Apple And The FBI: Intended And Unintended Consequences Of An iPhone Backdoor

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.


I did not understand much of your post. I am not versed on the how apple security works or on any kind of security. Maybe Äpple really created a no-backdoor solution. What I think is that there should be one, and maybe that means that Apple should change its design to allow authorities access to data on a phone they physically have.

About the last part of your post... Well, I simply think we are already exposed to such abuses. Judges can order searchs, can ask for financial information on you to banks and credit unions, can get info on your social security number, work history, medical history, etc. But that does not mean they are going to do it. Can a hacker do that too? Sure they can! That does not mean we should forget about digital data and get back to good old paper.

I do not get why we are all so worried about the FBI spying our emails, when they already can get almost any information they want. They can get a search warrant and read your diary!
 
I can't believe every one's so worried about some dead guy's privacy, when the issue at hand is about terrorists killing civilians.

Are you really more worried about the good guys spying on your petty little emails than you are about the bad guys pumping bullets into you and your families' bodies?
 

By the time they get the phone, your friends and family are usually already dead and the phone data does them little good. In the San Bernardino case, the FBI believes the two shooters have no connection to terrorist groups and since they were married together, I doubt they needed to use their phones all that much for communication.

Terrorists (and people) who really want their communications to remain private should use an open-source or in-house encrypted communication app (difficult to backdoor when you can read the source to ensure there aren't any) on top of an encrypted device - even if the FBI gets their backdoor in the device's security, they still have to break the app's encryption, which is impossible in apps that use ephemeral end-to-end session keys unless you have spyware on the device capturing those keys before they are forgotten/destroyed.

As others have said, the FBI has no real need for the phone's data. They are primarily publicizing it in an attempt at eroding people's rights to privacy - try to get people to believe that giving up on their privacy and online security will make any difference in terrorism. Hint: it won't. There are too many alternative channels and additional security layers for smart terrorists to fall back on. Don't want to trust apps on Google Play? Side-load your own, infinite possibilities that are beyond any authority's control and under their radars.
 
' infinite possibilities that are beyond any authority's control and under their radars.'

Careful, you'll break some peoples' minds with this truth. They just can't handle it.
 
They need to hire the people at IMF, they can crack anything which is kinda scary, scanning a dead person brain and finding out the code that would be a real Mission Impossible.
 


You have a good perspective. I wouldn't mind if Apple worked with the FBI to help them update firmware on a device to make faster work of guessing the password used for the encryption on a device. The password will almost always be a 4 digit number anyhow so it should not take to long. This requires physical access and I am all for it. The physical access is key as that is what allows you to take current laws and apply them to say an encrypted phone.

What I am not for is remote access to a phone encrypted or not. This opens up a world of potential issues that have been discussed. Could you imagine what would happen if China says well the US has a backdoor we want it too or no phones sales in China.
 
thing is if uncle sam don't get there way they will sick the IRS on them lock up accounts have customs officers hinder imports at the ports and put all money squeezes and any inconveniences they legally can on apple and cost them millions a day apple will start to see things ''there'' way . count on it
 
'infinite possibilities that are beyond any authority's control and under their radars.'

Careful, you don't want to make any authoritarians have a mental breakdown.
 


You actually hit the nail right on the head as to what this whole ordeal is actually about. Apple is in the process of trying to have Apple products used for Chinese government use. China will not use it at all if there is a backdoor of any kind. Due to this recent terrorist attack, the FBI is now requesting a backdoor of sorts put into the phone; putting Apple in a bad position. It is well known that Microsoft has been quite US government friendly; thus why their software is used in our government and banned in China's (8 on at least). Apple on the otherhand, not so much and why they're looking at different markets.

http://www.tomshardware.com/news/china-apple-software-security-audit,28449.html

 
What if disassemble phone and detach EEPROM from main-board. after that re-ball to detached EEPROM. Use test equipment for memory dump. Will it possible? It is worth to try.. in my dream..
 
Bottom line:

If Apple hacks it's customers then no one will trust Apple and buy their products anymore, hence the multibillion dollar company going down into shambles. Google and other tech companies would also follow suit. Who would buy from a company they cannot trust? Our advancement in tech would also come to an abrupt stop. Of course Apple and other tech giants know this, and it's the only way to save their company. On the other hand, is your private information and security really their top priority somewhere listed in their company motto, or is the ability to continue selling products their ultimate goal?

Another option:

remove in-house iphone encryption and allow 3rd parties to make apps to secure the iphone with much more robust encryption. As you know app devs are located around the world, let's see the government go after multiple app devs in countries which do not cooperate with the american legal system.
 

Doing a memory dump of the eMMC is pointless because it is encrypted. Doing a dump if the UID in the Secure Enclave is impossible since Apple says there is no externally accessible read-back path for the memory containing the UID - the UID memory is write-only from the software/firmware side, only the hardware is capable of using it to generate keys.


How would you beat the security of hardware-backed encryption with a purely software implementation? With the current Secure Enclave implementation, the "root key" (UID) used to generate secure keys is stored in a write-only memory that allegedly cannot be read back even by Apple. Without secure hardware, your software would be relying entirely on regular storage and user-provided authentication for security, which would be much weaker.

With Secure Enclave, you have to brute-force your way through the combined strength of a 256bits secret "seed" (the UID) which effectively eliminates offline attacks as an option (running GPU/FPGA/ASIC crackers) + the password + 80ms computational time within the Secure Enclave per attempt which makes even weak passwords and PIN potentially strong enough to last long enough to initiate a remote wipe.
 
break out the popcorn cause this ne is just getting better. the ever stoic trump has weighed in again calling for an apple boycott until they give in to the gov.

apple's response is classic "Trump’s call for Apple boycott puts the company in standing with other good people he has criticized."

got protesters in front of apple stores supporting them and now the DOJ trying to force apple to do what they have already refused to do. seems to me that so apple is winning this one hands down.
 
What gets me is all this ruckus is based upon rumor and advertising claims coming out of Apple. People are not reading the court order, they are taking sides based solely upon which side they want to like even before knowing anything.

I have read the court order. It does not say what Apple claims it says. Apple is telling a massive lie on this thing.

NO, Apple has not been ordered to provide a backdoor.

NO, Apple has not been ordered to give the FBI modified software.

NO, Apple is not incapable of doing this work. Apple has admitted to the FBI that it can in fact remove the security features as requested.

The court order and the Dept of Justice Motion to Compel which followed are specific on these points.

Apple may do the work entirely under its own roof with its own personnel.

Apple may withhold the resulting software from the FBI, never releasing it or the source code.

Apple has been asked to only write the software they use to be encoded for the specific phone's electronic ID. This to prevent the code from working on any other phone. Even so, Apple may keep the phone secure under their own rood. When finished, Apple may restore the normal operating system, revealing nothing to the FBI other than the data hidden by the dead murderer.

Apple has been encouraged by the court, by the FBI and by the US Attorney to suggest any ideas or conditions they wish to achieve the ordered work.

Apple is to be paid for doing the job.


Will no one else read this stuff?

The original court order.
https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

Interview with DoJ is here:
http://www.latimes.com/local/lanow/la-me-ln-apple-fbi-motion-to-compel-20160219-story.html

DoJ Motion to Compel filed with the court:
http://documents.latimes.com/doj-motion-apple-comply-fbi/
 

But it is the first step in that direction.


Only because it is a 5c, which does not have Secure Enclave. For newer models that do, a backdoor (which will need to be installed before an unlock to capture generated keys or sniff the password) will be the only way of extracting the keys, assuming Apple was telling the truth when they said that even Apple has no access to the UID and no records of it either.
 
What makes the FBI's position even more disingenuous is the fact that we know who the San Bernardino shooter was...there's no need for his phone data to bolster the case against him. Not only that, he's dead. So there is no reason that the government needs this data.

Go go gadget Apple!
 

The shooters may be known and dead, but that does not explain the motives and history that lead to the incident. Knowing the details that lead to it may help prevent similar cases in the future. Is the phone's data necessary for doing so? That depends on how much data was already available elsewhere. If there is little to no physical evidence to construct a psychological profile and history from, there is a fair probability that most records will be in digital form somewhere.

Investigations into major crimes do not stop at the bare minimum for conviction. They usually try to reconstruct the case as far back as they deem relevant to understanding what happened.
 


I'm sure they're also looking for more answers in regards to other people who may be involved (since this was considered an ISIS attack); as well as any other plans that are being prepared.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom