Community Reacts to Apple vs FBI Story

  • News
  • Thread starter Greg Bernhardt
  • Start date
  • Tags
    apple
In summary: I think that this is a case where the FBI is asking for too much. The geeks should be able to figure it out without having to pay Apple. But I really believe in capitalism more than government takings by force. Why not simply make the FBI pony up whatever the geeks demand to solve their problem? In summary, Apple is refusing to help the FBI break into the phone of a mass murderer, and CEO Tim Cook is concerned about the precedent this could set.
  • #351
vela said:
I doubt you cracked the Android phone in any way nearly analogous to what the FBI is asking Apple to do.

I get what you are saying after reading the encryption article, and as I said before I am a "novice". I cracked a droid that probably wasn't encrypted. It was a pattern locked $70 walmart phone I bought but no longer used and had simply forgot how to open it. As I was using a method for unlocking the phone it flashed a message "you may loose all personal data, do you want to proceed?" I didn't care since I was giving the phone to someone else. So I unlocked the phone and gave it away...an hour later the person brought it back cause it still had pictures, text me app data and email app data still on the phone and was still working with her sim card in it. Now I know I may not be as smart as some of you guys here, but that should also tell you something. If I can do it what could an expert do?, a professor of computer science do? A disgruntled apple employee could do? Think about that for a moment.
 
Physics news on Phys.org
  • #352
gjonesy said:
If I can do it what could an expert do?, a professor of computer science do? A disgruntled apple employee could do? Think about that for a moment.

There's no need to think about it for moment if you understand what it would take to extract the data using the base encryption as the exploit method. For that you need NSA scale raw horse-power unless that expert, professor of computer science or disgruntled apple employee steals the Apple signing key.

 
  • Like
Likes vela and Borg
  • #353
nsaspook said:
There's no need to think about it for moment if you understand what it would take to extract the data using the base encryption as the exploit method. For that you need NSA scale raw horse-power unless that expert, professor of computer science or disgruntled apple employee steals the Apple signing key.

I understand a basic system might be able to bust a 32 bit in a week, I know a 128 bit encryption is next to impossible, but this is the FBI we are talking about here not a kid with a 400 dollar set up.

http://mycrypto.net/encryption/encryption_crack.html
 
  • #354
gjonesy said:
I understand a basic system might be able to bust a 32 bit in a week, I know a 128 bit encryption is next to impossible, but this is the FBI we are talking about here not a kid with a 400 dollar set up.

http://mycrypto.net/encryption/encryption_crack.html

I think most of us would rather the FBI leave that job to others with real expertise in those matters and concentrate on the basic footwork that catches most criminals, terrorist and bad guys in general.
 
  • Like
Likes vela
  • #355
DiracPool said:
In all seriousness, though, I think what I'm getting from all the press on this subject and from the 338 posts in this thread is that what this whole thing boils down to is NOT just a simple technical issue as to whether this single phone of the terrorists can be hacked uniquely or not. What it really comes down to is that 100,000 things must all go perfectly right and not one thing can go wrong and then yes, maybe this can be confined to this one instance. But the likelihood of that is essentially zero. So you have to ask yourself, "Do you feel lucky?" Well, do you?
I don't see a place for "luck" or 100,000 things that need to go perfectly here. Who says it matters and why must this "be confined to this one instance"? If it is decided by the courts that it is reasonable for Apple to crack this phone, then 6 months from now another case comes up where the same logic applies, they should crack that one too. So what? What am I missing about your concern/point?
 
  • Like
Likes gjonesy
  • #356
vela said:
The FBI wants Apple to write and install software with security provisions removed so that the FBI can brute force its way into the phone.

Ok this statement jumped out at me on a second reading of the post. So the FBI wants apple to use its own cryptographic key software just to remove the fail safes from the iPhone (SO THEY the FBI can crack the phone)? Is this correct?

I have 2 questions about this,

1. is it possible that after apple installs the key they could copy it?

2. if they can (copy the cryptographic key software) could it be used remotely without a users knowledge?

Again I am a novice when it comes to IT security so enlighten me.

If the answer is no to either question I still don't see the problem. If the key can't be used remotely then the FBI would have to have a phone in their custody to even use it correct?
 
  • #357
gjonesy said:
Ok this statement jumped out at me on a second reading of the post. So the FBI wants apple to use its own cryptographic key software just to remove the fail safes from the iPhone (SO THEY the FBI can crack the phone)? Is this correct?

I have 2 questions about this,

1. is it possible that after apple installs the key they could copy it?

2. if they can (copy the cryptographic key software) could it be used remotely without a users knowledge?

Again I am a novice when it comes to IT security so enlighten me.

If the answer is no to either question I still don't see the problem. If the key can't be used remotely then the FBI would have to have a phone in their custody to even use it correct?

Apple uses its private signing key to authenticate (signed code) the FBI requested software is a valid program for the existing firmware on the phone to install unconditionally if it's also in the correct format. The FBI is not asking for (yet) and does not get the private key, they only get code signed with it. In theory if Apple designed the code to only work with the one phones internal serial or ID key it would be impossible to use it on other phones without altering (changing the hash) of the signed code and invalidating the 'OK to install' authentication.

cryptographic key process
code-signing-process.png
 
Last edited:
  • Like
Likes gjonesy
  • #359
joema said:
While technically true in the most formal sense, they have apparently threatened to do this:

http://www.zdnet.com/article/fbi-co...d-private-key-allowing-feds-to-ghost-iphones/

To threatened the MAD option on the USA tech sector shows just how far out of touch with reality the FBI is on encryption vs rights. How long to you think it would take this information to leak from the FBI (unspoken threat)? More proof that the Apple phone user security model is fundamentally flawed when there are no limits to side-channel attacks on Apple to gain access to users secrets.
 
Last edited:
  • #360
  • #361
Former CIA Head (General Michael Hayden): The FBI is wrong about Apple
https://finance.yahoo.com/news/former-cia-head--the-fbi-is-wrong-about-apple-165603222.html

“You can parse this problem in a lot of ways. Constitutionally: does the government have a right to order it? I’m not a constitutional lawyer. I’ll let those guys settle that. Privacy? He’s dead. Never his phone. I don’t think it’s a privacy issue. I’m looking at it as a security issue,” he said. “I think on balance, America ends up in a less secure place if we somehow weaken what now appears to be very unbreakable encryption in the iPhone.”
 
  • #362
Astronuc said:
Former CIA Head (General Michael Hayden): The FBI is wrong about Apple
https://finance.yahoo.com/news/former-cia-head--the-fbi-is-wrong-about-apple-165603222.html
What comes out of the Hillary investigation is that the designation "classified" is probably way overused due to all branches of the government wanting to keep all other branches of the government out of their business. It follows that they all would be in favor of the securest possible phones for the same reason. In their eyes, Apple vs FBI looks like the FBI jockying for greater access to other government phones.
 
  • #363
zoobyshoe said:
What comes out of the Hillary investigation is that the designation "classified" is probably way overused due to all branches of the government wanting to keep all other branches of the government out of their business.
That is not the case, and in fact that would be an inappropriate use of the system.

There are strict guidelines, and Clinton should have been indoctrinated regarding guidelines as part of her job. The motivation behind classification is 'national security'.

Definitions of Terms Section 1 of CIPA defines "classified information" and "national security," both of which are terms used throughout the statute. Subsection (a), in pertinent part, defines "classified information" as:
  1. [A]ny information or material that has been determined by the United States Government pursuant to an Executive order, statute, or regulation, to require protection against unauthorized disclosure for reasons of national security.
Subsection (b) defines "national security" to mean the "national defense and foreign relations of the United States."
https://www.justice.gov/usam/crimin...is-classified-information-procedures-act-cipa

In the case of the US Department of State, the classified information pertains primarily to 'foreign relations of the United States', so if any email dealt with relations to other states, or events pertinent to relations involving the US and another state(s), or perhaps military affairs or certain interests, that information would be classified, whether or not the email was not marked with a classification.

Ignorance of the law is no excuse, nor proper defense.

The bottom line is that Clinton's emails related to her activities as Secretary of State should not have been on an unsecured server. She should not be discussing certain details of 'foreign relations of the US' in personal emails.
 
  • Like
Likes russ_watters
  • #364
Astronuc said:
That is not the case, and in fact that would be an inappropriate use of the system.
A lot of observers feel it is the case:
“This whole thing reveals more about our classification system and how poorly it works than anything,” Goitein said. The classification system leans toward secrecy when “most information that’s classified shouldn’t be, and can be safely released. If you’re alive in this world and don’t know the CIA is conducting drone strikes in Pakistan, Clinton’s emails are not going to wake you.”

The vast majority of classified material comes from the military, Defense Department (DOD) and the intelligence community, and despite recent transparency efforts, much of it stays classified. The government declassified 43 percent of the 64.6 million pages of classified information up for review. The State Department declassified 80 percent of the documents up for review, compared to the DOD’s 24 percent.

“It should be hard to classify information, there should be obstacles involving in the handling of classified information to keep it safe. But when everything becomes classified, it’s an unworkable system. And the danger is always that the really sensitive stuff is going to get caught up in this problem,” Goitein said.
The question of whether Hilary broke the law is completely separate from the question whether or not the government over-"classifies". I wasn't bringing it up to somehow exonerate her, just to allude to the territoriality of government agencies, which speaks to a Former CIA/NSA director weighing in on Apple's, rather than the FBIs, side.
 
  • #365
zoobyshoe said:
I wasn't bringing it up to somehow exonerate her, just to allude to the territoriality of government agencies, which speaks to a Former CIA/NSA director weighing in on Apple's, rather than the FBIs, side.

He's weighing in on Apple's side on back doors in general because that keeps targets using their devices ,storing data and using communications links that can be tracked, intercepted and probed even if the encryption is totally secure on the phone to the FBI. The FBI has gotten lazy with easy access to personal data in domestic communications. They don't want to lose the gift that fell into their laps for the last 10 years. People like the NSA know that's a pipe dream that won't continue.
 
  • #366
nsaspook said:
He's weighing in on Apple's side on back doors in general because that keeps targets using their devices ,storing data and using communications links that can be tracked, intercepted and probed even if the encryption is totally secure on the phone to the FBI.
I'm missing something here. What's the point of tracking, intercepting, and probing if ultimately you still cannot find out what an encrypted communication says?
 
  • #367
zoobyshoe said:
I'm missing something here. What's the point of tracking, intercepting, and probing if ultimately you still cannot find out what an encrypted communication says?

The encryption might be as secure mathematically as Apple could make it but complex electronic systems that implements encryption usually have vulnerability's that can leak information.
 
  • #369
zoobyshoe said:
So much of this is explained in the very first link of the opening post:

Ok just read it, and so far it still just sounds like a big infomercial for the iPhone. Great selling point if you want to do anything illegal. What will they do next give them a deal? (Read with the voice of Vince the shamwow guy) Are tired of those pesky do-gooders trying to ruin your jihad? Is your cell phone easy to crack? How does 252 bit encryption sound? Buy 2 iPhones get a 3rd free and if you act now text 0187 with the key word ka-boom and see our get deals on remote detonators, you have to act now cause we can't do this all day, supplies are limited, this week only. CALL NOW! add sarcasm to taste.
 
  • #370
nsaspook said:
Apple uses its private signing key to authenticate (signed code) the FBI requested software is a valid program for the existing firmware on the phone to install unconditionally if it's also in the correct format. The FBI is not asking for (yet) and does not get the private key, they only get code signed with it. In theory if Apple designed the code to only work with the one phones internal serial or ID key it would be impossible to use it on other phones without altering (changing the hash) of the signed code and invalidating the 'OK to install' authentication.

The above statement is a work of art as far as I am concerned. This is why I think apple has a very high stake in assisting. Its also why it should never create an totally unbreakable encryption (one apple can't even break). Honestly their capabilities in matters of the cyber sort are probably comparable to anything they have in the basement at Langley. And most companies using their own proprietary platforms (not open source) honestly have tighter control and security over there own software not to mention more integrity. What happens when the government confiscates the colonel's secret recipe? According to what I have read seems like it might be coming. Its really not worth them sticking to their guns on it, anyone who looks closely enough will see its bigger than a privacy issue or rights or a products selling point. The only people that really need to worry are criminals, people that have something to hide or politicians. People with power tend to abuse it and that works both ways. This is just an opinion and I do understand why other people don't agree with me. Maybe I been in the line of duty too long.
 
  • #371
gjonesy said:
The only people that really need to worry are criminals, people that have something to hide or politicians
True story: a few months ago I opened my credit card bill and had a complete meltdown when I discovered someone had charged a $450.00 airline ticket to my account.

It's 100% certain they got my credit card number electronically somehow.

The category, "people that have something to hide," includes everyone. Everyone wants to hide their personal information from identity thieves, perverts, cyber-vandals, and stalkers.

The concept of completely secure phones is frustrating to two groups, 1.) law enforcement, and 2.) law breakers: identity thieves, cyber-vandals, stalkers, and perverts.

Another true story: 5 or 6 years ago a woman I know told me how a hacker had bragged to her he could get onto her phone. She dismissed it as idle boasting. Then she got a text from him that included a list of the names and phone numbers of everyone on her phone's contact list, with the message, "Hah hah! I told you I could do it!"
 
  • Like
Likes vela and Dembadon
  • #372
http://www.latimes.com/local/lanow/...one-seek-delay-in-hearing-20160321-story.html
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone," the U.S. attorney wrote in court papers. "Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. set forth in the All Writs Act Order in this case."
 
  • #374
zoobyshoe said:
Yeah. This is very interesting:
http://arstechnica.com/tech-policy/...eak-into-seized-iphone-wants-hearing-vacated/

This what caught my eye.
Apple attorneys also said on the call that the company was engaged in a "constant battle" with those that would attempt to circumvent the company's security flaws. They added that the company hopes to better understand what the supposed vulnerability is, and if the case continues, the firm will insist in court on knowing everything possible about it.

If there is now a public known vulnerability to iPhone security that the FBI uses and is successful in unlocking this phone does the FBI have an responsibility and duty to report that exact method and process to the firm if they insist in court as a future defense from a similar court order?
 
  • #375
nsaspook said:
This what caught my eye.If there is now a public known vulnerability to iPhone security that the FBI uses and is successful in unlocking this phone does the FBI have an responsibility and duty to report that exact method and process to the firm if they insist in court as a future defense from a similar court order?
I think Apple is probably concerned to find out if this hack involves use of a stolen signature. If that were the case, I'm sure they'd have a legal basis to prevent the FBI from using it, and to trace the theft back through the chain to prosecute the thief.
 
  • #377
nsaspook said:
If there is now a public known vulnerability to iPhone security that the FBI uses and is successful in unlocking this phone does the FBI have an responsibility and duty to report that exact method and process to the firm if they insist in court as a future defense from a similar court order?
I can't figure out what you're asking here, but I don't think the FBI has any obligation to report vulnerabilities it finds to any company. It's the company's responsibility to find and fix security holes.

zoobyshoe said:
I think Apple is probably concerned to find out if this hack involves use of a stolen signature. If that were the case, I'm sure they'd have a legal basis to prevent the FBI from using it, and to trace the theft back through the chain to prosecute the thief.
Where are you getting this from? It's much more likely that there's a security hole that Apple may or may not be aware of.

1oldman2 said:
Has this come up anywhere ? not seeing it mentioned yet
http://uk.reuters.com/article/us-apple-encryption-cellebrite-idUKKCN0WP17J
http://arstechnica.com/tech-policy/...helping-fbi-unlock-seized-iphone-report-says/
http://www.zdziarski.com/blog/?p=5966
 
  • #378
gjonesy said:
If apple "can" do it, then its entirely possible someone familiar enough with the software can. I'd almost bet the bureau is working on a plan "B" as we speak. Now I am a novice, but I figured out how to crack a droid. I figured out how to get around certain web filters without using a thumb drive. I have gotten around other things relating to electronic security. Based on my own experience, if apple itself is saying its possible for them, then its possible period. Its Just a matter of time I'm betting.

nsaspook said:
This what caught my eye.If there is now a public known vulnerability to iPhone security that the FBI uses and is successful in unlocking this phone does the FBI have an responsibility and duty to report that exact method and process to the firm if they insist in court as a future defense from a similar court order?

Considering the FBI had to find out how without the aid of apple, and they fought so hard to keep it from them, I wouldn't be surprised if this exploit were made pubic just for spite.

Think I heard that somewhere before.
 
  • #379
vela said:
I can't figure out what you're asking here, but I don't think the FBI has any obligation to report vulnerabilities it finds to any company. It's the company's responsibility to find and fix security holes.

Normally I would say yes "it's the company's responsibility" but this is a legal case (in addition to the equities review process) where the FBI swore in public court papers there was no other way as the justification for that order and now it tells Apple to never-mind. If a security hole/ vulnerability has been found by the government and is used, does the FBI have a responsibility to prove that to Apple by disclosure of the method? Apple can then decide to fix the problem after disclosure.

http://www.bloomberg.com/news/artic...-hacking-iphone-now-tell-apple-how-you-did-it
The FBI’s new tactic may be subject to a relatively new and little-known rule that would require the government to tell Apple about any vulnerability potentially affecting millions of iPhones unless it can show a group of administration officials that there’s a substantial national security need to keep the flaw secret. This process, known as an equities review, was created by the Obama administration to determine if new security flaws should be kept secret or disclosed, and gives the government a specific time frame for alerting companies to the flaws.

https://www.eff.org/files/2015/09/04/document_71_-_vep_ocr.pdf
 
Last edited:
  • #380
Who could the FBI be using to gain access to the phone? Maybe just a coincidence.
https://www.fpds.gov/ezsearch/fpdsportal?amp;templateName=1.4.4&q=cellebrite+CONTRACTING_AGENCY_NAME%3A%22FEDERAL+BUREAU+OF+INVESTIGATION%22+PIID%3A%22DJF161200P0004424%22&sortBy=SIGNED_DATE&s=FPDSNG.COM&indexName=awardfull&desc=Y&&templateName=1.4&indexName=awardfull
 
Last edited:
  • #381
zoobyshoe said:
The category, "people that have something to hide," includes everyone. Everyone wants to hide their personal information from identity thieves, perverts, cyber-vandals, and stalkers.

You know that's why I was arguing the point of apple co-operating with the FBI. IF it was done "in house" and to this 1 single solitary phone there really wouldn't be a security breach or vulnerability exposed publically. Product integrity could have been maintained. Now the FBI has a third party involved, its publically stating that it doesn't need apples help. Now this products security just went in the crapper. Along with so many others. That is why I personally do not store banking or personal information on my phone period.
 
  • #382
I think both parties (Apple, FBI) should have a conversation and work out some sort of compromise. At the moment, I lean toward Apple's side, because of how authoritarian and entitled the FBI has been acting. Apple's refusal is justified as they have only to lose by making their customers feel less secure.
 
  • #383
Derek Francis said:
I think both parties (Apple, FBI) should have a conversation and work out some sort of compromise.

Yeah they should, and should have from the beginning instead of turning this all into a media circus. BUT now there is irretiveable blood in the water an the hackers will be circling.
 
Last edited:
  • #384
nsaspook said:
Who could the FBI be using to gain access to the phone? Maybe just a coincidence.
You got it.

http://www.reuters.com/article/us-apple-encryption-cellebrite-idUSKCN0WP17JJohn McFee said that Apple will be none to happy the way he thinksCellebrite (an Israeli Co.)
http://9to5mac.com/2016/03/23/cellebrite-fbi-iphone-hack/

John McAfee told CNBC that Apple wouldn’t like the method.

“I promise you that [Apple CEO] Tim Cook and Apple are not going to be happy with the solution that the FBI has come up with,” McAfee, the controversial technology executive, told CNBC’s Power Lunch. “Because it is almost as bad as a universal master key.”
 
  • #385
gjonesy said:
Yeah they should, and should have from the beginning instead of turning this all into a media circus. BUT now there is irretiveable blood in the water an the hackers will be circling.

If I were Apple and the FBI said something like "We understand your concerns about your customers' privacy but I also am concerned about security of the world at large. Can we have an in-depth conversation and work out a solution", I would have said "Sure, let's talk".

But seeing as the FBI essentially said "We're entitled, you owe us, give us your data or else, and if you don't comply, **** you", my response would be "**** you too".
 

Similar threads

News Does 'pack journalism' shape the science news we read?
Replies
15
Views
2K
News Who Is to Blame When a Child Enters a Gorilla Exhibit?
Replies
2
Views
2K
News Was the FBI Agent Indicted in the Oregon Standoff Case?
7
Replies
229
Views
21K
News Eye on Americans - the FBI's Database on YOU
3
Replies
81
Views
10K
News A Novel Reform Proposal of the National Election Process
Replies
27
Views
4K
Blind Barber Defies Discrimination: The Inspiring Story of Jim Buist
Replies
3
Views
2K
News Battle for Delegates: Romney vs. Santorum vs. Gingrich vs. Paul
Replies
32
Views
6K
News Justice Department Drops Voter Intimidation Case
Replies
14
Views
4K
News Bush's War against Civil Liberties
2
Replies
43
Views
5K
News Bowman vs Monsanto, genetically modified soybean case
2
Replies
62
Views
11K

Hot Threads

Recent Insights

Back
Top