|
Phone posting but the US gov has requested that tomorrow's trial be vacated, as they believe they have found a method to unlock the iPhone. They want to try it out before proceeding, apparently.
|
# ? Mar 22, 2016 00:19 |
|
|
# ? Jun 11, 2024 10:25 |
|
Maybe they realized their case was pretty bad and are trying to save face.
|
# ? Mar 22, 2016 00:29 |
|
hobbesmaster posted:Maybe they realized their case was pretty bad and are trying to save face. Probably a combination of that and the fact that Congress is now looking at encryption legislation a little harder. http://www.reuters.com/article/us-apple-encryption-legislation-idUSKCN0WN2B1
|
# ? Mar 22, 2016 01:06 |
|
Shooting Blanks posted:Probably a combination of that and the fact that Congress is now looking at encryption legislation a little harder. That legislation sounds stupidly vague.
|
# ? Mar 22, 2016 01:17 |
|
The government's request has been approved and the hearing will be postponed. Journos gleefully noting that:quote:In its assorted filings, the government has claimed that "only Apple" could provide the access that it needs no less than 14 times. EDIT: Also haven't Feinstein and Burr been cooking up legislation for months now and everybody hates whatever they spit out?
|
# ? Mar 22, 2016 01:47 |
|
Sounds like John McAffee and his crack team of social engineering hackers are on the case!
|
# ? Mar 22, 2016 02:16 |
|
Combed Thunderclap posted:The government's request has been approved and the hearing will be postponed. Journos gleefully noting that: I don't know enough about Burr but I really dislike Feinstein. She's up there with Sheila Jackson Lee for me.
|
# ? Mar 22, 2016 04:07 |
|
Is it just me or is the whole Apple vs FBI thing way too complicated for most people and no matter what side of the debate a layman is on (even after reading the usual trending articles), they are probably coming to that conclusion based on incorrect or incomplete facts? Just saying because the more I read about it, it seems the less I know.
|
# ? Mar 22, 2016 05:28 |
|
Sorry if these questions are a bit late in this story... Ok, so can someone explain to me what harm there is writing a custom version of iOS in order to unlock this particular iPhone that never leaves Apple and Apple can rightfully purge from its repositories after the task is done? I understand this isn't exactly what the FBI is asking for but why isn't Apple offering this logical solution? Now some would say that simply writing/compiling this would open a pandora's box if it were to ever 'get out' into the wild but how is this any different than Apple's own internal daily builds of iOS that could have serious security flaws, especially from new security features during their development phase. Those builds live on and could also 'get out' somehow.
|
# ? Mar 22, 2016 06:13 |
|
Shaocaholica posted:Sorry if these questions are a bit late in this story... There are many reasons. One reason is that you can't just make a tool that's one use only if you expect to get valuable data from it. Like take this for example- say you're on trial for murdering someone, and the FBI claims that they got texts and location data from your phone using a one-use tool that also destroyed your phone. Would you trust that information?
|
# ? Mar 22, 2016 06:29 |
|
computer parts posted:Like take this for example- say you're on trial for murdering someone, and the FBI claims that they got texts and location data from your phone using a one-use tool that also destroyed your phone. Would you trust that information? Isn't this all for new leads? It's not like the San Bernardino couple are on trial for murder. Now if the data from their phone points fingers at someone else and that's the only evidence the FBI can come up with then yes I would not trust that data but who would? Follow the leads up and build a case with more evidence.
|
# ? Mar 22, 2016 06:39 |
|
Because it's not this particular iPhone, for this particular alphabet agency. The FBI is already on record saying they have like 14 other iPhones they'd love to unlock. The NYPD(?) last week or so said they were paying attention and had like 100+ phones in their possession they wanted unlocked. I'm sure China and Russia and every other country out there with their XYZ agency have phones they'd like get unlocked too. If this one phone gets the special treatment then everyone is going to want the same special treatment because terrorism our kids etc etc.
|
# ? Mar 22, 2016 07:21 |
|
Yeah, slippery slope arguments are usually bullshit but in this case you just know there are plenty of government orgs just waiting for a legal precedent to be established here.
|
# ? Mar 22, 2016 07:44 |
|
Maluco Marinero posted:Yeah, slippery slope arguments are usually bullshit but in this case you just know there are plenty of government orgs just waiting for a legal precedent to be established here. I don't think this is a slippery slope argument because people are worried about the precedent that *this* case sets, and not the precedent that the next case sets.
|
# ? Mar 22, 2016 13:25 |
|
Salt Fish posted:I don't think this is a slippery slope argument because people are worried about the precedent that *this* case sets, and not the precedent that the next case sets. So people aren't worried about the exploit getting out into the wild somehow(in the shadow of the bigger legal precedent)? Wasn't that the crux of the Tim Cook letter?
|
# ? Mar 22, 2016 16:37 |
|
Shaocaholica posted:So people aren't worried about the exploit getting out into the wild somehow(in the shadow of the bigger legal precedent)? Wasn't that the crux of the Tim Cook letter? What do you mean by in the wild? I mean, the NSA and similar world agencies probably already have their own version, due to their capabilities and able to steal private keys from all manner of companies and rival agencies.
|
# ? Mar 22, 2016 16:49 |
|
fishmech posted:What do you mean by in the wild? I mean, the NSA and similar world agencies probably already have their own version, due to their capabilities and able to steal private keys from all manner of companies and rival agencies. Maybe I'm mistaken but I recall that when this story first broke, people were concerned that Apple would write a custom iOS version, hand it over to the FBI to apply the exploit and thus increasing the chance of that exposed iOS build, no matter if its only for a single phone, leaked to the world through spies or cats or whatever. Then it could be reverse engineered and the exploit applied to newer builds of iOS, etc. etc.
|
# ? Mar 22, 2016 16:58 |
|
Shaocaholica posted:So people aren't worried about the exploit getting out into the wild somehow(in the shadow of the bigger legal precedent)? Wasn't that the crux of the Tim Cook letter? People are worried about the exploit getting out into the wild, but that's only one fear. Assuming the FBI were to take this to court and win, here's what we'd potentially be facing. Precedent in the US for Apple is one thing. As has been said, the FBI and other agencies all want Apple to do this, not so much for the San Bernadino phone, but for every other phone they can't access (and both the FBI and the Brooklyn DA have gone on record saying they have numerous other phones they want to decrypt). It's just much easier to use this case to bring it to court, as it will engender public sympathy because terrorism. In addition, once the tool is created for use in US courts, it would be subject to discovery - which means not only does the FBI want Apple to patch the OS, but to force them to do so in such a way that Apple engineers can be called to court to testify as to why data is whole and intact after being decrypted via the new OS. Any defense lawyer worth his salt will do that as proving that the data could be compromised would help their client's case. This creates a huge burden for Apple, not only in writing the OS itself (and undermining their software signing certificate by compelling them to do so, thus undermining their customers' trust) but in having to go to court to explain their tool. It also could potentially force Apple to expose critical parts of their OS that are considered IP - whether or not there is tangible value to Apple's competitor's aside, it's still a big deal. Now that Apple has been compelled to do it, it sets precedent for every other phone manufacturer and OS provider to be sued. Think your Android phone is safe? Google's lawyers are probably about on par with Apple's. If Samsung wants to keep selling phones in the US, will they be compelled only to enable compromised encryption technology? And beyond that, if the US is able to do it and the tool exists, it makes it easier for Russia, China, France, or any other country to sue the same companies for access to the same tools. And whether or not those lawsuits win, it's likely only a matter of time before those countries get their hands on a compromised phone and reverse engineer the process. The FBI has made a case that it's only this phone - but from a technology/legal perspective, it really isn't. Would any or all of that come to pass, had the FBI persevered and won? Who knows, it's speculation. Someone tell me I'm wrong in part or in whole, but that's my reading of it.
|
# ? Mar 22, 2016 17:06 |
|
There was the risk of that, yes. I want to say that the original request was unclear as to who would retain possession of the OS throughout the process but I'm unsure. In either case, it doesn't really matter if you only write it once and then destroy it. People will know that it exists and is possible. We already know there is a lot of LEO demand to reuse it, and if Apple can be successfully ordered to create it once there isn't really anything in the all writs act that would stop them from ordering it in any other case. At that point it doesn't matter that it doesn't exist any more and apple doesn't possess it, because you've already set the precedent and ordered them to create it out of nothing once *and* now you can show they know how to create it again. The barrier to entry is basically nothing at that point, and they will definitely be required to create it again, even if they already destroyed the source. "Just one phone" is both a lie and a smokescreen, and the terrorism aspect is there to grease the wheels. If you can order someone to create something from nothing against their will once using something as vague as the AWA, you can order them to do it as many times as you'd like after that.
|
# ? Mar 22, 2016 17:11 |
|
Thanks for explaining the nuances. Still, it doesn't stop Apple from implementing new security features that are harder for themselves to break. Isn't that already the case? Couldn't Apple just use that defense in the shadow of precedent "we can't do it that way anymore because we've changed the way it works. If you have any better ideas, bring them forward". I mean, the FBI didn't ask Apple to come up with the fundamental exploit, they presented their idea and asked Apple to implement it. All Apple has to do is to seal up those holes in iOS which it already has. Provided criminals update their phone OS. The whole reason this is in the news is because its an older iOS on an older iPhone which can be exploited. If it were an newer model with latest iOS this story would have died the day it was written right? No protests, no CEO letters,
|
# ? Mar 22, 2016 17:25 |
|
Some argue that the government's endgame is where they can mandate that Apple always keeps a backdoor available, with an added misconception that "it's OK because only we the good guys will have it" and not addressing the fact that computer security really doesn't work that way.
|
# ? Mar 22, 2016 17:33 |
|
Shaocaholica posted:Thanks for explaining the nuances. Yes, actually the specific phone they're trying to get into would only be accessible because there's no hardware component to the encryption. The issue though is that even if it's just confined to the old version, you still have a lot of compromised devices. Like everyone with a 5c or below is susceptible to this exploit. Even just talking about software, there's still ~20% of people out there not on the latest version of iOS, and that's really good for phone operating systems.
|
# ? Mar 22, 2016 17:34 |
|
Shaocaholica posted:Maybe I'm mistaken but I recall that when this story first broke, people were concerned that Apple would write a custom iOS version, hand it over to the FBI to apply the exploit and thus increasing the chance of that exposed iOS build, no matter if its only for a single phone, leaked to the world through spies or cats or whatever. Then it could be reverse engineered and the exploit applied to newer builds of iOS, etc. etc. Then what you're worried about is already in the wild. According to the Snowden leaks the NSA already has all the necessary access to build this stuff, including having stolen Apple keys in the past and employees at Apple who are effectively moles. Doubtless, other spy agencies in other countries already have the same capabilities. Also the exploit can't be applied to newer versions of iPhones due to them changing the mechanisms at work - the phone the shooter had is a few generations back and is the last one that doesn't use hardware enforcement of retry checks. So more modern iPhones would require an entirely different sort of attack, and for that matter models more than one or two models older compared to that phone don't need this exploit because there's other, easier, exploits towards the same goal.
|
# ? Mar 22, 2016 17:43 |
|
Shaocaholica posted:So people aren't worried about the exploit getting out into the wild somehow(in the shadow of the bigger legal precedent)? Wasn't that the crux of the Tim Cook letter? But again, that's a concern with *this case* it's not a slippery slope argument. Cause and effect isn't automatically a fallacy.
|
# ? Mar 22, 2016 17:52 |
|
computer parts posted:Yes, actually the specific phone they're trying to get into would only be accessible because there's no hardware component to the encryption. I'm not 100% sure. Does anyone know if Apple can force OTA updates for a phone that has them turned off, and does not sync with Apple's cloud? I don't think they can, but the user would have to jump through some hoops to prevent it.
|
# ? Mar 22, 2016 17:58 |
|
Shooting Blanks posted:I'm not 100% sure. Does anyone know if Apple can force OTA updates for a phone that has them turned off, and does not sync with Apple's cloud? I don't think they can, but the user would have to jump through some hoops to prevent it. You can only force updates when directly plugged into something sending data, barring any currently undisclosed vulnerabilities. As officially stated to work, you can't force updates on wifi or cell network connections unless the device is specifically enrolled in some mobile management solutions.
|
# ? Mar 22, 2016 18:24 |
|
Shaocaholica posted:Maybe I'm mistaken but I recall that when this story first broke, people were concerned that Apple would write a custom iOS version, hand it over to the FBI to apply the exploit and thus increasing the chance of that exposed iOS build, no matter if its only for a single phone, leaked to the world through spies or cats or whatever. Then it could be reverse engineered and the exploit applied to newer builds of iOS, etc. etc. These are two concerns, yes. On one hand, if you weaken security/encryption then the fact that it's been compromised means that people can and will find a way to attack it. On the other hand if Apple did it just this once then well the FBI has stated they had 10+ other phones they'd love to have unlocked too, and the NYPD (apparently Brooklyn DA?) said they had like 100+ phones they'd like unlocked too. Keep in mind this isn't speculation. Representatives from the FBI and whatever NYPD or whatever are on record saying they want other phones unlocked too but the FBI is trying to play it off as "this one phone because terrorists." What is speculation though is saying then the LAPD and CIA and TSA and Joe Arpaio's fucksquad in Arizona would all be waiting in line with their phones too, and that's just the domestic agencies.
|
# ? Mar 22, 2016 21:03 |
|
Just throwing this out there to tack onto the "only the good guys can get in the backdoor!" http://www.wired.com/2015/09/lockpickers-3-d-print-tsa-luggage-keys-leaked-photos/
|
# ? Mar 22, 2016 23:35 |
|
Shaocaholica posted:Thanks for explaining the nuances. There's rumblings of holding apple/OEMs in contempt of court + fines if it refuses to help decrypt in the future. I'm not sure the nuance of "but we made it impossible!" will make it into whatever law Feinstein/Burr is cooking up. What you're describing also may not matter if the courts agree with the government's interpretation that AWA is effectively limitless in what they can force a company that sells a product. It's also apple's position that the general idea of govtOS is applicable to every iOS device released, past and current.
|
# ? Mar 23, 2016 01:42 |
|
It's a bit ironic that a terrorist crime is later used again as a scare tactic to get public opinion against encription and security.
|
# ? Mar 23, 2016 02:07 |
|
fishmech posted:Then what you're worried about is already in the wild. According to the Snowden leaks the NSA already has all the necessary access to build this stuff, including having stolen Apple keys in the past and employees at Apple who are effectively moles. Doubtless, other spy agencies in other countries already have the same capabilities. Do you have links to articles/info about this? The closest thing I found was stolen SIM card keys but that sounds like a different scenario.
|
# ? Mar 23, 2016 02:09 |
|
MrBond posted:Do you have links to articles/info about this? The closest thing I found was stolen SIM card keys but that sounds like a different scenario. If they can steal private keys from a supposedly very secure SIM card manufacturer, why should we expect they can't get into Apple to take their signing keys? Plus the way they describe several of their listed iPhone exploits implies they have source code access, which is why they're able to implement.
|
# ? Mar 23, 2016 02:24 |
|
fishmech posted:If they can steal private keys from a supposedly very secure SIM card manufacturer, why should we expect they can't get into Apple to take their signing keys? Plus the way they describe several of their listed iPhone exploits implies they have source code access, which is why they're able to implement. Well we have no idea on how well guarded the signing keys are at apple vs. gemalto. That isn't to say it *can't* happen but it's different from your very factual--sounding assertions. "Very likely" or "well within their capabilities" is different from "has happened in the past or is ongoing." I'll agree that if you think you're being targeted by the NSA it is worth including in your threat model. edit: I would think it's reasonably simple to mitigate against though. iOS updates are extremely public events, and the IPSWs are well distributed as well. It wouldn't be hard to only update your phone via USB using IPSWs that others have verified are identical to theirs. It's not as if you're cobbling together "did verizon push out a rolling OTA?" As for the nature of possible NSA exploits, I've never seen anything that suggests they have source code access nor that it's necessary to do their job. For example https://leaksource.files.wordpress.com/2013/12/nsa-ant-dropoutjeep.jpg doesn't read like anything more than an untethered jailbreak that enables them to sideload some powerful apps, circa 2008. The jailbreak outfits do this on a continual basis and they don't necessarily have source access, and jailbreak devs periodically claim to keep zero days in their back pocket as well. MrBond fucked around with this message at 02:54 on Mar 23, 2016 |
# ? Mar 23, 2016 02:51 |
|
http://9to5mac.com/2016/03/23/apple-cloud-infrastructure-servers-snooping/quote:At least part of the driver for this is to ensure that the servers are secure. Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter. At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips.
|
# ? Mar 24, 2016 01:16 |
|
DoJ has announced that it has successfully accessed the data on Syed Rizwan Farook's iPhone, and withdrawn its suit against Apple.
|
# ? Mar 28, 2016 23:12 |
|
Combed Thunderclap posted:DoJ has announced that it has successfully accessed the data on Syed Rizwan Farook's iPhone, and withdrawn its suit against Apple.
|
# ? Mar 29, 2016 00:04 |
|
FlamingLiberal posted:Snowden was right again....said back in February that they had the expertise to crack the phone. This case had nothing to do with the technical feasibility of retrieving data from the phone (or even about the data that might be contained on the phone), I think they were using this as a platform to set a precedent. They thought it would be a slam dunk, use fears of terrorism to push through their agenda. I'm not generally a conspiracy theorist but it really does seem like this whole thing was designed to force companies to build back doors into our phones. The only problem was they didn't expect Apple and the knowledgeable public to very publicly fight it.
|
# ? Mar 29, 2016 00:22 |
|
ElCondemn posted:This case had nothing to do with the technical feasibility of retrieving data from the phone (or even about the data that might be contained on the phone), I think they were using this as a platform to set a precedent. They thought it would be a slam dunk, use fears of terrorism to push through their agenda. I'm not generally a conspiracy theorist but it really does seem like this whole thing was designed to force companies to build back doors into our phones. The only problem was they didn't expect Apple and the knowledgeable public to very publicly fight it. There is already a precedent dude. There has been one for over a decade.
|
# ? Mar 29, 2016 00:39 |
|
^^^^ According to the FBI, sure. ^^^ My guess would be that the FBI either found a way to reset the password counter between attempts or decapped the chip containing the code. The first approach probably won't work on more recent iPhones and the second probably would still work but it's nothing new and is pretty a delicate process that can go wrong and erase the phone's memory.
|
# ? Mar 29, 2016 02:04 |
|
|
# ? Jun 11, 2024 10:25 |
|
DeusExMachinima posted:^^^^ According to the FBI, sure. ^^^ No, according to reality, and the US judicial system.
|
# ? Mar 29, 2016 02:13 |