Slashdot Mirror
What Apple Can Learn From BlackBerry Not To Do (informationweek.com)
dkatana writes: There is no shortage of news about the fight between Apple and the Justice Department to unlock the iPhone of a suspect in the San Bernardino, Calif., terrorist case. Apple can take a page from the fight BlackBerry had back in 2010 with some governments in the Middle East and Asia. At that time -- afraid to lose a lucrative business -- RIM [gave] in and allowed those governments to access its secure BBM (BlackBerry Messenger) service. The rest is history. If Apple complies with the Justice Department request, according to Craig Federighi, senior VP of software engineering at Apple, "[This software -- which law enforcement has conceded it wants to apply to many iPhones --] would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all."
I'm English, title sentence makes my brain hurt...
The reason Blackberry went under has absolutely nothing to do with it opening up the platform to the government. It had everything to do with the instability of their server infrastructure.
I get the fact that you guys don't want Apple to open up its platform to the government, but this story is downright dishonest.
If you want to do away with the government then go live on an oil rig. Until then, the government will always have more power than you would like. That's life.
If the situation is as described in a recent statement attributed to Tim Cook, then this is a completely fake issue. In summary, that quote said it would only take a few man-months to produce the software that the FBI wants. If so, then it is barely conceivable the FBI lacks the resources to have created it already, and it is dead certain that the NSA (and foreign counterparts) already have it.
So why the charade? Evidently to make suckers (AKA you and me) think that there is still some privacy out here where the peasants live.
Also, perhaps because they've decided it's politically expedient to make Apple look bad with this juicy and loaded situation.
Don't look at me. I'm getting so ultra-paranoid that I think Snowden was a sincere patsy who revealed exactly what the NSA wanted us to know and Michael Hastings car was hacked, too. If I still had a vote, I might be approaching the level of craziness required to vote for Trump and "government of the Donald, by the Donald, for the Donald" just on grounds of simplicity.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Honest question: I know it's off topic here, but what about all the stories that the baseband was this separate processor that had the keys to the kingdom and could do anything, defeat all security, etc..?
(See https://mobile.slashdot.org/st... for instance)
Is this whole fight just smoke and mirrors? Or is the whole secure enclave different, and if so, are there any non-apple phones with similar protection? Or does the secure enclave just protect you in this particular case (third party in posession of a locked phone)? My understanding was you could get the baseband (if you had access via the operator side of things) to do whatever, hence access unencrypted pages in memory while the phone was in use at least, and the private key if it ever made it there. I come at it from the point of view that the baseband can easily be exploited by the operator.
I would greatly appreciate any informed insight.
As a 600 pound gorilla it thought it could dictate where the market should got and got a painful lesson by customers that decided that touch-screen smartphones was what they wanted in their pockets
Blackberry stopped being popular because it sucked and the iPhone didn't, not because of some 2010 Middle East decision.
Slashdot: providing anti-social weirdos a soapbox, since 1997.
Imagine that device encryption keys were disintegrated across a peer-to-peer network such that a high number of users could unanimously authorize the unlocking of a single device. The idea is that it would be possible to unlock a protected phone, but it would require a mass consensus.
Don't be a Canadian company? Canada is for losers. Don't have two CEOs? *One* inhuman psychopath is all you need!
Blackberry withered on the vine because they refused to accept and embrace change. They refused to adopt the Android OS, insisting on their proprietary OS years after the market had moved on. If Blackberry had embraced Android from the get-go they would be the Samsung of the cell phone world today.
They failed to realize that their previous market of corporate issued communication devices was no longer the only de facto market. People had a choice and spending a small fortune on a device that couldn't play angry birds vs a much cheaper device that could was a no-brainer.
Just another company that thought they could corner the market through their proprietary bit. Their moves with opening up their platforms to third party governments only very narrow use cases. /supports Apple's crypto fight
"Everything after 1999" would be a good start.
Is it specifically illegal to build a self-destructing safe? Is it some kind of a requirement that all safes be made crackable?
A lot of better safes have multiple defenses -- drill-resistant layers, thick steel, re-locking mechanisms to resist physical force. In theory, a plasma lance or other exotic cutting tools and enough time could get through anything, although many of the methods themselves run the risk of destroying the contents.
But what if you combined all that with some mechanism that would destroy the contents if there was an attempt at forced entry? Obviously an explosive might be a problem, but maybe some kind of self-incineration engineered to destroy specific contents but ultimately be self-extinguishing or self-contained.
I guess I just think of a well-designed smartphone to be not much different -- extremely difficult to break and it risks the destruction of the contents even trying.
You just suggested that Apple have mislead the public when they implied that currently their systems are secure because if their systems could be compromised right now they would know about it given their intimate knowledge or their code and information technology in general. i.e. They know what is possible more than you ever could, and they have said nothing to suggest that the FBI request is redundant.
i.e. In seeking to support Apple you have actually condemned them as probable collaborators.
You are right about one thing, no system is entirely secure, but that does not prove any given system has been compromised, yet.
Anyone notice that no politician would dare suggest government boycott any member of the gun lobby? While not a single bullet has ever been fired by an iPhone 5C, it remains the focus of attack by those in government. It seems like USA thinks it has and always will have the upper hand in this situation which gives it leverage to make demands. But I think the facts indicate otherwise.
Consider the following:
Of those backing Apple's right to not decrypt the iPhone includes the following companies:
To put this in prospective:
The government may find a way to win the battle over the iPhone 5C which never fired a single bullet--but at the same time, they may encourage the creation of the largest and most powerful lobby. I don't see how this could end up being a war they can win.
The authors have no idea what they are talking about on a technical level.
RIM has always been upfront about the type of encryption on their devices & protocols, and its limitations.
BBM (blackberry messenger) uses 3des as the encryption algorithm, and as you probably know 3des is pretty weak these days - brute-forcing all the keys is very feasible for a government (or anyone else with $1 million to spend on compute power).
Further, why does BBM work with all blackberries? Because they all have the same default BBM encryption key, and this key is known in the security business (no, I won't give it to you).
So, a weak algorithm, and a key known by quite a few players.
For a government to claim that they weren't able to decrypt BBM without RIM's assistance is complete BS: either the govt is incompetent or they are lying. Here's a longer discussion:
https://www.christopher-parson...
Now, blackberries DO have strong encryption (AES256) for other types of communication - those are VERY secure.
So, it pays to RTFM, especially when it comes to keeping info secure.
It might be possible for Apple to comply with the FBI's request AND prevent any future requests. Treat this as a "professional services" engagement, and announce that Apple is willing to unlock any iPhone that the government has legitimately seized - for the nominal fee of one BILLION dollars, in advance, in cash, per phone. No discounts, and no dickering; greenbacks delivered in armored trucks in exchange for one unlocked phone.
1. There are laws against booby-trapping your home. If your booby traps kill a burgler, you will do hard time.
2. It's not quiet the same as a self-destructing safe. This isn't Star Trek, so physical safes can't be cloned. That means a self-destructing safe's contents are actually more secure than an iPhone's contents. The FBI has probably cloned the phone's drive already, they can still theoretically crack it the "really hard way" even if the phone manages to wipe itself.
IF the contents can survive being frozen, dump the safe in liquid nitrogen for a while. Crack it open with a hammer.
Good luck finding something that will incinerate below 63K
If a person wants to support their government then they can buy a unlock-able unsecured version backdoor key version. There is also a locked secure version at no extra cost available.
Let the market decide.
This software -- which law enforcement has conceded it wants to apply to many iPhones --] would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all.
No. That is PR spin. The FBI, hackers, criminals, etc do NOT need Apple to create the software. All are perfectly capable of tampering with binaries as people have been doing for decades. The ONLY thing that stops such efforts is that the firmware is expecting the software to be digitally signed. The only thing the FBI really needs from Apple is to sign the FBI's tampered iOS binaries. That's it. Having Apple modify iOS is just a convenience, not a requirement.
However IF the court forces Apple to comply then Apple should make the modified iOS. This way they can lock this modified iOS to the one device in question. The FBI, hackers and criminals could not tamper with this lock down either. This modified iOS is just as tamperproof as original iOS due to the digital signature. With this lock down the FBI would need a new court order for each new device.
But if Apple does not do the code and lets the FBI tamper with the binaries then there will be no lock down to a particular device. Once signed by Apple this FBI version of iOS could run on anything. This is why Apple must do the software, *** IF *** the court is going to force them to comply.
I get the fact that you guys don't want Apple to open up its platform to the government, but this story is downright dishonest.
One particular dishonesty is that Apple creating a modified iOS "would become a weakness that hackers and criminals could use to wreak havoc"
That is PR spin. The FBI, hackers, criminals, etc do NOT need Apple to create the software. All are perfectly capable of tampering with binaries as people have been doing for decades. The ONLY thing that stops such efforts is that the firmware is expecting the software to be digitally signed. The only thing the FBI really needs from Apple is to sign the FBI's tampered iOS binaries. That's it. Having Apple modify iOS is just a convenience, not a requirement.
However *** IF *** the court forces Apple to comply then Apple should make the modified iOS. This way they can lock this modified iOS to the one device in question. The FBI, hackers and criminals could not tamper with this lock down either. This modified iOS is just as tamperproof as original iOS due to the digital signature. With this lock down the FBI would need a new court order for each new device.
The only scenario that leads to havoc is if Apple does not do the code and lets the FBI tamper with the binaries, then there will be no lock down to a particular device. Once signed by Apple this FBI version of iOS could run on anything. This is why Apple must do the software, *** IF *** the court is going to force them to comply.
This is a great example of a negative / negative decision.
I'm pretty tired but I'm having a hard time figuring out how I typed "favor" rather than "havoc". I'm going to blame autocorrection or something. :-)
...
Apologies for the confusion
Doesn't matter. There can easily be a thin section of foam insulation between the safe walls. A temperature sensor on the outer layer could combust what is still, for a few minutes, almost at room temperature when a large thermal shock is detected.
That's easy to defeat, either through sheer size or installation location.
A generic small gun safe (not the tin boxes with a lock) is 600+ pounds. I would assume that my theoretical safe would be at least as large if not larger -- thousands of pounds. And bolted into a foundation or someplace where moving it would be impossible.
Liquid nitrogen immersion wouldn't help anyway with a safe with glass relockers, as breaking it after freezing the steel would break the glass relockers, triggering the destruct mechanism.
Was the result of being the worst smartphone of the bunch. I've used them for years, (because I have to), and my current model is so unintuitive and poorly designed that I've stopped wearing it. I actually wish I had my old Curve because it was more usable. Consumers don't remember them giving access to foreign governments. They wanted Angry Birds.
What is the history? Was there a problem that specifically related to Blackberry providing the back door or does this refer to the general demise of Blackberry?
Apple avoided breaking things up with every new iOS version.
Like when they launched iOS7, and they decided that after all, full screen apps would be fine. And then made that the default.
Result: All apps on app store where with a black bar on bottom and with the status bar on top of the window.
Providing access to BBM (a messaging app) is completely different than making the OS unsecured. BlackBerry doesn't allow access to the OS and neither should Apple. And even then, there are two different versions of BBM - the 2nd being an enterprise version where the organization can make its own keys to the encryption that even BB doesn't have access to.
It amazes me how stupid people are in this debate. There's no way a government should force backdoors into these devices.
"A plan fiendishly clever in its intricacies"- Homer Simpson
I live in the UAE. The moment it became known that BB gave their keys to the government, everyone dropped their BBs and bought new phones.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Apple winning the security war would require great courage, because they would have to give in to their biggest fear.
They have to let their users run whatever-the-fuck software those users want to run.
Do that, and then users will be able to secure their devices, and then it will become possible for an iPhone to be secure. (I'm not saying all iPhones will be secure, but if a user wants their secure, they'll be able to do that. Currently, this is impossible so no Apple user is able to have a secure iPhone.)
Or even just a self destructing message like those used in the Mission Impossible shows and movies. We can't have information that would be available if a warrant were issues to be gone now can we? I guess we next have to outlaw shredders and any type of fire as well.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
The idea wouldn't be a safe that blows up and kills the safecracker, but one that uses sensors and failsafes to induce destruction of the contents.
Most high-end safes and vaults have glass rods in them that hold back part of the mechanism that controls entry -- excessive physical force will break these and disable the safe from being opened, often even with the combination. Some have extra bolts that will fall that cannot be retracted by any mechanical means and require extensive physical breaching to enter.
Obviously destroying the contents without harming the structure its housed in or someone trying to enter it is a complex engineering question that's dependent on what's being protected and the means to destroy it. It could be that you'd require the secret info to be stored on heat sensitive paper and enclosed within an internal, self-powered oven that would heat up sufficiently to destroy the document (like a thermal sales slip left in a hot car). Or it could be magnetic media stored basically in a degaussing container that would expose the media to a degaussing field if intrusion was detected. Or maybe some kind of crucible container that would flood with a harsh acid but contain the acid.
Legally, code is (protected) speech. And the Freedom of Speech means that you are also allowed to keep silent if you don't want to speak.
Untrue. Your right to remain silent is in the context of self incrimination. If you are not under legal jeopardy you can be compelled to speak. For example when parties to a crime are granted immunity from prosecution so that self incrimination no longer applies and they can be forced to speak.
Chips can't be cloned either, at least not easily. The AES-256 key is embedded in a chip, can't be extracted normally, and can be wiped. This isn't a matter of clone the phone until the FBI has enough.
Also, the "really hard way" does not exist when you look at physical realities. A 128-bit key cannot be brute-forced using only the resources in the Solar System, and all a quantum computer can do is halve the effective key length. A 256-bit key is immune to brute force under any circumstances we can reasonably conceive of in the next century. While AES-256 has some weaknesses, there's no evidence that it's breakable, and my best read off the NSA is that they can't currently break it.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
There are lots of comments, some by BlackBerry insiders, that shed light on why BB went under.
But here is an expose by a reporter (who later turned this into a book).
Inside the fall of BlackBerry: How the smartphone inventor failed to adapt
Basically, BB refused to see Apple's iPhone as a threat. They were too arrogant. They failed to see the concept of having a store where apps are uploaded by developers. Not once! But twice! First with Apple iPhone in 2007, then with Android in 2008, and for years after that.
Look at the comments of Lazarides: all he thought of is "no keyboard", "bad battery life" and "it is too complex"! He and Balsillie failed to see the concept of a phone as an application platform with an entire ecosystem.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Blackberry and Apple devices are designed around a personal user experience. That's why they tend to be extremely streamlined for one use-case and utterly awkward for another. Jobs essentially designed something he'd want to use for the way he wanted to use it. Blackberry did the same, but targeted at a suited corporate type. Turns out that type isn't the most demanding of technical innovation, in contrast to the rest of the market.
While I might not agree with the article's position: "I'm not saying that giving access to its users' communications was the main reason for BlackBerry's huge loss of market share, but it was an important factor." It does seem a position worth considering.
Also, Blackberry has always allowed legal access to secure servers. What "legal" means can vary from Country to Country. However they have absolutely shown that when that "legal" interpretation is beyond what they think is acceptable, they have made business decisions counter to simply profit. Pakistan for example, wanted full access to all live communication. Not being comfortable with that, Blackberry withdrew all business from Pakistan. That is taking more of a stand than anyone else, with the exception of Google and China.
As you say, Blackberry's downfall had nothing to do with how secure their phone/network is, in fact it remains one of the most secure around. Simply look at it's use in various governments, including the USA and Obama. Blackberry's downfall had more to do with their software and hardware not keeping pace with technological norms, which they have corrected now, but suffered a branding issue because of it.