Slashdot Mirror
John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America (hothardware.com)
MojoKid writes: Wondering what John McAfee is up to these days? It's not sniffing bath salts nor is he fleeing foreign countries as a person of interest in a murder investigation and faking heart attacks (been there, done all that) ; instead, he's on a mission to save America. How so? By cracking the code on the San Bernardino iPhone that's causing such a ruckus. McAfee didn't just criticize the FBI; instead he offered a potential solution. Let him and his team of hackers break into the iPhone without any help from Apple. "With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension," McAfee said. Eccentric rant aside, McAfee's offer is simple - give him three weeks and he will, "free of charge, decrypt the information on the San Bernardino phone" with his team of hackers. He'll do it using mostly social engineering.
McAfee is clearly off his rocker. The only person or persons who he could expect to socially engineer his way through are dead.
How do you decrypt a phone using "mostly social engineering" which wipes it's memory after 10 attempts? I may not be a 1337 h4x0r prodigy, but that sounds pretty questionable to me.
Hasn't that ship kind of sailed? I mean, it's like trying to find unbiased jurors for a murder case when the defendant is a famous athlete or musician.
Gamingmuseum.com: Give your 3D accelerator a rest.
They must be pretty good if they attend Defcon in Las Vegas!
The suspects are dead. Are they going to attempt a seance?
If his team can more easily decrypt the phone than Apple as he claims this could open a new avenue of argument for the court case.
If the court can compel Apple to decrypt a device why couldn't it compel any company to decrypt any device?
It shows how ridiculous this whole request is. The government should never be able to force a company to develop a product out of thin air to satisfy a court order.
Is he going to bring them back from the dead like in that episode of "Fringe"? He'll probably need a cow in that case.
I assume is what he actually means is get an low level tech support to believe that it's his phone. That seems extremely unlikely now that he's announced his intent. Anyone attempting to access this iCloud Account will almost certainly get red flagged and terminated with Apple pressing charges under the CFAA.
Attending DEFCON is not a credential beyond a willingness to spend money on admission and a hotel room. All the talks are on Youtube anyway...
How are they going to use 'social engineering' to get the password out of a dead guy's brain?
But when it reached 'social engineering' i almost laughed. Yeah, that'll work. Especially after such an announcement.
Who better to break into a system that's nearly impossible to get into than the man responsible for software that's nearly impossible to get rid of?
--
What happens when an unstoppable force meets an irremovable object?
http://xkcd.com/538/
"Mostly social engineering"
Regards, Phil
Under indictment for murder or being extradited? He's a black-hat with no ethics, of course he'll do unethical work for the highest bidder, a nationstate.
How hard is it to image the entire storage area on iPhone? Like, a bit for bit copy of everything on it? And then.. just load the image into a vm and brute force the PIN, while leaving the original device intact?
If you were me, you'd be good lookin'. - six string samurai
You're supposed to be running for president!
A Trump / McAfee ticket is the closest thing we can get to having President Dwayne Elizondo Mountain Dew Herbert Camacho in real life.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
If only they would take him up on his offer. The first thing that came to mind was Kip driving over the plastic bowl with the camper van.
Dang it!
"Eat at Luigi's!"
Well, if You wanna know, right now, in this exact moment, there's an iPhone plugged inside a factory in my city, whereas been used to be remotely connected with some damn idiot to get some money.
Can't they just open the device, dump the data & OS and try to bruteforce that without using the iphone passcode system ?
He's good at that.
>He'll do it using mostly social engineering.
It seems like we (or the source) got this stuff a little hot, maybe from a handmade audio transcript. Over at Ars their take was
> About 75% [of the associates] are social engineers. The remainder are hardcore coders.
Plus the eating his shoe thing. Sensationalism or not I'm surprised that's not mentioned in TFA.
So the FBI asked a couple of field agents --guys who have many years playing video games as kids-- and who in their own estimation are 'pewter savvy', and they haven't been able to break into the iPhone without everything getting wiped. And so now they are saying "we need national legislation to force back doors so that we can go on fishing trips all day long". And that's what's being proposed, and the Mayor of New York should know better, but he's tossing in his opinion too. And its a slippery slope. And if the FBI can easily bust in (and they have 'pewter savvy' agents who have calloused thumbs from playing 'pewter games'), then your average 12 year old can bust in. And all they have to do is pass the phone to the NSA, and all the data will be sucked off in under half an hour. The memory chip/drive is not connected to the operating system. And you can suck everything off without the operating system. And you can brute force all the data even if it was stored encrypted, and since the operating system is seperate from the data, trying more than 10 times doesn't mean the end. And "acres of processors" means that about 1/2 hour is all that's needed. And the FBI is like a bad driver, unwilling to switch lanes --when safe to do so-- to get around someone turning left across oncoming traffic. And so they sit and wait, and wait. And it could --if they wanted it to be so-- have been all over 1/2 hour after the shooting. And in the world of the FBI, something in the back of my head tells me that they *already* have the data. They just don't have the legislation.
I am pretty certain Mcafee is working some amnesty angle here.
This is pretty much completely the opposite of the sort of thing he usually claims to be in favor of. I was thinking about probably not registering to vote so I could vote for him. What the shit?
This whole thing with Apple suddenly taking a principled stance in defense of its customer's privacy just seems like so much bullshit. It's like a kabuki dance that Apple and the FBI are doing in order to give Apple PR cover for when they ultimately capitulate to the court-order to create a firmware patch that bypasses the auto-erase routine that kicks in after so many failed attempts at entering the passcode. Their prior NSA involvement with PRISM and helping law enforcement previously crack other iPhones shows they're not concerned with customer privacy, just that they look like they are.
Oh, and McAfee is probably involved in some way with the killing of his neighbor in Belize. How the authorities let him roam free when he's wanted for questioning down there is beyond me.
"Knock Yo'se'f out!"
If he doesn't tweet this soon, he should.
The shooters are dead. How exactly is social engineering going to work against them?
>> He'll do it using mostly social engineering
"No problem. Just gimme the phone number, the address and the bank of the guy who owns the phone. I'll have him giving up the code by Sunday."
>> He's dead.
"F***!"
By "social engineering", I take it he's not planning to directly attack the hardware of the phone, which means he's planning to use the only other logical approach to breaking into this phone (and to me the only obvious attack vector open to him or anyone else as long as Apple stand their ground [correctly]).
Because this phone has a four digit passphrase, this means that the owner of the phone has hit the same four sections of screen at least hundreds, and more likely thousands of times. Maybe it is possible using very delicate and incredibly accurate equipment to detect some sort of impact print on the screen where it has been used in those four spots repeatedly. If it is possible to do this, then you have cut down the number of password from 10,000 to 24 different possibilities. From here you need to check everything you know about the phone owner to see if any of those combinations are personally significant in any way - even if the combination is entirely random, you'll still have a 41.5% to break the password with 10 attempts...
Meh - then again I'm not a half-million dollar a year hacker, so what do I know?
-- Pete.
Monochrome - Probably the UK's largest internet BBS
You're bad at jokes.
Yo Timmy, can you have them write me some firmware? I forgot my password.
I highly recommend some of you read this paper: http://www.apple.com/business/...
-- these are only opinions and they might not be mine.
A big one too! But first I'm going to tell the whole fucking internet!
Brought to you by Carl's Junior.
Forgot about this, but CRI might have some tricks up their sleeve. They MIGHT have the ability to DPA the AES engine if Apple didn't license their countermeasures - http://www.rambus.com/security...
retrorocket.o not found, launch anyway?
The phone will be returned 'decrypted' and full of last week's LOL-catz photos; it's a miracle. The killer must have wiped his personal data before the massacre.
The fact of the matter is that
I don;t think that means what you think it means.
Your wild-ass and misguided assumptions are not facts.
Maybe McAfee is trolling. Maybe he's hoping someone will be dumb enough to go by pure name recognition, and let him at the phone. At which point, he will type in 10 wrong passwords and return the phone to starting state, ending this whole mess. I mean, think about it, does he have anything to lose at this point? "Oops. Sorry Feds. I thought we had it for a second there. Live and learn, right? *wanders off whistling to himself*"
if it is a 4 digit passcode, I just don't understand why we can't clone the phone and try all 10,000 in moments?
How does having a separate "encryption chip" prevent cloning what is stored on the drives and chips?
McAfee's software, which comes loaded by default on millions of PCs, has been instrumental in making OS X more popular.
If your like me and had no idea wtf this article is talking about, apparently it was used in an american mass shooting:
https://en.wikipedia.org/wiki/...
Funny they are so concerned with gaining access to this stupid phone when the real weapons used to commit the crime are sold almost everywhere in america.
As a potential lottery winner, I totally support tax cuts for the wealthy
I see that Tashfeen used Facebook on her cell phone. Anyone who has read the things that the Facebook app has access to... would seem you could power it up, and have the facebook app probe the phone for useful information. Contact, messages, pictures, phone numbers etc. Who needs apple?
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
It would be ashamed if something happened to it. *wink wink
BS. If they were so confident they could do it, they wouldn't have to do it with THAT phone. They could decrypt the phone of some independent 3rd party willing to arbiter the contest. The judge didn't order decryption of THAT phone. It ordered Apple to surrender information sufficient to give FBI ability to decrypt ANY phone. And I believe (could be wrong on that) Apple's position is that it's not able to do it under the current encryption scheme (even if did it in the past, it may not be able to do it now). Here's http://crypto.stackexchange.co... a discussion of someone trying to understand why brute force isn't possible even if they take apart the phone.
Any guest worker system is indistinguishable from indentured servitude.
I know there's probably a simple answer, but I'm wondering why this is so hard. The FBI wants to brute-force the password, but it's got a "10 times or I'll erase the memory" program in it. The data they want must be on non-volatile memory. Why can't they clone the memory card? It seems like once you clone the card, you could build a model of the encryption transactions between the card and the rest of the phone in a supercomputer and brute force it without actually even having a physical phone. What am I missing?
Comment removed based on user account deletion
Reality:
Your ad here. Ask me how!
Per the infamous DMCA, isn't it illegal to circumvent such a protection mechanism? Could Apple make the case that this would violate its copyright on its software?
This guy is on a limb for ANY attention these days. Everything I've heard him talk about the last few years (portable private networks etc) Ive yet to see any follow through. *...a strong smell of desperation lingers in the air
Its clear that the FBI want a precedent so they can get any data off any phone using a tool supplied by Apple. They can already get the data off the phone, but they want Apple to provide the tool to do it and this would be their ticket to gaining such a tool. John McAfee is bypassing their legal process making their request invalid and undermining the need for Apple to provide such a tool. Well played John.
Clinton is a square shooter. Clinton 2016!
Don't you have an appointment with the police in Belize to deal with? Something about you being a suspect in a murder?
Seven puppies were harmed during the making of this post.
Have the FBI considered rubber hose cryptoanalysis?
I'm sure if they hit the phone constantly, it'll automatically decrypt itself.
The governments position: I bet you'll come up with a better way to tear down that cement wall if I give you a court order to break it down with your forehead.
This is the part I don't understand though - Okay, so it's on the cpu:
1. Take a new (ie: different) phone, install matching iOS on it.
2. Unsolder cpu from suspect's phone.
3. Solder cpu from suspect's phone in place on the new phone, thus *moving the hardware key*
4. Start new phone to verify it works
5. Flash image of old phone's encrypted storage onto new phone.
6. Brute force away.
Does AES burned into CPU apply to the affected phone, an iP5C ? Also, it was county property (perp received with job), so they may have a key somewhere. If so, then just clone, brute-force read the full AES and read the rest.
If not, then it may be impossible. No judge can order other designs, that is clearly _ultra_vires_ and squarely "legislating from the bench".
Have my IT guy cancel subscription to McAfee services tomorrow.
why focus on this stupid iPhone? just bomb all islamic countries to kingdom come and be done with it.
A MIT student once decoded the XBOX encryption system all by himself but the entire FBI organization can't break into a stupid smartphone? No wonder we got planes rammed down our throat. Eat shit FBI.
AES256. That is all.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
I think you mean "He'll do it mostly using social engineering."
American idiots.
The real government plan was to do something provocative that they knew would be in the headlines and get all the tech geeks excited so that enough of them would eventually be so curious about how to actually crack into the phone they would eventually start to formulate and eventually post an answer in online forums, long before the issue was ever resolved in court.
Its a clever way of crowd sourcing via social engineering.
Has anyone considered that he is so confident of his claims because his 'team' or someone he can pay off has already got the required information from Apple either by Hacking or by 'Social Engineering' and this is the best way for the hackers to come out? They can how set up an underground shop to sell that key or sell a 'service' to crack iphones, while still being heroes?
Is there mileage to that thought at all?
These hackers attend Defcon in Las Vegas
Wow okay like only 20,000 people did that last year alone. Its amazing he has put together such a group of rare a leet individuals. To think I have been leaving that off my CV all these years. Having attended let alone spoken at DefCon 20 years ago might be impressive, but now its pretty much meh. To be honest even getting to be a presenter in many cases is as much who you know as having something really cool to show off.
That said I have no problem with McAfee doing this. I object to the idea that the government can compel a vendor to weaken the security of their product before or after the fact let alone back door it. I think Apple has a clear business interest in not doing so and its a basic question of freedom that we should not force a manufacturer to assist in the investigation of a crime they were not involved in. It would be like if someone had something locked in a safe, and the government could demand the safe manufacturer drop whatever they were doing and take whatever steps are required to crack it. That precedent would essentially turn anyone who manufactures or sells anything into a potential conscript at any time.
I also think an individual or company ought to have the right not sell to or provide the government with services and equipment if they don't want to. I for one would make the same choice Tim Cook has in this case. The Three Letters and even local law enforcement have proven they can't follow the rules, give them something like a stingray and they will abuse it. God only knows what they might do with a zero day if you provided something like that to them. IMHO they have treated us citizens like the enemy and therefore can no longer expect cooperation. I wish we lived in a nation where LEO's followed our laws and if they came to me or Apple, or anyone else and asked for help catching a crook or investigating a crime we could do so freely and comfortably knowing any tools and techniques would not be abused or used to violate peoples rights but we don't live in that nation. Its sad.
Still I expect the FBI to do its job and try to get into that phone. If they can fine, but they have no right to make demands on Apple. If McAfee wants to help fine, that is his choice. If he can charge them a few 100,000K good for him.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Pick your new name loser...
And when you make the government the holder of all the wealth, all the power, the keys to everyone's lives then what kinds of people are going to go into government? That is why power is said to corrupt. Time and time again we see what kind of people rise to the top in countries that concentrate totalitarian power in their central governments. Thugs, criminals, the person that can murder and torture the most people that is who will rule us if we further concentrate that kind of power over the minutia of everyone's lives.
America isn't just based on the protection of Liberty through our Federal government, it is based on the protection of Liberty from our Federal government. And is for that very reason, that the founders realized that centralized power corrupts and terrible things happen when it does.
administration is any less a public enemy than the Bush administration was...
And when are we going to have enough of the lying tyrants ?
Comment removed based on user account deletion