What the Heck?! Thread (Closed)

[Equation]

A bit old, but worth posting since it hasn't really been reported at all.

Please, Log in or Register to view URLs content!

Imagine the international uproar and media coverage had China done something like this.

Make no mistake, I have little doubt that things like this can still happen even in today's world to overseas Chinese.

This is the very real threat all the rabble rousing thinly veiled racism in the western press carries.

It would be as foolish as it would be ineffective to depend on the good nature of people to prevent things like this, when the only proven means of deterrence is a strong China, who will speak out for its people when they are mistreated abroad, and who can make states pay if they fail to stop such despicable behaviour.

And you can bet no Hollywood or Ballywood movie in regards to that atrocity equivalent to American Government internment camp against Japanese-Americans during WWII to commemorate the victims. Sure Chinese film makers could it, but the rabble rousing bias Western press would accuse China of making patriotic films to support the "oppressive" CPC government.

 

[plawolf]

And you can bet no Hollywood or Ballywood movie in regards to that atrocity equivalent to American Government internment camp against Japanese-Americans during WWII to commemorate the victims. Sure Chinese film makers could it, but the rabble rousing bias Western press would accuse China of making patriotic films to support the "oppressive" CPC government.

Oh that's absolutely guaranteed. They had the nerve to accuse Chinese films about the Rape of Nanjing as being anti-Japanese!

That's exactly the same as it they accused holocaust films of being anti-German.

The Chinese government and public really should start compiling a black list of these cretins and make sure they never get a penny from the Chinese government, companies or even individuals.

 

[solarz]

You need to unlock the phone in order to initiate a data sync to a computer.

It would be an obvious and serious flaw if it was possible to simply copy all the encrypted files from a locked phone onto another device to bypass the 10-errors-autowipe feature on iPhones, since as you rightly pointed out, a 4 digit passcode would be stupidly easy to defeat using a brute force attack that way.

Although it should be noted that 4 digits is only the default length of passcodes on iPhones, and it is perfectly possible to set a passcode as long as you could remember and be bothered to type in every time you wanted to unlock your phone (assuming it doesn't have fingerprint scanner).

Why can't they just disassemble the phone, pull out the flash drive, and create an image of the drive? Then they can work at their leisure on decrypting the data.

 

[plawolf]

Why can't they just disassemble the phone, pull out the flash drive, and create an image of the drive? Then they can work at their leisure on decrypting the data.

Again, a standard security feature on phones is to design them to resist hardware hacking like you described (one of, if not the primary, reason Apple categorically, resolutely refuses to put plug and play micro SD card slots on its phones like many others have done is because of concerns about data security rather than just because they are being greedy jerks who wants to charge customers more money for phones with bigger memory).

The internal memory of the phone is built directly into the logic board, and cannot be just pulled out like a flashcard or computer hard drive.

Take the iPhone 4 diagram below as an example.

Everything is integrated and embedded directly into the board. Just like a laptop, if any of those modules fail, you need to replace the entire board.

That's just the security benefit from the nature of the integrated logic board itself.

I would also expect additional built in security features in case anyone is persistent enough to try to physically tear the logic board apart to get at the memory modules.

Take the recent examples of iPhone 6s bricking themselves if they detect the fingerprint scanner had been repaired by a 3rd party.

I would expect the memory modules to have similar security features built in, whereby upon powering up, the module will automatically check that it is still hooked up to the logic board it was first built into, and to self erase if it doesn't get the correct verification code.

 

[PanAsian]

For me, Apple should offer to take the Phone and crack it in their lab and then hand the data over to the FBI.

That would be fair enough, unfortunately that is not what Apple is proposing.

Apple's saying they won't crack that phone, even for one use, because the technology to crack Apple's OS would have to be developed first, and once it's made, will find a way to proliferate and end up in the wrong hands. Then, it'd be something you wish you could un-invent but it'd be too late. So now, Cook's foresight is telling him to stop its creation.

Apple can say whatever it wants, no outsider can actually verify that they don't have the ability to hack the phone.

 

[solarz]

That would be fair enough, unfortunately that is not what Apple is proposing.

Apple can say whatever it wants, no outsider can actually verify that they don't have the ability to hack the phone.

Digging into this a bit, it seems like what the FBI wants is a piece of software that would allow them to bypass the "self-destruct" feature of the iPhone and allow them to enter pass codes electronically.

In other words, the FBI wants Apple to create a crack for their own security system.

Apple can't really offer to create it in their own labs and hand over the decrypted data, because such an endeavour will necessarily require the highest level of security, something that Apple may not be equipped to handle. For example, how would Apple prevent their developers (sorry, "software engineers") from keeping a copy of the source code?

 

[PanAsian]

Digging into this a bit, it seems like what the FBI wants is a piece of software that would allow them to bypass the "self-destruct" feature of the iPhone and allow them to enter pass codes electronically.

In other words, the FBI wants Apple to create a crack for their own security system.

Apple can't really offer to create it in their own labs and hand over the decrypted data, because such an endeavour will necessarily require the highest level of security, something that Apple may not be equipped to handle. For example, how would Apple prevent their developers (sorry, "software engineers") from keeping a copy of the source code?

That is a nonsense double standard. If Apple can afford to keep the secret of how it builds its unbreakable iPhone security then they can equally afford to keep the secret of how they break it.

 

[manqiangrexue]

Apple can say whatever it wants, no outsider can actually verify that they don't have the ability to hack the phone.

So what? So assume that they do have the ability and force them to give it up? What if the assumption's wrong, and you end up trying to force someone to give up something they don't have? Do you normally assume that things exist if no one can verify that it doesn't? Does Harry Potter exist?

"That is a nonsense double standard. If Apple can afford to keep the secret of how it builds its unbreakable iPhone security then they can equally afford to keep the secret of how they break it."

Why should Apple bear the undue burden of creating something that destroys the security of what it depends on for survival, and then the additional burden of having to keep it secure? I'd rather the thing that can destroy me not exist at all (much less force me to create it) than to have me keep it in the closet. Because Apple kept 1 thing secure, so it should have the burden of keeping everything secure? Why don't we all give our data to Apple and have them guard it just because they can?

 

[solarz]

That is a nonsense double standard. If Apple can afford to keep the secret of how it builds its unbreakable iPhone security then they can equally afford to keep the secret of how they break it.

You're making the assumption that a secure system needs to be kept secret in order to be secure, which is not the case at all.

The first layer of security is encryption. A good, secure encryption algorithm depends on the secrecy and complexity of the private keys, *NOT* on the secrecy of the implementation of the algorith.

Here is a good overview:

Please, Log in or Register to view URLs content!

Once the encryption is in place, all you need to do is build some kind of kill switch that would destroy the data if the hardware is tampered with. None of this needs to be kept secret.

On the other hand, cracks are created by exploiting bugs and design flaws in the security system. No system is perfect, which is why it's always possible to crack a security system, given enough time and resources. Normally, this becomes a race between hackers trying to find those exploits versus the software company plugging them. The FBI's request is basically telling Apple to do the hackers' work for them.

 

[PanAsian]

You're making the assumption that a secure system needs to be kept secret in order to be secure, which is not the case at all.

The first layer of security is encryption. A good, secure encryption algorithm depends on the secrecy and complexity of the private keys, *NOT* on the secrecy of the implementation of the algorith.

Here is a good overview:

Please, Log in or Register to view URLs content!

Once the encryption is in place, all you need to do is build some kind of kill switch that would destroy the data if the hardware is tampered with. None of this needs to be kept secret.

On the other hand, cracks are created by exploiting bugs and design flaws in the security system. No system is perfect, which is why it's always possible to crack a security system, given enough time and resources. Normally, this becomes a race between hackers trying to find those exploits versus the software company plugging them. The FBI's request is basically telling Apple to do the hackers' work for them.

Per that overview article Apple claims that it doesn't store any keys, it can be lying through its teeth and nobody would be any the wiser. The article also states that there is no way to guarantee that Apple is incapable of accessing the encrypted data other than taking their word at face value.

The FBI is asking Apple to do the FBI's work for them. Apple is not saying it cannot do it, Apple is saying it doesn't want to do it. This is not about protecting end users' privacy, this is about protecting Apple's marketing, specifically putting it before human lives and national security.

The FBI should go ahead on its own to crack Apple's security while the lawsuits play out, most likely being forced to spend way more resources than if Apple co-operated, and hold Apple and its employees such as Tim Cook liable for obstruction of justice and aiding and abetting terrorists if timely intelligence was missed due to Apple's unco-operative behavior.