Posted on 03/30/2016 4:20:27 PM PDT by Swordmaker
The battle between the FBI and Apple ended on Monday with no clear winner, according to The New York Times. Not so. The clear winner is the American people, and the clear loser is Apple.
The FBI had requested Apples help in unlocking a cell phone used by the San Bernardino killers--Apple refused. The Justice Department took the dispute to court, arguing that a search warrant required Apple to program a backdoor into Syed Farooks password- protected iPhone5. A judge initially decided in favor of the government, but Apple appealed the ruling; the case was expected to end up at the Supreme Court.
Monday, everything changed when the FBI announced it had gained access to Farooks phone and didnt need Apples help after all. Several issues in the case remain unresolved, but for the moment, the Justice Department has the information it sought.
Apple, on the other hand, looks foolish. Now we know that their much-vaunted privacy settings are not so private after all. By literally making a federal case out of its refusal to comply with the government, Apple CEO Tim Cook meant to show the world that his company was willing to buck the system to protect customer security. Instead, the world has learned that iPhone passwords can be hacked.
(Excerpt) Read more at finance.yahoo.com ...
Anything Apple builds can be hacked and entered into. The Israelis have shown the way. Apple is getting better and the hackers are getting better than them. I can see how the FBI along with the NSA along with outside Israeli contractors break into a terrorists iphone five years from now. This will be done via a combination of hardware modifications, chip replacements and software hacks plus other techniques not yet imagined. Factor in always newer and always state of the art NSA supercomputers that are designed/built/programmed for only one purpose. To break encryptions.
Apple is a joke and cannot compete on this level.
The 5c which was hacked on this case and the subsequent models are significantly different in their respective approaches to security. It took hiring an internationally established forensics company and paying them a good bit of money to break a device with outdated technology.
Which one, and how "fixed" are they?
If you mean iOS 9.3, then not quite - iPad bricked by iOS 9.3?, Reg, by Shaun Nichols, 2016 March 24 :
We asked Reg readers if they had experienced this problem, and the responses came pouring in, along with tips for workarounds that at least let you use your iPad until Apple can come up with a fix. So, we've decided to share our collection of reader horror stories in the hopes that, should your iPad 2 be stricken by this malady, you can take some comfort in knowing that you're not alone. ..... < snip > ..... Apple has finally published a couple of suggested fixes if you get stuck installing iOS 9.3. It's also suspended downloads of the new OS for older iThings until it's sorted out the problems at its end. Earlier this week, word broke of a bug in Apple's iOS 9.3 update that was leaving some iPad 2 tablets unable to function.
The latest one is more fun / serious (depending on how you look at it) - Apple's fruitless rootless security broken by code that fits in a tweet, Reg, by Chris Williams, 2016 March 30 :
The Cupertino goliath fixed an exploitable bug in its rootless code in the latest round of patches for Macs and iThings. But that's the not the end of the story, we're told. Apple's rootless design, aka System Integrity Protection (SIP), marks sensitive directories in the computer's file system as being off-limits even to the root user. Normally, on Unix-flavored OSes, root is all powerful and can do whatever it likes. Well, Apple hates that idea: it means malware with elevated privileges or a clumsy user can infect or trash vital executables and other files. On OS X El Capitan, root is no longer allowed to rule the roost and take over all aspects of the computer. The way SIP works is simple: mark /System, /bin, /sbin and /usr except /usr/local with a special flag that means only programs with a particular attribute can modify files in those directories. And very few programs the software update tool being one of them are given this special com.apple.rootless permission to access SIP-guarded folders. A shell running as root certainly doesn't have it. There are other restrictions imposed by SIP, such as limiting the debugging of certain apps and the blocking of certain kernel extensions from being loaded. Earlier this month, Apple squashed a logic bug in SIP found by SentinelOne researcher Pedro Vilaça. It could be exploited by software already running on a Mac to bypass Apple's SIP defenses, rendering the safeguards useless. Vilaça demonstrated at the SyScan360 2016 conference the design weakness using GDB to modify and create files in /System as a normal root user. However, flaws within SIP remain. One problem is that just like bugs lingered in root-owned setuid binaries that were exploited by hackers, flaws present in SIP-entitled programs can be abused, too. ..... < snip > Apple's much-hyped rootless security mechanism in OS X can be evaded even in the latest version of the operating system, according to a top researcher.
Looks like Tim Cook picked the wrong fight with the wrong people at the wrong time. He could have handled things very quietly, just like he did before, and just like he is and will be doing with China they can squeeze Apple in Chinese market and with Chinese manufacturing and materials (e.g., Hon Hai / Foxconn and some parts suppliers) much easier than the U.S. can with Huawei, Xiaomi or ZTE, for example instead of going "full Snowden" on the phony "privacy" and "encryption backdoor" pretext.
All I’m hearing is small ball for a company that size.
Me Too lives on.
After jumping the shark with U2 it’s been a steady slide.
We quickly forget they are demanding the FBI tell them what was done? How ludicrous, the icing on the cake.
The only people I hear saying that Apple has maintained their products can’t be hacked or have zero security holes are people who have an axe to grind with Apple.
Apple certainly doesn’t say their products can’t be hacked.
Any computer user who understands computers whether Mac, PC, Unix, or any other platform knows that all computers can be hacked, and that the only completely secure computer is one that is locked in a secure room with no network connections...and even then.
Anybody who states that Apple has said their products can’t be hacked is a blithering idiot, because they never have. And there are plenty of blithering idiots, including many right here on FR.
But, as I said in another post, there are a lot of people (not saying you, personally) who have some kind of irrational complex about Apple products and puzzingly, seem to take it so personally that they are fully willing to side with the likes of the Obama Administration, the FBI, the IRS, or anyone else regardless of how untrustworthy they are if it means taking a piece of flesh out of Apple.
Talk about cutting off a nose to spite a face.
Yes, the iOS 9.3 problem has been fixed. Apple has been pushed out that fixes the problem with the earlier iPads and some iPhones. . . it even fixes the link problem in Safari. Sorry, you are wrong. If you note, your article was dated a week ago.
As for the exploit that can fit in a Tweet, it requires physical possession of the computer and several complex other vulnerabilities to work. That required gaining access to some Apple signed software (note it said it worked by using software running on Macs already!) which is not such an easy thing to do. Your article dated yesterday on this was discussing a conference that occurred last week. It's old news already covered on FR.
I mean one issue after another. A company with those resources should be able to get the little things right.
Instead of rigorous testing on what few hardware platforms they have, they have applefans who copy paste selected techincal verbage as their own and call other people stupid, ignorant re-re’s.
“This is not a certainty at all. How do we know the FBI didn’t simply remember the password they had changed after seizing the phone? I wouldn’t expect them to tell the public the truth about how they accessed it. “
I wouldn’t trust the FBI to tell us the truth no matter what has happened. From what I’ve read, the FBI was about to loose the court fight with Apple. So it could be that all of this commentary about “how the FBI doesn’t need Apple’s help any longer” could also be a lie as an attempt to blunt the truth about the their litigation failure. They would never want it known publically that they were about to loose in court.
“Now the feds are in control of the hacking. The feds did the hacking and Apple has no part of it.”
So I take it that you believe everything your government tells you? Have you been visited by the “tooth fairy” lately?
“Have you been visited by the tooth fairy lately?”
No, but the Idiot FReeper Fairy came by and said something stupid.
Go attack someone else, Fairy.
The dumbing down of America continues.
“(I assume most FBI people are relatively ethical) “
That’s your first mistake! You can’t lie to them, but they can lie to you ( or anyone else for that matter). Most judges, afterall, are simply poorly quaified ex-lawyers who couldn’t make a living in private practice, and who wanted to be able to use their middle names in public. I have been in court a few times as a juror and once as a litigant, and my personal experience is that most judges are dumb $hits.
“Apparently some prefer the rule of men over the rule of law. That makes them LIBERALS. If the shoe fits, wear it. . . and vote accordingly. “
Excellent Post!!!! It’s amazing to me just how many here on FR are so willing to give up their privacy to a government that will use it against them. This isn’t about a couple of rag head murderers, it’s about our freedom as a society. If our government would enforce or immigration laws, we would never have had all this nonsense about code breaking an old iPhone. Fighting the “war on terror” doesn’t mean forefeiting our individual rights.
Lying to suspects is an accepted tool of law enforcement. They aren't allowed to do it under oath, and they aren't allowed to lie to judges.
Most judges, afterall, are simply poorly quaified ex-lawyers who couldnt make a living in private practice, and who wanted to be able to use their middle names in public. I have been in court a few times as a juror and once as a litigant, and my personal experience is that most judges are dumb $hits.
No argument there. That conforms to my own experience as well. Not all, of course, but many judges are just ignorant and dumb.
“Not all, of course, but many judges are just ignorant and dumb.”
Yes, but in a lot of places judges don’t even have to be lawyers. I know years ago when I was a kid, my best friend’s father was a Municipal Traffic Judge in Berkeley, CA even though he was also an alcoholic, and never had an ounce of legal training. And I know for a fact that Justices of the Peace in Nevada are just people who paid off some officials for their jobs and they make tons of money “officiating at weddings.”
Yes, the legal system is in a sorry state.
Feds claimed that they were clueless about getting into the phone.
Had to hire pros to hack the phone.
Feds are the losers here, not Apple.
So some losers were able to hack into the phone while Apple claimed they couldn’t. Apple is the loser; the liars, really.
Enterprises the world over are at risk from a seamless new attack that allows the latest Apple devices to be quietly compromised in what researchers say requires a total overhaul of Cupertino's enterprise provisioning architecture for mobile device management. The unpatched hack dubbed SideStepper and crafted by Israel-based Check Point hackers Ohad Bobrov and Avi Bashan begins with a near-perfect phishing attack targeted at staff, and ends with complete compromise of fully updated iOS devices running version 9.2. It takes advantage of Apple's newly streamlined enterprise provisioning architecture, which allows tech shops to install non-App Store applications on staff handsets. Mobile device management of Apple devices is a system used by almost all Fortune 100 companies and scores more enterprises. Almost all are at risk of the attack, the pair told The Register. Apple's upgrade means attackers need only send an SMS to trick staff into accepting a legitimate-looking request to install a configuration file for attackers to have remote man-in-the-middle access. From there, attackers can install applications that will quietly eviscerate Apple devices. ..... < snip > ..... Apple has been contacted for comment. However, the pair say they informed the tech giant of their research, and Apple labeled it "a feature, not a bug." The pair say the attack is cleaner and more deadly than any that have come before, and is explicitly thanks to Apple borking its enterprise provisioning service. ..... < snip > ..... "Apple tried to solve the problem but actually made it worse, because now it is even easier to infect a mobile device." ..... < snip > ..... Bobrov and Bashan are already working on further iOS vulnerability and exploitation research. They also have Android in their sights. ..... < snip > Clicking 'OK' to ordinary and expected phishing prompt enough for complete iPhone compromise.
"And now for something completely different..."
From US asked Google to unlock phones 9 times since 2012 - CNBC, by Arjun Kharpal, 2016 March 31 :
The American Civil Liberties Union (ACLU) found 63 cases where the government had used the 1789 All Writs Act to ask Apple and Google help unlock data on phones. While the majority of these cases across the U.S. involved Apple, there were nine instances where Google was asked by law authorities for help. ..... < snip > ..... law enforcement has been asking tech companies for help for eight years. It appears the firms have been willing to help law enforcement too. Prosecutors have said that Apple has helped unlock phones 70 times since 2008. The uncovering of the 63 cases however is the first major look at government requests to Google, which owns the Android operating system installed on the majority of the world's smartphones. ..... < snip > ..... While Apple has been known to comply with such requests in the past, the latest battle with the government was a step too far for the technology giant. ..... < snip > ..... Most of the orders related to drug cases in which officers were trying to access devices of people who were in possession of drugs. Warrants requesting help from Google were filed in Oregon, California, New Mexico, North Dakota, South Dakota, Alabama and North Carolina. Fresh off the back of the tussles between U.S. law enforcement and Apple, new research has revealed that search giant Google has been asked several times since 2012 to help unlock Android phones.
Sometimes "quiet is good," but I guess this time it was not a "bug" [up their @ss], it was a "feature" it was about terrorism, not drug-related?
Apple has really dropped the ball in the software department.
It’s been one disaster after another. ‘It just works’ should be replaced by it just Bricks’.
I just upgraded my 5S to 9.3.1 skipping 9.3.0. It immediately prompted me for my Apple Password. I use a password manager because it is complex. Could I get to my password manager? No. Did I know, or was I advised I of a new requirement of needing a password right off the bat? No. Fortunately .1 lets you defer the password, I guess .0 doesn’t. On top of that my Win10 iTunes had to be re-installed and the USB driver didn’t install properly.
This is exactly the kind of stuff that gets Apple in trouble.
Software is all about attention to the smallest details, and Apple is blowing it in the details department.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.