Slashdot Mirror
Apple Files Final Response In San Bernardino iPhone Case (reuters.com)
An anonymous reader writes: In its final briefing before a court showdown next week, Apple said, "The court must consider the national debate surrounding the issue of mandating a backdoor or the dangers to the security and privacy of millions of citizens. According to Apple, the government also believes the courts can order private parties "to do virtually anything the Justice Department and FBI can dream up. The Founders would be appalled." In response to the government, Apple said, "the catastrophic security implications of that threat only highlight the government's fundamental misunderstanding or reckless disregard of the technology at issue and the security risks implicated by its suggestion." According to TechCrunch, Apple made an interesting change in its strategy in the court on Tuesday. From its article, "The tone of today's filing and subsequent call was much more cold and precise. Apple got some time to consider the best way to respond and went with dissecting the FBI's technical arguments in a series of precise testimonies by its experts. Where the FBI filing last week relied on invective, Apple's this week relies on poking holes in critical sections of the FBI's technical narrative." Edward Snowden also made a remark about the hearing. He tweeted, "Today I learned that "#Apple has way better lawyers than the DOJ."
They say this because the All Writs Act is only supposed to be used to fill a gap that Congress has not addressed. If there is national debate about something, and Congress refuses to take up the issue, it can be said that Congress has addressed the issue and has rejected a law mandating backdoors, meaning the All Writs Act could not be used.
Specifically, according to Wikipedia, the Department of Justice's yearly budget is $27.1 billion, of which the FBI gets $8.3 billion. Last year, Apple brought in $53.4 billion on profit... not revenue... profit.
Imagine all the people...
Didn't Apple provide just exactly this to China (where China can flash whatever modified iOS version they so choose with public keys that work?) I hope I'm mistaken, but remember reading that.
No.
There has been iOS targeting in China, but the way it's implemented is by using an enterprise enrollment key to redirect the App purchases to a pirate version of the App store that supplies the enterprise enrollment certificate to the iPhone, and which then gives you access to pirate content, which is basically a bunch of Apps that were purchased, and then re-signed with the enterprise key for the iPhone enrollment.
Because these Apps are res-signed, the original signature doesn't matter, and so along with the pirate App itself, they tend to stuff malware into the App bundle.
There's another Slashdot story today that talks about "installing malware without jailbreaking", and it comes down to precisely this: You enterprise enroll the iPhone, and then get third party (read: pirated content with malware attached) for the Chinese "App Store", which is running the enterprise certificate.
Apple shuts down these certs (and bad actor developer signing keys) any time they find Malware. But it's hard, in a country of 1.5B people, to shut down everyone who happens to be buying the next cert so that these bad actors (and state actors) can stay in business.
NB: It's actually *worse* than alluded to by the other article, since they can include certificate authority certs as well, which allows the vendor -- or the Chinese government -- to MITM attack SSL connections, by re-signing the certs for the site with the signing cert for the authority cert, and then just monitor all the SSL using a transparent proxy that decrypts all the traffic for analysis. This is, by the way, the reason you do not want to use a BYOD iPhone, if the company forces you to participate in enterprise enrollment of the device.
Hilarious, for the full story, click here.
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."