- Last Active
steven n. said:
radarthekat said:For those new to the FBI versus Apple battle...Here is what's going on.The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture. This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE. So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key. Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.So you need to enter each password guess into the iPhone you are trying to unlock. And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts. This feature is what makes a simple four digit passcode such a strong security measure. Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations. The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone. But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password. 10,000 tries, even if done manually, wouldn't take very long. Of course, they are also asking for two additional weaknesses. One is to allow passwords to be sent to the phone electronically (wirelessly). That would save time over manually sitting there trying one after another passcode. And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip. You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over. So that puts the lie to the FBI's stance that they want this only for this one time.Apple is not being asked to use any method they want to just get the data. Apple is being demanded to build a forensic tool for law enforcement's repeated use. Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available. This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system. Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.
1. Passcode being sent electronically does not necessarily mean wirelessly. Could be a wired keypad or wired device acting as a keypad. Apple currently only allows passcode entry via the on-screen keypad, thus they would have to further modify the iOS software to allow passcode entry via a wired or wireless device.
2. To make the changes to the chipsets inside an iPhone Apple has to 'flash the ROMs' by sending a 'signed' update using Apple's secret electronic signature. Normally this occurs via 'Software Update' where the user has to manually enter their passcode to authorize the download and install process. Apple Store Genius Bar employees USED TO be able to do this for a customer without entering the passcode by putting the iPhone into a 'factory mode' and updating the software while wired to a Mac/Mac Server. What people forget is that doing this erases the iPhone (on purpose) after which the customer must now set up the phone and download their saved data via iCloud or from their own computer via iTunes. The FBI wants a version of iOS that will install the modified iOS and NOT erase the data. THIS IS THE BIG BUGABOO! If Apple does this (which I'm sure they could because they have excellent engineers and coders) AND if this revised, less secure software gets into the wild, which it will under our current court system, then criminals and other nefarious entities will have a means to 'break' any iPhone, causing an immediate increase in stolen iPhones, AGAIN. We already went through this with high thefts rates in NYC, San Francisco and L.A. With the mayors of those cities threatening to sue Apple and others for NOT having their phones more secure! Now NYC wants Apple to make their phones less secure, reverting back to a time when thefts (and muggings and deaths) were rampant!
3. If Apple does build this forensic tool and does perform the work for law enforcement, they become a de facto 'agent of the state' for which other countries can now use as an excuse to ban Apple products, particularly iPhones, from their countries. Basically, the ruination of Apple as their products can no longer be trusted to be secure. Already there are proposals in the U.S. to ban any phone without a 'back door' for law enforcement (and spy agencies), and France is proposing heavy fines for not assisting their security agencies, and other are proposing to ban phone without heavy encryption. So what is a company to do? Make the same phone with different iOS software for different countries? If they do that, then the one's wanting 'secure' phones will purchase their phones from countries demanding security and not purchase phone sold in the USA. Like I said, the end of iPhone sales and the decline of Apple as an entity.
I'm sure others can add other very plausible scenarios to what I wrote above.
dewme said:The way the article is worded makes it sound like MacKeeper, MacBooster, and MplayerX are also malware. Is this true?
anton zuykov said:bulk001 said:maciekskontakt said:randominternetperson said:
What's the legal justification for searching their phones at all? If I punch you in the face, can the police get a search warrant to search my house? What does rioting and destruction of property have to do with your personal information and communications? Searching the phone sounds like an unreasonable search and taking it in the first place seems like an unreasonable seizure. They caught these guys red handed and have all the evidence they need to get convictions. That should be enough.
Presumably the argument will be that they are trying to find evidence for someone "inciting a riot" but they should be able to solve that part of the case with old fashioned interrogation and deal-making with the hundreds of people they arrested.
When you throw a punch at a person, you have just given that person a right to use deadly force, if he can prove later, that it was reasonable for him to think he was in danger. I like that every person has the right to defend himself. Sure, responding with a gun to a fist fight might be an overkill ( no pun intended) but a person with a gun was not the one who had the option of choosing if he wants to start the violence or not.
Besides, if you don't wanna get killed for throwing a punch, DONT THROW PUNCHES without a good reason. That might help to pass throw Darwin filter, you know. Just saying....
Apple's serious approach to security has enabled the company to take a leading roll in supplying computing devices to enterprise buyers, one of the markets Windows Phone has made very little progress in, and a market segment that has purposely shunned the sloppy security associated with Google's Android.
The_Martini_Cat said:If it has wireless charging, what is the need for a lightning cable?
The lightning cable is for FAST charging using a power adapter in a wall or connected to a USB-C equipped Mac.
78Bandit said:I didn't think the 5C used secure enclave as was stated in the article. I thought that only started with the 5S models that had Touch ID. I have my serious doubts that iPhone 6 encryption can be cracked for only $2,000. A much more likely scenario is the mother knew the daughter's PIN and that was used to access the data mirrored from the recovered phone.
If the person had use the optional 'Custom Alphanumeric Code,' Cellubrite may still be trying.
As PROX mentioned (through news articles) China wanted the Apple iOS source code to ensure that there are NO backdoors in the code, as Apple alleged. Apple (allegedly) handed over the source code to iOS, NOT the security keys, and they DID NOT create a NEW version with a backdoor, nor did they hand over firmware code (to anyone's knowledge). If all the FBI wanted was the source code, Apple probably would have handed that over, but that is not the NY judge's order.
To me the FBI is asking of Apple the equivalent of asking a safe maker, not only how the safe is designed, AND not only the best way to defeat the safe, but also to build in a special combination to the safe usable only by them (yeah, right) to circumvent any combination set by the owner of the safe.