Slashdot Mirror
Apple Is Said To Be Working On an iPhone Even It Can't Hack (nytimes.com)
An anonymous reader writes with this story at the New York Times: Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts. If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year's San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.
In case I wasn't clear with my above post. This is the physical version of what I'm talking about.
Two of my imaginary friends reproduced once
People can talk secretly. Over large distances. The sooner the government comes to grip with this simple fact, the better.
Someone had to do it.
I think it depends on the OEM. There are factors such as whether the device storage is encrypted by default, whether the bootloader is locked by default, what kind of security hardware is available on the SoC and whether it is used, whether exploits are patched, whether there is a continuing roll out for discovered exploits, whether updates are automatically installed w/o authentication, whether the baseband contains known exploits and attack vectors (cough), etc.
So there's no one answer because there's no one Android device and many phone OEMs (and the manufacturers of the underlying hardware platform) may be implementing security to different degrees. Though many of these considerations do have google guidelines and policies in place, some of which may be enforceable via google compatibility tests, there is a wide spectrum of what you can expect from Android generally speaking I think.
You might look to Google's policies and recommendations, and more importantly their Nexus devices themselves as models for what they consider best practices to be. Then there is blackphone and other distros that have security as their primary focus, so they may be good to consider as well.
-------------------
This is my SIG. There are many like it, but this one is mine.
Apple's encryption is still very secure. It hasn't been broken, and even Apple won't be able to break it for the FBI. What the FBI wants Apple to do is hack the unlock code for them.
The only "vulnerability" is this case is that Apple potentially has the ability to push new firmware onto this model of iPhone (the 5c) using its own signed certificate, even if the phone is locked. The FBI wants this new firmware to do two things: (1) bypass the "10 wrong tries on the unlock code and the iPhone erases itself" routine and (2) reduce the time interval between unlock code entries. Once this is done, the FBI will brute force input combinations until the iPhone unlocks.
The only problem is that Apple hasn't written this firmware. Even if the firmware existed, you'd need Apple's own certificate to push it onto the iPhone. So the iPhone is still quite secure, relatively speaking, provided the courts don't compel Apple to develop a forensics tool for the FBI at Apple's expense.
Of course, Apple doesn't want this situation to ever, ever happen again. You can bet the iPhone 7 will plug this potential vulnerability by making it impossible for anyone to push firmware onto a locked iPhone, even with Apple's own certificate. At that point, the FBI will no doubt petition Congress to legislate that Apple (and Google, Samsung, LG, etc.) provide a means for altering the firmware of any smartphone sold in the U.S., on court order. And that's when this fight will really get interesting.
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc. where would you stand then? You do grasp the concept that a security vulnerability may be exploited by any actor, at any time, not solely the "right and just" United States government after receiving a lawfully obtained court warrant?
Well said. We give up what little privacy we have left at our own peril. Here you have a door they want opened. They will probably succeed at forcing it open. At first it will be a few phones, but then it will be an automated process. Then that won't be fast enough, and it will be a portable device. Then the device will be copied and it will be used all over the world at every checkpoint. I wouldn't be surprised now if certain customs agents don't demand the unlock code to get in the country, and then silently clone it. With the automated tool they wouldn't have to demand. Just drop the phone in the "terrorist detector" and watch it scan for anything of interest. That anything of interest could easily be not sufficiently praising some group or another. Got a phone they can't crack, well that is a presumption of guilt. Better lock you up till you open it up for them. And all that is ignoring the possibilities of governments around the world simply collecting contact lists of people and such, so they can better target their espionage efforts, and of course if there is actual company IP on the phone, they will want that too. What, your phone's browser stored the username and password to access a work related site? Well, better get that too. Could drain a bank account with that info too, depending on what is on your phone. (All of this also applies to laptops and everything else of course. A phone isn't all that different from a computer these days.)
The government does NOT have the right to what you know (5th Amendment).
This only applies to self-incrimination.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
I appreciate someone who takes the big picture view and I wish more people were. That said, there are a few points I think are worth adding.
You can be compelled to provide a fingerprint under the current legal system in the US.
(I looked for a better legal reference, but this is a summary http://blogs.wsj.com/digits/20...)
Technically what you know might be called a key, but it's clearer to refer to it as a password or passcode because it is a small piece of information used to decrypt a large key. The large key is a randomly generated string of characters that is held in memory by the phone after the passcode is entered. That real key is used to decrypt the information on the device directly, while the password or passcode is used to decrypt the key. That's important because backdoors are usually considered to be ways of sharing the key with someone rather than the password and because the key is not something most software, like phone software, makes visible to the user. When you change your password or passcode, the phone doesn't get re-encrypted which would take a long time, just the key gets re-encrypted.
It is also worth noting that the 5th amendment doesn't protect you from having to provide what you know to the government; it only protects you from self incrimination. You can be forced to testify against your desire in cases where your testimony doesn't incriminate you. This is an important distinction to make since it prevents people from testifying against friends or people who share your viewpoint when you haven't done anything wrong but might sympathize with them. (Citation: Matlock)
If Apple had the key, they could be compelled to share it with the government. If they don't then they can't. What Apple could create is software that the phone would load without needing a password which would make the process of guessing the passcode easier and not result in a loss of the keys due to incorrect guesses. That's why Apple is focusing on not wanting to create hacking software rather than saying they refuse to provide information they already have.
What many in politics want is for Apple to keep a copy of the actual keys for each phone they sell and turn those keys over to law enforcement. Apple doesn't want to keep the keys, let alone be required to build a system that shares them, but if Apple wins this case, you can expect that will be the next demand.
iPhones are only secure within themselves. If I send you a text, that's open and easily interceptable.
Military needs secure comms, not secure storage.
(Well okay, they need both... But the storage is cheap and easily handled)
This signature is false.
Don't forget though, Ben Franklin is someone who never had his liberty or his safety threatened. It's an easy platitude when you've got both.
One would think that his involvement with the US Declaration of Independence, the revolution, etc., would certainly be evidence that he felt his safety and liberty were threatened.
"Ben Franklin is someone who never had his liberty or his safety threatened"
Say fucking what? February 15, 1739: Franklin’s home was robbed by William Lloyd. November 24, 1737: Franklin and others organized a volunteer militia – the Associators – for the defense of Pennsylvania. December 23, 1750: Franklin was severely shocked, while electrocuting a turkey. June, 1752: Franklin, who has not yet heard of the French success of his 'sentry-box' experiment, experiments with flying a kite in a thunderstorm, and also proves that lightning is electrical in nature. September 16-17, 1765: Franklin’s house threatened by Stamp Act protestors. Deborah refused to flee, and the mob was dissuaded by 8oo Franklin supporters ready to combat them.
Franklin has had his liberty and safety at risk more times than you can possibly imagine. these are just the documented and notable ones.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Whether we are to be secure in papers in our houses, our strongboxes, or letters, or text messages is simply a game of semantics. These are all communications we intend to hold privately ... and therefore the government has no right to them.
Um, not quite. The government has every right to search through your papers -- and, by extension, through your iPhone -- for evidence of wrong-doing which may be used against you in a court of law upon obtaining a warrant to do so from a court of law. There is a process which must be followed in order to guarantee your right to liberty and freedom from unreasonable search and seizure. If they've convinced a judge that such a search is necessary, however, your information, whether in paper form or electronic, is an open book, and you as an American citizen, accede to that process as a necessary protection for society under the rule of law.
[posting anonymously to preserve mods]
What I haven't heard yet is where Android lands on the security spectrum. Are they already as or more secure than what the rumors are now saying Apple is trying to achieve? Are they as or more secure than where Apple is right now? Are they as or more secure than where Windows is right now?
Android devices with L or M are roughly as secure as the pre-Secure Enclave Apple devices (like the 5C). That is, the security software is all in flashable components which are signed, and if the holder of the signing keys can be coerced into signing a custom image, it's possible to bypass all of the anti brute-force protections. Brute force is still necessary, then, but it's trivial for four-digit PINs and may be feasible even for better passwords (or patterns).
That's in general. Some OEMs have gone a bit further, such as Samsung's KNOX. I don't know the details and can't comment on whether or not they actually improved the security above the baseline required/defined. by Google.
I'm the Google Android engineer responsible for lots of these bits.