OT: Apple says screw you law enforcement!

Page 4 of 7  
On 02/22/2016 07:40 AM, Micky wrote:

Hypothetically speaking, were I designing a password validation algorithm, I might include a little pause between iterations, say a second. That wouldn't even be noticeable to the legitimate user. Your brute force algorithm would get through the first billion in about 31 years, give or take.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/22/2016 7:41 PM, rbowman wrote:

I believe the algorithm was chosen so that ADDING a delay is not necessary -- the algorithm's complexity ENSURES that the computations can't be performed "too fast".
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 9:38:59 PM UTC-5, rbowman wrote:

Apple has it and the government court order covers taking those delays out.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
This is NOT about the data on that particular phone. If the govt wants the data on that phone, they probably already have it or have ways to get it without Apple's help. Offer $ 1million and a white hat hacker could do it in a day.
This is about a bigger battle between the govt and high tech.
The govt wants Apple to SUBMIT.
The govt chose this particular case to make an issue becasue the govt thinks they can use this particular case to sway public opinion about giving up more freedoms.
Mark
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 9:16:45 AM UTC-5, snipped-for-privacy@yahoo.com wrote:

According to you and your opinion, of course. Do you really think the govt is going to go into court next week and commit perjury? The court order, what the govt is asking for, is very specific and very limited.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 22 Feb 2016 06:16:41 -0800 (PST), snipped-for-privacy@yahoo.com wrote:

How could they possibly have it? This is not about email or texts sent or received or even the address book, but about other info stored in the phone.

The 10-try limit?

It's easy to say that when neither of us have any idea how to do it.

What trader said about perjury.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 9:37:08 AM UTC-5, Micky wrote:

It's no big secret about how to do it. The phone has a CPU running an OS that includes the pwd checking. Presumably that OS is in a flash memory chip together with the user data. You hook up a logic analyzer to the address and data bus connecting the two. Now you can follow the code that is being executed, disassemble it, see the data being moved to and from memory. You watch which code section gets executed when you attempt a password, figure out how that section of code works, then figure out how to modify the sections you want.
You would also copy the flash memory, either while it's in the phone or else by removing it. Once copied, you now can do the above work on multiple phones, if you screw up, you can replicate it on an unlimited number of new phones, etc. You then replace the OS portion of the flash with your new version and put it into a phone.
Of course all the above is a lot easier and less risky if you have the source code and are sure about how the phone internals actually work. That's why they want Apple to do it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 10:37:06 AM UTC-5, trader_4 wrote:

So you do agree with me, the govt could hack this phone without Apples help as could some number of 17 year old wizzes.
The govt is using this case becasue it involves terrorism to stick it too Apple....
becasue Apple is not cooperating with the govt on other encryption and perhaps tax issues.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 4:53:06 PM UTC-5, snipped-for-privacy@yahoo.com wrote:

Yes, I think the federal govt could do it, but it would be orders of magnitude harder for them to do it, take a lot longer, than if Apple does it. Apple has the code and knows 100% how it works.
I did previously raise the idea of the govt offering $100K to anyone that can show them how to do it and asked how would Apple like that?

I don't see it as "sticking it to Apple" any more than it's sticking it to the phone company with a court order for them to provide assistance to tap a phone, trace calls, determine where a murderer's cell phone is right now, etc.

Tax issue is bogus. Hard to believe there is a vast conspiracy against Apple. But Apple not cooperating on other encryption issues is probably legitimate, to some extent. But, bizarrely, Tim Cook is asking for Congress to get involved, hold a discussion, etc. Congress would have to do a lot more than hold discussions. And there is a good probability that any laws that they do pass, would be far less to Apples liking than the request to do a couple of specific things to this one phone.
Basically, Tim Cook is a big liar. He's making accusations that are totally not in evidence. For example, the govt has even said that Apple can have this one phone, keep it, just do what the govt wants and give the FBI remote access to it to pound away with their passcode attempts. How does that translates into the govt is asking us to build a backdoor into our products?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 22 Feb 2016 07:36:59 -0800 (PST), trader_4

So have you ever done anything like this?

Or this?

Or this?
What do you do for a living?

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Monday, February 22, 2016 at 9:37:31 PM UTC-5, Micky wrote:

I haven't done it to reverse engineer the code, but I've had logic analyzers connected to microprocessors to see what's happening, what code it's executing at the moment, etc. It's very routine. Logic analyzers when told the target CPU can even turn the code into assembly language, so you see the native instructions instead of hex numbers.

Retired now. I'm an electrical engineer, most of my career was with a semiconductor manufacturer that changed the world.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

And wouldn't they do that anyway?

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

my guess is the FBI already has everything they can get off this phone and we are looking at Kubiki theater to lull the guys on the other end into some sense of safety. (meanwhile polishing Apple's image) At least that is it how a smart intelligence agency would handle it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Per snipped-for-privacy@aol.com:

So far, I have not heard anybody observe that if the cops had bent over backwards not to kill the perpetrators and managed to take them alive that they would probably have a lot more information - including the password to the phone.
I would think that there is extremely-high intelligence value in taking people like that alive instead of going along with what seems like their usual wishes to "be martyred".
And I am hearing that being martyred may not be all it's cracked up to be: ========================================================================After getting nailed by the U.S. Seal team, Osama makes his way to the pearly gates.
There, he is greeted by George Washington.
"How dare you attack the nation I helped conceive!" yells Mr. Washington, slapping Osama in the face.
Patrick Henry comes up from behind.
"You wanted to end the Americans' liberty, so they gave you death!" Henry punches Osama on the nose.
James Madison comes up next, and says "This is why I allowed the Federal government to provide for the common defense!" He drops a large weight on Osama's knee.
Osama is subject to similar beatings from John Randolph of Roanoke, James Monroe, and 65 other people who have the same love for liberty and America.
As he writhes on the ground, Thomas Jefferson picks him up to hurl him back toward the gate where he is to be judged.
As Osama awaits his journey to his final very hot destination, he screams "This is not what I was promised!"
An angel replies "I told you there would be 72 Virginians waiting for you. What did you think I said?" ========================================================================
--
Pete Cresswell

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 20 Feb 2016 09:11:26 -0800 (PST), trader_4

All we know is what we've heard in the media. From what I've heard it sounded like to do what the FBI wants Apple would need to rewrite IOS and then "update" that phone with the new version that won't overwrite after 10 attempts. The FBI says "just this phone" but you know it won't end with this phone, there will always be one more phone and then one more after that and another and another.
Once Apple writes the new IOS it WILL wind up "out there" because at some point someone will steal it or the people at apple who wrote the new IOS will sell that knowledge. Once that new IOS gets out it means EVERY stolen apple phone can easily be hacked by anyone who put the new IOS on the phones they steal.
This is not about "encryption", it's about purposely making a reasonably secure OS much insecure against brute force break ins. The current (real) IOS overwrites the phone after 10 failed attempts, the FBI IOS won't overwrite the phone.
There is also the question of why APPLE should be made a slave to work the gvt wants them to do. Apple doesn't own the phone. Apple has no interest in breaking into the phone. Apple's only connection to the phone is that they manufactured it.
Imagine if you were a locksmith who made essentially pick proof locks and the gvt came to you and said there was a house with one of your locks installed on it that they wanted to break into. Do you think the gvt should have the right to tell you that whether or not you wished to pick that lock that YOU DON'T OWN that you must invest your time, labor and smarts to figure out a way to pick your nearly unpickable lock? And if you don't like what they gvt feels like paying your for your effort you can sue them. And that after you have done so your market for your locks will be cut by 30% because new buyers will think "why pay top dollar for what used to be a secure lock when thieves will like steal the newly developed lock pick for it. Instead I'll go buy one that hasn't been shown to be pickable.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Saturday, February 20, 2016 at 8:37:12 PM UTC-5, >>>Ashton Crusher wrote:

That argument doesn't hold much water. The new code in Apples possession isn't much worse than the source code for the existing phones that it was derived from. If that gets out, then hackers can do what the govt is asking Apple to do and a whole lot more. With the source code, it's easy to find the section of code that deals with the 10 strikes, etc. If Apple can protect it's existing OS code, surely they can protect one more derivative.

It's not clear how easy it would be. For starters, to get the new code into the phone likely required removing the flash memory chip, separating the user data from the OS portion, then reloading it with the new OS version. Apple could also remove phone functionality from the new version they produce, so that it would not operate as a normal cell phone, eliminating the possibility of a stolen phone being turned into a working one.

Which is only a problem if that special code version leaves Apples hands. A reasonable compromise would seem to be for the work to only be done at Apple, with the FBI assisting.

The govts argument will be that this isn't much different than the govt, with a warrant, asking a phone company to retrieve all the calls made from a phone. Or asking a bank to pull up all archival records on a bank account. Or asking the phone company to help tap a phone. Or asking Sears to search their records for all the Winchester model xyz rifles they've sold in the last 5 years. Or asking a safe company to help unlock a new safe. All of those require manpower, even more so 50 years ago when it was all done manually.

It would be interesting to see if in the long history of court orders there have been cases like that where the company refused. My guess is that almost all would comply and help law enforcement. Hard to imagine that the govt hasn't gotten help in opening safes for example. Did some refuse, it go to court? IDK. But I agree this one area may be the only leg Apple has to try to stand on. In which case, the govt can simply go back to court and demand Apple give them the source code so they can do the labor part. It's hard to imagine a court is going to find that unreasonable in a terrorism case, involving national security.

It's funny that in the long history of locks, safes, encrypted phones, etc, this is apparently the first time this has come up. If it has, so far no one has a case to site. I'm sure Apple must be desperately searching. My guess is that it hasn't come up before because other companies recognize the need to cooperate with legitimate law enforcement requests and have complied.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
trader_4 wrote:

gain access to the Kernel of Multics OS at USAF academy system which had security rating of B2 something like that. It took 6 months. OS is man made, man can break it no matter what. Just a matter of how difficult it is. I don't know what is highest security rating out there now.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 02/21/2016 08:59 AM, trader_4 wrote:

Apple has a history of compliance. After Snowden alleged Apple was in bed with the NSA the phones popularity dropped in some circles. This may be a grandstand play to recover street cred.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2/21/2016 12:19 PM, rbowman wrote:

I think Apple would welcome the "clarification" that the courts may finally have to provide:
"We do it because we HAVE TO"
or
"We don't do it because we DON'T have to"
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 02/21/2016 12:42 PM, Don Y wrote:

fwiw, I picked up 'The Girl in the Spider's Web' at the library yesterday and Apple gets mentioned as the phone not to have if you're a serious hacker. That must have been a tidbit the author picked up someplace since he seems clueless. Stringing together buzzwords like Linux, root, zero-day, Active Directory, and so forth in an attempt fro realism doesn't work well. Whether the attempt to continue Larsson's series works remains to be seen.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.