Slashdot Mirror
McAfee Says He Lied About iPhone Hacking Method To Get Public Attention
blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."
Obviously. Move along.
How can anyone take this shitload seriously from now on though, if ever anyone did?
Aside from outright admitting it, what else is new?
But we already knew that.
He should run for president if he is willing to lie so blatantly. Oh, looks like he already is.
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
A narcissistic jerk lying for attention? What is this world coming to? Next up we'll hear that some useless Hollywood slut has publicly posted nudes to get in the headlines again!
He is trying to get attention by being honest? That's brand new it seems.
No. Shit.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
I'm shocked, shocked to find that gambling is going on McAfee lied here!
And so he really can crack the iPhone's security.
If I can't believe everything John McAfee says, there's no point in living!
Now, if you were *really* going to be a genius at getting in a snarky comment to make yourself seem intelligent, you'd go back in time to the article where his now-disavowed claims were originally covered, and you'd post all about how you know it's a lie from the outset, rather than boost yourself up in hindsight.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Mc-Afee not MAC-A-fee
That iPhone might be infected with the Michelangelo virus.
Your dog wants steak.
How to uninstall McAfee
In other news, water confesses to being wet, Obama swears Guantanamo is going to close, and Donald Trump says something stupid!
...the only question people have isn't actually whether or not he's telling the truth, but why people would put their faith in him in the fucking first place.
They're both human caricatures at BEST. What are John McAfee's accomplishments at this point? Being on the run from a murder charge in Belize, being hooked on bath salts and lying his face off only to admit it was for a "shitload" of publicity a few days later. On the antivirus product that bears his own last name, he himself has said that it's so useless and irritating that it's one of the first things he uninstalls.
The whole reason anyone seems to even pay attention to McAfee is that he demands it from them, he doesn't have anything worthwhile to say. He doesn't have some hacker think-tank at his disposal as he implies (I'm guessing that was a desperate bid to get the attention of someone in #anonops). He doesn't have anything to add to the discussion besides his presence, which I'm sure he charges quite a reasonable rate for. He's a drugged out, damaged lunatic. You meet plenty of them on the street every day to work depending on where you live, yet I doubt that level of familiarity would leave you to trust them to decrypt an iPhone. You probably wouldn't trust them to tie their own shoes.
Great a "successful rich dude" running his mouth, trivializing a technology issue that he is supposedly an expert on. So now we have more dangerous idiots like Donald Trump running for president and thinking they are being righteous by attacking Apple in no small part due to the distorted flamebait coverage that was presented as news what two weeks ago? Great.
Mr McAfee you have made this nation less safe with your poor representation of the facts. Way to go.
First the FBI wants access to the phone. There is no "advanced encryption" involved. What they cannot do is try PINs because of the feature that erases the data if too many wrong PINs are entered. What is needed is a (what Apple is calling a new operating system - a truth statement hiding a lie) IOS update that would (1) disable the erase function and/or set the PIN entry to off or a known value, shut off WiFi and Bluetooth, and (3) auto install and reboot the phone - no "an IOS update has been downloaded, install now/later" prompt. Basically using the back door that Apple currently uses to push updates.
Given source code and the details of IOS update process, any programmer could probably do it.
In fact, there is no reason Apple is not already using that backdoor to install software or extract user personal data now - except they say so.
That's because he's running for president!
Called it
I thought McAfee's position was more along the lines of "Look at me! Look at me!" with the idea that he could say any old shit, get the attention he craves and then not have to deliver anything as no-one in their right mind would let him near that phone.
Not that it was particular hard to call.
I am Slashdot. Are you Slashdot as well?
He is trying to get attention by being honest? That's brand new it seems.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
Jumpstart the tartan drive.
Aside from outright admitting it, what else is new?
At least he didn't kill anyone this time.
We hope
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Better than getting it by killing his neighbors.
The world's burning. Moped Jesus spotted on I50. Details at 11.
So his coders are shit must be why the software is so slow.
was "a batshitload of public attention".
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
he's trying to bring attention to the issue, that the FBI is trying to fool everyone into thinking they cannot crack an iphone.
“That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
“So I come up with something sensational,” he continued. “Now, what I did not lie about was my ability to crack the iPhone." ...
Later in the interview, McAfee described his method, which involves “decapping” the phone’s processor and acquiring the device’s unique identifier (UID), that may allow someone to brute force the phone’s password
he's not wrong either. a grad student explained this in a blog post from October 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency)
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
Anons need not reply. Questions end with a question mark.
Adobe writes the shit software, and they own the trademark. He disavowed their software a long time ago and has nothing to do with making it.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
We should make this guy President and give him his own unreality show!(*)
(*) see what I did there with the subject line?
I'M SHOCKED!
It's not a lie when stated in a uber-confident drug induced stupor. McAfee is a master of this state of being. He's not a liar, just an asshole.
I'm confused. From the stories, he claimed to able to crack the iPhone without Apple's help. Then he said he lied about that. But then reaffirmed that his people would be able to crack the iPhone.
What am I missing?
His admission is a false flag double cross reversal.
He wanted to draw the FBI's attention away from Apple, but doesn't want them to know that he can totally hack the shit out of iPhones with social engineering. So he:
1. Claims he can hack the shit out of iPhones with social engineering.
2. Gets attention from the world and its dog.
3. Tell the FBI it was totes a lie.
4. ????
5. Bath salts.
Americans have long been free to invent their own pronunciations of their names. Just ask Coh-lin Powell, for example.
Admittedly Scar, Pennywise, or Joffrey Baratheon would better fill in the gaps in Trump's "skills", but they're all dead....and also fictional, though that distinction doesn't seem to stop the Trump train.
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
That's right. I pronounce my name as "Supreme Ruler of the Universe and Beyond, bow when You Gaze Upon Me" and anyone who pronounces it as "David" is wrong!
"So long and thanks for all the fish."
He said he was going to get it via social engineering. How was he going to social engineer the passcode from a dead guy anyways?
Maybe he's got the FBI job, and the first order of business is to discredit the possibility of being able to hack into an iPhone.
/. community is of the 'fact' that he was indeed lying.
I am surprised by how accepting the
On a less factious note: In the days when iPhones had exploitable boot loaders, one could boot a version IOS in RAM, that let you brute force the PIN as long as you wanted to without wiping the phone. On iPhone 4 it took about 29 minutes to try all 4-digit combinations from 0000 to 9999. (The default PIN length at the time)
The only two things stopping you today from still doing this is: 1) the lack of a known vulnerability in the boot loader, thus requiring your "Special IOS" to be signed by Apple; and 2) changes to the H/W crypto chip in new models that force longer and longer time outs before you can try another PIN.
Although retries get longer, I don't think there is any limit set, in hardware, on how many retries you can have (yet); that's still handled by IOS.
I wonder if this announcement is to also, Bogus..
the cross to the double cross?
I personally think it's a ploy.
John is not dumb.
This does not sound like a plausible explanation..
Or, maybe he got a offer he could not refuse..
"Everyone" has something they cant refuse.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
No, that simply makes you an incompetent liar.
Live today, because you never know what tomorrow brings
As an admitted liar, how can we possibly trust him enough to believe that he lied?
File under 'M' for 'Manic ranting'
He should pull a Prince[*] and change his name to : !
/.'s lousy Unicode support!!!
[*] curses, foiled again by
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
My wife doesn't buy that either.
Which puts him on par with all the other people running for president. Anyone seeking the US presidency should by default be disqualified and thoroughly investigated by the IRS, and the FBI.
errr....umm...*whooosh* *whoosh* Is this thing on ?
As I've told you before, social engineering the passcode wouldn't seem hard IF you think you have a TIME MACHINE.
Knowing McAfee, it would probably be in his hot tub.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
John McAfee: "Everything I say is a lie!"
But if everything he says is a lie, then his statement is a lie. Except we know it's the truth so, then all his statements are lies, resulting in...
Stack overflow. Error 0xFe03009C
Head explodes.
He's in good company, as it's quite obvious the FBI is also lying about this being only "about one phone", "cyber pathogens" (whatever that is...), and has even admitted that there is probably nothing of use on the phone. They claim it's only for this one phone, but the FBI also claimed they never surveilled Martin Luther King Jr either until Congress drug it out of them almost 10 years later. This court order is only for this one phone, but there is no assurance that there won't be multiple "writs" after this, from the FBI and every other law enforcement agency in the US. The shooters made a point to destroy their personal phones; if there was anything on this phone it too would have been destroyed.
Apple's only way out is to change their system so that what the FBI is asking for is impossible from here forward.
I imagine what really happened was that he was visited by a bunch of men in black suits ready to cart him away to break iPhones for the government. Naturally he did not want to do that so is now lying.
BTW My 17 year old broke into my locked iPhone in 2.5 hours this past weekend.
Maybe he's lying about lying about lying to make us believe he's lying, when the truth is plainly obviously.
People who lie about lying are used to having people not trust them, as they are not trusted by me,
so I can clearly not choose the lie before me. But which one?
IT HAS WORKED! YOU'VE GIVEN EVERYTHING AWAY! I KNOW WHERE THE LIE IS!
- Vizzini
Bet: If Ted and Marco are honest, I'll install Windows 10.
Table-ized A.I.
Oh I have to hang my head in mourning. It sure is a sad day.
McAfee is now as useful and trustworthy as the product carrying his name.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
McAfee isn't looking to unlock a phone, he's attention whoring to see if he can get onto Trump's ticket as VP. Trump want's someone like him, but with worldly experience. A good bullshitter and self-marketer is his perfect match, he just needs someone with a little less crazy than the bitch from Alaska. And in steps McAfee...
Here it seems journalistic uberfailure is hidden by an accusation. If you are upset about the lie you have not payed attention. This 'journalist' has zero intergity, it is an exercise in vanity, it's like he expects John McCaffee to give him something interesting.
I would have hung up much sooner, as soon as the dishonest questions of veracity started. You don't ask someone for the weather and then say 'but can I trust you?' When looking at a shared reality there is no trust required, McCafee doesn't want your trust in his word, he wants you to open your eyes to the risks to your life.Fire that guy.
So why does anyone even give John McAfee an interview anymore, let alone write about the bullshit he spews in those interviews? The man is an endless fountain of bullshit, and his grasp of reality seems tenuous at best these days.
I'm pretty sure it's pronounced "mal-ware."
Why isn't he running for president??? He's in the wrong line of work!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
The guy who said he was going to break in via social engineering when the only people who know the passcode are dead was lying? Wow. Never saw that coming.
Maybe he wants to go to prison for perverting the course of the justice... under terrorism laws, in guantanamo...
I think that he did think he knew how to break into an iPhone. But then after his interview, he found out that breaking into a modern mobile device is not the same as breaking into a computer back in the 80s and 90s, so he's just trying to save face.
The Internet King? I wonder if he could provide faster nudity.
McAfee should have just stayed in seclusion. The guy is the founder of McAfee security. One of the most pathetic security software suites of all time. Come to think of it, Intel has nothing with McAfee security either.
Nobody believed a word of it ^_^
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
He's announced that he's ready to fight Mike Tyson.
He says he simplified the method so a stupid reporter could understand some of it.
On the newest iPhones (A7 processor and newer), the Secure Enclave enforces the rules. This is a coprocessor chip with code baked in during manufacture and is implicitly trusted. It also has the AES-256 algorithm and key that protects the storage. The key is locked in the silicon with no way to extract it; the chip manufacturer doesn't keep it and Apple never has it. In order to access the encrypted storage, the request must pass through the SE. The class keys that are used are derived from the baked-in key and the passcode. 10 invalid passcode attempts and the chip will erase the encryption keys.
For a much better description, read this: https://www.apple.com/business... starting from page 10.
For the San Bernadino killers' iPhones, they have older iPhones where this is logic part of the iOS software. Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do. Had the murderers been using an iPhone 6 (or maybe even the iPhone 5S) not even Apple would be able to break them. The only options I see there might be physically dissecting the chip and somehow reading the bits from the flash storage in the chip. That's been done on the older, unsophisticated chips like those found in credit cards, but I've never heard of a researcher able to read data from the nanometer-scale chips in use in the Apple CPUs. Maybe the NSA has someone in house who could do that, but we civilians have no way of knowing what goes on in those labs.
John
once his hacker buddies sobered up from binging on coke and meth and anything else paid for by their best bud's fortune, they told john.. 'hey bud, sorry to disappoint. but that's impossible without apple's help''
Sounds a lot like what Donald trump is doing. Making stuff up for attention.
Clearly there's bath salts in both cups.
...the perfect crime.
Why does he even get a mention on /. if everything that comes out of his mouth is suspect?
Can't they just pull out the hard drive and brute force it?
"No, no, no, it's spelled, 'Raymond Luxury Yacht', but it's pronounced 'Throat Warbler Mangrove'."
Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do.
Yes. Except one thing.
Loading a recovery image requires putting the device in *Recovery Mode*, and that's a hardware DFU mode whereby you talk to a small piece of firmware whose only job is to overwrite the Flash contents.
It doesn't load shit into RAM and run it in order to overwrite the flash contents while preserving data: it's a *RECOVERY* mode, not an *UPDATE* mode. It's what you do as a last resort, assuming you backed your crap up to the iCloud, because if you didn't, that shit is *gone*.
To do an *UPDATE* without overwriting the user data portion of the flash contents, you talk to the *ptpd*, which implements the DFU protocol at a higher level, in user space. How do you do that? Well, first, you have to make the ptpd willing to talk to you (or iTunes). How you you do that?
You UNLOCK the frigging phone.
So to load the image that the FBI wants Apple to write for them, and then to load, you'd have to unlock the phone to enable you to unlock the phone.
Cluebat here. Knock knock knock... is that you, head? Yeah, there's two DFU implementations in the iPhone. What? You didn't know that? Well now you do. Yeah. Yeah. We can write the image you want us to write, and then we can load it onto the iPhone, but to do that, it will wipe out the very data you seek. What? No, we can't make monkeys fly out our ass... I think you are confusing us with Jim Carrey in that movie "Bruce Almighty".
People really do not understand technology... especially technology designed to prevent exactly the type of thing the FBI wants done.
Can't they just pull out the hard drive and brute force it?
How much time have you got, because you are talking a 256 bit AES key that uses a UUID in the processor and a GID for the device model and a PIN from the user to generate there... You can fake the GID, but good luck on that whole UUID thing... you left that behind when you pulled the flash chip out of the device that had the processor the UUID lives in.
and haters gotta hate. Or so goes the saying.
Listen, McAfee didn't snort half a kilo of coke and Xanax off a Malaysian hooker's ass and go on a vision quest to find the Spear of Destiny to ultimately defeat Satan and ISIS, just to be made fun of by the likes of Slashdot. Me and McAfee are leaving, and we're taking this eight ball with us. #ImWithMcAfee
Can someone spend 10 seconds of my tax dollars and drone-strike this fucking crackhead?
... the press stopped reporting the shit said by people that have been busted lying publicly.
No, he's lying about lying. He really thought he could hack the iPhone, but when he realized that everyone thought his approach was BS, he decided to claim that he was just lying to get attention.
Supposed to encrypt only your bzip'd tarball home directory, not make the entirw mountpoint unusable. Itis as though Syria sent someone into the semi-conductor industry to assure computer hardware developments to mirror the terrorist activities of immigrangs and non-native Apple customers... what is to be expected with this k ind of software underhandedness? People dont hide gardening and food recipe secrets this way...they put the secrets in plain sight where others would not understand. Apple is just another extension of a foreign military presence. Just call me out on this: how does this level of so-call security change the habbits of Apple customers-owners-
In other words, he's the Donald Trump of IT.
It's so close to being libel or slander... I might say he defamed Apple by claiming he can crack the iPhone.
I mean, come on. This guy has history of being mentally stable, producing top notch products that have never trashed anybody's PC on install (and certainly not mine, I mean unless you count the literal entire week I had to spend restoring over 4 dozen workstations that time in 2004 after an "important upgrade" to our McAfee AV program that utterly trashed them...ahh good times), never being involved in any kind of homicide, and certainly being someone you'd be comfortable letting your children be around.
In all seriousness, put this mentally ill fuck in a padded room and the world will be a safer place.
No. Brute force has limits.
The storage is in Flash RAM, not a hard drive, but they can probably get a copy of the encrypted data. That's not a problem.
What is a problem is that AES-256 has no known weaknesses for this kind of situation. AES-256 in this case means the key is exactly one random number between 0 and 2 to the 256th power (2^256). That's not just a big number, that's a mind-blowingly big number. kIf every molecule in the entire universe was an advanced supercomputer capable of testing a billion billion keys per second, and had been testing every second since the moment of the big bang, you still wouldn't have found the right key yet.
They can brute force the PIN, but only with cooperation of the OS.
John
Just say, in response to whatever bullshit they have to say:
"Um, sorry, but who the fuck are you again, and why the hell should I give a shit!"
Cringeley said in his most recent blog post that he trusted McAfee to be able to do this. Seemed a bit foolish at the time ...
Clinton is a square shooter! Clinton for 2016!
The FBI's request relies on there being some as yet undisclosed security flaw which would enable Apple to load the software into memory on the iPhone and execute it from there. Your claim of impossibility relies on there being no security flaw (currently undisclosed, or even currently *unknown*) that would enable such.
Too many drugs done all the time sapp your thinking ability.
If the train set they would be playing with wasn't so big and important, it would be worth it just to see the wreck.
The FBI's request relies on there being some as yet undisclosed security flaw which would enable Apple to load the software into memory on the iPhone and execute it from there. Your claim of impossibility relies on there being no security flaw (currently undisclosed, or even currently *unknown*) that would enable such.
The current Jailbreaks for that model and later are *tethered* jailbreaks. This means that the iPone must be *unlocked*.
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
When the CPUs were revised, this *known flaw* in Samsung's verified boot code path in the mask programmed ROM was fixed, which is what necessitated tethered jailbreaks. It was not worth the cost of spinning the chip earlier, given that some phones would have the untethered jailbreak vulnerability, and others would not.
--
I have repeatedly stated that it was "within the realm of possibility" and used "if possible"; I have *NEVER* stated "impossible*, only implied it.
And when challenged to find and disclose such bugs, should they exist, to the FBI, I side with Apple: Fuck. Off.
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
BTW: To do this, you *STILL* had to overwrite the bootloader itself in Flash. And the way that NAND flash works is you reset a block to all 1's (and it has to be the entire block), and then write 0's out where you don't want 1's. So all you have to do is put a TEA sum and the 10 count in the bootloader block, and even with the hardware DFU mode, you've screwed the ability to do an untethered jailbreak, unless they wrote an entire new bootloader. Not that this iPhone model has that flaw in the first place.
www.iphoneasyunlock.com