Apple can give the FBI all the data in iCloud, if the FBI has a legal search warrant. They don't need your iCloud password for that; your iCloud password is not part of the encryption. So Apple did hand over a backup of the phone. Unfortunately, the backup was a bit old.
The FBI couldn't access the data in iCloud themselves, but they tried. They couldn't access the data because nobody knew the iCloud password. So they did what they thought was clever and did a password reset (exactly what a normal Apple customer would do if they forgot their iCloud password). They could now read everything on iCloud. But there was a side effect: Because the iCloud password was changed, the iPhone know doesn't know the correct iCloud password anymore.
To get the latest data from the phone, Apple devised a cunning plan: If your iPhone is set up to make backups to iCloud, it will do that even if locked when you just take the iPhone to a place with a WiFi network that it knows, plug it into power, and it backs up. That's what they told the FBI: Take the phone to the killer's home or his workplace, it recognises the WiFi, and it backs up to iCloud, and then Apple can pickup the backup from iCloud and hand it to the FBI. Except the iCloud password was changed. Now the phone doesn't know the iCloud password, so it cannot back up.
It's only "voluntary" in the strictest definition of the word. Why do you think they have such a problem with workers commiting suicide? Why did they have to put up nets to prevent people from killing themselves by jumping off the roofs of buildings? Because quitting and going to work somewhere else IS NOT AN OPTION.
There are people who are brainwashed, and there are those who don't have a brain in the first place.
In the worst year ever, 21 people out of a million employees at Foxconn committed suicide. Every year, about 40,000 people in the USA commit suicide. That is about eight times the suicide rate at Foxconn. There is a number comparable to the suicide rate at Foxconn in that year: The number of retail employees in the USA who are murdered on the job every year.
However, the company has taken actions. Councelling, suicide nets, and so on. Suicide nets are of course great for the haters: The company putting them up just admits that they are at fault. But they work. There are fewer suicides. I think one or two in the last year (less than 50 times the US suicide rate). Of course haters want to hate, while Foxconn has worked to reduce the suicide rate.
Your suggestion that suicides are caused by bad working conditions is also nonsense. Most suicides are caused by mental problems. Hardship doesn't turn people to suicide. People who are forced to work and work and work don't have time to think about suicide.
Who ever thought Apple was a freedom fighter? They use essentially slave labor to assemble their iPhones. Bizarre.
Idiot. What Apple is responsible for in China is the huge increase in wages in the last ten years. There are a few hundred thousand people employed building Apple products. That kind of number increases demand for workers, and that increases salaries.
Do you think Foxconn tells people "we need a few hundred thousand workers, so get a job here, but we need so many employees so we pay less than everyone else"? It doesn't work like that. It's capitalism at work: Demand for workers goes up, the price the workers can demand goes up.
So some blogger claims "I cannot imagine that Apple wouldn't do this". And that's what this whole thread is based on: His lack of imagination.
The simple facts of the iPhone 5C case are: The FBI has a legal search warrant. Apple obeys the laws of the country and has handed over all the information that it holds, according to the legal search warrant. The FBI wants the information stored on the phone, can't get it, Apple can't get it, so they ask Apple to create a backdoor that would allow the FBI to get the information that they want, and every hacker in the world the ability to hack into your phone, and Apple refuses.
Apple has given in to Chinese demands for security audits. That's for example what any open source software gives you automatically; anybody, including security experts, evil hackers, and the US or Chinese governments, can do a security audit of any open source software. Well, the Chinese government did an audit of Apple's software. What harm would you expect from that?
It wouldn't be unexpected if Apple respected legal search warrants from Chinese courts. Would you complain about that?
And lastly, if China asked Apple for a backdoor to break iPhone security, then this guy cannot imagine that Apple would say "no". I can imagine they would.
If the All Writs Act can compel Apple to write an exploit and sign it -- which can be a pretty hefty undertaking... why can that same writ not simply compel Apple (and Google, and Microsoft, and basically everybody else) to turn over their private code signing keys to the FBI?
I think it is a matter of compensation. I think Apple would quite rightfully say that this would require a complete recall of all iPhones and replacement with new ones with new code signing keys, and ask whether the FBI has $100bn lying around to pay for this.
Regardless of whether they win or lose the current court battle, I expect Apple to fix the vulnerability in the next version of iOS.
Starting with the iPhone 5s, the security features that protect the phone against brute forcing the passcode are built into the hardware and not controlled by the firmware anymore. That doesn't mean changing the firmware of a locked phone would be impossible, but it wouldn't help you unlocking the phone.
Apart from that, checking each passcode takes at least 0.08 seconds, so a 10 digit passcode is pretty much safe.
I find it odd. I don't know anyone who thinks Apple should help the government. I realize this is the definition of anecdote... but still, this seems odd.
I think Apple should absolutely help the government. But in the old Apple tradition: Don't give people what they ask for, give them what they really need.
Someone who knows more about security (and about breaking it) than anyone on Slashdot is Michael Hayden, former chief of the NSA and CIA, and he has publicly stated that end-to-end encryption (and safe phones) are an overall benefit to US national security. So while the FBI wants that phone unlocked, the government, as far as they are actually well-informed, doesn't really want this.
And look at how the question is posed: There are two very different sides to the question, and one side is a bit harder to understand than the other. But only one side of the question is asked about. They might have asked "Do you think Apple should unlock this phone, if this endangers the safety of millions of iPhones in the USA and the world? ", and the result would have been different. Or they might have asked "Do you want to give hackers and criminals a way to steal your most intimate private information from your iPhone"?
Can someone explain to me why this is an issue at all? The FBI is not asking Apple to create a backdoor to encryption, they want a firmware update for this specific phone to bypass the pin lockout/self-destruct features. They have asked Apple to tailor it to this specific device, if the FBI were to try and change the code to use it on other phones it would effectively break Apples digital signature and be useless on other devices (or so I've heard).
What Apple insists on is that their users' phones are absolutely, 100% safe from hacker attacks. At the moment they are, because this firmware update doesn't exist, only Apple could create it, and Apple doesn't do it.
The second this firmware update is created, there is a risk that it gets out. It doesn't mean it _will_ get out, it means there is a risk. Apple finds it unacceptable to create this risk. In security, you don't create risks. If there is software that would put your customers at risk if it get's free (remember "software wants to be free"), the only safe way is not to write it.
Wrong. If your iPhone is stolen, you log onto icloud.com with your Apple ID and go to the Find My Phone app. It shows you exactly where your device is.
There's also a setting that makes your phone send its position to Apple just before the battery runs out. Very useful if you either lost your phone or it was stolen, and it can't report anymore where it is because the battery ran out,
In addition, stolen iPhones have very little value nowadays because even if you erase the phone, you need the last user's AppleId and password to use it. Which obviously reduces theft.
implied argument that underlie this story, that one of the victims or victim's family has a morally superior right/claim over others(which includes both other victims or possible future direct or indirect victims) on the choice of legal process and procedure, is simply wrong.
Bad misrepresentation. What she actually tells the world is that the people who claim to be watching out for the poor victims are lying. She isn't in a postion to tell us about policy, but she is in a very strong position to tell people not to take what they claim is her position as an excuse for bad policies.
Please understand that this is a 60-year-old or so woman. She grew up with the Cold War..
Your childish arrogance is unbelievable. And your stupidity as well, because what she said is absolutely correct: Respect for its citizens, their security and their privacy is something that _should_ distinguish the USA from a communist country. What the FBI is asking for is actually something that a communist government would be asking for as well.
If you can update the OS to run arbitrary code without the owner of the phone doing anything, then you can just disable the password entirely. It looks like remote software updating renders ALL security measures worthless.
Arbitrary code cannot decode the data on your phone. Nothing can decode the data on your phone without the passcode.
Also: It is _unknown_ whether Apple could create an update for the firmware or not. At the moment Apple doesn't have such an update and fights the idea that they have to _try_ to. There seems to be no way to update the firmware on an iPhone remotely. And there is no way for anyone other than Apple to create such an update, and Apple refuses, with good reason.
Apple should stop playing the wrong game here and give the FBI what it asks for in this particular case, given everyone knows Apple's security is an illusion anyway.
You are probably the only one who doesn't realise how stupid it is what you are saying. If Apple's security "is an illusion", then what the fuck is the FBI doing, asking them to unlock that phone?
So there are 4 security flaws in the "encrypted" iCloud backups?
No. There were four proposed ways that might get the data into an area where Apple can access it and deliver it to the FBI, which has a search warrant. Hackers can't access the data there, so there is no security flaw.
It's look robbing a bank. If the bank clerk can press a button that calls the police and you get arrested, that's not a security flaw. It's a risk for the security and for the freedom of the bank robber, but not a security flaw.
Is there any reason why Apple can't at least change the guys password? Then restore the backup to a new iPhone using the same account?
No need. Apple has handed over the complete backup to the FBI. But it is an _old_ backup.
If someone hadn't changed the iCloud password, the locked phone could be convinced to perform a backup. That's what iPhones do all the time; they perform backups while you are not using the phone. And then Apple could have easily delivered that backup with the latest data to the FBI. br.
But because the iCloud password was changed, the phone doesn't know the correct iCloud password and can't back up. And because you can't unlock the phone, you can't set the correct password.
So, your iPhone is apparently secure but if you back it up to iCloud you lose all that security? WHAAATTTT....good to know, just another reason to never get an iPhone....
You have all the security. No hacker, even a government sponsored hacker, no criminal, can read your data from the iCloud backup. Apple keeps the data safe from prying hands and encrypts it. Apple can decrypt it, but would only do that when presented with a valid search warrant. So it's absolutely safe. Or do you think search warrants shouldn't be respected?
If this was your phone that you use in a normal way, and you had changed your iCloud account password from another phone, you would just unlock the phone, go into "Settings" -> "iCloud" and enter the new password, and everything is fine.
Note how the first step is "unlock the phone". That's what they can't do. And with most password resets, you are not told the old password (because the server isn't supposed to know it), so they can't change the iCloud password back to what it was.
Once that completed, Apple (and therefore the government) would have access to that backup, and therefore could try to break the backup's encryption via brute force without triggering the 10-attempt-failure auto-erase that is present on the phone.
Apple encrypts iCloud backups and can decrypt them. No brute forcing needed. Apple actually delivered iCloud backups to the FBI. The problem is that they are _old_ backups. The FBI reasonably wants the newest backups.
I thought that was obvious. But this little detail would present the government in a VERY bad light. To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
Not at all. iCloud can hold backups for several devices. As a user, you can delete backups. You can backup devices. But I don't think you can in any way modify any of these backups. The password change doesn't affect this at all. If iCloud says "this is a backup of iPhone serial number xxxx taken at date", then that's what it is. Obviously you would get some Apple engineer to testify that this is the case.
Either the encryption is done properly and Apple is not able to decrypt it regardless of any court decision, or it is sham encryption, Apple is able to decrypt it (by say hacking the TPM containing the key) Apple knows it and it avoids the court decision as acknowledging ability do decrypt it would mean confessing to deceiving users about security of Iphones.
The encryption is safe. Even if the FBI gets what they want they'd have to try 10,000 different passcodes. They want two features turned off: One is a growing delay after each incorrect password attempt. After a few wrong passcodes, you have to wait until you can try the next one. A delay of 1 minute would mean up to 10,000 minutes or a week day and night enterning passcodes. What's worse is that after ten wrong attempts all the data on the phone is erased. You can turn these two features on on the iPhone. You don't have to, but apparently the criminal has.
Had he used a six digit passcode, there would be a million combinations. You can take eight digits + letters if you want. Nobody can break the encryption without the right passcode. What the FBI wants is for Apple to make it possible to brute force the passcode.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
Absolutely not. To exploit this, you'd first have to write working iPhone firmware. You know, firmware that can boot the iPhone and make it run. Obviously firmware with the passcode security removed. That's difficult. Even say the Samsung engineers that built the firmware for the Samsung phones would have a huge problem doing that, because they can talk to the Samsung hardware engineers but not to Apple's hardware engineers.
Then comes the minor problem that this firmware must be codesigned with Apple's must secretly kept key. How do you get access to that? Let's take again Samsung's firmware engineers, because they are likely among the people in the world most capable of doing this. At this point, they would be stuck. They have no chance to build any firmware that an iPhone would even consider loading, because they lack Apple's firmware signing key.
Now if Apple _builds_ and _signs_ that firmware, then you do have an exploit that just has to find its way in the open.
Finally we have a debate on whether or whether not the state should have access to people's personal data. This is what snowden wanted, his goal is reached.
No, that's not what this is about at all. The government has a search warrant for this data. They have the right to get the data. Apple even handed over an iCloud backup based on a legal warrant. Apple has absolutely no problem with handing over data when the police comes with a valid search warrant.
What Apple refuses to do is to break the security of their phones that they sell to millions of honest, hardworking citizens, honest but lazy citizens, dishonest citizens, politicians, lawyers, army personnel and so on and so on and so on, by creating software that they don't have right now, to access data that they cannot access right now.
This is not about preventing the government from executing search warrants, it is about keeping customer data safe. Apple declares that your iCloud data is safe from hackers and criminals, even though Apple can access it, because all that data is under Apple's control and they don't let hackers and criminals near it. Apple also declars that your phone data is only safe if _nobody_, including Apple, can access that data, because your phone can get under total control of the hacker.
As a side effect, Apple can deliver data stored on iCloud if they get a search warrant, but they can't deliver data stored on your phone. If Apple could deliver the data on the phone without creating a risk to the security of everyone, they would.
I think this would be something that Apple might take to crazy levels in its defense. Imagine if Apple has to stop selling products that have the type of encryption that's being perused here. Would they have to stop sell Mac's that have iMessage on them, as it too is encrypted?
Ahem... we are talking about an old iPhone 5c here. That's an iPhone where there is a debate whether Apple _can_ convince the phone to let itself be unlocked (after trying 10,000 passcode) or not. Newer iPhones, 5s and newer, _cannot_ be made to let themselves be unlocked. The anti-hacking features there are in hardware, with no way around them. (On the 5c, we don't know if there is a way round. On the 5s, there isn't).
Adding to what you say, I've heard in discussions people claiming "we are letting the terrorists win", "Apple destroys our security" and such nonsense. (A British newspaper had "terror phone" in a big letter headline. That phone is harmless, it's not going to hurt anyone).
When I grew up, they had _real_ terrorists in Germany. Terrorists who used violence to try to achieve their goals. Not braindead fucking idiots with guns who kill because they are fucking brainwashed or because they can't get laid because they are too fucking ugly. And "not giving in to terrorists" meant not doing what these terrorists intended: Not turning the country into a police state, not giving up on democratic principles because some people died. Exactly the opposite of what mindless US politicians want to do.
Slashdot Mirror
Close, but not quite.
Apple can give the FBI all the data in iCloud, if the FBI has a legal search warrant. They don't need your iCloud password for that; your iCloud password is not part of the encryption. So Apple did hand over a backup of the phone. Unfortunately, the backup was a bit old.
The FBI couldn't access the data in iCloud themselves, but they tried. They couldn't access the data because nobody knew the iCloud password. So they did what they thought was clever and did a password reset (exactly what a normal Apple customer would do if they forgot their iCloud password). They could now read everything on iCloud. But there was a side effect: Because the iCloud password was changed, the iPhone know doesn't know the correct iCloud password anymore.
To get the latest data from the phone, Apple devised a cunning plan: If your iPhone is set up to make backups to iCloud, it will do that even if locked when you just take the iPhone to a place with a WiFi network that it knows, plug it into power, and it backs up. That's what they told the FBI: Take the phone to the killer's home or his workplace, it recognises the WiFi, and it backs up to iCloud, and then Apple can pickup the backup from iCloud and hand it to the FBI. Except the iCloud password was changed. Now the phone doesn't know the iCloud password, so it cannot back up.
It's only "voluntary" in the strictest definition of the word. Why do you think they have such a problem with workers commiting suicide? Why did they have to put up nets to prevent people from killing themselves by jumping off the roofs of buildings? Because quitting and going to work somewhere else IS NOT AN OPTION .
There are people who are brainwashed, and there are those who don't have a brain in the first place.
In the worst year ever, 21 people out of a million employees at Foxconn committed suicide. Every year, about 40,000 people in the USA commit suicide. That is about eight times the suicide rate at Foxconn. There is a number comparable to the suicide rate at Foxconn in that year: The number of retail employees in the USA who are murdered on the job every year.
However, the company has taken actions. Councelling, suicide nets, and so on. Suicide nets are of course great for the haters: The company putting them up just admits that they are at fault. But they work. There are fewer suicides. I think one or two in the last year (less than 50 times the US suicide rate). Of course haters want to hate, while Foxconn has worked to reduce the suicide rate.
Your suggestion that suicides are caused by bad working conditions is also nonsense. Most suicides are caused by mental problems. Hardship doesn't turn people to suicide. People who are forced to work and work and work don't have time to think about suicide.
Who ever thought Apple was a freedom fighter? They use essentially slave labor to assemble their iPhones. Bizarre.
Idiot. What Apple is responsible for in China is the huge increase in wages in the last ten years. There are a few hundred thousand people employed building Apple products. That kind of number increases demand for workers, and that increases salaries.
Do you think Foxconn tells people "we need a few hundred thousand workers, so get a job here, but we need so many employees so we pay less than everyone else"? It doesn't work like that. It's capitalism at work: Demand for workers goes up, the price the workers can demand goes up.
So some blogger claims "I cannot imagine that Apple wouldn't do this". And that's what this whole thread is based on: His lack of imagination.
The simple facts of the iPhone 5C case are: The FBI has a legal search warrant. Apple obeys the laws of the country and has handed over all the information that it holds, according to the legal search warrant. The FBI wants the information stored on the phone, can't get it, Apple can't get it, so they ask Apple to create a backdoor that would allow the FBI to get the information that they want, and every hacker in the world the ability to hack into your phone, and Apple refuses.
Apple has given in to Chinese demands for security audits. That's for example what any open source software gives you automatically; anybody, including security experts, evil hackers, and the US or Chinese governments, can do a security audit of any open source software. Well, the Chinese government did an audit of Apple's software. What harm would you expect from that?
It wouldn't be unexpected if Apple respected legal search warrants from Chinese courts. Would you complain about that?
And lastly, if China asked Apple for a backdoor to break iPhone security, then this guy cannot imagine that Apple would say "no". I can imagine they would.
Can't they just tell all their employees not to use any passcodes on their iPhones?
If the All Writs Act can compel Apple to write an exploit and sign it -- which can be a pretty hefty undertaking... why can that same writ not simply compel Apple (and Google, and Microsoft, and basically everybody else) to turn over their private code signing keys to the FBI?
I think it is a matter of compensation. I think Apple would quite rightfully say that this would require a complete recall of all iPhones and replacement with new ones with new code signing keys, and ask whether the FBI has $100bn lying around to pay for this.
Regardless of whether they win or lose the current court battle, I expect Apple to fix the vulnerability in the next version of iOS.
Starting with the iPhone 5s, the security features that protect the phone against brute forcing the passcode are built into the hardware and not controlled by the firmware anymore. That doesn't mean changing the firmware of a locked phone would be impossible, but it wouldn't help you unlocking the phone.
Apart from that, checking each passcode takes at least 0.08 seconds, so a 10 digit passcode is pretty much safe.
I find it odd. I don't know anyone who thinks Apple should help the government. I realize this is the definition of anecdote ... but still, this seems odd.
I think Apple should absolutely help the government. But in the old Apple tradition: Don't give people what they ask for, give them what they really need.
Someone who knows more about security (and about breaking it) than anyone on Slashdot is Michael Hayden, former chief of the NSA and CIA, and he has publicly stated that end-to-end encryption (and safe phones) are an overall benefit to US national security. So while the FBI wants that phone unlocked, the government, as far as they are actually well-informed, doesn't really want this.
And look at how the question is posed: There are two very different sides to the question, and one side is a bit harder to understand than the other. But only one side of the question is asked about. They might have asked "Do you think Apple should unlock this phone, if this endangers the safety of millions of iPhones in the USA and the world? ", and the result would have been different. Or they might have asked "Do you want to give hackers and criminals a way to steal your most intimate private information from your iPhone"?
Can someone explain to me why this is an issue at all? The FBI is not asking Apple to create a backdoor to encryption, they want a firmware update for this specific phone to bypass the pin lockout/self-destruct features. They have asked Apple to tailor it to this specific device, if the FBI were to try and change the code to use it on other phones it would effectively break Apples digital signature and be useless on other devices (or so I've heard).
What Apple insists on is that their users' phones are absolutely, 100% safe from hacker attacks. At the moment they are, because this firmware update doesn't exist, only Apple could create it, and Apple doesn't do it.
The second this firmware update is created, there is a risk that it gets out. It doesn't mean it _will_ get out, it means there is a risk. Apple finds it unacceptable to create this risk. In security, you don't create risks. If there is software that would put your customers at risk if it get's free (remember "software wants to be free"), the only safe way is not to write it.
Wrong. If your iPhone is stolen, you log onto icloud.com with your Apple ID and go to the Find My Phone app. It shows you exactly where your device is.
There's also a setting that makes your phone send its position to Apple just before the battery runs out. Very useful if you either lost your phone or it was stolen, and it can't report anymore where it is because the battery ran out,
In addition, stolen iPhones have very little value nowadays because even if you erase the phone, you need the last user's AppleId and password to use it. Which obviously reduces theft.
implied argument that underlie this story, that one of the victims or victim's family has a morally superior right/claim over others(which includes both other victims or possible future direct or indirect victims) on the choice of legal process and procedure, is simply wrong.
Bad misrepresentation. What she actually tells the world is that the people who claim to be watching out for the poor victims are lying. She isn't in a postion to tell us about policy, but she is in a very strong position to tell people not to take what they claim is her position as an excuse for bad policies.
Please understand that this is a 60-year-old or so woman. She grew up with the Cold War..
Your childish arrogance is unbelievable. And your stupidity as well, because what she said is absolutely correct: Respect for its citizens, their security and their privacy is something that _should_ distinguish the USA from a communist country. What the FBI is asking for is actually something that a communist government would be asking for as well.
If you can update the OS to run arbitrary code without the owner of the phone doing anything, then you can just disable the password entirely. It looks like remote software updating renders ALL security measures worthless.
Arbitrary code cannot decode the data on your phone. Nothing can decode the data on your phone without the passcode.
Also: It is _unknown_ whether Apple could create an update for the firmware or not. At the moment Apple doesn't have such an update and fights the idea that they have to _try_ to. There seems to be no way to update the firmware on an iPhone remotely. And there is no way for anyone other than Apple to create such an update, and Apple refuses, with good reason.
Apple should stop playing the wrong game here and give the FBI what it asks for in this particular case, given everyone knows Apple's security is an illusion anyway.
You are probably the only one who doesn't realise how stupid it is what you are saying. If Apple's security "is an illusion", then what the fuck is the FBI doing, asking them to unlock that phone?
So there are 4 security flaws in the "encrypted" iCloud backups?
No. There were four proposed ways that might get the data into an area where Apple can access it and deliver it to the FBI, which has a search warrant. Hackers can't access the data there, so there is no security flaw.
It's look robbing a bank. If the bank clerk can press a button that calls the police and you get arrested, that's not a security flaw. It's a risk for the security and for the freedom of the bank robber, but not a security flaw.
Is there any reason why Apple can't at least change the guys password? Then restore the backup to a new iPhone using the same account?
No need. Apple has handed over the complete backup to the FBI. But it is an _old_ backup.
If someone hadn't changed the iCloud password, the locked phone could be convinced to perform a backup. That's what iPhones do all the time; they perform backups while you are not using the phone. And then Apple could have easily delivered that backup with the latest data to the FBI.
br. But because the iCloud password was changed, the phone doesn't know the correct iCloud password and can't back up. And because you can't unlock the phone, you can't set the correct password.
So, your iPhone is apparently secure but if you back it up to iCloud you lose all that security? WHAAATTTT....good to know, just another reason to never get an iPhone....
You have all the security. No hacker, even a government sponsored hacker, no criminal, can read your data from the iCloud backup. Apple keeps the data safe from prying hands and encrypts it. Apple can decrypt it, but would only do that when presented with a valid search warrant. So it's absolutely safe. Or do you think search warrants shouldn't be respected?
They know the new password.
If this was your phone that you use in a normal way, and you had changed your iCloud account password from another phone, you would just unlock the phone, go into "Settings" -> "iCloud" and enter the new password, and everything is fine.
Note how the first step is "unlock the phone". That's what they can't do. And with most password resets, you are not told the old password (because the server isn't supposed to know it), so they can't change the iCloud password back to what it was.
Once that completed, Apple (and therefore the government) would have access to that backup, and therefore could try to break the backup's encryption via brute force without triggering the 10-attempt-failure auto-erase that is present on the phone.
Apple encrypts iCloud backups and can decrypt them. No brute forcing needed. Apple actually delivered iCloud backups to the FBI. The problem is that they are _old_ backups. The FBI reasonably wants the newest backups.
I thought that was obvious. But this little detail would present the government in a VERY bad light. To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
Not at all. iCloud can hold backups for several devices. As a user, you can delete backups. You can backup devices. But I don't think you can in any way modify any of these backups. The password change doesn't affect this at all. If iCloud says "this is a backup of iPhone serial number xxxx taken at date", then that's what it is. Obviously you would get some Apple engineer to testify that this is the case.
Either the encryption is done properly and Apple is not able to decrypt it regardless of any court decision, or it is sham encryption, Apple is able to decrypt it (by say hacking the TPM containing the key) Apple knows it and it avoids the court decision as acknowledging ability do decrypt it would mean confessing to deceiving users about security of Iphones.
The encryption is safe. Even if the FBI gets what they want they'd have to try 10,000 different passcodes. They want two features turned off: One is a growing delay after each incorrect password attempt. After a few wrong passcodes, you have to wait until you can try the next one. A delay of 1 minute would mean up to 10,000 minutes or a week day and night enterning passcodes. What's worse is that after ten wrong attempts all the data on the phone is erased. You can turn these two features on on the iPhone. You don't have to, but apparently the criminal has.
Had he used a six digit passcode, there would be a million combinations. You can take eight digits + letters if you want. Nobody can break the encryption without the right passcode. What the FBI wants is for Apple to make it possible to brute force the passcode.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
Absolutely not. To exploit this, you'd first have to write working iPhone firmware. You know, firmware that can boot the iPhone and make it run. Obviously firmware with the passcode security removed. That's difficult. Even say the Samsung engineers that built the firmware for the Samsung phones would have a huge problem doing that, because they can talk to the Samsung hardware engineers but not to Apple's hardware engineers.
Then comes the minor problem that this firmware must be codesigned with Apple's must secretly kept key. How do you get access to that? Let's take again Samsung's firmware engineers, because they are likely among the people in the world most capable of doing this. At this point, they would be stuck. They have no chance to build any firmware that an iPhone would even consider loading, because they lack Apple's firmware signing key.
Now if Apple _builds_ and _signs_ that firmware, then you do have an exploit that just has to find its way in the open.
Finally we have a debate on whether or whether not the state should have access to people's personal data. This is what snowden wanted, his goal is reached.
No, that's not what this is about at all. The government has a search warrant for this data. They have the right to get the data. Apple even handed over an iCloud backup based on a legal warrant. Apple has absolutely no problem with handing over data when the police comes with a valid search warrant.
What Apple refuses to do is to break the security of their phones that they sell to millions of honest, hardworking citizens, honest but lazy citizens, dishonest citizens, politicians, lawyers, army personnel and so on and so on and so on, by creating software that they don't have right now, to access data that they cannot access right now.
This is not about preventing the government from executing search warrants, it is about keeping customer data safe. Apple declares that your iCloud data is safe from hackers and criminals, even though Apple can access it, because all that data is under Apple's control and they don't let hackers and criminals near it. Apple also declars that your phone data is only safe if _nobody_, including Apple, can access that data, because your phone can get under total control of the hacker.
As a side effect, Apple can deliver data stored on iCloud if they get a search warrant, but they can't deliver data stored on your phone. If Apple could deliver the data on the phone without creating a risk to the security of everyone, they would.
I think this would be something that Apple might take to crazy levels in its defense. Imagine if Apple has to stop selling products that have the type of encryption that's being perused here. Would they have to stop sell Mac's that have iMessage on them, as it too is encrypted?
Ahem... we are talking about an old iPhone 5c here. That's an iPhone where there is a debate whether Apple _can_ convince the phone to let itself be unlocked (after trying 10,000 passcode) or not. Newer iPhones, 5s and newer, _cannot_ be made to let themselves be unlocked. The anti-hacking features there are in hardware, with no way around them. (On the 5c, we don't know if there is a way round. On the 5s, there isn't).
Adding to what you say, I've heard in discussions people claiming "we are letting the terrorists win", "Apple destroys our security" and such nonsense. (A British newspaper had "terror phone" in a big letter headline. That phone is harmless, it's not going to hurt anyone).
When I grew up, they had _real_ terrorists in Germany. Terrorists who used violence to try to achieve their goals. Not braindead fucking idiots with guns who kill because they are fucking brainwashed or because they can't get laid because they are too fucking ugly. And "not giving in to terrorists" meant not doing what these terrorists intended: Not turning the country into a police state, not giving up on democratic principles because some people died. Exactly the opposite of what mindless US politicians want to do.