Someone help me out with this whole Apple versus FBI thing

[G+_Ronald Stepp]

Someone help me out with this whole Apple versus FBI thing.

 

The FBI says it wants Apple to create some way for them to unlock the phone, either writing new firmware, creating some kind of "key," whatever the hell that means..  no no not a backdoor, anything but that.

 

So my problem is... if the phone is locked, un-accessible, can't be looked at no matter what the FBI does, impervious to getting anything off of it...

 

.....how the heck is Apple supposed to have enough access to change the OS on it or the firmware or using a "key" without bricking the phone or wiping the data??????

 

If there really is that kind of access at the hardware level to even the manufacturer of the phone, then what the hell is the issue?  Is it "Locked" or is it NOT "Locked?"

[G+_Dan Hockey]

If it has a JTAG port they can do what they want. Then Apple isn't needed and this whole thing is nothing more than a media circus to get people to give up more of their privicy in the name of security.

[G+_610GARAGE]

You usually have two different storage systems. One is for the os/bootloader and the other is for the user data. The FBI wants apple to upload custom firmware to the os storage so that they can brute force the encrypted data on the user storage.

 

Basicly, the firmware is not encrypted, but the data is.

[G+_Ronald Stepp]

610bob roger that, in which case I have to ask myself.. doesn't that kind of access pretty much render the phone unsecure if one can do that without violating the integrity of the encrypted data?  Partly rhetorical, I just thought that at the point where you have locked the phone you shouldn't be able to "reverse engineer" the data off the phone.

 

Thanks for the response to everyone.

[G+_Brian Moses]

Apple, FBI, and the Burden of Forensic Methodology

 http://www.zdziarski.com/blog/?p=5645

[G+_Joshua Hamlett]

Basically, there are two problems with what the FBI is asking.

1. They are overreaching a bit to legally require Apple's help with this beyond what Apple has already freely given.

2. The end result would be dangerous. The FBI says that they will only use this to hack this one phone. But will it stop there? If Snowden showed us anything, the Government is not on our side when it comes to personal digital security and privacy. It is almost guaranteed that it will be used again, and not necessarily on a known terrorist's phone.

 

Following along that line, what is to keep hackers from getting a hold of this software once created and using it to defeat the encryption businesses and individuals alike depend on?

[G+_Jason howe]

Sorry employer locked the phone up to employer to unlock it..

Assuming tech support didn't loose the pass mysteriously either that the cops changed the access codes... To stiff the federal business of intimidation ...

[G+_Ben Reese]

I believe a random key is generated to encrypt the data, then the pin is used to encrypt the key. The key is stored in hardware and can't be extracted without the proper pin. It's somewhat reasonable to try cracking the 10,000 possibilities of the pin, but not the billions of possibilities for random pin.

 

The OS controls how many attempts and how long between attempts, so the FBI wants a flashable OS that removes those limits. With 10 try limit, brute force is impossible. With the 5 sec delay between tries, brute force will take a long time. Removing both makes cracking easy and fast.

 

With this recent soft brick from replaced home buttons, it shows that the OS can be updated over USB - possibly without unlocking the phone. The FBI wants Apple to create an OS that makes hacking easy.

[G+_Ben Reese]

Moral of the story: change your 4 digit pin to a 10+ character alphanumeric password.

[G+_Donald Weller]

Ben Reese And they claim they just want to use the trick on this one phone. Apple is smarter than that in that they know that that is a lie. once created it will be used all the time even when not appropriate.

[G+_Steve Martin]

So to clarify a few misconceptions here.

 

Yes, the FBI wants Apple to modify the OS so that they can use as many attempts as they want to guess the key without erasing the data.

 

They also want the delay removed so they can try pins as fast as the hardware can allow.

 

They want Apple to apply the new firmware with Apple's own key which the FBI won't be allows to have. This way the FBI cannot take this firmware and put it on another device. It really will be one and done. Unless Apple itself leaks the firmware and keys.

 

The company that owns the phone did not use mobile management. So they cannot unlock the phone. However, they have given the FBI permission to unlock it since it is their phone and not the employees. Not installing Management software on their phones was obviously a mistake.

 

Since the shooter destroyed all of his other phones and computers, it has been argued that there probably isn't much on this phone that he was worried about. However, the FBI obviously wants to confirm that.

[G+_Donald Weller]

Problem is once they do it the FBI will ask again and again and again.

[G+_Steve Martin]

Donald Weller Yes, and that's how it is supposed to be. This isn't someone who crossed the street illegally. This is a murderer. The owner of the phone, the employer, has given their permission.

 

The FBI has the right to search the data if they can get a court order/search warrant. They did that. They've done what they have to do legally.

 

This is how the US Legal System works. Law enforcement gets enough evidence to warrant a court order. They then can do what they need to do.

 

Apple has been getting these kinds of court orders again and again in the past. And have always complied with them. This situation is just a technological step further down that road.

 

BTW, I'm not taking sides, I'm just clarifying the facts.

[G+_Donald Weller]

Yes they did that. And Apple is saying no we will not make it easy for you. Largely because then they get stuck perpetually doing it. Part of the reason Apple shut down their ability to do this is because they ended up with this huge backlog of law enforcement requests. To the point that they said no we can't do it anymore.

[G+_Ronald Stepp]

Steve Martin but in the case of FBI/Apple, Apple has to have the capability to get the data, not reverse engineer their own product to make it weaker and also open the door world-wide to similar requests by regimes like China who want to see "just that one

dissidents" phone unlocked.

 

There's a bigger moral issue at stake here than being able to "just unlock one guys work phone" which may or may not have anything more incriminating than their personal phones, which there were awfully careful to destroy.. wonder why they weren't worried about the phone the FBI has?

[G+_Jason howe]

Yup if it's anything like yahoos security it locks the account for 24/48 hours before you can rest anything

[G+_Steve Martin]

Ronald Stepp I agree with you, btw.

 

In the end I suspect Apple will be compelled to make the changes the FBI has requested. Apple can't afford to have it's CEO in jail, or face sanctions against selling their phones. Both of which seem to be very real outcomes if the court decides to get pushy.

 

It seems unlikely that the FBI will back down. Unless they want to lose the fight so they can get Congress to make laws to help them going forward. They could use the loss of this battle to argue that in Congress I suspect.

 

This is a long long way from being resolved.

[G+_Ronald Stepp]

You can't throw someone in jail for refusing to invent new technology to weaken their product.

 

That would be like throwing the CEOs of automobile companies in jail for refusing to design cars that don't crash or break down.

[G+_John Phillips]

I think it's amusing that with all this debate about Apple iPhones that no one seems concerned about all the other phones out there with no encryption at all?

[G+_Ben Reese]

John Phillips that's not an issue because there's no encryption to break. The concern is that Apple is being asked to weaken encryption which is directly counter to their business offerings.

 

I just don't understand why the FBI wants Apple to create a tool that could weaken the phones that most of them are probably carrying.

[G+_Ronald Stepp]

John Phillips most people replying to this probably don't own or care about other phones, and this is a case that will affect all of them, but the iPhone is the target in this case.

[G+_Jonathan Schober]

I didnt read the other comments but its simple. Apple signs a bootable ramdisk that allows brute forcing of the pin code without any of the protections turned on

[G+_Donald Weller]

And if they do that they make everyone vulnerable. They are choosing not to.

[G+_Ronald Stepp]

And some say, "Well Apple is just worried about it's bottom line."

 

Duh, yeah if I were the CEO of a company that is being asked to basically look like it has pissed on the customer's right to a secure phone that I advertised as secure, yeah, I'd probably be worried about the bottom line to.

 

"Hey, we at SUV Direct told ya'll that every SUV we make has 32 air bags to make it's occupants 100.000% safe in crashes.  Oh, but we decided not to include the airbags after the 1st 20 million SUVs we make. Suck it.  Please Come Again."

[G+_Ben Reese]

Ronald Stepp I'm an Android user and do care about privacy. But since I don't have device encryption enabled I have little expectation of privacy against government. If I was told enabling encryption would keep everyone out, I'd expect it to work. Regardless of a judges rulings.