Slashdot Mirror
Apple's iPhone Already Has a Backdoor
Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation.
Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.
In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."
In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."
In the context of this article it is worth pointing out the letter that Tim Cook sent out to Apple employees:
http://arstechnica.com/tech-po...
I believe he makes good points, and where ever we end up, it should be because of proper discussion understanding implications, rather than because 'Apple is evil' mantra, that will end up burning everyone.
Jumpstart the tartan drive.
I hate Apple as much as the next anti-Apple-fan boy, but come on. Literally EVERY OS has this concern. I wouldn't call it a backdoor anymore than I would suggest that having a window not made out of bulletproof glass is an open invitation for robbers into your house. In other words, this is sort of like "duhhhhhhh" material and hardly newsworthy. Now having an open and honest discussion about the security of update services for OS and the security methodologies employed, would be a fantastic article.
When I read exactly what the FBI was asking Apple to do, I realized that there was a back door, and that Apple will most likely be doing what they can to close this back door in a future iPhone release.
If I were Apple, I'd make sure a future release gave the user the option of only allowing firmware updates after the user logged in. This doesn't have to be required for every iPhone (corporations might want this disabled on iPhones they purchase for their employees), but it should at least be an option.
Really? The year 2016, and still butthurt about hundreds of millions of slobbering idiots who don't agree with your choice of mobile phone. Get a fucking life already.
Signed updates are fine, as long as you can't update the firmware in your secure memory to alter the maximum number of wrong guesses before erasing or reduce the minimum time between guesses. That way even if the OS image is compromised you still need to enter the correct code within n attempts to unlock the device.
It seems incredible that Apple thought it would be a good idea to build that functionality. I don't know of any other ARM CPU design that allows it, for this exact reason.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Yeah, much better to let the good doobies at Google track you constantly, and harvest every shred of usable information they can about your life.
That's not in any way troubling. At all. It's only a problem when Apple does it.
Is that this will come up under free speech violations since code is speech and the government is requiring Apple to create the code and the means to do this.
Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector.
My understanding was that this is not any sort of remote update capability, but rather a low-level recovery mode which requires direct access to the phone itself. Is that incorrect?
Listen up, law enforcement, DoJ, et al. I am more afraid of your incompetence than I am any dark "world domination" motive on your part, but I am nowhere near as afraid of :"teh terrorists" as I am of you, regardless of your motive. So hands off my crypto. M'kay?
Nicola Hahn is incorrect. No one has stated that Apple has the ability to, "remotely update code on a device automatically, without user intervention". The method the device would be updated requires DFU (Device Firmware Upgrade) mode, physical possession of the device and a USB connection to a PC/Mac: https://www.theiphonewiki.com/... Way to grab a headline, though...
What they're talking about is putting the phone into Device Firmware Update mode, like this. Only then will they be able to update it remotely and on the newest iPhones that'd also wipe the encryption keys. But not on the model in question here.
Live today, because you never know what tomorrow brings
This is all a giant Cluster Fuck.
It's still unclear; does the FBI want to give the phone to Apple so they can break in, or do they want apple to give them the tools to do it themselves?
If it's the former, then Apple should get it done, then destroy the tools and cal it a day. if it's the latter, then Apple should make it clear and call them out on it.
What is clear is that getting the data from the phone is not secondary to the Us vs Them bullshit going on now.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Is this why drug dealers buy lots of pre-paid phones?
Lot's of good discussion about iOS and Apple.
I would like to have the same analysis about the state of Andriod. Can it be made secure against such backdoors? Do third-party flavors and rooting have a role? Is it possible to have a device where all software and firmware code can be examined?
Prove anything by multiplying Huge Number times Tiny Number
That is until someone besides Apple or the government figures out how to get into that backdoor.
How about a compromise. If an unauthorized third party gains access to your data via this sanctioned back door, you automatically get five hundred billion dollars tax free.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Apple has updated the secure enclave with an iOS update in the past and added additional protection, so it presumably can do an update that would REMOVE protections on the SE. So the same scenario of this phone can theoretically be applied to any existing iPhone and not just a 5c.
So right now, Apple is making the iPhone 7 immune to this attack vector. With the iPhone7, even Apple with not be able to do a firmware modification to the SE in DFU mode. The correct user password will *have* to be entered in the iPhone7 and it will be enforced solely in the SE hardware. There will be nothing that can get around that. You can't solder on a different SE chip, you can't swap components, change the IEMI, or anything else.
That will be the selling point of the iPhone 7. iOS 9 was software-based protection since a software update could (apparently) change the SE. Apple will disclaim they never expected their own government trying to force them to create a hacker-version of iOS, so security of the iPhone has to be hardware based. iPhone7 will have true 100% bulletproof hardware-based protection that will truly be bulletproof. And that is what they will sell.
Then, unfortunately, the FBI will simply demand iOS source code and signing keys.
I don't understand what the FBI is asking for. I understand they'd like Apple to install a backdoor key for use in the future, but Apple can't add a backdoor to an existing phone which would defeat existing encryption, could it? How could they do that?
If the FBI has the phone, then the FBI has the encrypted data, and they can brute force attack it. But if the data wasn't encrypted using a scheme with a backdoor key, and you don't have the frontdoor key, then what is Apple supposed to do exactly?
It'll be interesting to see how the conflict between intellectual property rights and national security is going to play out. Both issues have driven the US international policies for the last decades, at least. Both have powerful lobbies in DC.
The cell provider gave them their info and Apple gave the FBI the last iCloud back-up for the device, so what more could they actually find on the phone that would be of such a great use? I mean, I have a hard time believing that a couple of people that think throwing a hard drive in to a lake destroys the data on it would have the info on their phone not back-up to iCloud or have used something that is only obtainable from the unlocked phone itself. Add to that the story of the phones pass code changing while in FBI possession, which would be easy to track, and that the reports were that they threw their phones in the lake too. So you can find a 18 year old downloading illegal movies, but you can't track who changed the phone's lock code?? Ahhh yeahhhh, all of it together seems like some overwhelming bullshit.
Your web browser comes with built in certificate stores that it "trusts." Remember the whole brouhaha over the Apple/Google "killswitch" functionality? You trust that they won't brick your phone and delete your apps. You trust that Google and Microsoft et al. aren't reading your email while scanning it for ad keywords. You trust that every app you install that asks for network access isn't sending your data out disguised as "telemetry" or "analytics." You trust that advertising agencies, including Google, who have built the most sophisticated surveillance network of all time, aren't selling the information they've collected on you to people who will use it for malicious purposes. You trust that the EULA you've "agreed to" isn't an agreement to sell your IP for free to the other party. You trust that Windows 10 isn't reporting everything you do, every keypress you make, and every program you launch to Microsoft. You trust that DRM won't be used to gather information about you to be sent to a third party.
It's time to realize that the world is always looking to take advantage of your ignorance.
Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector.
This is a core feature of most modern operating systems. It is easily disabled in both iOS and OS X.
Your argument is only slightly less inane than suggesting that allowing a computer to access the Internet counts as a backdoor.
Obliteracy: Words with explosions
I'd really say, any ability to update any operating system is a place where a back door could be inserted.
iPhone has a backdoor for apple's own use. For a lot of people, it's OK as long as only Apple uses it. Even if they know about it, they understand it as a fair trade. Well, for me it is not OK but I am a minority so I work around the problem by not using i-devices.
FBI wants to use this very backdoor, too. For a lot of people, this is already NOT OK. The government is pretty much different from a company you have business with.
And it is not about the ability to crack. NSA probably has the resources to do that. FBI wants it "by the law".
It's obvious that the FBI doesn't have a good intellectual or legal argument, and they're now resorting to an emotional one.
"National Security is the chief cause of national insecurity." - Celine's First Law
Then, unfortunately, the FBI will simply demand iOS source code and signing keys.
The point of making the disk encryption secure, even from an iOS update from Apple, is that it wouldn't matter if you had the iOS source code and signing keys. You would literally need to go into the hardware, probably with some really really deep forensic analysis of the chip itself and read registers in the on chip memory all of which would likely destroy the chip before you could read anything. It would probably take hundreds or thousands of man hours supported by millions or tens of millions of dollars worth of equipment to have a chance at breaking the hardware encryption. Having the security on the chips would be a far preferable situation than the situation now with the iOS and the signing keys being the last line of protection.
...I will go back to Motorola DynaTAC 8000X.
Source needed? To my knowledge what the FBI is asking Apple to do is to create a version of iOS that disable the auto-wipe feature. This iOS version would need to be installed using the recovery mode feature of the iPhone which requires having the phone in your possession and plugging it into a computer that has iTunes installed.
I have not seen anything suggesting that Apple has the ability to push a remote update to a phone without the user accepting it.
This is all distraction, as operating system configuration and patching is not a "backdoor'.
The best response to the FBI's request I've read thus far comes from the noted IOS forensics security guru, Jonathan Zdziarski where he wrote the following
An instrument is the term used in the courts to describe anything from a breathalyzer device to a forensics tool, and in order to get judicial notice of a new instrument, it must be established that it is validated, peer reviewed, and accepted in the scientific community. It is also held to strict requirements of reproducibility and predictability, requiring third parties (such as defense experts) to have access to it. I've often heard Cellebrite referred to, for example, as the Cellebrite instrument in courts. Instruments are treated very differently from a simple lab service, like dumping a phone. I've done both of these for law enforcement in the past: provided services, and developed a forensics tool. Providing a simple dump of a disk image only involves my giving testimony of my technique. My forensics tools, however, required a much thorough process that took significant resources, and they would for Apple too.
The tool must be designed and developed under much more stringent practices that involve reproducible, predictable results, extensive error checking, documentation, adequate logging of errors, and so on. The tool must be forensically sound and not change anything on the target, or document every change that it makes / is made in the process. Full documentation must be written that explains the methods and techniques used to disable Apple's own security features. The tool cannot simply be some throw-together to break a PIN; it must be designed in a manner in which its function can be explained, and its methodology could be reproduced by independent third parties. Since FBI is supposedly the ones to provide the PIN codes to try, Apple must also design and develop an interface / harness to communicate PINs into the tool, which means added engineering for input validation, protocol design, more logging, error handling, and so on. FBI has asked to do this wirelessly (possibly remotely), which also means transit encryption, validation, certificate revocation, and so on.
Once the tool itself is designed, it must be tested internally on a number of devices with exactly matching versions of hardware and operating system, and peer reviewed internally to establish a pool of peer-review experts that can vouch for the technology. In my case, it was a bunch of scientists from various government agencies doing the peer-review for me. The test devices will be imaged before and after, and their disk images compared to ensure that no bits were changed; changes that do occur from the operating system unlocking, logging, etc., will need to be documented so they can be explained to the courts. Bugs must be addressed. The user interface must be simplified and robust in its error handling so that it can be used by third parties.
Once the tool is ready, it must be tested and validated by a third party. In this case, it would be NIST/NIJ (which is where my own tools were validated). NIST has a mobile forensics testing and validation process by which Apple would need to provide a copy of the tool (which would have to work on all of their test devices) for NIST to verify. NIST checks to ensure that all of the data on the test devices is recovered. Any time the software is updated, it should go back through the validation process. Once NIST tests and validates the device, it would be clear for the FBI to use on the device. Here is an example of what my tools validation from NIJ looks like: https://www.ncjrs.gov/pdffiles...
During trial, the court will want to see what kind of scientific peer review the tool has had; if it is not validated by NIST or some other third party, or has no acceptance in the scientific community,
The backdoor described in article above won't decrypt user data under algorithms that require the user's private keyword.
Something which I had been questioning from the day I heard the phone was not the terrorist's but owned by a country government in California, couldn't something such as AirWatch be used to unlock the phone?
My answer came over the weekend when I read this article which stated the county paid for but never installed such software.
Having been responsible for setting up iPhones for a state agency, one of the steps was installing AirWatch which we did have to use on a few occasions when people locked themselves out.
Not installing such software is either incompetence or laziness on the part of the IT folks who handed out these phones.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
You must have missed all of those FACTS stating otherwise. Apple has confirmed that they CAN do what the DOJ is asking, but they don't WANT to because they feel, and I would agree, that it sets an extremely dangerous precedent. I haven't seen any definitive information indicating whether the update can be done OTA or must be done via a USB cable and booting into a low level mode. Either way, the fact that a device can have it's software and/or firmware updated without user intervention is a security hole, but seeing as the software and/or firmware must be signed by Apple, I'm not sure I would classify this as a 'backdoor' unless, of course, those signing keys are in the wild. I would add citations but I'm on my Android phone and feeling to lazy to do so.
Atari Phone is clearly best phone.
It has genuine woodgrain vinyl overlay.
running vi, naturally
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
They can do this. The iPhone hardware isn't magical. You can take it apart, build a bus to the storage, and copy the data out. Then do the usual to brute force it. It is just very expensive for them. They want the easy way.
Apple should create the version of iOS that the government is asking for that is specific to the phone in question. That keeps them out of trouble.
At the same time, and prior to turning over the signed image to the FBI, they should also create a version of iOS that doesn't accept updates if the phone is locked.
They should then very quietly push the secure version of iOS out to all iPhones. From that moment forward, they will be unable to comply with any further court orders.
Problem solved.
1) Propose something ridiculously awful, like unfettered access by government to all iPhones
2) Wait a week
3) Corporate partner and co-oligarch counter-proposes unfettered access by government through all iPhones through a panel of experts (no doubt stocked from the same group of government co-oligarchs) - a not-quite-so-awful-but-still-awful compromise
4) The masses, terrified by the thought of #1, eat up #3 like candy
5) We have unfettered government access to all iPhones
Government is expert at setting up the false dichotomy for the sheeple. Another example:
1) We wanna take all the guns!
People) Holy shit. NO!!!
2) Okay so how about we only take most of them?
People) Phew, I was worried for a second. That's so much better than losing all of them. Go ahead, government! We love the new idea!
Idiots.
that is the point of security. it ain't to say 'i guarantee that you'll never get in..'. The whole point is to make getting in more expensive than the value of the bounty within.
No, it's about a US foreign policy based on meddling and propping up dictatorships to continue an endless, profitable war against those that object to all of this. The inevitable (and unending) blowback even domestically is not a bug, but a feature that is exploited to justify increasing the surveillance state.
You know where the populace never has to suffer from the Snow Flake-threatening spectre of Terrorism? North Korea.
Good point. Google has become more and more abusive.
Microsoft looked at that and said, "Evil is OUR business. How can we compete?" That the reason that Windows 10 tracks everything with spyware, excuse me, "telemetry". Microsoft is hoping to sell the information and make easy money.
My guesses.
The 4th Amendment:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
It is not UNREASONABLE for the government to demand this information. First, the owner is DEAD. So the likelihood of and 'damage' to him is pretty low. Second, any articulated reason that the phone PROBABLY contains information of a crime, or of a future crime, conspiracy, etc give the Government more than sufficient reason to demand this information.
Now if Apple refuses to submit to a lawfully obtained warrant then fuck them. THEY are breaking the law. And should suffer.
Now all you butt hurt mouth breathers can stop posting about privacy. You never really have it, and legally it can be taken from you. Read the constitution... its in there.
Why hasn't anyone mentioned the problem with iCloud? E.g. Apple can provide data from your iCloud backups to the FBI/government apparently unencrypted (they provided the backups for this phone 'up to Oct')...why is Apple not fully encrypting those backups? Seems to me that's a much bigger hole in 'personal security' than the ability to upload an iOS update without user interaction.
That is not to say that you don't 'fix your leaky windows if your roof has a hole in it' but simply that it seems far more egregious at this time to suggest your phone is 'secure' but your data when backed up is entirely insecure (or at least wide open to the government & since that's what this is about that's seems to me the bigger issue).
Making phones immune to firmware upgrades is probably not sufficient, since a determined attacker can still load software into RAM and then boot into that. It's also not necessary to prevent the proposed FBI attack. (It's still a good idea for many other reasons.)
Atari Phone sucks, the IntelliHearing is much better.
I'm seriously wondering if this whole thing could really just be a giant PR/marketing exercise by Apple, when in fact they are already complying with the NSA?
http://www.theguardian.com/wor...
While I support Apple's stance on this issue, it really doesn't apply in the California case. Authorities already had access to the phone from the start. Local authorities inadvertently reset the password and do not know what it is. The FBI is requesting help to reset the password that the authorities had put on the phone, not the shooters. As such, why would Apple not help?
All of that said, the FBI is also wrong. While it is one thing to request help with this particular phone. Trying to force Apple to write/enable a back door that they (FBI) could use without Apple's intervention is unconscionable. Apple is correct to fight that request.
Apple should tell the FBI, that it will take 15 months to develop the new custom OS.
Might not be so expensive as you thought?
Maryland State Motto: If you can dream it, we can tax it.
It's a *way to install* a backdoor.
In meatspace, Apple does not have the keys to the building, but they have a key to the tool shed where you can build a new handle and lockset that has a maser key, and a screwdriver which would alloy you to replace the current door handle with the compromised on. Apple will not let the FBI into the toolshed, nor help them create the faulty (master-keyed) lockset.
Is it just my observation, or are there way too many stupid people in the world?
The only way they can get the new hacked software onto that particular phone is to make a general update that will go to everyone. They don't want the marketing fallout from that being public knowledge. They made a mistake as they should have anticipated the need to update a targeted phone - not difficult to do just has to be built in to the previous version of the software.
No: What's been stated is that if Apple is in physical possession of the phone they can put the phone in a special mode and forcibly update portions of the operating system.
This is not an issue with the normal system that's built in that people use to update their operating system.
However, I do expect Apple to close even this final loophole in the next version of iOS. Instead of encrypting just the user's data on the phone... EVERYTHING will be encrypted... including the OS.
Citation?
File under 'M' for 'Manic ranting'
To me that is the very definition of a back door, apple can install arbitrary software on your phone without your consent. That is make your phone do whatever apple wants without consent.
Sam Harris makes some interesting arguments for forcing Apple to comply with the order to hack the phone
(he makes them during the 'clean-up' before then talking about a completely different subject)
https://www.samharris.org/podcast/item/meat-without-murder
Thoughts?
There was arbitrary Apple software on the phone when you bought it. If you trusted that code, why not trust updates ? And what good is your consent if you can't audit the code ?
Apple won't close it unless they need to in order to protect the walled garden. Apple has already silently caved to China. There is no principled stand here, just marketing.
They actually can't. All of the encryption is done in hardware and the storage is encrypted. The hardware can't read the storage without being provided the code.
Once you provide the code, then you possibly could read the bus to the storage.
To me that is the very definition of a back door, apple can install arbitrary software on your phone without your consent.
Um, what hardware do you have upon which it is impossible for someone with physical control of the hardware cannot install software? -and if your answer is, "but at least I can encrypt my data"-- you do know that the proposed software that the FBI demands that Apple write doesn't actually get them into the phone; it just gives them the opportunity to brute-force the password.
They can't.
There are 3 update paths :
- Over-the-air, which requires unlock of the device & knowledge of the passcode . This is the only remote method.
- Restore mode, over USB tether , which also wipes the data partition
- Device Firmware Update mode, which requires USB tether and does not wipe the data partition.
The FBI request it's basically framed to accept either the first or the third option (a lot of the caveats they frame are related to preventing other devices from downloading/running the update.
For DFU mode you reboot with a specific key combination on the device physical buttons. It is time sensitive, and requires physical possession. You then also need a PC or a Mac with iTunes to load the new Ipsw onto the device.
In DFU mode, the data volume isn't mounted, and the system volume is mounted read-write (in normal operation it iOS mounted read only)
The integrity of DFU mode relies on :
- Apple's signing keys
- the secure boot controls
- Apple not being a bad actor
If corporations are considered people (14th amendment), then forcing Apple to create a backdoor could be considered slavery.
This might surprise you, but the article is wrong.
If Apple complies with a lawful request from a government, they then have to comply with ANY lawful request from ANY government in which they sell their devices. That means the US, as well as China, India, Saudi Arabia, and on, and on.
Which brings us back to Apple's stance, and the real question, as to whether or that this is a lawful request.
A court can issue a warrant to search my premises. They could, potentially, hire someone to attempt to break into my safe. But they don't have the right to go to the manufacturer of that safe and require them to build a device that lets someone else crack the safe they can't figure out how to crack otherwise.
That's judicial overreach.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Whats needed is a new standard for ALL cell phones. The only data that the phone transmits is the absolute minimum for the phone to make and receive calls. No other data is ever able to be transmitted. ALL data stored on the phone is encrypted with only the user having the key. The only backup of user data allowed is to a flash drive, with the user having to provide the encryption key, and the data is stored on the flash drive in its encrypted form, that is not readable by any device without the encryption key. NO back doors in either the software or hardware. Updates can only be performed by the phone's user and require the user's encryption key. If someone gives an in correct key, after 10 tries the OS and all data is erased. No way to read the encryption key even with physical access to the phone.
The same standard should apply to tablets. I feel that a person's data belongs only to that person, and no corporation, government or agency should have ANY access to that data without the person's permission!
Yeah, yeah, that's what I've been telling people the last few days. The whole thing can be done by commenting out those two lines (or sections, whatever).
Then compile a patch using Apple's signing key. Then use DFU mode to stick it on the phone. All done!
This blog talks about DFU mode, in the comments someone says it will wipe everything, but then someone else explains how to do it without wiping. So it's totally possible and easy to do...
https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/
And Apple's signing key would still be secret, so this does NOT lead to any new security hole.
Found this related article to how iPhones are recycled. They attempt to first resell it secondhand. Wonder what happens to the earlier user's data there...
Link: http://9to5mac.com/2016/02/17/recycled-iphone-what-happens/#more-419378
The right to remain silent when you have the tools to make it so are what they see to put and end to.
Exchanging liberty for security is impossible But is how terror wins.
If the SE is designed correctly then even publishing the source code and signing keys will not allow recovering the encryption key.
That's what the S stands for!
-- I was raised on the command line, bitch
1. No warrant required in this case. The owner of the phone has given full permission for the cops to search it.
2. Apple doesn't need to develop any "new software". They just need to comment out 2 small sections of existing code. And the update would run on the 1 specific phone the cops have. It would not run on any other phone. Apple has the master key to sign updates, and any other requests (in future cases) would be completely separate.
ColecoCall strong.
Look, we've had CPU GPU level access to all your chipsets and even the controllers for your I/O since the 1980s, and we maintain those capabilities even today.
It's not that the FBI can't get access, it's that they have to request that access through another agency, and half of what caused 9/11 was FBI vs CIA vs mil TLD interagency distrust and backstabbing.
They just need to escalate the request through channels and use the tools we have for this purpose.
But they're too lazy and they don't want to admit they need help from other agencies, so they'd rather violate the Constitution themselves and steal all your data without legal specific warrants.
-- Tigger warning: This post may contain tiggers! --
You haven't read anything published by Apple on how it secures its products, have you ?
Ha! I'm over here with my Odyssey TinCan & String!
Err... Imma post this AC. :-/
Yeah, because we should just let this legal precedent go, because it will in no way ever be used to justify an expansion of this practice, and in absolutely no way would it ever be used to pressure a company not named Apple to do the same.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Isn't there always the option of reverse engineering at the hardware level? Authorities could always pop open the flash and then use an electron microscope to read the current state of memory. They could then either reverse engineer the whole thing, or, perhaps less expensively, clone it into another phone and cycle through the pass codes to find the right one. If the phone bricks, reinitialize and keep going, or use another cloned phone. Expensive, but at least this ensures that they'll only do this for phones they're **really** interested in cracking. I'm sure the CIA and NSA would have to do this with some of the (foreign) equipment they come across, so they must be pretty good at it by now.
I don't understand why the CIA hasn't kidnapped Tim Cook and taken him to gitmo where they can use the torture techniques that the Bushies and Trumpies all say work so well.
WTF is stopping them? Publicity? Do they need to defame Cook first, so everyone will go along?
Why the hold up? Gitmo awaits!
How about simply not trusting your data to a 4 digit pin code?
Upload new firmware, hack away, boot my iPhone without the 10 pincode attempt limit. If my encrypted data is secured with a sufficiently secure passphrase you can bruteforce it until the cows come home.
There is a lot of talk here for something that appears to be a non-issue if someone is actually concerned about their security to this level.
aiui.
the FBI want apple to create both a software update.
and the hardware required
to breach the phone security.
only apple has this "problem" because all the other os's have the functionality the FBI requires to breach them out of the box.
They are not claiming it yet. In order to successfully claim it they have to prove it and if course the FBI will try it's hardest to prove them wrong. So instead of trying the last resort they are trying this approach first, claiming that it cannot be done can always be done later.
Even though Apple drags its feet on breaking into the iPhone in question. It will eventually happen no matter if Apple does it or not. Apple does not hold the market on brilliant people who would eventually crack encryption and I would think the better solution would be for Apple to make a deal with the FBI to hold this ability and to also hold the decision to use it. Over the years all personal property is subject to review by law enforcement in a criminal case. Why is personal data any more or less personal? Not just in criminal cases, but loved ones wanting pictures, or personal data of a person who died. Why do we give family members so much grief about data and information on a device when a death certificate or Will allows all other access?
Anyone could install arbitrary code on your phone if they have physical access and architectural knowledge. Do you really think that Samsung, LG, or Sony couldn't do the same? Do you think they'd bother resisting a court order?
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
is not to play.
The fact that this topic is even up for discussion in this day and age pretty much guarantees that my next phone, will be the absolute dumb as a rock variety. It will make calls, it might have rudimentary texting ability, and the battery will most certainly be of the removable flavor.
The only folks who will truly lose out will be the likes of Google, Apple, Microsoft, etc.
They have to promote the idea your data is safe ( which is likely total BS ) so folks will continue to buy their hard/software.
When the trust goes, so do their profits. Make no mistake about it, THAT is their one and only concern. Money is the only motivating factor behind any of the aforementioned companies. Their claims about protecting us from $evil is merely to keep their little profit-makers from going into full panic.
... I haven't seen any definitive information indicating whether the update can be done OTA or must be done via a USB cable and booting into a low level mode. Either way, the fact that a device can have it's software and/or firmware updated without user intervention is a security hole ...
The court order specifically suggests several methods that Apple might use to comply. All ultimately involve physical possession of the phone in order for either Apple or the FBI to implement. For OTA and physical access alike, user intervention (authorized or not) is required. Furthermore, the integrity of the use of Apple's signing key is part of the security model, particularly for older devices such as the 5c in question. (Load whatever you'd like on newer ones - the hardware will still thwart brute force attacks.) If the government asks Apple to sign malware, even for good cause, they are asking them to intentionally weaken that model. Perhaps there are even issues of free speech involved since the government wants to force Apple to say (with its signing key) "This is legitimate, trustworthy software." in regard to something that is clearly not.
Fairly certain the phone in question has Secure Enclave (I believe they said 5s, and I think that was the first with it). If it was just in software, you could copy the phone's memory into an emulator and guess 10 passwords and then restore the VM to its previous state and start again. Secure Enclave makes attacks have to be on the phone because the PIN and UID are embedded in hardware and can't be read. An attack would have to update the firmware for Secure Enclave and at make the UID and PIN readable or at least make the PIN brute force guessable by disabling the counter. The PIN and UID are combined to PBKDF2-AES encrypt the device.
Technically the FBI could still brute force the phone off the device, but brute forcing PBKDF2-AES isn't easy, especially without at least the UID. Here's a blog post on it from a couple years ago. Apparently law enforcement didn't crack the phones in the past, just bypassed the boot and read the cleartext data. With full phone encryption that isn't possible.
Hmm... apparently it's a 5c, not 5s and that doesn't have Secure Enclave, I don't see why you couldn't just copy the phone into a VM and brute force the PIN. You could roll back the VM. Unless they have the UID stored in hardware like on the newer phones. Don't know.
Did some research - UID is hardware encoded on the 5c and the firmware implements the same functionality as Secure Enclave. Basically you need the same attack, just a different take on it.
Call the iPhone encryption breaking tool a lock pick. It's not technically accurate but so be it.
It doesn't matter, at all, who "owns" or has physical possession of the lock pick. Even if Apple retains 100% possession and control of the lock pick, and their own security systems ensure the lock pick is never obtained by others, it still doesn't matter!
Once the FBI knows that Apple has the lock pick, they will be calling daily for other phones for Apple to break open. Then the FBI, the CIA and the NSA. Then the DOD and every local police department. Then the agencies of friendly countries. Then the agencies of neutral and unfriendly countries. Then Anonymous, Hackers Collective, Black Hat, White Hat, you name it.
They will all have a story, and credentials of varying quality. Some will be complete fakes and frauds. Others will be entirely legit. The problem is, none of this is any of Apple's problem or business. Indeed this threatens Apple's business model, brand, and reputation for quality and security. And sorting out the fakes from the legit is the FBI's business, not Apples. Indeed this whole business is the FBI's problem, not Apple's!
This isn't about the phone of a pair of terrorists. The FBI has all the information they need about them. This is about the FBI recruiting someone else to do their job for them, and to create a mechanism to allow any iPhone to be broken into at any time. Once they get that Android, Windows Phone, Blackberry and anyone else are next. The FBI wants it all because they feel they own us all.
Forcible recruitment to do the State's bidding. I thought the United States was created to put an end to that kind of thing? Clearly though, the FBI knows what is best for us and we need sit down and do as we are told.
"Apple has updated the secure enclave with an iOS update in the past and added additional protection, so it presumably can do an update that would REMOVE protections on the SE. So the same scenario of this phone can theoretically be applied to any existing iPhone and not just a 5c."
THAT is the first sensible reason I've heard why Apple would chose to fight over this case, rather than simply throw up their hands and pronounce that of course they would follow the court order and a good thing it wasn't one of their newer phones that couldn't be broken (Hint: BUY, BUY, BUY our NEW SECURE phone...)
In other words it was never secure from the inside
You would literally need to go into the hardware, probably with some really really deep forensic analysis of the chip itself and read registers in the on chip memory all of which would likely destroy the chip before you could read anything.
And even that wouldn't help you, if you didn't have the passphrase, and there was enough entropy in the passphrase to make brute-forcing it impractical.
There is a very easy way to remove that folder. Download GWX_control_panel.exe and run it, and check off several boxes. Then turn off automatic updates. Download the WSUS Offline Update tool and generate update rollups to install periodically.
How feasible is it to build an encryption that is guarded by all users, so that if more than 80% of the users agree to "unlock" such device, then the decryption key is revealed? Cases like "Syed Rizwan Farook" will get the go ahead from most of the users, given that they know this decryption key only works for a particular phone. But then how do we safe guard this platform?
I've haven't owned an Apple device since my '86 Machintosh Plus. I've been thinking about getting myself an iPhone for some time now, but I think I'll put those plans on hold.
The fact that this type of bypassing of core security features has now been confirmed to be even possible makes it totally irrelevant whether it will actually be used. It's out there, we know it's possible. And frankly, I'm amazed this issue hasn't been discussed at all before the FBI brought it up.
Apple has lost a lot of credibility as a secure device manufacturer. I'm rather interested about how this will eventually reflect in their sales figures. It's a sort of strong indicator of how much the general population really care about their privacy.
-SR
This will bring forth a deluge of new encryption mechanisms. Say, an app that caters to ALL of your communications needs with encryption at the application layer. Who cares about the OS at that point?
And if the UID is stored in hardware does that really make it unreadable? There's a difference between hard to get and and read versus impossible. That's all they would need to fire the image up in emulator and they're done.
49% of those surveyed had never read "1984" or "Brave new World" and cannot "define police" state nor fascism.
You left out the relevant part in your quote: "for current gem hardware". The phone in question is previous generation hardware.
They should agree to comply, then brick the phone completely. 'Whoops!'
I bet they already have a backdoor that works
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
I hear it will survive 30 years buried in a New Mexico landfill.
There is a very easy way to remove that folder. Download GWX_control_panel.exe and run it, and check off several boxes. Then turn off automatic updates. Download the WSUS Offline Update tool and generate update rollups to install periodically.
Are you being facetious, or do you seriously propose that a series of steps most Windows users don't even know exist is a "very easy" solution?
Your idea of "easy", and my mother-in-law's idea of "easy" do not seem to be even remotely the same.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Software in RAM can only execute things that can be executed from RAM. From the 5S on, the lockout and wipe features are in hardware, not software. Firmware updates are the only way around that.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Have you tried entering a long passphrase on your phone for normal use? Heck, have you tried using a long passphrase? When I've tried, it's either a direct quote from something or I will get some element wrong at least half the time. Neither is good security.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
That's nice. My point remains: restricting firmware updates is neither necessary not sufficient to secure a phone; it is in fact irrelevant. If Apple added other features to make their phones secure, all the better
You claimed that software could be loaded into RAM and run from there. If you want to break into a 5S or later, you will find that the lockout and wipe features aren't in normal RAM, but exist in the Secure Enclave, so the only way to disable those features would be to modify the Secure Enclave. Making the Secure Enclave immune to firmware updates if the PIN isn't known protects against the attacks I can easily conceive (although I'm not a security guy, so that may not be as impressive as it sounds).
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
"!battery horse staple" works fine and can be entered via swipe almost as easily as any pin code.
Correct. And what that means is that the security of the iPhone 7 PIN code is not due to the fact that "it uses SE to authorize any OS update". The authorization of firmware updates seems to be working even on the iPhone 5c, otherwise the FBI wouldn't be asking Apple for signing the udpated firmware. Security of short PINs relies on verifying the PIN in a secure enclave, nothing more. Signing OS upgrades is something Apple does because they are control freaks, not because it is necessary for making the cryptosystem work. That is, the reference to "OS updates" in the title is spurious and irrelevant.
Apple signs OS upgrades because it's good security practice, not because Apple is control freaks. Apple has a very strong interest in making sure people aren't victimized by bogus changes.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Well you're entitled to your opinion. In any case, as I was saying, it is not necessary to make the cryptosystem work, and the cryptographic security of the phone should not depend on signing updates.
So, you are changing the definition of secure. You can have it your way, but now we are comparing apples and oranges (that's apples without the capital "A".)
Signed OS upgrades make it a lot harder for bad guys to subvert iPhones, as well as harder for competent people to install their own OS version. It works both ways, and different people will care about different things. For Apple's target audience, protecting against bad guys is by far the more important thing. That doesn't make them "control freaks".
And, yes, the security should be such that it can't be bypassed with a signed software update, and I'd expect to see Apple move in that direction. We'll have to see.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
One would hope that you'd help your mother-in-law. By 'easy' I meant that you don't have to root around in permissions to delete the folder. Before I learned of that easily located executable (that doesn't even need to be 'installed', simply downloaded and run-in-place) I tried to delete the folder and found even with admin access on my own box I couldn't.
So I would hope that you'll help your m-i-l and not just harp on her about 'Install Linux' or something really arcane and difficult.