News Apple's Tim Cook strikes a blow for security, privacy

In fairness I think the FBI are asking for an altered iOS version to be applied to a single device as an update rather than an update that would be universally deployed to all phones.

 

I didn't want to quote a wall of text so i hope it's OK if i refer to your other post in reply to me.

I understand all of what you said and i agree that if Apple put a back door into iOS it would be a very, very bad thing, but (as i said) unless I've missed something they're not being asked to put a back door into iOS, are they ?

I'm only going on what that techdirt article said but according to them the court order (PDF) says that Apple will/should bypass or disable the auto-erase function, enable the FBI to submit passcodes to the device, and will not purposefully introduce any additional delay between passcode attempts.

They then go on to say that Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with and then a list of things that, this is the bit I'm unsure on, Apple could if they wanted provide but don't necessarily have to, no?

 

I think paragraph two outlines intended goals and paragraph three suggests a non exhaustive list of possible means to accomplish those goals. They don't have to use what has been outlined in paragraph three to meet the goals if they can achieve them in some other manner.

 

The way it reads on other sites would be this would not work on any device passed the 5c anyway as the encryption went to hardware after that with every phone having a finger print ID scanner on it.

Which uses a hardware key that even Apple does not know.

Dout Apple could do this even if they wanted too, they updated a lot of security issues in iOS 9.0 and above after hackers told them the flaws in there system. Most reports suggest they hired those ex hackers to make the current system. Huge events take place every year where devices try to get broken into.

They say it will eventually in a few years end up at the Supreme Court of Justice who will then make a decision that will effect wether tech firms like Apple remain in the United States.

When the deadline comes up they will tell them No or something similar then it gets referred to the next system, which takes 6 months. Apple can then delay any hearing another 6 months and drag the process out near indefinitely to the point where the case is finally refered to Supreme Court.

This could take years to be resolved and not sure USA government really wants to wait years for its answer, there's nothing they can do in the mean time.

The fact this has even been made Public suggests the FBI has asked privately and been told No already. They can't brute force the device open and most reports suggest they won't be able to just reformat the pin code away.

If it's alpha Numeric pin even with a computer it could take years to break the code even with Apples help. They have not said if it's just a standard 4 PIN number pass. A letters only pass or a mixture of everything. The mixture of everything would take years to break by brute force even if Apple removed the auto wipe function.

What the FBI is really after according to a lot of tech reports is a true back door where they don't have to spend time with all the passcode at all. They can just enter and get what they want. If that's accurate then Apple is damn right to tell them no.

All of the big tech firms have come out and sided with Apple now on this just about. No real shock as if Apple gives in they will all be forced to do the same.

This case could really have major implications for our digital future long term. If Apple wins then your data is safe if encrypted from all agencies or bad people.

If Apple loses all data out there is basically accessible by any government at will. Which to me sounds like a huge breach of privacy.

 

if you or I ignored a court order we would have the balliffs turn up with the police to carry out what the court had ordered.

 

What's a "ballif"?

 

We are not a company valued at half a trillion dollars. Nor a collection of companies valued at a few trillion dollars.

http://fortune.com/2016/02/18/fbi-iphone/

This article here explains a large part of the reason they don't have to comply. The FBI already tried this in another case and the judge threw the case out.

They are trying again as it involves terror activities in the hopes they change there mind.

They will have asked privately and been told No.

When they file there legal defence we will see what position they intend to take. The court they are using will likely pass the buck up the system till we hit the Supreme courts and the decision they make that day will effect the futures of everyone.

Snowden forced companies like Apple to take these measures in the first place with the USA and Uk heavily spying on everyone.

 

So when i read "The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE.", when i read that and assumed that it would only run on that one singular phone i assumed wrongly? From what you say it seems it would be all models of that phone and not just a singular phone.

If so it starts to become a little more worrying, i guess it's not beyond the realms of possibility that the FBI could make a copy the signed iPhone Software file, recovery bundle, or Software Image and reverse engineer it to work on other iPhones maybe.

I know little about what's possible from a hacking perspective, if I've understood correctly, if Apple modified the phone in such a manner as to allow a brute force attack via remote access at an Apple facility would it be possible for the FBI to copy the modifications that Apple made and reverse engineer it?

Something else that just occurred to me is that i ain't got a clue why they want access to the data on the phone, i know its got something to do with a mass shooting in America but those happen so often i kind of mentally tune them out.

 

It sets a standard of what they will do for a government. Then every other authoritarian gov in the world will be asking them for the same software unlock on a whim. There is principle behind it even if it's also $/PR aligned.

 

Yes, it's still a problem either way. But it won't be a global back door that's all. Of course that doesn't protect you from your own government.

 

Yup. NSA/GCHQ have the toys they just don't share. I'm sure the Chinese do as well.

http://www.zerohedge.com/news/2016-...ty-stunt-apple-unlocked-iphones-feds-70-times

Apple apparently unlocked 70 phones for the FBI before too.

 

Well of course it has. Apple doesn't actually care about people's data or authoritarian governments.

 

Before the latest version of IOS it was very easy to do. Anyone with some brains could bypass the system as if you hard routed the phone it would keep the data and lose the security settings.

Things are a bit dif now.

They already have the data up to a month before the shooting as it auto backed up to ICloud.

We shall see what the government intends to do when they tell them no.

Since if it goes all the way to the highest court we will be talking about years before its sorted.

 

Just random thought, but wouldn't creating a security hole to access data that was once secure actually make the evidence on the device almost useless?

I mean there's no saying that the "backdoor" wasn't used to falsify evidence, it's not like you can add a "backdoor" without letting multiple people who have biased thoughts access the device whilst it's insecure?

 

Would it be worth falsifying any evidence, i thought the phones user was dead and there wasn't any doubt over his culpability, I'm not sure what the FBI expect to get from the phone TBH.

 

To be honest I think it's a power play to get overall majority support using a high profile case.

 

And then the FBI/CIA/NSA/other Three-Letter Acronym hacks the software package to remove the device lock, and has a universal key.
It is my understanding that they want it to be fully-functional and backdoored, which is A. not necessary for their purposes, and B. makes it a great tool to deploy "in the wild" as it would be visually indistinguishable from an unhacked iPhone.




All of this ignores the elephant in the room. Why hasn't the FBI just desoldered the flash chip, stuck it in a chip reader, dumped it to an image file, and started brute-forcing THAT? It's encrypted, not inaccessible.
If they actually want the contents of the phone, that seems to be the easy way. If you want the guy's Apple server data, you ask Apple for a copy of the guy's data off their servers.
Once an attacker is in physical possession of your computer, you've already lost. That should be even more true of a government TLA.

I don't think they want the data at all. It's a convenient excuse to get Apple to code them a backdoor.

 

Establishing and verifying social networks (as in personal associations not Facebook twitter etc.) would be important in determining if others were involved in some way. A phone would be a very useful piece of evidence towards that. However a phone is not the only way to establish his social networks so I tend to agree with Rhydian. Plus the FBI have already been moaning about encryption which I think supports Rhydians point.

 

That's what would concern me also, but i can't see how they'd do something like that, if I've understood correctly Apple could take ownership of the phone, make the necessary changes and then give the FBI access to it remotely.

As I've said IDK what would be possible in terms of hacking so maybe I'm not aware that copying the modifications is something that could be done and then reverse engineered to work on other devices.

Using the link Bindibadgi provided i followed the sources and found this blog post on the technical aspects that i found interesting, but for the life of me i can't think of how should they wish use or copy the modifications for nefarious reasons.