Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that
The newer iPhone already has that. So closing the firmware update hole would completely fill the gap for newer phones.
Everyone on here just ASSUMES that an iPhone with the Secure Enclave Chip (5s and above) can have it's Firmware updated without unlocking the phone; but NO ONE has actually provided PROOF of that rather important assumption.
>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked."
The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that...
I think the most dangerous thing is what Tim Cook said: the All Writs Act. When has the gov't forced companies to affirmatively make them something for their investigation? I can't think of an example from the physical-world.
I think you just described Apple's Secure Enclave chip, which appeared first in the model AFTER the San Bernadino phone.
This story has been going on for quite some time and people still aren't aware of the encryption issue? The encryption key is not part of the software image, it is embedded in hardware. Imaging the encrypted data is of no practical use.
Not on that particular model. The Secure Enclave chip was added with the 5s. That phone is a 5c. JUST missed it, dammit; or Apple would seriously not be able to do anything. On this particular phone, no one but Apple really knows (as well it should be).
Windows 10 does send information back to Microsoft, but nothing personal aside from anonymous telemetry data. It's not stealing documents, it's not stealing photos, it's doing the same thing OS X does, it's doing the same thing Android does, it's doing the same thing Ubuntu did.
Except for one BIG difference: Unlike Windows, OS X makes it easy (and actually effective) to Opt-Out.
If Apple couldn't do it, then they could simply say that to the FBI. They can't be made to do the impossible. But Apple are not claiming it's impossible to install a custom OS version, so it'c clear they can do it.
Don't know why people are talking about over the air updates though. It's more likely to be tethered or JTAG.
Since that phone doesn't have a Secure Enclave, perhaps they can with physical access (as you said, JTAG).
"Fuck you, it's not off. You can't disable it unless you buy the expensive version." I'd actually be okay with that.
But I wouldn't.
I agree that setting up a Domain isn't just a click-through experience, and is DEFINITELY beyond most users' skillset!
But I kinda like the idea of a "co-located" Domain Service; but setting up the security for such a thing would be a nightmare, methinks. Although with Hyper-V (which originally came from the Mac-Only Developer, Connectix), it might be somewhat reasonable.
The problem is, MS got kind of brow-beaten into making W10 "Free" because they were left being the ONLY game in town that still charged for OS Updates. Linux (never mind Red Hat) and OS X were both Free; but here was Windows still charging a relatively princely sum (in some cases, a REALLY princely sum!) for OS Updates.
But, rather than just admitting "Hey, we're a software company (primarily). We believe that Windows represents a good value at its price of $xx.xx. So, have fun trying to run your business on OS X or Linux if you want. We'll be waiting when you come back...", they said "Hey, we're making Windows 10 FREE!!!", then pulled this Spyware bullshit. THAT's what is making everyone angry/distrusting (and rightly so!)
Every OS does not have that problem. I'm not even sure that iOS does. It's possible Apple has a way to forcibly push an over the air OS update to your phone, but I don't recall ever hearing any confirmation of that. As far as non-mobile OSes, the only one I've ever heard about forcing updates on you is Windows 10.
I agree. All the people that keep braying that OF COURSE Apple has a way to push an OS Update to a LOCKED iPhone without Unlocking it or Wiping It first should produce even ONE Citation or STFU.
Personally, I am fairly certain that a company that went to all the trouble to produce the Secure Enclave chip (and all the other things, both hardware and software, that go around it), which even avowed Apple-Haters acknowledge is a pretty airtight system, would NOT have built such a goatse-sized gaping hole in that same security.
If Apple is as serious as they say they are about security and privacy, they need to change the OS/firmware/hardware to make updating a phone impossible without either unlocking the phone or wiping it clean. This way, when this happens again, and it almost certainly will, they can honestly say, we can't rather than we would rather not.
Are you sure it's not already that way? I'm not.
I really don't think that Apple has the ability to force-feed an OS Update/Reload to an already configured (and locked) iOS device. At least not one with a Secure Enclave (which the phone in question does NOT have).
Ha! I just ran apt-get update manually and it offered me an update to the "update notifier." I'll probably be getting those Windows 10 nag screens any minute now!
(No, it really did just push that update down the pipes.)
It's almost like you need to set up a Domain Controller, JUST so you won't get W10 forced down your cyber-throat. Can anyone comment on how practical that is for a home user (assuming they can get copies of W7/W8 Professional)?
Considering how easy it appears to have been to avoid upgrading to MSWind10, it would not surprise me to find strong coercion to move to MSWind11...which just happened to implement a subscription model.
The effect would be the same as charging a subscription to MSWind10, but since the name had changed, no promises would have been broken.
EXACTLY THIS. This is exactly what I figure MS will do.
Apple has never said that they won't charge a subscription for iOS. That doesn't make it any less absurd to say they will.
Yep, those of us with 1st/2nd generation ipod touches know just how absurd it is to think that Apple might charge for iOS updates.
Apple was being overly-cautious with the advent of SOX accounting-rule changes. Once they figured out that that was a non-issue, they stopped charging for iOS updates.
Sorry Charlie but there is only one other kind of software that displays the same behavior, and that is malware.
Oh, and you forgot to mention that MS vehemently denies that it is even happening, even when people keep seeing it happen in their firewall logs.
I have a Windows 7 laptop at work running "Professional" (and operating under a Domain Controller), but, even though MS said it wouldn't mess with Domain-connected W7 machines by force-feeding W10, I note that, ever since W10 has come out (and before I got smart enough to disable ALL "Updates"), that my laptop now takes nearly FIVE MINUTES to SHUT DOWN, with the HD being accessed continuously.
Before that, a shutdown would only take about 30 seconds. I have no doubt that my machine is now engaging in "Telemetry" at that time. I don't have access to my work's router to see if I'm right; but I suspect as much.
Hairy, do you, or anyone else, have any idea how I can tell if this is true, and even better, how to stop it (and still have my W7 installation)?
Apple has never said that they won't charge a subscription for iOS. That doesn't make it any less absurd to say they will.
But Apple HAS said, many, many times, that their revenue comes from HARDWARE sales, and that they see their Software as a tool to entice users to migrate to, and/or stay on, their platform, thus continuing to buy their Hardware.
You will note that the difference that proves that Apple is not lying is that, not only has OS X been free (as in beer) for the past 3 major revisions (and iOS has been free for longer than that, ever since they figured out how to get around some imagined SOX restriction), and yet does NOT constantly spy on you, ala "Free" Windows 10.
It is actually more simple than that. All they need to do is require the PIN to apply updates to the OS, rather than allowing automatic updates being pushed by Apple (or whomever)
Already done. Where does it say that Apple can force-update an iOS (or any) of their devices?
Simple fix, Apple and Google can add a feature to their phone OSs where the user can turn on a security feature where if they don't enter their password every "xx" (set by user) days, the phone also auto-wipes....
They do a somewhat similar thing on the iOS devices that have a touch-sensor.
If you don't log-into such a device at least once every 48 hours (or after a power-cycle), you HAVE to use the Passcode (not the biometric sensor) to unlock the device.
That is VERY significant, in that the Supreme Court has ruled that, while you CAN be forced to use your finger to unlock a device, you CANNOT be ordered to divulge (nor enter) a Passcode.
However, no one (and I believe by laws) can simply place a damage value on to this kind of harm.
Nonsense. It's done all the time.
Sometimes, especially when a wrong is fairly egregious, but the actual damages are difficult or impossible to calculate, a Judge will award a "nominal damage" amount to the claimant. Usually, the sum is somewhere between $1 and $1,000.
If I was designing a phone I'd probably throw in a no-prompt update capability just to make QA's life easier when they have to push an update to a testing farm.
There are other ways to do that other than an explicit "software switch", such as testing some conditions to determine whether it is a new phone or one that has already been "set up". I used to do that to decide when to stuff defaults into an EEPROM on a product I was designing.
Also, I would be very surprised if Apple stuffs the OS into these phones via Lightning, Bluetooth, or WiFi. It would take WAAAAY too long. More likely, that is reserved for the "rework" line. I would bet that the Flash chip/SoC is pre-programmed with the OS image and Apps in a completely separate process and then stuffed onto the PCB along with the other components. Much, much faster, and you don't have to have special-purpose "start from scratch" bootloaders, etc.
Companies have been doing that sort of thing for years. In fact, most chip manufacturers and distributors will pre-program parts for you (but I suspect Apple wants more control over what goes in than your run-of-the-mill company making, for example, ice-maker controllers)...
As an embedded designer with about 40 years experience, that is how I would guess Apple gets the initial OS/app code into iOS devices.
All it would take is a basic OS that would boot the thing up as a USB mass storage device will full access to the filesystem.
This is not some shit-box prize-in-crackerback-Jocks phone. It isn't just a mass-storage device with a cellular modem. There is no "mount this as a USB mass-storage device"
Slashdot Mirror
Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that
The newer iPhone already has that. So closing the firmware update hole would completely fill the gap for newer phones.
Everyone on here just ASSUMES that an iPhone with the Secure Enclave Chip (5s and above) can have it's Firmware updated without unlocking the phone; but NO ONE has actually provided PROOF of that rather important assumption.
>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked." The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that... I think the most dangerous thing is what Tim Cook said: the All Writs Act. When has the gov't forced companies to affirmatively make them something for their investigation? I can't think of an example from the physical-world.
I think you just described Apple's Secure Enclave chip, which appeared first in the model AFTER the San Bernadino phone.
*can unlock with the NSA's help, but don't want to because they want to help the government obtain judicial precedent.
So they're deliberately stalling resolution of cases to play a political game, to the detriment of both suspects and victims of crime.
What disgusting negligence.
And what happened to the Speedy Trial Rule?
But can't Apple still send OTA updates while it's locked?
Nope.
This story has been going on for quite some time and people still aren't aware of the encryption issue? The encryption key is not part of the software image, it is embedded in hardware. Imaging the encrypted data is of no practical use.
Not on that particular model. The Secure Enclave chip was added with the 5s. That phone is a 5c. JUST missed it, dammit; or Apple would seriously not be able to do anything. On this particular phone, no one but Apple really knows (as well it should be).
Windows 10 does send information back to Microsoft, but nothing personal aside from anonymous telemetry data. It's not stealing documents, it's not stealing photos, it's doing the same thing OS X does, it's doing the same thing Android does, it's doing the same thing Ubuntu did.
Except for one BIG difference: Unlike Windows, OS X makes it easy (and actually effective) to Opt-Out.
I don't know about Android or Ubuntu.
If Apple couldn't do it, then they could simply say that to the FBI. They can't be made to do the impossible. But Apple are not claiming it's impossible to install a custom OS version, so it'c clear they can do it.
Don't know why people are talking about over the air updates though. It's more likely to be tethered or JTAG.
Since that phone doesn't have a Secure Enclave, perhaps they can with physical access (as you said, JTAG).
But they haven't said they can, so...?
"Fuck you, it's not off. You can't disable it unless you buy the expensive version." I'd actually be okay with that.
But I wouldn't.
I agree that setting up a Domain isn't just a click-through experience, and is DEFINITELY beyond most users' skillset!
But I kinda like the idea of a "co-located" Domain Service; but setting up the security for such a thing would be a nightmare, methinks. Although with Hyper-V (which originally came from the Mac-Only Developer, Connectix), it might be somewhat reasonable.
The problem is, MS got kind of brow-beaten into making W10 "Free" because they were left being the ONLY game in town that still charged for OS Updates. Linux (never mind Red Hat) and OS X were both Free; but here was Windows still charging a relatively princely sum (in some cases, a REALLY princely sum!) for OS Updates.
But, rather than just admitting "Hey, we're a software company (primarily). We believe that Windows represents a good value at its price of $xx.xx. So, have fun trying to run your business on OS X or Linux if you want. We'll be waiting when you come back...", they said "Hey, we're making Windows 10 FREE!!!", then pulled this Spyware bullshit. THAT's what is making everyone angry/distrusting (and rightly so!)
Windows 7 transmits telemetry data on a weekly basis. If you are seeing a slow shutdown every day, you have a different problem.
Thanks! Your post is DoublePlus Good!
Every OS does not have that problem. I'm not even sure that iOS does. It's possible Apple has a way to forcibly push an over the air OS update to your phone, but I don't recall ever hearing any confirmation of that. As far as non-mobile OSes, the only one I've ever heard about forcing updates on you is Windows 10.
I agree. All the people that keep braying that OF COURSE Apple has a way to push an OS Update to a LOCKED iPhone without Unlocking it or Wiping It first should produce even ONE Citation or STFU.
Personally, I am fairly certain that a company that went to all the trouble to produce the Secure Enclave chip (and all the other things, both hardware and software, that go around it), which even avowed Apple-Haters acknowledge is a pretty airtight system, would NOT have built such a goatse-sized gaping hole in that same security.
It just doesn't pass the smell test.
There are piles of backdoors into iPhones. Apple keeps them locked up and secure.
Citation, please?
If Apple is as serious as they say they are about security and privacy, they need to change the OS/firmware/hardware to make updating a phone impossible without either unlocking the phone or wiping it clean. This way, when this happens again, and it almost certainly will, they can honestly say, we can't rather than we would rather not.
Are you sure it's not already that way? I'm not.
I really don't think that Apple has the ability to force-feed an OS Update/Reload to an already configured (and locked) iOS device. At least not one with a Secure Enclave (which the phone in question does NOT have).
I highly recommend Sumatra PDF as an alternative to Foxit, and qBittorrent as an alternative to uTorrent.
I agree. And Sumatra PDF is also the best way to silently print PDFs from a command-line invocation.
Ha! I just ran apt-get update manually and it offered me an update to the "update notifier." I'll probably be getting those Windows 10 nag screens any minute now!
(No, it really did just push that update down the pipes.)
It's almost like you need to set up a Domain Controller, JUST so you won't get W10 forced down your cyber-throat. Can anyone comment on how practical that is for a home user (assuming they can get copies of W7/W8 Professional)?
So, I haven't been experiencing any of the Windows 10 nag/force upgrade problems on my Linux machine.
Just sayin'.
Nor I on my OS X or iOS machines.
Jus' sayin'...
Considering how easy it appears to have been to avoid upgrading to MSWind10, it would not surprise me to find strong coercion to move to MSWind11...which just happened to implement a subscription model.
The effect would be the same as charging a subscription to MSWind10, but since the name had changed, no promises would have been broken.
EXACTLY THIS. This is exactly what I figure MS will do.
Apple has never said that they won't charge a subscription for iOS. That doesn't make it any less absurd to say they will.
Yep, those of us with 1st/2nd generation ipod touches know just how absurd it is to think that Apple might charge for iOS updates.
Apple was being overly-cautious with the advent of SOX accounting-rule changes. Once they figured out that that was a non-issue, they stopped charging for iOS updates.
So, nice strawman you got there.
Yeah, it's called iOS.
You're so full of shit, it's coming out of your ears.
If the user has no control over the data being sent, can't stop it, and can't even see what is being sent WTF do you expect us to call it, cotton candy?
Sorry Charlie but there is only one other kind of software that displays the same behavior, and that is malware.
Oh, and you forgot to mention that MS vehemently denies that it is even happening, even when people keep seeing it happen in their firewall logs.
I have a Windows 7 laptop at work running "Professional" (and operating under a Domain Controller), but, even though MS said it wouldn't mess with Domain-connected W7 machines by force-feeding W10, I note that, ever since W10 has come out (and before I got smart enough to disable ALL "Updates"), that my laptop now takes nearly FIVE MINUTES to SHUT DOWN, with the HD being accessed continuously.
Before that, a shutdown would only take about 30 seconds. I have no doubt that my machine is now engaging in "Telemetry" at that time. I don't have access to my work's router to see if I'm right; but I suspect as much.
Hairy, do you, or anyone else, have any idea how I can tell if this is true, and even better, how to stop it (and still have my W7 installation)?
Apple has never said that they won't charge a subscription for iOS. That doesn't make it any less absurd to say they will.
But Apple HAS said, many, many times, that their revenue comes from HARDWARE sales, and that they see their Software as a tool to entice users to migrate to, and/or stay on, their platform, thus continuing to buy their Hardware.
You will note that the difference that proves that Apple is not lying is that, not only has OS X been free (as in beer) for the past 3 major revisions (and iOS has been free for longer than that, ever since they figured out how to get around some imagined SOX restriction), and yet does NOT constantly spy on you, ala "Free" Windows 10.
BIG difference!
It is actually more simple than that. All they need to do is require the PIN to apply updates to the OS, rather than allowing automatic updates being pushed by Apple (or whomever)
Already done. Where does it say that Apple can force-update an iOS (or any) of their devices?
Simple fix, Apple and Google can add a feature to their phone OSs where the user can turn on a security feature where if they don't enter their password every "xx" (set by user) days, the phone also auto-wipes....
They do a somewhat similar thing on the iOS devices that have a touch-sensor.
If you don't log-into such a device at least once every 48 hours (or after a power-cycle), you HAVE to use the Passcode (not the biometric sensor) to unlock the device.
That is VERY significant, in that the Supreme Court has ruled that, while you CAN be forced to use your finger to unlock a device, you CANNOT be ordered to divulge (nor enter) a Passcode.
However, no one (and I believe by laws) can simply place a damage value on to this kind of harm.
Nonsense. It's done all the time.
Sometimes, especially when a wrong is fairly egregious, but the actual damages are difficult or impossible to calculate, a Judge will award a "nominal damage" amount to the claimant. Usually, the sum is somewhere between $1 and $1,000.
If I was designing a phone I'd probably throw in a no-prompt update capability just to make QA's life easier when they have to push an update to a testing farm.
There are other ways to do that other than an explicit "software switch", such as testing some conditions to determine whether it is a new phone or one that has already been "set up". I used to do that to decide when to stuff defaults into an EEPROM on a product I was designing.
Also, I would be very surprised if Apple stuffs the OS into these phones via Lightning, Bluetooth, or WiFi. It would take WAAAAY too long. More likely, that is reserved for the "rework" line. I would bet that the Flash chip/SoC is pre-programmed with the OS image and Apps in a completely separate process and then stuffed onto the PCB along with the other components. Much, much faster, and you don't have to have special-purpose "start from scratch" bootloaders, etc.
Companies have been doing that sort of thing for years. In fact, most chip manufacturers and distributors will pre-program parts for you (but I suspect Apple wants more control over what goes in than your run-of-the-mill company making, for example, ice-maker controllers)...
As an embedded designer with about 40 years experience, that is how I would guess Apple gets the initial OS/app code into iOS devices.
All it would take is a basic OS that would boot the thing up as a USB mass storage device will full access to the filesystem.
This is not some shit-box prize-in-crackerback-Jocks phone. It isn't just a mass-storage device with a cellular modem. There is no "mount this as a USB mass-storage device"
...and now we know why...