Slashdot Mirror
McAfee Says He Lied About iPhone Hacking Method To Get Public Attention
blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."
Obviously. Move along.
Aside from outright admitting it, what else is new?
He should run for president if he is willing to lie so blatantly. Oh, looks like he already is.
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
A narcissistic jerk lying for attention? What is this world coming to? Next up we'll hear that some useless Hollywood slut has publicly posted nudes to get in the headlines again!
He is trying to get attention by being honest? That's brand new it seems.
No. Shit.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
I'm shocked, shocked to find that gambling is going on McAfee lied here!
And so he really can crack the iPhone's security.
If I can't believe everything John McAfee says, there's no point in living!
Now, if you were *really* going to be a genius at getting in a snarky comment to make yourself seem intelligent, you'd go back in time to the article where his now-disavowed claims were originally covered, and you'd post all about how you know it's a lie from the outset, rather than boost yourself up in hindsight.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Mc-Afee not MAC-A-fee
That iPhone might be infected with the Michelangelo virus.
Your dog wants steak.
He is trying to get attention by being honest? That's brand new it seems.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
Jumpstart the tartan drive.
Aside from outright admitting it, what else is new?
At least he didn't kill anyone this time.
We hope
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Congratulations! Here is your prize: A big, shiny trophy
he's trying to bring attention to the issue, that the FBI is trying to fool everyone into thinking they cannot crack an iphone.
“That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
“So I come up with something sensational,” he continued. “Now, what I did not lie about was my ability to crack the iPhone." ...
Later in the interview, McAfee described his method, which involves “decapping” the phone’s processor and acquiring the device’s unique identifier (UID), that may allow someone to brute force the phone’s password
he's not wrong either. a grad student explained this in a blog post from October 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency)
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
Anons need not reply. Questions end with a question mark.
Maybe he's got the FBI job, and the first order of business is to discredit the possibility of being able to hack into an iPhone.
/. community is of the 'fact' that he was indeed lying.
I am surprised by how accepting the
On a less factious note: In the days when iPhones had exploitable boot loaders, one could boot a version IOS in RAM, that let you brute force the PIN as long as you wanted to without wiping the phone. On iPhone 4 it took about 29 minutes to try all 4-digit combinations from 0000 to 9999. (The default PIN length at the time)
The only two things stopping you today from still doing this is: 1) the lack of a known vulnerability in the boot loader, thus requiring your "Special IOS" to be signed by Apple; and 2) changes to the H/W crypto chip in new models that force longer and longer time outs before you can try another PIN.
Although retries get longer, I don't think there is any limit set, in hardware, on how many retries you can have (yet); that's still handled by IOS.
He's in good company, as it's quite obvious the FBI is also lying about this being only "about one phone", "cyber pathogens" (whatever that is...), and has even admitted that there is probably nothing of use on the phone. They claim it's only for this one phone, but the FBI also claimed they never surveilled Martin Luther King Jr either until Congress drug it out of them almost 10 years later. This court order is only for this one phone, but there is no assurance that there won't be multiple "writs" after this, from the FBI and every other law enforcement agency in the US. The shooters made a point to destroy their personal phones; if there was anything on this phone it too would have been destroyed.
Apple's only way out is to change their system so that what the FBI is asking for is impossible from here forward.
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Cite?
I see absolutely no reason that disassembling the hardware breaks the chain of evidence. Said disassembly just has to be done by experts who will testify to the steps they used to extract the data and that the device was not out of their control. The NSA might not want to testify to the means used, I suppose, but I don't see why not because this is a really straightforward process. It requires specialized skills and tools, but nothing not present in many university research labs.
1. Remove the flash chips and connect them to a controller to copy the contents (which are encrypted).
2. Remove the CPU, and shave off the cladding to expose the silicon wafer inside.
3. Shave layers of silicon off to expose the non-volatile storage containing the key (likely micro fuses, which are relatively large compared to other features).
4. Use an electron microscope to read out the key bits.
5. Combine all possible passwords with the key bits in the manner done by Apple's software to produce all possible candidate encryption keys.
6. Perform trial decryptions of the data obtained in step 1 with all of the keys to see which one works. Or Apple may have another mechanism to determine if the key is correct[1].
There's nothing here that requires secret knowledge, and nothing that would somehow break the chain of custody. Before you can do this on the target phone you need to do it on a few others so you can identify the location of the key in the silicon. After you're done, you may also need to make some information theoretic arguments about the possibility that you screwed up and found something that wasn't the key but still produced plaintext that looked like actual data. Those are very easy.
So, no, this isn't about chain of evidence. For that matter, it's unlikely that any data on the device would ever be used to prosecute anyone anyway. The (purported) goal here is to get leads that may identify other conspirators, and if that were to happen it would almost certainly be other evidence, found as a result of following those leads, that would be used to prosecute the other conspirators. The "fruit of the poisoned tree" issue that comes up with illegally obtained information wouldn't apply, because the leads wouldn't be illegally obtained. There are no legal obstacles to the FBI extracting whatever they can get out of this phone.
[1] A common technique to determine whether the password-derived key is the correct one is to store a secure hash of the derived key alongside the encrypted data. This makes it easy to check whether the derived key is the correct one, but unless the hash is broken to the point of being reversible doesn't provide an attacker with significant information about the key, especially if the hash space is significantly smaller than the keyspace (e.g. 32-bit hash of a 256-bit key). Android device encryption uses this technique to check if your entered password was correct.
data PublicityStrumpet = Trump | McAfee Integer ... }
instance Fractional PublicityStrumpet where {
Problem solved!
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
On the newest iPhones (A7 processor and newer), the Secure Enclave enforces the rules. This is a coprocessor chip with code baked in during manufacture and is implicitly trusted. It also has the AES-256 algorithm and key that protects the storage. The key is locked in the silicon with no way to extract it; the chip manufacturer doesn't keep it and Apple never has it. In order to access the encrypted storage, the request must pass through the SE. The class keys that are used are derived from the baked-in key and the passcode. 10 invalid passcode attempts and the chip will erase the encryption keys.
For a much better description, read this: https://www.apple.com/business... starting from page 10.
For the San Bernadino killers' iPhones, they have older iPhones where this is logic part of the iOS software. Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do. Had the murderers been using an iPhone 6 (or maybe even the iPhone 5S) not even Apple would be able to break them. The only options I see there might be physically dissecting the chip and somehow reading the bits from the flash storage in the chip. That's been done on the older, unsophisticated chips like those found in credit cards, but I've never heard of a researcher able to read data from the nanometer-scale chips in use in the Apple CPUs. Maybe the NSA has someone in house who could do that, but we civilians have no way of knowing what goes on in those labs.
John
Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do.
Yes. Except one thing.
Loading a recovery image requires putting the device in *Recovery Mode*, and that's a hardware DFU mode whereby you talk to a small piece of firmware whose only job is to overwrite the Flash contents.
It doesn't load shit into RAM and run it in order to overwrite the flash contents while preserving data: it's a *RECOVERY* mode, not an *UPDATE* mode. It's what you do as a last resort, assuming you backed your crap up to the iCloud, because if you didn't, that shit is *gone*.
To do an *UPDATE* without overwriting the user data portion of the flash contents, you talk to the *ptpd*, which implements the DFU protocol at a higher level, in user space. How do you do that? Well, first, you have to make the ptpd willing to talk to you (or iTunes). How you you do that?
You UNLOCK the frigging phone.
So to load the image that the FBI wants Apple to write for them, and then to load, you'd have to unlock the phone to enable you to unlock the phone.
Cluebat here. Knock knock knock... is that you, head? Yeah, there's two DFU implementations in the iPhone. What? You didn't know that? Well now you do. Yeah. Yeah. We can write the image you want us to write, and then we can load it onto the iPhone, but to do that, it will wipe out the very data you seek. What? No, we can't make monkeys fly out our ass... I think you are confusing us with Jim Carrey in that movie "Bruce Almighty".
People really do not understand technology... especially technology designed to prevent exactly the type of thing the FBI wants done.
No. Brute force has limits.
The storage is in Flash RAM, not a hard drive, but they can probably get a copy of the encrypted data. That's not a problem.
What is a problem is that AES-256 has no known weaknesses for this kind of situation. AES-256 in this case means the key is exactly one random number between 0 and 2 to the 256th power (2^256). That's not just a big number, that's a mind-blowingly big number. kIf every molecule in the entire universe was an advanced supercomputer capable of testing a billion billion keys per second, and had been testing every second since the moment of the big bang, you still wouldn't have found the right key yet.
They can brute force the PIN, but only with cooperation of the OS.
John