Slashdot Mirror
Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit' (theguardian.com)
An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.
yeah, that.
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
if the NSA Has the resources, then his statement, that the FBI's statement that " Apple has the 'exclusive technical means' to unlock the phone" is false, is valid. Because if the NSA can unlock it, then apple does not have the "exclusive technical means". The NSA can, and thus the FBI can ask the NSA to do just that.
If Apple can write code and copy it up to the phone, then the capabilities for doing so already exist. So why doesn't the FBI do the work themselves? I'm sure Apple would be willing to help with the electronic part - that's just specs. I think there is more at play here than whether Apple can or can't....
Maybe the FBI doesn't have the same resources as the NSA. Snowden's opinion on this is beyond irrelevant, his 15 minutes of fame ended a long time ago.
15 minutes of fame is what validates or evaporates someone who has worked within these very intelligence circles?
Boy, it sure is a good thing we never pay ex-Presidents millions of dollars to come speak in public. God knows Clinton's 15 minutes of cum-stained fame ended long ago.
The only thing that expired here is your sense of logic.
I side with Apple, really don't want my hardware crippled so the government can root through my phone at will, but how would he know? iPhone 5c launched months after he defected.
We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.
The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.
Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
I was kind of thinking the same thing.
I am glad that he did what he did. I would go so far as to say he is a hero.
However, he does seem to love the limelight a bit too much.
My eyes reflect the stars and a smile lights up my face.
Assuming the FBI is privy to the NSA's capabilities.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
I think he and McAfee have been sharing notes
With all due respect to both Snowden and the FBI
I trust neither of you, and neither one of you can prove that Apple is indeed the only organization that can do this.
FBI says that Apple is the only organization that can do this, and that is BS if only because if they CAN actually do it, then that means someone in Apple can, which means it's knowledge that can be transferred (either by firing that person, or having them talk to someone outside of Apple).
Snowden's claim that others beside Apple can do it is also BS because if they CAN actually do it doesn't imply that they have SHARED that knowledge outside of Apple (in all likelyhood, they have not)
In either case, neither claims goes anywhere near whether or not apple CAN actually do it.
So the FBI and Snowden are both talking out of their asses and should sit down and shut up.
More likely the NSA is privy to the FBI's capabilities.
Because an apple iphone can be unlocked through hardware hack in very short time (below 24 hours) by subverting the blocking mechanism. If you are in physical possession of the device it's easily done. If some third world arabs can do it, I have no doubt NSA, FBI or any other can do it.
Because an apple iphone can be unlocked through hardware hack in very short time (below 24 hours) by subverting the blocking mechanism. If you are in physical possession of the device it's easily done. If some third world arabs can do it, I have no doubt NSA, FBI or any other can do it. The reason FBI i asking for this "service" is because they want a precedent for some reason. Whatever it is they want to weaken other systems that are not as easily circumvented.
It's entirely plausible to me that Apple built something the FBI can't get into using their existing tools and techniques and Snowden has produced no evidence to the contrary. Don't make shit up.
Naturally his fans are obligated to defend this now and build a fictional world view around it, condemning anyone that fails to accept their bullshit... It's all enough to make you hope for a large bolide impact.
Maw! Fire up the karma burner!
I don't know about McAfee, but do you really think Snowden is not getting additional information leaked to him over time?
He's not hiding behind Putin's skirts. He's doing his best to survive getting disappeared by the current regime of the US. Perhaps upon the next regime change he might decide he'd have enough of a chance elsewhere to leave. Doubt it. Nothing fans the flame of nationalism like stringing up a "traitor".
Did the FBI really say " Apple has the 'exclusive technical means' to unlock the phone"? Or are those Snowden's words?
Of course that's not true even if the FBI did say it; given unlimited time and money there are any number of governments and non-government organizations that could eventually break into it. But given the real world constraints of time and risk of trashing the device, the request to have Apple's assistance is still reasonable. And of course Apple has to put up a show of pretending to resist in order to keep their fanboys happy.
The linked ACLU article has some very large inaccuracies. While the "file system key" is indeed stored in "effaceable storage" and can be read out, it does no good. The key itself is encrypted with device specific data. Please see: http://www.darthnull.org/2014/... (this is for iOS 8, but similar to 9). Getting the encrypted key is fairly useless as only that specific cpu can decrypt it.
If it had not been for Snowden, that iPhone and all other iPhones as well as other digital hardware would still not be encrypted properly. It is the inappropriate governmental data vacuuming that started this whole super strong encryption movement.
A sufficiently advanced simulation is indistinguishable from reality.
For a guy that wants to go back to the US even if it means he might spend a little time in jail when he gets there, he's not really doing himself any favors by calling out the FBI and USDOJ and calling them liars.
"Snowden fanboys are amazingly blind"
So are 99% of americans and their glorious oligarchic government.
Testing theories of representative government
Testing theories of american government
I don't know about McAfee, but do you really think Snowden is not getting additional information leaked to him over time?
WHOOOOSH....
the sound of the joke flying over your head - FYI, neither has given any justification for his claim so neither's statement is worth much
Snowden fanboys are amazingly blind to the irony that someone hiding behind Vladimir Putin's skirts is lecturing people on how to run a successful democracy (ignoring the fact that we've never had a democracy).
Wrong.
The trick here is that the US is so fucking far gone from a democracy that the people who want to speak out against it have to flee to Russia in order to be safe.
Also, you're using "irony" incorrectly.
SexConker posting AC to preserve moderation.
who better than A MEMBER OF THAT CLUB to speak out?
Snowden was in the FBI? That's news to me...
You do not have a moral or legal right to do absolutely anything you want.
I think perhaps it is you, sir, who have missed the point. McAfee admitted he was just trolling for attention when he said he could unlock the phone in question. Snowden's credentials as a source of information are indisputable at least as regards his first pilfered download. It is entirely plausible that others of similar access and philosophy may be finding a means to funnel incremental information to him for release. Not certain by any means, but not impossible.
given unlimited time and money
No, the device would wipe itself after a few tries.
Ok, where is this additional information? Snowden is known because he revealed things. Where's the beef? If you are going to claim he's got the goods on the FBI et al. then I have to ask why is he withholding it.
Your turn; go ahead and make up some reason why he can't share this hypothetical additional information. One bullshit brick stacked upon another...
It depends. What's Trumps stance on Snowden?
I expect they have some reason to keep the device physically intact.
Most techs worth their salt will just remove the storage mount it to a computer make copies. And break into the data with brute force.
But what the FBI is asking for is to get in without the running OS clear itself.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
SexConker posting AC to preserve moderation.
So you admit AC has a value.
So McAfee made claims about the government's abilities, which he later admitted were done solely to get publicity since he is fading from the public's sight. He is an attention hound. Now we have another person slowly fading from the public's sight making a claim about the government's ability regarding a device that didn't exist until after he lost access to any special information. He has offered no reason to believe him other than due to who he is, just like McAfee. He is also trying to appear as often as he can, though such offers are rapidly decreasing, and he has shown signs of being an attention hound also. It is as plausible that he has a source feeding him as it was that McAfee did, and we know where that went. To me, his claim appears to be an opinion that was either incorrectly phrased as a known fact, or has been incorrectly reported as such probably by people with an agenda. Similarly, the Snowden's credentials are debatable given how he has admitted to taking the position with the contractor to do exactly what he did, namely to compromise the information for an agenda of harming the government, then twisted information that he released to make him seem more honorable in how he did it. If you don't know about these issues, I suggest you read more than just the pro-Snowden fanboy sites. When you remove the blinders, there isn't a lot of difference between Snowden's claim and McAfee's claim, other than one has now admitted it was a publicity stunt.
Snowden for President someday. Fucking A right!?
Basically the FBI and Apple are engaged in an elaborate PR stunt. Integrity Theatre,
- The FBI/State is trying to convince the public that it doesn't have access to their precious iDink gadgets and the bonanza of private papers within.
- Apple is trying to convince the public that it actually gives a dam about user privacy, let alone enough to resist tarnishing its relationship with the US state or indeed any other over the matter.
And lest we forget
- Users are trying to convince themselves and everyone else that the files on their phones and tablets -- and even for some poor fools, the cloud -- are anything other than open to public display towards Apple, the US Government, and any marketing/research/political organisation which pays for access to those files, now or at any future date.
Snowden is right. This is all bullshit. The war is over and we have lost. The Internet is a panopticon, and every device we have is a listening node. If you want privacy, write on a notepad, and buy a safe.
Do you believe:
(1) The FBI (and friends) can hack all popular devices, but they want us to believe they can't.
(2) The FBI is using a politically convenient case to effectively outlaw encryption for regular citizens.
(3) When encryption is outlawed, only outlaws will have encryption--by circular definition.
(4) If you haven't done anything wrong, then of course there's no harm if the FBI knows EVERYTHING about you!
(5) All of the above.
Don't look at me. I'm so paranoid that I think Snowden is sincere and was deliberately picked to release exactly the information that the NSA (and friends) wanted us to see. If their psychological profiling didn't spot him many years ago, then we might as well surrender now, Dorothy.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
or bernie's
Apple can do it now, but the FBI can't do it, yet, however enough time and money would change that.
If you listen to just Snowden you will not learn the whole truth because he does filter the facts available to him in order to paint a picture that suits his political views, because he is an activist, and nobody should be surprised by that because all activists and lobbyists behave that way.
So he must be right.
The NSA may already have the information on the cellphone, from when it was sniffed as it passed over the interwebs.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
Nothing.
He's been hiding in Russia for longer than the iPhone 5c had existed. Nothing he leaked or had access to could possibly prove the FBI or any other government agency can unlock a phone that didn't not yet exist.
Well, Snowden's statement is bullshit. The firmware code is signed and without the private key to sign the firmware, it won't run on the iPhone even if you can perfectly write another one. Unless he means the FBI is having Apple's signing private key. If he believes so, he should prove it.
Achille Talon
Hop!
He needs to stay in the limelight before Obama OKs the launching of the Hellfire missile with his name on it. There's a reason he needs to remain publicly visible: the instant it becomes viable, he's going to vanish courtesy the Obama administration.
So much this.
And now the FBI and NSA are acting like WTBs because they they want their cheats back.
I can see the fnords!
Actually, even if the key was wiped due to too many wrong passwords, the data is still there. While it would be even longer, the data would be retrievable.
Brute forcing the key would take longer, but is still possible. There would be recognizable elements (like an executable or video data) or file system elements (sector markers?) That would let you know you stumbled on it.
That has nothing to do with the (in)validity of his points.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
These days it's hard to tell where one stops and the other begins...the phrase "functional overlap" comes to mind.
Just cruising through this digital world at 33 1/3 rpm...
The government has a very long history that shows that they are no more credible than Snowden. The entire kabuki is to convince the public that encryption is an evil tool of terrorists, and it's working.
“He’s not deformed, he’s just drunk!”
The iPhone 6 came out a year and a half after Snowden took off with the NSA docs.
I have often said how much I appreciate Snowden's sacrifice and gifts to us. I find him, while a bit sleazy, to be a greater patriot than most of the folks I know - and I served eight years in the Marines. That's saying something - I think.
So, I've gotta ask...
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
"So long and thanks for all the fish."
So are 99% of americans and their glorious oligarchic government.
Actually it's about 98.4%, according to the last election results.
“He’s not deformed, he’s just drunk!”
Bernie's first day in office, he'll pardon Snowden.
The second part of your first statement is wrong. Though he obviously doesn't give a shit, once you hold a clearance, you are obligated to protect any classified information you had access/know about until you die. I was a member of "THAT CLUB" until fairly recently, and I have a nifty little 3-fold glossy brochure summarizing my lifetime obligations.
I wouldn't trust Snowden about anything. He was a low-on-the-totem-pole guy who really didn't need to know much of anything to do what he did. He's certainly no expert on this matter.
Will that help?
(Note that Microsoft has already been forced to give its source code to the Russian security services, and it seems likely that Apple has succumbed to similar pressures.)
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
Not disputing what you are saying, but:
iPhone 5c came out in Sept, 2013
Snowden was already getting in trouble in Jan 2014, and was probably out of the loop already (not getting new information) before that.
If Snowden "knows" stuff about the 5c, it's generalized and non specific unless it was cracked out of the box before it was released.
That leaves me skeptical Snowden knows what he thinks he knows.
This whole exercise is goofy, there's probably no data they need on THAT phone anyway, and anybody they are going to chase down is already aware that might out them and done what they are going to do about it. There was reasonably successful attempts to destroy data on other devices, why leave this one out? It's was probably wiped before the attack even happened.
Cracking THAT phone doesn't do anything but set the stage for OTHER cracks of still in use phones.
Assuming the FBI is privy to the NSA's capabilities.
No problem, just subcontract it via China since they will be privy to the NSA's capabilities.
Did you people really think a private contractor in Hawaii was likely to be the only leak from that bunch of toy soldiers?
A snag is that the FBI does not want to ask, and the NSA does not want to answer. Yes, there is supposed to be cooperative sharing between security related government agencies. However the NSA does not want to give out its best secrets to a law enforcement agency. It's much like Apple in that regard in that if it helps out the FBI just once then it'll open the door for continued requests from the FBI or DOJ in the future. The bar to do this helping from the NSA has to necessarily be set pretty high and involve actual national security issues, not merely a fishing expedition with the slim hope that there's some data on the phone. If the FBI had evidence that there was indeed data of value on the phone and that it involved an ongoing terrorism related investigation, then the NSA might help. The NSA is in the business of national security, whereas the FBI is in the business of making arrests. The NSA is highly jealous of its own knowledge, capabilities, and jurisdiction.
So Snowden is probably right with regards to the NSA which he does know something about, but he's possibly wrong about the FBI and he was little to no knowledge of the FBI internal capabilities. I suspect he's assuming a high degree of sharing between the agencies.
[Citation Needed]
This is domestic terrorism, there is slight evidence that there was any foreign involvement or planning. The FBI needs to make the case that there is a need for cooperation. With this phone however there is not very much probable cause to assume there is any evidence of value on that phone. The FBI wishes such data exists of course, which would allow them to open up *new* investigations only, but their real motivation is not in finding any foreign mastermind of the shootings but instead they want to crack open that door with Apple to enable relatively mundane phone cracking in the future for low level cases (drug crimes, financial crimes, etc).
The FBI *claims* it's a one time only request and we should accept their word on this, except that their word has proven to be unreliable in the past and they certainly can not make this one-time-only pinkie promise on behalf of the entire US goverment or all governments around the world. Once Apple caves in then we already know there is a New York DA highly interested in getting Apple's help fishing through a few buckets full of phones. The courts rely on precedence and this would set a very large precedent for future requests.
Apple is correct in taking this case all the way to the supreme court if they have to. It is their right to do so, and they are in no way unpatriotic for asserting their rights.
"The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit."
Browse the various presentations given by hardware security researchers on the topic of bypassing security systems that are more or less exactly like the one in the shooter's iPhone. You'll discover that there are many ways to get the data from the phone that do not require Apple's help at all.
The problem is that none of those ways set a helpful precedent for the US government, so it chooses not to use them. The FBI needs to do what the NSA did in the 1990's: get smarter and more tech-savvy. This is Crypto Wars, Round Two.
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only. The fact that both agencies have been trying to expand their reach so that there is functional overlap is evidence that the two agencies are not sharing their secrets with each other so readily.
This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey. We know who the shooters were. We know who they called and when, from both the work phone in question and the other phones that were actively used by the shooters. The case is essentially closed, and would be closed if it weren't for politics. The NSA is not going to open its kimono wide to the FBI for a simple case like this one. Cooperation or no, the need to know process is still in effect.
1-There have been credible claims they could take the IC apart and extract the pin code directly. 2-It is likely that the NSA would benefit greatly from having Apple's signing code, so we should assume they already have it. Now since this is a Terrorist! case the FBI should expect NSA cooperation in the matter.
Because people will listen to him, because he's Snowden.
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip and you've got as many goes as you need, which with a four digit PIN chosen by humans isn't that many. But even though you can point this out the relevant details in Apple's documentation, people just refuse to believe that the government can get into an iPhone without Apple's help.
That actually kinds of mystifies me. Why would anyone believe that a government that (in part at least) created Stuxnet would be stymied by an iPhone? Whatever the reason, Snowden's imprimatur seems to help them get over it.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The government is actually asking, naively, "if you've got nothing to hide, why are you hiding it?" Because the use of encryption appears to be so rare at the moment it makes a lot of citizens wonder what's up with those people who actually do use encryption.
So the more people who use encryption the better as it will start to seem mundane and common place instead of setting off mental alarms in the people willing to tear up the constitution if only they can be spared the horrors from people who hate our freedom.
Has he actually promised that, or are you just imagining that he would?
The FBI and NSA are redundant overhead at the taxpayers expense. There may have been a day when having both agencies made sense, but these days both of their primary functions is to spy on their own people. Let's stop pretending otherwise.
This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey.
Gentlemen, behold!
I don't think Snowden is the be all to end all when it comes to security.
Trump's first day in office he'll build a wall along the Atlantic and Snowden will have trouble climbing over it.
Putin is a Real Man and does not wear skirts. Or shirts. Nobody hides behind Putin. Except Medyedev.
iPhone 5c came out in Sept, 2013
Snowden was already getting in trouble in Jan 2014, and was probably out of the loop already (not getting new information) before that.
Snowden flew the coop in May 20, 2013. (So, months before this iPhone came out.)
I'm always fascinated by the psychology of people who post things like this without bothering to do simple verification. Do you believe you're infallible, or is the two seconds it would've taken to look up Snowden on Wikipedia to avoid contributing to the already-very-high levels of misinformation surrounding a contentious topic like this just too much work for you?
You are confusing the NSA with the CIA. The CIA has generally dealt with foreign affairs while the FBI handled local affairs.
To the tune of My Country 'Tis Of Thee:
My Own Plutocracy,
Sweet Oligocracy,
Of thee I sing.
Land where my money's spent
On those who who represent,
Each child and innocent,
I would be king!
The ACLU's site explains it quite well. It has nothing to do with the firmware, it's the idea of copying the Toshiba NAND chip first. Install a test socket onto the board, then start running the password attempts. Get locked out, or the chip erased, pop another NAND chip in with the same image written on it. Repeat until you get in. This would probably take a long time, copying and swapping a chip for every ten attempts. But a process that is annoying is still a long ways from a process that is technically "impossible" as the FBI is claiming.
Most people in the US use encryption, they just don't realize it. Anyone who's ever checked their bank account online has used encryption.
I had to explain that yesterday to some people...McAfee wasn't "lying", he was "trolling" as in poking fun at the FBI.
He's still more credible than you are.
The bank is using and controlling the encryption, not the customer. And the government will never have to ask them twice to turn everything over to them. The problem (to the government) is when the customer controls the encryption and is willing to protect his own rights.
“He’s not deformed, he’s just drunk!”
No more needs to be said.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Well... Firmware signature enforcement is a chipset feature. Getting Qualcomm to ignore the firmware signature wouldn't be that hard. The question is: can the encryption key secured by the OS refusing to boot be transplanted between devices?
The government method for cracking a piece of storage evidence is straight forward. Rule 1. Clone your storage device on the bit level. The FBI and NSA would've done this and this alone circumvents the number of failed pin attempts to get into the iPhone. At that point, they could just set up the storage image with an iPhone simulator or numerous devices and script as many pin attempts as they wish.
What makes folks think he's privy to this information or knows their full capacity?
While he's far from the first to voice public dissent against the NSA and their supposed capabilities, he's the only one so far they've ever publicly decried and gone through such lengths to capture and silence. The effort level of their response alone tends to strongly validate his claims.
What makes everyone believe he's telling us this of his own volition?
I don't think there's any question at least that he feels his hand was forced. I also think that even if he were being forced to say all this by the Russian government, that doesn't necessarily invalidate the content of his statements. At this point, the Russians are probably much happier and it is much more productive for them to be spreading truth about the NSA rather than falsehoods.
How is he an authority on this particular issue, it seems likely to be beyond his scope?
It was beyond his job scope as a contractor at the NSA, however his own claim about this is that his personal investigation into their poor office network security practices and subsequent hushing from his superiors when he tried to voice legitimate, lawful concerns about this lead him down a path of discovery in which uncovered apparently the vast bulk of the data of their surveillance capabilities within the country as well as abroad, all of which also was kept secret because it was completely illegal. At this point apparently he decided to turn vigilante, and again like above, the NSA's own response in action largely validates the truth of his claims to knowledge of their secrets.
This is all fairly common public knowledge by now. Perhaps you've got him confused with Bradly Manning or Julian Assange?
Sadly, the phrase 'functional' doesn't come to mind at all when these two agencies (well, pretty much all federal agencies that are involved in enforcement/intelligence) are brought up in the context of cooperation.
If he is right, it means the FBI is a corrupt anti-USian entity that is deliberately lying to the USAian populace and the court system to force a company to damage the security of their own product. If he is wrong, it means the FBI is totally incompetent.
I in now way support Snowden. But in this one limited instance he might be correct.
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
What are the odds that the NSA doesn't have some high-ranking Apple employees on their payroll? Just how secure is Apple's signing key?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
The firmware and the encrypted disk volume are two separate components that can be decoupled. That's why the FBI's claims are bogus. You don't need a custom version of Windows to attack a Bitlocker encrypted volume. It's nonsense.
The ACLU misses one point:
The FBI does not know if the erase feature is enabled. The court should force them to run through the desoldering routine at least once to figure out if maybe they don't even need Apple to disable this feature.
That they didn't try, that they go to court without being sure, tells the whole story. If this were about breaking into the phone, they would have tried this, in the time that has passed with court cases they would already be sure if they need Apple at all or not, and if it turns out that not, they probably would have already broken into the phone.
ACLU is right, but they still miss just how malicious the FBI is.
Assorted stuff I do sometimes: Lemuria.org
Most people also reuse stupid passwords like pass12345, so what's your point?
Should we haul in anyone that uses multiple passwords longer than 8 characters?
Because by your logic they must be hiding something? What about people that have locks on their front doors? Or blinds on their windows?
Terrorist all of them!!
Are you that clueless that you think exposing sensitive data to the world is speaking out?
I think that Snowden in general did the right thing but realize that what he did is equivalent to espionage.
I don't see the parent mentioning the FBI.
That misdirection is all on you, and you get a D+ for effort.
The NSA knows the capabilities of the FBI, because they spy on everyone.
He also knew that the "Club's" internal security policies were laughable and was able to bypass them...
If he was such a low ranking person, with no valuable information, why has the US gov persued him to such an extent?
No, you're wrong. The NSA is a DoD office and *in theory* bound by posse comitatus and cannot be used for domestic purposes. The head of the NSA is always a commissioned general officer.
Scruting the inscrutable for over 50 years.
How about... look up the chips spec, copy the chip data... build virtualized chip device, hook it up in phone... and youll have bruteforcing without slow physical swap the chip every 10attempts.
Lies! Terrorists come from the People's Islamic Republic of Terrorstan where all the muslims live and if we'd just stop being put off by Freedom-hating week-kneed traitor Liberals, go in and nuke the entire country of Terrorstan into radioactive slag, the world would instantly become peaceful and prosperous.
Stop giving the traitor airtime.
Maybe this is capitalism at work here. The FBI and NSA need competition. Mayhaps they compete with each other, to the detriment of everyone. Who needs foreign competition when you can waste so much money battling each other.
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
We can read.
This isn't really coming from Snowden, he just happened to be a high profile person who tweeted about it. His statement is based on legal filings by the ACLU and others who point out methods that the FBI could use to crack the PIN code on their own.
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers. The link is right in the summary.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I don't dispute what you say other than post 9-11, there is supposed to be cooperation among the various law enforcement agencies and intelligence agencies whether the terrorism is domestic or not. Whether Apple is right or wrong or there is evidence on the phone or not, does not change that.
Now if you want to delve into conspiracy theories, some say the NSA can already get into the phone, maybe even has gotten into the phone, but the FBI needs Apple to do it because 1) the NSA doesn't want it known they can do this and 2) if there was incriminating data, it would be inadmissible because there wasn't a warrant.
Like I said, that is all conspiracy theory stuff. It could be 100% accurate, 0% accurate or somewhere in between. This part, though, I believe -- If the government doesn't get their way on this case, it won't be long until there is legislation banning encryption for the sake of national security. I think that is their long game.
Isn't that restriction only for their surveillance operations? If the FBI would contract NSA with breaking the phone then would this still be disallowed?
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Just another day in Paradise
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only.
That's how it was back in the 70s, but this is no longer true, and hasn't been for decades.
This is also a domestic terrorism case with no evidence that there is any foreign involvement...
Unless you're part of the investigating team, you're comment is complete conjecture. You don't know what evidence they have.
Just another day in Paradise
Posse comitatus was a Congressional act, and you can see in the text below "except in cases..." Congress also passed some other acts...FISA and Patriot come to mind...that have changed the rules. So, the "theory" has been OBE for a while.
Whoever, except in cases and under circumstances expressly authorized by the Constitution or Act of Congress, willfully uses any part of the Army or the Air Force as a posse comitatus or otherwise to execute the laws shall be fined under this title or imprisoned not more than two years, or both.
Just another day in Paradise
You're speaking out of your anus. There's little to no overlap, and I defy you to show evidence to the contrary.
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
Then "everyone else" would be wrong in this case. The "secure enclave" was introduced in Apple's A7 processor. The phone in question is an iPhone 5c which has an A6 processor. There is no crypto coprocessor to store anything in. The Apple docs even describe the process used to erase the keys in question from flash.
Now as for the iPhone 5S and later, there's no question they're tougher to hack -- that's the whole point of the new hardware features. But I still wouldn't put absolute faith in the inability of the new features to keep the government out if they had physical access to your phone.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
No, I just read the documentation.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Just another day in Paradise
Sure, if you want to be pedantic. Statistically, by the time you actually cracked it, the human race will have either abandoned Earth due to an expanding sun, or have gone extinct. Unless you get triple-Powerball-winner lucky.
For all purposes of reality, only Apple is getting that thing open unless the NSA has undisclosed methods, and they sure as shit won't disclose them for this chickenshit useless case. The only reason the FBI is going through all this is because they want to have the legal precedent to crowbar anyone's phone open, from any manufacturer, with any warrant or writ from a judge.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
And the legal standard for that is "too fucking bad."
If I bury a box in a forest with my diary in it, and then they want to peek at it after I'm dead, too fucking bad. Same situation.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
You forgot:
"Why do people think that Edward Snowden knows more about iPhone encryption and security than the manufacturer of the iPhone, and the software engineers who wrote the OS?"
Apple has been working with the FBI since day one on this thing. If there was a way in that didn't involve a custom OS image that weakens the security, they would have done it. Apple drew a line, and the FBI is using a Federal Magistrate to challenge that line.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I'd say it's 50/50 if they pay them or just use blackmail.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Replace "supposed to cooperate" with "legally required to cooperate." I don't believe there was any such law at the time that the Enigma was developed or in use. Of particular importance is that congress passed the law requiring cooperation in terrorism cases specifically because the lack of cooperation is what led to the 9-11 attack.
"Just how secure is Apple's signing key?"
Not secure enough that one can't bypass it within 10,000 guesses of the PIN.
Seriously, I could easily have this phone unlocked within a day. This court case is bullshit. Anyone with any technical chops knows it.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Legally required to cooperate doesn't imply that they have to give up national secrets in order to do so, and I'm sure Congress didn't imply that they would need to.
Just another day in Paradise
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers.
Except that wouldn't work. The thing that wipes is not the data but the key. The key is kept in Apple's equivalent of a TPM chip, so cannot be retrieved or replaced after the wipe.
http://searchmobilecomputing.t...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Really? Prove it. It seems there are many people speculating about how easy it would be that don't seem to understand how the encryption works. When the phone wipes, it doesn't wipe the flash, but the encryption key that is inside of a hardened chip. It isn't something that you can just retrieve and replace. So, since you KNOW how to do this, you should offer your services to the FBI, I am sure they would pay you very well to demonstrate the ability on a dummy phone.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
When the encryption key is stored in a TPM chip, yes you do.
When the TPM erases the key after X failed attempts, you don't just get to replace the disk with a bit level image, as the encryption key is what is missing, not the data.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
"Now if you want to delve into conspiracy theories ... Like I said, that is all conspiracy theory stuff"
Fade out music.
People do conspire all the time, nothing special about it.
but the encryption key that is inside of a hardened chip.
Why do you keep saying this when it has been *repeatedly* pointed out that this model of iPhone does *not* have the A7 (or later) chip with the secure enclave?
If your argument is that they don't have to follow the law directed specifically at them stating they are required to share information and resources in cases of terrorism, well there is really no point in discussing the issue further.
https://www.reddit.com/r/theyd...
Good luck breaking into the encryption...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Your talking about more recent models, they have a 5C
"The FBI does not know if the erase feature is enabled"
Doesn't matter. If on the 10th try nothing is erased continue testing PINs. If after 10 tries it erases the key then swap in a backup of the chip and continue testing PINs.
Because it is what I am reading in technical articles on the subject:
http://searchmobilecomputing.t...
Please, correct me with some citations to information about how it works.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
If Snowden knows that the FBI claim is bullshit, why doesn't he explains how it is supposed to work or at least give us an idea. It is not like he really cares about disclosing classified information...
Well, the FBI or NSA can probably infiltrate Apple and attempt to steal the key or infect the firmware from the inside but I won't complain if they decide not to do it like this.
I would note there were /. commenters that provided this exact mechanism for the FBI to get the phone data on the day this story broke. Well done, folks, this site is still relevant.
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
Have you perhaps heard the term, “jailbreak”? That would be running unsigned code on an iPhone. There are no publically known bootloader-level jailbreaks for the iPhone 5c/s & later. NSA or another TLA could still have a very top secret exploit that allows them to run whatever they want.
If the bootloader is 100% secure, then yes, you need Apple’s keys. Find an exploit in the bootloader (or in any code that you can access on a locked phone), and odds are pretty good you can load what you want and unlock it without Apple. Anyone who has such an exploit is going to treat it like the Allies treated the fact Enigma was broken during WW2. As soon as the existance & method of the attack is known to Apple, they can patch it in their next device, closing that avenue of access.
FBI realistically doesn’t care what’s on the phone. They just want to legally strong-arm Apple into unlocking any phone they want without having to spill the beans about their (possible) exploit. Using this phone seemed like a good test case (cause ter’ists!!!), though some of the details that have emerged about the incompetence of how the phone was treated has made it a bit less of an ideal case.
But that’s actually another case where encryption technology is being perfected to destroy the ability to give in to legal demands. If you use TLS with perfect forward secrecy correctly enabled, you wouldn’t be able to turn over anything to LEO that would allow them to decrypt captured traffic. Without the ephemeral data from the initial session initiation on both sides of the negotiation, you can’t decrypt.
Of course a bank is already streaming any interesting data about your activity to the Feds, never mind needing to get a warrant or decrypt anything.
Not on the iPhone 5C, the key is kept in flash memory. The CPU doesn't have a secure memory for keys, only a factory set secret that can only be read by signed, privileged code.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
You seriously want to pretend it is about the dead shooters, and not the NSA furthering it by cracking average Joe citizen's encrypted iphone? What part of this controversy do you not follow?
Contact me. I'll give you some tutoring for a nominal fee. Hell, I'll even give you the first lesson free.
You're obviously speaking of the IRTPA of 2004, of which the https://www.ise.gov/ was created to execute the sharing you mention.
However, what you don't seem to be grasping is that this does not mandate that the agencies start sharing everything. In some cases, there may be compelling reasons to specifically not share, and those cases would never be adjudicated in a public manner.
Just another day in Paradise
regarding 2): They do not need a warrant, as the phone in question is owned by the county government and they have given permission to search the phone.
Bravo!
What if this guy did not turn on the wipe after 10 attempts feature? Was he really that thoughtful? How many average people out there turn on that feature much less protect their phone with a passcode more than 4 digits. How many average people even know it's an option?
I bet it's turned off and the code is 1234. The same code on my luggage.
Disregard that; I suck cocks.
SexConker posting AC to preserve moderation.
Unless you're part of the investigating team, you're comment is complete conjecture. You don't know what evidence they have.
So we just trust that the government tells the truth and we must do what they ask without question or exercising our rights to disagree and wait for the courts to overturn the writ?
As I understand, it is basically a PR war between the FBI and Apple which the FBI instigated to establish legal precedent and authority.
1) The phone in question is an older model. Apple certainly can crack it, FBI probably can also with a bit of effort.
2) Apple doesn't want the impression that their phones are not secure.
3) Apple's new phones *are* secure, Apple may not be able to crack it, FBI likely cannot.
4) By making this a legal issue, the FBI are basically using the highly publicized terrorist incident to try and force a legal decision...
5) The idea being that this is about the future. I think they can get into the phone, they are just using it as leverage to try and force Apple to legally give them access to their new phones into the future, which they currently do not have.
This has less to do with technology and more about using legal and public opinion about a similar issue to force a non-technological future solution to encryption.
Basically the XKCD comic about using a wrench, but where that is a euphemism for legal action prompted by public opinion on a recent event.
Please don't try to twist my words. What you stated is simply not based upon any public evidence, and what you do have to deal with is that evidence isn't made public until it's brought up in court. After that, everything that's not brought out is subject to FOIA requests.
There are plenty of logical reasons for not making evidence public prior to a public hearing. You're welcome to disagree, but you'll have to live with the fact that it's the system we have, and for the most part, it works pretty well.
Just another day in Paradise
regarding 2): They do not need a warrant, as the phone in question is owned by the county government and they have given permission to search the phone.
Then what do they need Apple for?
Of course news about a fake are Fake News.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
This makes me wonder if the FBI/NSA has already decrypted the phone and gotten evidence they need to trace the activity back to another person, but they need the legal approval in order to use the evidence in court to prosecute someone.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
But everybody already knows the NSA can crack your phone. Why pretend they can't just for this case?
Of course news about a fake are Fake News.
Of course the FBI has the data already... all they have to do is ask the NSA to boot up their quantum computers. This isn't about getting the data... it is about making the data legally discoverable in court.
You're way too optimistic about the ease of brute-forcing AES-256.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Similarly, if you have an email retention policy and stick to it, you're destroying the ability to give in to legal demands. If the courts tell you to turn over the last year of emails, and you have a six-month retention policy and stick to it, you're fine legally.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It doesn't have the full secure enclave of the 5S or later. That doesn't mean it doesn't have wipeable hardware AES.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
given unlimited time and money
No, the device would wipe itself after a few tries.
Says who? This is not a default option, so you can only claim that to be the absolute truth if you already have full access to the phone, or have already erased it by trying. In either case Apple couldn't help you.
Anyway An ACLU expert says the FBI wouldn't need Apple to get past the auto-erase
Of course news about a fake are Fake News.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
But everybody already knows the NSA can crack your phone. Why pretend they can't just for this case?
Crack?...No, I don't think we've seen any evidence of that. Intercept the calls?...Yes.
Just another day in Paradise
You cannot condemn the NSA without factoring in the fact that there are some very powerful and well funded state security agencies in the world whose entire purpose is to conduct espionage operations against the US.
Are we talking about the same foreign agencies that have reciprocal agreements with the NSA to share information collected on US citizens while the NSA shares information collected about theirs? That is an international conspiracy, and all parties participating in it are traitors.
SSLv2 was also top security feature that is impossible to crack by anybody, just make keys long enough. Then SSLv3 was the one impossible to crack. Then everybody started to understand that they are full of holes and workarounds, and who knows how many undisclosed exploits big government agencies have - whatever country you will take. The "private" key isn't that private too if you think more about it. There is bunch of people at Apple who have access to it and it is not hidden in some Faraday cage 100 feet under ground with vaulted doors.
I thought that FBI was equiped with all the latest technology
you can easily identify the person with access to classified information and also communicates with snowden because he or she has to carry his or her nuts around in a wheelbarrow
I'm just saying that one of those two events will have happened. Not that they would have just happened, or that you'd have a nice shiny crypto key that works billions of years afterward.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The government can and does dictate retention policy for many things. And they can put a gag order on it besides with their NSLs and various other tricks. Once the judge puts the hammer down, you will do what they say if you want to keep your business and maybe your freedom.
“He’s not deformed, he’s just drunk!”
Theres the UID key needed to decrypt the flash key, and it is in fact stored in the processor and inaccessible. The difference between it and the secure enclave is the secure enclave contains the whole flash key instead of just the key to decrypt the flash key and the secure enclave erases itself through the unupdatable firmware on it, whereas without the secure enclave erasure of the flash key is done by the operating system.
Having the encrypted flash key is worthless without that uid as it is impossibly difficult to decrypt. Look into how long it would take to decrypt aes-256. If the fbi could get that UID key then they would have decrypted the flash key already. This is all explained in the aclu's blog on this. Try reading the article the summary links to man.
The customer is stilling using the encryption, just by using the app / website. So is the bank, of course.
They are using the bank's encryption, not their own. That's an important difference.
“He’s not deformed, he’s just drunk!”