John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America

MojoKid writes: Wondering what John McAfee is up to these days? It's not sniffing bath salts nor is he fleeing foreign countries as a person of interest in a murder investigation and faking heart attacks (been there, done all that) ; instead, he's on a mission to save America. How so? By cracking the code on the San Bernardino iPhone that's causing such a ruckus. McAfee didn't just criticize the FBI; instead he offered a potential solution. Let him and his team of hackers break into the iPhone without any help from Apple. "With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension," McAfee said. Eccentric rant aside, McAfee's offer is simple - give him three weeks and he will, "free of charge, decrypt the information on the San Bernardino phone" with his team of hackers. He'll do it using mostly social engineering.

What's he on, today?

[MSG]

McAfee is clearly off his rocker. The only person or persons who he could expect to socially engineer his way through are dead.

Re:What's he on, today?

[Talderas]

Unless he believes Apple has the ability to decrypt the device and plans on socially engineering them.

Re:What's he on, today?

[aaron4801]

He's socially engineering the FBI. He'll just waste the 10 attempts, and get the phone wiped. Debate over.

Re:What's he on, today?

[Krishnoid]

McAfee is clearly off his rocker.

...

I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension,

Hey, if these hackers are the ones that starred in his last video, and he's going to make another one describing how he plans/executed this hack, I'm all for it.

Re:What's he on, today?

[tehlinux]

Is there some reason they can't clone the device? That would buy them unlimited attempts.

Re:What's he on, today?

The FBI is not asking Apple to decrypt it. They're asking Apple to load a new firmware on it that removes the limit and delay on the number of tries before the device wipes itself so they can brute-force it. They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

Re:What's he on, today?

[sycodon]

Apple clearly can take that phone, throw it on the bench and have their way with it.

Re:What's he on, today?

[Marginal+Coward]

If he works with "a team of the best hackers on the planet," surely the Long Island Medium must be among them...

(BTW, I bet even the nerds on the team make fun of her hair.)

Re:What's he on, today?

[__aaclcg7560]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

Re:What's he on, today?

[sims+2]

Hardware based encryption. No way to extract the key.

Re:What's he on, today?

[PopeRatzo]

I really want some of what John McAfee is smoking.

Re:What's he on, today?

[PopeRatzo]

What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

That's it in a nutshell.

Re:What's he on, today?

[NatasRevol]

This would be the best outcome.

Re:What's he on, today?

[kimvette]

Posting to negate moderation.
I accidentally the post!
(clicked overrated rather than funny. sorry about that!)

Re:What's he on, today?

[fustakrakich]

I approve this post. AC by accident...

Re:What's he on, today?

[gweihir]

They cannot clone that encryption key.

Re:What's he on, today?

[ravenshrike]

The fact of the matter is that the FBI could probably get the NSA to expose the hardware encryption, although there's a chance of failure, and having done so clone the damn thing as much as they wanted. It would just take a year or so and cost a shitload of money. Much easier to try and bully Apple into doing their bidding

Re:What's he on, today?

[AdamThor]

So John McAfee can make a boast that won't get tested. He gets to proclaim himself supreme ninja badass knowing nobody will call his bluff, AND illustrate that when the government doesn't take him up on his offer it is because they are after something other than what they claim.

*golf clap*

Well played, Mr. McAfee.

Re:What's he on, today?

[Andy+Dodd]

Apple devices have an additional "trick" beyond just PBKDF2 - There's a random AES key burned into the CPU, and it's wired such that it can be set/erased, but not directly read - it can only be fed as the key into an AES engine.

I am not sure if Apple's PBKDF2 has this AES engine as part of the loop, or if it just feeds the key that comes out of PBKDF2 through the AES engine, but the end result is, on any given device, the AES key that results from a given passphrase is unique to that device and cannot be reproduced off-device.

So if someone just clones the device's flash contents, they have to resort to brute-forcing AES directly, as opposed to trying to brute-force passcodes.

So you can only brute-force passcodes on-device (something like 80ms per try on this model, newer models have a 5 seconds per try limitation), and Apple's software doesn't even allow you to do that. The FBI wants to at LEAST get on-device brute-force capability.

Which might still take years if the user had a reasonably strong passphrase.

Re:What's he on, today?

[MerlynEmrys67]

You can exactly clone the 1s and 0s perfectly. This will allow you to have a cloned copy of the encrypted data. The problem is access to the hardware key. Loose the key and you go from a 1:10000 chance of guessing the pin to 1:2^128 chance of guessing the AES key.

You can easily clone an encypted DVD exactly and be able to play it anywhere. What is hard is to copy the data, transcode it and write it back in another format without DVD John getting involved with his magic key

Re:What's he on, today?

[BitZtream]

Social engineering doesn't require they be alive or that you communicate with them.

If he finds out the password is the year they were born in, that's still social engineering. If he teases information out of the neighbors that leads him to guessing the right password, that's still social engineer.

You'll rarely succeed in a direct social engineering attack, people start to detect it when you ask too many questions of them directly. It works great when you target mom and dad, a sibling, a secretary or boss, or some other side channel.

Most social engineering attacks on business are accomplished via a subordinate like a secretary, most NEVER communicate with the actual target. Absolute most common is a secretary giving up an email password for the boss who can't be bothered to type out his retarded thoughts, so the secretary gets a call from IT, doesn't know any better and in the attempt to be helpful, destroys all security.

Re:What's he on, today?

[Aighearach]

You're a bit dull to be name-calling based on your presumed intellectual superiority.

It took about half a second for me to notice that an attack vector would be Apple, because they're the ones with the private keys needed to install modified firmware. And, presumably there are live humans at Apple that are potentially susceptible to social engineering attacks.

Unlikely his people are that good, but there is an available (very difficult) solution that matches his claim.

Your inability to think even all the way to the edge of the standard box makes it unlikely you can offer deeper security insights than McAfee. Crazy has always been why he is entertaining, but it was never any sort of counter-point to his genius.

Re:What's he on, today?

Close. I don't think he would wipe the phone, that would make too much trouble even for a man with MacAfee's history.

No, he's shedding a light on how absurd the FBI's story on this item is. "Oh my goodness, there's a phone connected to this tragedy and we don't know what the 109 messages say! Even though we know who did it, we know that the messages went to Africa, we know the times and the recipient(s), we have all the meta-data. Oh, and we have the full resources of the FBI, CIA, NSA, DOD, the Five Eyes, and we've data-mined the entire planet. Yet John MacAfee can break into this phone with a tiny group of volunteer hackers and we just can't figure that out at all."

The only thing the FBI is trying to do here is to cynically use a tragedy to set official, legal precedent. They are attempting to bully the phone makers to give them anything they want, any time they want it. This has nothing to do with the San Bernardino shooting beyond winning sympathy and support for the spying goals of the FBI.

J. Edgar Hoover would be proud. Also Niccolo Machiavelli. We've been giving the Three Letter Agencies anything they want since 9/11 and they've grown fat and entitled on the spoils.

Re:What's he on, today?

[taustin]

I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.

Re:What's he on, today?

Only Apple has the key to sign their firmware image. OK, maybe the NSA but they'd never share that capability with the FBI.

Re:What's he on, today?

[taustin]

That also only cracks this phone. If they can get Apple to cough up the right info, they can use OS update features to crack all iPhones, everywhere, remotely.

Re:What's he on, today?

[__aaclcg7560]

Edward Snowden is not a legal analyst.

I wasn't referring to him.

Re:What's he on, today?

[Xylantiel]

The "social engineering" bit makes you wonder if Apple has done exactly this in other instances. So just lie to apple about the situation with some sufficiently sobby story and they'll open it.

Re:What's he on, today?

[Trailer+Trash]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

I came to this conclusion yesterday. Some clueless folks elsewhere were arguing that there might be a zero day exploit that Apple could use (um, paradox, anyone?) that would get the trick done. My point was that if such were available chances are the FBI, NSA, whomever would already know about it or be in a position to find out about it, and that would be an easier and cheaper route to take.

It's obvious that they want to force Apple to do this as a precedent, particularly now that iPhone 6 + cannot be "hacked" in this manner.

Re:What's he on, today?

[vtcodger]

Glendower: I can call spirits from the vasty deep.
Hotspur: Why, so can I, or so can any man; But will they come when you do call for them?
    Shakespeare - Henry IV

Maybe McAfee can indeed summon spirits from the vasty deep. OTOH, I don't think I'd hand him (or anyone else) that phone until I had somehow copied the contents of ALL the storage. I have to believe that's still possible even if it means microsurgery on the circuit board.

Maybe I'm demonstrating my antiquity, But it'd make me REALLY nervous to let anyone, McAfee, Apple, NSA, whoever ... tackle cracking an encrypted device without a full backup of its contents.

Surely somewhere in the intelligence community, there are folks with the skills to isolate the hardware components, extract the data and brute force access to the unencrypted content.

Re: What's he on, today?

[n0creativity]

Random update? No. But, Apple can, without a doubt, force an update on this, or any iPhone, without any user intervention. It's the precedent that they are fighting...

Re:What's he on, today?

[TangoMargarine]

You can easily clone an encypted DVD exactly and be able to play it anywhere.

You can? I thought they were still doing that thing where the DVD burner's firmware wouldn't let you write to the inner track where the factory-pressed discs have some of their auth logic. So you end up with a copy of all the information on the DVD you actually care about, but compliant players will recognize it as a forgery since it doesn't have the secret sauce.

Re:What's he on, today?

[macs4all]

I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.

Apple CANNOT Force an OS Update onto an iPhone remotely. I requires the User to either bring up the Update function or at the very least, Confirm a Dialog prompt.

And I would doubt Apple can do so even with physical access, without taking the phone apart to expose JTAG (or similar) pins.

Re:What's he on, today?

[macs4all]

The "social engineering" bit makes you wonder if Apple has done exactly this in other instances. So just lie to apple about the situation with some sufficiently sobby story and they'll open it.

Don't you think that someone that successfully did that would be on the news right now, proclaiming that Apple is lying?

Re: What's he on, today?

[macs4all]

Random update? No. But, Apple can, without a doubt, force an update on this, or any iPhone, without any user intervention. It's the precedent that they are fighting...

Citation, please?

Re:What's he on, today?

[macs4all]

Apple clearly can take that phone, throw it on the bench and have their way with it.

But the FBI isn't offering that. They want Apple to develop a custom FBiOS FOR them.

Re: What's he on, today?

[v1]

Random update? No. But, Apple can, without a doubt, force an update on this, or any iPhone, without any user intervention. It's the precedent that they are fighting...

I've been an Apple certified tech for a decade, and I currently support close to 200 iPads, among many other Apple products. No one can "force an update" on a locked iDevice, without physically tampering with the electronics. Even if they were to do that, and created custom firmware and sign it (which they could, since they have the PK) and upload that and run it. But the security enclave is protecting the key and the firmware is helpless to either extend the password guesses or forceably recover the key, so the entire point is moot. Again you get back to needing to do much more sophisticated hardware hacking, to beat the SE, which was specifically designed to preven this sort of attack. Apple, being the creators of the SE, would probably have the best shot at it, but it's not an easy nut to crack.

(I personally think the FBI already has the information and is just doing some theatrics to try to keep the bad actors convinced that they can't get at data on an iPhone, so they will continue to use it and give the FBI access in the rare cases there are no other alternatives and the need is dire)

Re: What's he on, today?

[Architect_sasyr]

I can't cite that, but they can change the pin remotely via Find my iPhone so why is any of this apparently difficult?

Re:What's he on, today?

[__aaclcg7560]

Who were you referring to?

A legal analysis (yes, my bad for using the word analyst) from the Electronic Frontier Foundation.

Re:What's he on, today?

[wjcofkc]

Okay, so I had never seen that video. Damn near redeeming.

Re:What's he on, today?

[david_thornley]

Apple is opposing this for privacy purposes. They either care about privacy or want to be obvious in its defense. Everyone knows that new firmware can be flashed onto an iPhone 5/5C or earlier without knowing the PIN. This is not true of the 5S on. I assume they have vulnerabilities, but fewer.

Re:What's he on, today?

[david_thornley]

Look, the defenses against this in the 5/5C and earlier models are primarily in software, so there are ways to get around it with software. Doing this requires writing new software that Apple didn't have before, and exploiting a vulnerability.

This won't work on any iPhone Apple is currently selling, by the way.

Is it your opinion that any company that mentions privacy, but has sold equipment that is designed to be easy to use and happens to not be able to stop a major megacorp breakin is lying or hypocritical?

Re:What's he on, today?

Or so they say. They've also said they couldn't break in to phones with the wipe feature at all, but that's very, very clearly not true.

I think you are conflating what is probable with time, research, and resources, with what they have in hand today. Anyone knowledgable about device security would acknowledge that there are flaws that would allow hacking into the phone, but that doesn't mean Apple has them available today to access this device. So it is NOT at all evident that when Apple "said they couldn't break in to phones with the wipe feature" that such statements were "very, very clearly not true." Note I am not saying they may not have the ability, just that your reasoning is flawed. And regarding the "Or so they say", that is just standard conspiracist speak for I choose to believe otherwise even though I have no proof to support it, so there.

Re:What's he on, today?

[unixisc]

I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.

Apple CANNOT Force an OS Update onto an iPhone remotely. I requires the User to either bring up the Update function or at the very least, Confirm a Dialog prompt. And I would doubt Apple can do so even with physical access, without taking the phone apart to expose JTAG (or similar) pins.

They don't need to do it remotely! They can ask the court or the FBI to ship it to them in Cupertino, and can do it there, and just give the FBI the data.

Re: What's he on, today?

[sumdumass]

I don't know why the FBI doesn't just dig the terrorist up, cut off thier fingers, get access and change the pin. Is there anything preventing that?

Re:What's he on, today?

Well, not really. Because all the government has to say - and it doesn't even have to say it officially, it can get its tame talking heads and commenters and analysts to say it easily and clearly enough - is that McAfee is full of shit, can't do what he says, they don't trust him as far as they could vomit him, and that's why they're not letting him near this vital evidence.

All of which would be completely true.

Re:What's he on, today?

[arth1]

Only Apple has the key to sign their firmware image. OK, maybe the NSA but they'd never share that capability with the FBI.

But does Apple have a way of forcing an OS upgrade onto a locked phone? I was under the impression that this would require an acceptance from the user, and the acceptance can only be displayed after login?
Or have Apple the old Sony flaw with firmware that gets auto-installed on reboot as long as it exists on an external partition with a certain name, no post-boot confirmation needed?

Re: What's he on, today?

[leonbev]

What makes you think that his hacking team couldn't pull it off with some clever social engineering tricks? They don't need to decrypt the phone using brute force... just need to figure out what PIN number the shooter used in less than ten tries. Odds are that he used the same PIN on something like his debit card or tax return, and getting that info from a gullible customer service rep wouldn't be too hard.

Re:What's he on, today?

[xvan]

It'd be easy to test. Throw him a another phone and ask him to unlock it. But they don't need him to unlock it, so they won't ask.

Re:What's he on, today?

[BasilBrush]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

Given their argument is legal and constitutional, not technical, they are making no such denial.

Re:What's he on, today?

[BasilBrush]

But that would set the precedent that Apple must help to unlock every phone the FBI or other law enforcers demand.

Re:What's he on, today?

[stephanruby]

Unless he believes Apple has the ability to decrypt the device and plans on socially engineering them.

Apple probably has the ability to get rid of the delay each time a password gets tried. That would go a long way to breaking the encryption.

Also, human beings are fairly habitual and consistent, and most still use easily breakable passwords. If you have access to other services that the target used, or other hardware, and possibly other passwords, in addition to any interview transcripts of their close family members and friends, you could probably narrow down the search space considerably.

Re: What's he on, today?

[BasilBrush]

After a time limit (I think 48 hours) after the last successful iTouch login, you then need to do a PIN/password login.

Re:What's he on, today?

[macs4all]

But that would set the precedent that Apple must help to unlock every phone the FBI or other law enforcers demand.

Oh, I definitely agree that that's the Gummint's REAL goal here.

Re:What's he on, today?

[Khyber]

He buys it from me, so all I can say is he must be lacing it AFTER.

Re:What's he on, today?

[KermodeBear]

Well, according to this comment from a few weeks back, it really may not be possible to just load new firmware onto the phone. It's a great read.

Re:What's he on, today?

[nitehawk214]

Except that everyone else in the real world does not accept his claim of "world class hackers" unless it is proven.

Actually, I take that back, most people are idiots and will take any claim without any proof.

Re: What's he on, today?

[sconeu]

Does a 5c have the fingerprint sensor?

Re:What's he on, today?

[recharged95]

Basically Apple admits they can do something. That's huge.

And the logical vector to break the encryption by design is likely not the only solution. Heck I've had certain dealings with Apple on security tech on very important services and the security was simply [XXXX] and and NDA.

Most common physical security? A lock. The tech concept is pretty simple, works well in mass scale though complex (i.e. Schlage lock for example)... but crackable. Just maybe not by brute force math.

Re:What's he on, today?

[Darinbob]

He's using social engineering on the FBI though. They hand over the phone, he types in the wrong PIN ten times in a row, then says "oops".

Re:What's he on, today?

[Darinbob]

Damn, I just made the same post, and here I am without a delete button.

Re:What's he on, today?

[ArsenneLupin]

According to one legal analyst, the FBI and NSA already have this capability.

Wouldn't this statement make him more of a technical analyst, rather than a legal one?

What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

Funny thing is, they're relying on the All Writs act to do compel Apple to do this. However, (at least according to that Wikipedia article), application of All Writs requires the fulfilment of 4 conditions, including "The absence of alternative remedies". If they've got the capability to do it themselves, there's your alternative remedy. The legal analyst should be concerned :-)

("(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.")

Re:What's he on, today?

[ArsenneLupin]

and it doesn't even have to say it officially,

Nope, at some point in time, they'll have to argue that before a court of law. Indeed, if McAfee volunteers to crack the phone, this means that it would not be necessary to force Apple to do it. So the court would need to actually show that either McAfee is indeed incapable of doing what he claims, or that there's a real risk that he'd taint the evidence.

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

Re:What's he on, today?

[ArsenneLupin]

But they don't need him to unlock it, so they won't ask.

If they don't need him to unlock it, they don't need Apple either to unlock it. And they can't admit that because thne they wouldn't be allowed to force Apple to unlock it.

So they must at least make a token effort to prove that McAfee can't unlock the phone.

Re: What's he on, today?

[zaphirplane]

https://support.apple.com/en-a...
Recovery mode ?

Re:What's he on, today?

[Maritz]

He works with a team of the best hackers on the planet, god damn it. They can factor large primes in their fucking heads.

Re: What's he on, today?

[meadow]

No but that doesn't stop people from having fun speculating on dead people's cut-off fingers anyway. Its all good /. fun :-)

Re:What's he on, today?

[malditaenvidia]

I wonder if the NSA is just watching this debacle, laughing their asses off and eating popcorn.

Re:What's he on, today?

[__aaclcg7560]

Why would they want to go to court?

As someone else point, no crisis should ever go to waste. The government had limited success in convincing Fortune 500 companies in putting a back door into their products. Which is why they need a legal precedent in the courts.

Re:What's he on, today?

[vel-ex-tech]

This is pretty much what I've been saying.

This benefits Apple because they get to say, "Look at us! We have magick uber encryption powered by the Flame of Udun!"

This benefits the FBI because they get to say, "There's no Power Word that can overcome the Flame of Udun! Give us backdoors!"

And the public believes this shit.

Given everything I've gathered and as others have posted, Apple could unlock the damned phone before breakfast if they wanted. There has to be a reason Apple is resisting, and I don't buy altruism. McAfee and anybody else could succeed if they can get root on the device without unlocking it. That's not even considering somebody who might know how to separate the crypto chip and get it to reveal its secrets. If I were in the government's position, I'd send Apple a subpoena for the technical specifications of that chip or the private key needed to sign an OTA update. Actually getting information about the shooters is tangential to the FBI's goal here.

Re:What's he on, today?

[__aaclcg7560]

And why would it not be admissible if they do it?

The government may have to reveal the technical details on how they acquire the data from a locked cellphone. Given a choice between revealing sensitive information in public court or letting the case collapse, the government will almost always let the case collapse. There is no guarantee that a judge would allow the data recovery to be admissible. If a legal precedent is established, Apple can unlock the phone without the government revealing anything.

Re:What's he on, today?

[__aaclcg7560]

The US Government can probably do this legally if the get a warrant to "search" the phone.

If they can unlock the phone with a warrant, why are they suing Apple to unlock the phone for them?

Re: What's he on, today?

[tibit]

That's true for current devices, not for iPhone 5/5c.

Re:What's he on, today?

[tibit]

The phone in question has no encrypted enclave. It's a more recent thing, present only on iPhone 5s and up.

Re:What's he on, today?

[sribe]

They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.

And they're certainly 100% trustworthy on this, they will never ever use it again.

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

Apple has clearly and publicly admitted they can do so.

How such ignorant foolishness ever gets modded up is beyond me...

Re:What's he on, today?

[bigpat]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

Apple should just agree to do it for the FBI on this particular phone on condition that they withdraw the court order so it isn't precedent setting. And make it clear that newer model phones do not have this same vulnerability that the FBI wants Apple to exploit, so that Apple will not have the technical means to do this hack in the future.

Re:What's he on, today?

[meta-monkey]

But he's claiming his method is sociological (which is dumb, the people with the password are dead) not technological. One definitely can't socially engineer their way into a test device from someone who takes security seriously, as I assume Apple would.

Re:What's he on, today?

[meta-monkey]

I don't think you do. Dude looks rough.

Re:What's he on, today?

[TheRaven64]

It's a bit more subtle than that, I suspect. If you want to provide something as evidence in court, then you must be able to demonstrate that correct forensic procedures have been followed. If you hack into a device, then it's quite difficult to show beyond reasonable doubt that you did so in a way that guarantees that the content of the data was not modified (accidentally or maliciously). It's been a while since I was involved with anything in this area, but back then they had special IDE cables with the write wires disconnected, for example so that you could plug the forensics computer into the drive and be absolutely certain that you weren't modifying it while imaging it.

The problem with a lot of the overreaching terrorism legislation is that it destroys this evidence chain. Anyone who is under investigation may have their computer hacked by the police / intelligence agencies, and therefore being under suspicion of such a crime gives a good defence that anything found on their computer may have been planted or tampered with by the same authorities. Any politician who campaigns on a platform of law and order should oppose them for this reason.

Re:What's he on, today?

[PopeRatzo]

I don't think you do. Dude looks rough.

Why do you say that?

http://cdni.wired.co.uk/620x41...

Re:What's he on, today?

[meta-monkey]

Picture of health right there.

Re:What's he on, today?

[Chelloveck]

Apple CANNOT Force an OS Update onto an iPhone remotely. I requires the User to either bring up the Update function or at the very least, Confirm a Dialog prompt.

Are you sure? Yes, normally an OS update puts up a courtesy prompt to say, "Is this a good time to do it?" But are you sure they don't have the capability to set some sort of "no questions asked" flag on the update to tell the phone to go ahead and do it right away without bothering the user about it? It's all just software, there's no need to flip a physical switch or anything to enter OS update mode.

If I was designing a phone I'd probably throw in a no-prompt update capability just to make QA's life easier when they have to push an update to a testing farm.

Re:What's he on, today?

[bheerssen]

Obviously, he has a crack Ouija board team.

Re: What's he on, today?

[trevc]

The device in question does not have an SE.

Re:What's he on, today?

[david_thornley]

AFAICT, all iPhones Apple currently sells, or will sell in the future, are immune to this attack. In the 5C in question, this attack may work because certain security measures are in software. In all 5S, 6, and 6S phones, these measures are in tamper-resistant hardware, so even if an OS update is possible without the PIN, it won't allow this attack.

Re:What's he on, today?

[david_thornley]

If you give me a few minutes, I can probably also come up with the names of some mediums who'd be proud that McCaffee thinks he can get the PIN from social engineering.

Re:What's he on, today?

[StikyPad]

Yes. As noted in the request, software updates can be installed when the device is in DFU mode, and that doesn't require the phone to be unlocked.

Re:What's he on, today?

[StikyPad]

That's not quite accurate either. Apple could write the software so that it only executes on the device with the UDID in question, and refuses to run on any others. As it is, OS updates must be signed to install, so modifying this "special" OS to check for a different UDID would render it useless.

Re:What's he on, today?

[surd1618]

You should read about the case. The FBI can almost certainly crack it. It's like Richard Feynman said about locks, "One guy [or woman] tries to make something to keep another guy out; there must be a way to beat it!". The FBI is most-likely using this high-profile case to secure the legal precedent to demand that devices are unlocked in future cases, making evidence so obtained admissible in court.

Re:What's he on, today?

[macs4all]

If I was designing a phone I'd probably throw in a no-prompt update capability just to make QA's life easier when they have to push an update to a testing farm.

There are other ways to do that other than an explicit "software switch", such as testing some conditions to determine whether it is a new phone or one that has already been "set up". I used to do that to decide when to stuff defaults into an EEPROM on a product I was designing.

Also, I would be very surprised if Apple stuffs the OS into these phones via Lightning, Bluetooth, or WiFi. It would take WAAAAY too long. More likely, that is reserved for the "rework" line. I would bet that the Flash chip/SoC is pre-programmed with the OS image and Apps in a completely separate process and then stuffed onto the PCB along with the other components. Much, much faster, and you don't have to have special-purpose "start from scratch" bootloaders, etc.

Companies have been doing that sort of thing for years. In fact, most chip manufacturers and distributors will pre-program parts for you (but I suspect Apple wants more control over what goes in than your run-of-the-mill company making, for example, ice-maker controllers)...

As an embedded designer with about 40 years experience, that is how I would guess Apple gets the initial OS/app code into iOS devices.

Re:What's he on, today?

[kmoser]

Apple: "Okay, we've loaded the new firmware on the device."
FBI: "Thanks! Hey, wait--we tried brute-forcing the password and the device seems to have wiped itself! What gives?"
Apple: "Oops, our bad, sorry. But now that the device has been wiped, there's nothing we can do. Have a nice day."

Re:What's he on, today?

[Dread_ed]

They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.

Until they ask again. Only next time, its a secret court order from a secret court, who is using a secret interpretation of the law and the constitution that "allows" them to do it legally, only in complete secrecy.

It appears you are convinced our law enforcement and government have a squeaky clean, principled, and restrained approach to the sanctity and privacy of Americans and their persons, houses, papers, and effects. What sources of information have led you to this unsupported belief? What line have they not already crossed that you think they will uphold now? What part of this insane power grab by the US government leads you to think they will only use it once, and then once they have established an iron-clad legal precedent, set it aside and never use it again, much less abuse it like they have every other tool and circumstance available to them?

Re:What's he on, today?

[xvan]

What, you never heard of sepctro-social engineering?

Re:What's he on, today?

[nitehawk214]

Well, it is equally likely that they are not being altruistic in their brave defense of their users.

If they were to capitulate here, it would mean a deluge of decryption requests. This would cost them money and resources having to go to each one. Worse, it would almost certainly mean a massive loss of sales as people migrate away from them.

Either way, it is in the public's best interest to not have this go through.

Re:What's he on, today?

[kko]

They already let a county employee near the vital evidence, and said county employee bungled it completely.

Re:What's he on, today?

[lsatenstein]

McAfee is clearly off his rocker. The only person or persons who he could expect to socially engineer his way through are dead.

He is not. In fact, initially he does not need the terrorist's phone. He just purchases one or two similar models, that have the same electronics, and figures out what he needs to have done using those devices. Once his solution works with the substitutes, he just has to tackle the actual device.

Re: What's he on, today?

[ACE209]

It's the precedent that they are fighting...

http://www.thedailybeast.com/articles/2016/02/17/apple-unlocked-iphones-for-the-feds-70-times-before.html

Probably not.

Re:What's he on, today?

[RockDoctor]

They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.

And is there anyone on the planet who isn't already in a lunatic asylum who believes that the tool would never get out of the FBI's labs.

First FBI "hacker" who suspects his boy-/ girl-/ trans-friend of porking / being porked by someone else, the tool will be out of the labs and down the road.

Social engineering?

[operagost]

Hasn't that ship kind of sailed? I mean, it's like trying to find unbiased jurors for a murder case when the defendant is a famous athlete or musician.

Re:Social engineering?

[gweihir]

He will send hookers to the agents responsible on the FBI-side to distract them, then he will vanish with the phone....

Re:Social engineering?

[Archfeld]

That would most certainly work if it was the Secret Service, but I think you might have to send small children and fuzzy animals to the FBI for it to work on them...

Impressive!

[110010001000]

They must be pretty good if they attend Defcon in Las Vegas!

Re:Impressive!

[Lab+Rat+Jason]

I came here to say this!!!! with a pedigree like:

These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami.

How could they fail?

Re:Impressive!

At least it isn't Deaf Con in Reno.

Re:Impressive!

[wvmarle]

He also describes how those same "prodigies" have big problems finding a job, thanks to such demands.

"He'll do it using mostly social engineering."

The suspects are dead. Are they going to attempt a seance?

Re:"He'll do it using mostly social engineering."

[captaindomon]

With this being John McAfee, that's probably already part of the plan.

Re:"He'll do it using mostly social engineering."

[macs4all]

The suspects are dead. Are they going to attempt a seance?

Nope, Magic mushrooms, An EEG and Mulder and Scully.

But that didn't even get him access to the Dead. Just the Comatose. BIG difference!

Seems like a natural fit

[scunc]

Who better to break into a system that's nearly impossible to get into than the man responsible for software that's nearly impossible to get rid of?
--
What happens when an unstoppable force meets an irremovable object?

Re:Seems like a natural fit

[sims+2]

Last week I had to disconnect a system from the internet because It wouldn't allow me to get to the next step of the uninstall because the upsell page wouldn't load.

Re:Seems like a natural fit

[TangoMargarine]

He hasn't been associated with the antivirus software that bears his name in a very long time. He sold it before it went down the tubes.

Obligatory XKCD

[philipmather]

http://xkcd.com/538/

"Mostly social engineering"

Re:Obligatory XKCD

[sims+2]

Apparently dead people are better at keeping secrets.

Re:Obligatory XKCD

[sbaker]

I'd have to use a "beating a dead horse" analogy here - except that the dead guy was a terrorist, not a horse. Either way though - no amount of whacking the corpse with a $5 wrench (or even one of those $5,000,000 NASA Space-wrenches) will have very much effect here.

Re:Obligatory XKCD

[taustin]

Every coroner on every cop show on TV disagree with you. (Real life coroners have a more nuanced opinion.)

Re:Obligatory XKCD

I'd have to use a "beating a dead horse" analogy here [...] no amount of whacking the corpse with a $5 wrench

Well, there's your problem. If you really want results, you have to beat the correct horse with a battery staple.

Re: Obligatory XKCD

[ZeroWaiteState]

Torturing people isn't very efficient at getting information, either. That isn't the point. It's the message it sends to everyone else.

Can you work with an image?

[Rinikusu]

How hard is it to image the entire storage area on iPhone? Like, a bit for bit copy of everything on it? And then.. just load the image into a vm and brute force the PIN, while leaving the original device intact?

Re:Can you work with an image?

[agm]

The encryption keys and protection mechanism are hardware based, not software based. The bytes in storage are useless without the phone's exact hardware. Unless they try and brute force the encryption. How many millions of years would that take?

Re:Can you work with an image?

[spire3661]

You dont get it. This is the FBI's 'Rosa Parks' moment. They are using an incendiary case to force the issue that unbreakable encryption should not be allowed in casual use. They are trying to force the idea that it should be illegal to make an unbreakable lock and they are using this case to ram it home. They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.

Re:Can you work with an image?

[bad-badtz-maru]

So, after failing ten times, you restore back to the phone from an earlier image?

Re:Can you work with an image?

Not on this iPhone they're not. It's a 5c, not a 5s. It has no secure enclave. There's absolutely no technical reason Apple can't help the FBI, they just aren't for - well, who knows. My best guess is because they're afraid it would shake confidence in Apple Pay if it came out that it was possible for the FBI to decrypt an iPhone.

If I were more charitable I'd say it was because they value their users' privacy but they're a giant company. They don't give a shit about anything other than their customers' money. They already by default constantly track the location of every iPhone and the iPhone constantly phones home to Apple about what apps you're running and where you are. The idea that they care about users' privacy is ridiculous, which means they're refusing to help the FBI for some other reason, and you can be sure that reason is ultimately the bottom line.

Re:Can you work with an image?

[Rockoon]

Its so much simpler than all this.

Prevent the device from being able to write the invalid attempts count to wherever it writes it. Now try all 10,000 combinations, power cycling as needed. Thats the way hardware guys are thinking about it.

Re:Can you work with an image?

[grimmjeeper]

There's only one problem with that. Cracking up to 37 characters of unicode characters (even if you don't use the entire 200K+ set of printable characters) is slightly more difficult to brute force than the 256 bit AES key...

By my math, with 37 characters, you only need 121 unicode characters (not 121K. Just 121) to make roughly as many permutations as a 256 bit AES key.

Re:Can you work with an image?

The wiping of the encryption key happens in the specific hardware, it is not part of the software image. We are not yet able to image hardware AFAIK.

Re:Can you work with an image?

[Spaham]

It could be any string, actually. People most often use 4 digit pins, but you can choose a longer password if you like.

Re:Can you work with an image?

[edtice1559]

The four digit PIN isn't used to encrypt the device. If it were, the thing would have been decrypted in under a minute. The encryption key is stored in a piece of hardware that takes the PIN and encrypted data as input. It combines those with a key that only the hardware knows to generate some output. If the hardware would make it's key available then it would be trivial to do what you describe. But the hardware is explicitly designed NOT to do that. It can only output the decrypted text. If you pass it the wrong PIN, the output is jibberish. Of course you can still try every combination of PIN but you need the actual hardware. For iPhone 5, if you entered a bad PIN too many times, the OS wiped the device. If you could sabotage the counter or otherwise modify the software you get unlimited tries. That's what the FBI wants here. Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore. However, Apple can decrypt an iPhone5. But they have to do it by updating software to not wipe the phone.

Re:Can you work with an image?

[gweihir]

That is not the problem. The problem is getting the encryption key out of the secure microcontroller storing it. Seriously, your amateur-level approach is among the very first things the experts will check for feasibility... and will find that it does not work here as.

Re:Can you work with an image?

[gweihir]

Would take longer that the remaining lifetime of the universe or alternately more energy and matter than is available if the universe goes for heat-death.

Re:Can you work with an image?

[gweihir]

And how would you do that for the secure key storage hardware that does not offer that functionality?

Re:Can you work with an image?

[Andy+Dodd]

The key is a derivative of the PIN that has been encrypted by a device-unique AES key that can be set and erased but NOT read back. The only thing that is wired to that memory cell's outputs is an AES engine's "key" input.

So it's not quite a PUF but it's pretty close.

Best route of attack other than decapping the chip and microprobing it is likely DPA.

Re:Can you work with an image?

[Andy+Dodd]

A lab operating on an image will have to directly brute-force AES, as the PBKDF2 result is encrypted with a device-specific key before it is used.

e.g. entering pin 0000 will result in a different AES key on every individual device in existence.

Re:Can you work with an image?

[gweihir]

And anybody that knows their stuff just uses a secure passphrase with > 100 bits of entropy and Argon2 and nobody besides them will ever be able to unlock that. Apple only needs the hardware to make it very convenient to get secure crypto. It is entirely possible to do this securely in software only, just requires a user that is willing to remember more than 6 characters and letters.

Re:Can you work with an image?

[bad-badtz-maru]

Makes sense, thanks.

Re:Can you work with an image?

[j-turkey]

You dont get it. This is the FBI's 'Rosa Parks' moment. They are using an incendiary case to force the issue that unbreakable encryption should not be allowed in casual use. They are trying to force the idea that it should be illegal to make an unbreakable lock and they are using this case to ram it home. They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.

THIS! I wish that I had mod points. You are correct, the case is entirely political. The Guardian has an article that explains in depth what you very succinctly stated. The big takeaway is that the actual data in this case doesn't really matter. However, the feds were fishing for the perfect inflammatory case to establish legal precedent (NPR had a great story on it earlier this week with a legal analyst who said that the Justice Department knew exactly what they were doing when they chose this case). Tim Cook is spot on in fighting this as a precedent matter more than anything else.

Re:Can you work with an image?

[spire3661]

Read more history. I dont think the Jews in Germany ever imagined things would ever end up where they did either. Thats not hyperbole or Godwin. History EXPLICITLY AND WITHOUT QUESTION teaches us that these powers can and WILL be abused to hurt and literally enslave people. IF they can do it to 'criminals' they can do it to anyone. Part of you earning and investing is BEING A GODDAMN CITIZEN. You dont get to completely ignore your civic duty. Where did you get that idea that your only function is to be a selfish prick and give nothing back? Paying taxes=!being a citizen or fulfilling your civic duties. Get involved and you will see precisely why people scram about this shit. Did you parents teach you nothing of the sacrifices people made to get us here? Freedom isnt free, it requires an involved and educated citizenry. Be part of that or shut the fuck up. Dont let your apathy strip others of their creator granted rights.,

Re:Can you work with an image?

[Alypius]

It explicitly establishes precedent. The FBI gives fuck-all about the phone; they want to be able to use the All-Writs Act to compel private companies to do LE/intelligence work, e.g. DHS doesn't like "right-wing extremism," so the Feds get a judge to compel Facebook to compile a list of people with a Gadsden Flag as their profile pic. Or compelling Microsoft to activate all the microphones on Xboxes people on a target list to listen on their conversations. Amazon to fork over everyone who searches/purchases ammunition reloading equipment. The list is limited only by the imagination of the people who want the data without all that pesky 4A nonsense.

Re:Can you work with an image?

[AmiMoJo]

There may be a way in to the Secure Enclave. It appears that Apple can update the firmware of the Enclave. In the past they have adjusted the time you have to wait between PIN attempts.

That being the case, it's possible the update mechanism could be abused. Even if it's only the ability to set some parameters, there could be an exploit, or perhaps they could set the delay to zero and unlimited retries.

You can bet since Apple released the update people have been looking at this. Maybe someone has something already.

Re:Can you work with an image?

[sshir]

Does apple's file system have checksums? If it doesn't then what you've described is fairly easy to break: Just dump the flash, wipe the phone, create dummy file, plop original content into its place, and try it with different PIN numbers until file contains coherent data.

Re:Can you work with an image?

[EricTDuckman1414]

I agree with and support the popular slashdot opinion on this issue: civilians should have access to strong encryption with no back doors.

I just....don't care enough to do anything about it. I plead guilty to charges of complacency. So long as my money is safe (not from the economy of course; no money is safe from that, and not from taxation either, but from overt thieves) I don't care if Big Brother knows which video games I spend my free time playing, which books genres interest me, where my office and home are, etc. It just doesn't impact me.

I don't want to be victimized by crime...I want to be able to earn and invest my money and pursue my simple pleasures in peace. And I have that. And the government monitoring doesn't interfere with that.

So sue me.

Ah, but what if the NSA's AI data sifter SKYNETsays that, based on the video games you play, the books you read, and the areas where you travel, that you are likely to be a terrorist and they send a drone or a death squad to take you out? Sure, right now they're only doing that in Pakistan, but what's to stop them from doing it everywhere, to anybody, even if they're white? The U.S. Constitution? The fifth amendment due process clause can't even stop local yokel police departments from taking your stuff without ever charging you with a crime, so how's that olde piece of parchment gonna stop the feds from snuffing you 'cause their algorithm flagged you?

Re:Can you work with an image?

[trenobus]

They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.

Maybe they care about the data, but it's likely they have other ways to brute force the passcode. This battle with the tech sector over encryption has been ongoing for more than a decade. What's different about this case is that it is the best opportunity the government has had to use fear of more mass killing to shut down the thinking part of the average person's brain. Their goal is to ensure that they have the keys to decrypt anything encrypted by the general public. (Anybody remember key escrow?)

Anyone with a basic technical understanding of how encryption works knows that there is no way to stop a knowledgeable person from implementing encryption in software, and keeping their keys private. So this is really about preventing the average person who lacks that knowledge from having unbreakable encryption. It's interesting that the situation with the general public and firearms is a similar situation, and in fact cryptography was once classified as a munition. It seems to me that a liberal interpretation of the Second Amendment might apply to encryption. I point that out especially for those of you who feel entitled to assault weapons under the Second Amendment.

Personally, I think we need to look at personal devices, and perhaps even our use of search engines, as extensions of our minds and as such, should be treated by the law with the utmost concern for privacy. After all, the technology to actually read minds is advancing, and the day may come when the precedents we set today for our personal devices are applied to our brains.

Re:Can you work with an image?

[Jack+Griffin]

Er what? I thought the Rosa Parks moments was a good thing? Someone has their analogies confused...

Re:Can you work with an image?

[j-turkey]

Er what? I thought the Rosa Parks moments was a good thing? Someone has their analogies confused...

I think that you're not looking at the analogy from a relative perspective, rather, it appears that you may be looking at that term from a point of absolute good and bad. The Rosa Parks moment, in historical context, was an inflection point for the civil rights movement. DoJ is trying to use this as an inflection point in their fight against encryption (hence the use of the term "Rosa Parks moment"). It's not necessarily a good thing for all of us, but a good thing for DoJ, as an appeal to emotion/outrage and an inflection point in the encryption/surveillance debate. I can't speak for the GPP, but I believe that this is where he's coming from. Are you with me now?

Re:Can you work with an image?

[Jack+Griffin]

Are you with me now?

I was always with you, I just thought "Rosa Parks moment" wasn't the clearest analogy.

Re:Can you work with an image?

[Fnkmaster]

From what I've read they've been willing to do this in the past for law enforcement. There's no secure enclave issue here, it's all software (turtles?) all the way down, so no question whether they can do it or not. Even if there were a secure enclave, it still sounds like they can do it (just would require a different approach).

I suspect it has to do with the way assistance was requested. Quiet and on the DL is probably fine, but making a big loud mess about the All Writs Act and shaking sticks with the intent of setting up legal precedents to force hands in the future seems like an awful idea by some true idiots at FBI.

Re:Can you work with an image?

[cloud.pt]

Beautiful words.

Re:Can you work with an image?

[sribe]

Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore.

Apple has already said that they could break an iPhone 6 in a similar manner. So the exact same trick may not work, but there's still a way.

Re:Can you work with an image?

[edtice1559]

The encryption key gets securely erased when you wipe the device. If you do that, you'll never recover the data. This stuff is well thought out. There may be a side-channel attack on iPhones with TouchID but direct attacks are impossible unless there's a backdoor that we don't know about. You won't go after this via brute force. https://www.apple.com/business...

Re:Can you work with an image?

[ChrisMaple]

Rosa Parks was not the first black to loudly refuse to go to the back of the bus. She was the first relatively attractive black woman to loudly refuse to go to the back of the bus, so that activists could build both legal and publicity cases around her.

Re:Can you work with an image?

[ChrisMaple]

If the invalid attempts counter is 4 bits of flash in the CPU, if the count is incremented before the attempt is made and only zeroed after success, your technique cannot work.

Re:Can you work with an image?

[david_thornley]

Companies sometimes do act in the best interest of their customers. Lots of successful companies do care about their customers, if only to set customer service into the corporate cultures. Lots of executives do want to do the right thing (although it's trivial to come up with executives who very definitely didn't or don't).

If you are an Apple customer, and Apple is clearly willing to fight for your interests, you're more likely to stay an Apple customer. If you're the sort of CEO who thinks a quarter ahead at most, this doesn't matter. If you think five or ten years ahead, you are likely to be very interested in customer loyalty.

Believe it or not, it is possible to be too cynical, and it is possible for corporations to profit from doing good things for their customers.

dammit John, FOCUS!

[Thud457]

You're supposed to be running for president!

A Trump / McAfee ticket is the closest thing we can get to having President Dwayne Elizondo Mountain Dew Herbert Camacho in real life.

Re:dammit John, FOCUS!

[Shatrat]

Honestly, I'd probably vote for Terry Crews if he ran.

Re:dammit John, FOCUS!

[myowntrueself]

You're supposed to be running for president!

A Trump / McAfee ticket is the closest thing we can get to having President Dwayne Elizondo Mountain Dew Herbert Camacho in real life.

My God, McAfee as Trumps running mate. This would virtually guarantee that Trump wouldn't get assassinated in office. The only thing that could be better is if Trump had a Hispanic running mate.

Re:dammit John, FOCUS!

[l0n3s0m3phr34k]

I still prefer them over an Evangelical Theocratic Ted Cruz presidency, who would implement an Dominionist version of "sharia law".

Re:dammit John, FOCUS!

[Gavagai80]

This would virtually guarantee that Trump wouldn't get assassinated in office.

On the contrary, he might become the first president to be assassinated by his VP.

It would be comedy gold...

[twotacocombo]

If only they would take him up on his offer. The first thing that came to mind was Kip driving over the plastic bowl with the camper van.

Dang it!

All the phone will say is....

[Harold+Halloway]

"Eat at Luigi's!"

Re:All the phone will say is....

[desdinova+216]

no, Drink your Ovaltine!

Re:Seance required

[Thud457]

Easy, if you have a time machine.


Or think you do.

I don't understand

[goarilla]

Can't they just open the device, dump the data & OS and try to bruteforce that without using the iphone passcode system ?

Re:I don't understand

[sexconker]

If you manage to dump the memory contents without tripping any protections that cause shit to be wiped you'll need to brute force a random 256-bit key.
Otherwise, you'd need to clone the whole fucking phone, including the hardened security chip, because it nukes the key after 10 failed attempts by default.

Re:I don't understand

[goarilla]

If you manage to dump the memory contents without tripping any protections that cause shit to be wiped you'll need to brute force a random 256-bit key.

Well I didn't say it would be easy :D.

Otherwise, you'd need to clone the whole fucking phone, including the hardened security chip, because it nukes the key after 10 failed attempts by default.

And Apple can't bypass their security chip, make the dump and hand it out to the FBI ?

Re:I don't understand

[R3d+M3rcury]

Well, as I understand it, the encryption is AES-256. So, in theory, it would take about 33,100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years, assuming you used the fastest supercomputer.

Re:I don't understand

[Andy+Dodd]

They intentionally wired it so the key memory output only goes into the key input of a crypto engine - it can't be read back without decapping the CPU and microprobing it, and they may have put in countermeasures against that.

Re:I don't understand

[goarilla]

Yeah but couldn't we try a dictionary first, plus I don't think people like inputting long passcodes on a selfphone.
I should really read up on this stuff but it's hard.

Re:I don't understand

[gweihir]

No. There is a crypto key stored in a secure microcontroller. Unless they get the key out of that chip, they have nothing. At this time, it depends very much on implementation details whether Apple can even write that mystical software to allow unlimited tries.

Re:I don't understand

[goarilla]

So the iPhone is one of the best physically secured commodity devices these days, wow.

Re:I don't understand

[Hans+Lehmann]

No. The 256 bit key was not created by a human, it's generated at random at the time the chip is manufactured and is not readable from outside the chip, so any word or phrase in a dictionary is no more likely to be the key than any random string of bits.

Re:I don't understand

[random+coward]

And that is why its so important to Apple not to do anything else to help here. IF it looses its place as one of the best physically secured commodity devices, then Apple loses a lot of value as a company.

Re: I don't understand

[ZeroWaiteState]

No, but if the government orders Apple to keep trying until they run out of money, then the example will be made. That's the point.

Re:I don't understand

[jafiwam]

Yeah but couldn't we try a dictionary first, plus I don't think people like inputting long passcodes on a selfphone. I should really read up on this stuff but it's hard.

They could narrow stuff down a bit by carefully examining places where PWs are stored or things that are used for inspiration... except the dumb fucks already released the apartment and the landlord let the media in so the whole place is compromised.

The password could have been written on a post-it note on the fridge for all we know.

Though, these guys effectively destroyed two other phones and some hard drives, this iPhone is a third "work" phone used by one of them. It doesn't necessarily have any data on it, and the fact that it wasn't destroyed sort of implied it won't. The county (the employer) that issued the phone also failed to put any regular IT safeguards on it or they could have just gone that route.

Sitting here looking at my "your data got stolen from the government" OPM hack announcement letter and all this makes me certain the government shouldn't be trusted with a pointed stick, let alone a tool to unlock phones.

The FBI needs to go crawl back under their rock where they can effectively protect hillary fucking clinton from numerous felonies.

Re:I don't understand

[R3d+M3rcury]

Sure. My Unix dictionary has 235,886 words. You are given 10 chances.

Choose wisely.

Re: I don't understand

[gweihir]

They cannot do that. For one thing, it would be illegal. For another, they cannot practically do this: Apple could put a "reasonable" number of engineers on the problem permanently (say 5) and that would be it. Expect a solution in 20 years when it has become irrelevant. And seriously, if they really could do that, Apple would just leave the US, with tremendous negative political fallout for the FBI.

No. This is a battle of whits and the FBI has been traditionally short of those. They cannot win this fight unless Apple caves. Apple has no reason to do so that I can see, but a lot of reasons to _not_ do so.

Give him a chance - he'll murder that encryption

[JoeyRox]

He's good at that.

commentsubjectsaredumb

[Falos]

>He'll do it using mostly social engineering.

It seems like we (or the source) got this stuff a little hot, maybe from a handmade audio transcript. Over at Ars their take was

> About 75% [of the associates] are social engineers. The remainder are hardcore coders.

Plus the eating his shoe thing. Sensationalism or not I'm surprised that's not mentioned in TFA.

sneeky

[NetNed]

I am pretty certain Mcafee is working some amnesty angle here.

Wait, what?

[bistromath007]

This is pretty much completely the opposite of the sort of thing he usually claims to be in favor of. I was thinking about probably not registering to vote so I could vote for him. What the shit?

Re:Wait, what?

[gweihir]

Oh, simple: He cannot do it. He will not get a chance to try either and he does know that as well.

Re:Wait, what?

[TangoMargarine]

Well, if he somehow manages to do it before some court case gives the TLAs the legal right to do it themselves, technically that's a win? Or at least a temporary absence of a loss.

Let's go on pretending like the NSA actually gives a shit whether something is legal or not.

Tim Cook to John McAfee:

"Knock Yo'se'f out!"

If he doesn't tweet this soon, he should.

how do you socially engineer the dead?

[bloodhawk]

The shooters are dead. How exactly is social engineering going to work against them?

Using social engineering, huh?

[xxxJonBoyxxx]

>> He'll do it using mostly social engineering

"No problem. Just gimme the phone number, the address and the bank of the guy who owns the phone. I'll have him giving up the code by Sunday."

>> He's dead.

"F***!"

"Social Engineering"

[Pete+(big-pete)]

By "social engineering", I take it he's not planning to directly attack the hardware of the phone, which means he's planning to use the only other logical approach to breaking into this phone (and to me the only obvious attack vector open to him or anyone else as long as Apple stand their ground [correctly]).

Because this phone has a four digit passphrase, this means that the owner of the phone has hit the same four sections of screen at least hundreds, and more likely thousands of times. Maybe it is possible using very delicate and incredibly accurate equipment to detect some sort of impact print on the screen where it has been used in those four spots repeatedly. If it is possible to do this, then you have cut down the number of password from 10,000 to 24 different possibilities. From here you need to check everything you know about the phone owner to see if any of those combinations are personally significant in any way - even if the combination is entirely random, you'll still have a 41.5% to break the password with 10 attempts...

Meh - then again I'm not a half-million dollar a year hacker, so what do I know?

-- Pete.

Re:"Social Engineering"

[93+Escort+Wagon]

Wow - it's amazing the FBI didn't think of that.

Re:"Social Engineering"

[bugs2squash]

Have him demonstrate his skills on another iPhone first.

Re:"Social Engineering"

[ScooterComputer]

My thought too. Nothing stopping him from taking any other iPhone 5c, setting Auto-Erase to on, and proving his hacking team's prowess on YouTube for the world to see.
(The exception is that the court order doesn't actually reveal what specific iOS version the iPhone is running. The FBI alludes, a lot, that it is running iOS 9.something, but doesn't otherwise clearly say. Which I find a bit suspicious; they spewed out a lot of other info about the device.)

Re:"Social Engineering"

[bloodhawk]

It isn't 24 combinations. 24 assumes 4 discrete numbers that are not reused (assuming it is only 4 numbers of course). the number or possibilities quickly escalates and you have the added complication of most people run the same few apps when they unlock a phone which of course are usually in the same position.

Re:"Social Engineering"

[cnettel]

If they are able to detect lock screen digits versus other things and only find 3 digits, that will result in less than 24 combinations, not more.

Re:"Social Engineering"

[bloodhawk]

incorrect. If they find 3 digits and know it is a 4 digit pin (but not which number is repeated) then the possible combinations are significantly higher not lower.

Re:"Social Engineering"

[PapayaSF]

Social engineering could also mean putting yourselves into the mind of the owner, and trying to guess his passcode. Hmmm, Islamic terrorists: How about 7284 (PBUH)?

Re:"Social Engineering"

[Hognoxious]

Where did you get 24 from, and did you wipe the shit off?

Re:"Social Engineering"

[ArsenneLupin]

Wow - it's amazing the FBI didn't think of that.

... or they're just perjuring themselves saying they didn't think of that. And actually have other goals than just cracking that specific phone.

Re:"Social Engineering"

Actually they did. There's even published research papers detailing the wear on the glass (or even the dirty fingerprints) can greatly reduce the search space.

The FBI doesn't want the data. It is not going to help them prosecute the dead person more. They want the ability to force companies to assist in gathering the data, in the area where the data is encrypted. This way they can guarantee that every device will require a FBI backdoor of some sort (for legal compliance), or easily breakable crypto. That way the FBI can assure it's information streams don't dry up, as it is likely the biggest "big data" processor out there.

Now the FBI probably shouldn't be a "big data" shop, because in an investigation you start with a few people and expand from there. However their approaches of late seem to indicate that they prefer a cost-optimized approach: Collect everything, and then when someone is of interest, see what you can find in your collection.

Re:"Social Engineering"

[ChrisMaple]

36.

Re:"Social Engineering"

[ChrisMaple]

1 of 4 numbers as the first digit. 1 of the remaining 3 numbers as the second digit. 1 of the remaining 2 numbers as the third digit. 1 number only remains for the fourth digit. 4 times 3 times 2 times 1 equals 24.

Re:"Social Engineering"

[Hognoxious]

Why do you think a number can be used only once?

Re:PR bull

[bluefoxlucid]

The whole thing is bullshit-on-hold. I already know the narrative; I've modeled the current government in abstract from bits and pieces I've picked up while not really paying attention.

You want to know how it plays out?

The government cracks the phone. It finds evidence of the shooting on there--possibly explicit, possibly vague. Regardless, it's evidence. They hold up this evidence and say, "If this hadn't been encrypted, we could have stopped this shooting!"

That's contingent on them actually cracking the phone, but it's the direction they're going. Notice the huge flaw in logic: They weren't in possession of the phone pre-shooting, and any software on the phone would be able to bypass the encryption. Network monitoring would have given them any unencrypted information. Encrypted messaging is a different facility, and any systems to look for certain key words would face both an incredible wall of false positives and misdirection by simple codes ("did you remember to pick up eggs?" "I'll buy them tonight around 8." Shooting is at 8pm). Doesn't matter; the narrative is swallowed by the masses, because people in groups don't think.

I doubt they'll fabricate evidence and claim they broke the encryption. They may be using this case as pressure, hoping to bring multiple such cases forward and continuously claim people are dying because of encryption. That's more conjecture; I'm pretty firm on their political play at the masses, but not on the power buildup via repeated demands for backdoor decryption capabilities through multiple tragedies. My models give me movie plots, but not firm projections; more data will elevate some of those movie plots to firm projections.

Just watch when they *do* break someone's encryption in one of these cases. Watch what they say after. They'll spin a narrative about how the encryption allowed the crime to occur, about how they could have stopped it if only there was an encryption back door.

Social Engineering?

[Luthair]

Yo Timmy, can you have them write me some firmware? I forgot my password.

iPhone Security explained..

[slashkitty]

I highly recommend some of you read this paper: http://www.apple.com/business/...

Re:iPhone Security explained..

[masterz]

Thanks, within 30 seconds I know how to crack it:

"This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted."

Re:This opens up new arguments

You have to wonder why they even need Apple to decrypt the device. There probably isn't anything of interest on the iPhone that isn't already in iCloud or Gmail/Google Contacts and all that can be obtained using normal court orders. Smartphones today have a massive attack surface - why aren't they just using normal attacks to root the device, like the well-known SMS/iMessage with composed Unicode characters on text wrapping points, etc.? This whole debacle just smells like a giant smear campaign to get Apple, Google and friends to back off from strong encryption. Which is odd, because on the government's other hand the FCC is mandating code-signing and encryption controls on anything with a Wi-Fi radio. WTF?

I'm going to perform a feat of social engineering!

[wjcofkc]

A big one too! But first I'm going to tell the whole fucking internet!

Thought - DPA

[Andy+Dodd]

Forgot about this, but CRI might have some tricks up their sleeve. They MIGHT have the ability to DPA the AES engine if Apple didn't license their countermeasures - http://www.rambus.com/security...

The Fact Of The Matter

The fact of the matter is that

I don;t think that means what you think it means.

Your wild-ass and misguided assumptions are not facts.

Alternative theory

[Verdatum]

Maybe McAfee is trolling. Maybe he's hoping someone will be dumb enough to go by pure name recognition, and let him at the phone. At which point, he will type in 10 wrong passwords and return the phone to starting state, ending this whole mess. I mean, think about it, does he have anything to lose at this point? "Oops. Sorry Feds. I thought we had it for a second there. Live and learn, right? *wanders off whistling to himself*"

Whatever the outcome, Apple owes McAfee a favor

[Applehu+Akbar]

McAfee's software, which comes loaded by default on millions of PCs, has been instrumental in making OS X more popular.

Re:Whatever the outcome, Apple owes McAfee a favor

[Trax3001BBS]

McAfee's software, which comes loaded by default on millions of PCs, has been instrumental in making OS X more popular.

Win10 not only came with McAcfee, it won't allow the installation of Comodo.

I use Win10 as a platform for VLC and off-line , don't see much other use for it.

Can't go backwards, can't go Linux (no hard drive), can only appease UEFI.

Re:Whatever the outcome, Apple owes McAfee a favor

[ihtoit]

do you have an optical drive??

Re:Whatever the outcome, Apple owes McAfee a favor

[Trax3001BBS]

do you have an optical drive??

Nope, just an microSD drive for an extra 64GiG's, it's an Aspire Switcher 10 (an xmas gift).

1.33-GHz Intel Atom Z3735 quad-core processor and 2GB of RAM - it barely keeps up with VLC playing a video at 1920X1080.

Re:Whatever the outcome, Apple owes McAfee a favor

[ihtoit]

you know you can boot any Linux distribution off of an SD card, right?

http://www.howtogeek.com/19105...

Re:Whatever the outcome, Apple owes McAfee a favor

[ihtoit]

once you've got over that hurdle, installing it over the current installed image is as easy as repartitioning the drive and clicking "Go".

Re:Whatever the outcome, Apple owes McAfee a favor

[Trax3001BBS]

A lack of hard drive shouldn't be an issue for Linux, UEFI should be workable too. As it runs Windows it must have some storage, and if not a hard drive, then either an SSD or, I'm guessing an eMMC.

My current computer is an Acer Aspire ES1-111M and has an eMMC rather than a hard drive. That in itself wasn't a problem, I think I may have needed to keep UEFI on to get Linux to see the eMMC and install to it. Getting it to boot, wasn't as straight forward as I would have liked, I think I needed to choose the debian bootloader in the UEFI setup, but it isn't too much trouble for someone who is technically savvy.

I can't guarantee that Linux will work, but lack of hard drive and UEFI shouldn't be major obstacles to installing it.

Linux Grub2 phones out as part of the UEFI standard, hard to say what is expected other than Windows licenses. Of course you shouldn't install Linux without an Internet connection - but live and learn.

Re:Whatever the outcome, Apple owes McAfee a favor

[Trax3001BBS]

you know you can boot any Linux distribution off of an SD card, right?

http://www.howtogeek.com/19105...

I lost a laptop to dual booting - turned the clock back two weeks for a PS2 saved game before registering the OS.

Just going to let sleeping dogs lie.

"the" sanburnadino iphone

[citylivin]

If your like me and had no idea wtf this article is talking about, apparently it was used in an american mass shooting:

https://en.wikipedia.org/wiki/...

Funny they are so concerned with gaining access to this stupid phone when the real weapons used to commit the crime are sold almost everywhere in america.

Re:"the" sanburnadino iphone

[110010001000]

Well that didn't stop the shootings in Paris did it? The reason access to the phone is important is it might contain the motive. Gee I wonder what the motive might be?

Re:"the" sanburnadino iphone

[jazzis]

So damn true!

Re:"the" sanburnadino iphone

[backwardsposter]

Careful not to confuse the citizen's desire of a right to arms with the law enforcements desire to disarm the citizenry. It's not like the government WANTS us armed. Luckily, at least for now, the citizens sometimes get what they want.

Just contact Facebook

[See+Attached]

I see that Tashfeen used Facebook on her cell phone. Anyone who has read the things that the Facebook app has access to... would seem you could power it up, and have the facebook app probe the phone for useful information. Contact, messages, pictures, phone numbers etc. Who needs apple?

Re:Just contact Facebook

[q4Fry]

The FBI doesn't want the data as much as they want to win, both in the legal courts and the court of public opinion, that they can coerce any tech company to circumvent any privacy protections to the best of their ability in the name of "fighting the bad guys."

And they picked a masterful case to do so.

Re:Just contact Facebook

[See+Attached]

Indeed, if wave the flag furiously when we speak of terrorists and national security, surely we can ask the vendor to side with the good guys to prevent this from recurring... and as a precedent... I was mostly puzzled by the freedom we give to facebook (and goog too) and the cold shoulder we give to OUR spies. https://www.facebook.com/help/...

That's A Nice Company You Have, Apple

[zenlessyank]

It would be ashamed if something happened to it. *wink wink

uhm

[superwiz]

BS. If they were so confident they could do it, they wouldn't have to do it with THAT phone. They could decrypt the phone of some independent 3rd party willing to arbiter the contest. The judge didn't order decryption of THAT phone. It ordered Apple to surrender information sufficient to give FBI ability to decrypt ANY phone. And I believe (could be wrong on that) Apple's position is that it's not able to do it under the current encryption scheme (even if did it in the past, it may not be able to do it now). Here's http://crypto.stackexchange.co... a discussion of someone trying to understand why brute force isn't possible even if they take apart the phone.

Re:uhm

[david_thornley]

Actually, the court ordered Apple to produce a software file that, when loaded onto the iPhone, would disable the automatic delays and wipes when entering wrong PINs. Apple was directed to make sure that software could run only on that one phone, and was given the option of doing all the work itself and simply providing access to the FBI. Doing what the court ordered would make no other phone vulnerable. It would establish that the courts could order reasonable technical cooperation at reasonable rates to break into an iPhone.

Even if the courts had ordered Apple to provide a master key for all iPhones, the cracking techniques would not work on any later generation of iPhone, which are the only iPhones Apple currently sells. They rely on lockout delays and wipes being handled by the OS, but with the 5S Apple put that into the security hardware, so that no OS change could allow this breakin.

To get more detailed, Apple inserts a 256-bit random key into hardware during manufacture that cannot be read directly, and which is designed to be very hard to be read from the silicon in other ways. It can be used in conjunction with the PIN to produce an AES-256 key to decipher the storage. If the random key is wiped, the AES-256 key can no longer be generated, and the storage is unreadable*. Since any barely competent attacker could try 10K PIN possibilities easily, the iPhone introduces lockout delays if invalid PINs are entered, and can wipe the random key after ten invalid PINs. In the 5C and earlier models with this security, the lockout delays and wipes were handled by the OS, meaning that the OS could be modified to allow brute-forcing the PIN. In the 5S and later models, these are handled in the security hardware, and can't be bypassed by changing the OS.

Apple's position is that they can do what the court wants, but they shouldn't have to. Apple relies on customer loyalty, among other things, and is willing to stand by their customers to help keep that loyalty. They also may claim to be unable to crack the later models, and I'd think such a claim very likely true.

*It is possible that there is a way to decrypt AES-256, but a lot of very bright people have been trying to find one for quite a few years now without success. The NSA considers AES-256 a satisfactory way of protecting secret information. I vaguely remember reading of some sort of intractability proof that relies on reasonable-looking assumptions, but I'm not sure it's for AES-256. There are side-channel attacks against the actual encryption or decryption on the CPU, things like telling what the CPU is doing by heat imaging or cache hits, but in the case of the iPhone the encryption and decryption are not done by the CPU, and in any case they don't apply if you can't get the encryption/decryption happening.

This would appear to leave brute-forcing. AES-256 uses a 256-bit key, as you can guess from the name. It may or may not be possible to make quantum computers powerful enough to try brute-forcing AES-256, and such computers could only halve the effective length of the key (and I do not know enough to explain that), so it would be the equivalent of brute-forcing a 128-bit key with a regular computer.

There are theoretical limits to the efficiency of computation, particularly the energy cost of a bit flip, based on quantum mechanic considerations. We're very far from such efficiency, but let's assume the NSA has a large array of quantum computers running at maximum theoretical efficiency. Using only the resources of the Solar System from now until the Sun grows cold, they couldn't even enumerate the possible keys, let alone try them all. For practical purposes, I consider something that can't be done by a Kardashev Type II civilization effectively impossible.

Re:What can't we clone?

[RogerWilco]

if it is a 4 digit passcode, I just don't understand why we can't clone the phone and try all 10,000 in moments?

How does having a separate "encryption chip" prevent cloning what is stored on the drives and chips?

I don't know if you can clone the memory, but it's 256bit AES encrypted, you're not going to brute fore that.

The encryption uses the (probably) 4 character (maybe digit only) passcode. There is a chip that takes this and the info to encrypt/decrypt and outputs the opposite. The chip is unique to each device and the unique AES key is burned into it by destroying some of its transistors (or something like that). The key itself is never exposed.

Both the memory and the chip probably have tamper protection to avoid what you're proposing. Apple engineers have assisted the FBI, so probably they don't know how and if this can be done.

The FBI is further limited by the system wiping itself after 10 failed attempts, and making you wait longer and longer after each try. What they are now asking Apple is to circumvent those. The iPhone under investigation is a 5C, where the 10 failed attempts and the timeout are still done by the OS. From the 5S and never those are part of the same chip that does the AES key and not even Apple could conceivably help them.

Apple doesn't want to make a version of iOS that could be loaded on the 5C and disable the 10 failed attempts and the timeout for two reasons:
- Once it's out there, any other law enforcement or government could ask for it, and/or criminals could steal it. China could be interested.
- To do this they need to expose some kind of "Apple master key" to force the iOS update onto the phone. This could then be used to force malware onto other iPhones if it got out.

Next to that is the good encryption and privacy protection one of the things they have done better than their competitors and this would thus result in bad press and a competitive disadvantage. Their bottom line would get hurt.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Promise: Hack iPhone in 3 weeks

[Actually,+I+do+RTFA]

Reality:

• Take iPhone to office.
• Enter wrong code 10 times.
• Leave iPhone on desk with "Oops" note.
• Walk away muttering "serves them right for charging me with murder"
• Get 3 week headstart on "Catch Me v2.0"

DMCA

Per the infamous DMCA, isn't it illegal to circumvent such a protection mechanism? Could Apple make the case that this would violate its copyright on its software?

Re:DMCA

[Alypius]

I wondered about this too, as well as the CFAA. I would tend to think that there wouldn't be a DMCA violation since Apple owns the protection and the Feds aren't asking for the code to do it, just asking Apple to do it. Since everything would nominally stay in-house, DMCA wouldn't apply. CFAA likewise wouldn't be involved because the target device is considered evidence and writs/warrants "authorize" the company to access the device. IANAL, YMMV, consult your physician before taking.

Re:DMCA

[omnichad]

I would tend to think that there wouldn't be a DMCA violation since Apple owns the protection

It wouldn't be a DMCA violation, because it wouldn't be circumventing protection on copyrighted material. But really, the encryption software was implemented by the consumer, so I'd consider them the owner of the protection.

..on a limb.

[nult]

This guy is on a limb for ANY attention these days. Everything I've heard him talk about the last few years (portable private networks etc) Ive yet to see any follow through. *...a strong smell of desperation lingers in the air

Re:What can't we clone?

[TangoMargarine]

All 20 of you guys posting this same question could just scroll to a random point in this comment thread, read for 2 minutes, and hit a comment explaining why not.

Well played

[Smiddi]

Its clear that the FBI want a precedent so they can get any data off any phone using a tool supplied by Apple. They can already get the data off the phone, but they want Apple to provide the tool to do it and this would be their ticket to gaining such a tool. John McAfee is bypassing their legal process making their request invalid and undermining the need for Apple to provide such a tool. Well played John.

Re:Seance required

[Pseudonym]

Easy, if you have a time machine.

That ride sucks.

Re:Social Engineering lolwut

[Alypius]

"You've been abducted. Of course you need crepes!"

Dear John

[Dunbal]

Don't you have an appointment with the police in Belize to deal with? Something about you being a suspect in a murder?

Re:What can't we clone?

[jazzis]

Please mod up as Insightfully Informative!

In a nutshell:

[ZeroWaiteState]

The governments position: I bet you'll come up with a better way to tear down that cement wall if I give you a court order to break it down with your forehead.

Re: iPhone 5C has AES in CPU?

[redelm]

Does AES burned into CPU apply to the affected phone, an iP5C ? Also, it was county property (perp received with job), so they may have a key somewhere. If so, then just clone, brute-force read the full AES and read the rest.

If not, then it may be impossible. No judge can order other designs, that is clearly _ultra_vires_ and squarely "legislating from the bench".

Re:Games played by the FBI

[Jack+Griffin]

So the FBI asked a couple of field agents --guys who have many years playing video games as kids-- and who in their own estimation are 'pewter savvy', and they haven't been able to break into the iPhone without everything getting wiped. And so now they are saying "we need national legislation to force back doors so that we can go on fishing trips all day long".

Wow. Hand in your nerd card you are too stupid to be here...

Re:PR bull

[Jack+Griffin]

Notice the huge flaw in logic:

Yes, yes we did. It's called a Strawman, and you are making the FBI look smart right now...

Re:This opens up new arguments

[flatulus]

I love this post! WTF indeed!

It's not unlike DoD (years ago, for you youngsters) implementing GPS with Selective Availability so they could de-accurize it in times of war, only to have the Coast Guard develop and install a network of differential correction transmitters (aka differential GPS). And today we have WAAS (equivalent of USCG's differential GPS, but I guess better?). But the "de-accurize" genie is way out of the bottle, btw. I'm just using this as an example as to how government left-hand doesn't know what government right-hand is doing.
 

OK , John. Keep taking the meds

[ihtoit]

AES256. That is all.

The real government plan

[meadow]

The real government plan was to do something provocative that they knew would be in the headlines and get all the tech geeks excited so that enough of them would eventually be so curious about how to actually crack into the phone they would eventually start to formulate and eventually post an answer in online forums, long before the issue was ever resolved in court.

Its a clever way of crowd sourcing via social engineering.

Wow DefCon

[DarkOx]

These hackers attend Defcon in Las Vegas

Wow okay like only 20,000 people did that last year alone. Its amazing he has put together such a group of rare a leet individuals. To think I have been leaving that off my CV all these years. Having attended let alone spoken at DefCon 20 years ago might be impressive, but now its pretty much meh. To be honest even getting to be a presenter in many cases is as much who you know as having something really cool to show off.

That said I have no problem with McAfee doing this. I object to the idea that the government can compel a vendor to weaken the security of their product before or after the fact let alone back door it. I think Apple has a clear business interest in not doing so and its a basic question of freedom that we should not force a manufacturer to assist in the investigation of a crime they were not involved in. It would be like if someone had something locked in a safe, and the government could demand the safe manufacturer drop whatever they were doing and take whatever steps are required to crack it. That precedent would essentially turn anyone who manufactures or sells anything into a potential conscript at any time.

I also think an individual or company ought to have the right not sell to or provide the government with services and equipment if they don't want to. I for one would make the same choice Tim Cook has in this case. The Three Letters and even local law enforcement have proven they can't follow the rules, give them something like a stingray and they will abuse it. God only knows what they might do with a zero day if you provided something like that to them. IMHO they have treated us citizens like the enemy and therefore can no longer expect cooperation. I wish we lived in a nation where LEO's followed our laws and if they came to me or Apple, or anyone else and asked for help catching a crook or investigating a crime we could do so freely and comfortably knowing any tools and techniques would not be abused or used to violate peoples rights but we don't live in that nation. Its sad.

Still I expect the FBI to do its job and try to get into that phone. If they can fine, but they have no right to make demands on Apple. If McAfee wants to help fine, that is his choice. If he can charge them a few 100,000K good for him.

Somebody explain to me how THIS President and THIS

[ToddInSF]

administration is any less a public enemy than the Bush administration was...

And when are we going to have enough of the lying tyrants ?

Comment removed

[account_deleted]

Comment removed based on user account deletion