Shryke Posted March 1, 2016 Share Posted March 1, 2016 5 hours ago, Jon AS said: Of course not, we trust that it is in Apple's financial interests to keep their customers' data secure, because that's one of the selling points for their phones. Regarding lowering security: every time you add another way to access a device, the device becomes less secure. It's true that automatic updates are already a problem, but designing this kind of software would add another potential attack vector. Right now, probably only Apple can design this and push it onto the phone via auto update, because they alone have all the information and expertise necessary, and because the software also needs to be signed with Apple's key. If this thing ever gets out of Apple's control it will do damage, because most of the heavy lifting will already have been done. This isn't a new attack vector afaik. It's the same one that's always existed. If you can sign the update with Apple's signature, the phone will update the OS. (At least, on this particular version of the iPhone and older. Not sure about newer ones.) The software itself shouldn't be terribly hard and I'd guess some exploit of similar abilities should be doable by alot of people. And if not this kind, then a host of other terrible things. If they can sign the update properly. But if you could do that, you could do anything. That seems to be the actual thing protecting you with this version of the iPhone and it's been that way all along it appears. It's not a new security hole, it's the same one that's always been there. Link to comment Share on other sites More sharing options...
Jon AS Posted March 1, 2016 Share Posted March 1, 2016 There's a lot of information that nobody outside of Apple's software development has, so I'm not sure that just about anybody could create this software. I also don't know that OS updates via sideload onto the device's RAM are something that's doable for anybody else. Apple is notoriously anal about not wanting people to do whatever they desire with their devices, because once you buy an Apple product you're supposed to be tied as closely into the Apple product cycle as possible and only move within the boundaries set by Apple. The software to digitally input passcodes without delays definitely doesn't exist yet, though, so that would be a weakening of a device's security. Link to comment Share on other sites More sharing options...
Shryke Posted March 1, 2016 Share Posted March 1, 2016 1 hour ago, Jon AS said: There's a lot of information that nobody outside of Apple's software development has, so I'm not sure that just about anybody could create this software. I also don't know that OS updates via sideload onto the device's RAM are something that's doable for anybody else. Apple is notoriously anal about not wanting people to do whatever they desire with their devices, because once you buy an Apple product you're supposed to be tied as closely into the Apple product cycle as possible and only move within the boundaries set by Apple. The software to digitally input passcodes without delays definitely doesn't exist yet, though, so that would be a weakening of a device's security. The first part is why your second part is irrelevant. Once you can update the firmware, you can do anything you want to the phone. And that security hole was always there. Link to comment Share on other sites More sharing options...
Jon AS Posted March 1, 2016 Share Posted March 1, 2016 It's not firmware, it's software, to be loaded into the device's RAM, which in turn is supposed to then modify settings in the software already installed on the phone. This kind of software currently doesn't exist, at least according to Apple and the FBI. Once it does exist there's only one thing that can keep it from being misused: the fact that it is supposed to be keyed to one specific device. It's probably much easier to modify existing software to run on devices it's not supposed to than to write it from scratch, especially when law enforcement agencies are going to be lining up to get at data in various other phones once precedence has been established. It won't matter so much anymore that some of these other cases wouldn't have been sexy enough to convince anyone that these measures were necessary in the first place. Link to comment Share on other sites More sharing options...
DanteGabriel Posted March 2, 2016 Share Posted March 2, 2016 Turns out this whole brouhaha came about because the FBI fucked up their handling of the phone in the first 24 hours after the shooting, and locked themselves out. They misunderstood a basic component of the Apple product system. Quote The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage. “There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone. F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in. http://mobile.nytimes.com/2016/03/02/technology/apple-and-fbi-face-off-before-house-judiciary-committee.html?_r=0 Link to comment Share on other sites More sharing options...
The Anti-Targ Posted March 2, 2016 Share Posted March 2, 2016 Well, if it's true that the FBI could have got everything it wanted if it hadn't made that screw up, then I'm inclined to tell the FBI to naff off and chalk this up to experience and make sure they don't screw up next time. I was under the impression that this hack job was the only way it was possible to get at this information. But also it tells me that this whole privacy and security of users argument from Apple is a total chimera. The fact that everyone's iPhone can be forced to synch with the iCloud by remote control, and that Apple is more than happy to hand over the information on the iCloud means Apple has no moral high ground here at all. If they really wanted to protect people's privacy it would be as impossible to force an iCloud sync as it would be to crack into the phone's onboard memory.I assume it's possible for people to choose an option to not store any information on the iCloud. My question is, if you can set your phone to never sync with the iCloud, can Apple force a sync without your permission? If your phone is not connected to mobile data or WiFi, can Apple force one or both of those things to turn on in order to do a sync? How much can Apple actually do with your phone without your immediate permission? Does everyone who syncs to the iCloud know that Apple possibly winning this case all the way to the Supreme Court is actually doing nothing to improve their data security, because Apple will hand over your iCloud data as soon as a warrant has been issued? So really, talking about big scary back doors is smoke and mirrors, because every iPhone already has a big old back door and it's flapping wide open for pretty much everyone. Link to comment Share on other sites More sharing options...
Morin Posted March 2, 2016 Share Posted March 2, 2016 56 minutes ago, The Anti-Targ said: Well, if it's true that the FBI could have got everything it wanted if it hadn't made that screw up, then I'm inclined to tell the FBI to naff off and chalk this up to experience and make sure they don't screw up next time. I was under the impression that this hack job was the only way it was possible to get at this information. But also it tells me that this whole privacy and security of users argument from Apple is a total chimera. The fact that everyone's iPhone can be forced to synch with the iCloud by remote control, and that Apple is more than happy to hand over the information on the iCloud means Apple has no moral high ground here at all. If they really wanted to protect people's privacy it would be as impossible to force an iCloud sync as it would be to crack into the phone's onboard memory.I assume it's possible for people to choose an option to not store any information on the iCloud. My question is, if you can set your phone to never sync with the iCloud, can Apple force a sync without your permission? If your phone is not connected to mobile data or WiFi, can Apple force one or both of those things to turn on in order to do a sync? How much can Apple actually do with your phone without your immediate permission? Does everyone who syncs to the iCloud know that Apple possibly winning this case all the way to the Supreme Court is actually doing nothing to improve their data security, because Apple will hand over your iCloud data as soon as a warrant has been issued? So really, talking about big scary back doors is smoke and mirrors, because every iPhone already has a big old back door and it's flapping wide open for pretty much everyone. Where did you get the bolded part from? I was under the impression this was a feature the user didn't opt out of. Link to comment Share on other sites More sharing options...
The Anti-Targ Posted March 2, 2016 Share Posted March 2, 2016 28 minutes ago, Morin said: Where did you get the bolded part from? I was under the impression this was a feature the user didn't opt out of. Did I misread? Perhaps I did. Perhaps it should be a question. Can Apple force a sync with the iCloud? How many people don't sync with the iCloud? If this whole argument is about protecting privacy, then perhaps iCloud should be an opt in thing not an opt out. Link to comment Share on other sites More sharing options...
DireWolfSpirit Posted March 3, 2016 Share Posted March 3, 2016 On February 26, 2016 at 4:09 PM, Mlle. Zabzie said: Summary of Apple's reply brief, that contains a link to the brief itself. Very interesting stuff. ^^^ This is posted on page 9 for those that are surprised about the FBI password reset fiasco. Included in that summary of the Apple reply brief is this tidbit- Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network… which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary. ^^^ So yeah that's a thing and it happened. I'm sure it was a factor in making the govt's case less sympathetic to the court. Link to comment Share on other sites More sharing options...
baxus Posted March 3, 2016 Share Posted March 3, 2016 11 hours ago, Morin said: Where did you get the bolded part from? I was under the impression this was a feature the user didn't opt out of. It is a feature user opted in to. You get an iCloud account by default when you create App Store account, but you don't have to sync your phone data to iCloud if you don't want to. 10 hours ago, The Anti-Targ said: Did I misread? Perhaps I did. Perhaps it should be a question. Can Apple force a sync with the iCloud? How many people don't sync with the iCloud? If this whole argument is about protecting privacy, then perhaps iCloud should be an opt in thing not an opt out. No, Apple can't force a sync with the iCloud, the same way it can't force an OS update. User can set an automatic sync with iCloud and that's it. Link to comment Share on other sites More sharing options...
The Anti-Targ Posted March 3, 2016 Share Posted March 3, 2016 14 hours ago, DireWolfSpirit said: ^^^ This is posted on page 9 for those that are surprised about the FBI password reset fiasco. Included in that summary of the Apple reply brief is this tidbit- Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network… which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary. ^^^ So yeah that's a thing and it happened. I'm sure it was a factor in making the govt's case less sympathetic to the court. Indeed, unless the FBI has a good reason for the action it took this particular request is simply trying to recover from someone's incompetence. Still baxus points out that iCloud back-up is an opt in choice and apparently Apple can't force a back up. So the fundamental principles of the case aren't really affected by this incompetence and this bit doesn't address the essentials of the matter. It could be argued that screw ups by the FBI re. iCloud sync should be ignored, because if Farook never activated the iCloud back up process we'd be right here in this situation. And in terms of establishing legal precedent of what the FBI can and can't demand this bit of incompetence should be ignored. However, taking the decision to deny the request in part because of this incompetence kicks the matter to the sidelines only to have it resurrected again when this particular circumstance doesn't exist. Link to comment Share on other sites More sharing options...
Tempra Posted March 11, 2016 Share Posted March 11, 2016 Government's reply brief: http://www.mercurynews.com/crime-courts/ci_29622193/apple-v-fbi-government-calls-iphone-makers-arguments Link to comment Share on other sites More sharing options...
baxus Posted March 12, 2016 Share Posted March 12, 2016 It took them only 3 weeks and they didn't say anything they didn't say the first time around. That's not really an efficient way of handling this situation, is it? Link to comment Share on other sites More sharing options...
maarsen Posted March 25, 2016 Share Posted March 25, 2016 From news reports recently, Apple is all aflutter because the FBI, through a third party has apparently found a way into the iPhone without needing Apple. Link to comment Share on other sites More sharing options...
DireWolfSpirit Posted March 25, 2016 Share Posted March 25, 2016 Could the government turn Apples river orange, Colorada style? Tragically I think they can and will if left unchecked and it's why i've been against their case with Apple from the beginning. Once that river is poisoned noone in the government will take responsibility for the harm caused or the wealth destroyed. Link to comment Share on other sites More sharing options...
DanteGabriel Posted March 26, 2016 Share Posted March 26, 2016 19 hours ago, maarsen said: From news reports recently, Apple is all aflutter because the FBI, through a third party has apparently found a way into the iPhone without needing Apple. Well, we're well past the three weeks John McAfee promised it would take... Link to comment Share on other sites More sharing options...
Swordfish Posted March 29, 2016 Share Posted March 29, 2016 On 3/25/2016 at 7:48 AM, maarsen said: From news reports recently, Apple is all aflutter because the FBI, through a third party has apparently found a way into the iPhone without needing Apple. I'll believe it when i see it. Link to comment Share on other sites More sharing options...
AverageGuy Posted March 29, 2016 Share Posted March 29, 2016 42 minutes ago, Swordfish said: I'll believe it when i see it. Justice department cracks iPhone, withdraws legal action Basically they were lying when they said there was no way they could crack the iPhone without Apple building them a backdoor. Link to comment Share on other sites More sharing options...
Fez Posted March 29, 2016 Share Posted March 29, 2016 9 minutes ago, AverageGuy said: Justice department cracks iPhone, withdraws legal action Basically they were lying when they said there was no way they could crack the iPhone without Apple building them a backdoor. Lying seems like a stretch. More like they weren't aware of any way other than Apple doing it. All those statements from the FBI were prior to this third party company/individual getting in touch with them. Good for the FBI though. And I hope they classify the method they used so they never need to disclose it to Apple. Link to comment Share on other sites More sharing options...
Swordfish Posted March 29, 2016 Share Posted March 29, 2016 19 hours ago, AverageGuy said: Justice department cracks iPhone, withdraws legal action Basically they were lying when they said there was no way they could crack the iPhone without Apple building them a backdoor. Maybe, maybe not. The story is awfully short on details. Doesn't pass the sniff test. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.