End to end encryption under threat

With regard to the Apple vs FBI recent thing, as I understand it (and please feel free to correct/add) they are not asking them to make a back door for future releases but help hacking a phone with the current security on.

As that is E2E encryption Apple cannot "hack it" either as it's designed to be unhackable. What they want Apple to do is hack that particular phone's version of iOS to remove the 10 tries then wipe features on the lock screen. This would allow them to brute force the unlock code and simply read the messages from the phone.

So, it seems to me the reason Apple don't want to comply isn't a genuine fear of a slippery slope of having to make their phones more hackable for everyone, but just reluctant to send any kind of message that their software can be compromised in any way for PR reasons.
 
scorza said:
I didn't ask if you thought a biro was difficult to operate, I asked if encrypting with a pen and paper was more difficult to operate than texting with an iPhone. I've done both and let me assure you that the correct answer is yes.
Click to expand...

Oh wow. Making encryption 0.00000000001% harder to implement is really going to end paedophilia and terrorism isn't it.

ahaha :D


You really have no clue do you?

Do you remember when they tried banning torrents and porn? Independent developers started creating countless plugins and applets to circumvent it and it actually caused a surge in traffic to illegal sites because the media started publishing detailed lists of all the top torrent sites.

Are you not afraid of thousands of third party encryption applications being created purely in response to governmental bannage - not to mention the apps/methods that already exist? Or are you still going to be crying about encrypted iPhones once all terrorists have shifted to other mediums?
 
Last edited:
estebanrey said:
With regard to the Apple vs FBI recent thing, as I understand it (and please feel free to correct/add) they are not asking them to make a back door for future releases but help hacking a phone with the current security on.

As that is E2E encryption Apple cannot "hack it" either as it's designed to be unhackable. What they want Apple to do is hack that particular phone's version of iOS to remove the 10 tries then wipe features on the lock screen. This would allow them to brute force the unlock code and simply read the messages from the phone.

So, it seems to me the reason Apple don't want to comply isn't a genuine fear of a slippery slope of having to make their phones more hackable for everyone, but just reluctant to send any kind of message that their software can be compromised in any way for PR reasons.
Click to expand...

They don't want to set a precedent that they can/will unlock an iPhone when the US government asks them to, as then anybody who has reason to believe that a US government institution would be interested in the contents of their iPhone would stop buying them.
 
Personally I reckon they've already got the contents but are making a big deal of it to persuade people that they can't thus leading to a false sense of security and people using iPhones.

To be fair if the phones been backed up on a PC it's pretty easy to get at the data even if password protected. There's no attempt limit on those.

O and as for social engineering a dead person doesn't social engineering cover aspects like checking Facebook for finding out where they were born or marriage records for mothers maiden name for security questions? If so there's no need for the subject to be alive.

Stands to reason he may have used a password similar to other accounts.
 
Last edited:
Is there any truth in the claims that the iPhone in question is a government issued device presumably covered by an MDM policy, and the personal phone was physically destroyed before the attack?
 
The thing is to me it's very little or nothing to do with the FBI actually wanting access to this phone, they could quite easily break in if the asked the right people, was reading an interview with the guy most well known for hacking iOs, the guy created most of the jailbreaking solutions that are used for iPhones, he was happy that he could get in within a week or two, using ramdisks to mess with the firmware to remove the limited passcode attempts and then a brute force attack wouldn't take too long.

If this was all about access to this particular phone the FBI would be in there already, but it's not, the FBI are just using this as an emotive issue to try to get unfettered access to everyones data, because idiotically the security services seem to believe that data and lots of it is the answer to all their problems, despite this creating many and in some cases more problems than a lack of data.

Then you get to the trust issue, (without putting a tinfoil hat on) can governments really be trusted to use this "power" for the right reasons? Snowden showed the masses of dodgy stuff the NSA and GCHQ were already up to, much of which bore about as much relation to security as eating a sandwich, we had local councils in this country using anti-terrorism laws to spy on people putting the wrong recycling out.

This is before you get into the debate on security, if the US govt gets a backdoor, then apple will be in the difficult position of now China (their biggest and growing market) wants the backdoor, and we all know china doesn't have large amounts of government employed hackers waging a very quiet cyber war with the US, UK etc, etc and vice versa, "weakening" encryption on mobile devices gives people another potential route into systems, and it's not as if we can just say oh well we can secure governement officials phones, as the number of people who have potential access to secure systems who aren't VIP's isn't an insignificant number.

Who runs the IT Tech support for the national police database? it isn't the police, and there will be people in first line IT tech support who have access to their systems, who runs the IT support for nuclear power plants? is it really a good idea to give anyone potential access to these peoples phones, which may have enough information for a clever person to work out the password patterns they like to use, do we really want the guy who through his low level IT job has access to the computers in all the intensive care units for a particular NHS trust, to lose the encryption on his mobile?

The potential implications for this are absolutely huge, and not in a particularily good way.
 
Spud21 said:
The thing is to me it's very little or nothing to do with the FBI actually wanting access to this phone, they could quite easily break in if the asked the right people, was reading an interview with the guy most well known for hacking iOs, the guy created most of the jailbreaking solutions that are used for iPhones, he was happy that he could get in within a week or two, using ramdisks to mess with the firmware to remove the limited passcode attempts and then a brute force attack wouldn't take too long.

If this was all about access to this particular phone the FBI would be in there already, but it's not, the FBI are just using this as an emotive issue to try to get unfettered access to everyones data, because idiotically the security services seem to believe that data and lots of it is the answer to all their problems, despite this creating many and in some cases more problems than a lack of data.
Click to expand...

This makes a lot of sense. If the FBI really wanted to get access to this guy's phone and this phone only, they could just just find somebody within the community like the guy you mentioned to get them in. Most people probably wouldn't have batted an eyelid about being asked to help with this particular terrorist. yEspecially since the guy is dead.
 
Good post.

I imagine the jailbreak guy could be much more easily coerced into doing such a thing than Apple itself as well. Well never know he might want to help.
 
Last edited:
This goes to show the fundamental security flaw in using such a weak key generation mechanism that the iPhone does, a 4 digit pin can never properly secure a device.
 
Energize said:
This goes to show the fundamental security flaw in using such a weak key generation mechanism that the iPhone does, a 4 digit pin can never properly secure a device.
Click to expand...

and yet it's secured it well enough that even the FBI has to go to court to get apple to open it for them ?

The security measures apple put in place prevent you from brute forcing it, which is why 4 digits is fine.
 
don't understand that article. It says the above, but it also says

The problem is, iOS will automatically wipe the device after too many unsuccessful attempts
Click to expand...

so which is it ? surely the brute force machine would just get the device wiped ?
 
Fr0dders said:
don't understand that article. It says the above, but it also says



so which is it ? surely the brute force machine would just get the device wiped ?
Click to expand...

Think it means if the wipe function is turned off, which is what the FBI want.

So, this is interesting...

http://www.engadget.com/2016/02/23/justice-department-wants-12-more-iphone-backdoors/

Remember when the head of the FBI swore blind that authorities only wanted backdoor access to the iPhone in this one, special case? Turns out that his friends over at the Justice Department just blew that claim miles out of the water. The Wall Street Journal has revealed that the DOJ is currently pushing court cases to get access to the data on no less than 12 different iPhones. The paper's sources say that officials are using the All Writs Act, the same 18th-century law that the FBI feels justifies its request for a backdoor.
Click to expand...
 
Yep exactly, and as soon as 1 phone is cracked to solve 1 crime, it would open up the flood gates for requests, even for small crimes like shop lifting for example.
 
You must log in or register to reply here.
Back
Top Bottom