Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone

Nihilo · Mar 1, 2016

Town Heretic said:
no right supersedes the needs of the state to secure the foundation of every exercise.

I think I agree with this, but where does attorney-client privilege come in here? It seems to be bordering on that type of thing. Isn't that part of the reason we didn't want to try terrorists in American courts, because we wanted to avoid the protection of attorney-client privilege?

rexlunae · Mar 1, 2016

Town Heretic said:
Most of this I think we've covered and I'm fairly confident we understand our differences...just a couple of notes then.

Agreed, and I may trim a few things where I feel our differences are fully aired.

Town Heretic said:
I'm much more comfortable with trusting the judgment of the court, guided by the principle of justice and mindful of due process than I am a corporation guided by the principle of profit and mindful first and foremost of their bottom line.

I generally trust courts, although I think they are too often drawn into the service of the state and the security apparatus, made a part of the system rather than impartial judges. As for Apple, their incentives are mostly in protecting their customers, so I at least trust their motivations. Beyond that, trust of Apple is inherent in using one of their products.

Town Heretic said:
Ah, well I'd say you read the guarantee too broadly and that no right supersedes the needs of the state to secure the foundation of every exercise.

Perhaps I do, and I certainly recognize the state's interest.

Town Heretic said:
You think a bank ever really wants to release confidential records?

No, of course not. But in the case of banks, generally any orders issued only implicate the rights of targets of the order, not every innocent person who happens to be a customer of the bank.

Town Heretic said:
I'm saying Apple shouldn't lose all control or essentially any real control over its product save that necessitated by the order and only to the limited extent to fulfill the writ.

I take Apple at its word, that being completely consistent with the difficulties of securing such things.

serpentdove · Mar 8, 2016

France Votes on Bill That Could Make Apple Unlock Terrorist Data

Ask Mr. Religion · Mar 8, 2016

Ask Mr. Religion said:
This odd duck thinks he can do the hack using just social engineering.

See the guffaws at slashdot:

http://it.slashdot.org/story/16/02/...ernardino-iphone-for-the-fbi-and-save-america

[Note: vulgar and other inappropriate language often used at the link above]

AMR

And the rest of the story:

http://www.dailydot.com/politics/john-mcafee-lied-iphone-apple-fbi/

Odd duck, indeed. And completely devoid of any remorse about it.

Note: some vulgarity in the article above.

AMR

User Name · Mar 8, 2016

Ask Mr. Religion · Mar 11, 2016

Apple ups the rhetoric related to this FBI case:

http://www.theverge.com/2016/3/10/1...epartment-of-justice-fbi-smearing-desperation

Read the DoJ's latest motion:
https://www.scribd.com/doc/303739074/Government-Response-to-Apple-Motion#download

The motion notes...

For Apple to build the ordered software, no more than ten employees would be required to work for no more than four weeks, perhaps as little as two weeks and that Apple will be reimbursed for costs.

Contrary to Apple's previous claims, even if “criminals, terrorists, and hackers” somehow infiltrated Apple and stole the software necessary to unlock Farook’s iPhone, the only thing that software could be used to do is unlock Farook’s iPhone. The DoJ points out that any code executed requires Apple's unique signature, something that no one is requesting access to. So even if someone obtained the code Apple developed for Farook's iPhone, it would be impossible to run it on another device.

On this point I do think that there is exposure to Apple should any code developed be obtained illegally. Somewhere when updating phones over the air Apple's unique ID is transmitted, most likely as a hashed signature of the code that is being applied in an update, said signature hash compared to some security trust mechanism on the device itself. This "handshake" in software and hardware guarantees the update to be applied to the phone is valid. Organizations with unlimited resources could potentially mount some attack to spoof that over the air update process, so-called "man in the middle" attacks, as I discussed here.

Then again, how is this only now a possible concern by Apple? The fact that they perform over the air updates of iPhones, just as does all major mobile phone makers, is no less a risk than what the FBI is asking for now.

Finally, the DOJ's motion notes how in 2009 Apple (and Dell) complied with China's request to use China's own and well-known weak WiFi protocol, WAPI, in order to meet the Chinese government's request to be able to snoop user's communications. Seems Apple's complaints of being pwned of the US government are a wee bit of overreaching.

AMR

serpentdove · Mar 12, 2016

Keys please

...Obama makes case for access to all devices Jn 8:36, Re 13:17

Ask Mr. Religion · Mar 16, 2016

Well, I guess there is the often used veiled threat: we can do this the easy way or we can do this the hard way:

Footnote Nine of DoJ's filing reads:

"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

I have to wonder why the DOJ takes Apple's bait that the government is trying to create a police state for what would only be a Pyrrhic victory.

That said, even with access to the iOS source code, the company's own identity keys would be required to interact with what is stored in the phone's secure trust modules and burned into its ROM. Apple could also just release an iOS update and invalidate whatever the government now possessed. Furthering gumming up the issue is that Apple's key is used to sign update images to be pushed out over the air. The signing per se usually involves walking a USB over to an isolated (airgapped) Mac wherein the update image and key on the USB are then merged.

AMR

serpentdove · Mar 18, 2016

Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist

...Users hit with more malware Jn 8:36, Re 13:17

rexlunae · Mar 18, 2016

FBI said:
The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.

Now that's a pretty serious threat by the FBI. In other words, if the FBI doesn't get its way and compel Apple to create the attack code, either by judicial writ or by semi-voluntary compliance, they'll seek to compel Apple to disclose the source code, which is probably not all that serious, and also their private key, which is essentially everything. With that, the FBI could push updates as if signed by Apple to anyone's phones whenever they wanted, and who knows what else might be compromised by that.

FBI said:
That said, even with access to the iOS source code, the company's own identity keys would be required to interact with what is stored in the phone's secure trust modules and burned into its ROM. Apple could also just release an iOS update and invalidate whatever the government now possessed.

Maybe they could. I'm not sure how easy it is to overwrite the keys on the phones, and in the mean time, until the update goes out, the FBI would have the ability to do the same with any phone using those keys.

serpentdove · Mar 23, 2016

Report: Israeli firm helping FBI open iPhone Jn 8:36, Re 13:17

kmoney · Mar 28, 2016

http://www.usatoday.com/story/news/nation/2016/03/28/apple-justice-department-farook/82354040/

The Justice Department withdrew its legal action against Apple, Monday, confirming that an outside method to bypass the locking function of a San Bernardino terrorist’s phone has proved successful.

The method brought to the FBI earlier this month by an unidentified entity allows investigators to crack the security function without erasing contents of the iPhone used by Syed Farook, who with his wife, Tashfeen Malik, carried out the December mass shooting that left 14 dead.

exminister · Mar 28, 2016

kmoney said:
http://www.usatoday.com/story/news/nation/2016/03/28/apple-justice-department-farook/82354040/

And I understand Apple wants to know how they cracked security so they can plug it.

kmoney · Mar 28, 2016

"The San Bernardino case was not about trying to send a message or set a precedent; it was and is about fully investigating a terrorist attack,'' FBI Director James Comey wrote in an editorial last week.

Sure it was.

lain:

serpentdove · Mar 29, 2016

FBI hacks into terrorist’s iPhone without Apple

Daily Beast: Did FBI Unleash Foreign Hacker Army on Apple?

...'No obligation to tell public'

Encryption battle still alive in Brooklyn drug case Jn 8:36, Re 13:17

Nihilo · Mar 29, 2016

Nihilo said:
where does attorney-client privilege come in here? It seems to be bordering on that type of thing. Isn't that part of the reason we didn't want to try terrorists in American courts, because we wanted to avoid the protection of attorney-client privilege?

I think this worked out magnificently. We all can now have faith that our police is at least as good as our more advanced corporations. That's phenomenal and bravo.

Town Heretic · Mar 30, 2016

kmoney said:
Sure it was. lain:

I don't know why he even felt as if he should appear to believe that...of course it's precedent setting. What does that have to do with whether or not it's also right? :idunno: The law replete with examples of good and bad precedent.

kmoney · Mar 30, 2016

Town Heretic said:
I don't know why he even felt as if he should appear to believe that...of course it's precedent setting. What does that have to do with whether or not it's also right? :idunno: The law replete with examples of good and bad precedent.

You don't know why? He was trying to make it sound better to those who were against it.

Town Heretic · Mar 30, 2016

kmoney said:
You don't know why?

It was offered in the same sense, "I can't believe you said that," mostly means "Why on earth would you say that?"

Have you been spending time PMing with meshak, Letsargue, or Crucible again? Because conversation with emergent readers, the heavily medicated or those in need of can really skew your rhetorical compass.

lain:

Or is it just the unsettling nature of following the Chiefs in the offseason?

Stripe · Mar 30, 2016

Tim Cook is a homo.

No data is safe from hacking. No matter how good the security and encryption, there is always a means to access information.

But mostly, Tim Cook is a homo.

Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone

BANNED

New member

BANNED

&#9758;&#9758;&#9758;&#9758;Presbyterian (PCA) &#9

Greatest poster ever

&#9758;&#9758;&#9758;&#9758;Presbyterian (PCA) &#9

BANNED

&#9758;&#9758;&#9758;&#9758;Presbyterian (PCA) &#9

BANNED

New member

BANNED

New member

Well-known member

New member

BANNED

BANNED

Out of Order

New member

Out of Order

Teenage Adaptive Ninja Turtle

☞☞☞☞Presbyterian (PCA) &#9

☞☞☞☞Presbyterian (PCA) &#9

☞☞☞☞Presbyterian (PCA) &#9