Posted on 11/07/2017 2:05:20 PM PST by detective
At a press conference today, an FBI official investigating the man who killed 26 people in a Texas church on Sunday said the agency can't open the shooter's encrypted phone. The agent painted the issue as a growing concern among law enforcement at all levels who can't access data on devices without their owner's credentials. It's essentially the same argument the FBI made two years ago when it demanded Apple help break into the phone of the San Bernardino shooter, a conflict that escalated into the courtroom.
(Excerpt) Read more at yahoo.com ...
Yup. It is an excuse. And a poor one at that. I know I don't want our feral government having a backdoor to my phone.
That's one of the reasons I upgraded my iPhone when I finally got around to it. That, and the fact that it was no longer able to get security updates because it was too ancient.
I was hoping you'd show up on the thread to combat the FUD.
“The FBI cant unlock the Texas church shooters phone”
There are probably tons of 14 year old kids that can.
Give one $500 and they would get it done.
The FBI was on extremely shaky legal ground. They were not attempting to use a Warrant to get Apple to unlock the iPhone 5c, which was using an older iOS version, but an "All Writs Order" that was totally inappropriate to the case. It was essentially ordering Apple to do work that was beyond the power of the court to order. They were ordering Apple to CREATE an entirely new Operating System that would BREAK the security of iOS and then to GIVE IT TO THE FBI. This new operating system, call it FBiOS, would bypass all security. It was, by the court order, would remove all security that would protect and encrypt data, and would allow the FBI to install it on any Apple iOS. They claimed later they were only asking for THAT device. . . but that was NOT the wording of the All Writs court order.
All Writs Court Orders are usually used when you hire a locksmith to unlock a door or open a safe. It is used when you are requiring a business to do something they do in the NORMAL COURSE of their business. You cannot require them to do something they do not normally do. . . such as create a new operating system that would destroy their business model for the convenience of the court or a police agency. It also flew in the face of a FEDERAL LAW that SPECIFICALLY prohibited the courts from requiring a telecommunications manufacturer or carrier from disabling any encryption or security hardware or software for the benefit of LAW ENFORCEMENT agencies. That federal law was passed by Congress explicitly to prevent a Federal Judge from doing this. . . and the Supreme Court had already RULED a judge could NOT ORDER SUCH A THING. Apple was right to refuse to do it.
No, it needs to be living. . . not just a pulse. It needs the subcutaneous fat cells to be filled with blood below the skin. It would take a lot of work to accomplish that. . . and it still won't work after five to 24 hours of not being unlocked. Then you'll have to use the passcode.
Modern encryption does not work that way. It is binary. It is either secure or it is not secure. Once you know there is a backdoor, the bad guys WILL find it. . . and the courts will reveal the backdoors to the defense attorneys. . . who cannot keep their mouths shut. EVERY SINGLE TIME a secure backdoor has been revealed, even under court seal, it has been compromised. That is just the reality. The only way to make certain that a passcode does not get revealed is to make it known only to one person. . . the user.
Put in another way to unlock a device and they are not secure.
What do they expect to find? Trump on speed dial? Kiddie porn? (Lest we forget he killed babies in the church)
My phone is boring. I am more worried about being exposed as a typical 50 something white guy from the stix.
Nope, Apple does not have your fingerprint in storage.
In fact the TouchID sensor does not even use your fingerprints.
so they have the killer’s body so they have his subcutaneous tissue to open the phone.
If some kid could do it, it would have been done loooong before now.
Blood has to be flowing through the tissues for it to work. Even if it did, it’s been more than 24 hours since he was killed, so the PIN would still be needed.
Androids it is the person who buys it that puts a pass code in. This is an iPhone in question. If I am not mistaken not even tech support from Apple can help because of privacy policy in that is in place.
I think a couple of months ago Rush on his show talked about that you cannot get Apple tech support for pass code disclosure because of its strict company policy on privacy.
Which the new iPhone X has.
As is mine. Doesn't really matter. The government has no business prying into it without my consent.
"Tough" is not the word I would use. "Impossible" is the word I would use.
On an iPhone, with the fact that if you don't get the passcode in ten tries, the data is erased, your only choice is to attempt to brute force break the 256bit AES encryption. The key to that is NOT the user's passcode.
The encryption key is constructed by the iOS Encryption Engine processor and is composed of FOUR elements, only one of which is related to the user's passcode.
An algorithm, also stored on the Secure Enclave, is used to entangle the user's passcode into the concatenated UUID, DID, and Random Number (these three total 128 characters before the user's passcode Hash is entangled). In any case, the actual key is padded by the algorithm to at least 144 characters in length to do the encryption decryption EACH TIME THE USER INPUTS A CORRECT PASSCODE, although it can be longer when the user's passcode is entangled.
Once you start to understand the way brute force solving of a 256bit Advanced Encryption Standard (AES) works, you start to realize why "Impossible" is the word to use. The ONLY way to crack a 256 bit AES encryption is to try every possible key until you find the one that works by seeing if you get something intelligent, usable, or translatable when you apply a trial key.
The number of key possibilities is a number that is literally higher than astronomical. For example, if one were to use all 223 characters possible in a string of 256 characters, you get a possible 223256 possible keys you will need to try to find the solution to the encryption, if you were just using a user input key.
How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force, n o? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.
Let's assume your shooter's iPhone Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with the iPhone's 128 character UUID, so the base is now 16 + 128 or 223144, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.
1,052,019,282,033,700,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
That's 1.052 duovigintillion possible combinations, give or take a few.
If the government's supercomputer could check 50,000 passcodes every second against the data, checking to see if anything made sense, It could therefore test 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 33% faster supercomputer and say they could check 2 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .
5,260,096,410,168,500,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 YEARS
to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID, DID, and environmental random number. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 5.26 Billion vigintillion (10^195) Years to break into one iPhone's data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1 trillion. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode on one iPhone. That's the law of very large numbers at work.
It's estimated that the entire Universe will die a heat death and devolve into a soup of quarks and sub-atomic particles by a mere 4.7 X 1080 years. . . yet we are looking at more than THREE TIMES THAT TIME SPAN. That's why "Impossible" is a good word. . . and that's for only a complex 16 character passcode.
Actually Apple is up to the A11 on the iPhone 8 and 8+ and iPhone X that were released in the last month. . . plus they both have the Neural Engine, capable of doing 600 billion decision per second. . . which is what drives the 3D facial recognition mapping which is 1,000,000 to one against any false reading, where the TouchID is only 50,000 to one.
Someone kidnaps a key Apple management employee or a family member and holds them hostage until the algorithms, software, hardware, or schematics of how to unlock an iOS device are delivered to them. . . Once the technology exists for the good guys, it won't be long before it's available to the bad guys. Apple iOS devices are no longer secure. The best solution is to never create it in the first place. Just because Apple can create it, and should they? If Apple does, then Apple is back to square one for over 800 Million iOS devices and their users. Trust is what differentiates Apple on privacy from all the rest. Destroy that and they destroy their brand.
It doesn't work on temperature sensing. Otherwise, good idea. Thanks for playing.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.