🔥 Terrorists: we are being pressured by iPhones into creating Apple backdoor
-
You can't expand a PIN into the correct AES key for any given phone without using that specific phone's Secure Enclave, which holds its own unique keys that get used during PIN expansion and various other processes. The Secure Enclave is itself a little CPU, and it's designed not to leak its own keys either in use or offline.
-
You should have specified that from the start then, because it's a big difference between the us and the rest of the world.
Far as I can tell, biggest terrorists in the us are the environmentalists. Trump might get more support if he was suggesting stopping vegetarians at the border.
-
Secure Enclave
AFAIK not in this case. Only iPhones from 5s and up have secure enclave and this is a 5c.
-
Looks like you're right. Even so, the phone still has an embedded and unreadable hardware ID used for crypto stuff, meaning that converting PIN to AES key really does need to be done on that specific phone, which answers @ben_lubar's question about why they don't just unsolder the flash chips and read the contents offline.
-
Couldn't the FBI just take the storage out and do the data mining manually?
Read the Slashdot post that was linked to above, it explains it quite nicely.Where do the extra 242 bits come from?
IIRC, 64 bits are hardcoded into the processor, 64 bits are hardcoded into the secure enclave, 128 bits are generated randomly from the device’s sensors. Software running on the phone can’t access the two 64-bit parts in any way — they’re only available to the secure enclave.
-
Not to piss on your parade, but you realize the specific phone the FBI is interested in doesn't have the "secure enclave" chip in it, right? It's all software.
-
I know — I was responding to Ben’s question of how it works and where the bits come from, not to the question of this particular phone.
-
http://motherboard.vice.com/read/who-changed-the-san-bernardino-shooters-icloud-password
The Government had access to the phone after the crime; someone in the Government reset the phone's iCloud password. If they hadn't fucked up, they wouldn't need Apple to crack the phone itself.
-
That's as may be, but you're either with us or with the terrorists!
http://www.maricopacountyattorney.org/newsroom/news-releases/2016/2016-02-24-MCAO-to-Discontinue-Providing-Apple-iPhones-to-Employees.html
-
That's as may be, but you're either with us or with the terrorists!http://www.maricopacountyattorney.org/newsroom/news-releases/2016/2016-02-24-MCAO-to-Discontinue-Providing-Apple-iPhones-to-Employees.html
They made the right decision but for all the wrong reasons.
EDIT: WTF is your avatar now? It looks like somebody who's been flayed.
-
-
WTF is your avatar now? It looks like somebody who's been flayed.
-
Is that Boris Johnson you have now? Rivals Trump for hair insanity.
-
So remember when that jerk John McAfee blathered that he'd crack the phone FOR Apple, and promised he'd eat a shoe if he couldn't get the job done?
Well, he did an interview with a show called Russia Today, and they asked how he planned to crack the phone.
He said social engineering. Uh. The owner of the phone is dead, dude. You can't use social engineering on a dead dude.
Then he gives another plan which is so insane I'm not sure he's even used a computer in the last 30 years. Quoted in full:
Now I'll probably lose my admission to the world hackers' community, however, I'm gonna tell you. You need a hardware engineer and a software engineer. The hardware engineer takes the phone apart and it [sic] copies the instruction set, which is the iOS and applications [sic] and your memory, and then you run a piece, a program called a disassembler which takes all the ones and zeroes and gives you readable instructions. Then, the coder sits down and he reads through, and what he's looking for is the first access to the keypad, because that's the first thing you're doing when you input your pad. It'll take half an hour. When you see that, then you reads the instruction for where in memory this secret code is stored. It is that trivial. A half an hour.
This is gibberish for two reasons:
- It's actually gibberish
- Once you dig through the bullshit, it sounds like he thinks the phone just has a copy of the PIN somewhere in memory. It doesn't, dude. This isn't 1973. It's hashed with the hardware ID, and the hash is compared with a stored hash. Sure you can look up the hardware ID, but unless you break the hash algorithm (and let's assume Apple's not a moron and used a relatively modern one that would take years or decades to crack) that doesn't help you much. As the article points out, this isn't a trade secret or anything, Apple has a document on their website that explains it quite clearly.
-
Er, what? For Muslims we've got Boston Marothon, the two WTC bombings, San Bernadino, and the Chattanooga shootings, exactly what other events have been attributed to Muslims.
They were on the news for a brief while.
-
I've always been a Apple hostage user, and a few years ago I would have agreed with you. But seriously, have you tried El Capitan? It's a bug-riddled calamity. From the top of my head, some the "repeating" obvious bugs:
Mail crashes almost daily, and on the very first day of use I got it to a point where it consistently crashed on opening, with the only way to recover being to delete my account settings and set them up again.
On my second monitor, windows suddenly disappear (they seem to be still there for the OS but they don't show up, and can't be closed or moved)
There's really weird glitches in Finder, like if I click on my "Public" folder it sometimes selects the folder above it.
Discoverability has completely gone down the drain, even below Windows levels; there's lots of features hidden behind unintuitive key combinations, user interface elements which only appear if you press ALT etc.Note that I already had these issues when my new Macbook came fresh out of the box.
I also don't like all the "gestures" stuff, especially with the more recent trackpads which don't have a separate button. All the time it sees my finger movement as some kind of gesture and randomly switches to another desktop or into Exposé or whatever.
I have noticed exactly zero of those bugs and/or glitches.
-
McAfee may be persuasive, but probably not so persuasive as to be able to coax a corpse to give up its PIN.
Funny the article mentioned that because someone on another forum said:
maybe FBI can collect his soul and interrogate his soul.
Social engineering rocks (in the sense of his head towards the rocks).
-
maybe FBI can collect his soul and interrogate his soul.
They're gonna need help from.... the Ghostbusters!!!
-
I think GhostBusters will deal with "ghosts that don't go back to where they belongs to" only.
-
He said social engineering. Uh. The owner of the phone is dead, dude. You can't use social engineering on a dead dude.
To be fair, often social engineering attacks are employed against [url=https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4#.ww9iszy4h]customer service reps[/url] and the like rather than against the account owner. Of course, in this case it wouldn't make any difference (they've already reset the iCloud password for the FBI), so McAfee's still being an idiot.From what I've read, the only feasible way of getting the info without Apple signing a new firmware for you would be in using something like a focused ion beam workstation to try to get the hardware components of the key, so that you could brute-force the passcode combinations on another system. Apart from the difficulty of doing this (moreover, doing it in such a way that you can still use the device afterwards), the risk of accidentally destroying the data is a concern.
-
the risk of accidentally destroying the data is a concern.
Let's also hope something like this does not happen.Sometimes iPhone update through iTunes wipes the phone.
-
Apart from the difficulty of doing this (moreover, doing it in such a way that you can still use the device afterwards), the risk of accidentally destroying the data is a concern.
It's insanely difficult to read data at rest in silicon with anything other than the hardware that is meant to read it.
-
Let's also hope something like this does not happen.
Actually, I think that would be hilarious (assuming Apple tested it properly and it didn't happen on their test devices, but did on the target device - so Apple had a justifiable defence against accusations that they did it deliberately). But I am probably a bad person.
-
@BaconBits said:
Er, what? For Muslims we've got Boston Marothon, the two WTC bombings, San Bernadino, and the Chattanooga shootings, exactly what other events have been attributed to Muslims.
They were on the news for a brief while.
Don't forget the 2009 Fort Hood shooting.
-
They were on the news for a brief while.
So, again, that means that Muslims are the only potential terrorists? Or that the majority of incidents were committed by Muslim refugees? (Hint: The guys who did 9/11 were here as tourists and flight school students from Germany.)
This is like saying that because Japan bombed Pearl Harbor that Japan was the only enemy in WWII.
-
Don't forget the 2009 Fort Hood shooting.
And the big hole blown into the side of the USS Cole.
-
So, again, that means that Muslims are the only potential terrorists? Or that the majority of incidents were committed by Muslim refugees? (Hint: The guys who did 9/11 were here as tourists and flight school students from Germany.)
I don't think @Polygeekery was saying that at all. I think the point was to disabuse you of the notion that only 5 terrorist incidents against the US have been attributed to Muslims. He may have had other intentions as well, but I think that was a big one.
-
So, again, that means that Muslims are the only potential terrorists?
http://godlessmom.com/wp-content/uploads/2014/08/straw-man.png
Seriously, no one is saying that.
-
I don't think @Polygeekery was saying that at all. I think the point was to disabuse you of the notion that only 5 terrorist incidents against the US have been attributed to Muslims. He may have had other intentions as well, but I think that was a big one.
Nailed it.
On this whole debate I don't really have strong feelings either way. Or...maybe I do...but they balance each other out?
I just thought it was amusing that he forgot the biggest one.
-
"The two WTC bombings" does not include that? TIL
Anyway, yeah, you're all crazy, Apple is EEEEEEEEVIL, and Trump will be the next president.
-
Rep. David Jolly (Republican, natch. Florida, also natch) has a little hissy fit over this.