Apple and the FBI password search..... (1 Viewer)

Aug 27, 2009
19,788
23,032
Hertfordshire
Funster No
8,178
MH
Van Conversion
Exp
40 years
The FBI and Apple are still in dispute in an attempt for the FBI to gain a killers phone password. I hadn’t realised how secure a phone password was. This must be a learning curve for all criminals who have to hand their phone over to the police. Make sure it is locked before doing so then forget what your password is.

Do Android and windows have similar password security…..?
 
D

Deleted member 29692

Deleted User
They do but I don't know if the level of security compares to Apple.

I would imagine probably not because Android is open source and Microsoft's source code gets leaked about twice a week.

As I posted in another thread on this subject I'm quite surprised the nerds at Fort Meade didn't get hold of the Apple source code and crack it years ago.
 
D

Deleted member 29692

Deleted User
I've just read an article on this case and just because I've got nothing better to do at the moment had a bit of a look at this.

Apple's encryption standard is AES 256. AES is the Advanced Encryption Standard and 256 means it's 256 bit - the key to decrypt the data is 256 characters long. As far as anyone knows IOS has never been cracked or reverse engineered.

Android use AES 128 as a standard - the same but the key is only 128 characters - but AES 256 can be used as an option. How often that option is taken I don't know. It also has something called cipher block chaining incorporated. Android is open source so the source code is freely available to anyone who wants it.

Windows Phone also uses AES 128 but in its basic form and it's not considered very secure: http://www.howtogeek.com/199171/heres-why-windows-8.1s-encryption-doesnt-seem-to-scare-the-fbi/

Subscribers  do not see these advertisements

 
Last edited by a moderator:
D

Deleted member 29692

Deleted User
Also food for thought:

The FBI are only making a fuss about Apple and web based Google services.

Does this mean they've already got everything else cracked and so can access all other devices and services at will?
 

Tootles

Funster
Deceased RIP
Sep 14, 2013
9,511
34,799
Lancaster
Funster No
28,093
MH
Coachbuilt
Exp
Was a newbie, now a Middie.
I think the FBI are playing the 'Bulls**t' card here. Their trying to say they dont know what this couple were up to?? Encrypted phones or not, they have records of EVERY mobile call made in the US.
 
D

Deleted member 29692

Deleted User
I think the FBI are playing the 'Bulls**t' card here. Their trying to say they dont know what this couple were up to?? Encrypted phones or not, they have records of EVERY mobile call made in the US.

I think what they're saying Dave is that they want to see if there is any useful information on the device - contact details, potential evidence against other people. Things like that.

I can see where they're coming from but I'm very pleased Apple are refusing to cooperate. Once a backdoor is created it can't be uncreated and the precedent it would set would be a bad one.

Subscribers  do not see these advertisements

 

Tootles

Funster
Deceased RIP
Sep 14, 2013
9,511
34,799
Lancaster
Funster No
28,093
MH
Coachbuilt
Exp
Was a newbie, now a Middie.
I can see where they're coming from but I'm very pleased Apple are refusing to cooperate. Once a backdoor is created it can't be uncreated and the precedent it would set would be a bad one.
(y)(y)(y)(y)(y)(y)(y)(y)(y)(y)
 

Geo

Trader - Funster
Jul 29, 2007
11,757
14,563
Mansfield,Notts
Funster No
35
MH
Autotrail Tracker FB
Exp
45 +years with breaks
Nothing to do with a bad decision or scruples
What is at stake here in the backdoor code it's self.;) Who will look after it? with such a high value $ price tag someone somewhere would leak it, then its open house for all
They recon a team of 20 about a month to write it then its all about the security of it. really?
they should let me have it, I cant find a post I wrote yesterday:D I can loose coal in a snow ball:eek:
 

sdc77

Free Member
Jan 28, 2013
3,244
4,550
Weardale, Co Durham
Funster No
24,456
MH
Coachbuilt
Exp
since 2011
Way I see it is .. the fbi are asking apple to take the phone and open it up at their end. . Which they undoubtedly can do.
Nothing would be compromised and all decrypted data could be handed over to the fbi.
I think the fbi and courts are justified in asking for this data as it's evidence and therefore should be made available.
As to wether the fbi already know how to access the phone... maybe they do but aren't going to admit it (as that would be silly).

It's not a fishing exercise and surely asking for the contents of mass murdering terrorists phones (which were already goverment property) is reasonable when a court agrees.

Subscribers  do not see these advertisements

 

magicsurfbus

Free Member
Oct 11, 2010
4,673
10,127
NW England
Funster No
14,057
MH
Bessacarr Coachbuilt
Exp
Since 1997
I saw a BBC article saying Mr MacAfee (of antivirus fame) has offered to decrypt the iPhone in question, although he reckons it may take some time.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Just as a point of interest, The FBI are not asking apple to crack the encryption or the PIN.

Basically what happens at the moment is there is a delay between each attempt at the PIN. This increases each time a failure happens.
The FBI want Apple to remove this delay so they can try the 4 Digit pins as fast as they can and to provide a method for entering pins automatically.

They also want Apple to disable the feature that permanently erases the phone if incorrect PINs are entered.

Here is the actually order.

Apple's reasonable technical assistance shall accomplish the following three important functions:
(1) it will bypass or disable the auto-erase function whether or not it has been enabled;
(2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and
(3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

Apple has a number of problems with this the biggest one is "this is a one off". So they spend the man hours creating the software/hardware. They then destroy it. 3 months later it happens again they have to repeat the work. Ad infinitum.

If they keep the software and the team running. It would be a major target for hackers and other governments. The ongoing cost and responsibility for maintaining the security of the project would be burdensome.

They also have a problem with the way the order was made. It was done using something called the "All Writs Act" Which was only supposed to be used to fill in gaps in existing legislation not to allow courts to order anything. They are supposed to take the actual law into account and Apple don't feel they have. There is more detail to this, such as the caveats as to when it can be used. Undue cost being one of them.

Apples full counter claim can be found here. Makes for interesting reading.
https://assets.documentcloud.org/do...-Vacate-Brief-and-Supporting-Declarations.pdf

If you think our laws are strange and convoluted you ain't seen nothing until you have watched the American legal system in action......

If you are interested in this story. ARSTechnica do very good coverage of this, and the comments in the articles are quite good fun at times.

http://arstechnica.co.uk

The original request by the FBI is here.
https://assets.documentcloud.org/documents/2714000/SB-Shooter-MOTION-Seeking-Asst-iPhone.txt


PS: I got them the wrong way round so had to edit.
 
D

Deleted member 29692

Deleted User
Way I see it is .. the fbi are asking apple to take the phone and open it up at their end. . Which they undoubtedly can do.
Nothing would be compromised and all decrypted data could be handed over to the fbi.
I think the fbi and courts are justified in asking for this data as it's evidence and therefore should be made available.
As to wether the fbi already know how to access the phone... maybe they do but aren't going to admit it (as that would be silly).

It's not a fishing exercise and surely asking for the contents of mass murdering terrorists phones (which were already goverment property) is reasonable when a court agrees.


They are asking Apple to modify the OS so that they (the FBI) can brute force it themselves. Once the FBI have a modified OS there's nothing to stop them using it again and again and again. It also sets the precedent and the next thing will be that they demand Apple, and other manufacturers for that matter, give them more modifications that will allow remote access.

It is absolutely a fishing exercise. The subjects in this case are both dead so there will be no trial or conviction. They want the data on the phone to see if it leads them to other people.

Subscribers  do not see these advertisements

 
D

Deleted member 29692

Deleted User
Apple has a number of problems with this the biggest one is "this is a one off". So they spend the man hours creating the software/hardware. They then destroy it. 3 months later it happens again they have to repeat the work. Ad infinitum.

It wouldn't be destroyed though. The FBI would "accidentally" retain a copy of it and the next time they want to access a phone they can just quietly do it without having to justify their reasons.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
It wouldn't be destroyed though. The FBI would "accidentally" retain a copy of it and the next time they want to access a phone they can just quietly do it without having to justify their reasons.
That is not the deal and not how the IOS system works;

2 points.
1) Part of the debate Apple are having is where the software would be located. Would apple retain control of it and operate it on behalf of the FBI. Or would the FBI have a single use version of it.
2) Any software run on an Apple IOS device has to be cryptographically signed. Apple can sign this software in such a manner that it cannot be run on any device except the target one. If the FBI retained a copy it would not run on any other phone except the target device.

See page 6;
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
 

Gorse Hill

Free Member
Feb 2, 2013
2,364
1,944
Stretford
Funster No
24,533
MH
Burnster Ixeo IT 734
Exp
2000
It wouldn't be destroyed though. The FBI would "accidentally" retain a copy of it and the next time they want to access a phone they can just quietly do it without having to justify their reasons.
And?

Subscribers  do not see these advertisements

 
D

Deleted member 29692

Deleted User
That is not the deal and not how the IOS system works;

2 points.
1) Part of the debate Apple are having is where the software would be located. Would apple retain control of it and operate it on behalf of the FBI. Or would the FBI have a single use version of it.
2) Any software run on an Apple IOS device has to be cryptographically signed. Apple can sign this software in such a manner that it cannot be run on any device except the target one. If the FBI retained a copy it would not run on any other phone except the target device.

OK they've asked for single use but on who holds it the wording in the FBI's original motion in your link is

the government requests that Apple be ordered to provide
the FBI
with a custom signed iPhone Software file, recovery
bundle, or other Software Image File that can be loaded onto

the SUBJECT DEVICE

What they will have if they are provided with this is something that will be a far better starting point to try and reverse engineer to come up with something that isn't "single use"

Even if they don't manage to do that the precedent will be set for them to demand the same again and again, not just from Apple but all the manufacturers that they haven't already cracked.

It's a pretty small step from that point to demanding a permanent back door be built into all new operating systems, both mobile and desktop, for their use.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
IT could be your phone, it could be our PM's phone. The could leak it to the CIA who could use it abroad. Eventually it would get out and no one would be safe.

Thankfully Apple are fighting against it and also see my previous post. It doesn't work like that...
 

DBK

LIFE MEMBER
Jan 9, 2013
17,969
47,804
Plympton, Devon
Funster No
24,219
MH
PVC, Murvi Morocco
Exp
2013
I think Apple should stop being so precious and I suspect in the end they will help the FBI. They probably always intended to, but just have to be seen to be dragged kicking and screaming for the benefit of their image.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
OK they've asked for single use but on who holds it the wording in the FBI's original motion in your link is
What they will have if they are provided with this is something that will be a far better starting point to try and reverse engineer to come up with something that isn't "single use"
No it wont'. Even if they reverse engineer it they can't run it on any other phone. They do not have the ability to replicate Apples cryptographic signing system. It is just not possible with today's technology.

Even if they don't manage to do that the precedent will be set for them to demand the same again and again, not just from Apple but all the manufacturers that they haven't already cracked.
That is what Apple are fighting against. Read their response as posted in my 1st post on this thread.

It's a pretty small step from that point to demanding a permanent back door be built into all new operating systems, both mobile and desktop, for their use.
They have tried that and failed. Sorry I keep up with this type of thing as it has a direct impact on my business. If you are curious look up the Clipper chip and the more recent debates on the subject. The latest is that the US Government is in talks with the EFF. This is the first time they have invited experts in that have a broad range of expertise on the subject not just the technical issues.
 

Gorse Hill

Free Member
Feb 2, 2013
2,364
1,944
Stretford
Funster No
24,533
MH
Burnster Ixeo IT 734
Exp
2000
IT could be your phone, it could be our PM's phone. The could leak it to the CIA who could use it abroad. Eventually it would get out and no one would be safe.

Thankfully Apple are fighting against it and also see my previous post. It doesn't work like that...
Valid points, however personally I would prefer the FBI have the ability to counter the massive threat from ISIL to everyone around the world and all criminal activity
CMD shouldn't have or discuss anything of national security on his phone, in fact is the Internet not a far bigger worry to international security

Subscribers  do not see these advertisements

 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Yet.......:cautious:
Not now, not every. If you don't know why read up on public key encryption. You only have to read up on PGP's history to know how scared the security services are about this. Properly implemented public key encryption is unhackable hence this whole debate.

I think Apple should stop being so precious and I suspect in the end they will help the FBI They probably always intended to, but just have to be seen to be dragged kicking and screaming for the benefit of their image.
Read up on the politics behinds this. Apple have a lot of legal, moral and ethical reason to resist this order. I am probably the least supportive of Apple that it is possible to be. I hate them as a company, I hate their operating practices. However on this they are correct.
 
D

Deleted member 29692

Deleted User
I think Apple should stop being so precious and I suspect in the end they will help the FBI. They probably always intended to, but just have to be seen to be dragged kicking and screaming for the benefit of their image.

They aren't being precious. They are defending a principle of online privacy. Once that's gone the rules for when the process can be used will get broader and broader.

If Apple wanted to help they could have done quietly, after the first phone call, with no publicity whatsoever and nobody would have any idea that it had happened.

The wouldn't have needed to be seen "dragged kicking and screaming" anywhere.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
Valid points, however personally I would prefer the FBI have the ability to counter the massive threat from ISIL to everyone around the world
CMD shouldn't have or discuss anything of national security on his phone, in fact is the Internet not a far bigger worry to international security

It is a bigger issue than just FBI vs Terrorists.

Our commerce system rely on cryptography, from you logging into your bank online to the data on your debit/credit card.

If we start putting back doors into systems for the government it won't be long before bad actors have access to the same facilities. The governement in effect wants to tell all companies to leave a key under the door mat so they can check if anyone is involved in terrorism. The problem is that those back doors never stay hidden forever.

The balance between security from terrorism vs the security from unwarrented government snooping and bad actors should be a tough one. But to be honest I have not seen any evidence that it would make us safer, in fact I have seen evidence to the opposite. I am pretty right wing in my views on crime and punishment. But making us less secure so we can be more secure is not a good argument to give the government unfettered access to our data.

Also, the second these backdoors are forced on companies, the terrorists would stop using them. They would use their own implementation of public key encryption which is freely available. So we would be less secure and the terrorists would still have encrypted communications. Look up end to end encryption if you don't believe me.

Subscribers  do not see these advertisements

 

DBK

LIFE MEMBER
Jan 9, 2013
17,969
47,804
Plympton, Devon
Funster No
24,219
MH
PVC, Murvi Morocco
Exp
2013
They aren't being precious. They are defending a principle of online privacy. Once that's gone the rules for when the process can be used will get broader and broader.

If Apple wanted to help they could have done quietly, after the first phone call, with no publicity whatsoever and nobody would have any idea that it had happened.

The wouldn't have needed to be seen "dragged kicking and screaming" anywhere.
We'll have to agree to differ. :) If you put online privacy on one side of the scales and fighting terrorism on the other then in my mind the privacy argument carries no weight whatsoever.
 
D

Deleted member 29692

Deleted User
We'll have to agree to differ. :) If you put online privacy on one side of the scales and fighting terrorism on the other then in my mind the privacy argument carries no weight whatsoever.

What about when a government decides to use this technology against people other than terrorists, perhaps against their political opponents in the run up to an election? How about when they decide to go after a journalist that happens to be causing them problems?

Will the argument still carry no weight then?
 
D

Deleted member 29692

Deleted User
Not now, not every. If you don't know why read up on public key encryption. You only have to read up on PGP's history to know how scared the security services are about this. Properly implemented public key encryption is unhackable hence this whole debate.

I know the basics of how it works but don't by any means claim to be an expert.

It's the possibility of deliberate less than proper implementation that concerns me. It may not be very likely but it is possible and if it happened we would never know.

Subscribers  do not see these advertisements

 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
I know the basics of how it works but don't by any means claim to be an expert.

It's the possibility of deliberate less than proper implementation that concerns me. It may not be very likely but it is possible and if it happened we would never know.

Apples implementation is very good. They have a custom chip which handles a lot of it. Not even apple knows the UID of a device. See page 7
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
We'll have to agree to differ. :) If you put online privacy on one side of the scales and fighting terrorism on the other then in my mind the privacy argument carries no weight whatsoever.
This is not just about privacy though it is about security. If the government has back doors without warrants then this will eventually escape. At which point the bad guys also have access to the back door. In addition the terrorists will just stop using commercial products and roll their own. You can download GPG including the source code and make your own in a matter of minutes.
 
Feb 27, 2011
14,670
74,876
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
PS: I just created a text file, encrypted and signed it using gpg and posted it to my website.

http://www.gray.me.uk/gpg/test.txt

This is what encrypted text looks like. I used 4096 bit RSA/DSA encryption which is uncrackable currently.

The only person who can read this is a person called "Test user" who MUST have the private key in their possession and also knows the password to unlock that key. The password for that key is 32 characters long.

This is what terrorists can do if they want to very quickly and very easily. If you put a back door in Apple and Android and SSL. All that happens is the terrorists use another tool like this one. The downside is the government can snoop on anyone it wants to, including their opposition or anyone that disagrees with them. We would lose trust in online commerce and banking would be put at risk.....

Subscribers  do not see these advertisements

 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Latest journal entries

Funsters who are viewing this thread

Back
Top