Quote :

"From all the stories I hear about No Such Agency, I would assume if Apple can do this, so can they"

so the NSA has every line of code Apple has ever wrote?

2/18/2016 2:35:35 PM

Not saying that and not trying to start an argument, just asking why they can't. They're often touted in the media as being able to hack damn near anything (including rumors they've cracked RSA).

If it comes down to simply not having Apple's code, I guess that would answer my question; I personally don't know all of the issues involved. I'm asking out of ignorance, not provocation.

2/18/2016 2:44:48 PM

Good going Apple!

2/18/2016 3:18:34 PM

Quote :

"Not saying that and not trying to start an argument, just asking why they can't. They're often touted in the media as being able to hack damn near anything (including rumors they've cracked RSA)."

In this case, Apple wouldn't be hacking encryption as you're describing with the NSA, they would be releasing software (I would assume based on their own existing code) which would allow the FBI to bypass security features of the phone. I don't think its really helpful to compare the capabilities of Apple to those of the NSA.



[Edited on February 18, 2016 at 3:26 PM. Reason : Nobody knows what the NSA can hack, which makes a lot of these media reports kind of silly ]

2/18/2016 3:23:06 PM

Hey, dagnabit. I read a story linked on Facebook that the NSA can hack any encryption!

2/18/2016 4:20:27 PM

Gotcha!

2/18/2016 4:57:25 PM

http://arstechnica.com/staff/2016/02/mcafee-will-break-iphone-crypto-for-fbi-in-3-weeks-or-eat-shoe-on-live-tv/

Not sure how he expects to social engineer the passcode of a dead guy... Seems like the rankings of someone on cocaine.



[Edited on February 18, 2016 at 5:02 PM. Reason : ]

2/18/2016 4:59:38 PM

that dude is insane in the membrane, but a helluva lotta fun to read about

http://www.wired.co.uk/magazine/archive/2013/02/features/dangerous
http://www.sv411.com/index.php/2013/09/john-mcafee-back-game/
https://en.wikipedia.org/wiki/John_McAfee

2/18/2016 5:07:28 PM

http://www.cnn.com/2016/02/18/us/san-bernardino-shooter-phone-apple-reaction/index.html

Quote :

"or Ryan Reyes, it's personal. Granted, many people have strong opinions over whether Apple helps the FBI break into the iPhone of San Bernardino killer Syed Farook. It's not just about that single device, they say, but larger issues like privacy and security. It's about how best to balance protecting any one person's secrets and society as a whole. Reyes' viewpoint, though, is shaped by one person he'll never get back: his boyfriend, Daniel Kaufman, one of 14 gunned down during a holiday luncheon at the southern California city's Inland Regional Center. He "

So how does Apple hacking Ayed's cell phone bring back the victims of the massacre or provide justice to a dead criminal....

Unless there is prudent and imminent concern that they were communicating with sleeper cells plotting similar attacks, I do not see how hacking their phones is about safety anyway.

2/18/2016 8:14:32 PM

Quote :

"I doubt this."

What? What is there to doubt? If Apple writes software for device X which disables security features on device X, why do you doubt that such software has now instantly made every single device X vulnerable to the software which was just written? Maybe I could have specified that it makes all iPhone 5C and prior phones vulnerable (Apple has said as much), but I assumed you would understand that clearly this software doesn't make the Samsung Note 5 vulnerable.

I agree with your later assertion that this is a unique case, but I can't fathom how you can't see the vulnerability this introduces into Apple's product line.

2/18/2016 11:47:50 PM

Quote :

"Maybe I could have specified that it makes all iPhone 5C and prior phones vulnerable "

That's a very different statement than "it makes every other device vulnerable".

It probably even would only apply to iPhone 5Cs with the same baseband chip, which is a very small number of phones (i don't know anyone that has an iPhone 5C, i think it's Apple's worst selling iPhone variant).

2/19/2016 2:03:09 AM

http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/

Quote :

"Such a firmware would not seem to be generally useful for attacking other iPhones, though. The FBI's request is that the special firmware be tied to the specific device. Every iPhone contains a multitude of unique identifiers that are baked into its hardware (the serial number, the cellular radio IMEI, and the Wi-Fi and Bluetooth MAC), and the court order explicitly states that the custom firmware must be tied to the San Bernardino phone's unique identifier, such that it can only run on that specific phone. ... Apple already performs lock screen bypasses on devices running old versions of iOS; law enforcement sends the device to Apple, Apple does the data extraction using tools the company has explicitly created to perform the extraction, and law enforcement receives a FireWire or USB drive with the data. Apple's custom tools never leave Cupertino. ... The FBI does not really need Apple to write a custom firmware that lets you brute force the iPhone PIN without risk of wiping the device or suffering lengthy timeouts. It's much easier for Apple to write this code, of course, because Apple knows all about the iPhone, but there's no doubt that the FBI could pay some enterprising reverse engineers and hackers to develop the software itself. The problem for the FBI is not so much the development of the software; it is getting that software to run on the iPhone."

2/19/2016 2:16:26 AM

that's the scenario we have all been talking about, apple shouldn't do that

2/19/2016 9:03:58 AM

Quote :

"It's hard to overstate the tech world's fascination with the legal standoff between the FBI and Apple. Laymen might look at the dispute and shrug; after all, the FBI is just asking Apple to help hack into one phone, and it's not unusual for tech companies to help the police. "Apple does provide 'reasonable assistance' to law enforcement all the time," says Jeff Fischbach, a forensic technologist who specializes in retrieving data from devices for use in court. But he says what the FBI is demanding from Apple in the San Bernardino case is qualitatively different. (For those who haven't been following the case: The FBI wants Apple to write custom software that would make it easier to hack into a locked iPhone 5c used by Syed Rizwan Farook, who along with his wife, Tashfeen Malik, killed 14 people in San Bernardino in December.) "I'm not convinced that the FBI has actually pulled out all the stops on this particular phone," Fischbach wrote in an email to NPR. "The concerns they cited exist in any iPhone [forensic] exam, and yet this time they've seemingly declared their hands tied. It feels opportunistic. Like a chance to expand their tool chest." Many tech experts suspect the federal government is taking advantage of the public sentiment surrounding the San Bernardino massacre to force Apple into accepting the premise that it's obliged to aid law enforcement even if it means creating new security weaknesses in the devices it sells. But if that is the FBI's strategy, it's not necessarily a winning one. In his New York Times technology column, Farhad Manjoo concluded that the tech industry holds an ace: "the technical means to keep making their devices more and more inaccessible." It's true that companies such as Apple are usually a step ahead of law enforcement, technologically. Every new generation of device or operating system represents a challenge for the in-house hackers at the FBI and other law enforcement agencies. It can take months for them to find a way into a new system, if they can find a way at all. And if the FBI succeeds in forcing Apple to write code to help hack this iPhone 5c, it's presumed the company will engineer the next generation of iPhones to be immune. But the government is also holding an ace: the possibility of legislation. Robert Cattanach is an attorney specializing in cybersecurity who previously worked for the Justice Department. He predicts this fight will eventually go beyond the courts. "Whoever is the loser in this will certainly plead their case to Congress," he says. "Either, 'We need a backdoor,' if the FBI loses, or 'You can't give them a backdoor,' if Apple loses." The question of whether tech companies should be required to build backdoors has been floating around Congress for a number of years now, pushed on one side by law enforcement's growing complaints about how encrypted technology is "going dark" to legitimate surveillance and detective work; and opposed on the other side by Silicon Valley. As is the case with so many pressing issues in Congress, nothing much has moved so far, but a public fight over San Bernardino could break the logjam. For Fischbach, this is a worrisome possibility, because he thinks the emotions tied up in the San Bernardino case might cause Congress to take the side of the FBI. It wouldn't be the end of encryption, he says, but it could be the end of easy-to-get encryption for the general public. "[M]andating back doors only pushes the fringe," Fischbach writes. People in the know — such as sophisticated crime syndicates or terror networks — will still figure out how to keep data unreadable, but "[f]or the rest of us with 'nothing to hide,' that just means we lose another piece of our privacy.""

http://www.npr.org/sections/thetwo-way/2016/02/18/467250247/fbi-apple-showdown-is-the-latest-battle-in-a-bigger-war

2/19/2016 9:24:42 AM

Well, on a side note, you really can say your locked iphone is as secure as it gets. If the government can't get into a terrorist's cell phone, this shit is as locked up as fort knox.

2/19/2016 11:03:34 AM

It's fucking sad that citizens have to hope that a private company will protect their civil liberties from their own government.

2/19/2016 4:57:17 PM

Quote :

"That's a very different statement than "it makes every other device vulnerable"."

And that difference isn't particularly meaningful, especially when you knew what I originally meant when you read it. You're a programmer. Obviously you knew I wasn't talking about Apple making Android devices vulnerable.

Quote :

"Such a firmware would not seem to be generally useful for attacking other iPhones, though. The FBI's request is that the special firmware be tied to the specific device. Every iPhone contains a multitude of unique identifiers that are baked into its hardware (the serial number, the cellular radio IMEI, and the Wi-Fi and Bluetooth MAC), and the court order explicitly states that the custom firmware must be tied to the San Bernardino phone's unique identifier, such that it can only run on that specific phone."

To even bring this up is insulting to my intelligence. All of that information is essentially a constant in a computer program. To use the resulting firmware on another device, you would simply change the constants and recompile.

Quote :

"Apple already performs lock screen bypasses on devices running old versions of iOS; law enforcement sends the device to Apple, Apple does the data extraction using tools the company has explicitly created to perform the extraction, and law enforcement receives a FireWire or USB drive with the data. Apple's custom tools never leave Cupertino."

That Apple has done it in the past for different devices using software which already exists is not at issue here. The question is whether the government should be able to compel an unrelated third party to perform services for the government which might cause harm to the unrelated third party. Using already existing software to partially compromise older models of iPhones is distinctly different from asking Apple to develop new software to compromise iPhones which aren't currently compromised. Apple sold these devices based upon the claim that they were secure. Key to Apple's claim of security for these devices is that you couldn't attack the device without Apple's cooperation. Also, there is mounting evidence that what the FBI is requesting would, in fact, compromise iPhone models which are newer than the device in question (https://www.techdirt.com/articles/20160218/10371233643/yes-backdoor-that-fbi-is-requesting-can-work-modern-iphones-too.shtml). So, yes, there is clear harm that could be caused to Apple by forcing it to build software to compromise the security features of its own product.


In reading the comments on that article you posted, it's abundantly clear that the FBI is using this particular case in order to set a precedent. There's probably not any urgently useful information on the device, especially when compared to how the shooters absolutely demolished their other devices beyond any hope of data retrieval. However, this case is the best one they have to put pressure on Apple to comply: terrorism, a sensational mass shooting, national security, wooooooooo! But, force Apple to create the necessary software this time, and in the future when you want to go bust up little Timmy for carrying a dime-bag of weed, you just show up at Cupertino with a warrant and say "remember that shit you wrote last year? Do it again for this phone." At which point Apple doesn't have a leg to stand on.

2/19/2016 9:25:07 PM

Burro, I'm worriEd about you, you need some Xanax or something.

2/20/2016 12:37:28 AM

> posts walls of text
> says someone else posting a wall of text needs xanax

2/20/2016 12:09:17 PM

Quote :

"What is Xanax? Xanax (alprazolam) is a benzodiazepine (ben-zoe-dye-AZE-eh-peen). Alprazolam affects chemicals in the brain that may be unbalanced in people with anxiety."

2/20/2016 2:51:52 PM

Quote :

"It's fucking sad that citizens have to hope that a private company will protect their civil liberties from their own government."

It certainly is. Except when I don't trust our government, I'm being a right wing nutjob.

But as US citizens, sure, we're worried about our own privacy. But think about how many world leaders have these same iPhones, and sure, each government would have their own layer of security, but there's a lot of power to be held of our government can get a back door into iPhones.

Theoretical question...so the I assume since Apple is a US company, the government does have some sway in compelling Apple (or attempting to compel them) to do what they want. But what if a Chinese citizen performed an act of terror in China, and the government needed to get into this citizen's phone. People tend to have less civil liberties there, but does Apple have to comply in that case?

2/20/2016 7:21:18 PM

You've got to be trolling, right? "Hey, guys don't worry about the gov't being able to spy on us, cause they'll be able to spy on world leaders, too!" Except that the moment the US gov't started doing that, world leaders would just cease using an iPhone and would use something else. Even still, the US gov't would be far more interested in turning that spying inwards.

2/21/2016 1:05:35 PM

It's always super fun to watch hard core dems or repubs attack one leader for something and then support a leader from their team when they do the exact same thing.

2/21/2016 2:48:24 PM

^^^

State sponsored hacking has more tools in their belt than needing physical access to a phone to brute force the passcode. That's probably the least likely thing to happen... This issue has little bearing on that.

Nothing stops individual apps from separately encrypting data in their own data silos too.


I also recall Pakistan having to cut a deal with blackberry to continue selling product in that country. China likely has similar clout to compel Apple to take steps like this, but maybe China hasn't had to face this issue yet. Or maybe China's intelligence agencies already scan the data, since I presume Chinese firewalls have trusted ssl certs in the country used to read encrypted data anyway.

https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle

Remember too that stuxnet relied on a compromised root certificate that wasn't yet known to be compromised publicly.

Basically, in terms of intelligence and hacking, the agencies don't need explicit cooperation and likely don't want it (since this compromises op sec).

This case is entirely about what the government can compel a company to do and how they compel it.

We have laws requiring telecommunications company to share data with the nsa. We don't yet have laws requiring computing companies to provide custom security bypassing software, but probably will now thanks to apple.


[Edited on February 21, 2016 at 3:52 PM. Reason : ]

2/21/2016 3:45:52 PM

^^ us hardcore libs have been against it no matter the party, same with hardcore libertarians

2/21/2016 4:27:31 PM

http://www.businessinsider.com/fbi-confirms-shooters-icloud-password-reset-2016-2

So, basically, because the FBI doesn't know how the hell to properly preserve digital evidence, Apple should be compelled to compromise compromise the security features on millions of iPhones across the world. Good work, gov't!



Also note that the FBI lied about this in a motion they filed with the court. Stop and consider that for a moment.

2/22/2016 12:01:49 AM

^ I can see the train of thought there honestly... Better to reset the password to something known vs risking a collaborator having the password and resetting it. Not thinking about other iOS features that might make it better to not reset the password. I wonder what apples response time in that situation is for consultation and of the FBI has a direct line.

The irony is that there's probably not much useful info on the phone...

2/22/2016 12:34:25 AM

Of course there's nothing useful on the phone. The shooters purposefully destroyed their personal phones and laptops to the point that there is no hope of retrieving any data off of them. This phone was left alone. It doesn't take a rocket scientist to figure out why.

2/23/2016 12:19:08 AM

http://www.wsj.com/articles/justice-department-seeks-to-force-apple-to-extract-data-from-about-12-other-iphones-1456202213

"just this one phone I swear"
....
"and these other 12"

2/23/2016 10:49:22 AM

Since this is a government issued phone, why can't the government get into the device as an administrator? Does the government manage devices in a way that people are allowed to use them for personal use without the government being able to manage the device?

2/26/2016 5:12:00 PM

They forgot to install the app Ooops http://www.wral.com/common-software-would-have-let-fbi-unlock-shooter-s-iphone/15401899/

2/26/2016 5:27:45 PM

Apple should work with the fbi on the San Bernardino phone on the condition that the fbi lobbies congress and other Intel agencies not to push for mandatory back doors or cracks, and secure the right to make uncrackable future versions of iOS and iPhones.

Public opinion favors the fbi and congress doesn't care about privacy, they'll go full retard if given the chance.

2/27/2016 12:40:19 AM