snopes.com

snopes.com (http://message.snopes.com/index.php)
-   Moot Court (http://message.snopes.com/forumdisplay.php?f=65)
-   -   Tim Cook Says Apple Will Fight Court Order to Unlock iPhone (http://message.snopes.com/showthread.php?t=93528)

E. Q. Taft 17 February 2016 04:00 PM

Tim Cook Says Apple Will Fight Court Order to Unlock iPhone
 
Last night, A CALIFORNIA COURT ordered Apple to assist the FBI in hacking an iPhone. Itís an unprecedented request, one with potentially huge repercussions for the privacy and security of every Apple customer. This morning, Apple CEO Tim Cook posted an impassioned defense of encryption, and signaled the legal battles to come.

http://www.wired.com/2016/02/tim-coo...ryption-order/

Full text of the statement by Apple here:

http://www.apple.com/customer-letter/

thorny locust 17 February 2016 05:07 PM

I had wondered whether a workaround might be for them to hand the phone to Apple and say "Unlock this phone for us, but don't tell us how you did it" (presumably in the presence of somebody authorized to testify to continued physical custody of the phone, and to testify to exactly who was allowed to work on it.)

However, if I'm understanding this right (as I'm neither a cryptologist nor any sort of IT person, I might well not be) that wouldn't really solve the problem: because, even presuming Apple can figure out how to do this, the people who figured it out would then have the knowledge, and can't be automatically trusted with it any more than the government can.

GenYus234 17 February 2016 05:48 PM

I don't think it is so much that the people who did it would have the knowledge. The people who would create the tool are probably the ones that created the encryption in the first place so they already have the knowledge. It is more of a genie in a bottle thing. It would be much easier to steal the existing backdoor OS than it would be to create one.

TallGeekyGirl 17 February 2016 05:54 PM

Donald Trump: Apple should hack San Bernardino shooter phone
 
Quote:

"But to think that Apple won't allow us to get into her cell phone," Trump continued, "who do they think they are? No, we have to open it up."

http://www.cnn.com/2016/02/17/politi...ate/index.html

E. Q. Taft 17 February 2016 06:24 PM

The reasoning I'm seeing (and I don't have enough technical savvy to be positive on the details) is that they would essentially have to create a new version of the OS that allowed for the the encryption to be bypassed (or brute-forced into submission), and that once that OS version existed, there would be all sorts of potential for abuse, both by the government and by criminal hackers.

I'm not quite so sure. What the judge's order asks for seems very specific to the particular phone in question. But I don't know enough about how the security works to know if a work-around would necessarily be generally applicable to other phones.

GenYus234 17 February 2016 06:33 PM

According to the story, what the FBI wants is a new version of iOS that doesn't block brute-force attacks. Any Apple device that was capable of running the iOS that is on Tashfeen Malik's phone would be vulnerable to the backdoor iOS.

It would be possible to make the backdoor iOS so it only runs on a device with a specific serial number, but that kind of security would be easier to defeat. Apple has spend a long time on the current security features in the iOS, any "quick and dirty" iOS is going to be significantly less secure.

WildaBeast 17 February 2016 06:40 PM

One thing I don't understand is how they intend to install this new version of the OS on the phone without the passcode. IIRC, my iPhone requires the passcode to be entered before it will install an OS update. So how are they going to get this new OS that bypasses the passcode onto the phone without that passcode? I guess they must have a way to do it or they wouldn't be asking for it, but aren't publicizing it for obvious reasons.

GenYus234 17 February 2016 06:58 PM

I would guess that mobile phones use a type of chip called an EEPROM (Electronically Erasable Programmable Read-Only Memory) for the OS. Basically, with such a chip, you send it an electronic signal and the chip contents are erased. Then you send the data you want on the chip and it stores that new data. That would be how the phone's OS would be installed in the first place at the factory. With physical access to the phone, a similar process would be performed again to put the new OS on it.

The only issue would be if the phone's user memory is separate from the OS memory so that Apple could flash the OS memory without wiping the user memory. I don't know enough about Apple devices or mobile phone systems in general to do more than guess.

WildaBeast 17 February 2016 07:25 PM

Now I'm embarrassed that I didn't think of that given that I did study electrical engineering and know exactly what an EEPROM is.

GenYus234 17 February 2016 08:32 PM

Sorry to have inadvertently condescended.

ganzfeld 18 February 2016 03:44 AM

That's what jail breaking is but the feds could do that themselves. All the data on the phone is encrypted so it needs to be decrypted and just jailbreaking the OS can't help there. They need the key from the secure enclave, which the OS won't give them without the correct passcode. They can't overwrite the OS without a valid Apple signature. Apple's point is that they can't give the feds a way to break that specific phone without giving them a way to access all phones. (If someone used a good, long passcode, however, I don't see how this brute force hack would work. Maybe the authorities have some reason to believe it's just a four number pin?)

E. Q. Taft 18 February 2016 05:35 AM

This article explains (apparently) some of the details behind this. The author believes Apple could create the software and restrict it to working on just this phone.

http://www.pbs.org/newshour/making-s...and-seriously/

ganzfeld 18 February 2016 06:07 AM

I think that must be the wrong link, EQT.

If Apple had possession of the phone that might be possible. They don't have it (and I presume they don't want it). They very painstakingly constructed the iPhone system so that they would not be able to do this even if they wanted to. What they're being asked to do is to make a new system that allows not Apple but the authorities to do this. So the whole point of making a system that protects their users from Apple themselves is gone. Even if the they could (I seriously doubt it) do this for one specific phone without possession of the phone, what's to stop the authorities from getting them to to it again every time they want it?

Those lawmakers who are willing to stand up so vocally for the right to bear arms should be ashamed of themselves not to stand up to the right of American companies to give their customers the ability to protect their own data with strong, unbroken encryption - which used to be classified as arms. If they were going after an arms manufacturer to make sure that every one of their weapons could be deactivated upon a whim, who would support this kind of nonsense? I don't think it should be classified as munitions again; That was a mistake. But it certainly deserves the same protection under the law. If they continue doing this, it's really going to hurt American businesses. Encryption is not that hard and a lot of customers who aren't doing anything illegal are going to avoid companies that aren't doing what Apple is doing on their phones.

erwins 18 February 2016 06:39 AM

Supposedly, the phone would be in Apple's possession.

This article claims that it is technically possible, but that FBI claims that it would apply only to the one phone are clearly wrong.

http://mashable.com/2016/02/17/how-a.../#nRIuoKzjZZqn

I think it would be a pretty significant precedent if Apple is forced to do this. Even the existence of the method for breaking into the phone would devalue the company's products. Requiring Apple to create the code is commandeering the company. And most importantly, if the FBI can force Apple to do this once, then what is to stop any other court in any other country from forcing them to do it whenever there is a phone they want to access?

ganzfeld 18 February 2016 06:50 AM

Quote:

Originally Posted by erwins (Post 1907304)
Supposedly, the phone would be in Apple's possession.

Where did you see that, erwins?

ETA - I'm looking at the document and it clearly asks Apple to give them a software "bundle" to do what they want. I don't see where they offer to let Apple have the phone, though the docs may leave that as a possibility. (Not sure how that would be possible and still maintain the authorities' explicitly stated burden of maintaining the evidence, though.)

erwins 18 February 2016 07:46 AM

Bottom of page 2 of the order, and page 3 say that Apple could provide the SIF to the FBI or load it at an Apple facility, and that if the phone were at an Apple facility, Apple would have to provide the FBI with remote access to it for their passcode entries. Page 3 also says that if Apple has an alternative proposal for how to do it, they can ask. If they were to comply at all, I would very much expect Apple to require direct access to the phone in order to minimize the possibilities of the software getting out.

Chain of custody would not require that the phone remain in FBI hands at all times.

ganzfeld 18 February 2016 09:24 AM

OK, I see everything except the "supposedly". ;)

erwins 18 February 2016 09:34 AM

Yes, that was a poor word choice. More like, presumably. I think if they were forced to comply (which I think is unlikely, but possible) they would be allowed protections like strictly controlling the software and hardware used to accomplish the task. So I think it's likely that they would require that the phone be turned over to them if they had to do it.

NobleHunter 18 February 2016 03:07 PM

Quote:

Originally Posted by ganzfeld (Post 1907291)
That's what jail breaking is but the feds could do that themselves. All the data on the phone is encrypted so it needs to be decrypted and just jailbreaking the OS can't help there. They need the key from the secure enclave, which the OS won't give them without the correct passcode. They can't overwrite the OS without a valid Apple signature. Apple's point is that they can't give the feds a way to break that specific phone without giving them a way to access all phones. (If someone used a good, long passcode, however, I don't see how this brute force hack would work. Maybe the authorities have some reason to believe it's just a four number pin?)

The phone in question is a 5C which predates the secure enclave design. The FBI wants Apple to kill the 10 try limit and the 5 second wait. I think they're betting that most people use a 4 digit code by default. Though I would be amused if they fought out a long, protracted court battle just to get the ability to spend a million years trying to crack the passcode.

ganzfeld 18 February 2016 03:19 PM

Oops. I meant the hardware embedded key store which, unless I'm mistaken again, the 5C does have.


All times are GMT. The time now is 01:03 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.