Posted on 01/14/2020 8:46:59 PM PST by House Atreides
Apple previously said that it had provided all of the information in its possession (such as iCloud backups) to the FBI earlier in the month after the FBI asked for assistance obtaining the shooter's data. Law enforcement officials are not satisfied with the iCloud data, however, and want Apple to provide a way to unlock the shooter's iPhones, which is not possible without a backdoor into the software.
After Barr's request, Apple issued another statement and provided further detail on the data that has been provided, as well as once again stating that there is "no such thing as a backdoor just for the good guys." Apple's full response to Barr that ultimately triggered Trump's tweet is below:
(Excerpt) Read more at forums.macrumors.com ...
Perhaps you could re-explain for us iPhone and Mac users what is and what isn’t protected by passwords on our iPhones and Mac.
Especially those files that are shared in iCloud (which I think Apple can get at?) vs those stored only on the iPhone or on a Mac.
(off the top of my head, iOS Notes is the only Apple-made iOS app that actually gives the user the choice to store certain notes only on the phone vs shared on the phone and Mac via the icloud account.
If Apple is concerned with this technology being misused. Why can’t they send someone over to unlock it/or whatever they call it? That way the FBI has access and Apple can protect their program.
“ Have you ever received advertisements related to your recent conversations?”
Creepy isn’t it?
“Got to wonder though, how they are operating in China?”
On their knees with their pants down and their mouth open. China controls apple’s China icloud. Apps are pulled at the whim of the Chicomms.
Agree ...
No, there are caveats on both GreyKey’s, and Cellebrite’s brute force iOS system. First of all, neither of them can touch an iPhone with an up-to-date iOS installed. That means any iPhone that can accept iOS 13 or higher is invulnerable to both systems, but you did mention "break up to 12".
One piece of good news there is 55% of iPhone users worldwide are on iOS 13 or higher. In the US it’s about 75%. So, if your iPhone can use iOS 13, upgrade.
The other caveat is that both GreyKey and Cellebrite are still brute force systems that must use the device’s own system. They have just found a vulnerability that lets them turn off the time-out delays and eventual bricking or erasure of the devices. They can keep trying passcode as long as they want. . . or as long as the prosecution is willing to tie up one of the machines. This is crucial if you want your data private.
For either of these unlocking systems, the average time to unlock an iOS device that has a four digit passcode is around two hours. Sometimes they get it right away, because they’re programmed to try obvious patterns people use, four corners, a cross, specific number patterns, etc. However, four digits can only have 10,000 combinations, so you’d think a computer could whip through that in no time. It could, but Apple has thrown a skunk into Cellebrite and GreyKey’s party. Apple won’t let it try keys at a computer’s speed. This is a human interface and runs at people speed! Apple built in a 1.3 second delay between trying passcodes. Too bad, so sad, Cellebrite and GreyKey.
What does this mean for us poor privacy loving Apple owning Freepers? First of all, if either of these two systems had to go all the way from 0000 to 9999 to find the passcode in a four digit passcode with a 1.3 second delay, it would take them a little over 3 ½ hours to test all ten thousand possible passcodes. Great, you say, that’s not a big deal. Nope, it’s not.
But what if you went up to six digits, or one million possible passcodes? That’s 100 times longer to try every possible one, or ~350 hours! That’s 14 ½ days, 24 hours a day. . . Getting interesting?
Perhaps a seven digit passcode might be of better use. . . 10,000,000 passcodes. ~3500 hours, 146 days, 24 hours per day. . .
Hmmmmm, dare we go for 8 digits, 100,000,000 passcodes, ~35,000 hours, almost 4 years, 24 hours per day. Good thing Apple makes good devices that last.
Keep in mind we are just using ten numeric digits for our passcodes. What would happen if we turned on complex passcodes and added alphabetical characters to the passcodes?
Let’s just go back to six character, easy to remember. Now we are working with 26 lowercase and 26 uppercase and 10 numbers. . . 62 characters. Where before we had only 106 = 1,000,000 possible passcodes, now we have 626 = 56,800,235,584 possible passcodes. 56.8 billion possible passcodes with just six characters. . . And testing at one every 1.3 seconds. That means it would take Cellebrite or GreyKey only 2,147 years to try every possible passcode.
How about an eight character passcode? 628 = 218,340,105,584,896 possible passcodes. 218.3 trillion possible passcodes! Only a mere increase to 9,000,575 years to try every possible passcode at one every 1.3 seconds!
If we toss in a few symbols to our Alphanumeric mix, the number of possible passcodes and time to break goes astronomical. Apple allows 223 characters to be input from the iPhone keyboard and your passcode can be a totally absurd 256 characters. Insane, I know. . . but that would give you a possible 223256 passcodes to drive Cellebrite and GreyKey out of business.
I’m with Apple on this one. No American citizen or company should feel any obligation to help an organization as corrupt as the DOJ/FBI. This is especially true in a case involving a terrorist attack carried out by a foreign national working on A FREAKING MILITARY BASE here in the U.S.
All iPhones have been data encrypted from the factory...and the newer ones use a "secure enclave" chip (since iPhone 5s). Once you set your sign in code/password even Apple can't get in without it (longer is better...4 digits could be brute forced if ""X" attempts then erase" isn't set-up on the phone). Apple gave the FBI the iCloud data for the Pensacola shooters' iPhone (Apple holds those encryption keys), but the actual phone has no backdoor.
https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
We are in a constant state of war with scum like Islam. During WW2 we had code breakers. Things like Station HYPO. The Brits had Bletchley Park. This is what we need now. Hire the brightest Americans. Join the 21st century
The FBI must sue Apple and get a decision from SCOTUS that defines and decides the issue of when the public interest overrides individual privacy.
The right to privacy is rescinded by criminal activity.
Absent the decision Apple is liable for damages by assholes with a law degree
“good guys”
And who exactly are these good guys anyway? Thanks to the FISA abuse which ultimately circumvents the power of the vote, we know for sure that the US government can’t be trusted with this power.
If people can be trusted to have guns, they can be trusted to have encryption.
Get a warrant and serve it to Facebook for the Whatsapp info.
This is Barr being a useless dickhead. Go get Hillary’s phone and ask Apple to break into it or stfu Barr.
_______________________________________
Exactly!
If it doesn’t have a backdoor, there is nothing Apple can do to decrypt it other than brute force, which can take thousands of years.
If it does have a backdoor it’s not secure encryption.
This is at heart a 2nd and 4th Amendment issue.
Should private citizens be allowed to possess guns/secure encryption?
Are private citizens entitled to be secure in their persons, houses, papers, and effects?
If it becomes known that Apple encryption has a backdoor the bad guys will stop using it.
If secure encryption is outlawed, it’s easy enough to roll-your-own, just as it’s easy enough to build your own AR-15.
Smart technicians work civilian jobs. . the pay is MUCH better.
Send the phone to the Israelis, they will hack into it in no time.
Maybe this will help get into the phone.
It takes next to no time to crack an iPhone’s passcode
https://nypost.com/2018/04/19/it-takes-next-to-no-time-to-crack-an-iphones-passcode/
The Knox implementation sounds ridiculously JV. The use of salted hashes has been around for quite some time. Nonetheless, having physical access to the phone gives the ability to programmatically drive the authentication process including the hashing stage. But as you mentioned, there are additional constraints...
Thanks for the heads-up on the Enclave chip and its self-destruct mechanism — I suppose the only deterrent to a brute force attack on the user’s password.
Also agree regarding the human factors related to a factory backdoor. But there’s really no way for us to know whether or not one exists.
Definitely.
I wonder if “Face ID” would work if you hold the corpse’s eyes open?!? ;-) I think someone tried to spoof “Touch ID” with fingerprint impressions, etc.. Don’t think either of those work if the purp turns off the phone or reboots it before the cops show up....need the password first to activate Face ID or Touch ID. Simple solution to things like Pensacola are “keep the creeps out in the 1st place!”. In any case I think we have bigger issues to worry about than the last data privacy we have thru encryption. Things like financial “debt bombs”!
Retinal signatures may not last long after death. Not sure how long skin tissue can a provide a pattern.
>> Pensacola are “keep the creeps out in the 1st place!”.
You’re absolutely correct. Policy is most often the problem.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.