Apple Resisting FBI Demand That the Crack the IPhone

Samhain · Feb 17, 2016

JasperL said:
I've read security experts say this isn't actually true. According to them, Apple cannot now break the coding of a phone that has been properly encrypted. I don't know what's true, but was wondering if you had evidence that it's currently possible on the latest IOS version.

Apple's policy is that there is no main key that can decrypt all data for all devices. Each phone is encrypted based on its own hardware signature(similar to PS4 hdd encryption).

Nilly said:
But they would get their hands on an iPhone with the backdoor'd iOS (FBiOS hehe) on it. Currently it's impossible to brute force iOS. This would put a version of the software out that it is possible to brute force. It's the very existence of the software and who has control of it that is the issue.

I have read that Apple can sign the software update to only work on a singular iPhone device (as the FBI would be unable to sign the software date to load it onto other phones). However at this point it's likely apple that know all the details and potential repercussions of such a back door right now. As a result I think they're in the best position to make this call.

Possibly, but like you stated, Apple can apply a single update to that phone only. In fact, they can code the software(which itself is encrypted too) to only work on that specific phone.

Gaius46 · Feb 17, 2016

Samhain said:
Why? It's seized property.

If that were the case then Apple could simply be asked to crack the phone and turn the data over. The order specifies that Apple build something to do that so it would they currently don't have the capability

Gaius46 · Feb 17, 2016

PeteEU said:
Its smoke and mirrors. Apple is a company that wants to control everything so of course they can access any iPhone/Pad or Mac out there.

Apple is not known for its security. Apple has been playing catch up since the celebrity hacking scandal exposed their piss poor security, and have been telling the world that their machines are the safest, so giving the FBI access via court order to one phone means that the accusations that have been in the industry against Apple for poor security will be validated and watch the law suits start up. I mean to this date, Apple says it was the celeberties "poor passwords" that made it possible for the hacking... horse****.

Lets give an example.. dead peoples iOS devices. If you have lost someone dear and want access to their iOS device, Apple will refuse to do so. If Apple gave the FBI access to this iPhone.. then oh boy there would be a lot of pissed off people who were told by Apple that they could not use their recently departed iOS device and needed to buy a new one.

It is basically Apple playing a defensive game by going on the offensive and using its massive media influence to change the narrative away from fighting terror to defending "privacy".. a privacy that Apple could in reality care less about. For them it is the bottom line, pure and simple and that bottom line is threatened if they are caught in another lie.

Apple's claim is that they cannot provide the contents of the phone and that they'd have to write something to do so. The court is ordering them to do so and Apple's claim is that once they do so it becomes possible - probable - that they technique they used will get out into the world and the security of all iPhones, however strong or poor that might currently be, will be compromised.

It may well be a self serving stance on their part but that doesn't invalidate their basic argument.

Nilly · Feb 17, 2016

Samhain said:
Apple's policy is that there is no main key that can decrypt all data for all devices. Each phone is encrypted based on its own hardware signature(similar to PS4 hdd encryption).

Possibly, but like you stated, Apple can apply a single update to that phone only. In fact, they can code the software(which itself is encrypted too) to only work on that specific phone.

From Tim Cook's letter:

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Some security experts are saying that Apple are 'misunderstanding their own code', and have provided rationalization as to why Apple could provide a backdoor for just 1 phone, that would only work for phone models 5C and previous.

I think that is unlikely. Apple is miles ahead of android when it comes to security. I think this means either one of two things.

1. The ability to provide the backdoor will not be limited to one phone due to security complications that only apple know about.

2. Apple are lying. They know they can provide the information but simply don't want to. As to whether that's due to some kind of slippery slope argument or for positive PR or something, I don't know. One thing I do know, is that a very large proportion of the tech industry is very much against government access into technology and very passionate about digital security and how it should be uncrackable. Quite a few people I have talked to that work in security are backers of Apple's decision right now. It could be that the tech industry is taking a stand against the FBI when it comes to digital surveillance. Whether that decision is for the tech industry to make, when the courts have already decided one way or another, is a large crux of the issue here. One thing I do know, is that the politician/lawyer class are criminally undereducated when it comes to digital security, particularly as it's going to be one of the biggest issues of the next few decades, with the advent of the internet of things and connectivity between all kinds of devices.

Gaius46 · Feb 17, 2016

Samhain said:
Those demands are not asking for decryption software. They want to just brute force it open by programatically sending all possible numeric unlock codes without the device auto-erasing or slowing down entry.

Yup. But it still leads to the same end result. A phone whose encryption can be defeated - and fairly easily if one has access to very fast computers.

PeteEU · Feb 17, 2016

Gaius46 said:
Apple's claim is that they cannot provide the contents of the phone and that they'd have to write something to do so.

Listen I have followed Apple since the 1980s and Apple after Steve Jobs 2.0 "claimed" a lot that turned out to be bull****. Apple 2.0 as I call it turned into an evil company inspired by NeXT.

Apple has been caught in false claims many times. We have antennagate which Apple claimed that there was nothing wrong and people were holding it wrong, to my favourite on the Mac Book Pro graphics card that was clearly faulty but Apple claimed it was not, and then 2 years later admitted it and made a recall, well knowing that most people had bought a new one and discarded the old broken one.

Or there was of course the Frapping, where 99% of the images were taking from iOS devices and the most likely culprit was iCloud security. To this day, Apple claims that it was the 10+ celeberties that all had poor passwords... yea right.. the tech world had been complaining for years over the poor security on iCloud and Apple is still sticking to this?

Or the latest recall by Apple.. chargers. For years we heard about iPhones and chargers blowing up basically and each time the Apple marketing team claimed it was 3rd party "China" charger and wire that was the problem, despite many saying it was not. Then suddenly a few weeks ago.. recall!

So Apple claim a lot of things but they can not be trusted.

The court is ordering them to do so and Apple's claim is that once they do so it becomes possible - probable - that they technique they used will get out into the world and the security of all iPhones, however strong or poor that might currently be, will be compromised.

And that is horse****. Chances are the "weaknesses" they are talking about are already being exploited, but the US legal system cant use them for legal reasons. iOS is by FAR the most problematic security wise on known security holes. Not long ago, Apple left a massive hole in their App store go unpatched for over a year.. and that lead to malware being put on peoples phones. They claim it was only jailbroken phones at first, but then suddenly they started removing thousands of apps... ups!

Remember the Frapping? That picture collection happened over years by many people, so the exploit was known by the hacker world and they used it. Apple did nothing.

Another example.. Remember Google getting fined for exploiting a bug in Safari to change the security settings? Well that bug was well know for 2 years by people in the industry and had been reported many times to Apple. Google was far from the only one exploiting the bug. Apple did NOTHING for 2 years.. and yes Safari was updated many times in those 2 years.

It may well be a self serving stance on their part but that doesn't invalidate their basic argument.

Their argument is hollow. They could just get the data off the device in a secure clean room where no one else has access to the "device" that cracks the phone. This room could be as secure as Fort Knox. They would not have to give the method to the Feds or anyone.. it would remain in the hands of a select few within Apple. You entrust your nuclear codes to a select few, but Apple cant do this? seriously?

ludin · Feb 17, 2016

Casper said:
Correct. I would require them to get a court order before opening up anything, otherwise it is down hill from there for all.

I agree according to the last SCOTUS ruling police or FBI cannot search a phone without a warrant.
a phone is considered private property and private information or at least the data stored on there.

if the FBI have a warrant for the phone then apple needs to unlock the phone if not I think they should be charged with obstruction
just like anything else.

that is the legal way to do it. the FBI doesn't get to just crack the phone open it has to be opened by apple.

NonoBadDog · Feb 17, 2016

Samhain said:
Why? It's seized property.

It doesn't belong to Apple so they are a disinterested party. I don't see legal ground to force Apple to do anything.

Jack Fabulous · Feb 17, 2016

Samhain said:
That's a bogus point made by Apple. They are desperately trying to keep their market advantage over Android's optional FDE by advertising default phone encryption that "even Apple can't break".

If it were common knowledge that their phones could be easily hacked then their market advantage would disappear by default. I believe that they know that once this genie is let out of the bottle, there's no putting it back in.

PeteEU · Feb 17, 2016

Nilly said:
Apple is miles ahead of android when it comes to security.

Not exactly true. In fact you could say the total opposite.

Android has a problem with fragmentation.. so security problems are hard to patch.
Apple does not have the same amount of fragmentation so patching security problems is much easier.

Now if we look at known security problems with the two OS.. iOS has far far more than Android.

Android cloud security has always been miles better than Apple.. there is no contest even today. My google account gets blocked if they see suspicious activity... my Apple does not. That worries me, when my Google account is blocked because I happen to put on my VPN and I am in "LA, USA" instead of where I normally am.. but my Apple account works just fine.

Then you have the debate about fingerprint scanner, pin or what ever security you have on a phone. Here both are pretty even now.. not so much a few months ago. Why? Android has always allowed more than 4 digits in their passcode... this is a new feature on Apple... go figure. And fingerprint scanner is not more secure as the court can just force the defendant to unlock the phone, plus as we have seen it is pretty easy to bypass.

Yes Apple uses encryption.. well they claim they use encryption as standard, and Android does not until Lollipop and onwards and even that is dependent on the maker of the phone.

At the end of the day, neither system is 100% secure but I would rather trust my security with Android than iOS considering the amount of security bugs that have been in that system over the years... lock screen bypasses to crashing the phone because of an SMS text...

Cephus · Feb 17, 2016

Zyphlin said:
And even if it isn't their specific code, by creating the code and putting it to use it provides a blueprint for the potential reverse engineering by the FBI or others in trying to create their own backdoor for future use.

Apple could easily take the phone, crack it themselves and turn over a complete record of everything on the phone to the FBI. There would be nothing for the FBI to reverse engineer because they would never be involved with the actual cracking. Apple is just being a bunch of dicks.

PeteEU · Feb 17, 2016

NonoBadDog said:
It doesn't belong to Apple so they are a disinterested party. I don't see legal ground to force Apple to do anything.

Actually.. ever read the terms and conditions of Apple. You dont own much of your iOS device.. they tolerate you using it within their rules and if you break those rules, then they reserve the right to take your device (brick it) from you. Happens all the time if they suspect you sharing your itunes account or something similar.

Cephus · Feb 17, 2016

Nilly said:
See my post above about the concerns regarding the code.

Furthermore, this sets a precedent whereby if apple can be asked to give up data/code for a shooter, could the be asked to give up data/code for a whistleblower, an activist, a journalist?

EDIT: Here are the FBI demands. Seem they want the codes, and I assume that would mean getting the FBI getting their hands on the device, which would give them the backdoor.

The FBI has a court order, Apple should be required to comply with a court order for that specific phone.

SMTA · Feb 17, 2016

PeteEU said:
Its smoke and mirrors. Apple is a company that wants to control everything so of course they can access any iPhone/Pad or Mac out there.

Apple is not known for its security. Apple has been playing catch up since the celebrity hacking scandal exposed their piss poor security, and have been telling the world that their machines are the safest, so giving the FBI access via court order to one phone means that the accusations that have been in the industry against Apple for poor security will be validated and watch the law suits start up. I mean to this date, Apple says it was the celeberties "poor passwords" that made it possible for the hacking... horse****.

Lets give an example.. dead peoples iOS devices. If you have lost someone dear and want access to their iOS device, Apple will refuse to do so. If Apple gave the FBI access to this iPhone.. then oh boy there would be a lot of pissed off people who were told by Apple that they could not use their recently departed iOS device and needed to buy a new one.

It is basically Apple playing a defensive game by going on the offensive and using its massive media influence to change the narrative away from fighting terror to defending "privacy".. a privacy that Apple could in reality care less about. For them it is the bottom line, pure and simple and that bottom line is threatened if they are caught in another lie.

More lies from the resident America hater.

Apple's security has been much better than other manufacturers - hence their profit market share of 95%.

By protecting their source code and security, they protect their user's privacy.

Regarding the celebrity photos, you must be unaware that it was the cloud storage that was hacked, not individual devices.

Your baseless crying about poor Apple security is bogus - if it were true, consumers would be voting with their feet.

You just hate Apple because it is a very successful American corporation who owns the smartphone market.

Do try and be more truthful.

JoeTrumps · Feb 17, 2016

any other decade this would make my jaw drop. The country is attacked by terrorists and an AMERICAN COMPANY A) won't lift a finger to help the investigation B)will be APPLAUDED by a sizable part of the population.

only in america folks. only in (obama's) america

Kobie · Feb 17, 2016

JoeTrumps said:
any other decade this would make my jaw drop. The country is attacked by terrorists and an AMERICAN COMPANY A) won't lift a finger to help the investigation B)will be APPLAUDED by a sizable part of the population.

only in america folks. only in (obama's) america

It takes a special kind of hackery to try and pin this on Obama.

JasperL · Feb 17, 2016

JoeTrumps said:
any other decade this would make my jaw drop. The country is attacked by terrorists and an AMERICAN COMPANY A) won't lift a finger to help the investigation B)will be APPLAUDED by a sizable part of the population.

only in america folks. only in (obama's) america

What you describe as "helping the investigation" will compromise the security of every iPhone. So, yes it will be "applauded" by those who want a secure pocket computer that's not vulnerable to, among other things, NSA hacking, and hacking by those wanting to steal everything on that phone from financial info to personal data.

JoeTrumps · Feb 17, 2016

JasperL said:
What you describe as "helping the investigation" will compromise the security of every iPhone. So, yes it will be "applauded" by those who want a secure pocket computer that's not vulnerable to, among other things, NSA hacking, and hacking by those wanting to steal everything on that phone from financial info to personal data.

So at the bottom of the phone plan you sign with apple they can add in "if you are accused of CARRYING OUT(not even planning, but actually carrying out) a terrorist attack on American soil, and the federal government asks apple for YOUR info, we will give it to them.

tell me true, how many people do you think would REFUSE TO SIGN with apple under those conditions?!?! Kobie ok. yes. him probably. but that's it!

Nilly · Feb 17, 2016

PeteEU said:
Not exactly true. In fact you could say the total opposite.

Android has a problem with fragmentation.. so security problems are hard to patch.
Apple does not have the same amount of fragmentation so patching security problems is much easier.

Now if we look at known security problems with the two OS.. iOS has far far more than Android.

Android cloud security has always been miles better than Apple.. there is no contest even today. My google account gets blocked if they see suspicious activity... my Apple does not. That worries me, when my Google account is blocked because I happen to put on my VPN and I am in "LA, USA" instead of where I normally am.. but my Apple account works just fine.

Then you have the debate about fingerprint scanner, pin or what ever security you have on a phone. Here both are pretty even now.. not so much a few months ago. Why? Android has always allowed more than 4 digits in their passcode... this is a new feature on Apple... go figure. And fingerprint scanner is not more secure as the court can just force the defendant to unlock the phone, plus as we have seen it is pretty easy to bypass.

Yes Apple uses encryption.. well they claim they use encryption as standard, and Android does not until Lollipop and onwards and even that is dependent on the maker of the phone.

At the end of the day, neither system is 100% secure but I would rather trust my security with Android than iOS considering the amount of security bugs that have been in that system over the years... lock screen bypasses to crashing the phone because of an SMS text...

Pete I respect your technical knowledge but it's incredibly clear from your posts (not just in this thread) that you are a hater of all things apple (and a lover of M$), and I don't think you're coming at this from an objective viewpoint.

Apple iPhone security is actually pretty damn great. Recently it has come on in leaps and bounds. In the past a simple lock screen bypass could have been done and the FBI could get in. Now, the usage of every single app on your phone requires the unlock key (in the background), so a lock bypass wouldn't do the trick anymore. The backdoor that is being discussed may not even be possible on iPhones since the 5S+ because the new A7 processor also requires the hardware key, and the introduction of the touchID also meant the introduction of the SE (security enclave) providing barriers that are not patchable in the same way the iOS firmware is (although it's currently unclear if apple have the capabilities to patch the SE without wiping it). iOS' security blows androids security out of the water (to paraphrase a security guy I know, android security is basically an unlatched screen door). Number of vulnerabilities in an OS doesn't necessarily correspond to the number of threats. Android has a far greater history of exploits, in fact, 97% of mobile exploits are targeted at android because it's so much easier to crack. If this whole incident happened on an android phone we wouldn't even be having this discussion because the FBI would have just rooted the phone and already accessed the data. One of the most basic digital security principles is do not build systems that you can get around. If you can get around it. Someone else eventually will. Backdoors hurt us all. The majority of icloud security hacks were done by phishing for passwords, not by exploiting apple code.

Check out this article detailing a fairly typical hack: How Apple and Amazon Security Flaws Led to My Epic Hacking | WIRED . His accounts were daisy chained together. The hacker accessed the last 4 digits of his credit card from amazon tech support. Those 4 digits allowed him to get into an icloud account. From there gmail passwords could be reset and everything else fell. It's rare for exploits to be found in codebases, and it's even rarer for them to be executed outside of a controlled environment (such as a whitehat security expo, for example).

This last part isn't necesarily aimed at you but is just in general: best thing you can do to secure your information online is not to distrust the code, but distrust yourself. Don't use weak passwords/pins, don't reuse passwords. In fact, use a password manager. Personally I don't know any of my passwords for the majority of websites I go to, they're all randomly generated. Use two factor authentication where it is offered. If you really want to go the extra mile, use nonsensical answers to your security questions. On my banks/credit cards, the 'street I grew up on' is a random alphanumeric and my mothers maiden name is spelt in reverse (amongst other configurations).

Nilly · Feb 17, 2016

Furthermore, I would like to add to the discussion the following image from the court order.

The courts have decided that 'writing code is not burdensome for a software company'. Security aside, what kind of precedent does that set for software companies? It would mean that any software vendor could be forced to insert arbitrary code into their software. I see this as an overreach in and of itself.

Apple's decision has been backed by the EFF. Anyone who is interested in making sure that in 10 years time their internet connected car won't give up your travelled to destinations, and your coffee machine won't report your mornings activities, should be behind apple on this one.

SMTA · Feb 17, 2016

JoeTrumps said:
any other decade this would make my jaw drop. The country is attacked by terrorists and an AMERICAN COMPANY A) won't lift a finger to help the investigation B)will be APPLAUDED by a sizable part of the population.

only in america folks. only in (obama's) america

Thankfully intelligent Americans are not so willing to sacrifice their constitutional rights as quickly as you.

The COTUS exists to protect American citizens - Apples actions exactly mirror that logic.

JasperL · Feb 17, 2016

JoeTrumps said:
So at the bottom of the phone plan you sign with apple they can add in "if you are accused of CARRYING OUT(not even planning, but actually carrying out) a terrorist attack on American soil, and the federal government asks apple for YOUR info, we will give it to them.

tell me true, how many people do you think would REFUSE TO SIGN with apple under those conditions?!?! Kobie ok. yes. him probably. but that's it!

But the point is if you take advantage of the encryption Apple offers, they CANNOT hack it. It's encrypted, which protects your data, and it doesn't matter what you sign - they cannot break the encryption, which is the point of encryption. If Apple can break it, it's not really encrypted, which means it's not encrypted for ANY purpose.

This isn't my area of expertise, but I follow several people who are experts and according to them, the idea that Apple can install a back door that only works when the Feds want it to work, but is otherwise effective in securing the data on any phone, is laughable to these experts. So the choice is - 1) give the Feds a back door and live with a phone vulnerable to hacking by anyone, OR, 2) have a secure phone. I've never seen any security expert suggest that there is anything like a third option.

SMTA · Feb 17, 2016

JoeTrumps said:
So at the bottom of the phone plan you sign with apple they can add in "if you are accused of CARRYING OUT(not even planning, but actually carrying out) a terrorist attack on American soil, and the federal government asks apple for YOUR info, we will give it to them.

tell me true, how many people do you think would REFUSE TO SIGN with apple under those conditions?!?! Kobie ok. yes. him probably. but that's it!

You obviously have no clue why the 4A exists.

ludin · Feb 17, 2016

Nilly said:
Furthermore, I would like to add to the discussion the following image from the court order.

The courts have decided that 'writing code is not burdensome for a software company'. Security aside, what kind of precedent does that set for software companies? It would mean that any software vendor could be forced to insert arbitrary code into their software. I see this as an overreach in and of itself.

Apple's decision has been backed by the EFF. Anyone who is interested in making sure that in 10 years time their internet connected car won't give up your travelled to destinations, and your coffee machine won't report your mornings activities, should be behind apple on this one.

I am with apple up until a court order.

they have been ordered by the court to unlock the phone.
at this point they have no choice but to comply unless they appeal which it looks like they are doing.

JoeTrumps · Feb 17, 2016

SMTA said:
Thankfully intelligent Americans are not so willing to sacrifice their constitutional rights as quickly as you.

The COTUS exists to protect American citizens - Apples actions exactly mirror that logic.

right. so the next time(and it will happen) a terrorists kills a bunch of American's and the government want's the phone intel and apple tells them to F-themselves, you will agree and ask apple be given a gold star.
and you wonder why Trump has a good shot at being President.

Apple Resisting FBI Demand That the Crack the IPhone

Samhain

Gaius46

Gaius46

Nilly

stb

Gaius46

PeteEU

ludin

NonoBadDog

Hates Kittens

Jack Fabulous

Friend Zone

PeteEU

Cephus

PeteEU

Cephus

SMTA

Tsuyo Ketsu no Anna

JoeTrumps

Kobie

JasperL

JoeTrumps

Nilly

stb

Nilly

stb

SMTA

Tsuyo Ketsu no Anna

JasperL

SMTA

Tsuyo Ketsu no Anna

ludin

JoeTrumps