John Oliver Explains the Apple vs. Dept. of Justice Encryption Debate

Toggle sidebar
Foxbat

Foxbat

Addicted to new HW
Original poster
Supporting Founder
Pub Member / Supporter
Lifetime Supporter
Nov 25, 2003
20,664
14,405
Michiana
Warning: NSFW

HBO's John Oliver presents a fairly well-reasoned and informed essay on the Apple vs. FBI case. And, being John Oliver, you won't want to have the volume very loud if you're with younger or more sensitive people. If nothing else, check out the Apple ad at 15:50 into the video...


Please, no Pit Comments. Maybe this whole thread is too political, but I'm more interested in the technological debate.
 
This has also been an on-going topic for the last month or two of TWiT podcasts. One thing that came up during the discussions was when you fail your 10 (or whatever) passcode attempts, the encryption key is what gets erased, not the encrypted data. So, imagine if your house was boobytrapped so if you didn't use the door key, everything in your house would explode. Or, a safe that would shred/burn the contents if the wrong combination was tried too many times or if the physical containment was breached.

Likewise, what about the TPM chip in a laptop? Doesn't it encrypt the hard drive such that it can't be read without the corresponding TPM chip and password? Why hasn't this come up before in the news? Could Seagate be expected to decrypt an encrypted hard drive from a suspect's computer in similar circumstances?
 
Juan, are you saying encryption doesn't work? Or are you saying that Apple (and others) really do have the secret encryption keys that allow them to access any encrypted content on your device?

Encryption works, just ask the victims of Ransomeware who find their computers scrambled.
 
juan said:
The encryption is a sales gimmick..meant to make u think u are safe
Click to expand...

The FBI cannot break the encryption. That's why they are trying to force Apple to do it for them. Doesn't sound like a gimmick to me. If anything it sounds like an endorsement of how well it works. If the encryption is strong enough to keep the FBI out it's probably strong enough for any general consumer's use.
 
Foxbat said:
Juan, are you saying encryption doesn't work? Or are you saying that Apple (and others) really do have the secret encryption keys that allow them to access any encrypted content on your device?

Encryption works, just ask the victims of Ransomeware who find their computers scrambled.
Click to expand...
I am saying the keys are stored on an external server you have no control over..someone can get in that server and monkey around
 
king3pj said:
The FBI cannot break the encryption. That's why they are trying to force Apple to do it for them. Doesn't sound like a gimmick to me. If anything it sounds like an endorsement of how well it works. If the encryption is strong enough to keep the FBI out it's probably strong enough for any general consumer's use.
Click to expand...
Well ask the kid hiding in Russia
 
juan said:
I am saying the keys are stored on an external server you have no control over..someone can get in that server and monkey around
Click to expand...

Apple claims that there is no key. They say that if they created a key it could be used on everyone's phones and not just for this case. They say that is the reason that they will not make one.

If you watch the John Oliver clip it makes sense that they would have never created a key. Even if they had one and didn't give it to the government or anyone else it could be stolen and they would have a security nightmare on their hands.

juan said:
Well ask the kid hiding in Russia
Click to expand...

I'm not sure that is the same situation. I'll ask again... If the FBI could break the encryption on their own why would they be trying to get the courts to force Apple to break it for them? If it was really that simple they would have gotten into the phone a long time ago.

I still say that this is actually a great marketing campaign for Apple. They had all the national news outlets talking about their security that was good enough to keep the FBI out for weeks.
 
juan said:
I am saying the keys are stored on an external server you have no control over..someone can get in that server and monkey around
Click to expand...
Apple does not have the keys to the iPhone. They reside inside the Secure Enclave inside the iPhone 5s. What Apple has control over is the Signing Certificate that can be used to create firmware for that particular iPhone 5s. If the Russian kid (let's name him "Gary" in honor of the video) gets access to that Signing Cert, then ALL Apple devices are compromised, but only if Apple's servers with each device's Unique Hardware ID is compromised.

Basically, every iOS update is unique to each iOS device. If you have a pair of iPad Airs, you can't just download an update once, you need to download the new iOS version twice, once for each iPad Air. Part of that is when you request the update, Apple identifies the device asking for the update and signs the package being sent so it will only be usable on the device that requested it. That's why Apple's argument that "if this got loose" is "empty words" since the specialized firmware would only be usable on the iPhone 5s in the FBI's custody.

Say Apple does this, creates the "cancerous code" that worries Tim Cook, and updates the iPhone 5s so the FBI can run through the 10,000 possible codes to unlock the device. Now the FBI goes searching through the iPhone and finds some incriminating evidence and arrests some suspects based on that evidence. Apple will have to produce that specialized code in court to prove that Apple, in no way, created a custom-crafted image that produced bogus evidence. That "cancer code" is now part of the court record. Apple is no longer in control of that code. That's something to be truly worried about. Now your Russian kid ("Gary") can basically unlock any iPhone with a trivial passcode.
 
Foxbat said:
Apple does not have the keys to the iPhone. They reside inside the Secure Enclave inside the iPhone 5s. What Apple has control over is the Signing Certificate that can be used to create firmware for that particular iPhone 5s. If the Russian kid (let's name him "Gary" in honor of the video) gets access to that Signing Cert, then ALL Apple devices are compromised, but only if Apple's servers with each device's Unique Hardware ID is compromised.

Basically, every iOS update is unique to each iOS device. If you have a pair of iPad Airs, you can't just download an update once, you need to download the new iOS version twice, once for each iPad Air. Part of that is when you request the update, Apple identifies the device asking for the update and signs the package being sent so it will only be usable on the device that requested it. That's why Apple's argument that "if this got loose" is "empty words" since the specialized firmware would only be usable on the iPhone 5s in the FBI's custody.

Say Apple does this, creates the "cancerous code" that worries Tim Cook, and updates the iPhone 5s so the FBI can run through the 10,000 possible codes to unlock the device. Now the FBI goes searching through the iPhone and finds some incriminating evidence and arrests some suspects based on that evidence. Apple will have to produce that specialized code in court to prove that Apple, in no way, created a custom-crafted image that produced bogus evidence. That "cancer code" is now part of the court record. Apple is no longer in control of that code. That's something to be truly worried about. Now your Russian kid ("Gary") can basically unlock any iPhone with a trivial passcode.
Click to expand...
No..your public key is stored on a key server..the only way to make sure the person who is receiving your encrypted message is to see the device that you are sending the message too..the trick they use to get around your cellphone password is to put the phone into recovery mode..this mode is used for software upgrades and unless you have rooted your phone there is no way to stop that..once it is in recovery mode there is software available that can sneak in ..others tricks include getting you to download a special ap
 
It's too bad, everyone is missing the main point. Many many years ago our government would serve and protect us. No more, the government wants to control and convict us. This create government jobs. To prove my point just look at whom is in jail and why. None of us is perfect, so the government, a person with a bug, will fine something to put us in jail.
So my answer is very simple, have a way for government get the imformation, and the information can only be used to protect us. If any of the information is use in court, the person who obtained and used the information get fined and 3 years in jail or server the person time for the crime.
 
juan said:
told ya!!!!!!!
Click to expand...
linked CNN Article said:
Now the DOJ will have a chance to test the method to break into the phone that an "outside party" has offered.

The senior law enforcement official said the DOJ is "cautiously optimistic" the method will work, and it will notify the results to the judge by April 5.
Click to expand...
It hasn't been proven yet. And even if it works, is what the FBI retrieves from the phone going to be usable in in any legal manner?

This is good if it works, since it let's Apple off the hook. And Apple knows that there is another way to break into their phone which they can start to fix. Like Pwn to Own last week, finding bugs and weakness makes for a stronger system.
 
I don't believe the FBI has a way to get in. I would not be surprised that they finally realized they created a no win situation for themselves and realized that since the company iphone was not destroyed by the terrorist and their personal one was, that the iphone in question probably has absolutely nothing useful on it. This would be really embarrassing for the FBI to have to admit that after using the courts to make Apple suffer through developing a hack that would ultimately open up every iphone on the planet to criminal hacking, including the government's iphones. They finally saw the Pandora's box and the consequences of opening it. This can allow the issue to quietly just go away.

But, it has put Apple on notice and now they are in the process of developing a security system that they claim even they can't hack.
 
Hope Apple is successful in doing just that. I'm sorely tired of the gov't trying to keep me safe by taking away my constitutional rights.

The world and life isn't 'safe', never has been.


Sent from my iPad Pro using Tapatalk
 
Interesting, there are stories floating around that the iPhone 5C in this case can be emulated, allowing the FBI to try Passcodes on a virtual copy of the current contents of the iPhone. If the virtual iPhone 5C wipes itself, just start over from the original VM. By cloning, a number of agents can run through 10,000 combinations in minimal time. Once the Passcode is discovered, the FBI can use it on the actual iPhone 5C.
 
  • Like
Reactions: . Raine
I have a very hard time believing that they can't get the info off of it. If they got their way and forced Apple to do what they want, what a precedent that would be for all cases involving other phones and devices that work the same way, which are a lot.
 
Don Landis said:
I don't believe the FBI has a way to get in.
Click to expand...

Actually I do not believe that the iPhone is hack proof. There have been a couple of methods put forward that would break the iPhone... Including using a laser and an electron microscope to carefully burn through the chip layers to reveal the memory cells with the encryption code and read the cells, to backing up the flash drive and simply restoring it over and over after the phone erases it.

The thing is that the iPhone appears to be hack proof short of governments and well financed corporations. It is not going to be hacked by a common thief. The FBI was trying to set a precedence to force Apple to make it easy to decrypt an iPhone with any court order. Now the FBI will have to do it the hard way (i.e. they dropped the lawsuit before a precedent setting ruling was made against them).
 
DOJ Says It No Longer Needs Apple's Help in Hacking iPhone

http://www.dslreports.com/shownews/DOJ-Says-It-No-Longer-Needs-Apples-Help-in-Hacking-iPhone-136596

Back in February you'll recall that Apple stood up to the Department of Justice, refusing to provide a tool that would help the government unlock the phone of one of the San Bernardino shooters. At the time, Apple argued that what the government was trying to do was in effect create a tool that would open a backdoor into all iPhones, giving the government the potential to unlock any iPhone in someone’s physical possession. Apple's decision resulted in weeks of heated debate over the problems with backdoors and the benefits of encryption.

But in a new court filing (pdf) the government says it no longer needs Apple's help after all.


“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc.,” reads the report.

The government originally claimed that it needed Apple to create a custom version of iOS that bypassed not only the device's lock code, but the auto-lockout that occurs after ten unsuccessful login attempts. But the government's argument leaned on an 18th-century law known as the All Writs Act, which compels companies and individuals to take certain action -- if deemed absolutely necessary within the limits of the law.

It's believed that the government's use of the All Writs Act wasn't going very well before the court, causing the government to back off of its attempt to force Apple's hand. It's also broadly believed the government may have already had the tools and techniques necessary to access the phone anyway. Security researcher Jonathan Zdziarski, for example, last week detailed a method of using a NAND mirroring attack to access secured data stored on an iOS 9.0 device (see his second blog post here).



The government isn't commenting on how precisely it accessed the data on the phone without Apple's help. The DOJ has also denied that NAND mirroring was the method used to access the device. But given the government's colorful history when it comes to truth and surveillance, many wonder whether the government has been lying all along, and whether it really "exhausted" every possible option before trying to force Apple's compliance in creating a simpler encryption-busting tool.

In other words, did the government have the capability to unlock the phone all along, but wanted to try out the All Writs Act as a way to force Apple and other companies' compliance in surveillance and encryption busting? If so, it didn't go very well. Meanwhile, many are wondering that if the DOJ really has discovered some new vulnerability in iOS, does it have a responsibility to publicize it so that Apple can patch it to ensure the safety of iPhone users?
 

Similar threads

Bruce
Apple Vision Pro Gets a Release Date
Replies
101
Views
6K
harshness
harshness
TheForce
    • Like
Apple Card charges in error
Replies
5
Views
775
navychop
navychop
TheForce
Apple loses right to repair battle in California
Replies
2
Views
563
TheForce
TheForce
Ilya
Apple Event: iPhone 14, Apple Watch 8, AirPod Pro 2
Replies
69
Views
8K
TheForce
TheForce
TheForce
    • Like
Has Apple lost it's magic?
Replies
27
Views
3K
ncted
ncted

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Latest posts

Share this page

Share this page
Top
Back