Does anyone think Tim Cook wouldn't unlock the phone of a jihadi if he had slaughtered a bunch of Apple employees at the Cupertino campus? I sure as hell think he would unlock it.
How incompetent are they? After bitching about not getting a new, company-wide "secret decoder device", they now have to announce this publicly? Who the fuck cares? Do your fucking jobs, stop trying to make an issue out of company or national security policies, and prosecute the bastards you incompetent twats.
Am I the only one who thinks Apple was told "you're going to lose, open the phone and we'll find a way for you to publicly save face" and so that's why we get the bravado, and the "oh never mind, we figured it out" case dismissal. Next it'll be, "we did it under the typical procedures because it was a county phone, there was no hacking involved, Apple security rocks!"
Good? Is that what you imagine, Madam Professor? Now that it's known that there is a security hole in the iPhone, don't you imagine that every hacker, and every foreign government that employs hacking teams will be out to figure it out? Though given the Obama administration's lack of interest in data privacy and information security, the foreign governments will probably just find out what the security hole is through espionage channels.
The most obvious answer is the NSA. They can crack an "uncrackable" phone, but certainly wouldn't want everybody to know it. The whole kerfuffle with Apple was about not revealing that the government could get SOMEBODY to find a way in. Now they put out the misinfo that it was an Israeli company. Occam's Razor dictates it was the NSA. It's the whole reason for their existence. Plenty of people think they're incompetent boobs, and they like it that way.
Apple may have miscalculated. They tried to show customers that they would not give in to the government, but instead customers now see that even the DOJ can hack into an iPhone.
It's not that surprising for an iPhone 5C. Good luck getting into an iPhone 6S, though.
Yep. Without Secure Enclave the 5C is open to all sorts of hardware-based attacks. But the FBI had to have known that. The point of this case wasn't to crack the phone. It's not like they're gonna put a dead guy on trial. The point was to use the publicity from a shocking attack to establish a precedent for government use of the courts to force companies to pry open their security.
Once the FBI decided the case was going badly they suddenly discovered what everyone knew all along. They will be back.
Dear Justice Department, here's a minor clue in crime-fighting from your friends in the cryptography department: if you've broken the enemy's code, don't let him know you've broken it!
Seriously, all they needed to do was withdraw the legal effort and offer no comment. This constant narcissistic need to brag to make themselves look good hurts future efforts and it makes a mockery of the government's claim that this is about saving lives (because if it is, prosecutors are indirectly getting people killed for the sake of good PR by revealing too much).
The problem boils down to how to pull the raw bits from the NAND device without it self-destructing. Once the bits were out it was simply a matter of applying brute force.
Most decryption at this level is basically a function of time versus money. The NSA has billions dollars of specialized computer hardware to throw at it if they want to.
All or part of this story may be disinformation. There's also the possibility that the government may be inept or stupid. I don't know where to direct my cynicism.
Well deserved, all the way around, and make no mistake about it. This has been the second hugest argument in which my husband and I have engaged in recent memory. Early on, a couple-so-so-so-so-months ago, I said: Have you considered that there might be another entity through which, at the end of the day, no matter how few months hence, the focal point might be achieved? Have you considered that, and what that might mean mean in terms of control?
Of course, my opinion was dismissed. Make no mistake: I am the dumbest person in the world.
Gideon7 said... The problem boils down to how to pull the raw bits from the NAND device without it self-destructing. Once the bits were out it was simply a matter of applying brute force.
Most decryption at this level is basically a function of time versus money. The NSA has billions dollars of specialized computer hardware to throw at it if they want to.
3/28/16, 10:17 PM
This. I heard this morning that the "hack" was actually figuring out how to clone the phone. Now they will put up hundreds of virtual clones and programatically enter every possible pass-code until the find the one that works. Verify that it worked and then use it to unlock the phone.
Not a "back door". Not really a "hack" in the traditional sense but since they have now figured it out, no iPhone is safe.
"The problem boils down to how to pull the raw bits from the NAND device without it self-destructing"
That seems a reasonable speculation. Once the phone's contents can be copied then the copy can be copy, so no problem if the first copy self-destructs.
Presumably this will lead to hardware locks on new devices that detect attempts to directly read the flash memory, leading to an anti-anti-missile missile missile type arms race.
And I wouldn't bet that the encryption will win, as there's a long history of supposedly "impossible to defeat" crypto getting cracked.
And I wouldn't bet that the encryption will win, as there's a long history of supposedly "impossible to defeat" crypto getting cracked.
3/29/16, 8:31 AM
It all boils down to how badly do you want the data. If you throw enough hardware at the problem, you can brute force it. The only question is how much hardware can you afford to throw at it.
The computers are getting better/faster all the time and the algorithms to short-cut the brute force process are getting smarter all the time.
The NSA already has enough horse-power to capture a sampling (or better) of all communications in real-time and just keep the stuff that throws up a red flag. Opposite that you have Apples' encryption. Who do you think will win? Nothing in private hands is really secure anymore.
If you throw enough hardware at the problem, you can brute force it. The only question is how much hardware can you afford to throw at it.
Never enough. If the NSA can crack my encryption using a million computers, I can double the length of my passcode a lot faster than they can build a trillion computers.
The secret plot I'd like to think happened was that the FBI knew all along how to get info out of this device but worked out an elaborate plot with Apple to deceive the bad guys into thinking their phones were safe while they followed up as much as they could on the San Bernadino phone's info.
Of course this raises the question of why they are telling the bad guys now that their phones are not safe. I am not sure that's a good idea.
As to Mike worrying about hackers now getting into our Iphones, who cares? I assume Apple and a lot of others already can and do.
Support the Althouse blog by doing your Amazon shopping going in through the Althouse Amazon link.
Amazon
I am a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for me to earn fees by linking to Amazon.com and affiliated sites.
Support this blog with PayPal
Make a 1-time donation or set up a monthly donation of any amount you choose:
41 comments:
Oh, that's different. Never mind.
Miss Emily Litella - Justice Dept.
Does anyone think Tim Cook wouldn't unlock the phone of a jihadi if he had slaughtered a bunch of Apple employees at the Cupertino campus? I sure as hell think he would unlock it.
Well I would hope that we have smart guys (and gals) working someplace in our government.
Does this mean someone gets fired at Apple?
So the govt is using hackers to bypass the security put in place to protect customers. That doesn't raise any issues at all.
What if there is nothing important on the phone?
They got in a long time ago. This was about getting an easy and quick way in moving forward.
It's not that surprising for an iPhone 5C. Good luck getting into an iPhone 6S, though.
How incompetent are they? After bitching about not getting a new, company-wide "secret decoder device", they now have to announce this publicly? Who the fuck cares? Do your fucking jobs, stop trying to make an issue out of company or national security policies, and prosecute the bastards you incompetent twats.
Interesting. Apple won't play ball, so they send a message out to the market that Apple phones have a security hole.
Let's see them try that again.
Well I would hope that we have smart guys (and gals) working someplace in our government.
I heard they hired an Israeli firm.
Am I the only one who thinks Apple was told "you're going to lose, open the phone and we'll find a way for you to publicly save face" and so that's why we get the bravado, and the "oh never mind, we figured it out" case dismissal. Next it'll be, "we did it under the typical procedures because it was a county phone, there was no hacking involved, Apple security rocks!"
Better hurry before Apple uploads the patch.
"Let's give it up for Barack Hussein Obama's Justice Department ladies and gentleman!"
Of course, this was their work phone that was rarely used and only for work, so no information from it will likely be useful.
Good? Is that what you imagine, Madam Professor? Now that it's known that there is a security hole in the iPhone, don't you imagine that every hacker, and every foreign government that employs hacking teams will be out to figure it out? Though given the Obama administration's lack of interest in data privacy and information security, the foreign governments will probably just find out what the security hole is through espionage channels.
Not so good.
@robinintn
"So the govt is using hackers to bypass the security put in place to protect customers. That doesn't raise any issues at all.'
It raises no more issues for me than my doors and home security system being defeated in the face of a search warrant.
The most obvious answer is the NSA. They can crack an "uncrackable" phone, but certainly wouldn't want everybody to know it. The whole kerfuffle with Apple was about not revealing that the government could get SOMEBODY to find a way in. Now they put out the misinfo that it was an Israeli company. Occam's Razor dictates it was the NSA. It's the whole reason for their existence. Plenty of people think they're incompetent boobs, and they like it that way.
Why "good"?
And what if this is just BS by the FBI in order to smoke out others in the terrorist network into thinking that the Fed's have their contact data?
I couldn't believe they were advertising the fact that they needed Apple's help!!
47?
Huweare is right next to unobtainum in the periodic table.
The FBI handed over the phone to the CIA, which has been able to do this for awhile.
The phone belonged to San Bernardino County Department of Public Health and they were supposed to control the passwords and access but they fucked up.
Apple may have miscalculated. They tried to show customers that they would not give in to the government, but instead customers now see that even the DOJ can hack into an iPhone.
A Blackberry is a different story.
Maybe they hacked into the phone and maybe they didn't. Could very well be a face-saving announcement by the Bureau.
Not good!
It's not that surprising for an iPhone 5C. Good luck getting into an iPhone 6S, though.
Yep. Without Secure Enclave the 5C is open to all sorts of hardware-based attacks. But the FBI had to have known that. The point of this case wasn't to crack the phone. It's not like they're gonna put a dead guy on trial. The point was to use the publicity from a shocking attack to establish a precedent for government use of the courts to force companies to pry open their security.
Once the FBI decided the case was going badly they suddenly discovered what everyone knew all along. They will be back.
Dear Justice Department, here's a minor clue in crime-fighting from your friends in the cryptography department: if you've broken the enemy's code, don't let him know you've broken it!
Seriously, all they needed to do was withdraw the legal effort and offer no comment. This constant narcissistic need to brag to make themselves look good hurts future efforts and it makes a mockery of the government's claim that this is about saving lives (because if it is, prosecutors are indirectly getting people killed for the sake of good PR by revealing too much).
The problem boils down to how to pull the raw bits from the NAND device without it self-destructing. Once the bits were out it was simply a matter of applying brute force.
Most decryption at this level is basically a function of time versus money. The NSA has billions dollars of specialized computer hardware to throw at it if they want to.
All or part of this story may be disinformation. There's also the possibility that the government may be inept or stupid. I don't know where to direct my cynicism.
PB said...3/28/16, 7:50 PM
Of course, this was their work phone that was rarely used and only for work, so no information from it will likely be useful.
Syed Rizwan Farook had stopped auomatic backups around October 19, but probably mainly on general principles.
Well deserved, all the way around, and make no mistake about it. This has been the second hugest argument in which my husband and I have engaged in recent memory. Early on, a couple-so-so-so-so-months ago, I said: Have you considered that there might be another entity through which, at the end of the day, no matter how few months hence, the focal point might be achieved? Have you considered that, and what that might mean mean in terms of control?
Of course, my opinion was dismissed. Make no mistake: I am the dumbest person in the world.
Gideon7 said...
The problem boils down to how to pull the raw bits from the NAND device without it self-destructing. Once the bits were out it was simply a matter of applying brute force.
Most decryption at this level is basically a function of time versus money. The NSA has billions dollars of specialized computer hardware to throw at it if they want to.
3/28/16, 10:17 PM
This. I heard this morning that the "hack" was actually figuring out how to clone the phone. Now they will put up hundreds of virtual clones and programatically enter every possible pass-code until the find the one that works. Verify that it worked and then use it to unlock the phone.
Not a "back door". Not really a "hack" in the traditional sense but since they have now figured it out, no iPhone is safe.
"The problem boils down to how to pull the raw bits from the NAND device without it self-destructing"
That seems a reasonable speculation. Once the phone's contents can be copied then the copy can be copy, so no problem if the first copy self-destructs.
Presumably this will lead to hardware locks on new devices that detect attempts to directly read the flash memory, leading to an anti-anti-missile missile missile type arms race.
And I wouldn't bet that the encryption will win, as there's a long history of supposedly "impossible to defeat" crypto getting cracked.
Peter said...
And I wouldn't bet that the encryption will win, as there's a long history of supposedly "impossible to defeat" crypto getting cracked.
3/29/16, 8:31 AM
It all boils down to how badly do you want the data. If you throw enough hardware at the problem, you can brute force it. The only question is how much hardware can you afford to throw at it.
The computers are getting better/faster all the time and the algorithms to short-cut the brute force process are getting smarter all the time.
The NSA already has enough horse-power to capture a sampling (or better) of all communications in real-time and just keep the stuff that throws up a red flag. Opposite that you have Apples' encryption. Who do you think will win? Nothing in private hands is really secure anymore.
Sort-of-good. It ended the threat of "involuntary servitude" (SLAVERY). It does represent another threat to the Fourth Amendment to our Constitution.
If you throw enough hardware at the problem, you can brute force it. The only question is how much hardware can you afford to throw at it.
Never enough. If the NSA can crack my encryption using a million computers, I can double the length of my passcode a lot faster than they can build a trillion computers.
The secret plot I'd like to think happened was that the FBI knew all along how to get info out of this device but worked out an elaborate plot with Apple to deceive the bad guys into thinking their phones were safe while they followed up as much as they could on the San Bernadino phone's info.
Of course this raises the question of why they are telling the bad guys now that their phones are not safe. I am not sure that's a good idea.
As to Mike worrying about hackers now getting into our Iphones, who cares? I assume Apple and a lot of others already can and do.
Post a Comment