Posted on 03/10/2016 5:50:32 PM PST by Nachum
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Try smashing it in a quality vise. I like a Gibraltar.
Not on an iPhone. . . and probably not on the better quality Android or Windows phones.
I use small Post-It notes. Easily removable when necessary. Am I paranoid? With the current regime, yes.
Lol!
Yup, I stand corrected, that would make it secure :-)
“The government is asking (or demanding) that Apple write software that currently does not exist.”
This, of course, implies that someone can write some software that can break Apple’s password lockout feature.
While I’m sure that it would be much more difficult without Apple’s help, it means that all someone needs is a good hacker with familiarity with Apple’s codes. That certainly puts a lie to Apple’s claim that if they do it, then everyone’s phone is at risk, when everyone’s phone is NOW at risk.
Apple just doesn’t want to do it.
Frankly, Bobalu, you do not know what you are talking about. The recovery of what you are talking about is literally impossible with out destroying what you need to get. Even getting it gets you nothing useable because the passcode is not stored on the device.
There are random numbers already being used. The user has to provide his passcode, which is not on the device, which is also part of the unlocking key to device,. . . and it is also part of the complex key which was used to encrypt the data on the Flash drive. Along with a unique ID etched into a secure unreadable area of the device, a Group ID, and the random generated numbers which were generated when the user first put in his passcode, all of which are located in a Secure Enclave that cannot be read by either the data processor or any apps, external test sensors, or probes. The utilizing the user's passcode, an algorithm inside the unreadable Secure Enclave, using all the UID, GID, the hidden stored random numbers, the entangled complex key is recalculated each time to unlock the device.
If you could NOT utilize all of that on the device, you'd be forced to try and brute force decryption of the data on the Flash drive by trying every possible key. The smallest key is 132 characters. . . Using the fastest supercomputer we can build today, that would take you a mere 5.62 undecillion years (5.62 X 10195 years to try every key. Of course if you were very, very, very, very lucky, you might hit on the right key in the first trillion years or so.
If you think you can go in and read the data by electron microscope, you have another think coming. First of all, Apple has not made that so easy. The data is inside a secure chip that is a multilevel processor, getting to the memory locations is a destructive process. You not only have to get the burnt in UID and the GID, and the stored random numbers, you have to extract three algorithms from the silicon. One that creates the one-way hash and stores it in the Secure Enclave and then compares it each time a new passcode is entered, giving a go, no go, based on the test of whether it passes or not. Another one that entangles the user passcode, UID, GID, and the random number to construct the 256 bit AES encryption key. And the final one that does the encryption/decryption routines. These have to be extracted because the dedicated processor chip will not survive the extraction process and the whole system is designed to require the decryption be done on the iOS device.
Now, once you've extracted all that, you still have a problem. You cannot derive the user's passcode from merely having the one-way hash. That's why it was imperative you also extracted the algorithm that created the one-way hash. You'll have to run every possible passcode through the algorithm and build a data base of hashes and then compare them to the one you extracted to find the one you must have to use with the AES KEY building algorithm.
By the way, the electron microscope method is not 100% accurate in extracting data. . . it's about 90% or so. That may be good enough for data that you can interpret the rest of the data, but it's NOT good enough for hashes, or random numbers, or UIDs that must be accurate. You only get one chance at each try. . . because playing an electron beam over volatile memory locations has a tendency to scramble the data.
That's a real thigh slapper, Secret Agent Man. The week the FBI requested this Court Order a 14 year old kid penetrated their security and grabbed all their employee records, including home addresses and current agent locations, including current undercover agents locations. Those kind of secrets?
Or perhaps the secrets like the ones on Hillary's server that we know was hacked by numerous outside actors?
Or how about the 16 year old kid who was just arrested last month for hacking the CIA director?
There have been no warrant-less searches in the Apple case. Apple is simply trying to protect its “holier than thou image.”
They are not representing other Apple owners, as they have no power of attorney to do so.
Also. the owner of the iPhone, the local government, (remember, it was the perp’s work phone) has already given their OK.
If Apple says creating of this tool will lead to abuse, can’t they control their own employees? And it was so easy, why haven’t hackers done it already?
If Apple says this tool will lead to abuse, I have the tools to commit both armed robbery and rape, but chose to do neither.
No, it's not a lie. Apple has the technical expertise to write an entire new iOS that can do it by bypassing all the built-in safeguards, including knowing the way to install said new iOS on an iPhone that is designed to prevent installing a bogus operating system. That doesn't mean that Joe Blow hacker can do the same thing. Apple estimates it would take approximately 6 to 10 engineers with a lead engineer, plus at least one document specialist to write down everything being done, and a hardware specialist, from three weeks to a month of work to do it, before they could even start testing the new FBiOS on multiple other iPhones before risking installing it on the target iPhone in question to be assured they would not destroy the data the FBI is after.
Another problem is that once done, if something is found on that iPhone that results in an arrest and trial, the defense is entitled to discovery about the methods used to unlock the subject iPhone including allowing their own IT specialists to go over the code to assure it was not used to plant the evidence. This has happened before and no matter what assurances of seal, secrecy, etc., were given, the privacy and security DOES NOT SURVIVE the discovery process. In the past, the IT specialist kept a copy, gave said copy to a few friends who he though would find it "interesting" who of course gave copies to their friends. The defense attorney though it would be useful to keep a copy as well. . .
One case from several years ago comes to mind. RIM Blackberry, kept their system very secure. The police came to them with a quandary. A child molester had all the evidence on his Blackberry and they wanted to get into it to retrieve the thousands of kiddie porn including photos of his victims. Blackberry agreed only on the assurances that the crack would be immediately destroyed after the police opened the phone. The police got their evidence but at trial, the defense demanded a copy for discovery purposes. See above what happened. After the trial, the press filed a Freedom of Information demand on the Judge and idiot judge decided that promises to RIM were trumped by the people's right to know, and allowed the PRESS to have copies. . . Bye Bye security of RIM until they came up with an entirely new means of security.
It's not a matter of controlling Apple's own employees, Strac6. The Court Order says Apple is to provide the software to the FBI. It's like being only 1% pregnant. Something is secure or it isn't. Apple doesn't say it is "easy." In fact, they say it is very difficult to do.
So, you have the tools to commit armed robbery and murder but don't. How many armed robberies and murders happened just last week, Strac6? Providing the tool is dangerous and the way to make sure it never happens is to never make it. That way the people who aren't YOU and don't have your admirable restraint, such as FBI director Comey, who says he has a lot of iPhones that are not involved in terrorism he wants to unlock, or the DA of New York who is just salivating about this, or the director of the NSA, won't use it either.
Windows 10 has a slide switch that is in the ON position that allows 3rd parties to turn on the camera to watch you. You turn it OFF and Microsoft, after another update will “accidentally” turn it back ON. they already have done this so expect more “accidents”.
No, I will blame it on the government that allowed the terrorists into the country in the first place.
Got it. Thanks for an explanation that’s better than any other I’ve read.
Yep and a simple piece of tape over the lens for now will work on the camera.
And for the mic. Give me a break these POS if not held just right will not pick up crap when talking on the phone. Heck, standing in a 10 mph wind and a conversation is lost
Here again, anything sensitive to talk about just apply tape, play music or run water to drown out anything the mic would pick up.
LOL. These were lost a long time ago when we stopped standing up for them.
Flip Phones
I say what the govt is doing will lead to abuse. Every other time we’ve given this kind of power to the govt they’ve abused it.
I applaud apple for their stance buts it really immaterial to the issue.
Thanks Swordmaker.
Are you comfortable with the idea of the Federal Government compelling corporations to create things out of whole cloth? And why not just hire a “good hacker” if this is supposedly so easy?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.