Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Apple v FBI
Old 02-18-2016, 06:35 PM   #1
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Apple v FBI

By now most are aware that Apple is refusing to hack the Iphone used by San Bernardino shooters.

Enter the dragon: McAfee

Staff / From the minds of Ars

McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV

He does take the side of Apple re: no back door to the OS. But willing to do everyone a favor by hacking the one phone. Wonder if his offer will be taken up.
McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV | Ars Technica

" "So here is my offer to the FBI," he continues. "I will, free of charge, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering, and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in its product, which will be the beginning of the end of America." "
__________________

__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-18-2016, 06:43 PM   #2
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Have him demonstrate on a test iPhone rigged identically first, please.

He tends to... um... behave a little differently from most folks...
__________________

__________________
M Paquette is offline   Reply With Quote
Old 02-18-2016, 06:51 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,611
Quote:
Originally Posted by M Paquette View Post
HHe tends to... um... behave a little differently from most folks...
Thank you, and please accept my nomination for greatest understatement of the year so far.
__________________
braumeister is online now   Reply With Quote
Old 02-18-2016, 06:57 PM   #4
Full time employment: Posting here.
Calico's Avatar
 
Join Date: Apr 2012
Posts: 924
Quote:
Originally Posted by braumeister View Post
Thank you, and please accept my nomination for greatest understatement of the year so far.
Seconded!
__________________
Calico is offline   Reply With Quote
Old 02-18-2016, 06:58 PM   #5
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Quote:
Originally Posted by braumeister View Post
Thank you, and please accept my nomination for greatest understatement of the year so far.
+10

Edit Add

In another thread M Paquette gave a really good desription some of the security features. The linked thread is a fairly detailed discussion of how it is done and the problems it poses in breaking attempts.

http://arstechnica.com/apple/2016/02...e-desired-key/
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-18-2016, 07:09 PM   #6
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 1,712
Quote:
Originally Posted by M Paquette View Post
Have him demonstrate on a test iPhone rigged identically first, please.
As I thought through this, I came to the same conclusion. Why cant the FBI hire any hacker firm to do the deed? Does Apple really need to be involved or is this all about political theater?

I am assuming that there are no tamper sensors on the iPhone case that will wipe memory upon opening case. If this is the case, reading out the memory should be possible -- even if the chips need to be removed from the MB.

Folks could proof of concept all of this and work out the procedure on a sacrificial Iphone. I hope big media explores this concept.

Me thinks things are not as they appear....

-gauss
__________________
gauss is offline   Reply With Quote
Old 02-18-2016, 07:35 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
This is an interesting case, with both sides having a valid point.

I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 02-18-2016, 07:39 PM   #8
Full time employment: Posting here.
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 695
Exactly Guass, if you want to find an expert hacker for one job, you go to DefCon, you don't need to go to Apple.
__________________
Aerides is offline   Reply With Quote
Old 02-18-2016, 07:43 PM   #9
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Quote:
Originally Posted by easysurfer View Post
I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.

This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
__________________
M Paquette is offline   Reply With Quote
Old 02-18-2016, 08:22 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
Quote:
Originally Posted by M Paquette View Post
This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
Well, in that case, I want the option on all phones .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 02-18-2016, 08:36 PM   #11
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,113
Quote:
Originally Posted by M Paquette View Post
This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
I have it set on my iPhone to wipe after 10 failed attempts.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 02-18-2016, 08:44 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2005
Posts: 13,283
Quote:
Originally Posted by easysurfer View Post
This is an interesting case, with both sides having a valid point.

I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.

I actually do not think the gvmt has a good point...

They are trying to force a company to do something they do not want to do and could have a HUGH financial cost to them if they do it....


I would say that the gvmt should have enough smart people to do what they need for this one phone... and if they do not, too bad...
__________________
Texas Proud is offline   Reply With Quote
Old 02-18-2016, 08:54 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 16,446
+1 This phone may or may not have any useful information and the potential good seems slight compared to the precedent it would set. Also, both terrorists are dead.
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
Slow and steady wins the race.
pb4uski is online now   Reply With Quote
Old 02-18-2016, 08:59 PM   #14
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
BTW, the FBI supposedly already has everything that was backed up to the "cloud" from this phone.
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 02-18-2016, 09:03 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,284
Quote:
Originally Posted by M Paquette View Post
Have him demonstrate on a test iPhone rigged identically first, please. ...
Exactly. That's quite a claim he's making - I sure wouldn't want to risk the actual data on that phone to that guy's attempts.


Quote:
Originally Posted by gauss View Post
As I thought through this, I came to the same conclusion. Why cant the FBI hire any hacker firm to do the deed? Does Apple really need to be involved or is this all about political theater?

I am assuming that there are no tamper sensors on the iPhone case that will wipe memory upon opening case. If this is the case, reading out the memory should be possible -- even if the chips need to be removed from the MB.

Folks could proof of concept all of this and work out the procedure on a sacrificial iPhone. I hope big media explores this concept.

Me thinks things are not as they appear....


-gauss
Yes, things are not as (simple as) they appear. It is nowhere near as simple as "reading out the memory... even if the chips need to be removed from the MB".

You can pull the chips, but the data is encrypted. It does no good to get the raw data, and the keys are probably long enough that it would take years to brute-force it. The data might even be spread across several chips, with different encryption methods in each. I don't know (only Apple does), but I know enough to know this stuff gets very serious and very complex very quickly. This isn't child's play. OK, I'd bet that even if you pulled the chips, you couldn't read anything from them w/o "authenticating" first - just like the iPhone won't listen to the fingerprint module until it provides the correct IDs (and I think, respond to the equivalent of a "challenge question"). And I'll also bet the challenge is not "swordfish", or "password123" , but complex math performed on a challenge word, and the answer must match - and the math can only be performed if you own the correct digital "key".


Quote:
Originally Posted by easysurfer View Post
This is an interesting case, with both sides having a valid point. ...
I see both sides as well, and I'm conflicted on this.

On one hand, I sure would like to see my Govt get the info on that phone, it might save lives.

But I can also understand Apple's view (though maybe their PR needs help?). If Apple provides a 'back door', that back door might get hacked. How do you protect it?

I can envision that when Apple performs the initial programming, the "keys" are not retained. That way, no one can steal them from Apple. That means Apple cannot unlock a phone either.

However, they do have some "keys" - since if Apple replaces your fingerprint module, they have the ID required for the phone to recognize it. But that is only one part of the puzzle, likely a very small part.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-18-2016, 11:03 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,484
Quote:
Originally Posted by Texas Proud View Post
I actually do not think the gvmt has a good point...

They are trying to force a company to do something they do not want to do and could have a HUGH financial cost to them if they do it....


I would say that the gvmt should have enough smart people to do what they need for this one phone... and if they do not, too bad...
Agreed - I don't see how the gvmt can compel a company to write new software on a commercial device just for them, and be forced to spend the money to do that.

DH said that they wanted the OS to be modified so that it didn't have a delay between successive failed login attempts as well as disable the wipe, but that it would still take five years for a supercomputer to break into the phone via software attempts? And then how are they supposed to be able to download this software onto the locked phone to change the features?

Well worth the court fight, IMO. And once the gvmt has its backdoor, it will leak out somehow and criminals will eventually have access to the same technology after they steal your phone.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-18-2016, 11:06 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,484
Quote:
Originally Posted by ls99 View Post
BTW, the FBI supposedly already has everything that was backed up to the "cloud" from this phone.
Well then maybe this is really a test case to try to expand gvmt rights in this area.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-19-2016, 03:08 AM   #18
Recycles dryer sheets
robertf57's Avatar
 
Join Date: Jun 2014
Posts: 329
The govt trying to compel a company to expend their resources and damage the value of their product for a case where the company isn't even a party

I'd fight this too.
__________________
robertf57 is offline   Reply With Quote
Old 02-19-2016, 05:36 AM   #19
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,423
Notice the change in the govts position?

They were saying they needed a backdoor to prevent terrorist attacks, the so-called ticking time bomb scenario or the weekly plot of "24" with Jack Bauer literally racing the clock against th bad guys.

I this case they want to make it easy to unlock the phone by brute force, try every combo. If the guy used 4 digit code, only 9999 combos to try. If he used 6 digits, it would take 5.5 years to try all the combos. If he used more than 6 digits, well most people involved in the case may retire or die long before they try the combos.

Not exactly racing against the clock here.

So people suspect it's mainly a ruse to force Apple to provide a way to crack the device.

But it's dumb move, because this case just helps potential terrorists on how to take measures to make their devices harder to crack. And if they do succeed in loading this less secure firmware on an iOS 8 iPhone which is locked, Apple can make future versions of iOS not have this loophole, if they haven't gotten rid of it already in iOS 9.
__________________
explanade is offline   Reply With Quote
Old 02-19-2016, 05:40 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
Not saying I totally agree, but I bet the govt wants to be able to access even encrypted phones to not go dark in cases of national security. Probably similar to wire tapping landlines when there weren't mobiles and screening postal mail delivery. Or, having the ability to snoop via modems and routers.

I do see Apple's point saying, despite the govt saying give us access this one time, once that's done the genie is out the bottle and folks might flee Apple since encrypted and secure isn't so secure anymore.
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Way to go FBI Mwsinron Other topics 30 05-10-2007 07:57 AM

 

 
All times are GMT -6. The time now is 07:03 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.