Donald Trump Calls on Apple to 'Step Up to the Plate' and Unlock iPhones Used by Florida Mass Shooter

MacRumors ^ | 1/14/1920 | Forum

[House Atreides]

Apple previously said that it had provided all of the information in its possession (such as iCloud backups) to the FBI earlier in the month after the FBI asked for assistance obtaining the shooter's data. Law enforcement officials are not satisfied with the iCloud data, however, and want Apple to provide a way to unlock the shooter's iPhones, which is not possible without a backdoor into the software.

After Barr's request, Apple issued another statement and provided further detail on the data that has been provided, as well as once again stating that there is "no such thing as a backdoor just for the good guys." Apple's full response to Barr that ultimately triggered Trump's tweet is below:

[House Atreides]

Much more at linked site for those who are interested, IMHO, it’s clear that the FBI staffers handling the investigation of the iPhones are complete idiots. And they hide their idiocy and incompetence from those higher up.

[House Atreides]

FYI ping.

[Dalberg-Acton]

Does this mean Apple devices have a “back door”?

[AnotherUnixGeek]

Trump of all people should realize how easily the FBI can and will abuse any authority given to it. Apple should not have the ability to unlock the security on its devices, let alone a corrupt organization which employs people like James Comey, Peter Strzok and Lisa Page.

[Drago]

PDJT needs better tech advisors....there is no “backdoor” for Apple to unlock iPhones. And Apple should not make such a backdoor. The encryption fight is going to be heating up in Congress soon I would imagine.

[Lurkinanloomin]

Apple issued another statement and provided further detail on the data that has been provided, as well as once again stating that there is “no such thing as a backdoor just for the good guys.”

Apple says no, again.

[glorgau]

I’ve read the Apple Security White Papers. They’ve done a pretty good job at ensuring privacy. It’s definitely not in the company’s interest to make an insecure product. Got to wonder though, how they are operating in China?

[Gene Eric]

No back door? Do you know each of the encryption methods being used on the perps phones?

Have you ever received advertisements related to your recent conversations?

[FreedomPoster]

The last I looked, you could run mobile device management (MDM) software on iPhones that gave the central controller quite a lot of power over the device. Perhaps China requires such software on all iPhones sold in China?

[IndispensableDestiny]

Apple strives to make devices that they themselves cannot break into. It started with the iPhone and is now in the iPad, Watch, and some of their computers. Recent breaks were possible through flaws in the iOS, that Apple promptly fixed. If you read and understand Apple’s security overview, the newer phones are closer to Apple having no access.

Previous phones with the “secure enclave” had their unique identity (UID) key burned into silicon during manufacturing without leaving a record. Because the UID was immutable, it was conceivable that the iOS could be replaced with a specially crafted version containing weakened security.

The UID is the source key for all subsequent encryption, leaving it possible to get at data after replacing the iOS. Now the UID is generated by the iOS upon its first start. That makes it trickier to replace the iOS without changing the UID key. If that key is lost, all the data remains forever inaccessible.

[JudgemAll]

Trump is a bit naive here. There is no such thing as government as usual, but democrats taking over government while masquerading as legitimate authority. He would be giving an iphone backdoor for democrats to spy and harass his family and friends that supported him.

[JudgemAll]

Time to work those bitcoin encryption magic into devices.

[Swordmaker]

An encryption with a backdoor known by anybody is not secure. That is just a fact of life. Every single encryption that has had such a back way in has been compromised by the bad guys. Just knowing one exists guarantees they will find it, either by dint of exertion or coercion, it will be compromised.

Apple uses 256bit Advanced Encryption Standard which has but a single key to unlock any data which is so encrypted. Using all the computing power currently available on Earth, it would take 156 times longer than the universe has existed to try just half the possible keys for just one Apple iPhone by brute force! A mathematician calculated the energy required to run the computers to crack just one 256bit AES encryption would exceed the energy available in the universe when entropy was considered in the calculation. . . and that was based on trying two billion keys per second. . . and, no, a really really fast Quantum computer wouldn’t improve things, not at these scales of time. —PING!

Much as I like and revere President Trump, there are some things that just cannot be done. Changing the laws of math is one of them. Apple can’t do it unless they have some clue about the terrorist’s AppleID and passcode. Then they may be able to help. If not, then the law of large numbers is going to block Apple just as much as it does the FBI and the NSA.

Apple Security Ping PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

[Gene Eric]

One of the issues concerns the symmetric key used to gain access to the asymmetric private key providing the advanced protection on the device. The private key is on the device. And the private key doesn’t necessarily need to be password protected by a thumbprint or 6 digit code. I can definitely see the case where the private key is also encrypted in a secondary store using a complex factory method. The private key may also be stored off the device to gain access to iCloud data should it be necessary. Many ways for Apple to skin the cat.

[Swordmaker]

No back door? Do you know each of the encryption methods being used on the perps phones?

I do. There are two phones, both iPhones, both of which have Apple’s built-in the hardware, state-of-the-art, 256bit Advanced Encryption Standard (AES) Encryption applied to all data on the devices. And yes, there is no back door, not the way iOS devices are designed.

Only the user knows the unlocking passcode which starts the rebuilding of the actual 256bit AES encryption key. That passcode is not even stored on the device it unlocks. Instead, when the user enters his passcode, a secretly stored, unknown randomly selected at manufacture algorithm takes that entered passcode and creates a one-way hash, compares the result to a hash that was stored in the device’s Secure Enclave when the user first created his passcode. If they match, the iOS device is unlocked and the Encryption Engine using another randomly selected algorithm then uses the stored hash and four other stored pieces of data (one of which was randomly created when the hash was first created using environmental factors) to re-construct the actual unknowable 256bit AES encryption key, which is never, ever stored on the device, or sent outside the Encryption Engine processor inside the Secure Enclave which itself exists inside the Apple A12 or A13 Bionic SoC IC Processor.

Without that user passcode being accurately entered, and you only get a maximum of ten attempts to get it right, with increasing wait timeouts after the first three, the iPhone is either bricked, or the data is permanently erased, depending on what the user decided should happen when someone tried to break into his device.

[angmo]

Get a warrant and serve it to Facebook for the Whatsapp info.

This is Barr being a useless dickhead. Go get Hillary’s phone and ask Apple to break into it or stfu Barr.

[Swordmaker]

The last I looked, you could run mobile device management (MDM) software on iPhones that gave the central controller quite a lot of power over the device. Perhaps China requires such software on all iPhones sold in China?

The Central Controller, and evening the main data processor on Apple iOS devices cannot access the Secure Enclave. That area can only be reached by a dedicated Encryption Engine Processor. It’s my understanding, that the iPhones sold in China have crippled security on them due to Chinese government laws. This is handled in software. From what I’ve heard, all data on mobile devices in China are required to be backed up daily (if not more frequently) to their cloud servers which are all owned by the Chinese government. If it goes on your phone, it goes on the cloud server.

You may recall the hoopla when Apple was accused of moving iCloud to China and turning the Encryption keys over to the Chinese government? That was when the Chinese government passed these new laws. Apple kept the iCloud encryption keys in their Chinese offices, but the iCloud user data had to be moved to Chinese servers or Apple iCloud users moved to non-iCloud servers. Apple chose to keep serving their customers, but they had to change the iCloud backup software. They do, also, have to honor the Chinese search warrants. Apple still maintain possession of the iCloud China encryption keys.

Ostensibly, those backed up data are only available to the government via legal search warrants (wink, wink), but in China, police and courts work together. Warrants are very easy to obtain. Therefore searching devices is really unnecessary. The data is on the cloud servers. There is no expectation of privacy in China. Again, from what I hear, businesses who want confidential communication in China, they use a system of trusted messenger runners, no phone messages at all. Routine business is ok on the phones, but . . .

[StAnDeliver]

"Does this mean Apple devices have a “back door”?"

No it means there are clever ways of brute forcing. Grayshift can still break any iOS up to 12.

If this raghead islime was using iCloud, then Cellebrite can probably break into it.

[StAnDeliver]

iSlime was unlikely to have had a password that escaped the first likely 1000 passes for an iSlime from Saud. Not exactly 'think out of the box' types.

Mentioned previously, the House of Saud only sends either royals or top 'businessmen' sons to aviation school. Note that the AP said the Saudi's even paid for iSlimes gun training, which he picked up in an Air Force military sales training course.

[Swordmaker]

One of the issues concerns the symmetric key used to gain access to the asymmetric private key providing the advanced protection on the device. The private key is on the device. And the private key doesn’t necessarily need to be password protected by a thumbprint or 6 digit code. I can definitely see the case where the private key is also encrypted in a secondary store using a complex factory method. The private key may also be stored off the device to gain access to iCloud data should it be necessary. Many ways for Apple to skin the cat.

But, you see, the user’s private key is simply not stored on the device. That was a glaring flaw in Samsung’s vaunted Knox encryption system; the user key was stored in an easily locatable, unencrypted library in clear text! Apple instead uses a one-way mathematical representation of that private key stored instead in a randomized location in the Secure Enclave EPROM which is accessible only by the dedicated Encryption Engine Processor. This stored mathematical key representation, which even if you could find it, and had it in hand, being one-way, it cannot be used to reverse engineer the user’s private key.

When the user enters his private key, the Encryption Engine processor, using the same algorithm, regenerates that mathematical representation and compares its new version with the original version stored in the Secure Enclave EPROM. If they match, all is well, the device gets unlocked and the full 256bit AES key is constructed. If they don’t, the user is given another chance to enter his private key, a counter is incremented, and the process is repeated.

Perhaps if Apple were to design its devices so they did have an assymetric unlock system based as you describe, then they could have a system where authorities could provide a device serial number and Apple could provide the unlocking asymmetric unlocking key, different from the user’s key. However, every single time such access has been available, especially when humans are in the mix, corruption allows the system to be compromised. Such back doors are not secure.

How secure is such a system when the holder of those keys is susceptible to blackmail, extortion, kidnapping, or bribery? How about the computer system that contains those data? Secure? Hackable? You bet that they’d be trying and likely succeeding. As one who lost money due to the Equifax breech, I won’t hold my breath. Sorry, Security is not binary. It either is or it isn’t.