Slashdot Mirror
McAfee Says He Lied About iPhone Hacking Method To Get Public Attention
blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."
Obviously. Move along.
Aside from outright admitting it, what else is new?
But we already knew that.
He should run for president if he is willing to lie so blatantly. Oh, looks like he already is.
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
A narcissistic jerk lying for attention? What is this world coming to? Next up we'll hear that some useless Hollywood slut has publicly posted nudes to get in the headlines again!
He is trying to get attention by being honest? That's brand new it seems.
No. Shit.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
I'm shocked, shocked to find that gambling is going on McAfee lied here!
And so he really can crack the iPhone's security.
If I can't believe everything John McAfee says, there's no point in living!
Now, if you were *really* going to be a genius at getting in a snarky comment to make yourself seem intelligent, you'd go back in time to the article where his now-disavowed claims were originally covered, and you'd post all about how you know it's a lie from the outset, rather than boost yourself up in hindsight.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Mc-Afee not MAC-A-fee
That iPhone might be infected with the Michelangelo virus.
Your dog wants steak.
How to uninstall McAfee
That's because he's running for president!
Called it
I thought McAfee's position was more along the lines of "Look at me! Look at me!" with the idea that he could say any old shit, get the attention he craves and then not have to deliver anything as no-one in their right mind would let him near that phone.
Not that it was particular hard to call.
I am Slashdot. Are you Slashdot as well?
He is trying to get attention by being honest? That's brand new it seems.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
Jumpstart the tartan drive.
Aside from outright admitting it, what else is new?
At least he didn't kill anyone this time.
We hope
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Better than getting it by killing his neighbors.
The world's burning. Moped Jesus spotted on I50. Details at 11.
So his coders are shit must be why the software is so slow.
was "a batshitload of public attention".
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
he's trying to bring attention to the issue, that the FBI is trying to fool everyone into thinking they cannot crack an iphone.
“That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
“So I come up with something sensational,” he continued. “Now, what I did not lie about was my ability to crack the iPhone." ...
Later in the interview, McAfee described his method, which involves “decapping” the phone’s processor and acquiring the device’s unique identifier (UID), that may allow someone to brute force the phone’s password
he's not wrong either. a grad student explained this in a blog post from October 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency)
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
Anons need not reply. Questions end with a question mark.
Adobe writes the shit software, and they own the trademark. He disavowed their software a long time ago and has nothing to do with making it.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
It's not a lie when stated in a uber-confident drug induced stupor. McAfee is a master of this state of being. He's not a liar, just an asshole.
I'm confused. From the stories, he claimed to able to crack the iPhone without Apple's help. Then he said he lied about that. But then reaffirmed that his people would be able to crack the iPhone.
What am I missing?
Admittedly Scar, Pennywise, or Joffrey Baratheon would better fill in the gaps in Trump's "skills", but they're all dead....and also fictional, though that distinction doesn't seem to stop the Trump train.
That's right. I pronounce my name as "Supreme Ruler of the Universe and Beyond, bow when You Gaze Upon Me" and anyone who pronounces it as "David" is wrong!
"So long and thanks for all the fish."
why people would put their faith in him in the fucking first place
He's an eccentric, deviant asshole in a very refreshing sort of way and his talking points appeal to critical thinking (as opposed to Trump's, which are clearly right out of Mein Kampf)...
Maybe he's got the FBI job, and the first order of business is to discredit the possibility of being able to hack into an iPhone.
/. community is of the 'fact' that he was indeed lying.
I am surprised by how accepting the
On a less factious note: In the days when iPhones had exploitable boot loaders, one could boot a version IOS in RAM, that let you brute force the PIN as long as you wanted to without wiping the phone. On iPhone 4 it took about 29 minutes to try all 4-digit combinations from 0000 to 9999. (The default PIN length at the time)
The only two things stopping you today from still doing this is: 1) the lack of a known vulnerability in the boot loader, thus requiring your "Special IOS" to be signed by Apple; and 2) changes to the H/W crypto chip in new models that force longer and longer time outs before you can try another PIN.
Although retries get longer, I don't think there is any limit set, in hardware, on how many retries you can have (yet); that's still handled by IOS.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
No, that simply makes you an incompetent liar.
Live today, because you never know what tomorrow brings
As an admitted liar, how can we possibly trust him enough to believe that he lied?
File under 'M' for 'Manic ranting'
He should pull a Prince[*] and change his name to : !
/.'s lousy Unicode support!!!
[*] curses, foiled again by
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Which puts him on par with all the other people running for president. Anyone seeking the US presidency should by default be disqualified and thoroughly investigated by the IRS, and the FBI.
errr....umm...*whooosh* *whoosh* Is this thing on ?
As I've told you before, social engineering the passcode wouldn't seem hard IF you think you have a TIME MACHINE.
Knowing McAfee, it would probably be in his hot tub.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
He's in good company, as it's quite obvious the FBI is also lying about this being only "about one phone", "cyber pathogens" (whatever that is...), and has even admitted that there is probably nothing of use on the phone. They claim it's only for this one phone, but the FBI also claimed they never surveilled Martin Luther King Jr either until Congress drug it out of them almost 10 years later. This court order is only for this one phone, but there is no assurance that there won't be multiple "writs" after this, from the FBI and every other law enforcement agency in the US. The shooters made a point to destroy their personal phones; if there was anything on this phone it too would have been destroyed.
Apple's only way out is to change their system so that what the FBI is asking for is impossible from here forward.
Bet: If Ted and Marco are honest, I'll install Windows 10.
Table-ized A.I.
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Cite?
I see absolutely no reason that disassembling the hardware breaks the chain of evidence. Said disassembly just has to be done by experts who will testify to the steps they used to extract the data and that the device was not out of their control. The NSA might not want to testify to the means used, I suppose, but I don't see why not because this is a really straightforward process. It requires specialized skills and tools, but nothing not present in many university research labs.
1. Remove the flash chips and connect them to a controller to copy the contents (which are encrypted).
2. Remove the CPU, and shave off the cladding to expose the silicon wafer inside.
3. Shave layers of silicon off to expose the non-volatile storage containing the key (likely micro fuses, which are relatively large compared to other features).
4. Use an electron microscope to read out the key bits.
5. Combine all possible passwords with the key bits in the manner done by Apple's software to produce all possible candidate encryption keys.
6. Perform trial decryptions of the data obtained in step 1 with all of the keys to see which one works. Or Apple may have another mechanism to determine if the key is correct[1].
There's nothing here that requires secret knowledge, and nothing that would somehow break the chain of custody. Before you can do this on the target phone you need to do it on a few others so you can identify the location of the key in the silicon. After you're done, you may also need to make some information theoretic arguments about the possibility that you screwed up and found something that wasn't the key but still produced plaintext that looked like actual data. Those are very easy.
So, no, this isn't about chain of evidence. For that matter, it's unlikely that any data on the device would ever be used to prosecute anyone anyway. The (purported) goal here is to get leads that may identify other conspirators, and if that were to happen it would almost certainly be other evidence, found as a result of following those leads, that would be used to prosecute the other conspirators. The "fruit of the poisoned tree" issue that comes up with illegally obtained information wouldn't apply, because the leads wouldn't be illegally obtained. There are no legal obstacles to the FBI extracting whatever they can get out of this phone.
[1] A common technique to determine whether the password-derived key is the correct one is to store a secure hash of the derived key alongside the encrypted data. This makes it easy to check whether the derived key is the correct one, but unless the hash is broken to the point of being reversible doesn't provide an attacker with significant information about the key, especially if the hash space is significantly smaller than the keyspace (e.g. 32-bit hash of a 256-bit key). Android device encryption uses this technique to check if your entered password was correct.
Oh I have to hang my head in mourning. It sure is a sad day.
McAfee is now as useful and trustworthy as the product carrying his name.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So why does anyone even give John McAfee an interview anymore, let alone write about the bullshit he spews in those interviews? The man is an endless fountain of bullshit, and his grasp of reality seems tenuous at best these days.
McAfee is just as nutty as Sister Sarah, if not possibly more. Palin just dresses up her stupid craziness in the right anti-media anti-establishment buzzwords so it appeals to the GOP voter base.
Yes, I'm sure that's it. That's not at all a baseless paranoid assertion, no no, YOU are the sane one it's everyone else that's crazy. Right?
Bad operand types for binary operators. First type: string, second type string and integer.
Why isn't he running for president??? He's in the wrong line of work!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
The guy who said he was going to break in via social engineering when the only people who know the passcode are dead was lying? Wow. Never saw that coming.
I think that he did think he knew how to break into an iPhone. But then after his interview, he found out that breaking into a modern mobile device is not the same as breaking into a computer back in the 80s and 90s, so he's just trying to save face.
The Internet King? I wonder if he could provide faster nudity.
Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Why wouldn't it be? Here's a process that should allow any untrustworthy idiot to crack the phone while having no risk of false data:
1) Copy the hard drive, being careful to maintain chain of custody
2) Let random untrustworthy person crack the phone
3) Use decryption key to decrypt copy of hard drive from evidence locker
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
data PublicityStrumpet = Trump | McAfee Integer ... }
instance Fractional PublicityStrumpet where {
Problem solved!
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Nobody believed a word of it ^_^
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
He says he simplified the method so a stupid reporter could understand some of it.
On the newest iPhones (A7 processor and newer), the Secure Enclave enforces the rules. This is a coprocessor chip with code baked in during manufacture and is implicitly trusted. It also has the AES-256 algorithm and key that protects the storage. The key is locked in the silicon with no way to extract it; the chip manufacturer doesn't keep it and Apple never has it. In order to access the encrypted storage, the request must pass through the SE. The class keys that are used are derived from the baked-in key and the passcode. 10 invalid passcode attempts and the chip will erase the encryption keys.
For a much better description, read this: https://www.apple.com/business... starting from page 10.
For the San Bernadino killers' iPhones, they have older iPhones where this is logic part of the iOS software. Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do. Had the murderers been using an iPhone 6 (or maybe even the iPhone 5S) not even Apple would be able to break them. The only options I see there might be physically dissecting the chip and somehow reading the bits from the flash storage in the chip. That's been done on the older, unsophisticated chips like those found in credit cards, but I've never heard of a researcher able to read data from the nanometer-scale chips in use in the Apple CPUs. Maybe the NSA has someone in house who could do that, but we civilians have no way of knowing what goes on in those labs.
John
Why does he even get a mention on /. if everything that comes out of his mouth is suspect?
That problem has existed for as long as it's been possible to bear false witness. It's been such a pervasive problem that it's been codified into laws since we put them to tablet and papyrus. Just because you can *also* do it with the contents of a flash drive doesn't make it anything new.
Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do.
Yes. Except one thing.
Loading a recovery image requires putting the device in *Recovery Mode*, and that's a hardware DFU mode whereby you talk to a small piece of firmware whose only job is to overwrite the Flash contents.
It doesn't load shit into RAM and run it in order to overwrite the flash contents while preserving data: it's a *RECOVERY* mode, not an *UPDATE* mode. It's what you do as a last resort, assuming you backed your crap up to the iCloud, because if you didn't, that shit is *gone*.
To do an *UPDATE* without overwriting the user data portion of the flash contents, you talk to the *ptpd*, which implements the DFU protocol at a higher level, in user space. How do you do that? Well, first, you have to make the ptpd willing to talk to you (or iTunes). How you you do that?
You UNLOCK the frigging phone.
So to load the image that the FBI wants Apple to write for them, and then to load, you'd have to unlock the phone to enable you to unlock the phone.
Cluebat here. Knock knock knock... is that you, head? Yeah, there's two DFU implementations in the iPhone. What? You didn't know that? Well now you do. Yeah. Yeah. We can write the image you want us to write, and then we can load it onto the iPhone, but to do that, it will wipe out the very data you seek. What? No, we can't make monkeys fly out our ass... I think you are confusing us with Jim Carrey in that movie "Bruce Almighty".
People really do not understand technology... especially technology designed to prevent exactly the type of thing the FBI wants done.
Can't they just pull out the hard drive and brute force it?
How much time have you got, because you are talking a 256 bit AES key that uses a UUID in the processor and a GID for the device model and a PIN from the user to generate there... You can fake the GID, but good luck on that whole UUID thing... you left that behind when you pulled the flash chip out of the device that had the processor the UUID lives in.
... the press stopped reporting the shit said by people that have been busted lying publicly.
You can check that the results are correct; that is even better than proving the method you used to get the results are sufficiently accurate or repeatable.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
No. Brute force has limits.
The storage is in Flash RAM, not a hard drive, but they can probably get a copy of the encrypted data. That's not a problem.
What is a problem is that AES-256 has no known weaknesses for this kind of situation. AES-256 in this case means the key is exactly one random number between 0 and 2 to the 256th power (2^256). That's not just a big number, that's a mind-blowingly big number. kIf every molecule in the entire universe was an advanced supercomputer capable of testing a billion billion keys per second, and had been testing every second since the moment of the big bang, you still wouldn't have found the right key yet.
They can brute force the PIN, but only with cooperation of the OS.
John
Cringeley said in his most recent blog post that he trusted McAfee to be able to do this. Seemed a bit foolish at the time ...
How do you prove that the evidence was not altered if the original is destructed?
Testing a DNA sample is also destructive, as are many other forensic tests. The key is that you have a disinterested technician performing the analysis, documenting each step in the process, and later testifying about it. If necessary, you can also keep recordings of the whole process, and subject those to chain-of-custody rules. If you really, really want to be careful, you allow the defense to provide their own expert witness who observes the entire process.
In addition, the process I described specifically does not destroy the original. The flash chips with the original encrypted data are intact, and so is the shaved CPU with visible microfuses. A defense expert can actually reconstruct the extraction and decryption process. There's still the possibility that the bits you read out of the CPU actually weren't the key but some other random thing, which is where those information-theoretic arguments I mentioned come in.
This is actually pretty easy to make ironclad, completely challenge-proof, and the fundamental ideas are no different from those used in any forensic analysis.
The FBI's request relies on there being some as yet undisclosed security flaw which would enable Apple to load the software into memory on the iPhone and execute it from there. Your claim of impossibility relies on there being no security flaw (currently undisclosed, or even currently *unknown*) that would enable such.
The current Jailbreaks for that model and later are *tethered* jailbreaks. This means that the iPone must be *unlocked*.
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
When the CPUs were revised, this *known flaw* in Samsung's verified boot code path in the mask programmed ROM was fixed, which is what necessitated tethered jailbreaks. It was not worth the cost of spinning the chip earlier, given that some phones would have the untethered jailbreak vulnerability, and others would not.
--
I have repeatedly stated that it was "within the realm of possibility" and used "if possible"; I have *NEVER* stated "impossible*, only implied it.
And when challenged to find and disclose such bugs, should they exist, to the FBI, I side with Apple: Fuck. Off.
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
BTW: To do this, you *STILL* had to overwrite the bootloader itself in Flash. And the way that NAND flash works is you reset a block to all 1's (and it has to be the entire block), and then write 0's out where you don't want 1's. So all you have to do is put a TEA sum and the 10 count in the bootloader block, and even with the hardware DFU mode, you've screwed the ability to do an untethered jailbreak, unless they wrote an entire new bootloader. Not that this iPhone model has that flaw in the first place.
Piggers are gonna go all the way this year!