Slashdot Mirror
FBI Telling Congress How It Hacked iPhone (theverge.com)
An anonymous reader quotes a report from The Verge: According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple's recent legal fight. Senator Richard Burr (R-NC) is also scheduled to be briefed on the topic in the days to come. [Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.] The disclosures come amid widespread calls for the attack to be made public, particularly from privacy and technology groups. However the FBI's new method works, the ability to unlock an iPhone without knowing its passcode represents a significant break in Apple's security measures, one Apple would surely like to protect against if it hasn't already. Just days after the FBI broke into the terrorist's iPhone, the FBI told law enforcement agencies it would assist them with unlocking phones and other electronic devices. We still do not know how the iPhone was hacked, nor do we know how many iPhones may be able to be unlocked from the hack. The FBI did tell USA Today the hack has not been used in any other case beyond San Bernardino.
The queen of "laws for thee, but not for me."
Guns? Why, those should be illegal! But I'm going to need some armed guards for myself, of course.
Encryption? Consumers can't be allowed to have that! Now how do I configure my secure Senate email account?
What a hypocritical cunt.
so we can't even talk about anything further.
who is going to tell us the honest truth? all we get is the dishonest truth from every 'official' that speaks up about this.
disinformation and even more disinformation. you'd be nuts to take anything on face value, given what's at stake.
--
"It is now safe to switch off your computer."
The backdoor exists. Apple can toggle a bit server side to allow Siri to access a locked iPhone.
http://forums.macrumors.com/threads/apple-fixes-siri-bug-allowing-access-to-photos-and-contacts-on-locked-device.1966071/
Apple isn't willing to play ball with the FBI.. so why should the FBI help Apple out here?
How do you like them Apples? (bad pun)
More alarming than the hack is the following bit in TFS:
The "hack", as I understand, was on an 5C, which is weak by comparison to the 5S and beyond. Non-event.
But the bit I quoted? Really? Limit what encryption consumers can have? I find that more alarming than "old-ass insecure phone got cracked."
I hope this dies a flaming painful death before it goes anywhere.
The "Civilized World" jumped the shark ca. 1973.
Diane Fienstein was born in the wrong country
She fits much more snugly in a fascist state
Muchas Gracias, Señor Edward Snowden !
It's becoming clearer every day that we need phones that run OpenBSD. The OpenBSD developers have showed us time and time again that they're completely dedicated to writing damn secure software. They will even fork, fix and maintain software written by other projects if it doesn't meet their high standards, like we've seen them do with their LibreSSL project.
This is exactly the kind of thing that Mozilla could do to redeem themselves. Instead of wasting so much time and effort on Firefox OS, they could have instead provided the resources necessary to get OpenBSD to run well on Nexus phones. It's clear that Mozilla doesn't have much of a chance when it comes to the web these days, after how they've driven away so many Firefox users with unwanted and unnecessary changes. But Mozilla could reinvent itself as a provider of secure consumer-oriented software.
Burr hates privacy.
always stand against freedom. Burr is a jerk.
And what about Feinstein?
or are we just believing the FBI said it was?
That is the way of his kind.
or wasn't there some law about circumventing security measures on a computer device?
I don't understand why the passphrase even matters when they've had complete physical access to the phone all along. The lawsuit was certainly an attempt to coerce apple into providing a backdoor--the FBI knew damn well it didn't ultimately need one.
That was a hate law. Seeing a penis won't ruin some little girl's life.
What info did the FBI get off the phone? I think it's generally considered that time was a crucial element in getting any meaningful info from the phone, and perhaps days or hours after the event, anything in there would be useless.
I'm not sure anyone has yet to convince me that more encryption = more terrorism.
They hate us and want us to die.
How many cat videos were found on the terrorist's iPhone?
If you understand the multiplicity of meaning, you'll understand the true meaning of that law.
Something like this will just help me get more people involved in writing home brew crypto.
Can't wait to feel like I'm breaking some kind of law which should make it much more fun than it currently is.
This should be fun.
Captain Jean-Luc Picard of the USS Enterprise
Captain Jean-Luc Picard of the USS Enterprise
The death of everyone that isn't an old white man is their global endgame. They only care about profit, not people.
The death of everyone that isn't an old white man is their global endgame. They only care about profit, not people.
Are you talking about Republicans or Ferengi?
That this episode of the FBI vs Apple has come to public attention proves that the FBI is grossly incompetent. When the public (and therefor terrorists) no longer believes that phone information is absolutely safe, other means of communication will be used: government loses a powerful tool against its enemies. This is a hideous strategic blunder.
Contribute to civilization: ari.aynrand.org/donate
That was a hate law. Seeing a penis won't ruin some little girl's life.
But seeing "Trump 2016" chalked onto a sidewalk will make those same weak-willed twits wail in horror?
Awww, such special snowflakes!
(And I'm willing to bet you don't have a daughter, no do you?)
The death of everyone that isn't an old white man is their global endgame. They only care about profit, not people.
Yeah, gotta love how the most likely cause of death for a young black person is to be murdered by another black person - in a city that's been under single-party Democrat control for a fucking century...
"Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come."
Not only is this extremely stupid and utterly unworkable, but fuck these two maggots who think that it's their right to weaken our privacy.
Just cruising through this digital world at 33 1/3 rpm...
If rather look at a penis than Trump's name.
Will the government be retroactively censoring all of the public details of encryption algorithms and wiping all of our memories? Diffie, Hellman and Merkle better watch their backs!
But seeing "Trump 2016" chalked onto a sidewalk will make those same weak-willed twits wail in horror?
Awww, such special snowflakes!
I'm older, but at 18 or 20 years old my father and grandfather were jumping out of troopships while being shelled and shot at....but millennials shit their pants if the rice in the school cafeteria isn't "authentic" to the way they make sushi in Japan. I'm not making this up.
Just cruising through this digital world at 33 1/3 rpm...
But from a gun made by whitepeople.
That is part of the Republican war against human thought. They hate people that think.
Based on the FBI's previous behavior (lying through their teeth), I'm not inclined to believe them.
Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.
When math is outlawed, only mathematicians and those who can read their papers will have math.
OK. There are several things wrong with this. The first and most glaring is that if the FBI wunderkin can't bust into an IPHONE with their crime fighters, then surely the NSA could. Its never been made public, but I have little doubt that before the "Official Crack", the NSA offered to bust that puppy wide open. Another glaring omission is that we won't know how much data is left on the phone (possibly only volume settings and recently phoned numbers). Apple/FBI had access to *all* of their cloud data months ago. Now I don't know the innards of the IPhone intimately, but if there is a separate Hynix (or other) memory chip, separate from the main processor, then you can just bypass the whole operating system chip, suck all the data off the memory card however encrypted, then just spread that memory image among about the NSA's "Acres of cores"(tm) and have a crack-o-rama(tm). Old timers can make book on how long it will take to break. (Remember, when brute-force cracking, half the total number of combinations is the average time needed to break any given encryption scheme). And none of that "three guesses or we delete" crap either. Actually you could just lift the write pin on the memory chip (give it a little snip) and go hard against the phone itself, but that wouldn't be nearly as fun. Closest to the time it takes to crack Apple encryption gets taken out for pizza by the rest. Oh? What was that? You asked how many electrical engineers and computer scientists work for the NSA? Well sparky, the answer is: enough to design and fab their own chips and build their own hardware, and likewise make their own operating systems and software (although COTS software is used whenever available, we *are* a taxpayer funded federal agency after all).
.. in any other case..
considering that they LIE about this sort of thing all the time.. it is now certain that they have employed the same hack in other cases, and that other agencies have also used it... and of course, not always with valid warrants leading the way.
No, the Playstation doesn't run FreeBSD, or free anything. It runs a proprietary operating system which includes a lot of code from another proprietary operating system which once borrowed some code from FreeBSD.
Every few years, somebody figures out a way that if you have full access to the hardware, you can open it up and do this and that and boot another OS. I don't know that ANY popular hardware is secure against that.
Going on 20 years working full time in computer security, it's my informed opinion that FreeBSD and OpenBSD are both more secure than any of the more popular operating systems. FreeBSD can be more secure than Linux by giving up some of the flexibility and the cutting-edge features. FreeBSD is one OS, Linux is a bunch of related operating systems, including Android. Windows not only has the focus on new features, but is also just now overcoming some security decisions that made sense when they were made, but turned out to be disastrous for security as the world changed.
OS X is in some ways similar to the BSDs - it's based on a solid multi-user, network OS pedigree, and it's not required to be flexible. With OS X, things work the way Apple chooses. They choose the exact hardware they'll support and the OS does things the way Apple chooses , they don't support a dozen different alternatives for each thing like Linux does and Windows somewhat does. This allows Apple to make that one supported way more secure and reliable.
Talking about the differences in rice is racist as fuck. How would your white ass felt if I confused Jerry Seinfeld with Chandler from Friends.
It's called man in the middle. They remove the memory chip from the iphone. The contents of the chip are read and saved with a chip reader. A device emulates that chip and hooks into the screen and touch screen input. It then brute forces all possible passcodes. It only requires someone with decent desoldering skills with a hot air wand.
That's what it all comes down to.
I love Jesus, except for his foreign policy.
If you had an argument you'd have made it.
Someone from the company that did it showed the media days ago how they take the board out of the phone, try the code until it locks up, and then reset the failed attempts counter with hardware. Dead simple, and pretty much "Duh" to the computer industry.
I'll bet a lot of gun parts are actually made by chinese.
Playing devil's advocate here, but if I asked Apple for assistance and they told me to fuck off, I'd return them the same polite message if I had to figure it out myself (or in this case, through someone else) if they asked me how I did it....
It will be interesting to see how this plays out though.
Something similar to this: Black Box device can brute-force iOS 8.1 PINs
I've thought about this for a long time as well. I've only been in the industry a bit over one decade, so admittedly less time than you, but I believe I've come to a different conclusion. When you buy an Apple computer only Apple gets paid. As you mentioned, it's Apple hardware ruining Apple software, which run a core of Apple programs that work well with Apple services, network equipment, and peripherals. They even now, of course, have an Apple store so they can get a 30% cut on anything they still haven't provided. Now assuming that this closed exclusive system is more secure (which I consider to be a dubious claim), is that even worth it? You don't have to have a very powerful imagination to think up some of the problems that could occur giving one company this much control over your computing needs. This FBI case is a great example. The world is in a state right now where those inclined to do so really only have to infiltrate a handful of companies to compromise everyone's data. If anything the world needs it's less consolidation and control, not more. We've spent the last three decades giving up freedom, choice, and healthy competition for convenience, ease of use, and ultimately a false sense of security. It's time for a new approach.
If it ain't broke, don't fix it.
I was expecting a cure for cancer, the email addresses of every spermlicking ISIL and bocoharam member and pictures of Trump's stump.
Im sure its not true, but isn't cracking illegal?
They'll get my math when they pry it out of my cold, dead cerebral cortex.
A large agency, such as the NSA, has the necessary resources to get into the phone that was behind all this noise. This is yet another attempt to use fear and misinformation to persuade Americans to sacrifice liberty in the name of 'security.'
Crypto and homebrew don't belong in the same sentence. Even the experts occasionally get it wrong and they have decades of design and implementation experience behind them. This one is best left to the pros, with audits of their work.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
For a very long time I ran Linux on everything- not just my desktops, laptops, laptops, and servers, but also my routers and everything else. Linux is so flexible that it runs 98% of all supercomputers, and also runs fine with 8 MB of RAM. For many purposes, there is a Linux distribution that's the right tool for the job.
In some cases, FreeBSD or OpenBSD is the right tool for the job. Firewalls are a great example, you want your firewall to be secure and reliable ; you don't care if it supports the latest graphics card well. FreeBSD is secure, reliable and very network-centric. There's a great user-friendly storage server system that happens to be BSD based.
For a corporate desktop, in an environment with Active Directory, ldap, etc, and little tolerance for downtime and "fiddling" wjth your computer to make it work, sometimes you still want a UNIX box rather than Windows. OS X fits that role nicely, in my opinion. Note OS X is a completely different beast than iOS. Nobody that I know uses the damn app store for OS X. It's simply a well built UNIX which will run all of your favorite FOSS software, reliably without fiddling with sysctl and X graphics drivers, while integrating pretty seamlessly into the Windows-centric corporate environment.
You are correct it doesn't run Freebsd but it does run a system based on the freebsd 9 kernel, at least the ps4 does. In fact this is one way the ps4 has been hacked see https://cturt.github.io/ps4.html.
I could have said that more concisely as:
--
My last two employers needed me to use Outlook and Photoshop.
My personal workflow uses bash, perl, grep, awk, and make.
All of those required tools work great on my Mac, even after I've dropped it on the concrete.
---
Mac is full-fledged certified UNIX, and it's corporate helpdesk approved. Where else are you going find that combination ?
My MacBook Pro does run Linux, Windows, and FreeBSD virtual machines all the time too, though. I click whichever OS is suited to the moment. Last week, in 18 hours, we found thousands of vulnerabilities in 14 machines running those operating systems plus Cisco, so I know none are bulletproof, but I also know some are much more secure than others. (Out full vulnerability report for 14 targets was over 1600 pages long - for the exposures we found in 18 hours).
She is obviously not a true democrat. In the one state that upholds these values, they need to use their money for a good cause. She is bad news for business. And this is coming from a guy (a Democrat, atheist) from Mississippi, so I kinda know what I'm talking about. I think we're about to lose a LOT of federal funding for research. Morons at the helm...
665: The mark on the forehead of Satan's slightly less evil brother, Stan.
So we only have the FBI's word that they have hacked the iPhone, they may have found the password via other means for all we know. This may be an attempt by the FBI/NSA/CIA to scare people away from using iPhones as a secure communications medium. Also US laws on restricting encryption mean nothing to criminals because they will just buy a stock android phone of ebay and install a secure locked down firmware package that has encryption built in.
The irony here is so thick you could spread it with a putty knife.
California Democrats have long kept this woman in office. She goes after gun rights, which are rights of citizens, all the time. I'm reminded of the old line regarding them coming for the drug users, but I didn't say anything because I wasn't a drug user. Or something like that...
Now, the woman and the party who's been coming for our guns, is coming for our encryption. A law limiting such technology will drive even more jobs in California, and the whole USA offshore where such laws don't exist. If this happens, it will actually screw the people who keep voting her in.
"The FBI did tell USA Today the hack has not been used in any other case beyond San Bernardino."
http://9to5mac.com/2016/03/30/arkansas-iphone-ipod-unlock-case/
So they have agreed to help and use the hack to unlock basically any iPhone that law enforcement needs to them unlock. But as of this writing they haven't actually done that yet? Oh ok, that makes it true. Until tomorrow.
No one in America wanted to help the FBI. Now they want to FBI to disclose how they did it?
Now they're felons.
Pretty sure they can do it:
http://blog.trailofbits.com/20...
New things are always on the horizon
as far as I can see all they did is take lots of tax payers money and pay someone else to do the work,
Apple sent an employee to a third party company. The FBI went to said third party company. The 'non-Apple employee' then unlocked the phone.
See title of post.
And the Republicans moved to the sub burbs and created their own city with no income taxes to screw over the big city. They put up building code income restrictions to keep poor people and their problems out, and sucked money out of the city to selfishly use it.
And the governors and congress have been republican. There is plenty of gerrymandering to screw over fair representation too. Over policing and passing minor laws that minorities get caught for and have their lives ruined is a GOP strategy, along with the big money from the rich Kick brothers and Sheldon to brainwash the stupid masses by buying the media.
The FBI should be investigating the GOP. That is where the corruption is.
they will pass laws saying we can't lock our doors with deadbolts or reinforce them.
Car alarms, who needs them?
bars on windows, psh.
machettes, we live in america not the jungle.
All because those are things terrorists might use along with a long list of other consumer items.
That's unfair. They don't shit their pants, they scream about cultural appropriation and then issue death threats to anybody who doesn't agree with them.
I miss the old days, when diametrically opposed sides could argue heatedly, go home, and mutter about each other being assholes instead of being subject to social pogroms.
I saw this video just the other day regarding the rapid deterioration of Venezuela where they have all sorts of bans going on along with a hyper-inflating currency. Perhaps the out of control criminal elements that dominate there will be a nice blueprint for criminal activity in the U.S. as well. Video indicates how people and security (because they no longer have protection such as through a weapon) have become...what is a good metaphor here...sheep among wolves.
Like you, I can't wait for that day to arrive in the U.S. The people really need to be helpless and totally dependent upon their benevolent gov to hold their hands.
Here's the video - https://www.youtube.com/watch?v=UOQb7Y5QVO8
I'll more directly answer your post. You posed the question of whether concerns that the government can lean on big companies and thereby get access to your computer should override other benefits of using a particular operating system. "Is it really worth it?", you asked.
In my opinion, it IS worth that risk of government finding a way to access my employee email etc, particularly if they have the laptop in custody and a warrant, like the San Bernardino case, when the alternative is that -I- don't have proper access to my work email, calendar, etc. If the FBI seizes my employer's computers, they'll have 16 ways to read the email regardless of which OS I use on my laptop. It's stored on the Exchange server. The source code I write is in our git, cvs, and hg repos, unencrypted and ready for the FBI to seize. So trying to use a non-standard OS on my work laptop wouldn't even INCONVENIENCE the FBI, but it sure would inconvenience me and my co-workers. In this instance, there is nothing to be gained from trying to keep the FBI out of my laptop.
At my last employer, I also had three Macs. All of the information on a those computers was property of my employer, a government agency. Most of it was and is available, free, to the public. Does it make any sense to try to prevent the FBI from reading the course material for security courses that we provide free online? Are they going to use it to cheat on the test? Are we protecting the GPL source code of the online campus we used to deliver the training? They can get that at Moodle.org. If they want to specifically look at the code I wrote, they can look in the Moodle git repository, which is open to the public.
So for those jobs, the right tool for the job doesn't need to be FBI proof.
If I was going to pull a Snowden, obviously the requirements change. I might care about making certain data not readable by the feds. Even for my own personal laptop I prefer Linux.
I guess they are more advanced than we thought...
The munitions list only applies if you want to export something that is on the list (for what it's worth, ALL guns of whatever size are on the munitions list, always have been, always will be: if a gun isn't a munition, what is?)
You're perfectly free to make export controlled items in the United States with no supervision, limitation, etc. (at least from export control standpoint). It's when you send one to some other country, or give/sell/transfer it to someone who is not a U.S. Person (i.e. a foreign national or representative of a foreign national, who doesn't have a green card) that the export control laws come into play.
These people aren't freshmen. Many of these individuals have been re-elected multiple times, and these parties have dominated America longer than you have been alive.
Just imagine if the name of the party were Khmer Rouge or Nazi, and someone who supports them told you, "You can't damn them for what their party has done in the past, or for what this individual did last term. That was two years ago! So I voted to re-elect them. And then they surprised me by being evil, even though they didn't mention their intent to be evil during the re-election campaign." Would you take such an argument seriously, or would you say that when some asshole calls themselves Khmer Rouge, it's ok to judge the book by its cover?
Any voter who plays the ignorance card to defend their support for Republicrats, is claiming to be more stupid than anyone can possibly believe. I don't think you people are that stupid: I think you're simply lying. Which alternative is the most believable? You people generally show moderate competence throughout your life (yes, we all make mistakes and I'm not saying you usually show amazing genius (though some of you do!)), but then when campaign season comes around, you shifty-eyedly explain, "no, we all have a 40 IQ. 40 is average! We're all really this dumb, forgetful and illiterate, so you should excuse us." Bullshit.
America believes in fascism. We agree with it. We think it's a good idea. Fascism and the desire to destroy freedom and justice are among our core family values. This isn't something being done to us; it's who we are and it's what we want. We don't say it, but we reliably vote for it, and we know when we're doing it.
C'mon, my fellow countrymen, let's stop being cowards and come out of the closet. Put on the armbands and you'll feel better, no longer burdened by trying to maintain a web of lies.
So here we go, the crypto wars are upon us. Even if legislation is passed restricting use of encryption, there will be services, software and tools that will be
available to circumvent it. Just like gun control, criminals and terrorists will find a way around these supposed restrictions. This will hurt American technology companies who'll be handcuffed by stupid restrictions that won't save any lives nor lead to any foresight into nefarious activities. Of course it will erode your privacy and give the government new ways to fuck with your lives but hey, terrorism right?
It's foolish to think you can put the Genie back in the bottle and it points out how valuable the concept of term limits on members of congress would be. You see the glad-handers and baby kissers, the ones that feign outrage and get re-elected by their gullible constituents; rising to power in congress because of the seniority system. You don't get the best leadership, you get the ones who are best at getting re-elected.
Feinbitch there's a special place in hell for retards like yourself.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Again you're being unimaginative and just considering your one short term use case. What I am arguing for is ideals. Ideals that consider long term implications for the whole of society. So you don't have much to worry about right now with having all your eggs in one basket. But you might if you were a member of an opposition party in east Berlin. The status quo would be to dismiss extraordinary concerns like that as irrelevant and paranoid, but history that is forgotten is doomed to repeat. This FBI case is a sign of things to come. The NSA revelations before it were a sign of things to come. When you put all your eggs in one basket, and trust that basket to someone else, eventually they will drop it... every time. And things are getting worse, not better. With the popularity of the cloud and the apathetic perpetuation of walled gardens, were making the concerns of the "Microsoft monopoly generation" before us look adorable. The state of personal computing and telecom is really scary. It's the most uncompetitive, unchecked, closed and controlled industry in the whole of free western civilization. And every day it gets worse and worse as we rely more and more on it.
Now we can't expect everyone to consider this before they make their choices. But I think it's fair to expect that technical people act with a bit more long term planning than "use whats best for the job". It is the responsibility of people in the tech industry to not just use whats best today, but whats going to be best tomorrow, and in the next decade, and for our children. Leave short term thinking to the business types. Technicians are supposed to value being proactive over being reactive.
If it ain't broke, don't fix it.
Just days after the FBI broke into the terrorist's iPhone
They broke into San Bernadino County's iPhone. The county may have assigned the phone to Farook, but it was not Farook's phone. Farook's phone(s) were found in a dumpster, destroyed; and they were destroyed because they contained incriminating evidence. It doesn't take too high of an IQ to deduct this, as it's farily obvious; and I'm not calling the FBI a bunch of idiots, I'm saying they're calling all of us a bunch of idiots by presenting such blatant bullshit to us and thinking we'll actually buy it.
Don't be the idiot the FBI thinks you are.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Many people have already pointed out the clear contradictions in Feinstein's desire for laws to limit other peoples' rights to have guns (while having armed bodyguards and having had a concealed carry permit). She very clearly thinks she can have the privilege of defense with guns while taking the right of citizens to have guns away (she thinks she can still have it after it's taken away, and she's probably right - if she could not have it after, she would not go down that route).
We all know that encryption is used heavily in commerce and banking for obvious reasons. We also know the problems the police are having with ethics and the questionable foreign policy we are using. Personally, I know of many instances in which the FBI was used as a political enforcement organization to further the aims of one group of people.
In short, Feinstein is engaged in class warfare and not representing the interests of the majority.
Some millennials fought in what was arguably the hardest and most violent conflic yet seen, with a battle rythm 3 orders of magnitude beyond what previous generations could have comprehended... It was not uncommon in 2007 to see 20:1, sometimes 200:1 mercenaries for every soldier in a Panjway firefight. There was also no generation gap when it came to those that hid under their desks refused to fight, they were young and old alike.
But I am sure you wouldn't understand, your country is failing because the undeducated would rather generalize and give in to fear.
You go girl! Hella!
The Orbis OS for the PS4 is built using FreeBSD 9, which was current when the PS4 was in development. Obviously, Sony adds its own proprietary software, including drivers, but they have also used other open source software such as WebKit in their UI layer.
The only way to have complete safety against "terrorists" is to allow the government to have total control over our lives.
The question of how do we have complete safety from our government is left as an exercise for the reader.
"Grab them by the pussy" -- President of the United States of America
I'll just leave this here: CipherSabre.
Why is it no one speaks of business privacy and tradesecrets being stolen and sold via the FBI or NSA?