AuthorTopic: Judge orders Apple to access iPhone belonging to San Bernadino shooter  (Read 15685 times)

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2719
    • View Profile
    • K-Dog
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #15 on: February 24, 2016, 08:51:31 AM »
Assume (for a moment) that the San Bernardino shootings were in fact sponsored by the deep state to cultivate hatred for Moslems so plans to aggressively redraw the political boundaries of the Middle East garner popular support.  Then info in this cell phone is made up, is part of the plan, and the Apple brouhaha is nothing more than theatre.

Theatre to give any untraceable information revealed validity.  The authenticity of digital bits can't be verified but having to go through complicated layers of security and procedures to extract them will give them the smell of reality.  Paper documents can be examined, x-rayed, and put under a microscope.  Forgeries can be detected.  Not so with digital bits who's authenticity must be taken on faith.

The moment of pretending is over now.  The thought experiment of assuming the San Bernardino shootings are a false flag is finished.  Now go out in the field and chomp on some more grass.

Under ideal conditions of temperature and pressure the organism will grow without limit.

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 34905
    • View Profile
Apple Is Said to Be Trying to Make It Harder to Hack iPhones
« Reply #16 on: February 24, 2016, 05:00:27 PM »
Bottom line: As long as there is a means to reset passwords without the user's permission, you can't have a secure system.  The user has to give up the feature of having the manufacturer be able to reset the password for secure data.

Data could be isolated from the OP system though with a separate password structure, so the phone op system could be updated without violating the security of data held on the phone.

However, trusting any of these companies or Da Goobermint to tell the truth on what is isolated and what is secure is a fool's game.

If you have data you don't want accessed by anyone, do analog encryption with a good cypher.  It's a bit tedious, but it is unbreakable.

RE

http://www.nytimes.com/2016/02/25/technology/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html?_r=0

Apple Is Said to Be Trying to Make It Harder to Hack iPhones

By MATT APUZZO and KATIE BENNERFEB. 24, 2016


New York police officers stood guard during a demonstration outside the Apple store on Fifth Avenue on Tuesday.

WASHINGTON — Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.

If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.

The only way out of this back-and-forth, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.

“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.

Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.

Apple built its recent operating systems to protect customer information. As its chief executive, Timothy D. Cook, wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a password. Apple designed that feature to make it easier to repair malfunctioning phones.

In the San Bernardino case, the F.B.I. wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.

Apple officials alluded to this in a conference call last week when a journalist asked why the company would allow firmware — the software at the heart of the iPhone — to be modified without requiring a user password. One executive replied that it was safe to bet that security would continue to improve, and someone close to the company confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.

Independent experts have offered possible solutions in both public forums and private, informal conversations with the company over the last few weeks. “There are probably 50 different ideas we have all sent to Apple,” said Jonathan Zdziarski, a security researcher.

Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.”

The court order to which Mr. Soghoian referred was issued last week by a federal judge magistrate, and tells Apple to write and install the code sought by the F.B.I. Apple has promised to challenge that order. Its lawyers have until Friday to file its opposition in court.

In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Mr. Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years. After Mr. Snowden revealed how the National Security Agency exploited the company, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.


James B. Comey Jr., director of the F.B.I., said the government is not seeking a skeleton key to iPhones. Credit Drew Angerer for The New York Times

Apple’s showdown with the Justice Department is different in one important way. Now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability. That means engineers will have to design a lock they absolutely cannot break.

The owner of the phone, San Bernardino County gave it's consent to Apple to open the phone. I guess there won't be any repercussions if we...
MDCooks8 4 minutes ago

So as Apple continues to strength encryption, doesn't this send a message that currently there is a way in, that both law enforcement and...
HAL 4 minutes ago

Do you not see what the logical conclusion will be ? If man builds machines that by design man cannot ultimately control, how long will it...

“This is the first time that Apple has been included in their own threat model,” Mr. Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”

The F.B.I. director, James B. Comey Jr., signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete.” He said that supported the government’s argument that it was not seeking a skeleton key to hack all iPhones.

Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break any iPhone. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Mr. Cook said in his letter.

The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the F.B.I. a way to access customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.

While it is generally accepted that Silicon Valley’s tech giants can outgun the government in a technical fight, the companies do face one important limitation. Security features often come at the expense of making products slower or clunkier.

Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the F.B.I. is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily access and recover photos and other information stored there.

“Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Mr. Soghoian said. “A company wants to sell products to the public.”

Matt Apuzzo reported from Washington and Katie Benner from San Francisco.

SAVE AS MANY AS YOU CAN

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #17 on: February 24, 2016, 09:31:09 PM »
If the encryption is done by anybody else other than by you, then the encryption is not secure.  But that needn't be difficult or clunky to use, if the OS is written in the right way.  Linux's LUKS encrypted file system needs a separate password each time the OS is booted, and if it is not given, the unencrypted files are not mounted (not available).  Once the password is entered, the encryption becomes invisible and the unencrypted files become usable in the usual way.

If the password (that unlocks the encryption private keys) is known to anyone else, or is written down, or recorded in a file on the computer or another device, then Governments can ultimately get it and break the encryption.  So it has to be a random string of keyable characters and memorized.

On my keyboard the 94 character set is:
`1234567890-=~!@#$%^&*()_+qwertyuiop[]\QWERTYUIOP{}|asdfghjkl;'ASDFGHJKL:"zxcvbnm,./ZXCVBNM<>?
and I would guess many people wouldn't even know the names of some of those characters, so wouldn't use them.
However all we really want is a string of bits, so considering those bits grouped in 6s, we only need the alphanumeric set:
A-Z, a-z, 0-9

So a string 12 characters long has 62^12 = 3.2262667624e+21 combinations. 
If the NSA could brute-force passwords at the rate of a trillion per second, it would take 149 years to run through them all.  On average, 75 years to get a hit.

<?php
$hash = file_get_contents( "/LUKS/hashed-password" );
$input = "p7Gh4Mk3dE2b";
if(hash_equals($hash, hash(SHA256, base64_decode($input), true))) { print "We're in !"; }
?>

The State is a body of armed men

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 34905
    • View Profile
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #18 on: February 24, 2016, 10:08:57 PM »
I agree with most of what you said except this part:

sable in the usual way.

If the password (that unlocks the encryption private keys) is known to anyone else, or is written down, or recorded in a file on the computer or another device, then Governments can ultimately get it and break the encryption.  So it has to be a random string of keyable characters and memorized.


The fact is you don't have to memorize a string of characters.  You just need to memorize a couple of rules that allow you to generate the same string of characters every time you use those rules.  I can generate a character string with 10100 possibilities with just a couple of rules, and that is not counting jacking in nonsense random characters to the string.

As long as it is you and only you who knows the rules, it is unbreakable.  As soon as tyou pass on the rules to somebody else, your security is highly compromised for numerous reasons, not the least of which is your best friend and most trusted confidant is liekly to spill the beans if he is tortured enough or bribed enough, or both.  So you can't ever use the same passwords and same rules with any trusted confidant, each one has to have a separate set of rules.

To keep all those rules tidy, you need another file only YOU know the password for,again generated in such a way it is one-time-pad compliant and cannot be broken.

You can further layer this by encrypting again the rule sets, so that even if the first layer was broken after 150 years of supercomputer time, they would have to start all over again with the next layer.  Jack in a few thousand nonsense files into the encrypted folder, and the decryptor is in a world of shit.

The big trick here on the analog level is to be able to generate complex passwords that you can decrypt easily if you know the rules.  That's the trick I set up.

RE
SAVE AS MANY AS YOU CAN

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #19 on: February 24, 2016, 10:35:50 PM »
Yes, but all the obfuscation is unnecessary.  You have to remember SOMETHING, and that something has a corresponding number of bits of information associated with it, after all the flim-flam and redundant stuff has been eliminated.  A 12 character alphanumeric string has 72 bits of information.  If your method uses less, then it will be easier to remember, but it won't be as secure.  The hash(SHA256, ...) function has all the obfuscation you need already built into it, no need to add more.
The State is a body of armed men

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 34905
    • View Profile
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #20 on: February 24, 2016, 10:47:26 PM »
Yes, but all the obfuscation is unnecessary.  You have to remember SOMETHING, and that something has a corresponding number of bits of information associated with it, after all the flim-flam and redundant stuff has been eliminated.  A 12 character alphanumeric string has 72 bits of information.  If your method uses less, then it will be easier to remember, but it won't be as secure.  The hash(SHA256, ...) function has all the obfuscation you need already built into it, no need to add more.

How do you eliminate the flim-flam if you have no idea what is flim flam and what is not?

Of course you must remember SOMETHING, the trick is to make the something you have to remember quite easy, but what it generates is exceedingly complex.  A HASH function can do this for you, but it requires a computer to do it.  I am working entirely analog, no digital help at all.  I can encode everything without ever even turning on the computer, and only keyboard in AFTER I have encoded.  It's completely unbreakable, short of torturing me.

RE
SAVE AS MANY AS YOU CAN

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2719
    • View Profile
    • K-Dog
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #21 on: February 25, 2016, 12:24:28 AM »
A personal layer of encryption.

Choose three or more commonly used characters and assign them numbers. Train yourself to translate on the fly something like this.

Grizzly Bears shit in the woods.

By a few simple rules.

Choose 'h-7' 'r-3' and 'i-2' as a representative choice of simple rules.  You pick your own rules and practice using them privately.  Leave no evidence.  You memorize these and use them consistently.

Now if you need a pass-phrase you translate on the fly.

Grizzly Bears shit in the woods.


becomes:

Gr2zzly Bea3s s72t 2n the woods.

Unless someone is watching your keyboard they won't know how to enter your password even if they found

Grizzly Bears shit in the woods.

on a scrap of paper.

A key-logger could expose your rules so the system isn't perfect but all that would do is reduce you to average security.  The same level of security you would have under the same circumstances if you used no rules at all, just the pass phrase.  The procedure adds an extra layer of security as long as you keep the secret of your rules.  A good idea would be to add some rules beyond simple number substitution.

The thought occurs that if you had a comprehensive enough set of rules your original phrase might be well disguised.  It would be difficult to guess and without a copy of the original pass phrase rather difficult to decode.

As a pure system what I am describing is flawed but on top of existing security it provides another layer a snoop would have to deal with.  Someone would have to be highly motivated to learn your secrets which you can effortlessly employ with your memorized rules.
« Last Edit: February 25, 2016, 12:26:29 AM by K-Dog »
Under ideal conditions of temperature and pressure the organism will grow without limit.

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #22 on: February 25, 2016, 12:49:05 AM »
The flim-flam in using alphanumerics as if they were a string of random bits is the fact that 2 bits of the 8 are not being used (always 0).  By passing them thru base64_decode($input, $output) this compacts the data to use all the bits.  It is the number of random bits that gives the degree of difficulty on decryption.

Any paper and pencil method can be programmed to be done on a computer as well.  Doing rule-based manipulations are what computers are really good at, and way more accurate than people.  But they need some input to get started with.  So hash(SHA256, $input) takes all its randomness as $input (a string of random bits) and the manipulations are all standardised, public and well-tested, and have no randomness in them.  There are other hash functions, like hash(SHA-128, ...) but the same kind of thing applies.

So lets call your method hash(RE, ...) and the same thing will apply to it.  You are saying you are "remembering the rule", but really you are applying a generalised rule, with specific rule values plugged in, and those values representing the randomness in the process.   

It is far easier to have all the randomness up front, and all the rules fixed, with no randomness in the rules.  Then you can assess the randomness more easily.

Either way, if the randomness amounts to 10100, which is about 330 bits, then it far too unbreakable, and one way or another you are having to remember too much.  Somehow though, I think your estimate is too high, maybe because your method is so convoluted that its hard to gauge the true randomness of it.  Without the actual rules, I can't say more, but the principle won't change.
The State is a body of armed men

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #23 on: February 25, 2016, 12:54:15 AM »
Quote
Gr2zzly Bea3s s72t 2n the woods.

Er, it that my password?
The State is a body of armed men

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 34905
    • View Profile
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #24 on: February 25, 2016, 04:49:08 AM »
Any paper and pencil method can be programmed to be done on a computer as well.

Of course.  The point of doing your encryption by hand PRIOR to using a computer is there is no way to compromise it.  No keystroke recorder, no remote screen sensor, nada.

Quote
Either way, if the randomness amounts to 10100, which is about 330 bits, then it far too unbreakable, and one way or another you are having to remember too much.  Somehow though, I think your estimate is too high, maybe because your method is so convoluted that its hard to gauge the true randomness of it.  Without the actual rules, I can't say more, but the principle won't change.

No, there is very little I have to remember, I just need to have pencil and paper to be able to do the encoding/decoding.  I can make that process quicker by making my Secret Decoder Device.  ;D  Of course, I then need to destroy my SDD immediately after doing an encoding or decoding, because if found it would simplify (although not reveal) the process of encoding.  In terms of estimating the randomness, you are right that it's hard to do but in terms of possibilities it depends entirely on how long the string is.  With no idea of the rule set, all the computer can do is brute force go through every possibility.  For a 64 character string with 62 choices for each character (upper case, lower case and numbers), that is 6264, or 5 X 10114.  In fact it's more than that because you don't have to use all 64 characters, you have to add in all the possibilities for shorter strings contained within the 64 characters.  I can in fact add in special characters to make an even bigger set, but why bother?  It's already basically unbreakable.

RE
« Last Edit: February 25, 2016, 04:58:54 AM by RE »
SAVE AS MANY AS YOU CAN

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2719
    • View Profile
    • K-Dog
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #25 on: February 25, 2016, 08:07:27 AM »
Quote
Gr2zzly Bea3s s72t 2n the woods.

Er, it that my password?

Yes that is what you would actually type but all you have to remember is 'Grizzly Bears shit in the woods' because you will be so good at making your personal substitutions that you easily make the substitutions as you type using rules not written down or recorded anywhere and which nobody else knows.
Under ideal conditions of temperature and pressure the organism will grow without limit.

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #26 on: February 25, 2016, 01:53:05 PM »
K-dog
If that is an actual example, I think I can tell what your original string was and what the substitution rules were quite easily.  It would only make sense if the original string was itself a random string, and then the substitution rules would be unnecessary.

That makes me think I have misunderstood the nature of the problem you are trying to solve.  One problem is encrypting a string of plaintext, and having someone else decrypt it - OpenPGP (implemented by GPG4USB or Gpa) seems to be the best solution for that.  A second problem is entering a password to match an existing password on file, and creating that password in the first place - this might be the password that protects your OpenPGP private key.
The State is a body of armed men

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #27 on: February 25, 2016, 02:25:36 PM »
Quote
RE: With no idea of the rule set, all the computer can do is brute force go through every possibility

Every possibility of what?  I've lost track of the problem you are trying to solve (if you ever stated it clearly).  Are these "jumbles" examples of what you are talking about, or is that something different?  I am trying to follow you, but you seem to be jumping about, as well as being mysterious, which should be unnecessary (I would have thought).

I'll buy one of your SDDs - you can take the money out of my 'writing on screen' app earnings.
The State is a body of armed men

Online RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 34905
    • View Profile
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #28 on: March 02, 2016, 12:14:38 AM »
As I mentioned, one way to break this system by Brute Force would be through parallel processing, taking Mirror Copies of the hard drive and then running them each through a Supercomputer.

It seems somebody is reading Diner suggestions and now Apple themselves suggested exactly this tactic to the FBI.  ::)

There is little doubt in my mind now that Apple could crack this in an instant, they certainly have the hardware codes for the device to do it. They also now hint their own code can be broken through parallel processing, which the FBI certainly knows how to do, so their protestations they can't break the phone security are also a crock of shit.

This is a total Dog & Pony Show.

RE

http://www.pcworld.com/article/3039743/security/the-fbi-should-try-to-unlock-a-shooters-iphone-without-apples-help-a-lawmaker-says.html

The FBI should try to unlock a shooter's iPhone without Apple's help, a lawmaker says
It may be possible for investigators to make multiple copies of the hard drive on an iPhone used by the San Bernardino mass shooter.
160301 fbi comey   
James Comey, director of the FBI, speaks at a House Judiciary Committee hearing in Washington, D.C., on March 1, 2016. Credit: USG/IDGNS

8Comments
Grant Gross
IDG News Service

    Mar 1, 2016 3:22 PM

The FBI might be able to copy the hard drive of an iPhone used by a mass shooter without triggering the device’s auto-erase functions, thus eliminating the agency’s need to take Apple to court, a company executive said Tuesday.

Instead of forcing Apple to help defeat the iPhone password security that erases the device’s contents after 10 unsuccessful attempts, it may be possible to make hundreds of copies of the hard drive, said Bruce Sewell, Apple’s senior vice president and general counsel.

Apple doesn’t know the condition of the iPhone used by San Bernardino mass shooter Syed Rizwan Farook, so it’s unclear if mirroring the hard drive would work, but it’s possible, Sewell said during a congressional hearing.

The suggestion that the FBI attempt to copy the iPhone’s hard drive first came from Representative Darrell Issa, a California Republican and former car-alarm entrepreneur.

The design of the older model iPhone 5c may allow investigators to remove its hard drive and make multiple copies, Issa said. Investigators could then run 10 password attempts on each copy until they found the correct password, he said.

“The FBI is the premier law enforcement organization, with laboratories that are second to none in the world,” Issa told FBI Director James Comey. “Are you testifying today that you and/or contractors that you employ could not achieve this without demanding that an unwilling partner do it?”

The FBI has explored other options and found none that it believes will work without Apple’s assistance in defeating the password protection, Comey said. “We have engaged all parts of the U.S. government” to find ways to gain access to information on the phone without Apple’s help, he said. “If we could have done this quietly and privately, we would have done it.”

Sewell and Comey both faced tough questions during the hearing, which was focused on the pending court case and on smartphone encryption. Both men largely repeated their talking points from the long-running debate on device encryption, but lawmakers seemed split on whether Apple should honor the FBI’s request and Magistrate Judge Sheri Pym’s Feb. 16 order requiring the company to comply.

Apple has resisted the court order and called for Congress to set encryption policy, but it hasn’t proposed any specific actions, noted Representative Jim Sensenbrenner, a Wisconsin Republican. If Congress acted, it might force Apple to aid in similar investigations.

“I don’t think you’re going to like what’s going to come out of Congress,” Sensenbrenner said. “All you’ve been doing is saying, ‘no, no, no, no.’”

Apple ultimately will follow the law, Sewell said. “What we’re asking for, Congressman, is a debate on this,” he said. “I don’t have a proposal, I don’t have a solution for it, but what I think we need to do is give this an appropriate and fair hearing.”
‘Evidence-free zones’

Critics of Apple’s position suggested the company is ignoring public safety issues.

Apple and Google, by enabling encryption by default on smartphones running their OSes, are, in effect, setting a U.S. policy that values customer privacy over national security and criminal prosecutions, said Cyrus Vance Jr., district attorney for New York County in New York.

Smartphone security and encryption will eventually lead to a serious problem when entire segments of suspects’ lives are shielded from police, Comey told lawmakers.

“I have colleagues and others who are advocating for these evidence-free zones,” added Representative Trey Gowdy, a South Carolina Republican. “There are just going to be compartments of life where [law enforcement agencies] are precluded from going to find evidence of anything ... no matter how compelling the government’s evidence is.”

Several other lawmakers questioned the FBI’s demands, saying a court order requiring Apple to write new code to defeat the phone’s security could lead to hundreds of similar requests. Vance, the New York prosecutor, said his office is now in possession of 205 locked smartphones that could be used as evidence in criminal cases.
"“There’s already a door on that phone,” FBI Director James Comey said. “Essentially, we’re asking Apple, ‘Take the vicious guard dog away, let us pick the lock.’”"

Criminals will find ways to exploit mandated holes in encryption, said Representative Zoe Lofgren, a California Democrat. While the FBI worries about “a world where everything is private, it may be that the alternative is nothing is private,” she said.

During the hearing, Comey acknowledged the FBI made a mistake when it asked San Bernardino County, the owner of the phone, to change the password soon after the mass shooting there in December.
World Tech Update
FBI director admits mistake in San Bernardino iCloud reset   (1:30)

Comey disputed the suggestion that the FBI was asking for an encryption key or a backdoor into the phone. “There’s already a door on that phone,” he said. “Essentially, we’re asking Apple, ‘take the vicious guard dog away, let us pick the lock.’”
SAVE AS MANY AS YOU CAN

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
« Reply #29 on: March 02, 2016, 06:15:58 AM »
Quote
taking Mirror Copies of the hard drive and then running them each through a Supercomputer.

That's just a guess from "a California Republican and former car-alarm entrepreneur", not what Apple says.  We know that apart from the hard drive, there is a TPM chip which holds the phone's hardware ID.  You need both the password AND the ID, AND the algorithm by which they entangled to create the encryption key (an AES key).  And the ID won't be stored in the chip in the clear, it will be hashed somehow.

So there are two brute forces necessary, plus the entanglement algorithm.  Now the FBI must know all that, and yet they can't achieve it.  Suspicious? - not really.

What is suspicious is that this case is a clear-cut Islamic terrorism case (well, seems to be anyway).  It is the perfect case to take to court as a test case.  Once they can get the court to say "yes", it will set a precedent for forcing Apple to break other phones, and Google too.  They might bring the case even if they know the drive contains no useful data.





The State is a body of armed men

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
361 Views
Last post November 17, 2016, 01:16:07 PM
by Palloy
0 Replies
548 Views
Last post November 18, 2016, 02:36:11 PM
by Palloy
0 Replies
183 Views
Last post March 21, 2017, 07:00:24 PM
by Palloy2