Jump to content
Maksim

Apple fighting the Government on creating a backdoor for phones.

Recommended Posts

Nick,

Either you're extremely naive or have a lot more trust in the government than I do. There is no way this will stay as one phone like you insist.

 

Sent from my ONE A2005 using Tapatalk

I think that what they want Apple to do just makes it easier to crack the phone via brute force by eliminating an auto-erase and removing a wait time after failed password entry.  Strong passwords and 2-factor authentication would still protect the phone.  But most people--unless you are autisitic--are not going to use a strong enough password, because they want to be able to remember it.

 

My concern is not so much the current U.S. govt, my concern is foreign govt and what the U.S. govt might become in the future.

Share this post


Link to post
Share on other sites

For shits and giggles, lets put this out there.

 

They're asking for Apple to give them a programs to "hack" the PIN number correct?

 

If so then continue below.

 

I work in the wireless industry. I DO NOT work for Apple. But from all things that I see and know...

 

Customer comes in forgets PIN number.

 

They go to apple, PIN number can't be bypassed but they can unlock phone with iTunes/iCloud account.

 

Don't know password to the account, but that can be bypassed through various methods. Security questions, email account reset link, PROOF OF PURCHASE by the account owner.

 

So the technology is already there whether you like it or not. They CAN unlock ANY phone they want. 

 

I know you're looking for backdoor BS about unlocking phones without help etc. etc. But I"m just saying...Apple can unlock phones in person if they want to. 

Share this post


Link to post
Share on other sites

Infamous, I am not an iPhone/apple expert, but from what I understand, apple was giving the feebs all the backed up data on icloud. The phone had not been backed up for a few weeks, and the feebs wanted the rest of the data that was encrypted on the device but not yet backed up to the icloud.

 

Current gen iphones make accessing this encrypted data impossible, as the encrypted data on the device is zero knowledge encrypted (only the holder of the key can unlock) and there is a chip on the device that ensures this.

 

The previous gen devices do not have a hardware chip that ensures this zero knowledge encryption. But apple has implemented their OS in a way that makes it zero knowledge. That is, unless apple decides to release a firmware update that breaks that functionality (codes in a backdoor).

 

The shitbag, cowards that shot up that holiday party had a previous gen device. The feebs asked apple to build, and more importantly digitally sign, a firmware update with a backdoor built in to circumvent the zero knowledge implementation.

 

The reason the digital signature is so important is that Apple's devices won't accept a device update unless it is signed by Apple.

 

I was just reading some reports circling that Apple is claiming that the feebs managed to change the shitbag's icloud password within 24 hours of the shitbag's date with 40 virgins. In doing so they scrubbed their last chance to recover the data, because if they had not changed the icloud password (which is different than the device encryption password) and connected the device to a trusted network, the device would have initiated a back up to the icloud, and apple would have furnished the data to the feebs.

 

There are a few lessons here. First apple will spit out any data you have to the feebs ina blink if they can actually access the data. Second the feebs are either really dumb, or really evil. I say 50/50 chances on that.

Share this post


Link to post
Share on other sites

Again, I was only talking about the PIN unlock.

The pin unlock on current (iphone6) and last gen (iphone5) devices is zero knowledge based upon what I'm reading. The only difference between gens is that one is hardware backed, and the other is firmware backed.

 

What I mean to say is, they can't just magically unlock the device because they don't have the PIN, and can't guess the PIN due to the way they implemented the encryption.

Share this post


Link to post
Share on other sites

Ok, so to keep the convo going...

 

1. Do we think at some level, the feds are pushing this, even though there may not be any new data on the device itself, in order to make a move to put in a backdoor on the devices?  Ie... using this as an excuse to have a permanent solution?

 

and Howard... you would be surprised at how many clients I work with, both young and old who have a dumb phone.  Email can wait a few hours.  Only real thing you need a smart phone for is GPS. (and chatting on the forum through tapatalk)

 

sidenote, interest point from analytics... a good 40% of the site's traffic is mobile.... not even tablets.

Share this post


Link to post
Share on other sites

 

1. Do we think at some level, the feds are pushing this, even though there may not be any new data on the device itself, in order to make a move to put in a backdoor on the devices?  Ie... using this as an excuse to have a permanent solution?

 

My guess would be yes, that is at least part of their motivation. They probably already have access to his emails, text messages, location history, browsing history,  call log, purchases etc, from other sources. It is unlikely that there is any local content on the device that would be very useful at this point.

Share this post


Link to post
Share on other sites

While my iPhone has a lot of sensitive data stored on it, much more is stored in my head. Should I be compelled to share all that I know?

I am pretty sure that you could plead the 5th for anything in your head.  I am not sure if you could be granted immunity, and then compelled to share what you know. 

I am pretty sure that anything you write, or anything you have physically secured (say in a safe) could be accessed using a warrant.  IDK if they can compel you to reveal your safe combo in order to serve a warrant, but surely they could break into your safe with a warrant.  Can the safe manufacturer be compelled to help?

Share this post


Link to post
Share on other sites

Leachim, it's a bit more complicated than that. If we make the safe comparison, the question would be, should we compel the safe manufacturer to compromise their safe design (affecting all their existing and future safes) in order to satisfy a warrant. I would suggest that is out of the scope of any warrant.

Share this post


Link to post
Share on other sites

whenever I see the word "compelled" here I cant help but overdramatizing and thinking of the nazis compelling scientists into inventing bigger and better rockets/missles to launch in wwII. I dont like that word in the same sentence when talking about gov't. maybe its just me but its creepy.

Share this post


Link to post
Share on other sites

Leachim, it's a bit more complicated than that. If we make the safe comparison, the question would be, should we compel the safe manufacturer to compromise their safe design (affecting all their existing and future safes) in order to satisfy a warrant. I would suggest that is out of the scope of any warrant.

I agree the analogy is not exactly the same, but I guess it depends on exactly what the govt wants Apple to do.

And think about this, if there is a way that Apple could modify the phone/OS to either outright crack it (doubtful) or make the brute force easier, then it would also be possible for someone else to phone/OS to do the same thing.  Might be more difficult without help from the Apple braintrust, but it could be done.  Especially by a government with lots of resources.  So really how safe is "strong" encryption on your iPhone then?

Share this post


Link to post
Share on other sites

With technology, the landscape isn't as simple as it was 30 or 100 years ago.  We are protected against incriminating ourselves by way of the 5th Ammd't.  If you and only you can provide the means for access to information and that information may incriminate you I don't believe you need to provide that access.  Which is why I wrote earlier that a method of encryption is needed that can only be accessed if we allow access to that information.  LE can have at it if they wish, but we are not compelled to assist them.  We can can't obstruct them.  Non-response is not obstruction.

Share this post


Link to post
Share on other sites

I agree the analogy is not exactly the same, but I guess it depends on exactly what the govt wants Apple to do.

And think about this, if there is a way that Apple could modify the phone/OS to either outright crack it (doubtful) or make the brute force easier, then it would also be possible for someone else to phone/OS to do the same thing. Might be more difficult without help from the Apple braintrust, but it could be done. Especially by a government with lots of resources. So really how safe is "strong" encryption on your iPhone then?

 

As I understand the encryption implementation, it's not possible to build the backdoor for one phone and one phone only. Secondly, at what cost to apple? They are in the business of making computing devices, not forensics. And certainly not in the business of undermining their own designs when it comes to privacy.

 

With technology, the landscape isn't as simple as it was 30 or 100 years ago. We are protected against incriminating ourselves by way of the 5th Ammd't. If you and only you can provide the means for access to information and that information may incriminate you I don't believe you need to provide that access. Which is why I wrote earlier that a method of encryption is needed that can only be accessed if we allow access to that information. LE can have at it if they wish, but we are not compelled to assist them. We can can't obstruct them. Non-response is not obstruction.

It appears apple has built such a system. It is missing plausible deniability though. Courts have ruled a government can compel an individual to divulge their passwords. I don't agree with that, but legally they can. The only encryption solution I know of that provides plausible deniability is veracrypt (the fork of truecrypt). And unfortunately, veracrypt is woefully behind in full system encryption. Which means we really only have access to that solution until Windows 7 is obsolete.

Share this post


Link to post
Share on other sites

So what FedGov is saying here is that all the domestic spying the NSA is worthless.

 

Yet it continues...

 

I'm of the mind that this is more devious and underhanded than all that. We already know that the NSA can pretty much call up any and all data that went into and out of a device just by looking up the phone number (text messages, email, phone conversations, etc.). What I think is happening is that they have whatever data they need with regard to San Bernardino, but were trying to sneak one past Apple. It sure looks like they are trying to get a new back door in an effort to expand the capabilities of their current domestic spying program.

 

The domestic spying the NSA, et al, are doing is not worthless. It has great value, it just has nothing to do with Muslim extremist terr'ists. Like we were discussing in another thread about the WoD, this has nothing to do with safety*, and everything to do with control.

 

*Please note, I am not implying that if they were actually trying to do this with safety in mind it would be just or legal. Indeed, even if this were actually stopping actual terrorist attacks I would still be very much against the intrusions on privacy and the 1st/4th amendment our Federal government is perpetrating on the American people.

Share this post


Link to post
Share on other sites

I guess Apple fixed the charger exploit where you could root the phone and take control of it remotely if someone mistakenly plugged their iPhone in using a conveniently placed 'adjusted' charger? Thats too bad but if the feds wait long enough someone will come up with a new exploit for it.

Share this post


Link to post
Share on other sites

I guess Apple fixed the charger exploit where you could root the phone and take control of it remotely if someone mistakenly plugged their iPhone in using a conveniently placed 'adjusted' charger? Thats too bad but if the feds wait long enough someone will come up with a new exploit for it.

 

That's the thing, I'm sure there will be new zero day exploits found (if not already found). 

Share this post


Link to post
Share on other sites

I'm of the mind that this is more devious and underhanded than all that. We already know that the NSA can pretty much call up any and all data that went into and out of a device just by looking up the phone number (text messages, email, phone conversations, etc.). What I think is happening is that they have whatever data they need with regard to San Bernardino, but were trying to sneak one past Apple. It sure looks like they are trying to get a new back door in an effort to expand the capabilities of their current domestic spying program.

 

The domestic spying the NSA, et al, are doing is not worthless. It has great value, it just has nothing to do with Muslim extremist terr'ists. Like we were discussing in another thread about the WoD, this has nothing to do with safety*, and everything to do with control.

 

*Please note, I am not implying that if they were actually trying to do this with safety in mind it would be just or legal. Indeed, even if this were actually stopping actual terrorist attacks I would still be very much against the intrusions on privacy and the 1st/4th amendment our Federal government is perpetrating on the American people.

I agree that this isn't about this phone. What the hell could they possibly get from this phone that they didn't already know? Not much in my opinion.

 

The are thinking like liberals. Never waste a good crisis. They are using this incident...and that phone.... To get Apple to solve a problem for them about getting data they otherwise wouldn't be able to get. And do it...in future cases... Without a warrant.

Share this post


Link to post
Share on other sites

The mitigating circumstances are that the phones in question are being used by actors that committed mass murder...... apple is wrong in this regard to not assist in bringing those that might be culpable to justice

no....they're on point. if they do it "just this once" it sets precedent. precedent that the govt will turn and use  to gather even more info.

 

 there's also the fact that i don't truly believe that some schmuck goatfucker can come up with a password that the fbi can't break.......

Share this post


Link to post
Share on other sites

For shits and giggles, lets put this out there.

 

They're asking for Apple to give them a programs to "hack" the PIN number correct?

 

If so then continue below.

 

I work in the wireless industry. I DO NOT work for Apple. But from all things that I see and know...

 

Customer comes in forgets PIN number.

 

They go to apple, PIN number can't be bypassed but they can unlock phone with iTunes/iCloud account.

 

Don't know password to the account, but that can be bypassed through various methods. Security questions, email account reset link, PROOF OF PURCHASE by the account owner.

 

So the technology is already there whether you like it or not. They CAN unlock ANY phone they want. 

 

I know you're looking for backdoor BS about unlocking phones without help etc. etc. But I"m just saying...Apple can unlock phones in person if they want to. 

 

Except, the FBI screwed that up by allowing the San Bernardino city (owners of the phone) to attempt to reset the iCloud password.

Share this post


Link to post
Share on other sites

Cb2H4EfWEAEQawa.jpg

 

Love it!

 

That being said, I'm 100% behind Apple on this... if it was a one-time deal, they should do it. But they would lose my business if they opened up a backdoor that the government (or anyone else for that matter) can access.

 

If I want someone to have access, I will grant it to them. My girlfriend's fingerprint can unlock my phone. I have nothing to hide; I keep no secrets from her, but that doesn't mean I shout every part of my day from the rooftops for all to hear.

 

Privacy is privacy. Would you like to live in a glass house too?

Share this post


Link to post
Share on other sites

I'm of the mind that this is more devious and underhanded than all that. We already know that the NSA can pretty much call up any and all data that went into and out of a device just by looking up the phone number (text messages, email, phone conversations, etc.). What I think is happening is that they have whatever data they need with regard to San Bernardino, but were trying to sneak one past Apple. It sure looks like they are trying to get a new back door in an effort to expand the capabilities of their current domestic spying program.

 

The domestic spying the NSA, et al, are doing is not worthless. It has great value, it just has nothing to do with Muslim extremist terr'ists. Like we were discussing in another thread about the WoD, this has nothing to do with safety*, and everything to do with control.

 

*Please note, I am not implying that if they were actually trying to do this with safety in mind it would be just or legal. Indeed, even if this were actually stopping actual terrorist attacks I would still be very much against the intrusions on privacy and the 1st/4th amendment our Federal government is perpetrating on the American people.

 

I too think there is something more devious at play here.  

 

I disagree that the domestic spying is has any value.  The whole point of the program is PREVENTION of terror attacks, not post-attack analysis/prosecution.  Boston bombers were all over social media.  l know that government can't prevent crimes so why continue a program that doesn't (and can't ever) meet it's objectives.  Just like the government can't prevent mass shootings.  

Share this post


Link to post
Share on other sites

I too think there is something more devious at play here.  

 

I disagree that the domestic spying is has any value.  The whole point of the program is PREVENTION of terror attacks, not post-attack analysis/prosecution.  Boston bombers were all over social media.  l know that government can't prevent crimes so why continue a program that doesn't (and can't ever) meet it's objectives.  Just like the government can't prevent mass shootings.

 

When I said it has value, I did not mean that is has value for the People paying for it. Indeed the price We paid for it is way too high.

 

That much data has immense value to an out of control government interested in making criminals out if it citiznery though.

Share this post


Link to post
Share on other sites

When I said it has value, I did not mean that is has value for the People paying for it. Indeed the price We paid for it is way too high.

 

That much data has immense value to an out of control government interested in making criminals out if it citiznery though.

 

Gotcha, yeah we agree. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.



×
×
  • Create New...