or Connect
Styleforum › Forums › General › Current Events, Power and Money › The San Bernadino Iphone Case and The Notion of Privacy
New Posts  All Forums:Forum Nav:

The San Bernadino Iphone Case and The Notion of Privacy - Page 2

Poll Results: WWSJD: What would Steve Jerbs do?

 
  • 9% (1)
    Create the Ultimo Universal Encryption Hammer and Fork it Over to Obummer Once and For All
  • 45% (5)
    Tell the FBI to "Go figure it out ya morans!"
  • 9% (1)
    Wear a black turtleneck with levi's and new balances
  • 36% (4)
    Time travel; befriend Prime Guvnah Ahhnuld, find and kill Connemara, avoid the cybernetic war
11 Total Votes  
post #16 of 46
Quote:
Originally Posted by toothsomesound View Post


Apple is unwilling to share its customer privacy to the FBI because it is too busy exploiting it for commercial ends along all the other apps you use...
post #17 of 46
Quote:
Originally Posted by Jr Mouse View Post

The FBI director has gone on record as saying he wants Apple and other phone makers to build a "backdoor" into all future smartphones for them to be able to access. The FBI couldn’t care less that they’re weakening our encryption for others to break as well. It's naive to think that any compromises added for Government access wouldn't eventually be exploited by bad actors as well.

Jeffrey's comparison of this to granting access to one's home is inept when you consider doing so wouldn't open doors to thousands of hackers from all over the world. An opened house door can be locked again. Compromised encryption cannot.

As the link Pennglock shared explained it's likely possible for Apple to comply with the FBI's demands on this particular iPhone as it's missing the secure element that the new iPhones have. The issue here is that it is setting a precedent that could make it harder for Apple to take a stand in the future and lead to the FBI getting their wishes.

Just because the FBI director is on record asking for a back door to all encryption does not mean they will get one in this case (of course he'll ask for more than he expects to get). Apple's push back (since whenever the FBI first approached them) offered them the compromise of helping them hack into one phone.

I don't get why their complying would suddenly grant the FBI and awful regimes immediate access to all phones. What's wrong with the FBI and any other government (UK, Turkey, China) requesting access to one or a few phones if they can prove the phone was related to a terrorist attack or some other crime? Obviously governments (including the U.S. and others) will try to abuse it.

I suppose that's where a court ruling and/or legislation comes in. If that's the case, I still believe Apple will lose and have to relent in some way but I guess they laid down their marker.
Edited by Joffrey - 2/18/16 at 11:33pm
post #18 of 46
Quote:
Originally Posted by Joffrey View Post

Obviously governments will try to abuse it, doesn't mean all governments will.

What government has shown they won't abuse technological exploits at every opportunity? Certainly not the US.
post #19 of 46
Forgot to fix that sentence after I made some other revisions. Fixed now.
post #20 of 46
John McAfee to the rescue

http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2

Everything John McAfee does is amusing. I'd love to have a drink with the guy.
post #21 of 46
With this entire affair I can't shake the feeling that Apple's line in the sand is a proxy battle for other incidents they're not allowed to speak about...
post #22 of 46
error 53
post #23 of 46
Quote:
Originally Posted by Ataturk View Post

So based on what I've read it sounds like Apple's encryption is not secure in and of itself, but it just relies on the complexity of their proprietary software/hardware, and on their refusal to cooperate in bypassing it.

If that's the case they're probably going to lose and lose hard here. But it doesn't undermine encryption -- real encryption. Apple's products are only done this way to let people use short passwords.

I disagree. I'd say this means Apple's encryption is pretty dang secure. With most consumer levels of security, physical access trumps all. If you have the device in hand, it is only a matter of time before they are in--especially with FBI/NSA types.

The fact that they are getting a court order on Apple means they *can't* do it themselves.

Basically, they think it is likely possible to break in (via brute force though, not actually breaking the encryption) but they need a few things. First and foremost, they need Apple's own encryption key that they use to sign the updates. Without Apple providing that (or the FBI cracking it), the phone will not accept the update. Maybe there would be some other exploit that would allow them to inject unsigned code, but that might also run the risk of bricking the device, so it is a no-go here.

Second, they need Apple's expertise and access to the source code and testing facilities. If you want to do this without bricking the device--you need an update that works flawlessly because you only get one shot.

The only real flaw I am seeing in Apple's security right now...is that it doesn't require authentication to install an update. I understand there might be a need to enter a recovery process on a damaged phone, but it seems to me that when placed in encrypted mode, if you can't provide the password, the phone should be wiped before installing any sort of software update.
post #24 of 46
Quote:
Originally Posted by otc View Post

I disagree. I'd say this means Apple's encryption is pretty dang secure. With most consumer levels of security, physical access trumps all. If you have the device in hand, it is only a matter of time before they are in--especially with FBI/NSA types.

Consumer levels of security meaning something like a screen saver password for a windows computer. Sure. But if you're talking about full disk encryption, PGP, or something like that, then that's not the case.
Edited by Ataturk - 2/23/16 at 7:17am
post #25 of 46
It can really depend.

Obviously, there are some pretty secure options available to consumers, but none are as easy to use or ubiquitous as the iphone security.

And most that are easy to use or readily available are very vulnerable to brute force attacks. Sure, you could choose a very long pass phrase, but that's not going to stop the NSA for very long--they would probably be in already.

For example, TrueCrypt is a pretty solid platform. If you were to use a 64 character random string, it is doubtful that the NSA has the computing resources to break into it...but you also have to remember a 64 char random string, or write it down somewhere that the FBI can't find it. It would be more likely that they would use a normal length password or some sort of phrase. Something like that is totally fine for remote attacks, or other types of attacks where attempts are limited, but you can break it fast with physical access. Consumer GPUs can crack a few hundred thousand keys per minute vs truecrypt...the NSA can do far more.

I don't think this guy was actually that security conscious. He wasn't using an impossible password. If he was (and if he truly had any super sensitive info on his phone), why didn't he just initiate the wipe himself?
post #26 of 46
The NSA can brute force passwords, but it would take a long time and they can only do one password at a time (or however many supercomputers they have available).

Plus, people who use full disk encryption generally know to use passwords with a lot of entropy. It doesn't have to be random characters; long passwords work just as well even if they're words (there are a lot of words!). Doing a thousand or a million passwords per second will still take a very, very long time when there are 30 characters in the password. Centuries.

If they can bypass Apple's proprietary hardware on one device, which is the hard part, they can do them all. The remaining passwords are going to be short (because they're on a phone) and so they could be brute forced much more easily.
post #27 of 46
Right, but I don't think this guy cared that much about security. If he was the type who was using a complex password to protect something secret, he probably would have wiped the phone himself. Not hard...don't even have to go into settings, just enter the wrong password 10 times.

Just a guess, but if this guy had a TrueCrypt volume, I would suspect that they have already brute forced their way through all 9-char combinations (10 char is really where you start to vastly exceed reasonable expectations of computing power) as well as a massive password/phrase dictionary (+permutations).
post #28 of 46
Quote:
Originally Posted by otc View Post

Right, but I don't think this guy cared that much about security. If he was the type who was using a complex password to protect something secret, he probably would have wiped the phone himself. Not hard...don't even have to go into settings, just enter the wrong password 10 times.

Just a guess, but if this guy had a TrueCrypt volume, I would suspect that they have already brute forced their way through all 9-char combinations (10 char is really where you start to vastly exceed reasonable expectations of computing power) as well as a massive password/phrase dictionary (+permutations).


Well it's likely that the iPhone in question didn't have much of importance on it at the time of his death. My understanding is he had access to other devices that were destroyed and I believe this iPhone was supplied from his work? He also allowed it to Sync its data with iCloud. While he was likely no criminal mastermind, it's reasonable to assume he was intelligent enough not to use an iPhone syncing data to iCloud for anything important or incriminating.

I don't blame the FBI for wanting to have access to it, but find it doubtful it will lead to much if they are given it.
post #29 of 46
I'm just not that interested in this particular case, but the impact of the court order on the security of the other iphones out there, which seems to be based on Apple's obstinacy rather than any technical difficulty in cracking the passwords.
post #30 of 46
Quote:
Originally Posted by toothsomesound View Post

Where does the CESSPOOL stand on this most important of modern issues?

Who are you?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Current Events, Power and Money
Styleforum › Forums › General › Current Events, Power and Money › The San Bernadino Iphone Case and The Notion of Privacy