Reading this site, you likely work in tech.. Few people outside of the tech industry understand the ramifications of this or the National Security Agencies desire to eliminate encryption completely. My wife is in healthcare, her eyes gloss over when I start discussing this stuff, or how important it is.
Like most freedoms, people won't care till they're gone.
I've personally explained the technical details and issues to several people unconnected to tech and changed their minds. It's not really very complicated and the consequences are easy to describe in literal terms that apply the to the phones in their pocket.
People make bullshit up all the time if it helps them to insult/dissing/incite hate against Israel. Anti-semitism is alarmingly wide spread. Ignorance is bliss for a lot of people.
Don't confuse anti-semitism with anti-Israeli-foreign-policy. There are overlaps, but they are not the same thing.
Given that we've not taken it by forceful freedom, I'm inclined to think there's no oil of meaningful worth in this area. The Middle East is a big area, it's actually more than deserts interspersed with ponds of oil. I know it is expensive for people to travel but it's worth it. The Middle East has some beautiful things and some great people - Israel is one of those places that has lots of beauty, history, and good people.
Good food too. Especially Jerusalem. Go for a stroll on the old city. It helps to be an atheist, so you can see it from the perspective of an outsider rather than a combatant.
Thanks, didn't know that. I don't know enough about encryption to know what that gains, but it's interesting.
Something you know. Something you have. Your password. Your Phone. It raises the bar. You need the device as well as the password. You can't just pull the data from the chip and decrypt it with a key derived from the password. It's a normal crypto principle.
And that is why you use techniques like FIB. You can basically add your own probes anywhere on the chip, cut or create new traces, etc. Hence when you have physical access, and especially when you have access to the chip designed all bets are off. You can literally just modify the SOC to read the keys.
Good luck with that. Circuits can be and are designed to make FIB attacks hard. Key management hardware is #1 on the list of circuit types that would try to make FIB attacks hard.
Isn't this the exact attack that physical anti-tamper is meant to defeat?
It is one attack model that an anti tamper system might be designed to resist. However it is also an attack model that some systems choose not to defend against in a simple cost/benefit analysis. If the secret on the chip has a commercial cost less that the cost of the attack, then why defend against it? The gear to mount a FIBing attack is millions of dollars. Paying a reverse engineering company is less, but > $10E6. This is related to whether or not your system has BORE properties (Break One, Reuse Everwhere).
This does not apply here. The perception of the worth of product like a smartphone can be very tied up with perceptions of how secure it is, and being required to pull the rabbit out of the hat by a court and then you actually unlock a phone you claimed you can't unlock, then that might well destroy those perceptions of security and cost a lot in lost sales. So designing it so you can't yourself defeat the security you put in is the only sane option.
The court order presumes that the auto erase functionality can be bypassed with software to be provided by Apple. This is likely be unbypassable either because the key management system is enforcing the retry limit in hardware or protected firmware, away from the main application code, or the software that does it simply doesn't have a back door.
The company I work for is in the same position. We can't and won't put in back doors because being found to have lied about the security of the devices would be an existential threat to the company. That doesn't stop people who don't know lying on the internet, claiming we put in back doors, but it's not a rational thing to do.
You are describing some aspects of my day job. I know the statistics of these operations.
Replacing a BGA is one thing. Pulling a BGA, depackaging it and FIBing it is likely to fail. This isn't a problem if you can just do 10 and pick the ones that work. But if it's a single chip from a single phone, the odds are not good.
Taking apart the chips layer by layer has worked elsewhere. Sounds expensive, did the judge authorize Apple to get paid for this?
It's about a megabuck. But Apple don't do it. There are specialized companies who do this for the semiconductor industry. If you only have one sample, your odds of getting a positive result are not great.
This is not a reliable thing. You can desolder a BGA, but the odds of breaking the device in the process are pretty good. Maybe if you are the police you find the risk of destroying the potential evidence unacceptable, even if you cannot get at the evidence any other way because crypto and physical security done well works.
Wow. Could you at least wait for the body to reach room temperature before insulting the man?
Being British, I can assure you that no one waited before celebrating the death of Thatcher. Metaphorically, Scalia is in the same place as she is, for the same reasons.
>For example, why build a detector that is only sensitive to waves of 100 units or larger if the models say the actual waves should only be 2 units of size?
The wave magnitude is a function of distance.An actual wave of 2 would be 100 if the source were closer.
The LIGO upgrade increased the diameter of the sphere in which it can detect specific events. It could have detected something beforehand if they got lucky. If it was in operation in 1987, they would have seen 1987A clearly. A linear increase in sensitivity leads to a square increase in sphere volume which leads to a square increase in the probability of detecting a event. Hopefully they get to do another upgrade and get lots of events.
However, scientific theories are only good until a more refined one comes along.
Nope. Newton's laws do just fine for day to day engineering. Maxwell's equations too. Newer scientific theories may be better as a description of reality, but you can't simulate a circuit by running QM equations. It isn't practical. QM sucks when you need to get shit done.
Slashdot Mirror
>self-destructing bullet that is rendered ineffective
self-destructing bullet that is rendered less ineffective
There, fixed that for you.
The news says a lot. I've been there several times and not felt it to any more dangerous that any US city.
This is a push to get you to pay for a wireless service at home when before you had wifi that is free.
I didn't notice anyone stabbing me.
Reading this site, you likely work in tech.. Few people outside of the tech industry understand the ramifications of this or the National Security Agencies desire to eliminate encryption completely. My wife is in healthcare, her eyes gloss over when I start discussing this stuff, or how important it is.
Like most freedoms, people won't care till they're gone.
I've personally explained the technical details and issues to several people unconnected to tech and changed their minds. It's not really very complicated and the consequences are easy to describe in literal terms that apply the to the phones in their pocket.
People make bullshit up all the time if it helps them to insult/dissing/incite hate against Israel. Anti-semitism is alarmingly wide spread. Ignorance is bliss for a lot of people.
Don't confuse anti-semitism with anti-Israeli-foreign-policy. There are overlaps, but they are not the same thing.
Given that we've not taken it by forceful freedom, I'm inclined to think there's no oil of meaningful worth in this area. The Middle East is a big area, it's actually more than deserts interspersed with ponds of oil. I know it is expensive for people to travel but it's worth it. The Middle East has some beautiful things and some great people - Israel is one of those places that has lots of beauty, history, and good people.
Good food too. Especially Jerusalem. Go for a stroll on the old city. It helps to be an atheist, so you can see it from the perspective of an outsider rather than a combatant.
'Magic Slot' in translates to the English phase 'proprietary, non interoperable interface'
Thanks, didn't know that. I don't know enough about encryption to know what that gains, but it's interesting.
Something you know. Something you have. Your password. Your Phone. It raises the bar. You need the device as well as the password. You can't just pull the data from the chip and decrypt it with a key derived from the password. It's a normal crypto principle.
And that is why you use techniques like FIB. You can basically add your own probes anywhere on the chip, cut or create new traces, etc. Hence when you have physical access, and especially when you have access to the chip designed all bets are off. You can literally just modify the SOC to read the keys.
Good luck with that. Circuits can be and are designed to make FIB attacks hard. Key management hardware is #1 on the list of circuit types that would try to make FIB attacks hard.
Isn't this the exact attack that physical anti-tamper is meant to defeat?
It is one attack model that an anti tamper system might be designed to resist. However it is also an attack model that some systems choose not to defend against in a simple cost/benefit analysis. If the secret on the chip has a commercial cost less that the cost of the attack, then why defend against it? The gear to mount a FIBing attack is millions of dollars. Paying a reverse engineering company is less, but > $10E6. This is related to whether or not your system has BORE properties (Break One, Reuse Everwhere).
This does not apply here. The perception of the worth of product like a smartphone can be very tied up with perceptions of how secure it is, and being required to pull the rabbit out of the hat by a court and then you actually unlock a phone you claimed you can't unlock, then that might well destroy those perceptions of security and cost a lot in lost sales. So designing it so you can't yourself defeat the security you put in is the only sane option.
The court order presumes that the auto erase functionality can be bypassed with software to be provided by Apple. This is likely be unbypassable either because the key management system is enforcing the retry limit in hardware or protected firmware, away from the main application code, or the software that does it simply doesn't have a back door.
The company I work for is in the same position. We can't and won't put in back doors because being found to have lied about the security of the devices would be an existential threat to the company. That doesn't stop people who don't know lying on the internet, claiming we put in back doors, but it's not a rational thing to do.
You are describing some aspects of my day job. I know the statistics of these operations.
Replacing a BGA is one thing. Pulling a BGA, depackaging it and FIBing it is likely to fail. This isn't a problem if you can just do 10 and pick the ones that work. But if it's a single chip from a single phone, the odds are not good.
Taking apart the chips layer by layer has worked elsewhere. Sounds expensive, did the judge authorize Apple to get paid for this?
It's about a megabuck. But Apple don't do it. There are specialized companies who do this for the semiconductor industry.
If you only have one sample, your odds of getting a positive result are not great.
Mine is 6 digits. But I'm not a murderer and anything I do want to hide doesn't go near a cell phone.
> it should be possible to pop the NAND device
This is not a reliable thing. You can desolder a BGA, but the odds of breaking the device in the process are pretty good. Maybe if you are the police you find the risk of destroying the potential evidence unacceptable, even if you cannot get at the evidence any other way because crypto and physical security done well works.
Wow. Could you at least wait for the body to reach room temperature before insulting the man?
Being British, I can assure you that no one waited before celebrating the death of Thatcher. Metaphorically, Scalia is in the same place as she is, for the same reasons.
Since this is slashdot, I assume we are all in agreement that Ed Felton will get the job right?
Let our Pluto go!
Let our Pluto go in an elliptical orbit, just like a real planet.
>For example, why build a detector that is only sensitive to waves of 100 units or larger if the models say the actual waves should only be 2 units of size?
The wave magnitude is a function of distance.An actual wave of 2 would be 100 if the source were closer.
The LIGO upgrade increased the diameter of the sphere in which it can detect specific events. It could have detected something beforehand if they got lucky. If it was in operation in 1987, they would have seen 1987A clearly. A linear increase in sensitivity leads to a square increase in sphere volume which leads to a square increase in the probability of detecting a event. Hopefully they get to do another upgrade and get lots of events.
There's only a small o between BSD and BSoD.
However, scientific theories are only good until a more refined one comes along.
Nope. Newton's laws do just fine for day to day engineering. Maxwell's equations too.
Newer scientific theories may be better as a description of reality, but you can't simulate a circuit by running QM equations. It isn't practical. QM sucks when you need to get shit done.
It's not really a Laser then if it's a Maser.
Same principle of operation, but it's reasonable to expect light to come out of a laser, yes.
>Which laser operates at 300 GHz?
Masers
.
That makes you the victim. Quick, find an SJW to help you with your case.
Can we stop it with yet another SJW troll story. Seriously. I get it, I know I'm supposed to kill myself since I have a penis.
We're not supposed to kill ourselves. We're supposed to be less of an asshole.
Have you stopped beating your spouse?