Third Hour Forum Rules - Please be familiar with these rules before posting

Apple Refuses to Build iPhone Backdoor

unixknight

By unixknight
in Current Events

 Share

Recommended Posts

Blackmarch

Blackmarch

Posted
Posted

If apple creates a piece of software that can work around all the major security on its products, thats pretty much a time bomb for the company. Even if apple doesnt give itnto any other party theres a chance it will get leaked or code will get leaked, at which point apple is liable for anynhacks that occur after such a leakage.

Link to comment
Share on other sites
  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Just_A_Guy
Just_A_Guy

By parallel:  If I put my evil plans in a bank vault, and I die in executing my plans, everyone would agree that the bank should have to comply with a warrant ordering that they open up my vault.

unixknight
unixknight

This is a statement issued by Apple. It seems the FBI wants Apple to install a modified version of the OS onto the iPhone recovered from one of the San Bernadino terrorists which would allow them

NeuroTypical
NeuroTypical

Every nation's people draw the line between liberty and safety in different times, for different reasons.  You wouldn't see this much yelling if this was happening in the aftermath of the 9/11 attacks

jerome1232

jerome1232

Posted
Posted

 Whatever happened to good old brute forcing?

Toss a dictionary at it, have they tried "all infidels die now" or "allah be praised"?

I bet one of those will unlock it right there.

But seriously. No. Backdooring the encryption is a terrible, horrible, no good idea. The most glaring problem, government aside, is that eventually people figure out where the backdoor is. People you definitely, not just maybe, but definitely don't want to be able to crack open encryption keys willy nilly.

Link to comment
Share on other sites
Just_A_Guy

Just_A_Guy

Posted
Posted

My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself.  The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion.

Link to comment
Share on other sites
Jojo Bags

Jojo Bags

Posted
Posted

The plot thickens.  The password was reset at the behest of the FBI and now they want a master key to unlock "just that phone."  If you believe the FBI won't be using the master key to unlock all IPhones, then I've got some beach front property for sale in Arizona you might be interested in.

 

http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust#.oqVzAWDBL8

Link to comment
Share on other sites
Blackmarch

Blackmarch

Posted
Posted
3 hours ago, Just_A_Guy said:

My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself.  The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion.

On the highest security setting, it does a security delete of all user data and apps. (ie its scrambles all the pertinent data rather than just rewriting file location info)

Link to comment
Share on other sites
jerome1232

jerome1232

Posted
Posted (edited)
21 hours ago, Just_A_Guy said:

My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself.  The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion.

I'm fairly sure there is a utility you can run on a computer while the phone is connected via usb, that will simulate PIN attempts over the usb and aggressively cut power after each attempt which gets around the failed attempts limit.

A bit slow maybe, but it's a 4 digit pin, it couldn't take *that* long. Probably no longer than a week or so for every combination to be tested.

*Correction, it attempts 5 pins, then reboots the phone clearing the "failed attempts count" It can do every possible combination in 14 hours.

Edited by jerome1232
Link to comment
Share on other sites
NeuroTypical

NeuroTypical

Posted
Posted

My iPhone uses a full-blown password.  No 4 digit or 5 digit pins.  I forgot my password.  After a few wrong tries, there was a 5 minute wait.  Next wrong try, 30 min wait.  Then 2 hours.  Then 24.  Then "Sorry, no iPhone for you".  I contacted numerous tech support numbers - AT&T sent me to Apple, Apple tried to send me back to AT&T.  The solution was basically to erase all data and start over from scratch.

 

 

Link to comment
Share on other sites
kapikui

kapikui

Posted
Posted
7 hours ago, jerome1232 said:

I'm fairly sure there is a utility you can run on a computer while the phone is connected via usb, that will simulate PIN attempts over the usb and aggressively cut power after each attempt which gets around the failed attempts limit.

A bit slow maybe, but it's a 4 digit pin, it couldn't take *that* long. Probably no longer than a week or so for every combination to be tested.

*Correction, it attempts 5 pins, then reboots the phone clearing the "failed attempts count" It can do every possible combination in 14 hours.

Interesting.  This would indicate one of two possibilities.  One, that the FBI is run by a bunch of morons.  and two, that the FBI doesn't  really care about what's on the phone, but wants this software for another reason.  Since it seems that the primary thing they want is a version of iOS that will let them make unlimited attempts to crack the pin, and utilities already exist to do that, moreover Apple almost certainly has most of what they've asked for already built.  After all, such things would be almost required for testing.  It seems that what the FBI is hoping for is some sort of precedent that will make it legal for them to force back doors into software. 

Link to comment
Share on other sites
NeuroTypical

NeuroTypical

Posted
Posted (edited)
8 hours ago, kapikui said:

This would indicate one of two possibilities.  One, that the FBI is run by a bunch of morons.  and two, that the FBI doesn't  really care about what's on the phone, but wants this software for another reason.

Or 3, dood's iPhone is like mine, and there is no 4 or 5 digit PIN, but instead a full-blown encrypted password of random size and complexity.  Thus turning the "it couldn't take that long" notion, into a "yeah, it could take a million hours" notion.

Right?

I mean, I'm not saying the FBI isn't up to things.  But no really - my iPhone doesn't have a cheap easy-to-crack PIN.

Edited by NeuroTypical
Link to comment
Share on other sites
unixknight

unixknight

Posted
  • Author
Posted (edited)

Yeah that's the thing with any kind of serious encryption.  Brute force attacks simply don't work with our current level of technology because it would literally take millions of years to try every possible combination, even at thousands of combinations per second.  Encryption isn't about an absolute force field, it's about making it take too long to break through.  The only reason phones like iPhones and Androids have a limited number of attempts is because it's easier to  try to use social engineering to guess the password.

Side note:  With the advent of computers equipped with thermistors (sort of multi-state transistors) the amount of time it would take to crack traditional RSA encryption would be cut drastically.  In a few more years, this discussion might well be moot unless and until an even better encryption approach becomes widespread.

Edited by unixknight
Link to comment
Share on other sites
kapikui

kapikui

Posted
Posted
13 hours ago, NeuroTypical said:

Or 3, dood's iPhone is like mine, and there is no 4 or 5 digit PIN, but instead a full-blown encrypted password of random size and complexity.  Thus turning the "it couldn't take that long" notion, into a "yeah, it could take a million hours" notion.

Right?

I mean, I'm not saying the FBI isn't up to things.  But no really - my iPhone doesn't have a cheap easy-to-crack PIN.

From what I've read, it actually IS just a short PIN.  Their primary ask is for something that allows them to input the password multiple times without it deleting the data.  It sounds exactly like they're going to try to brute force the phone. What they should do is pull the encrypted data off the phone and attack it with normal cryptoanalysis and a nice large supercomputer cluster. 

Link to comment
Share on other sites
jerome1232

jerome1232

Posted
Posted

Ah, I didn't realize you can use a full blown password when encrypting an iPhone. That changes things a lot. Though... if you have to type this password in everytime you unlock your device.... boy the chances of it being much better than the pin aren't very good. 

I was assuming a 4 digit pin, which would be very simple to brute force even with the failed login attempts limit.


I assume you can physically tell when you try to unlock it whether they are using a regular pin or a password based on the keyboard that shows up.
 

Link to comment
Share on other sites
Blackmarch

Blackmarch

Posted
Posted
On 2/21/2016 at 2:59 AM, jerome1232 said:

 Whatever happened to good old brute forcing?

Toss a dictionary at it, have they tried "all infidels die now" or "allah be praised"?

I bet one of those will unlock it right there.

But seriously. No. Backdooring the encryption is a terrible, horrible, no good idea. The most glaring problem, government aside, is that eventually people figure out where the backdoor is. People you definitely, not just maybe, but definitely don't want to be able to crack open encryption keys willy nilly.

while that's still an option that method gets trickier and trickier to pull off without breaking something, and the more complex something is, the more time consuming it is as well as more likely for something to go wrong. On that premise one could argue that the FBI are seeking a much easier/faster route.

they could extract and copy the whole hard drive to another piece of equipment and brute force with that method, but would have to make another copy any time the copy scrambled itself.

Link to comment
Share on other sites
NightSG

NightSG

Posted
Posted
On 2/18/2016 at 2:07 PM, Just_A_Guy said:

There has to be precedent for this kind of thing; and I wonder why we don't just follow that precedent (whatever it may be) when it comes to encrypted data.

Let's look at a similar hypothetical.  Andrew Jackson was a judge around the time of the founding of our nation.  Strong encryption has been available since the invention of the one-time pad, which was used in ancient civilizations, so a strong (but often not unbreakable - a long enough message using a one time pad can generally still be solved by certain methods) cipher is hardly an idea the Framers wouldn't have been aware of when the Fourth Amendment was being debated.

Now, let's say that Judge Jackson was asked to compel a local mathematician/linguist/whatever to decode a message found on the corpse of a foreign spy.  What do you think his answer would be?  (Assuming, of course, that the local talent has no connection to the spy other than a reputed knack for solving such puzzles.)

Let's take it one step further in the interest of similarity to the current case; assume the local talent developed and published the method used in the cipher, and as such, would be potentially harmed by developing a method to break it, especially since said method would have to be examined by the court. (Otherwise, he could simply tell them the message says whatever he wants them to believe, so it would be a gross miscarriage of justice to use the information without being able to verify the legitimacy of it.)

Link to comment
Share on other sites
unixknight

unixknight

Posted
  • Author
Posted

I'm not sure Andrew Jackson is exactly a good model for an analogy like this.  :P 

I have no doubt at all Jackson would have taken the side of the FBI in this one.  I'd be a lot more interested in what Jefferson would have had to say, since he was more of a Constitutional scholar AND one of the founding fathers.  (Admittedly the Louisiana Purchase was arguably unconstitutional, but still a better example than Jackson!)

Link to comment
Share on other sites
Guest MormonGator

Guest MormonGator

Posted
Posted
13 minutes ago, unixknight said:

.  I'd be a lot more interested in what Jefferson would have had to say

My thoughts totally. Well said.  

Link to comment
Share on other sites
NightSG

NightSG

Posted
Posted
2 hours ago, unixknight said:

I'm not sure Andrew Jackson is exactly a good model for an analogy like this.  :P 

Of course he is; he's dead, so you can't get him to disprove my claim.  :cool:

And yes, he did have his little issue with the Indians, (Who didn't at the time?) but we're assuming a spy from some culture he didn't consider essentially subhuman.

Link to comment
Share on other sites
Just_A_Guy

Just_A_Guy

Posted
Posted

I kind of agree in that I don't see what Jackson, specifically, has to do with this sort of thing.  But as for your hypothetical--to me, it seems difficult to visualize the framers being comfortable with a private citizen being pressed into service in that way.

 

Then again, these are some of the same folks who passed the Alien and Sedition Acts . . .

Link to comment
Share on other sites
Jojo Bags

Jojo Bags

Posted
Posted
On ‎2‎/‎23‎/‎2016 at 4:50 PM, kapikui said:

Interesting.  This would indicate one of two possibilities.  One, that the FBI is run by a bunch of morons.  and two, that the FBI doesn't  really care about what's on the phone, but wants this software for another reason.  Since it seems that the primary thing they want is a version of iOS that will let them make unlimited attempts to crack the pin, and utilities already exist to do that, moreover Apple almost certainly has most of what they've asked for already built.  After all, such things would be almost required for testing.  It seems that what the FBI is hoping for is some sort of precedent that will make it legal for them to force back doors into software. 

Well, a case could be made for both.

Link to comment
Share on other sites
unixknight

unixknight

Posted
  • Author
Posted

Congressional hearings on the matter.

This quote blew my mind:

“The logic of encryption will bring us to a place in the not too distant future where all of our conversations and all our papers and effects are entirely private,”

-FBI Director James Comey.

....like that would be a bad thing.

ARE YOU *#$*!@#!*( KIDDING ME?!?!?!?!?!?!  This yahoo is who we have running the FBI?!?!?!  This guy has a duty to uphold the law and he's whining about our ability, as private citizens, to safeguard our own privacy when the Government ignores the 4th Amendment.  Yes, Mr. Comey I realize that in a terrifying future we may well be in a position where we don't have to just take your word for it that you won't use the vast resources at your disposal to completely ignore our 4th Amendment rights.  How horrifying.

And then there's this mindless gem:

“We’re asking Apple to take the vicious guard dog away and let us pick the lock,” Comey said. “It’s not their job to watch out for public safety. That’s our job.”

This comment is completely idiotic because it is literally saying that only the FBI should be able to "protect" us.

Mr. Comey, you have failed in that regard miserably, because we're living in a time where the average American has more to fear from our own Government than we do from international terrorists.  You're just gonna have to cope with the fact that we'd rather handle our own safety,  thanks, and not continue to let thugs like yourself erode our freedom so you can play hero and grab more power.  It's bad enough we have already lost some of our liberties for nothing more than security theater.  You, and people like you, are EXACTLY the sort of threat George Orwell warned us about.

/rant

 

Link to comment
Share on other sites
  • 4 weeks later...
jerome1232

jerome1232

Posted
Posted (edited)

So let's all do a slow clap for the FBI.

*slow clap*

They broke into the phone themselves (well they hired a third party to do it)

I'm guessing they figured out how to clone the contents of the image and bruteforce the multiple images? Anyways another slow clap for them.

They really should share the method used with Apple though, what poor sports.

 

http://money.cnn.com/2016/03/28/news/companies/fbi-apple-iphone-case-cracked/index.html?sr=twCNN032816fbi-apple-iphone-case-cracked1017PMStoryPhoto&linkId=22802920

Edited by jerome1232
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing