Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Old 02-19-2016, 04:53 AM   #21
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Mar 2011
Posts: 8,362
Quote:
Originally Posted by Aerides View Post
Exactly Guass, if you want to find an expert hacker for one job, you go to DefCon, you don't need to go to Apple.
Two nineteen year old Russian kids should hack that phone in about an hour.
Or get Chloe.
__________________
Living well is the best revenge!
Retired @ 52 in 2005
marko is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-19-2016, 06:16 AM   #22
Thinks s/he gets paid by the post
 
Join Date: Aug 2007
Posts: 2,857
Quote:
Originally Posted by audreyh1 View Post
And then how are they supposed to be able to download this software onto the locked phone to change the features?

Apparently with an older generation of iPhone, Apple has the ability to install a new iOS image without unlocking the phone. The phone in this case is a 5c, which is equivalent to the iPhone 5. From what I've heard, this isn't possible on the latest iPhones.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 02-19-2016, 06:41 AM   #23
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Mar 2011
Posts: 8,362
My two cents:
I'm a little surprised on all the talk about "privacy".
As it's been discussed here many times, if you really want your documents, call logs, thoughts and photos truly private, don't even think of putting them near an internet connection.
There is no privacy anymore.

On one side, Apple seems disingenuous in suggesting otherwise.
On the other side, the FBI has other avenues to get such information, so I'm not sure how rich the data sitting there might be.

In the end, all I see is an advertisement for iPhone to be the new phone of choice for the nefarious, supported by a big corporation.
__________________
Living well is the best revenge!
Retired @ 52 in 2005
marko is offline   Reply With Quote
Old 02-19-2016, 06:48 AM   #24
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ls99's Avatar
 
Join Date: May 2008
Posts: 6,499
Now for the funny part.

No need for the fingerprint security venue to make a phone's contents virtually inaccessible. As kiki noted this is version of iphone 5. If the phone was locked with a figerprint, theoretically and likely in practice, the dead owners finger even if detached, could be used to unlock it.

Thus apple was blowing huge amounts of smoke with their error 53 on the 6 model, which of course we now know did not wreck the device. Just an attempt to sell more devices.
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-19-2016, 07:03 AM   #25
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by explanade View Post
Notice the change in the govts position?

They were saying they needed a backdoor to prevent terrorist attacks, the so-called ticking time bomb scenario or the weekly plot of "24" with Jack Bauer literally racing the clock against th bad guys.

I this case they want to make it easy to unlock the phone by brute force, try every combo. If the guy used 4 digit code, only 9999 combos to try. If he used 6 digits, it would take 5.5 years to try all the combos. ...
Not exactly racing against the clock here.

So people suspect it's mainly a ruse to force Apple to provide a way to crack the device. ...
Your numbers are based on hand entry of the codes. The govt is asking for electronic access, where a computer could make 10+ tries per second. It won't take long to try 1,000,000 combinations when it is automated like that (70 days worst case with 6 digits performing 10 tries a second, 35 days on average).
(6^10) ∕ (10 ⋅ 60 ⋅ 60 ⋅ 24)
= 69.984
If they used 6, or even 4 alpha-numerics - that turns into many years.


Quote:
But it's dumb move, because this case just helps potential terrorists on how to take measures to make their devices harder to crack. And if they do succeed in loading this less secure firmware on an iOS 8 iPhone which is locked, Apple can make future versions of iOS not have this loophole, if they haven't gotten rid of it already in iOS 9.
It does make very secure devices the device of choice for bad guys. I don't know that there is any good answer to this - I want protection from bad guys, and I'm just not all that hung up on privacy the way some people are - but even I see this isn't an easy one.

-ERD50
ERD50 is offline   Reply With Quote
Old 02-19-2016, 07:12 AM   #26
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Mar 2011
Posts: 8,362
Quote:
Originally Posted by ERD50 View Post
It does make very secure devices the device of choice for bad guys. I don't know that there is any good answer to this - I want protection from bad guys, and I'm just not all that hung up on privacy the way some people are - but even I see this isn't an easy one.

-ERD50
For me it's an easy one: unlock the phone!

But I will agree philosophically that it's a challenging situation, but I come at it from the practical view of:
- we don't have any online privacy to begin with
- I don't have anything the FBI might be interested in
- we are at war in a sense and the rules become different in this case
__________________
Living well is the best revenge!
Retired @ 52 in 2005
marko is offline   Reply With Quote
Old 02-19-2016, 07:38 AM   #27
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by marko View Post
For me it's an easy one: unlock the phone!

But I will agree philosophically that it's a challenging situation, but I come at it from the practical view of:
- we don't have any online privacy to begin with
- I don't have anything the FBI might be interested in
- we are at war in a sense and the rules become different in this case
I pretty much agree with that (and other's may disagree - that's fine, just different viewpoints).

But I think there is still a pragmatic issue. It not only protects your data, but your payment info. If Apple provides a backdoor, they do need to worry about that backdoor getting out and in the hands of bad guys. They become a target. It could be better to simply have no backdoor than to try to protect that backdoor.

Maybe a backdoor could be constructed where it is software and some complex hardware - maybe 3 different pieces, kept in safes with the old multiple key locks, and the phone is moved, under guard, from place to place, so the hardware pieces are never unlocked at the same time. Different designers for each piece of hardware (or I suppose, different keys that are stored and locked with the device, but not exposed unless needed to replace the hardware - all done under a high level protocol.

Sounds like the plot for T-Al's next book?

-ERD50
ERD50 is offline   Reply With Quote
Old 02-19-2016, 07:43 AM   #28
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: NC
Posts: 21,204
I can see both sides as well, though I tend to side with Apple/Google/Facebook's position. It's not as easy or simple as cracking one phone if I understand this correctly. It would likely compromise the privacy of many. May be naive, but we have iPhones largely because we trust Apple more than Google/Samsung.

It's not as if there is no other evidence they have to work with. There are still lots of people who don't have smartphones. It wasn't that long ago that no one did. Yet crimes were solved.

Interesting what Snowden unleashed...
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 50% equity funds / 45% bonds / 5% cash
Target WR: Approx 1.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Old 02-19-2016, 07:44 AM   #29
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,007
Quote:
Originally Posted by marko View Post
- we are at war in a sense and the rules become different in this case
Oh yeah - dump all those individual protections. We are at war! Never mind liberty.

We don't keep any personal documents online nor use iCloud backups. I don't see any link between online privacy and this case.

The FBI has been pressuring Apple for years to create a backdoor for them to access any iPhone. Apple won't do it for several reasons, not the least being that once there is a backdoor, the bad guys will figure out how to access it too.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 02-19-2016, 07:47 AM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Texas
Posts: 10,863
The FBI/CIA knows who the best hackers are. Some can be probably be found at Blackhat/Defcon, maybe. Hey in the US, these conferences are held in Las Vegas so why doesn't the FBI put some money up with a "specification" and challenge. If these guys/gals (hackers) are so good, simply offer "the first of them" to win (capture the flag in Defcon parlance) $10m to design and effectively demonstrate the code/method necessary to break into such a device, as specified. If successful, the FBI gets what they want, someone (the hacker) is rewarded for their efforts/skills, and Apple would know they need to fix their code.
Car-Guy is offline   Reply With Quote
Old 02-19-2016, 07:56 AM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by Car-Guy View Post
The FBI/CIA knows who the best hackers are. Some can be probably be found at Blackhat/Defcon, maybe. Hey in the US, these conferences are held in Las Vegas so why doesn't the FBI put some money up with a "specification" and challenge. If these guys/gals (hackers) are so good, simply offer "the first of them" to win (capture the flag in Defcon parlance) $10m to design and effectively demonstrate the code/method necessary to break into such a device. If successful, the FBI gets what they want, and Apple would know they need to fix their code.
I believe that the security of a device like the iPhone is actually getting so good as to be essentially un-hackable. Yeah, I know, never say never, but - you have a device with extremely close-coupled hardware, very detailed and involved internal software checks, challenges, and validations, and a very dedicated group of very smart people who have been working on this for a long, long time.

This is different from trying to protect data that gets sent over the web or other external methods. We are talking about the data that resides only in encrypted form, deep inside the hardware of that device. You just can't get to the data w/o passing ALL the tests. And when you get to long alpha-numeric encryption keys for all this, brute force just won't do it.

Again, I'm talking about any data stored only internally in the device, and not the stuff that also goes external. But even with the long keys, that stuff could be near impossible to decode as well, if the keys are only stored internally in that phone.

-ERD50
ERD50 is offline   Reply With Quote
Old 02-19-2016, 08:01 AM   #32
Thinks s/he gets paid by the post
dixonge's Avatar
 
Join Date: Mar 2008
Location: Jalisco, Mexico
Posts: 1,745
They don't need permission from Apple - just hire this kid...

FBI, British police nab alleged 'crackas' hacker

Also, this is a very lengthy detailed article and links and comments on the topic and implications...

Judge Demands that Apple Backdoor an iPhone
dixonge is offline   Reply With Quote
Old 02-19-2016, 08:05 AM   #33
Full time employment: Posting here.
 
Join Date: Jan 2011
Location: Southern Maine
Posts: 672
Quote:
Originally Posted by Alan View Post
I have it set on my iPhone to wipe after 10 failed attempts.
As do I .... I also:
  • have more than 4 numbers in my passcode
  • remove access to Siri when locked
  • remove "reply with Message" when locked
  • remove access to wallet when locked
  • Disabled SMS Preview
  • enabled "ask to Join Networks" for wifi
  • Turn off Frequent Locations


Speaking of frequent locations... try this, On your iPhone go to Settings->Privacy->Location Services
Scrolll to the bottom and go into System Services->Frequent Locations you will see all the places you have been recently, home address, malls, work....
ChiliPepr is offline   Reply With Quote
Old 02-19-2016, 08:10 AM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Car-Guy's Avatar
 
Join Date: Aug 2013
Location: Texas
Posts: 10,863
Quote:
Originally Posted by ERD50 View Post
I believe that the security of a device like the iPhone is actually getting so good as to be essentially un-hackable. Yeah, I know, never say never, but - you have a device with extremely close-coupled hardware, very detailed and involved internal software checks, challenges, and validations, and a very dedicated group of very smart people who have been working on this for a long, long time.

This is different from trying to protect data that gets sent over the web or other external methods. We are talking about the data that resides only in encrypted form, deep inside the hardware of that device. You just can't get to the data w/o passing ALL the tests. And when you get to long alpha-numeric encryption keys for all this, brute force just won't do it.

Again, I'm talking about any data stored only internally in the device, and not the stuff that also goes external. But even with the long keys, that stuff could be near impossible to decode as well, if the keys are only stored internally in that phone.

-ERD50
No one said it was easy, but if they offered $10m, it might be worth the effort. Heck there's freeware encryption code "out there" that was written by small teams, that's never been hacked/cracked. Soooooo, I'm not sure anyone could hack the Apple device, but it would be interesting to see.
Car-Guy is offline   Reply With Quote
Old 02-19-2016, 08:37 AM   #35
Thinks s/he gets paid by the post
 
Join Date: Aug 2007
Posts: 2,857
The problem with providing a backdoor is that once it's done, the criminals will use other means to protect/encrypt their data. If corporations are forced to provide backdoors into their products, then all we've done is given the government/criminals a means to collect data on anyone. IMO, that's not good.

I feel the government's pain on this issue, but I don't think they have any easy solutions. If you're part of a criminal/terror organization, why not create your own app to communicate among your members and store all your data? The app can be protected with a strong passcode/encryption and self-destruct if you enter an invalid passcode three times. And since it's not provided by a corporation that the government can force into compliance, there's not much they can do. Not an easy problem to solve.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 02-19-2016, 08:38 AM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 26,821
Quote:
Originally Posted by Car-Guy View Post
No one said it was easy, ...
I'm saying that "not easy" is a gross, gross understatement of what it probably takes to crack a device with these coupled hardware/software protections.

OK, maybe Apple slipped and there is some trick way to get it? Not impossible, but remember the only entry is through the fingerprint module, or a passcode. It's just a very different beast we are talking about here. And after several attempts, delays are built in to slow down brute force attempts (IIRC from a recent blog - a one hour delay between requests after 10 or so bad attempts). It's just so tightly coupled, getting around these delays just does not appear feasible.



Quote:
I'm not sure anyone could hack the Apple device, but it would be interesting to see.
So would a perpetual motion machine.

Maybe someone will crack it, and I'll eat those words. But I think the probability is really, really, really low. And maybe worth more to the bad guys than any legitimate $XXM reward?

-ERD50
ERD50 is offline   Reply With Quote
Old 02-19-2016, 08:46 AM   #37
Thinks s/he gets paid by the post
 
Join Date: Jun 2013
Posts: 1,019
Here's an article on CALEA, which was passed in 1994 (and has since evolved) and specifies what the Telecoms must provide to support wiretapping. But of course back then there we didn't have smartphones that stored information. So perhaps one effect of the Apple vs FBI dispute will be to evolve the law further to clarify what should happen in such cases.

https://en.wikipedia.org/wiki/Commun...nforcement_Act
Which Roger is offline   Reply With Quote
Old 02-19-2016, 08:52 AM   #38
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,007
Quote:
Originally Posted by kiki View Post
The problem with providing a backdoor is that once it's done, the criminals will use other means to protect/encrypt their data. If corporations are forced to provide backdoors into their products, then all we've done is given the government/criminals a means to collect data on anyone. IMO, that's not good.

I feel the government's pain on this issue, but I don't think they have any easy solutions. If you're part of a criminal/terror organization, why not create your own app to communicate among your members and store all your data? The app can be protected with a strong passcode/encryption and self-destruct if you enter an invalid passcode three times. And since it's not provided by a corporation that the government can force into compliance, there's not much they can do. Not an easy problem to solve.
Yes - the criminal will use other means, AND also can use the new backdoor "feature" to gain access to the phones of the non-criminals.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 02-19-2016, 10:11 AM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,171
If you wonder why Apple is so paranoid about security read this from Krebs on home surveillance products.

http://krebsonsecurity.com/2016/02/t...net-of-things/

Quote:
As I noted in a recent column IoT Reality: Smart Devices, Dumb Defaults, the problem with so many IoT devices is not necessarily that they’re ill-conceived, it’s that their default settings often ignore security and/or privacy concerns. I’m baffled as to why such a well-known brand as Foscam would enable P2P communications on a product that is primarily used to monitor and secure homes and offices.
__________________
Comparison is the thief of joy

The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 02-19-2016, 11:19 AM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2005
Posts: 17,203
Quote:
Originally Posted by marko View Post
For me it's an easy one: unlock the phone!

But I will agree philosophically that it's a challenging situation, but I come at it from the practical view of:
- we don't have any online privacy to begin with
- I don't have anything the FBI might be interested in
- we are at war in a sense and the rules become different in this case

I do not care that we are at war.... heck, let them break down your door and search because someone phoned in a tip and said you were a terrorist.... really?




BTW, it is not just this phone.... they had the NYC chief of police say that he has a number of phones that he wants access.... no terrorist connections at all.... if they can order it done for the terrorist, they can order it for any phone...

Also, look at what happened to the forfeiture laws that were put into place to go after the 'drug lords'.... now they take grandma's car because grand kid was driving and got pulled over with some drugs... not to sell, just had some... if you give them an inch some will take a mile (or more)....
Texas Proud is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Way to go FBI Mwsinron Other topics 30 05-10-2007 06:57 AM

» Quick Links

 
All times are GMT -6. The time now is 02:22 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.