute force attacks against the user's passcode.
Not so in later devices, where the Secure Enclave (which is essentially a separate computer in the iPhone with its own, separate OS and its own, separate memory) manages those features and stores the encryption keys, meaning that even if you have a compromised update for iOS, the Secure Enclave will still deny repeated attempts at logging in, along with destroying the keys after a set number of failed attempts.
The FBI is asking Apple to create a custom version of iOS (which some security experts have taken to calling "FBiOS") that is intentionally and knowingly compromised. The reason they need Apple to do it is because Apple holds the keys used to sign iOS updates. So while Apple can't decrypt the iPhone directly, they are the only ones who can create a version of iOS that allows the FBI to engage in a brute force attack against the user's passcode, which can, in turn, be used to decrypt the device.
All of which is to say, yes, Apple IS taking a stand against the FBI. Were it a later device, you might be right (though rumor in the tech press today seems to indicate that Apple is aware of a similar sort of attack which may be possible against the Secure Enclave), but this issue needs to be a line in the sand, because if the FBI can do this the implications are dire. It would mean that there's nothing stopping them from compelling private software companies to create malware versions of their software that can be used to open backdoors that otherwise wouldn't have existed. And the same legal logic that is being applied here by the FBI (i.e. the use of the All Writs Act of 1789) could be applied just as easily to compel Apple to knowingly compromise the Secure Enclave in new devices, thus creating backdoors where otherwise one would not exist. It's a broad overreach of a centuries-old law, and it needs to be stopped here and now.
I have been thinking about the possibilities of this 'fight'. I suspect the outcome will be 'encryption licences' similar to Gun Licences, except encryption licences will be extremely hard to obtain.
You need to get a licence for a non-backdoored device, otherwise you get a device open to the Gov and anyone who can find the backdoor. Interesting times.
Actually, as there were only 5 posts in the thread when I loaded the page, I have to say the post I am referring to was the first, at least in this conversation.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Actually, they *HAVE* said in the past that they cannot decrypt iPhone content with IOS8 or later. Arguably, they are only saying they wouldn't *BECAUSE* they couldn't.
Lots of people seem to believe this... but I don't think any of them are experts in encryption. Ultimately it baselessly presumes that Apple is lying about their inability to break the encryption. There are mathematical reasons why breaking strong encryption is hard, and those reasons are just as inviolable for Apple as they are for the FBI.
File under 'M' for 'Manic ranting'
If you read through my post history, you'll learn that I do, in fact, know what the Secure Enclave is. Further, if you read my follow-up post, you'll note that I am already aware of my mistake here. Perhaps I shouldn't feel bad about not reading entire threads before commenting; apparently nobody else does either.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
So the trick then becomes how does Apple force a device that has been locked by the OS to update itself to a compromised version of the OS for the FBI to hack? This may still be outside of Apple's ability.
File under 'M' for 'Manic ranting'
Crazy talk.. https://en.wikipedia.org/wiki/Programmable_read-only_memory
1. Patent the technology
2. Travel to 1955
3. Profit!
Ah, the "No True Scotsman" argument.
Perhaps I shouldn't feel bad about not reading entire threads before commenting; apparently nobody else does either.
It wouldn't be /. if we did. ;)
Thanks for the heads up. I got sidetracked while typing and (as per the usual) didn't refresh to check for updates before posting. Apologies if I beat a dead horse, since I've seen you around enough to know that you're one of the good ones.
how does Apple force a device that has been locked by the OS to update itself
Device Firmware Update mode, enabled via USB. It's the same method used by jailbreakers.
I think he's concerned about American privacy rights, not Russian
If it can be read, couldn't they create a clone with a new chip? Pardon my ignorance on this.
meep
this will end in congress banning all non-backdoored encryption.
I hope life in Russia with the ever present possibility of deportation is worth it. Ok, so he can walk around at will, but he is not free to come home, is stuck in a declining country with an economy to match and must trot out before the cameras every time Putin decides he needs a pawn to poke the USA in the eye over some cyber security related issue. Not to mention that Russia can deport him at the drop of a hat, anytime it suits them. If he even tries to step outside of Russian territory he's risking capture, imprisonment, trial and the death penalty for what he did. Hope he likes it there, because as soon as he becomes irrelevant (and that's fast approaching) Putin will cut him loose and the best he can hope for is to be allowed to stay. If they depart him, it's game over.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
If it were that simple, all the FBI would have had to do is jailbreak the phone wouldn't they?
File under 'M' for 'Manic ranting'
That's honestly a really good question, and I don't have a certain answer for you. I can speculate a bit, based on what I do know, however...
My understanding based on the reporting today is that the FBI can't do this on their own because they need for Apple to sign the update. Having never jailbroken my iPhones, I can't speak to how the process works, but I'd assume that a jailbreaker is required to unlock their device at some point during the process. Perhaps it's the case that updates signed by Apple's private keys are capable of bypassing that requirement, thus putting them in the unenviable position of being the only ones who can update the device with arbitrary software?
Again, that's pure speculation, since the only things in these last two posts that I'm certain about are that DFU mode would be used to load the update and that Apple needs to sign the update since the FBI can't force the update otherwise. The specifics for why those are true, however, are beyond my recollection.
> If you have access to the physical device, it should be possible, though likely very difficult, to determine what you need to know to access the data on the phone, even without the pin. At the very least, one should be able to attach to the device, dump the encrypted content, duplicate it onto a emulated device and brute force the pin without having to worry about busting the original phone.
You can't dump the data from the secure enclave and you have to try the PIN against it. The PIN encodes the real key, which never hits memory except in encrypted form, so it can't just be dumped. Half of the key is also paired with the processor, so you can't just attack one piece of it separately.
LOL I do it all the time... I almost never reload to check for new comments, even when I opened the page hours ago; the only exception is when little or no conversation has occurred by the time I open the page. No worries and thanks for being one of the few here not to jump on someone for admitting they were wrong (and then pointing it out yet again).
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
It seems more that Apple cannot cooperate, which is what will keep the FBI from storming their facilities in the long run; their "unwillingness" to cooperate is simply cheap PR riding on the back of their inability to do so.
They cannot cooperate because they intentionally engineered their OS so they couldn't comply. It may be for PR purchases, after all in a post-Snowden world we do care about phones that the gov't can't sniff, but it certainly didn't come 'cheap'.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
You're right. It'd be much better for the American people to still be in the dark about the NSA's activities
Speaking as an iPhone owner who has jailbroken his iPods, iPhones, and iPads many times... you don't need a signed update to jailbreak, since you're not changing the iOS version during the jailbreak process.
Now if you are jailbroken, and the version of iOS you are on is no longer being signed, then if your phone gets screwed up there's no way to restore the phone to the current version of iOS - but that's because a restore reinstalls iOS, and that can only be done with a version of iOS that's currently being signed by Apple. (as an aside - Cydia Impactor attempts to address this problem, but currently it doesn't work reliably)
However most recent jailbreaks first install a jailbreak app onto the phone, which you then have to run from the phone to complete the jailbreak. Doing this obviously requires the ability to unlock the phone, since otherwise there's no way to run that jailbreak app.
#DeleteChrome
Obviously their are mathematical reasons why breaking strong encryption is hard, but security is only as strong as its weakest link which in the case of an iPhone is the 4 digit pin code. Modifying the OS to allow brute forcing of the pin code isn't a mathematical impossibility.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
I don't see why Apple and the government can't arrive at a mutually acceptable and proportional compromise.
Apple could install an image without wipe limit, run a brute force attack of device and restore original image so government would never be in possession of hack image.
Unless of course there is an ulterior motive like Lava bit fiasco where government forced production of encryption keys that compromised the whole system rather than allow vendor to implement per user data collection capability.
In any event I hope Apple and every other vendor advertising personal device encryption learns something from this experience. Personal device encryption must be able to stand alone on its own merits with no external dependencies or you will be harassed by the courts to provide assistance and nobody will trust the security of your systems.
Paradoxically I'm not so sure this particular lesson is one government prefer vendors or customers learn...
I hope the rest of us learn an important lesson about the age of government mass surveillance of its own people... The age of stingrays, collecting call records, cell site location data and Internet records en masse without a warrant. In an age where any tangible thing could mean private key of any US based CA or software vendor coupled with a gag order.. In an age where the Fourth Amendment is declared null and void (see third party doctrine) due simply to changes in technology.. The lesson is if you want privacy the only avenue to achieve it is via real E2E security without any middleman. The Clouds and googles and facebooks and Microsofts and Apples cannot be made secure no matter what vendors advertise or claim. Even if they actually gave a shit about you and your privacy they must still operate under current US legal regime.
Paradoxically I'm not so sure this particular lesson is one the government or industry prefers individuals and companies (especially foreign ones) learn. It sure as heck is a lesson I hope everyone learns.
Sorry to break it to you, but the post you were replying to was in error and it seems they actually can comply with what's actually being asked of them. You and I made the same incorrect assumption, friend.
That said, while their inability to comply with what we both assumed they were being asked to do is intentional, Apple's intent was simply to not have to worry about being bothered with requests to decrypt phones; they accomplish this simply by rendering it technicall impossibly for them to do so. That's a purely selfish motive, but one that does benefit us; the PR that comes with it is cheap, even if it is a legitimate benefit to users.
It seems as though you're defending Apple from an attack I was not making; hopefully this clears the air.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Really, mods? I was asking that the PARENT post be modded down. Let's get a few overrateds up there, eh? ;)
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Eh... Hi there, Anonymous Coward. Thank you for your thoughtful and productive comment, it has really added to the conversation.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Obviously their are mathematical reasons why breaking strong encryption is hard, but security is only as strong as its weakest link which in the case of an iPhone is the 4 digit pin code. Modifying the OS to allow brute forcing of the pin code isn't a mathematical impossibility.
Except in this one case where they would have to be able to modify the OS of a phone that is already locked.
Just the fact that Apple is being asked to DECRYPT a phone tells you it can be done.
Your shit is not secure, and never was on OSX/iOS.
"If any question why we died, Tell them because our fathers lied."
You're an idiot.
"If any question why we died, Tell them because our fathers lied."
I think you're right in that I do need to do some more reading into this. I'm not sure if we're talking about whether Apple can decode the device or if Apple can lift the gates on gov't brute forcing it.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
FBI asking Apple to provide them with a signed OS image which allows unrestricted brute force guesses of the password/pin code on a single phone. This is very different from building a backdoor into encryption so that it can be reversed without knowing the password.
Apple could provide an alternative OS image that checks for part serial numbers on specific phones named in a warrant. FBI would not be able to install that image on another phone, as removing serial check would also invalidate the signature.
I think it's a good compromise, unless one does not believe that law enforcement should be obtain available evidence with a proper warrant. It's different from going out of the way to make evidence available at the expense of law abiding user's security.
If it can be read, couldn't they create a clone with a new chip? Pardon my ignorance on this.
It can't be read. The chip has a few commands, and "read the encryption key" isn't among them.
Do you have ESP?
I have to admit, though... The FBI saw this one coming and had a plan for it.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Or perhaps he did not have faith in the US laws to protect him
I totally think this is posturing by the FBI. It's just too convenient that we're talking about this not two weeks after the proposed sales ban on encrypted phones in NY.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
It depends on what it means to decrypt. If all that is needed is a relatively short PIN then there is certainly a way to do this and the only thing standing in the way are features to limit and nullify brute force attacks (is it really limited to 4 digits on iPhone?). So FBI is asking for help to subvert this feature. They say it's just this one time, but that's not to trusted and once the door is open to allow a very simple warrant compel a company to crack a phone then it will be used in the very next case where the FBI feels stumped.
Apple *could* help with this presumably, at least with the older iPhone 5c (though how do you upgrade firmware without unlocking the phone, can Apple forcibly upgrade a phone remotely?). However Apple should be able to respond to the court order by showing that it is unreasonably burdensome.
It's doable. But doable does not mean it's easy or that it is not an undue burden on Apple. A court order can't say "keep trying to comply until you die trying." Apple could show the projected loss in sales if it does comply, show how much manpower is required to comply, how much manpower is required to prevent future abuse by the DOJ, and so forth.
Oh, don't you know it! Asking that my mistaken post be modded down, to hide the incorrect information it contains from the general audience; only a total wanker would want to prevent the spreading of misinformation.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Often the numbers are either a simple serial number incremented by one every time, or have some relation to the manufacturing process like wafer number and X/Y coordinates on said wafer.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Who gives a flying fudgecake what Snowden says. He has no talent except for stealing and running away.
Stop giving this guy air time, you might as well post my opinion as a story.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
You're right. It'd be much better for the American people to still be in the dark about the NSA's activities
I don't have any special privileges and I KNEW what the government was doing before Snowden did his thing. I may not have know the extent of what they where doing, but I sure knew the extent of what they COULD have been doing. I interviewed once with a company (now out of business) that provided the network monitoring tools that in hindsight where used for this program and having a telecommunications background may have helped me understand the ways the government could do stuff like this, but I'm surely not alone in my understanding of SS7 signaling and related technologies. It was obvious to me and I'm sure others what they where doing because they where not really trying to hide it.
All Snowden really accomplished (beyond his banishment) is drawing attention to the situation in a way that appealed to the press, helped along by the cloak and dagger motif and pictures of his "girlfriend" left behind. Well, power to him, but he was stupid. Like it or not, nothing has really changed, and where the "program" has been publicly shutdown now (being largely useless given it was common public knowledge) you can be sure it's been replaced with programs that have similar capabilities but less constitutional impact.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Yeah, what he said. What does this "Snow-don" character have to do with the legal consequences of the overreach of government surveillance?
Let's talk about something else instead. But none of this irrelevant crap. Here, I'll give you a topic: Let's talk about the influence of classical Greco-Roman architecture on modern architecture, but I don't want to hear a lot of jibber-jabber about the Parthenon or the Pantheon or the Colosseum!
Uh... It was my own post that I was asking be downmodded, as I was mistaken on my facts when I posted it. If I was trying to censor someone else's post and I, as you said, always have a spare mod point, would not I have modded it myself? Think, buddy, before you open you anonymous piehole.
I'm also wondering if the AC who also replied here is right. It might be time to retain legal council.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
and no one is interesting in reading about it any longer
I would be inclined to agree, so why'd you bring it up? I'd also be inclined to think that people, perhaps, are interested in my posts, given that all of your moderation has been undone, except for the post where I specifically asked to be downmodded.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.