Posted: Wed Feb 17, 2016 7:05 am Post subject: Apple rejects U.S. Government's demand to create an iPhone backdoor
Wow. Interesting situation. In this case, it is for the San Bernadino shooters phone, but the FBI wants Apple to update their OS so the FBI can "hack" in. Apple is refusing to comply calling it an overreach.
Seems like they could break the code on their own, no? Can't they detect which 4 or 5 digit code he used most by finger print swipes or something?
I think the problem is, if they get it wrong 10 times, it'll erase the phone.
They should probably get it right the first 9 then.
I don't think these two had any high level of communication with other terrorist plotters. Perhaps their phone could be used to discover some things, but probably not more than their personal laptops and online footprint.
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
The press seems to be running with the Apple company line, rather than what looks like a rather restricted court order.
And yes lakersken80, I would love to know what Apple is sharing with the PRC. Without knowing the details, it does seem duplicitous. Perhaps it is brand perception; in the USA we expect privacy from government snooping. In the PRC, there is no such expectation from any brand.
You can bet your bottom dollar that they already have. Now it's just a matter of making it technically legal in case anyone were ever to 'Snowden' the intel. _________________ I'm On point, On task, On message, and Off drugs. A Streetwise Smart Bomb, Out of rehab and In denial. Over the Top, On the edge, Under the Radar, and In Control. Behind the 8 ball, Ahead of the Curve and I've got a Love Child who sends me Hate mail.
Joined: 26 Apr 2004 Posts: 17197 Location: In a no-ship
Posted: Wed Feb 17, 2016 11:48 am Post subject:
angrypuppy wrote:
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
You misunderstand what this means. If Apple creates a new iOS just for the government to hack this single phone, that same code can be used to hack any iPhone ever. Do you feel safe with the government keeping that data secure, or only using it just this once (wink wink)?
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
You misunderstand what this means. If Apple creates a new iOS just for the government to hack this single phone, that same code can be used to hack any iPhone ever.
I don't know about that, and I'm not sure you do either, unless you work for Apple as you would have to be intimately familiar with the operating system. The security features may well change from operating system versions; the version of the OS might only exist on that particular model, perhaps a minority of iPhones. In addition, the order could be interpreted by Apple as using their own resources to hack the specific iPhone, and not share the technique with the federal government.
Joined: 10 Dec 2006 Posts: 52624 Location: Making a safety stop at 15 feet.
Posted: Wed Feb 17, 2016 12:16 pm Post subject:
angrypuppy wrote:
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
It is my understanding that the request from the government meant writing a cade that would allow the hacking of any iPhone. It was not just a case of them asking Apple to crack this single phone. Apple's valid concern is that doing such a thing breaches their security across the board and down the line.
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
It is my understanding that the request from the government meant writing a cade that would allow the hacking of any iPhone. It was not just a case of them asking Apple to crack this single phone. Apple's valid concern is that doing such a thing breaches their security across the board and down the line.
I'm not sure, DMR. My interpretation is that Apple can comply without surrendering any image files (or other means) by simply extracting the information within their labs. My reading is that it is very narrow, in that the magistrate specifically identifies the mass murderer's iPhone, and that the model in question may have security features that are operating system specific to either that hardware model, or that version of operating system, and perhaps a function of both which might reduce the ability of the FBI/NSA/Homeland Security to hack more than just a small percentage of iPhone devices. Finally, my thought is that compliance might not include the surrender of image files or anything else, as long as Apple does it within the confines of their lab. To me (and I'm not a lawyer) the phrase "reasonable technical assistance" is limited to that specific device, and not the divulgence of a hack (let alone "an operating system") that gives law enforcement the ability to burrow into present and future generations of iPhones.
edit: corrected typo
Last edited by angrypuppy on Wed Feb 17, 2016 12:44 pm; edited 1 time in total
Joined: 26 Apr 2004 Posts: 17197 Location: In a no-ship
Posted: Wed Feb 17, 2016 1:06 pm Post subject:
angrypuppy wrote:
DuncanIdaho wrote:
angrypuppy wrote:
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
You misunderstand what this means. If Apple creates a new iOS just for the government to hack this single phone, that same code can be used to hack any iPhone ever.
I don't know about that, and I'm not sure you do either, unless you work for Apple as you would have to be intimately familiar with the operating system. The security features may well change from operating system versions; the version of the OS might only exist on that particular model, perhaps a minority of iPhones. In addition, the order could be interpreted by Apple as using their own resources to hack the specific iPhone, and not share the technique with the federal government.
Think about it: they're side-loading a hackable OS onto this phone. Nothing about the phone is unique. If they can sideload it to one phone, they can sideload it to all phones.
There are conflicting statements as to what the government is trying to achieve via court order:
Apple: We will not create a back door for the federal government.
Feds: We need Apple to hack into a mass murderer's iPhone.
I find it hard to believe the fed can order the former. I took a quick gander at the court order, and it looks like it is limited to hacking the terrorist's iPhone, rather than some overarching order to modify the iPhone's operating system or security system. To me it looks like Apple has exaggerated the court order, perhaps for PR purposes, or perhaps as a preemptive strike to prevent the fed from seeking a back door later.
You misunderstand what this means. If Apple creates a new iOS just for the government to hack this single phone, that same code can be used to hack any iPhone ever.
I don't know about that, and I'm not sure you do either, unless you work for Apple as you would have to be intimately familiar with the operating system. The security features may well change from operating system versions; the version of the OS might only exist on that particular model, perhaps a minority of iPhones. In addition, the order could be interpreted by Apple as using their own resources to hack the specific iPhone, and not share the technique with the federal government.
Think about it: they're side-loading a hackable OS onto this phone. Nothing about the phone is unique. If they can sideload it to one phone, they can sideload it to all phones.
I'm not convinced, DI. They could comply without writing an OS, by simply agreeing to hack it within the confines of their lab. The court order is very narrow, as it has to be in order to be enforceable.
If they did write such an OS, do you really think it would work on all iPhone models, and all versions of iOS? I'm far from convinced; this isn't Linux but rather an operating system that was written for a specific hardware configuration, and those hardware configurations change with each model. In other words, I don't know and I find it tough to believe that anyone really knows, unless they've been involved on a systems programming level with iOS.
What I am curious about is if there is already a hack in place. I wonder if the folks in the QC Dept. would have demanded one for testing purposes. If that's the case, then I think Apple could comply without surrendering an OS. Or if one could be written (or is already written) why would Apple need to surrender the OS or code or anything else to the federal government? The court order is demanding the contents, and is mentioning an image file as a possible solution, not as the only solution.
So my return questions are as follows:
1. Why do you think the only solution is for Apple to write a version of iOS with a gaping security hole rather than just provide compliance to the court order (i.e. turning over the contents)?
2. Are you sure that one version of iOS (a hackable version) would work on all iPhones?
3. Even if the weak-sauce iOS could be side-loaded, how can this be a vulnerability without stealing iPhones from suspects? I suppose you could try to remotely load a weak-sauce iOS, but you stand an excellent chance of detection to the folks you are trying to spy upon.
Last edited by angrypuppy on Wed Feb 17, 2016 1:41 pm; edited 1 time in total
Personally, I think instead of building a backdoor, Apple should just hack in to their own product, and provide whatever information is requested to the feds.
I don't see a big issue with that. The alleged SB shooters are pretty obviously the guilty party here and they're dead.
Anyone here ever use a JTAG debugger? Hardware debugger for phones. If Apple has something like that, then it can be circumvented. It'll take take time, but it can get done.
The real problem to me is, what rights do the dead have? Who has standing to fight for them?
Joined: 26 Apr 2004 Posts: 17197 Location: In a no-ship
Posted: Wed Feb 17, 2016 3:06 pm Post subject:
ringfinger wrote:
Personally, I think instead of building a backdoor, Apple should just hack in to their own product, and provide whatever information is requested to the feds.
I don't see a big issue with that. The alleged SB shooters are pretty obviously the guilty party here and they're dead.
The problem is they built their phone to resist "hacking into" it. That's the whole point of strong encryption. They -have- to create a weaksauce iOS to get this data off, and then where does the rabbit hole end? Do we really think that version of iOS is just going to get destroyed afterwards? Or is it more likely a secret federal court is going to order them to hand it over, like the same court ordered Verizon and others to hand over customer data?
Personally, I think instead of building a backdoor, Apple should just hack in to their own product, and provide whatever information is requested to the feds.
I don't see a big issue with that. The alleged SB shooters are pretty obviously the guilty party here and they're dead.
The problem is they built their phone to resist "hacking into" it. That's the whole point of strong encryption. They -have- to create a weaksauce iOS to get this data off, and then where does the rabbit hole end? Do we really think that version of iOS is just going to get destroyed afterwards? Or is it more likely a secret federal court is going to order them to hand it over, like the same court ordered Verizon and others to hand over customer data?
I'm saying I think Apple should do whatever for this one device, but not for all devices. I mean people were bagging on the feds for not being able to get in to the iPhone, so surely Apple can?
Just do it for this one phone, and for all subsequent phones for which a valid warrant or other request has been issued.
Joined: 26 Apr 2004 Posts: 17197 Location: In a no-ship
Posted: Wed Feb 17, 2016 3:12 pm Post subject:
ringfinger wrote:
DuncanIdaho wrote:
ringfinger wrote:
Personally, I think instead of building a backdoor, Apple should just hack in to their own product, and provide whatever information is requested to the feds.
I don't see a big issue with that. The alleged SB shooters are pretty obviously the guilty party here and they're dead.
The problem is they built their phone to resist "hacking into" it. That's the whole point of strong encryption. They -have- to create a weaksauce iOS to get this data off, and then where does the rabbit hole end? Do we really think that version of iOS is just going to get destroyed afterwards? Or is it more likely a secret federal court is going to order them to hand it over, like the same court ordered Verizon and others to hand over customer data?
I'm saying I think Apple should do whatever for this one device, but not for all devices. I mean people were bagging on the feds for not being able to get in to the iPhone, so surely Apple can?
Just do it for this one phone, and for all subsequent phones for which a valid warrant or other request has been issued.
That's the point. They can't "just do it for this one phone". They built their encryption so even they cannot just break in. That's why it's good, strong encryption: there are no back doors. They have to compromise their entire OS for just this single device (and every device moving forward -- don't be fooled) if they want to break in. Do you really want the government having a master key for every Apple phone? After Snowden? After the secret FISA rubber-stamp courts that we don't get to know about (you say valid warrants -- we don't get to know if it's FISA, which is why we have warrant canarys)? After Verizon and AT&T?
All times are GMT - 8 Hours Goto page 1, 2, 3, 4, 5, 6, 7, 8Next
Page 1 of 8
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum