Apple and the FBI password search.....

Discussion in 'Computers' started by buttons, Feb 25, 2016.

  1. buttons

    buttons Funster

    Joined:
    Aug 27, 2009
    Messages:
    12,941
    Likes Received:
    10,708
    Location:
    Hertfordshire
    The FBI and Apple are still in dispute in an attempt for the FBI to gain a killers phone password. I hadn’t realised how secure a phone password was. This must be a learning curve for all criminals who have to hand their phone over to the police. Make sure it is locked before doing so then forget what your password is.

    Do Android and windows have similar password security…..?
     
  2. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    They do but I don't know if the level of security compares to Apple.

    I would imagine probably not because Android is open source and Microsoft's source code gets leaked about twice a week.

    As I posted in another thread on this subject I'm quite surprised the nerds at Fort Meade didn't get hold of the Apple source code and crack it years ago.
     
  3. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    I've just read an article on this case and just because I've got nothing better to do at the moment had a bit of a look at this.

    Apple's encryption standard is AES 256. AES is the Advanced Encryption Standard and 256 means it's 256 bit - the key to decrypt the data is 256 characters long. As far as anyone knows IOS has never been cracked or reverse engineered.

    Android use AES 128 as a standard - the same but the key is only 128 characters - but AES 256 can be used as an option. How often that option is taken I don't know. It also has something called cipher block chaining incorporated. Android is open source so the source code is freely available to anyone who wants it.

    Windows Phone also uses AES 128 but in its basic form and it's not considered very secure: http://www.howtogeek.com/199171/heres-why-windows-8.1s-encryption-doesnt-seem-to-scare-the-fbi/
     
    Last edited: Feb 28, 2016
    • Informative Informative x 2
    • Like Like x 1
  4. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    Also food for thought:

    The FBI are only making a fuss about Apple and web based Google services.

    Does this mean they've already got everything else cracked and so can access all other devices and services at will?
     
    • Like Like x 1
  5. Tootles

    Tootles Funster

    Joined:
    Sep 14, 2013
    Messages:
    8,991
    Likes Received:
    30,887
    Location:
    Lancaster
    I think the FBI are playing the 'Bulls**t' card here. Their trying to say they dont know what this couple were up to?? Encrypted phones or not, they have records of EVERY mobile call made in the US.
     
  6. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    I think what they're saying Dave is that they want to see if there is any useful information on the device - contact details, potential evidence against other people. Things like that.

    I can see where they're coming from but I'm very pleased Apple are refusing to cooperate. Once a backdoor is created it can't be uncreated and the precedent it would set would be a bad one.
     
    • Like Like x 3
  7. Tootles

    Tootles Funster

    Joined:
    Sep 14, 2013
    Messages:
    8,991
    Likes Received:
    30,887
    Location:
    Lancaster
    (y)(y)(y)(y)(y)(y)(y)(y)(y)(y)
     
  8. Geo

    Geo Trader - Funster

    Joined:
    Jul 29, 2007
    Messages:
    9,538
    Likes Received:
    5,589
    Location:
    Mansfield,Notts
    Nothing to do with a bad decision or scruples
    What is at stake here in the backdoor code it's self.;) Who will look after it? with such a high value $ price tag someone somewhere would leak it, then its open house for all
    They recon a team of 20 about a month to write it then its all about the security of it. really?
    they should let me have it, I cant find a post I wrote yesterday:D I can loose coal in a snow ball:eek:
     
  9. sdc77

    sdc77 Funster

    Joined:
    Jan 28, 2013
    Messages:
    2,487
    Likes Received:
    2,895
    Location:
    East london
    Way I see it is .. the fbi are asking apple to take the phone and open it up at their end. . Which they undoubtedly can do.
    Nothing would be compromised and all decrypted data could be handed over to the fbi.
    I think the fbi and courts are justified in asking for this data as it's evidence and therefore should be made available.
    As to wether the fbi already know how to access the phone... maybe they do but aren't going to admit it (as that would be silly).

    It's not a fishing exercise and surely asking for the contents of mass murdering terrorists phones (which were already goverment property) is reasonable when a court agrees.
     
    • Like Like x 4
  10. magicsurfbus

    magicsurfbus Funster

    Joined:
    Oct 11, 2010
    Messages:
    3,503
    Likes Received:
    8,258
    Location:
    NW England
    I saw a BBC article saying Mr MacAfee (of antivirus fame) has offered to decrypt the iPhone in question, although he reckons it may take some time.
     
  11. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,012
    Location:
    UK
    Just as a point of interest, The FBI are not asking apple to crack the encryption or the PIN.

    Basically what happens at the moment is there is a delay between each attempt at the PIN. This increases each time a failure happens.
    The FBI want Apple to remove this delay so they can try the 4 Digit pins as fast as they can and to provide a method for entering pins automatically.

    They also want Apple to disable the feature that permanently erases the phone if incorrect PINs are entered.

    Here is the actually order.

    Apple's reasonable technical assistance shall accomplish the following three important functions:
    (1) it will bypass or disable the auto-erase function whether or not it has been enabled;
    (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and
    (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

    Apple has a number of problems with this the biggest one is "this is a one off". So they spend the man hours creating the software/hardware. They then destroy it. 3 months later it happens again they have to repeat the work. Ad infinitum.

    If they keep the software and the team running. It would be a major target for hackers and other governments. The ongoing cost and responsibility for maintaining the security of the project would be burdensome.

    They also have a problem with the way the order was made. It was done using something called the "All Writs Act" Which was only supposed to be used to fill in gaps in existing legislation not to allow courts to order anything. They are supposed to take the actual law into account and Apple don't feel they have. There is more detail to this, such as the caveats as to when it can be used. Undue cost being one of them.

    Apples full counter claim can be found here. Makes for interesting reading.
    https://assets.documentcloud.org/do...-Vacate-Brief-and-Supporting-Declarations.pdf

    If you think our laws are strange and convoluted you ain't seen nothing until you have watched the American legal system in action......

    If you are interested in this story. ARSTechnica do very good coverage of this, and the comments in the articles are quite good fun at times.

    http://arstechnica.co.uk

    The original request by the FBI is here.
    https://assets.documentcloud.org/documents/2714000/SB-Shooter-MOTION-Seeking-Asst-iPhone.txt


    PS: I got them the wrong way round so had to edit.
     
    • Like Like x 1
  12. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering

    They are asking Apple to modify the OS so that they (the FBI) can brute force it themselves. Once the FBI have a modified OS there's nothing to stop them using it again and again and again. It also sets the precedent and the next thing will be that they demand Apple, and other manufacturers for that matter, give them more modifications that will allow remote access.

    It is absolutely a fishing exercise. The subjects in this case are both dead so there will be no trial or conviction. They want the data on the phone to see if it leads them to other people.
     
  13. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    It wouldn't be destroyed though. The FBI would "accidentally" retain a copy of it and the next time they want to access a phone they can just quietly do it without having to justify their reasons.
     
  14. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,012
    Location:
    UK
    That is not the deal and not how the IOS system works;

    2 points.
    1) Part of the debate Apple are having is where the software would be located. Would apple retain control of it and operate it on behalf of the FBI. Or would the FBI have a single use version of it.
    2) Any software run on an Apple IOS device has to be cryptographically signed. Apple can sign this software in such a manner that it cannot be run on any device except the target one. If the FBI retained a copy it would not run on any other phone except the target device.

    See page 6;
    https://www.apple.com/business/docs/iOS_Security_Guide.pdf
     
  15. Gorse Hill

    Gorse Hill Funster

    Joined:
    Feb 2, 2013
    Messages:
    1,402
    Likes Received:
    1,605
    Location:
    Stretford
    And?
     
  16. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    OK they've asked for single use but on who holds it the wording in the FBI's original motion in your link is

    What they will have if they are provided with this is something that will be a far better starting point to try and reverse engineer to come up with something that isn't "single use"

    Even if they don't manage to do that the precedent will be set for them to demand the same again and again, not just from Apple but all the manufacturers that they haven't already cracked.

    It's a pretty small step from that point to demanding a permanent back door be built into all new operating systems, both mobile and desktop, for their use.
     
  17. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,012
    Location:
    UK
    IT could be your phone, it could be our PM's phone. The could leak it to the CIA who could use it abroad. Eventually it would get out and no one would be safe.

    Thankfully Apple are fighting against it and also see my previous post. It doesn't work like that...
     
  18. NickNic

    NickNic Funster Life Member

    Joined:
    Jan 14, 2014
    Messages:
    5,436
    Likes Received:
    11,125
    Location:
    Kettering
    Yet.......:cautious:
     
  19. John Laidler

    John Laidler Funster

    Joined:
    Jan 9, 2013
    Messages:
    8,576
    Likes Received:
    11,555
    Location:
    Plympton, Devon
    I think Apple should stop being so precious and I suspect in the end they will help the FBI. They probably always intended to, but just have to be seen to be dragged kicking and screaming for the benefit of their image.
     
    • Like Like x 1
  20. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,941
    Likes Received:
    14,012
    Location:
    UK
    No it wont'. Even if they reverse engineer it they can't run it on any other phone. They do not have the ability to replicate Apples cryptographic signing system. It is just not possible with today's technology.

    That is what Apple are fighting against. Read their response as posted in my 1st post on this thread.

    They have tried that and failed. Sorry I keep up with this type of thing as it has a direct impact on my business. If you are curious look up the Clipper chip and the more recent debates on the subject. The latest is that the US Government is in talks with the EFF. This is the first time they have invited experts in that have a broad range of expertise on the subject not just the technical issues.
     
Loading...

Share This Page