iPhone unlocking firm Grayshift faces extortion demands after data breach

13»

Comments

  • Reply 41 of 50
    radarthekatradarthekat Posts: 3,132moderator
    Soli said:
    MplsP said:
    MplsP said:
    Today's news is troubling not only for Grayshift, but for iPhone owners as well...the specter of a fully developed iPhone unlocking tool floating in the wild remains.

    This is my concern. Of course, if the code is released, Apple will also be able to analyze it and potentially patch the hole. Who knows, maybe they've already ponied up the 2 bit coin to get the code.

    On a side note, I'm starting to think the US should do like other countries and ban bitcoin. One of the primary uses is for ransom, extortion and terror funding to countries like North Korea, and aside from the curiosity, I can't think of many true reasons to use bitcoin.

    Yes, and let’s ban money — should put an end to greed and exploitation if there’s no money, right?
    *sigh* Yes, that's exactly what I meant. (although a utopian world without money would be nice) Are you really that obtuse?

    Cryptocurrencies have become the medium of choice for illicit financial dealings. Unlike traditional currencies, they can be electronically transmitted in a virtually untraceable fashion. Gold, bearer bonds an other physical items may be untraceable, but have to be physically transferred, making them much less useful for things like extortion.
    Most illicit financial dealing are still happening through wire transfers, checks, shell companies. Do you really think guy knows a damn thing about Bitcoin?


    Plus FBAR and FATCA reporting can’t be used as effectively in movements of cryptocurrencies overseas.  Really only if they are reported voluntarily.  Not just individuals but also banks are required to report on other assets, which would include bearer bonds and cash and gold deposited or moved through their institutions, over $10k in value.  
    edited April 2018
  • Reply 42 of 50
    SpamSandwichSpamSandwich Posts: 31,398member
    zimmie said:
    According to the letter of the law, doesn’t this GrayKey box violate the DMCA and likely all US anti-hacking laws?
    Letter and spirit, yes. The thing is law enforcement, by its very nature, has the ability to break the law. In the U.S., warrants are explicit grants of permission to break the law. One branch of government requests a warrant from another branch, which reviews it, and either grants or rejects it. The warrant application is meant to explain what law they want to break, why, and list the expected results.

    Without that understanding, the police would never be able to arrest anybody (kidnapping), search a residence without the owner's permission (breaking and entering), or any number of other things.

    So it is probably illegal for Grayshift to have developed it (DMCA), and it is illegal for it to be used to access a person's cell phone without that person's permission (CFAA). The latter violation of the law is ostensibly covered by the police/FBI having a warrant.

    The former is more complicated. Bypassing encryption safeguards (or telling other people how to do so) is explicitly called out in the DMCA as illegal. I suspect it would fall into the same legal area as HDCP strippers.
    So, theoretically nothing should prevent an individual from suing Greyshift for using an illegal piece of software to violate their protected Fourth Amendment rights. In other words, sue Greyshift for illegal violation of protected rights, not sue the police or other law enforcement. Greyshift would have to have the legal protection of Congress to carry out their activities, since they are breaking Federal law.
  • Reply 43 of 50
    SoliSoli Posts: 9,270member
    Soli said:
    MplsP said:
    MplsP said:
    Today's news is troubling not only for Grayshift, but for iPhone owners as well...the specter of a fully developed iPhone unlocking tool floating in the wild remains.

    This is my concern. Of course, if the code is released, Apple will also be able to analyze it and potentially patch the hole. Who knows, maybe they've already ponied up the 2 bit coin to get the code.

    On a side note, I'm starting to think the US should do like other countries and ban bitcoin. One of the primary uses is for ransom, extortion and terror funding to countries like North Korea, and aside from the curiosity, I can't think of many true reasons to use bitcoin.

    Yes, and let’s ban money — should put an end to greed and exploitation if there’s no money, right?
    *sigh* Yes, that's exactly what I meant. (although a utopian world without money would be nice) Are you really that obtuse?

    Cryptocurrencies have become the medium of choice for illicit financial dealings. Unlike traditional currencies, they can be electronically transmitted in a virtually untraceable fashion. Gold, bearer bonds an other physical items may be untraceable, but have to be physically transferred, making them much less useful for things like extortion.
    Most illicit financial dealing are still happening through wire transfers, checks, shell companies. Do you really think guy knows a damn thing about Bitcoin?


    Plus FBAR and FATCA reporting can’t be used as effectively in movements of cryptocurrencies overseas.  Really only if they are reported voluntarily.  Not just individuals but also banks are required to report on other assets, which would include bearer bonds and cash and gold deposited or moved through their institutions, over $10k in value.  
    1) You're talking about cashing in a bearer bond and probably American banks. Just like cash, they are traded as legal tender which means no one both trading parties are involved.

    2) Are you aware that SuperPACs are anonymous… in the US… and completely legal? No donation over "$10k" requires any reporting and there's no cap on the amount because of the stupidity of CU.
  • Reply 44 of 50
    Soli said:
    Soli said:
    MplsP said:
    MplsP said:
    Today's news is troubling not only for Grayshift, but for iPhone owners as well...the specter of a fully developed iPhone unlocking tool floating in the wild remains.

    This is my concern. Of course, if the code is released, Apple will also be able to analyze it and potentially patch the hole. Who knows, maybe they've already ponied up the 2 bit coin to get the code.

    On a side note, I'm starting to think the US should do like other countries and ban bitcoin. One of the primary uses is for ransom, extortion and terror funding to countries like North Korea, and aside from the curiosity, I can't think of many true reasons to use bitcoin.

    Yes, and let’s ban money — should put an end to greed and exploitation if there’s no money, right?
    *sigh* Yes, that's exactly what I meant. (although a utopian world without money would be nice) Are you really that obtuse?

    Cryptocurrencies have become the medium of choice for illicit financial dealings. Unlike traditional currencies, they can be electronically transmitted in a virtually untraceable fashion. Gold, bearer bonds an other physical items may be untraceable, but have to be physically transferred, making them much less useful for things like extortion.
    Most illicit financial dealing are still happening through wire transfers, checks, shell companies. Do you really think guy knows a damn thing about Bitcoin?


    Plus FBAR and FATCA reporting can’t be used as effectively in movements of cryptocurrencies overseas.  Really only if they are reported voluntarily.  Not just individuals but also banks are required to report on other assets, which would include bearer bonds and cash and gold deposited or moved through their institutions, over $10k in value.  
    1) You're talking about cashing in a bearer bond and probably American banks. Just like cash, they are traded as legal tender which means no one both trading parties are involved.

    2) Are you aware that SuperPACs are anonymous… in the US… and completely legal? No donation over "$10k" requires any reporting and there's no cap on the amount because of the stupidity of CU.
    I think you mean 501(c)(4) nonprofit "social welfare" organizations rather than super PACs.  https://www.washingtonpost.com/news/the-fix/wp/2013/05/13/what-is-a-501c4-anyway/?utm_term=.5d775112800f
    edited April 2018
  • Reply 45 of 50
    fastasleepfastasleep Posts: 3,170member
    sflocal said:
    sflocal said:
    This article sounds more like click-bait dramatics than actually damage.  Sounds like the box has a built-in web server and all a user has to do is communicate via a browser instead of having to install some kind of software on their computers.  

    This is not even anything remotely close to having access to the actual code which makes this hardware work unless the actually code is a bunch of php, java, javascript, etc.. which to me would just not make sense.

    There is way more to this story that is not being discussed, and I'm beginning to think it's another one of the media's "Let's be the first to post, and retract later" antics.  I'm a software engineer and there's just too many holes in this story to come to any kind of conclusion just yet.  
    How do you know what code lives where and what they got? There is a web interface to interact with the box itself, but if you have the source code for the box itself you could just build your own box. 
    Source code and binary/compiled code are two different things entirely.  It makes zero sense that uncompiled, readable source code would exist in an end-product that can be removed and used elsewhere.  It's like Apple publishing source code in a folder inside an iPhone itself.  Zero sense.

    If the device has an embedded web server, then I can see someone hacking into the web server and lifting UI "source code" which has nothing to do with the actual (compiled) code that is installed on the device itself.  That compiled code is what interfaces to the iPhone.

    Even if the hackers were somehow able to lift the firmware binaries from the device, that is not the actual source code.

    This article is making assumptions, and it sounds like it was written by someone that has little knowledge about how systems work.
    Did you read the article?

    FTFA: “after its product's source code was inadvertently exposed to the internet last week.“

    So they have a server with source code exposed to the internet. That has nothing to do with an “embedded web server” or the compiled code on the shipping device. The company says they didn’t access everything they needed to duplicate the device, but it’s the opposite of what you were saying happened. 
  • Reply 46 of 50
    dysamoriadysamoria Posts: 2,283member
    georgie01 said:
    I’m quite pleased this firm developed this product. It shows the fuss the FBI and other law enforcement agencies is unfounded, that it’s the responsibility of others to work out solutions to get at the data rather than ask the manufacturers to solve law enforcement’s problems.

    It also shows the lack of willingness of the FBI and other law enforcements agencies to sacrifice security for freedom (which is very shortsighted because it solves an immediate problem while creating a much bigger one) is even more problematic, because the problem can be solved.
    Excellent commentary. Part of the problem with the FBI's laziness, IMO, is the way our government has abandoned pursuing its own expertise ever since Reagan began killing government agency funding and pushing everything to outside private contractors. There used to be more expertise available and an environment of research (internally).
    edited April 2018
  • Reply 47 of 50
    dysamoriadysamoria Posts: 2,283member
    When I first saw this article, I kind of wanted to reply to Greyshift's difficulties by way of posting a clip of Nelson Muntz pointing and saying "ha ha!"... There's something poetic about a business that specializes in breaking encryption on consumer devices being extorted by a web scammer...
  • Reply 48 of 50
    macseeker said:
    lukei said:
    Maybe it should be a federal crime to pay hostage and extortion demand via cryptocurrency.  It’s a real threat to society to have an untraceable medium of exchange.  Hmm, maybe gold too.  Lol
    It isn’t untraceable. That’s the big con. 
    Isn't there a master log book of all cryptocurrency transactions?  I think I've read that somewhere.
    You mean the blockchain?
  • Reply 49 of 50
    macseeker said:
    lukei said:
    Maybe it should be a federal crime to pay hostage and extortion demand via cryptocurrency.  It’s a real threat to society to have an untraceable medium of exchange.  Hmm, maybe gold too.  Lol
    It isn’t untraceable. That’s the big con. 
    Isn't there a master log book of all cryptocurrency transactions?  I think I've read that somewhere.
    You mean the blockchain?
Sign In or Register to comment.