Apple Unlock iPhone?

H

herbu

Audioholic Samurai
My understanding is that when the story went public, Apple went into "Protect the Brand" mode.
Seems to be more of a Political Grandstanding issue, than a legal precedent.
I don't think it's an either-or issue. I think they overlap in this case.
Apple has spent bazillions to be a leader in security. Their iPay function is a leap forward in both convenience and security. I was skeptical until I learned the security of iPay is head-and-shoulders above that of a credit card. Security is rapidly becoming a pillar of their brand.

The phone in question is a basic 5C. No fingerprint reader. All other models of 5, and all subsequent iPhones have the fingerprint reader. If the terrorist phone had the fingerprint reader, it is my understanding that hacking would simply not be possible. That means the govt has no ability to hack any new/current iPhone. A court ruling against Apple would torpedo every current product. So yes, it is about protecting their brand.

As a consumer, I support that security. The govt can still listen to every call. They can read every email. They can retrieve anything on the cloud. They can track my internet usage. They can see my credit purchases. They can search and seize any physical item in my home. So what's left? My contacts, notes and pictures on my phone? It seems the only thing the govt can't get is stuff I enter or input into my phone without benefit of the net or phone network.

Our privacy has eroded in so many ways. I'd like to retain one bastion of privacy, and appreciate Apple's efforts.

As far as terrorists are concerned, until the govt starts taking serious action to prevent them from entering our country, their Monday-morning reactions are the real Political Grandstanding.
 
Rickster71

Rickster71

Audioholic Spartan
The county screwed the pooch by not properly managing their mobile devices.
As the rightful owner of the phone, I'm thinking the county could authorize its contents be made available to FBI.
Just as Hilary Clinton's emails are being made public for her illegal use of Govt. emails on a private server. The cell phone data should be made available, since it was Govt. property used by a criminal / for criminal intent.
 
H

herbu

Audioholic Samurai
As the rightful owner of the phone, I'm thinking the county could authorize its contents be made available to FBI.
Yeah, that's a valid question. I don't know how that works.
I can see a company phone where the employee is authorized to use it for personal as well as business purposes. It could get a little complicated. I don't know.
 
jonnythan

jonnythan

Audioholic Ninja
As the rightful owner of the phone, I'm thinking the county could authorize its contents be made available to FBI.
Just as Hilary Clinton's emails are being made public for her illegal use of Govt. emails on a private server. The cell phone data should be made available, since it was Govt. property used by a criminal / for criminal intent.
It's like you're willfully ignoring what the facts are here.

The FBI already has authorization to get to the information in the phone.
 
Steve81

Steve81

Audioholics Five-0
Not sure if you noticed my post above. The County owned that phone. It was issued as a work phone. Has me putting his rights to privacy in a different light.
I noted that earlier in the thread. However, the conversation isn't at all about Farook's right to privacy. As a confirmed dead terrorist, his rights are moot.

Ironic that many politicians get elected promising to do exactly that!:D
Nothing ironic about it, just the way politics works.
 
Rickster71

Rickster71

Audioholic Spartan
It's like you're willfully ignoring what the facts are here.

The FBI already has authorization to get to the information in the phone.

I haven't met a person that wrote a software package that couldn't find a way to circumvent it.
Every phone has a chip that contains its storage. That chip can be removed with a process called HASL - hot air solder leveling. Then installed in another non password protected phone.

When one story makes the news, while a million other stories go unreported, there's a reason.
This whole thing is no more than the usual Dog & Pony Show.
Apple is appealing to its base and "Sticking it to the Man."
Our Government is trying look effective against terrorism.
Both side are happy and the sheep think they've retained some of their rights.
 
jonnythan

jonnythan

Audioholic Ninja
I haven't met a person that wrote a software package that couldn't find a way to circumvent it.
Every phone has a chip that contains its storage. That chip can be removed with a process called HASL - hot air solder leveling. Then installed in another non password protected phone.

When one story makes the news, while a million other stories go unreported, there's a reason.
This whole thing is no more than the usual Dog & Pony Show.
Apple is appealing to its base and "Sticking it to the Man."
Our Government is trying look effective against terrorism.
Both side are happy and the sheep think they've retained some of their rights.
What "chip" do you think can be removed and installed on another phone? If it's so easy, why doesn't the FBI do that? You think the federal government doesn't have access to any facilities that can desolder a NAND chip from a PCB?

Look, you don't understand how encrypted storage works. That's fine.

You're entitled to your own opinion, but not your own facts. You can't just remove "that chip that contains its storage" and install it on another phone. The data on that storage chip is encrypted. That's the whole point. If you remove the chip from the PCB, you literally eliminate any possibility of ever recovering the data, because you leave the hardware key behind.

The iPhone passcode is the weak point here. The passcode - the PIN used to unlock the phone normally - is what protects the hardware key. The hardware key itself is a huge number. It would take the world's combined computing power millions of years to straight brute-force the hardware key. The FBI wants Apple to create a version of iOS that allows them to brute-force the much shorter PIN.

If you remove the storage chip from the hardware key, then you are dead in the water.
 
jonnythan

jonnythan

Audioholic Ninja
I haven't met a person that wrote a software package that couldn't find a way to circumvent it.
Also, this is straight-up nonsense. Well, it's probably technically true because you haven't met any people who have made real encryption. You think Theo de Raadt has a way to circumvent OpenSSH? I'd like to see you tell him that you know he has a back door into it. I'm not sure if he'd laugh or scream at you. He's well known for doing both (well, maybe more well known for screaming).

Encryption software that has a back door is broken, poor encryption software that can't be trusted. There are a LOT of software and hardware packages out there that do real robust encryption that can't be circumvented by the "person that wrote" it
 
Rickster71

Rickster71

Audioholic Spartan
As I mentioned, it's a PR bonanza for both sides:

".....as a general matter, yes, Apple could crack the iPhone for the government. And, two technical experts told The Daily Beast, the company could do so with the phone used by deceased San Bernardino shooter, Syed Rizwan Farook, a model 5C. It was running version 9 of the operating system.


Still, Apple argued in the New York case, it shouldn’t have to, because “forcing Apple to extract data… absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand,” the company said, putting forth an argument that didn’t explain why it was willing to comply with court orders in other cases.


“This reputational harm could have a longer term economic impact beyond the mere cost of performing the single extraction at issue,” Apple said.

Apple’s argument in New York struck one former NSA lawyer as a telling admission: that its business reputation is now an essential factor in deciding whether to hand over customer information."

http://www.thedailybeast.com/articles/2016/02/17/apple-unlocked-iphones-for-the-feds-70-times-before.html
 
jonnythan

jonnythan

Audioholic Ninja
Sigh. If you want to be wrong and not understand what's going on, I obviously can't stop you.
 
Steve81

Steve81

Audioholics Five-0
“This reputational harm could have a longer term economic impact beyond the mere cost of performing the single extraction at issue,” Apple said.

Apple’s argument in New York struck one former NSA lawyer as a telling admission: that its business reputation is now an essential factor in deciding whether to hand over customer information."
More to the point, it's a factor in determining the applicability of the All Writs Act, under which this case falls.

We agree that the power of federal courts to impose duties upon third parties is not without limits; unreasonable burdens may not be imposed.
Supreme Court Justice Byron White, U.S. v. New York Telephone Co., majority opinion

Is that reputational harm an unreasonable burden? That's up to the judges to decide, but I can understand how it would be given that Apple markets its wares worldwide. Given the backdrop of Wikileaks and Edward Snowden's leaks, it's not a good time for American companies to be seen as totally complicit with the US Government.
 
haraldo

haraldo

Audioholic Warlord
Jonnythan, thx for comprehensive and clear posts.

I'm 100% with Apple here, the only way to comply with the FBI order is to create a backdoor that may leave every iphone potentially vulnerable...

Even the iphone itself does not have access to the userdata until it's unlocked!
 
Last edited:
jinjuku

jinjuku

Moderator
If Apple states that their new phones are even more secure than the ones in question, doesn't that suggest that Apple already possesses the wherewithal on how to circumvent the phone model in question be it software or even a hardware modification? On a separate note, John Mcafee has said he could hack it in about three weeks.
I can roll out a Windows PKI environment. Roll out SHA256 with 4096 bit key for encryption and then burn the Root CA.

Microsoft has zero chance of recovering data signed.

Apple has zero chance of recovering data with a key they didn't issue. Two things are happening: Apple can't brute force this and they are fighting the notion that they should compromise encryption signing at an OS level. That is basically forcing either a Apple signed, or Government signed cert be used device wide.

What good is encryption if any 3rd party can circumvent it?
 
haraldo

haraldo

Audioholic Warlord
There are cases also now where Microsoft has been ordered to deliver Azure hosted data to US authorities and they refuse, Microsoft do have access to the information which in this case is in one of their Azure US regions. Microsoft stubbornly refuse... I was told that a senior lawyer have been held in contempt to court. I heard 1st hand Scott Guthrie explaining that he or some other senior executive in a worst case scenario risk facing a severe jail sentence, but still they're not going to hand the data over as they consider they don't have the right to do this. According to Guthrie, Microsoft value the customer data so highly that they will be willing to fight till the death literally to keep it uncompromised...
(Scott Guthrie is the Executive Vice President of the Cloud and Enterprise group in Microsoft, a 22000 person divison)

In the German Azure regions Microsoft is doing this differently so they can't even hand over the data if they are ordered to, as the information they host are not even available to them... but only to a national German company. I believe NSA's doing over Angela Merkel are setting some traces here... This model will probably be more and more prevalent...

Here we are talking about info from the cloud, a very different case, very different setting but some similarities...

It's not only the Apple case going....
 
Last edited:
C

Chu Gai

Audioholic Samurai
I can roll out a Windows PKI environment. Roll out SHA256 with 4096 bit key for encryption and then burn the Root CA.

Microsoft has zero chance of recovering data signed.

Apple has zero chance of recovering data with a key they didn't issue. Two things are happening: Apple can't brute force this and they are fighting the notion that they should compromise encryption signing at an OS level. That is basically forcing either a Apple signed, or Government signed cert be used device wide.

What good is encryption if any 3rd party can circumvent it?
Are you saying that there is no way possible for Apple to obtain the contents?
 
jinjuku

jinjuku

Moderator
Are you saying that there is no way possible for Apple to obtain the contents?
I'm saying:

You take a text file, encrypt it with your own key, store it on your phone.

Apple will be NOT reading that file anytime soon.
 
G

gholt

Full Audioholic
Is the gov't courts trying to push this so that they can create some type of prescience so that it won't be as difficult in the future to get this data?

Sent from my Nexus 5X using Tapatalk
 
newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis
Top