Apple v FBI

ls99

ls99

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
May 2, 2008
Messages
6,506
By now most are aware that Apple is refusing to hack the Iphone used by San Bernardino shooters.

Enter the dragon: McAfee

Staff / From the minds of Ars

McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV

He does take the side of Apple re: no back door to the OS. But willing to do everyone a favor by hacking the one phone. Wonder if his offer will be taken up.
McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV | Ars Technica

" "So here is my offer to the FBI," he continues. "I will, free of charge, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering, and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in its product, which will be the beginning of the end of America." "
 
Last edited:
Have him demonstrate on a test iPhone rigged identically first, please.

He tends to... um... behave a little differently from most folks...
 
Last edited:
M Paquette said:
Have him demonstrate on a test iPhone rigged identically first, please.
Click to expand...

As I thought through this, I came to the same conclusion. Why cant the FBI hire any hacker firm to do the deed? Does Apple really need to be involved or is this all about political theater?

I am assuming that there are no tamper sensors on the iPhone case that will wipe memory upon opening case. If this is the case, reading out the memory should be possible -- even if the chips need to be removed from the MB.

Folks could proof of concept all of this and work out the procedure on a sacrificial Iphone. I hope big media explores this concept.

Me thinks things are not as they appear....

-gauss
 
This is an interesting case, with both sides having a valid point.

I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.
 
Exactly Guass, if you want to find an expert hacker for one job, you go to DefCon, you don't need to go to Apple.
 
easysurfer said:
I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.
Click to expand...


This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
 
M Paquette said:
This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
Click to expand...

Well, in that case, I want the option on all phones :LOL:.
 
M Paquette said:
This is an option in Apple iPhone software that has to be turned on by the user. It's available in the Settings applet under the Passcode Lock option. By default it is off.


Sent from my iPad using Early Retirement Forum
Click to expand...

I have it set on my iPhone to wipe after 10 failed attempts.
 
easysurfer said:
This is an interesting case, with both sides having a valid point.

I just hope all manufactures don't copy Apple an start automatically wiping phones after so many tries for the sake of security. Another way of making devices less owner friendly.
Click to expand...


I actually do not think the gvmt has a good point...

They are trying to force a company to do something they do not want to do and could have a HUGH financial cost to them if they do it....


I would say that the gvmt should have enough smart people to do what they need for this one phone... and if they do not, too bad...
 
+1 This phone may or may not have any useful information and the potential good seems slight compared to the precedent it would set. Also, both terrorists are dead.
 
BTW, the FBI supposedly already has everything that was backed up to the "cloud" from this phone.
 
M Paquette said:
Have him demonstrate on a test iPhone rigged identically first, please. ...
Click to expand...

Exactly. That's quite a claim he's making - I sure wouldn't want to risk the actual data on that phone to that guy's attempts.


gauss said:
As I thought through this, I came to the same conclusion. Why cant the FBI hire any hacker firm to do the deed? Does Apple really need to be involved or is this all about political theater?

I am assuming that there are no tamper sensors on the iPhone case that will wipe memory upon opening case. If this is the case, reading out the memory should be possible -- even if the chips need to be removed from the MB.

Folks could proof of concept all of this and work out the procedure on a sacrificial iPhone. I hope big media explores this concept.

Me thinks things are not as they appear....

-gauss
Click to expand...

Yes, things are not as (simple as) they appear. It is nowhere near as simple as "reading out the memory... even if the chips need to be removed from the MB".

You can pull the chips, but the data is encrypted. It does no good to get the raw data, and the keys are probably long enough that it would take years to brute-force it. The data might even be spread across several chips, with different encryption methods in each. I don't know (only Apple does), but I know enough to know this stuff gets very serious and very complex very quickly. This isn't child's play. OK, I'd bet that even if you pulled the chips, you couldn't read anything from them w/o "authenticating" first - just like the iPhone won't listen to the fingerprint module until it provides the correct IDs (and I think, respond to the equivalent of a "challenge question"). And I'll also bet the challenge is not "swordfish", or "password123" :) , but complex math performed on a challenge word, and the answer must match - and the math can only be performed if you own the correct digital "key".


easysurfer said:
This is an interesting case, with both sides having a valid point. ...
Click to expand...

I see both sides as well, and I'm conflicted on this.

On one hand, I sure would like to see my Govt get the info on that phone, it might save lives.

But I can also understand Apple's view (though maybe their PR needs help?). If Apple provides a 'back door', that back door might get hacked. How do you protect it?

I can envision that when Apple performs the initial programming, the "keys" are not retained. That way, no one can steal them from Apple. That means Apple cannot unlock a phone either.

However, they do have some "keys" - since if Apple replaces your fingerprint module, they have the ID required for the phone to recognize it. But that is only one part of the puzzle, likely a very small part.

-ERD50
 
Last edited:
Texas Proud said:
I actually do not think the gvmt has a good point...

They are trying to force a company to do something they do not want to do and could have a HUGH financial cost to them if they do it....


I would say that the gvmt should have enough smart people to do what they need for this one phone... and if they do not, too bad...
Click to expand...

Agreed - I don't see how the gvmt can compel a company to write new software on a commercial device just for them, and be forced to spend the money to do that.

DH said that they wanted the OS to be modified so that it didn't have a delay between successive failed login attempts as well as disable the wipe, but that it would still take five years for a supercomputer to break into the phone via software attempts? And then how are they supposed to be able to download this software onto the locked phone to change the features?

Well worth the court fight, IMO. And once the gvmt has its backdoor, it will leak out somehow and criminals will eventually have access to the same technology after they steal your phone.
 
ls99 said:
BTW, the FBI supposedly already has everything that was backed up to the "cloud" from this phone.
Click to expand...

Well then maybe this is really a test case to try to expand gvmt rights in this area.
 
The govt trying to compel a company to expend their resources and damage the value of their product for a case where the company isn't even a party:confused::confused:

I'd fight this too.
 
Notice the change in the govts position?

They were saying they needed a backdoor to prevent terrorist attacks, the so-called ticking time bomb scenario or the weekly plot of "24" with Jack Bauer literally racing the clock against th bad guys.

I this case they want to make it easy to unlock the phone by brute force, try every combo. If the guy used 4 digit code, only 9999 combos to try. If he used 6 digits, it would take 5.5 years to try all the combos. If he used more than 6 digits, well most people involved in the case may retire or die long before they try the combos.

Not exactly racing against the clock here.

So people suspect it's mainly a ruse to force Apple to provide a way to crack the device.

But it's dumb move, because this case just helps potential terrorists on how to take measures to make their devices harder to crack. And if they do succeed in loading this less secure firmware on an iOS 8 iPhone which is locked, Apple can make future versions of iOS not have this loophole, if they haven't gotten rid of it already in iOS 9.
 
Not saying I totally agree, but I bet the govt wants to be able to access even encrypted phones to not go dark in cases of national security. Probably similar to wire tapping landlines when there weren't mobiles and screening postal mail delivery. Or, having the ability to snoop via modems and routers.

I do see Apple's point saying, despite the govt saying give us access this one time, once that's done the genie is out the bottle and folks might flee Apple since encrypted and secure isn't so secure anymore.
 
Aerides said:
Exactly Guass, if you want to find an expert hacker for one job, you go to DefCon, you don't need to go to Apple.
Click to expand...

Two nineteen year old Russian kids should hack that phone in about an hour.
Or get Chloe.
 
Last edited:
audreyh1 said:
And then how are they supposed to be able to download this software onto the locked phone to change the features?
Click to expand...


Apparently with an older generation of iPhone, Apple has the ability to install a new iOS image without unlocking the phone. The phone in this case is a 5c, which is equivalent to the iPhone 5. From what I've heard, this isn't possible on the latest iPhones.
 
My two cents:
I'm a little surprised on all the talk about "privacy".
As it's been discussed here many times, if you really want your documents, call logs, thoughts and photos truly private, don't even think of putting them near an internet connection.
There is no privacy anymore.

On one side, Apple seems disingenuous in suggesting otherwise.
On the other side, the FBI has other avenues to get such information, so I'm not sure how rich the data sitting there might be.

In the end, all I see is an advertisement for iPhone to be the new phone of choice for the nefarious, supported by a big corporation.
 
Now for the funny part.

No need for the fingerprint security venue to make a phone's contents virtually inaccessible. As kiki noted this is version of iphone 5. If the phone was locked with a figerprint, theoretically and likely in practice, the dead owners finger even if detached, could be used to unlock it.

Thus apple was blowing huge amounts of smoke with their error 53 on the 6 model, which of course we now know did not wreck the device. Just an attempt to sell more devices.
 
explanade said:
Notice the change in the govts position?

They were saying they needed a backdoor to prevent terrorist attacks, the so-called ticking time bomb scenario or the weekly plot of "24" with Jack Bauer literally racing the clock against th bad guys.

I this case they want to make it easy to unlock the phone by brute force, try every combo. If the guy used 4 digit code, only 9999 combos to try. If he used 6 digits, it would take 5.5 years to try all the combos. ...
Not exactly racing against the clock here.

So people suspect it's mainly a ruse to force Apple to provide a way to crack the device. ...
Click to expand...

Your numbers are based on hand entry of the codes. The govt is asking for electronic access, where a computer could make 10+ tries per second. It won't take long to try 1,000,000 combinations when it is automated like that (70 days worst case with 6 digits performing 10 tries a second, 35 days on average).

(6^10) ∕ (10 ⋅ 60 ⋅ 60 ⋅ 24)
= 69.984​

If they used 6, or even 4 alpha-numerics - that turns into many years.


But it's dumb move, because this case just helps potential terrorists on how to take measures to make their devices harder to crack. And if they do succeed in loading this less secure firmware on an iOS 8 iPhone which is locked, Apple can make future versions of iOS not have this loophole, if they haven't gotten rid of it already in iOS 9.
Click to expand...

It does make very secure devices the device of choice for bad guys. I don't know that there is any good answer to this - I want protection from bad guys, and I'm just not all that hung up on privacy the way some people are - but even I see this isn't an easy one.

-ERD50
 
You must log in or register to reply here.

Similar threads

Qs Laptop
Apple Pays Out Over Claims it Deliberately Slowed Down iPhones
Replies
5
Views
638
Qs Laptop
Qs Laptop
Katsmeow
New iPhone/Apple Watch?
3 4 5
Replies
109
Views
11K
braumeister
braumeister
MichaelB
Apple ending iTunes
2
Replies
32
Views
3K
mpeirce
mpeirce
S
Trip Summary - England, France and Spain, Sep-Oct 19
Replies
2
Views
936
Bamaman
B
Katsmeow
New iPhones/Apple Watch?
5 6 7
Replies
159
Views
10K
Sunny
Sunny

Latest posts

Back
Top Bottom