Apple vs FBI

[DigitalChaos]

edit: Topic has been split from the 2016 presidential election thread.


As of Feb 19, this seems to be the best summary of the situation: http://www.wired.com/2016/02/apples-...ally-going-on/

----original posts below.---

The FBI sucks.

Some facts to further expand on this:
- The FBI "tried for 2 months" to get into the phone. Turns out they haven't tried a single passcode. (there is some justification here, but they are still really dumb)
- In at least one prior instance of the FBI physically bringing a phone to Apple for help getting in... Apple picked up the phone and there was NO FUCKING PASSCODE ON IT
- The FBI sets quotas for how many terror plots they will disrupt. Just... just fucking think about that for a second!
- The FBI thinks there is going to be some possible data on his work phone and not his personal phone that the terrorist destroyed.

This shouldn't be a matter for Presidential candidates; this should be a matter for the public to understand fully: HEY, IF YOUR IPHONE IS STOLEN, THIS MEANS SOME HACKER CAN STEAL YOUR FUCKING BANK DATA OR ANY OTHER CONFIDENTIAL DATA OFF THAT PHONE!

While this is a good thing for the public to understand, this issue is huge. It may actually be the biggest issue in tech for over a decade. Using the All Writs Act of 1789 to force Apple to do this will set a horrible precedent if it is allowed to move forward. This will allow the government to mandate just about anything. You want every internet attached device to be turned into a government mandated surveillance tool? Cause this is how it happens. This is WAY beyond having your landlord give your apartment key to the police when they have a warrant. I'm not even sure what a good parallel is, but something along the lines of forcing a locksmith to break into a safe against their will might sort of scratch the surface.


There is further weirdness surrounding the situation. Apple asked the FBI to issue the request under seal, and then the FBI went public. I'm not really sure what to make of it but some believe this is the FBI trying to put pressure on Congress to push a bill through mandating crypto backdoors.

[DigitalChaos]

if your iphone is stolen, this means some hacker can steal your fucking bank data or any other confidential data off that phone

I know this is the election thread, but I wanted to touch on this for what will probably eventually split off into a dedicated news item thread.

TECHNICAL SHIT BELOW

While this is solid advice for being security aware, this situation (and several before it) is showing how awesome Apple security is, at least with their current phones. If you are on an iPhone with touchID and/or a long password (not 4 digit numeric) and you are running iOS 9... your phone is bulletproof. Nobody, not even Apple, can bypass that setup from what I understand. Add in the "wipe after too many bad PIN attempts" option and you make it even better.


The current phone in question is a 5c (no touchID) running iOS9 and with a 4 digit numeric and is probably set with the "wipe after too many bad PIN attempts". In theory, someone very skilled could get into this phone. That's definitely not the FBI though. The only thing they can get into on their own is iPhones running 8.1.1 and earlier by using a CHINESE hacking tool that will brute force a 4 digit PIN.



Android phones though? Yeah, they are weak across the board.


aaaanyway. i've clearly been too deep into this thing so I'll just go get back to that then.

[Jinsai]

The problem is, on the most basic level (which I'm sure you 100% appreciate), Apple is setting a precedent for privacy that they are unwilling to, as a business, intrude upon.

At this point, the ball is in the government's court... and they have to say "no, we can always intrude."

I don't understand how more people aren't talking about this.

Apple's answer is, basically "if you want to invade our customer's information, you have to be able to do it yourself" and that's fantastic.

We're not safer if we force apple to figure out a way to invade their new uninvadeable encryption, and I don't understand the people stupid enough to think this is a good idea.

[allegro]

Some facts to further expand on this:
- The FBI "tried for 2 months" to get into the phone. Turns out they haven't tried a single passcode. (there is some justification here, but they are still really dumb)
- In at least one prior instance of the FBI physically bringing a phone to Apple for help getting in... Apple picked up the phone and there was NO FUCKING PASSCODE ON IT
- The FBI sets quotas for how many terror plots they will disrupt. Just... just fucking think about that for a second!
- The FBI thinks there is going to be some possible data on his work phone and not his personal phone that the terrorist destroyed.

See, Exhibit A of Why the FBI is STUPID.

They don't even have their own department that does this. And, yes, it is a testament to the bulletproof security of (newer) iPhones, which the FBI is attempting to render useless.

And, as you said, what they are doing also sets a precedent FOR SOMETHING AFTER THE FACT, FOR TWO LONE WOLF DEAD TERRORISTS, ON THE GUY'S WORK IPHONE.

Nearly EVERYTHING the FBI does is REACTIVE, because they are TOO FUCKING STUPID to be proactive.

I watched a really in-depth lengthy documentary about the Black Panthers on PBS last night.

Mind. Blown.

How J Edgar Hoover could get away with the shit that he did, basically issuing a death warrant to hunt down and kill all Black Panthers, is unbelievable.

And the FBI still gets away with unbelievably stupid crazy shit all the time. They have WAY TOO MUCH fucking power. And Americans are afraid of stripping them of that power. But what people have to understand is: THESE FBI PEOPLE ARE STUPID.

THIS IS WHERE FBI DIRECTOR COMEY SHOWS HOW FUCKING STUPID HE REALLY IS. The guy knows SHIT about tech yet is insisting on a magic rainbow unicorn solution that CANNOT EXIST. Like, well, I'm sure you nerd geniuses can come up with something! No, ASSHOLE, YOU DO IT! WE DARE YOU! YOU AND YOUR BRILLIANT FBI SUITS, WHO SO DEFTLY SECURED THE OPM SERVERS, GO AHEAD! And then maybe you can DRIVE TO MARS AND GET ME A MCSHAKE WHILE YOU'RE DOING THAT!

And Hillary and Bernie? Both can't use a computer to save their respective lives, I bet Bernie still uses fucking AOL. Hillary admits she only uses a Blackberry. So whatever they say on this subject is going to be a rehearsed answer from some congressional idiot else because they have NO FUCKING IDEA what any of this means and because PATRIOTISM evidently means bending over and taking it up the ass by the FBI.

This shit just gets me SO fucking pissed off. WAY fucking more than 2nd Amendment shit or any of this other pseudo important shit. The Government intruding into our lives, and in this case DEMANDING that REALLY REALLY EXPENSIVE equipment be MADE SUBPAR and SUSCEPTIBLE to hackers and making us subject to things like identify theft so that the Government can access it AFTER a possible act of terrorism has occurred to POSSIBLY gain information is BULLSHIT.

[DigitalChaos]

I don't understand how more people aren't talking about this.

FWIW, the tech/privacy/security realms are exploding over this. It's overwhelming and the first time I've been unable to keep up with everything surrounding a single story.

Apple has recently been doing a lot to remove themselves from the possibility of breaking into their customer's devices. I wouldn't trust my life on it (the NSA, at a minimum, can still get data going in/out of the device) but it's a huge bump.



The sad thing about some of the people talking about this are the ones who support the FBI. The answer to "should Apple help the FBI get into just the terrorist's phone" is all too frequently "yes." Nobody stops to think about the legal precedent or the fact that a backdoors for 1 mass produced phone is a backdoor into all of them.

[Jinsai]

The sad thing about some of the people talking about this are the ones who support the FBI. The answer to "should Apple help the FBI get into just the terrorist's phone" is all too frequently "yes." Nobody stops to think about the legal precedent or the fact that a backdoors for 1 mass produced phone is a backdoor into all of them.

I was screaming at my radio the other day, listening to these idiots weigh in with their opinions. They were basically implying that what Apple was doing was tantamount to treason, that they care more about this as a marketing ploy to advertise their product than they care about stopping terrorism, that people overly concerned with the security of their cell phones are narcissistic and paranoid... mockingly condescending about that in a "sorry Bub, nobody cares about what's on your cell phone. You're not that important. Go get a job or something... go outside, get some air."

Sometimes you just feel like you're losing your mind. You wade through the usual parade of cute-cat photos, looking for someone else talking about this incredibly important issue that's happening right now, and most of the commentary I see about it is from people mad at Apple, and failing to understand that if Apple capitulates at all to this kind of demand, it means that their claims about impenetrable security are ultimately null and void if a third party is legally empowered to ask for the keys.

Now John McAffey is weighing in, offering to decrypt the phone for the FBI so that Apple is not forced to do so... I'm not sure how this entirely resolves the issue, but it would certainly demonstrate incompetence on part of the government. Doesn't this also only create a new sort of precedent, where we know that if someone really wants your data, they can hire a team of mercenary hackers to access it? Either way, if McAffey does find an exploitable weakness, I would hope he would share the flaw with Apple so that they can improve their security.

[DigitalChaos]

And the FBI still gets away with unbelievably stupid crazy shit all the time. They have WAY TOO MUCH fucking power.


And Hillary and Bernie? Both ... have NO FUCKING IDEA what any of this means and because PATRIOTISM evidently means bending over and taking it up the ass by the FBI.

This shit just gets me SO fucking pissed off. WAY fucking more than 2nd Amendment shit or any of this other pseudo important shit. The Government intruding into our lives, and in this case DEMANDING that REALLY REALLY EXPENSIVE equipment be MADE SUBPAR and SUSCEPTIBLE to hackers and making us subject to things like identify theft so that the Government can access it AFTER a possible act of terrorism has occurred to POSSIBLY gain information is BULLSHIT.

Putting all of this together, maybe this means Hillary and Sanders are unqualified to be POTUS then. The only acceptable option with their technical capacity is for them to strip/block the govt from doing this. And that's something they certainly aren't proposing.


I'm not sure what all the GOP heads are saying but I know a lot are completely backing the FBI like a flashback to 9/11 "anything to get the terrorists" mentality. Rand Paul and Ron Paul are not only backing Apple, they want to stop the govt from doing this shit. It's a shame neither are running anymore.

This is why im fairly sure I'll be going 3rd party. If I vote at all... my time seems better spent finding more actionable ways to fix this shit.


If you haven't seen McAfee's OpEd where he offers to decrypt the phone so Apple doesn't... Well it's entertaining and he trashes the FBI a bit http://www.businessinsider.com/john-...or-free-2016-2

[allegro]

The sad thing about some of the people talking about this are the ones who support the FBI. The answer to "should Apple help the FBI get into just the terrorist's phone" is all too frequently "yes." Nobody stops to think about the legal precedent or the fact that a backdoors for 1 mass produced phone is a backdoor into all of them.

The thing is, those terrorists in Paris were using cheap throw-away phones and unencrypted data, NOT FUCKING SEVEN HUNDRED DOLLAR IPHONES! They use phones that can't be traced, then they toss them into the trash. They aren't spending a fuckload of money on expensive smartphones! What kind of unicorn world are these morons at the FBI living in? And these idiot Americans, are they REALLY thinking that terrorists ARE THAT FUCKING STUPID?

The FBI is just going for easy, low-hanging fruit, here, that will REAP ABSOLUTELY NOTHING BUT WILL EXPOSE AMERICANS TO 1980s LEVELS OF SECURITY HOLES.

Finding shit AFTER A FUCKING TERRORIST ATTACK HAS ALREADY HAPPENED doesn't mean shit. It's kinda like killing Osama bin Laden way the fuck after he already killed people. Yeah, big fucking deal, very anticlimactic, thousands of people were ALREADY DEAD.

Putting all of this together, maybe this means Hillary and Sanders are unqualified to be POTUS then. The only acceptable option with their technical capacity is for them to strip/block the govt from doing this. And that's something they certainly aren't proposing.

When I saw Bernie almost fall off a stage after speaking to a bunch of students in Iowa, showing how "elderly" he really is, as much as I didn't want to admit it, I don't know that I'd vote for him, either. He'll be dead in a year, with that job. When asked about campus sexual assaults and affirmative consent education, he answered yes we need to have assaults reported to the police (good answer) but then he said "no means no" which means the guy is still living in the 60s protest era, and I don't think he can grasp modern concepts like the NSA and this thing about Apple or even affirmative consent. He now has a bunch of black people pissed off at him for his flip negative response when asked about slave reparations, when he could have easily equivocated.

Honestly, I want to eventually get the fuck out of this country. Two choices just isn't enough. And I don't want to be in a country where there is an FBI and a Patriot (ha) Act.

But I sure as fuck will be voting 3rd party in this election.

Edit: FWIW, even though I generally really dislike Rubio, it ends up he is against this back door idea. See also this.

See Rubio's video response imbedded in this Tweet.

[allegro]

If you haven't seen McAfee's OpEd where he offers to decrypt the phone so Apple doesn't... Well it's entertaining and he trashes the FBI a bit http://www.businessinsider.com/john-...or-free-2016-2

This is BRILLIANT.

And this is why the U.S. sucks and why China and Russia will win everything.

I still vividly remember Rusty & Edie's, with the FBI storming them and confiscating all their equipment and holding it hostage for YEARS and then the case was finally settled. The FBI had NO fucking idea about any of the computers, they sat in a warehouse, untouched.

And they never gave Dr. Ripco his confiscated computer equipment back.

[cynicmuse]

The good news is that the EFF will file an amicus brief. Also, Apple has retained some excellent lawyers, including Theodore Olsen. Apple's refusal to cooperate with law enforcement has been brewing for the last year; they refused to unlock a drug dealer's phone in NYC last year.

[skullboy0]

I don't think the FBI even cares about the info on this particular phone, they've just been looking for a test case with the right buzzwords like Terrorism to be able to set the precedent.

From what I've read they thoroughly destroyed their personal phones before the attack, so the odds of him having used his work phone for anything related to the attack seem slim to me.

[DigitalChaos]

Sometimes you just feel like you're losing your mind.

You too can live in this state perpetually. Just join the the security and privacy geeks! If your only hope is within our political system, you'll be left oscillating between crying in a corner and wanting to light the world on fire.

Now John McAfee is weighing in, offering to decrypt the phone for the FBI so that Apple is not forced to do so... I'm not sure how this entirely resolves the issue, but it would certainly demonstrate incompetence on part of the government. Doesn't this also only create a new sort of precedent, where we know that if someone really wants your data, they can hire a team of mercenary hackers to access it? Either way, if McAfee does find an exploitable weakness, I would hope he would share the flaw with Apple so that they can improve their security.

It would only solve the legal precedent of using the All Writs Act in a way that will lead to the worst 1984 surveillance situation you can imagine. The ability for a team of hackers to bypass security isn't going to change here. Apple continuing to go the path they are with device security will fix that (if the govt doesn't block them). It's also worth noting that Apple HAS helped the govt in this way before, but they are clearly trying to close off the technical possibility of doing that anymore.


As for sharing the weakness.... Lets just say that I've been in the same... room.. with McAfee on more than one occasion. He is really hard to read, much like someone who has done way too many drugs. Yet, he can also break out of "character" to be completely serious and credible. Some of his presidential campaign videos demonstrate this. But he is absolutely a talented individual and he has plenty of contacts.


So, I'm a little curious about this just being a social engineering approach. Maybe he gets his hands on the phone and does something completely unexpected. Or maybe it's just empty political theatre along the lines of the Trump bullshit. (I really wish McAfee would get more news coverage and match him against Trump because of this)


However, let's say he is being honest here. There has been some conjecture on the technical possibilities for doing what the FBI wants. It amounts to pushing custom firmware that allows you to guess PIN codes much faster, and to disable the "wipe after too many bad passwords" option. This isn't so much an unknown hole. It's more of a known design insufficiency if you were going for maximum security. There are ways to prevent this in future designs, if Apple chooses to. They have already made improvements on the models after the iPhone 5c. They certainly have room to get better though.

The FBI is just going for easy, low-hanging fruit

I really feel like there is more going on here. Especially after hearing that Apple asked for the request to be under seal but the FBI decided to go public.

The FBI had NO fucking idea about any of the computers, they sat in a warehouse, untouched.

I have some stories about hackers trolling the shit out of the FBI by giving them "instructions" to unlock their data that would simply destroy it. Pretty sure I can't tell that publicly though


But this untouched computers thing.... is there ANY way they can benefit from that at the legal level? Like... make the defendent think the FBI unlocked everything and get them to admit everything?

The good news is that the EFF will file an amicus brief. Also, Apple has retained some excellent lawyers, including Theodore Olsen. Apple's refusal to cooperate with law enforcement has been brewing for the last year; they refused to unlock a drug dealer's phone in NYC last year.

The EFF is one of my favorite organizations to support, but they have been doing extremely good work lately.

[DigitalChaos]

I don't think the FBI even cares about the info on this particular phone, they've just been looking for a test case with the right buzzwords like Terrorism to be able to set the precedent.

From what I've read they thoroughly destroyed their personal phones before the attack, so the odds of him having used his work phone for anything related to the attack seem slim to me.

Further, the FBI has icloud backups from 1 month before the attacks. Nothing of use is in them.

Check out this Wired article by the awesome Kim Zetter. If anyone wants an easy to understand technical rundown of what the situation is, what is possible, what can be changed in the future, and how you can be secure now, this is the one to read.
http://www.wired.com/2016/02/apples-...ally-going-on/
cliffs: choose a long, complex pin. It'll take years to brute force your password even IF custom firmware is installed on the phone to make it easy.

[allegro]

But this untouched computers thing.... is there ANY way they can benefit from that at the legal level? Like... make the defendent think the FBI unlocked everything and get them to admit everything?

No, see, that's why the case took 5 years and was eventually settled; the FBI had ZERO employees who knew how to search for GIFs or JPEGs of allegedly scanned pictures, or for any alleged stolen software stolen by users of the BBS (that the SYSOPS knew nothing about) so the computers just sat there because the FBI had this "evidence" but it might as well be a bunch of space ships.

And I have dealt with the FBI over the course of 30 years, personally, and I know that they really are that stupid, and I don't think this is a "test case" because I really do believe they really are this stupid to think there must be some kind of MASTER FUCKING PLAN ON THAT iPHONE GOD DAMNIT. They deal with one case at a time.

Anyway ... true FBI story ... One night, at around 8:00 p.m., as my husband and I were sitting down to dinner, two FBI agents showed up at my door asking "can we come in and 'show you some documents?'" Um ... why? What kind of "documents?" Some documents that were prepared in your law office related to a case. Um, no, thanks. Have a nice night.

A few days later, I was served with a subpoena at work requiring me to go downtown to the Federal building and submit to mug shots, finger prints, and to handwriting analysis. This was all related to one of our clients being arrested for a Bankruptcy fraud case, and the Feds were also going after my boss as an accomplice. So, why ME? It is called a "Fishing Expedition." Bring me in to "scare" the others. Except nobody cares. So, they made me sign the name of one of the clients, over and over, with both of my hands, for some shit that I didn't sign. They let me go, when it was obvious I didn't sign anything, and then subpoena'd me as a witness in the Federal trial. And the FBI guys actually seemed to feel bad (and stupid) over this REALLY STUPID SHIT, but, hey, the FBI AND THE FEDS TO DO WHATEVER THEY WANT. Including, at some point, calling up people on Defense witnesses expert list and harassing their customers. Which is, of course, illegal. What did the Federal Judge do? "Aw, bad boys, no no, naughty naughty." And that was it.

A few times, in the 80s, when my ex was running a BBS, FBI agents would show up looking for various dissidents and wanted my ex (and other BBS-owners we knew) to look for them because the FBI didn't know how.

Years later, in around 2002, I was working with somebody in the prosecution of a case involving the FBI and the FBI agents still didn't know how to read their email.

[allegro]

However, let's say he is being honest here. There has been some conjecture on the technical possibilities for doing what the FBI wants. It amounts to pushing custom firmware that allows you to guess PIN codes much faster, and to disable the "wipe after too many bad passwords" option. This isn't so much an unknown hole. It's more of a known design insufficiency if you were going for maximum security. There are ways to prevent this in future designs, if Apple chooses to. They have already made improvements on the models after the iPhone 5c. They certainly have room to get better though.

Isn't what the FBI wants is shutting down the phone and then hardwiring into something that pushes a forced iOS reboot with a new iOS and the new iOS does not have any passcode at all or has a back door? I guess what I'm mentally thinking is, in the old days, shutting down the computer and then putting a new operating system floppy in the A drive and then firing that baby back up

[DigitalChaos]

@allegro - Holy shit that was a fun read. Thanks for sharing. Not related to the FBI, but I just got out of a subpoena by being an obnoxious fuck to the DA. (privacy requests, etc) He eventually told me just to stay home and if anything important came up that he would send a car if they needed me. It was fun.


As for the FBI goal here... I mean... why would they decide to not issue this under seal and instead go public? There has to be some reason for that, even if it's not very well thought out.

Kim Zetter's thoughts are: "If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices."
That seems plausible.

[DigitalChaos]

Isn't what the FBI wants is shutting down the phone and then hardwiring into something that pushes a forced iOS reboot with a new iOS and the new iOS does not have any passcode at all or has a back door? I guess what I'm mentally thinking is, in the old days, shutting down the computer and then putting a new operating system floppy in the A drive and then firing that baby back up

Almost. It's a request for a custom iOS to replace what is on the phone, but the goal is to allow the FBI to try passwords faster (the 9th bad attempt cause a 1hr wait) and without the risk of the device wiping itself on the 10th bad attempt (there is reason to believe this is turned on in the phone). Apple wouldn't actually be undoing the crypto, just allowing the FBI to much more easily guess the key.

[allegro]

As for the FBI goal here... I mean... why would they decide to not issue this under seal and instead go public? There has to be some reason for that, even if it's not very well thought out.

Because they knew that Apple would go public? Immediately?

Almost. It's a request for a custom iOS to replace what is on the phone, but the goal is to allow the FBI to try passwords faster (the 9th bad attempt cause a 1hr wait) and without the risk of the device wiping itself on the 10th bad attempt (there is reason to believe this is turned on in the phone). Apple wouldn't actually be undoing the crypto, just allowing the FBI to much more easily guess the key.

I think my idea, of not requiring a passcode at all, is a much better hack. The FBI = 0, Me = 1.

Oh, but there's also this:

There could be alternative methods to accomplishing the FBI’s goal without creating a special iOS firmware. This brute force hacking machine only costs $300 and can unlock any iPhone PIN in 4.5 days (as long as it’s running iOS 8 and lower). Infamous iOS hacker Will Strafach aka Chronic also suggested on Twitter that it could be possible to get into the iPhone using other exploits.

It IS really sad, and McAfee is right, that the FBI has such a sad and stupid team of espionage people that they don't have hackers that can do this. I bet there are some teenagers out there that can do it in a few days with some pizzas and Mountain Do.

You ever hear of this guy named Glen Roberts? Used to run an independent newspaper called "Full Disclosure," and then he did all this shit about anti-surveillance? I used to be friends with him in Ann Arbor, he was pretty inspirational to me and others back then, LOL. He is now known as a "guy without a country" who lives on bitcoins or something. He was "GLR" on MNET in Ann Arbor, and we all called him "GLUR" heh.

These FBI shenanigans are certainly old news.

[DigitalChaos]

I think my idea, of not requiring a passcode at all, is a much better hack. The FBI = 0, Me = 1.

No way to do that being that the file system is encrypted. You'd just be left with an unencryptable file system. The only known way to unencrypt it is with the pin and the phone's unique hardware key (both are needed at the same time).

Oh, but there's also this:

Yeah, this is that Chinese stuff. It's called the IP-Box. It only works for iOS 8.1.1 and below though. Terrorshit is running 9. The FBI has absolutely used this before and they have gotten some flack about it in court being that the device is Chinese and it, apparently, sends data to China. Go FBI!

Glen Roberts.

I actually hadn't heard of him. I'll have some fun reading to do. Love the stateless people. It's amusing you bring it up now because I was going to reply to your "move out of the country" comment with my desire to move out of everywhere and into the internet. Then I could drop all my 2nd amendment and focus entirely on the internet's version of the 2nd amendment: crypto!

[allegro]

No way to do that being that the file system is encrypted. You'd just be left with an unencryptable file system. The only known way to unencrypt it is with the pin and the phone's unique hardware key (both are needed at the same time).

Ahhhhhh, okay. Isn't there a way to just reset the passcode when it's rebooted with the new iOS? What about these idiots who forget their passcode?

I actually hadn't heard of him. I'll have some fun reading to do. Love the stateless people. It's amusing you bring it up now because I was going to reply to your "move out of the country" comment with my desire to move out of everywhere and into the internet. Then I could drop all my 2nd amendment and focus entirely on the internet's version of the 2nd amendment: crypto!

That sounds totally awesome!

[DigitalChaos]

Ahhhhhh, okay. Isn't there a way to just reset the passcode when it's rebooted with the new iOS? What about these idiots who forget their passcode?

You can reset the pin if you are ok with wiping the entire file system and starting clean. Customers who forget their PIN will loose all data and better hope they have made a backup through iTunes or iCloud (both of which tend to be a way for the FBI to get phone data... That's how some of the iCloud celebrity nudes hacking happen too).

Though, if you have the "find my iPhone" turned on a customer can't even reformat the phone. That's an antitheft thing that their customer service supposedly can't bypass but should be technically possible to override. I'll have to look into that more. Obviously the govt is never going to need this, but I'm sure it's a common customer problem. There is talk of Apple, in the future. extending the Find My iPhone reformat restriction to also block custom firmware replacement without the PIN. That would crush this FBI request too.


The pairing of the PIN with a hardware key is wonderful security too. Android doesn't have that yet, but they are working on it. In a PIN-only setup, anyone can just dump the encrypted file system and then try to crack the file system on a separate computer. Add in the hardware key (at least Apple's version) and you *need* that exact phone along with the PIN to decrypt the file system. Hell, you need that exact phone to even figure out if your guessed pin is correct. In theory, you can still dump the file system, but then you also have to guess the hardware key (some beasty 256 AES that's basically impossible to guess). The only theory I have heard for extracting the hardware key is by carefully shaving down the chip and using xray to see the silicon etching. But that's really expensive to do and its easy to defend against (a randomizing mask) and Apple hopefully did this.



I promise to split the non election stuff out to a dedicated thread when I'm not on mobile. But I'm going to keep going on about this stuff as long as anyone is interested or has questions.

[DigitalChaos]

OK posts are now split to a dedicated thread. I also copied a few posts to both threads so that conversation didn't get fractured.

[DigitalChaos]

Apple Says the Government Bungled Its Chance to Get That iPhone’s Data

This story keeps evolving.

So basically, the FBI mishandles evidence then tries to force Apple to fix it, all while pushing for a huge negative change to the privacy of every citizen. And fuck them for not talking about this and trying to hide this fact.

[DigitalChaos]

Some very important details that are being obscured by officials:

[DigitalChaos]

And while discussing this, Snowden just let it slip that the FBI has direct access to XKEYSCORE. This is pretty big news and nobody has noticed it yet.

[Jinsai]

And while discussing this, Snowden just let it slip that the FBI has direct access to XKEYSCORE. This is pretty big news and nobody has noticed it yet.

I think the main reason that nobody seems to be noticing this is because, for some inexcusable reason, 99.9% of people out there have no idea what XKS is.

[DigitalChaos]

I think the main reason that nobody seems to be noticing this is because, for some inexcusable reason, 99.9% of people out there have no idea what XKS is.

Oh for sure. I meant news coverage though. This is headline worthy. To their credit, this was only posted a few hours ago and deep inside a chat (mention?) thread. Everyone that specializes in National Security has had a ridiculous busy week too. I'm sure they were hoping for a quiet friday evening.

here is a direct link: https://twitter.com/Snowden/status/700835149924143104
Snowden starts going on about Gandalf's eagle and it's like... wut?!

[allegro]

I was, for a while, so fucking paranoid about XKS that I went around researching XKS sniffers to track if I was being tracked by XKS.

What the fuck.

At some point, I realized that I hoped I was being tracked by the Government. For yucks.

But not by BAD key trackers, like hackers trying to figure out my credit card numbers.

Really, I think you are right, @DigitalChaos , this is not really about this terrorist's phone; the FBI knows there ain't shit on that phone. They are only using this, PUBLICLY, to get PUBLIC "OMG ISIS IS GOING TO KILL US" sympathy (based on fear) to set a precedent to be able to do this whenever they want in the future, for drug deals, etc.

[Jinsai]

Donald Trump has now called for a boycott of Apple until they succumb to the demands of the FBI.

But he continues to tweet from an iPhone. Of course, when called out for it, he said he's going to switch to his Samsung.

This is so fucking ludicrous.

[thevoid99]

I so wish I had a rifle so I can blow his fucking head off.