Apple challenging FBI demand to hack iphone

Status
Not open for further replies.
E

EvanWilson

Kingfisher
Gold Member
I was just reading that the iPhone, while being used by Farook, it is owned by "The phone is owned by Farook's former employer, the San Bernardino County Department of Public Health."
http://finance.yahoo.com/news/mark-cuban-apple-did-exact-134039495.html

In this situation, it is up to the San Bernardino County Department of Public Health as to if there is a privacy issue or not. They have the right to ask that the phone be accessed, thereby getting rid of all of the privacy arguments in any upcoming case. As you can imagine, I can not see a government agency would tell the FBI that they did not want a device that was theirs to be search after it was used in the planning of a crime.
 
weambulance

weambulance

Hummingbird
Gold Member
The fact that the owner is the municipal whatsit instead of the dead guy doesn't change anything. It's not a case of whether or not the warrant is valid, but of whether or not Apple can be compelled to provide software tools that currently do not exist that will compromise all iphones everywhere.

If the iPhone is properly encrypted and there is no backdoor, Apple can't just wave a magic wand and unlock it. That's kind of the point. Just knowing the encryption algorithm doesn't mean you can reverse it without the key. I believe iOS devices use hardware AES encryption--(apparently the phone in question uses software encryption)--and AES is not exactly top secret.

Somewhat speculative but detailed article about what the FBI wants done in technical terms.

Note the bit about how it will only be run on that phone. Sure. Until the next case...

I'd rather the firmware update not be made at all. Can't put the genie back in the bottle.

Regarding Mr. McAfee, how does he propose to use social engineering to obtain the passcode of a guy who's fricking dead?
 
Ghost Tiger

Ghost Tiger

Ostrich
Gold Member
weambulance said:
Regarding Mr. McAfee, how does he propose to use social engineering to obtain the passcode of a guy who's fricking dead?
Click to expand...

I'm sure he would answer that question better than I can, but it is not as unrealistic as you are letting on. His team of hackers would go through social media posts by the murderers and possibly interview people that knew them. There are a number of tricks available to McAfee, many of which I'm sure he would be unwilling to reveal as they would be trade secrets. I'm telling you he can do it.
 
kaotic

kaotic

Owl
Gold Member
weambulance

weambulance

Hummingbird
Gold Member
Well, here's the problem as I understand it:

0) The target is dead, so you can't persuade him, or beat it out of him.
1) The number of possible passwords is on the order of 10^11. I'm being nice here and saying it's fairly short. I'm assuming it's not a simple pin, because I really don't see how social engineering is going to figure out whatever number the guy pulled out of his ass when he set up the phone.
2) Your only clues are the hints he left in his writing and whatever you can glean from his personal relationships, interests, etc.
3) The target does not appear to have been technically incompetent.
4) For the icing on the cake, you have just 10 guesses at a password before the data is destroyed. The FBI has probably already used some of the guesses, possibly even 9 of them.

Seems like a pretty big problem. The last two points are the real sticky ones. If we assume the terrorist had a nonzero understanding of password security, and was tolerant of inconvenience for the sake of security, all the hints in the world from his contacts and posts online aren't going to help, and that number of possible passwords could have a whole barrel of zeroes added to it. For reference, the weakest passphrase I use has on the order of 10^27 possible combinations. The strongest are on the order of 10^54 or so.

Let's say point 3 is wrong, and he is a noob. Fine. How do you get past the 10 guesses? Even if you're only talking about a four digit pin, and you know it's a four digit pin up front, you're still looking at a 99% chance of blowing it (I'm giving the psychology of password choice some credit here). Seems to me that using social engineering to figure out the magic pin number is just a way of still being wrong, but with confidence. Or are they hoping he had some kind of weird obsessive disorder they'll uncover, like he left notebooks full of 1717 in crazy scrawled writing?

Seems to me like the FBI knows exactly what they're up against, and they know they're fucked if they can't bypass--not break, but circumvent--at least a few of the security features.

I'm not a cybersecurity expert, far from it. I'm just using what I do know about encryption and logic to assemble the problem. Unfortunately logic is another really good way to be wrong with confidence, so if someone wants to tell me specifically why I'm wrong about this, I'm interested to hear it.
 
Ghost Tiger

Ghost Tiger

Ostrich
Gold Member
Handsome Creepy Eel said:
How much cocaine does he require?
Click to expand...

This much...

FW5n8oe.jpg
 
Benoit

Benoit

Pelican
Gold Member
weambulance said:
I'm not a cybersecurity expert, far from it. I'm just using what I do know about encryption and logic to assemble the problem. Unfortunately logic is another really good way to be wrong with confidence, so if someone wants to tell me specifically why I'm wrong about this, I'm interested to hear it.
Click to expand...

They are using government power to attempt to force a private company to weaken the security of a product, whose major selling point is the security of it.

Apple saw the writing on the wall and knew if they could do it, they would be compelled by the law to do so. So they took the temptation away by removing that power from themselves. Now they're being told to deliberately break their own system.

I don't believe that it will be used "just once". There will always be another bad guy to target - if the next one is a paedophile, "won't somebody think of the children?"


What is on that phone that they need to take these steps?

Either they're guessing, which means they're pushing the law further than ever on a hunch;
Or they have credible intelligence about what got onto the phone, which means somebody else already knows the contents, and there are other routes to gather that information.


The guy is already guilty, there's no hidden bombs like in 24, this is just the same as a small town police department having a main battle tank "just in case".
 
Ghost Tiger

Ghost Tiger

Ostrich
Gold Member
tynamite said:
But what if the government forces McAfee to hack even more iPhones? What then? He should have kept his mouth shut.
Click to expand...

McAfee would just pull a Snowden and go on the lam. Or just go to prison in defiance. I have faith in his hatred for the government.
 
E

EvanWilson

Kingfisher
Gold Member
kaotic said:
Handsome Creepy Eel said:
Ghost Tiger said:
John McAfee just threw down the gauntlet...

http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2

Says he can hack the phone with social engineering within three weeks and the government won't have to force Apple to make this stupid back door. He can do it.
Click to expand...

How much cocaine does he require?
Click to expand...

A kilo of cocaine and 20 hookers oughta do the trick, I have faith in him :laugh:
Click to expand...
I think his 'drug of choice' was crystal meth.
http://www.telegraph.co.uk/technolo...McAfee-sex-drugs-and-anti-virus-software.html
 
BassPlayaYo

BassPlayaYo

Kingfisher
John McAfee is full of shit, if social engineering is all it took, the FBI could cover that easily. This is all theater for public consumption anyway, Apple will comply but just doesn't want to look like it rolled over easily all in the name of plausible deniability. There's probably nothing of intelligence value on that phone anyway.
 
oilbreh

oilbreh

Woodpecker
Apple is in it with the gov. They have unlocked phones for them before plenty of times. This is a publicity stunt to get apple money as it is seeing slow down in growth (essentially get corporate customers like thos blackberry use to have based on its security) and to get the public outraged so that the new laws the government wants to pass get through.
 
B

BortimusPrime

Ostrich
Unless the government intends to ban encryption software altogether, it seems like the only purpose of this is for spying on regular people who are just going to use default settings on devices built by government compliant corporations. You don't hear a lot of complaining about the encryption software that's been around for decades that requires one to go out of their way to use.

My guess is that at some point the government is going to try and push a permit requirement for encryption software that they'll only give out to companies. Everything they can't ban without public outrage, they try to restrict as much as possible with obtuse licensing requirements that at least give them a list of people of whom to be suspicious. Requiring gun permits for example, doesn't help at all with criminals who don't get permits for their weapons, but it's a handy list of all the likely libertarian malcontents out there. An encryption software license would be a lot harder to justify to the public than a gun license (we don't want to sell guns to loonies!), but I imagine they could use the terrorist spin like they're doing now.
 
Status
Not open for further replies.
Top