a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by mk
mk  ·  3206 days ago  ·  link  ·    ·  parent  ·  post: Apple CEO Tim Cook: "They have asked us to build a backdoor to the iPhone."

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

I don't understand how there is currently no backdoor if building an alternate operating system would permit them access to encrypted data on this individual phone.

It sounds like the actual security at this point doesn't come from strong encryption, but from restrictions around the install of a new iOS. That is, an OS installed by Apple can circumvent encryption on the phone. This would mean that Apple does have a backdoor.

My guess is that a new install can remove the brute force protections.

EDIT: Here is a nice overview that suggests that because it is an iPhone 5C, this is possible, however, it wouldn't be with an iPhone 6.

    If the San Bernardino gunmen had used an iPhone with the Secure Enclave, then there is little to nothing that Apple or the FBI could have done to guess the passcode. However, since the iPhone 5C lacks a Secure Enclave, nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.




veen  ·  3206 days ago  ·  link  ·  

The gist of it is in this part:

    The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The backdoor here isn't Apple giving the NSA the passwords - it's allowing them to hook input up to a brute force system and allow unlimited tries. They still might not guess the password though.

steve  ·  3206 days ago  ·  link  ·  

    That is, an OS installed by Apple can circumvent encryption on the phone. This would mean that Apple does have a backdoor.

    My guess is that a new install can remove the brute force protections.

I don't understand why the FBI is demanding that Apple do this. I feel like if the government wants to hack it - go for it. Hack away. It is not Apple's (or insert any other company here) job to invade people's lives.

I'm pretty happy that Timmy boy is flexing his muscles like this.

kleinbl00  ·  3206 days ago  ·  link  ·  

    Apple was one of the first companies accused of participation in the NSA's PRISM data mining initiative, following Snowden's release of hundreds of classified NSA documents. The PRISM project is said to have involved the extraction of "audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person's movements and contacts over time."

http://appleinsider.com/articles/15/01/21/nsa-leaker-edward-snowden-refuses-to-use-apples-iphone-over-spying-concerns---report

This is Apple not allowing the FBI to do what they've allowed the NSA to do since 2012 or before. Before you get too pat-on-the-back-ey, recognize that they're making a big show of standing up in public when in private they rolled over without so much as a whine.

steve  ·  3206 days ago  ·  link  ·  

    recognize that they're making a big show of standing up in public when in private they rolled over without so much as a whine.

I can relate

I'll take a late change of heart to no change of heart.

Or maybe he's just lying through his teeth and telling the masses what they want to hear whilst secretly stashing the dick pics of college kids everywhere...

I'll hope for the former.

kleinbl00  ·  3206 days ago  ·  link  ·  

I'm siding with "the FBI lacks the leverage the NSA has."

user-inactivated  ·  3206 days ago  ·  link  ·  

Symbolic gestures aren't completely useless.

kingmudsy  ·  3206 days ago  ·  link  ·  

Sure, but I'd rather the symbolic gestures be genuine, rather than Apple trying to save face in front of the public.

As it stands now, I don't trust Apple any more than I did before this post, I just know that they're not selling my privacy this once. It doesn't mean anything when they're already selling it in other ways.

user-inactivated  ·  3206 days ago  ·  link  ·  

You shouldn't trust Apple. You should trust that Apple doesn't want to get caught willingly collaborating with the intelligence community against its users again, as since it has become widely known that American tech companies collaborate with American intelligence agencies customers overseas have been looking for alternatives, as if tech companies in every country didn't collaborate with their countries' intelligence agencies because while you can slam the door in the faces of the guys with all the guns, you can't expect it to work. They put up a token resistance to salvage some of their reputation, but in the process reinforce that this is a thing that should be resisted, and they have a big enough mouthpiece that that isn't nothing.

kingmudsy  ·  3206 days ago  ·  link  ·  

Oh, sorry, I was definitely trying to imply that I don't trust Apple! I apologize if my meaning wasn't clear, I edited the comment to reflect this.

kingmudsy  ·  3206 days ago  ·  link  ·  

Yeah, this whole thing feels like a PR grab. Also, the whole thing with iCloud leaking celebrity nude photos? They might be trying to create a controversy in order to wipe away some of the bad rap they got from that.

_refugee_  ·  3206 days ago  ·  link  ·  

I remember back when they had a canary clause, that was faddish too

alpha0  ·  3205 days ago  ·  link  ·  

> however, it wouldn't be with an iPhone 6.

He didn't make that distinction in his letter.

aside: I don't think secure computing is possible unless you roll your own molecules. (not sure). Ultimately you are doing math when encrypting and the machine may lie to you. The CPU is the ultimate "man" in the middle.

kingmudsy  ·  3206 days ago  ·  link  ·  
This comment has been deleted.