Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 9 of 9

    Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

    This is a discussion on Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that within the General chat forums, part of the Community channel category; Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that Here's a clear, ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that
      Here's a clear, technical Q&A

      Water cooler Everyone is losing their mind over Apple being forced to help the FBI unlock an iPhone. Just what is going on?

      Relax, don't spill your almond milk latte. We'll make it crystal clear for you.

      The FBI wants to unlock an iPhone 5C belonging to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers in December in San Bernardino, California. The couple were killed by cops in a shootout soon after.

      The Feds want to break into his phone, but they don't know the passcode and the device will wipe itself after 10 wrong guesses. The handset – running either iOS 8 or 9 – has also encrypted its messages, photos and other data, and a valid code is needed to decrypt the files.

      So the agents went to court to force Apple to create a special build of iOS that, when loaded onto the phone, will allow the FBI to brute-force its way through all possible passcodes without the data being wiped. Eventually, they'll hit on the correct one and get into the phone.

      Magistrate Sheri Pym granted the order [PDF] on Tuesday. Apple has five business days to appeal.

      And Apple doesn't want to help?


      Apple CEO Tim Cook has written an open letter – really, a blog post – explaining why his company will refuse to craft a special iOS for the Feds. The Cupertino giant thinks it will set a bad legal precedent. It would also be terrible PR for Apple, which has repeatedly stated in recent months that it cares about protecting people's privacy and security.

      What is Apple being asked to do exactly?


      According to the order, Apple must create a signed firmware update that will only work on Farook's phone: identified by its unique serial numbers.

      The update will be loaded onto the phone, most likely during power-up via a USB cable, and will disable the auto-wiping feature in iOS plus remove any delays to the brute-forcing process.

      The mobile operating system introduces delays between PIN entry attempts, ramping up to an hour-long wait after the ninth incorrect passcode. The Feds don't want to enter thousands upon thousands of possible PINs at a rate of one an hour, and so they want this timing feature disabled.

      Apple fears this custom/mutant iOS will be used in future against other phones. But Apple is the only company in the world that can cryptographically sign the firmware, meaning if the FBI tried to modify the serial numbers in the code to break into another iPhone, the handset would rejected the tampered firmware. Also, the judge has said the custom firmware can remain on Apple property, so it is entirely possible for Apple to keep this weakened software out of g-men's hands.

      Wait, I thought iPhones are super secure – if Apple couldn't break into a locked iPhone, it would have said so, right?

      Right. Apple can do what the FBI is asking it to do but doesn't want to admit it. iPhones and iPads since the iPhone 5S, which was launched in September 2013, have a component in their processor called the Secure Enclave [PDF, page 7]. This enclave – a small microprocessor running an L4 microkernel – controls access to the keys used to decrypt files in a device among other functions.

      When you enter your passcode, the digits are used to gain access to the necessary decryption and encryption key from the enclave. No valid passcode, no valid key. The enclave also rate-limits the passcode guesses: it will wait an hour between attempts after the ninth wrong entry.

      So how can Apple possibly help?


      The iPhone 5C does not have that Secure Enclave. This is the crucial part. Therefore, the speed at which PINs can be guessed is controlled by iOS, a piece of software that Apple can change through a firmware update via a USB cable. A modified iOS can reduce this delay to 80ms – the time needed by the hardware to check if a passcode is correct – and allow the FBI to enter in a string of PINs at high speed from some external tool.

      All the technical info is here, provided by security researcher Dan Guido. He writes:

      I believe it is technically feasible for Apple to comply with all of the FBI’s requests in this case. On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry. In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone and perform all recovery on their own, without sharing the firmware image with the FBI.

      If the iPhone 5C had a Secure Enclave – like any newer iPhone with an A7 or better processor – the physical hardware of the device could slow down the unlocking process to the point where it would be impossible to brute-force your way through all possible combinations. (It may be possible for Apple to update the Secure Enclave firmware to switch off this delay, but Cupertino is keeping that close to its chest right now.)

      So Apple basically doesn't want to admit that it is possible to install a firmware update on a locked iPhone?


      Yes. Apple has been told to get its customized iOS onto Farook's iPhone 5C during boot-up without having to unlock it – and the company hasn't denied it can do that. According to iOS security guru Jonathan Zdziarski, it is entirely possible for Apple to install a firmware update on a locked device – an ability that may surprise some people:


      • Apple has firmware signing capabilities for all of their devices, and are the only ones in the world that can boot custom software without exploiting a device.
      • Firmware updates run as a RAM disk on iOS devices, which is similar to booting off of a USB stick.
      • Apple CAN write a custom RAM disk (as a “SIF”), sign it, and boot it on any iOS device from restore or DFU mode to run from memory.

      Chris Eng, veep of research, at infosec biz Veracode added:

      The issue here is not one of creating a backdoor; nor is the FBI asking for Apple to decrypt the data on the phone. They’re asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data. Such a solution would be useless if applied to any other phone.

      In the past Apple has complied with requests to, for example, bypass lock screens in aid of criminal investigations. It’s only in recent years that they’ve taken an ideological stance on consumer privacy. I believe Apple is taking this position less as a moral high ground and more as a competitive differentiator, betting that Google won’t do the same.

      Essentially, Apple can help cops break into your iPhone 5C, if they're holding the handset in their hands, but it just doesn't want to admit it.

      OK, so why is Apple going to war with the federal government over this?


      It's hard to know for certain, but some or all of the following points are likely good reasons:


      • As mentioned above, it doesn't want to admit that its phones can be updated even when locked, by simply connecting a USB cable to them. Sure, you're updating it with official Apple firmware – just in this case, the firmware is deliberately insecure.
      • Apple doesn't feel it can back down now that it has publicly stood up to law enforcement and politicians on matters of privacy and security.
      • It fears that agreeing to this request would set a dangerous precedent for future versions of iOS. You trust Apple with every update – and now Apple's being asked to demonstrate that it can quite easily create insecure versions of its software and release them.
      • It sees a strong defense of customer data as a key differentiator in the market.
      • It has been waiting for a test case and thinks it can win this one, possibly all the way up to the Supreme Court.
      • It is still angry about the Snowden revelations and wants to force the US government into the open over its surveillance of citizens.


      We've been standing by this water cooler for ages. It's lunchtime now!


      Let's grab a Sushirrito.


    2. Advertisement
    3. #2
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,355
      Thanks
      375
      Thanked 160 Times in 154 Posts
      Blog Entries
      1

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      From today's BBC Business Live page at 07:48...

      North America technology reporter, Dave Lee has written a useful article explaining what's going on in the battle between Apple and the FBI.
      Late yesterday, Apple received support from other technology companies in its stand against the FBI, which wants access to the iPhone of San Bernardino killer, Syed Farook.
      The Information Technology Industry Council (ITI), which represents Google, Samsung and Facebook, among others, said:

      "We worry about the broader implications both here and abroad of requiring technology companies to cooperate with governments to disable security features, or introduce security vulnerabilities into technologies. "
      Dave Lee's article is at http://www.bbc.co.uk/news/technology-35601035
      Last edited by speedyrite; 18-02-16 at 09:58 AM.
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    4. #3
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: MYHGT
      Broadband ISP: NOW Broadband
      Router: NOW TV Hub Two
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,355
      Thanks
      375
      Thanked 160 Times in 154 Posts
      Blog Entries
      1

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      And you can read RevK's comments here RevK's rants: Apple
      ++ speedyrite ... powered by NOW Broadband from June 2018 ++
      (previously powered by Sky Broadband from July 2007)

    5. #4
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      It's getting more interesting...


      US DoJ files motion to compel Apple to obey FBI iPhone crack order

      US DoJ files motion to compel Apple to obey FBI iPhone crack order
      Uncle Sam says Cupertino is only thinking about its marketing and PR image

      PDF The US Department of Justice has today filed a motion compelling Apple to comply with a court order to help the FBI break into a killer's iPhone.

      On Tuesday, a magistrate judge in central California granted an order filed by the Feds that requires Apple to produce a special build of iOS for San Bernardino murderer Syed Farook's smartphone. This custom firmware must allow the agents to guess Farook's passcode by brute-force, and thus unlock his device, without triggering an iOS feature that wipes the iPhone after 10 wrong PIN attempts.

      In December, Farook and his wife Tashfeen Malik were killed by cops after the couple shot dead 14 coworkers. It's believed the pair have possible links to terrorists abroad.

      According to the New York Times, Apple – which has assisted federal investigations in the past – asked the FBI to file the aforementioned order under seal.

      However, when the agency submitted its demands in a public court citing the powerful All Writs Act, Apple CEO Tim Cook hit the roof: he lashed out at the "chilling" request in an open letter, and claimed the case will set a dangerous legal precedent. The Cupertino giant, which isn't in a hurry to admit that it can reprogram a locked iOS device, intends to resist and appeal against the Cali court order.

      That hasn't gone down well with the US government.

      "Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this court's order, Apple has responded by publicly repudiating that order," DoJ prosecutors wrote in their motion [PDF] submitted today.

      "The order does not, as Apple's public statement alleges, require Apple to create or provide a 'back door' to every iPhone; it does not require Apple to 'hack [its] own users' or to 'decrypt' its phone; it does not give the government 'to reach into anyone else's device' without a warrant or court authorization; and it does not compromise the security of personal information.

      "Apple's current refusal to comply with the court's order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy."

      You have to give some credit to Cook, though: there will be serious ramifications if Apple is forced to create a custom build of its software that disables its own security mechanisms. What will the company be asked to create next? And for whom – China, Russia? And how exactly do you, under the US Constitution, force programmers to write software – has someone been watching Swordfish again? We shudder to think.

    6. #5
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      New York judge blocks FBI demand for Apple help to unlock iPhone

      New York judge blocks FBI demand for Apple help to unlock iPhone
      Not for that iPhone, but judge says All Writs Act FBI likes doesn't apply

      A New York magistrate has decided the All Writs Act isn't the right key to force the lock on a drug dealer's iPhone.

      While the decision has no direct impact on the FBI-versus-Apple case in the San Bernardino investigation, it's being celebrated by some as at least representing judicial opinion that there are limits to government powers in cases regarding extraction of data from devices.

      In the New York case, the feds have been asking Apple to unlock the iPhone of one Jun Feng, a suspected drug dealer, based on the arguments in the US All Writs Act (AWA). Feng has already entered a guilty plea and is due for sentencing in August.

      With Feng's phone in hand but no way to unlock it, the FBI and the Drug Enforcement Agency wanted a New York magistrate – Judge James Orenstein – to use the AWA to grant access to the device.

      Judge Orenstein has nixed the idea, at least in his jurisdiction, on the grounds that the act can't be used to force Apple to manipulate its products. In his ruling on Monday, [PDF], the judge wrote:

      The implications of the government’s position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results.

      He added that to give the FBI and DEA what they wanted could end up with such a great expansion of government powers, it would put the AWA's constitutionality in doubt.

      The judge added that since Apple has no responsibility for Feng's wrongdoing, he could not justify "imposing on Apple the obligation to assist the government's investigation against its will."

      Because the US government has decided that backdoors are a hill worth dying on – especially in the San Bernardino case, where it reckons dead terrorist Syed Farook will be even more dead if it can open the phone – it's going to appeal the New York decision.
      Comment: Is this a good result? Yes and no. Sure a criminal has gone to the grave with secrets which could help to uncover others. However if they had pushed through, then private information help on the phones of others could have become open to many more people than just the FBI.

    7. #6
      lettice's Avatar
      lettice is offline Sky User Member
      Exchange: 0.4 mile away and cabinet 350 yards
      Broadband ISP: Sky Fibre Max
      Router: ER110UK Sky Q hub
      Sky TV: SkyQ2tb + minis
      Join Date
      Jun 2011
      Location
      England
      Posts
      2,035
      Thanks
      12
      Thanked 191 Times in 182 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      The only thing I see as any positive on this is the lawyers are loving it.

    8. #7
      BurnIT's Avatar
      BurnIT is offline Sky User Member
      Exchange: 01827
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Mar 2012
      Location
      Polesworth
      Posts
      239
      Thanks
      5
      Thanked 3 Times in 3 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      The only thing in danger here is the future of secrecy of ANY sort, and the governments of the world should be very, very, afraid.

    9. #8
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,200
      Thanks
      842
      Thanked 2,223 Times in 2,092 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      Well things continue to get interesting...

      Amazon stops encryption on Fire tablets, leaving data vulnerable to attack

      http://www.theguardian.com/technolog...tion-user-data
      In a rare step away from increased security around personal data, Amazon confirms its latest operating system will no longer encrypt its customers’ data

      Amazon
      has quietly removed the ability to encrypt data stored on its Fire tablets, streaming media devices and Kindle e-readers with the latest update to the Fire OS operating software.

      The change, which has been confirmed by Amazon, could make private documents, financial data and other sensitive information vulnerable to attack.

      Previous versions of Amazon’s operating system allowed consumers to encrypt their device’s storage, and the Android platform on top of which Fire OS is built also supports full-disk encryption by default. The latest update to the operating system, by contrast, tells users to save their data or wait to install the new Fire OS...
      Apple backed by more online giants in FBI iPhone unlock battle

      http://www.bbc.co.uk/news/business-35722996
      More of the biggest names in tech - including eBay, Google and Amazon have joined Twitter and AirBnB in backing Apple in its court battle with the FBI.

      The FBI has a court order demanding Apple helps unlock an iPhone used by the gunman behind the San Bernardino terror attack, Syed Rizwan Farook.

      Farook and his wife killed 14 people in the California city last December before police fatally shot them.

      Family members of some victims have backed the FBI's order.

      Two groups of tech giants have now filed an amicus brief, which allows parties not directly involved in a court case, but who feel they are affected by it, to give their view.

      Apple has appealed against the court order, arguing that it should not be forced to weaken the security of its own products.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    10. #9
      BurnIT's Avatar
      BurnIT is offline Sky User Member
      Exchange: 01827
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Mar 2012
      Location
      Polesworth
      Posts
      239
      Thanks
      5
      Thanked 3 Times in 3 Posts

      Re: Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

      Well that is just the cowards way out.
      However there is nothing to stop individuals from encrypting data - though that will be a software encryption not hardware, so will be easier to crack.

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION