John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America

MojoKid writes: Wondering what John McAfee is up to these days? It's not sniffing bath salts nor is he fleeing foreign countries as a person of interest in a murder investigation and faking heart attacks (been there, done all that) ; instead, he's on a mission to save America. How so? By cracking the code on the San Bernardino iPhone that's causing such a ruckus. McAfee didn't just criticize the FBI; instead he offered a potential solution. Let him and his team of hackers break into the iPhone without any help from Apple. "With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension," McAfee said. Eccentric rant aside, McAfee's offer is simple - give him three weeks and he will, "free of charge, decrypt the information on the San Bernardino phone" with his team of hackers. He'll do it using mostly social engineering.

What's he on, today?

[MSG]

McAfee is clearly off his rocker. The only person or persons who he could expect to socially engineer his way through are dead.

Re:What's he on, today?

[Talderas]

Unless he believes Apple has the ability to decrypt the device and plans on socially engineering them.

Re:What's he on, today?

[aaron4801]

He's socially engineering the FBI. He'll just waste the 10 attempts, and get the phone wiped. Debate over.

Re:What's he on, today?

[Krishnoid]

McAfee is clearly off his rocker.

...

I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension,

Hey, if these hackers are the ones that starred in his last video, and he's going to make another one describing how he plans/executed this hack, I'm all for it.

Re:What's he on, today?

[tehlinux]

Is there some reason they can't clone the device? That would buy them unlimited attempts.

Re:What's he on, today?

The FBI is not asking Apple to decrypt it. They're asking Apple to load a new firmware on it that removes the limit and delay on the number of tries before the device wipes itself so they can brute-force it. They've even told Apple that they can do it in-house so there's no chance the method will be used on anyone else's phone.

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

Re:What's he on, today?

[__aaclcg7560]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

Re:What's he on, today?

[PopeRatzo]

I really want some of what John McAfee is smoking.

Re:What's he on, today?

[PopeRatzo]

What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

That's it in a nutshell.

Re:What's he on, today?

[kimvette]

Posting to negate moderation.
I accidentally the post!
(clicked overrated rather than funny. sorry about that!)

Re:What's he on, today?

[AdamThor]

So John McAfee can make a boast that won't get tested. He gets to proclaim himself supreme ninja badass knowing nobody will call his bluff, AND illustrate that when the government doesn't take him up on his offer it is because they are after something other than what they claim.

*golf clap*

Well played, Mr. McAfee.

Re:What's he on, today?

[Andy+Dodd]

Apple devices have an additional "trick" beyond just PBKDF2 - There's a random AES key burned into the CPU, and it's wired such that it can be set/erased, but not directly read - it can only be fed as the key into an AES engine.

I am not sure if Apple's PBKDF2 has this AES engine as part of the loop, or if it just feeds the key that comes out of PBKDF2 through the AES engine, but the end result is, on any given device, the AES key that results from a given passphrase is unique to that device and cannot be reproduced off-device.

So if someone just clones the device's flash contents, they have to resort to brute-forcing AES directly, as opposed to trying to brute-force passcodes.

So you can only brute-force passcodes on-device (something like 80ms per try on this model, newer models have a 5 seconds per try limitation), and Apple's software doesn't even allow you to do that. The FBI wants to at LEAST get on-device brute-force capability.

Which might still take years if the user had a reasonably strong passphrase.

Re:What's he on, today?

Close. I don't think he would wipe the phone, that would make too much trouble even for a man with MacAfee's history.

No, he's shedding a light on how absurd the FBI's story on this item is. "Oh my goodness, there's a phone connected to this tragedy and we don't know what the 109 messages say! Even though we know who did it, we know that the messages went to Africa, we know the times and the recipient(s), we have all the meta-data. Oh, and we have the full resources of the FBI, CIA, NSA, DOD, the Five Eyes, and we've data-mined the entire planet. Yet John MacAfee can break into this phone with a tiny group of volunteer hackers and we just can't figure that out at all."

The only thing the FBI is trying to do here is to cynically use a tragedy to set official, legal precedent. They are attempting to bully the phone makers to give them anything they want, any time they want it. This has nothing to do with the San Bernardino shooting beyond winning sympathy and support for the spying goals of the FBI.

J. Edgar Hoover would be proud. Also Niccolo Machiavelli. We've been giving the Three Letter Agencies anything they want since 9/11 and they've grown fat and entitled on the spoils.

Re:What's he on, today?

[taustin]

I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.

Re:What's he on, today?

Only Apple has the key to sign their firmware image. OK, maybe the NSA but they'd never share that capability with the FBI.

Re:What's he on, today?

[Trailer+Trash]

Apple doesn't want to admit that they can flash new firmware to the locked device even though everyone knows they can.

According to one legal analyst, the FBI and NSA already have this capability. What the government is looking for in this court case is a legal precedent to force companies to do this for them and make the data recovery admissible in court.

I came to this conclusion yesterday. Some clueless folks elsewhere were arguing that there might be a zero day exploit that Apple could use (um, paradox, anyone?) that would get the trick done. My point was that if such were available chances are the FBI, NSA, whomever would already know about it or be in a position to find out about it, and that would be an easier and cheaper route to take.

It's obvious that they want to force Apple to do this as a precedent, particularly now that iPhone 6 + cannot be "hacked" in this manner.

Re:What's he on, today?

[macs4all]

I think they're also aiming to (eventually) use OS updates - which can be done remotely - to hack phones without having to have physical possession. Because seizing the phone can't be done without the owner knowing it, and getting warrants means dealing with judges. If they can do it remotely, they can ignore due process.

Apple CANNOT Force an OS Update onto an iPhone remotely. I requires the User to either bring up the Update function or at the very least, Confirm a Dialog prompt.

And I would doubt Apple can do so even with physical access, without taking the phone apart to expose JTAG (or similar) pins.

Re:What's he on, today?

[macs4all]

The "social engineering" bit makes you wonder if Apple has done exactly this in other instances. So just lie to apple about the situation with some sufficiently sobby story and they'll open it.

Don't you think that someone that successfully did that would be on the news right now, proclaiming that Apple is lying?

Re: What's he on, today?

[macs4all]

Random update? No. But, Apple can, without a doubt, force an update on this, or any iPhone, without any user intervention. It's the precedent that they are fighting...

Citation, please?

Re:What's he on, today?

[wjcofkc]

Okay, so I had never seen that video. Damn near redeeming.

Re:What's he on, today?

[david_thornley]

Look, the defenses against this in the 5/5C and earlier models are primarily in software, so there are ways to get around it with software. Doing this requires writing new software that Apple didn't have before, and exploiting a vulnerability.

This won't work on any iPhone Apple is currently selling, by the way.

Is it your opinion that any company that mentions privacy, but has sold equipment that is designed to be easy to use and happens to not be able to stop a major megacorp breakin is lying or hypocritical?

Re:What's he on, today?

Or so they say. They've also said they couldn't break in to phones with the wipe feature at all, but that's very, very clearly not true.

I think you are conflating what is probable with time, research, and resources, with what they have in hand today. Anyone knowledgable about device security would acknowledge that there are flaws that would allow hacking into the phone, but that doesn't mean Apple has them available today to access this device. So it is NOT at all evident that when Apple "said they couldn't break in to phones with the wipe feature" that such statements were "very, very clearly not true." Note I am not saying they may not have the ability, just that your reasoning is flawed. And regarding the "Or so they say", that is just standard conspiracist speak for I choose to believe otherwise even though I have no proof to support it, so there.

Re:What's he on, today?

[xvan]

It'd be easy to test. Throw him a another phone and ask him to unlock it. But they don't need him to unlock it, so they won't ask.

Re:What's he on, today?

[macs4all]

But that would set the precedent that Apple must help to unlock every phone the FBI or other law enforcers demand.

Oh, I definitely agree that that's the Gummint's REAL goal here.

Re:What's he on, today?

[meta-monkey]

But he's claiming his method is sociological (which is dumb, the people with the password are dead) not technological. One definitely can't socially engineer their way into a test device from someone who takes security seriously, as I assume Apple would.

Impressive!

[110010001000]

They must be pretty good if they attend Defcon in Las Vegas!

Re:Impressive!

At least it isn't Deaf Con in Reno.

"He'll do it using mostly social engineering."

The suspects are dead. Are they going to attempt a seance?

Re:"He'll do it using mostly social engineering."

[captaindomon]

With this being John McAfee, that's probably already part of the plan.

Seems like a natural fit

[scunc]

Who better to break into a system that's nearly impossible to get into than the man responsible for software that's nearly impossible to get rid of?
--
What happens when an unstoppable force meets an irremovable object?

dammit John, FOCUS!

[Thud457]

You're supposed to be running for president!

A Trump / McAfee ticket is the closest thing we can get to having President Dwayne Elizondo Mountain Dew Herbert Camacho in real life.

Re:dammit John, FOCUS!

[Shatrat]

Honestly, I'd probably vote for Terry Crews if he ran.

It would be comedy gold...

[twotacocombo]

If only they would take him up on his offer. The first thing that came to mind was Kip driving over the plastic bowl with the camper van.

Dang it!

Re:Can you work with an image?

[agm]

The encryption keys and protection mechanism are hardware based, not software based. The bytes in storage are useless without the phone's exact hardware. Unless they try and brute force the encryption. How many millions of years would that take?

Re:Can you work with an image?

[spire3661]

You dont get it. This is the FBI's 'Rosa Parks' moment. They are using an incendiary case to force the issue that unbreakable encryption should not be allowed in casual use. They are trying to force the idea that it should be illegal to make an unbreakable lock and they are using this case to ram it home. They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.

sneeky

[NetNed]

I am pretty certain Mcafee is working some amnesty angle here.

"Social Engineering"

[Pete+(big-pete)]

By "social engineering", I take it he's not planning to directly attack the hardware of the phone, which means he's planning to use the only other logical approach to breaking into this phone (and to me the only obvious attack vector open to him or anyone else as long as Apple stand their ground [correctly]).

Because this phone has a four digit passphrase, this means that the owner of the phone has hit the same four sections of screen at least hundreds, and more likely thousands of times. Maybe it is possible using very delicate and incredibly accurate equipment to detect some sort of impact print on the screen where it has been used in those four spots repeatedly. If it is possible to do this, then you have cut down the number of password from 10,000 to 24 different possibilities. From here you need to check everything you know about the phone owner to see if any of those combinations are personally significant in any way - even if the combination is entirely random, you'll still have a 41.5% to break the password with 10 attempts...

Meh - then again I'm not a half-million dollar a year hacker, so what do I know?

-- Pete.

Re:All the phone will say is....

[desdinova+216]

no, Drink your Ovaltine!

Re:PR bull

[bluefoxlucid]

The whole thing is bullshit-on-hold. I already know the narrative; I've modeled the current government in abstract from bits and pieces I've picked up while not really paying attention.

You want to know how it plays out?

The government cracks the phone. It finds evidence of the shooting on there--possibly explicit, possibly vague. Regardless, it's evidence. They hold up this evidence and say, "If this hadn't been encrypted, we could have stopped this shooting!"

That's contingent on them actually cracking the phone, but it's the direction they're going. Notice the huge flaw in logic: They weren't in possession of the phone pre-shooting, and any software on the phone would be able to bypass the encryption. Network monitoring would have given them any unencrypted information. Encrypted messaging is a different facility, and any systems to look for certain key words would face both an incredible wall of false positives and misdirection by simple codes ("did you remember to pick up eggs?" "I'll buy them tonight around 8." Shooting is at 8pm). Doesn't matter; the narrative is swallowed by the masses, because people in groups don't think.

I doubt they'll fabricate evidence and claim they broke the encryption. They may be using this case as pressure, hoping to bring multiple such cases forward and continuously claim people are dying because of encryption. That's more conjecture; I'm pretty firm on their political play at the masses, but not on the power buildup via repeated demands for backdoor decryption capabilities through multiple tragedies. My models give me movie plots, but not firm projections; more data will elevate some of those movie plots to firm projections.

Just watch when they *do* break someone's encryption in one of these cases. Watch what they say after. They'll spin a narrative about how the encryption allowed the crime to occur, about how they could have stopped it if only there was an encryption back door.

iPhone Security explained..

[slashkitty]

I highly recommend some of you read this paper: http://www.apple.com/business/...

Re:Can you work with an image?

[edtice1559]

The four digit PIN isn't used to encrypt the device. If it were, the thing would have been decrypted in under a minute. The encryption key is stored in a piece of hardware that takes the PIN and encrypted data as input. It combines those with a key that only the hardware knows to generate some output. If the hardware would make it's key available then it would be trivial to do what you describe. But the hardware is explicitly designed NOT to do that. It can only output the decrypted text. If you pass it the wrong PIN, the output is jibberish. Of course you can still try every combination of PIN but you need the actual hardware. For iPhone 5, if you entered a bad PIN too many times, the OS wiped the device. If you could sabotage the counter or otherwise modify the software you get unlimited tries. That's what the FBI wants here. Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore. However, Apple can decrypt an iPhone5. But they have to do it by updating software to not wipe the phone.

The Fact Of The Matter

The fact of the matter is that

I don;t think that means what you think it means.

Your wild-ass and misguided assumptions are not facts.

Whatever the outcome, Apple owes McAfee a favor

[Applehu+Akbar]

McAfee's software, which comes loaded by default on millions of PCs, has been instrumental in making OS X more popular.

Re:Can you work with an image?

[Andy+Dodd]

The key is a derivative of the PIN that has been encrypted by a device-unique AES key that can be set and erased but NOT read back. The only thing that is wired to that memory cell's outputs is an AES engine's "key" input.

So it's not quite a PUF but it's pretty close.

Best route of attack other than decapping the chip and microprobing it is likely DPA.

Re:Obligatory XKCD

[sbaker]

I'd have to use a "beating a dead horse" analogy here - except that the dead guy was a terrorist, not a horse. Either way though - no amount of whacking the corpse with a $5 wrench (or even one of those $5,000,000 NASA Space-wrenches) will have very much effect here.

Re:Can you work with an image?

[gweihir]

And anybody that knows their stuff just uses a secure passphrase with > 100 bits of entropy and Argon2 and nobody besides them will ever be able to unlock that. Apple only needs the hardware to make it very convenient to get secure crypto. It is entirely possible to do this securely in software only, just requires a user that is willing to remember more than 6 characters and letters.

Re:Wait, what?

[gweihir]

Oh, simple: He cannot do it. He will not get a chance to try either and he does know that as well.

"the" sanburnadino iphone

[citylivin]

If your like me and had no idea wtf this article is talking about, apparently it was used in an american mass shooting:

https://en.wikipedia.org/wiki/...

Funny they are so concerned with gaining access to this stupid phone when the real weapons used to commit the crime are sold almost everywhere in america.

uhm

[superwiz]

BS. If they were so confident they could do it, they wouldn't have to do it with THAT phone. They could decrypt the phone of some independent 3rd party willing to arbiter the contest. The judge didn't order decryption of THAT phone. It ordered Apple to surrender information sufficient to give FBI ability to decrypt ANY phone. And I believe (could be wrong on that) Apple's position is that it's not able to do it under the current encryption scheme (even if did it in the past, it may not be able to do it now). Here's http://crypto.stackexchange.co... a discussion of someone trying to understand why brute force isn't possible even if they take apart the phone.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Can you work with an image?

[j-turkey]

You dont get it. This is the FBI's 'Rosa Parks' moment. They are using an incendiary case to force the issue that unbreakable encryption should not be allowed in casual use. They are trying to force the idea that it should be illegal to make an unbreakable lock and they are using this case to ram it home. They dont really give a shit about the data in this case, they want to cow the tech sector into not making their jobs harder.

THIS! I wish that I had mod points. You are correct, the case is entirely political. The Guardian has an article that explains in depth what you very succinctly stated. The big takeaway is that the actual data in this case doesn't really matter. However, the feds were fishing for the perfect inflammatory case to establish legal precedent (NPR had a great story on it earlier this week with a legal analyst who said that the Justice Department knew exactly what they were doing when they chose this case). Tim Cook is spot on in fighting this as a precedent matter more than anything else.

Re:Can you work with an image?

[spire3661]

Read more history. I dont think the Jews in Germany ever imagined things would ever end up where they did either. Thats not hyperbole or Godwin. History EXPLICITLY AND WITHOUT QUESTION teaches us that these powers can and WILL be abused to hurt and literally enslave people. IF they can do it to 'criminals' they can do it to anyone. Part of you earning and investing is BEING A GODDAMN CITIZEN. You dont get to completely ignore your civic duty. Where did you get that idea that your only function is to be a selfish prick and give nothing back? Paying taxes=!being a citizen or fulfilling your civic duties. Get involved and you will see precisely why people scram about this shit. Did you parents teach you nothing of the sacrifices people made to get us here? Freedom isnt free, it requires an involved and educated citizenry. Be part of that or shut the fuck up. Dont let your apathy strip others of their creator granted rights.,

Re:What can't we clone?

[TangoMargarine]

All 20 of you guys posting this same question could just scroll to a random point in this comment thread, read for 2 minutes, and hit a comment explaining why not.

Re:Obligatory XKCD

I'd have to use a "beating a dead horse" analogy here [...] no amount of whacking the corpse with a $5 wrench

Well, there's your problem. If you really want results, you have to beat the correct horse with a battery staple.

Re:Can you work with an image?

[sshir]

Does apple's file system have checksums? If it doesn't then what you've described is fairly easy to break: Just dump the flash, wipe the phone, create dummy file, plop original content into its place, and try it with different PIN numbers until file contains coherent data.

Re:Can you work with an image?

[sribe]

Starting in iPhone6, the hardware ("secure enclave") will destroy its key if there are ten bad PIN entries in a row. The same hardware is designed such that updating it's software will also destroy the key. So the trick won't work anymore.

Apple has already said that they could break an iPhone 6 in a similar manner. So the exact same trick may not work, but there's still a way.