Federal judge FORCES Apple to help FBI decrypt San Bernardino killers iPhone 5C

[Roawoao]

20 minutes ago, LAwLz said:

Do we know that it was disabled before the shooting? The argument Apple is making is that if they hadn't changed the password, the phone might have automatically backed itself up once it connected to the Internet. Obviously that would not happen if the backup feature was disabled, but I can't find any evidence that it was/wasn't.

The evidence is in the news article Apple provided the iCloud backups but the backups stopped well before the attack and it is extremely likely the terrorist just turned off the iCloud backup in settings which means it would never turn itself back on without someone have the iPhone pin code not iCloud password. The FBI would  be correct to change the iCloud password after they got the account info to prevent other malicious actors who may have also known the iCloud password from trying to erase or tamper with the online account.

 

Because they already knew from apple the automatic backups were disabled before there was no point in trying Apple's suggestion because it would never work. The only reason it would have worked is totally absurd in that the terrorist never took his phone home or to work and never charged them there ever instead of just turning the backup switch off in the settings app about a month or more before he committed an act of terrorism.

 

Apple's PR BS again. I understand the principle of protecting user privacy but lying through the teeth is not a good way to go about it and is going to end very poorly for Apple.

 

Edit: Here is the bit from my post just a page ago.

http://www.cnet.com/uk/news/apple-says-investigators-ruined-most-promising-way-to-access-terrorist-data/

Quote

"They recommended that the iPhone be connected to a known Wi-Fi network such as one in Farook's home or workplace and plugged into a power source so it could automatically create a new iCloud backup overnight. If successful, that backup might have contained the missing information between the October backup and December 2, when the San Bernardino massacre occurred."

Only problem with Apple's idea is that they already knew it wouldn't work because he turned off the Automatic backups before and without the pin code it wouldn't magically start automatic backups later unless Apple really does have a backdoor already.

Quote

"Apple has already provided the FBI with access to Farook's iCloud backups through mid-October, when he apparently stopped backing up his phone to iCloud servers. "

I'd take the lack of backups pretty good evidence for the backups being turned off especially since he was still using the phone until the attack.

 

I also remember other people saying the FBI already has the phone's contents (old backups) but it is pretty clear there is a window that is missing the most important one where the backups were disabled leading upto the attack. Changing the iCloud password wouldn't effect the phone where the user already disabled iCloud backups as they would never happen without someone with the phone pin code logging in and turning that back on.

[LAwLz]

6 minutes ago, Roawoao said:

The evidence is in the news article Apple provided the iCloud backups but the backups stopped well before the attack and it is extremely likely the terrorist just turned off the iCloud backup in settings which means it would never turn itself back on without someone have the iPhone pin code not iCloud password. The FBI would  be correct to change the iCloud password after they got the account info to prevent other malicious actors who may have also known the password from trying to erase or tamper with the account.

 

Because they already knew from apple the automatic backups were disabled before there was no point in trying Apple's suggestion because it would never work. The only reason it would have worked is totally absurd in that the terrorist never took his phone home or to work and never charged them there ever instead of just turning the backup switch off in the settings app.

 

Apple's PR BS again.

I think it's kind of funny how you change between "terrorists have low IQ and therefore don't know how to use a decent password" and "the terrorist knew that his phone would automatically sync so he disabled that long before the attack was carried out" as it fits your argument.

[Roawoao]

16 minutes ago, LAwLz said:

I think it's kind of funny how you change between "terrorists have low IQ and therefore don't know how to use a decent password" and "the terrorist knew that his phone would automatically sync so he disabled that long before the attack was carried out" as it fits your argument.

It doesn't take much to turn off the iCloud backup. Its literally a single switch in the settings.

See that switch easy to press. Also I doubt delete backup actually deletes the backups of the backups immediately. 

 

You know what happens if you use a 20 char complex password on a non-touchID phone. Try doing it yourself and tell me how your user experience changed. It is called human factors its pretty simple to understand. 

 

I think it is funny that you think using a 20 char complex password to unlock a phone every time is a smart thing to do. The terrorist being stupid is more about how committing suicidal terrorist attacks is retarded and clearly not a good way to stay alive.

[samcool55]

9 hours ago, ionbasa said:

By the way, the FBI and the related court agencies have reinforced that they intend to use it on only this iPhone and that Apple may destroy their firmware workaround once it's been used on this specific iPhone. Apple may then keep possession of their modified firmware and keep the phone.

 

I don't believe that. I'm not saying you are a liar. But i think the FBI and whoever is on their side are just straight up lying.

If apple does give in, i'm 100% sure it will screw us over eventually in a really really bad way.

Because the next time the FBI has a reason to break into an iPhone they will just say apple has to do it because they have done it before, and they will give 0 fucks if the software used the first time is gone. At that point apple has proven they can break into iphones and the fbi will ask to break into them more and more until they have a backdoor into every iphone. And at that point they have reached their goal, global privacy rape of iphone users...

 

We have learned that it eventually gets there. I mean look at camera's in public area's. It started with a few and just for monitoring how busy it was. And now the camera's are everywhere and are able to track every person everywhere. Or at least trying to.

[patrick3027]

Damn Apple, I hate your overpriced products 99% of the time but this time you're doing something great. Finally a major tech player shows that it takes cyber security seriously.

[Roawoao]

6 minutes ago, samcool55 said:

I don't believe that. I'm not saying you are a liar. But i think the FBI and whoever is on their side are just straight up lying.

If apple does give in, i'm 100% sure it will screw us over eventually in a really really bad way.

Because the next time the FBI has a reason to break into an iPhone they will just say apple has to do it because they have done it before, and they will give 0 fucks if the software used the first time is gone. At that point apple has proven they can break into iphones and the fbi will ask to break into them more and more until they have a backdoor into every iphone. And at that point they have reached their goal, global privacy rape of iphone users...

 

We have learned that it eventually gets there. I mean look at camera's in public area's. It started with a few and just for monitoring how busy it was. And now the camera's are everywhere and are able to track every person everywhere. Or at least trying to.

I don't think you understand how cryptography works. If apple signed a specific version for this one phone that took the SHA256 checksum of the encrypted volume and the device unique ID as the hash required to install then no actor except Apple could update the software as it would require re-signing to work on any other device. Oh this is also ignoring the fact you could also just dump the flash memory due to the lack of a secure enclave in hardware and brute force offline without needing any special versions.

 

How are you 100% sure it will screw you over eventually as the only way someone could sign as Apple would be to compromise their private signing keys which would compromise everything not just the lock screen. At that point there is no need for any special version you have the root private signing key hard coded into every existing iPhone with implicit trust.

 

Apple already proved they can break into their own phones they said it already so no examples are needed. They didn't come out saying it is impossible they said its bad for user security which is only really true for the targets. The only way for Apple to say all user security is ruined is if the FBI raided apple and took the private signing keys which would then 100% ruin all security period and already exists for some extremely useful reasons.

 

I don't really see many camera's in public areas in the US and Canada. Maybe the UK but they seem fine with their saturation of public video surveillance.

[Roawoao]

11 minutes ago, patrick3027 said:

Damn Apple, I hate your overpriced products 99% of the time but this time you're doing something great. Finally a major tech player shows that it takes cyber security seriously.

If they took cyber security seriously then they would allow for user provided zero knowledge encrypted iCloud storage and have ROM secure enclaves and when patching them (physically impossible) were to be needed they would recall the phones and replace them free of charge with cross shipment overnight. Oh and have a 10 billion dollar bounty for any catastrophic flaws that would compromise the system.

[samcool55]

2 minutes ago, Roawoao said:

I don't think you understand how cryptography works. If apple signed a specific version for this one phone that took the SHA256 checksum of the encrypted volume and the device unique ID as the hash required to install then no actor except Apple could update the software as it would require re-signing to work on any other device. Oh this is also ignoring the fact you could also just dump the flash memory due to the lack of a secure enclave in hardware and brute force offline without needing any special versions.

 

How are you 100% sure it will screw you over eventually as the only way someone could sign as Apple would be to compromise their private signing keys which would compromise everything not just the lock screen. At that point there is no need for any special version you have the root private signing key hard coded into every existing iPhone with implicit trust.

 

Apple already proved they can break into their own phones they said it already so no examples are needed. They didn't come out saying it is impossible they said its bad for user security which is only really true for the targets.

 

I don't really see many camera's in public areas in the US and Canada. Maybe the UK but they seem fine with their saturation of public video surveillance.

I don't know the whole security part exacly works because that's not my point.

There is a way to get into it with brute-forcing. The only thing that stops the FBI from getting access is the 4-digit pin code at the lock screen.

And as we know there is somewhere a chip that keeps count of the amount of tries someone has put in the pin that's wrong.

So if apple is clever enough they can try a pin and block the signal that says the pin is wrong to the chip that keeps track of it, than they can just brute-force it and get into it.

 

And the camera's are just an example. A big city close to where i live for example, had put up a handful of camera's on the road. Just a few at busy places to let everybody know when it was busy and when it wasnt. Now, 2-3 years later, camera's are all over the place and track you everywhere. And they also check your number plate and if there is an issue, the cops will put you to the side of the road.

 

So if you have done something wrong, and it is linked to your license plate, and you drive into that city, the cops will get you right away. There will just pop up a notification at the local police department and off they go.

 

Surveillance started as something small and innocent and look at it now. It's terrible and it's starting to change the way everything works.

A couple of years ago you were innocent unless there was proof you commited a crime.

Now you are always looked at like a criminal unless there is proof you are innocent. That's a really scary evolution and already happening.

 

And exacly the same will happen with the iphone if they give in now. Start small, ends in disaster for normal people.

[Roawoao]

17 minutes ago, samcool55 said:

I don't know the whole security part exacly works because that's not my point.

There is a way to get into it with brute-forcing. The only thing that stops the FBI from getting access is the 4-digit pin code at the lock screen.

And as we know there is somewhere a chip that keeps count of the amount of tries someone has put in the pin that's wrong.

So if apple is clever enough they can try a pin and block the signal that says the pin is wrong to the chip that keeps track of it, than they can just brute-force it and get into it.

 

And the camera's are just an example. A big city close to where i live for example, had put up a handful of camera's on the road. Just a few at busy places to let everybody know when it was busy and when it wasnt. Now, 2-3 years later, camera's are all over the place and track you everywhere. And they also check your number plate and if there is an issue, the cops will put you to the side of the road.

 

So if you have done something wrong, and it is linked to your license plate, and you drive into that city, the cops will get you right away. There will just pop up a notification at the local police department and off they go.

 

Surveillance started as something small and innocent and look at it now. It's terrible and it's starting to change the way everything works.

A couple of years ago you were innocent unless there was proof you commited a crime.

Now you are always looked at like a criminal unless there is proof you are innocent. That's a really scary evolution and already happening.

 

And exacly the same will happen with the iphone if they give in now. Start small, ends in disaster for normal people.

There is no secure enclave on this phone so no chip that keeps count that is literally the function of the secure enclave to enforce policies in hardware (sorta, it can still be updated by apple) This is an iPhone 5c so just dumping the flash memory would allow for an open brute force attack. 

 

Those are called traffic camera's I'm sure you can go find the website to see what pictures they gather and frankly whoever is selling that garbage is scamming the cities because it they are typically pretty low res, grainy, low bandwidth, crappy cameras. Security cameras are orders of magnitude higher quality than a traffic camera. 

 

Most don't even sample very often and many are wireless and in remote locations like mountain highways so a live 30 fps feed would be extremely expensive. Those cameras are so crappy you would have great trouble getting automatic license plate results from such images. If your city has HD traffic cameras then that is odd because it is extremely wasteful. (Those are probably road security cameras but in Canada west/east coast/US west coast I've never seen such a system in a city I've visited.)

 

The UK certainly does have total live road surveillance. You can tell because the cameras a much bigger physically speaking and there are orders of magnitude more than any traffic camera system.

 

Traffic cameras are still crappy traffic camera's in my city I would certainly notice them getting HD cameras installed over the tiny cheap probably just a usb webcam slapped in a tiny box.

 

Again you don't understand basic cryptography there is no way for anyone but Apple to use any special version on a different phone with just a simple hash check used to tie it to one phone. To re-purpose it you would need Apple's private signing authority which provides much more power than just signing a DFU update. If you had that ablity then you don't need any backdoor OS as you have the entire ecosystem.

[samcool55]

3 minutes ago, Roawoao said:

There is no secure enclave on this phone so no chip that keeps count that is literally the function of the secure enclave to enforce policies in hardware (sorta, it can still be updated by apple) This is an iPhone 5c so just dumping the flash memory would allow for an open brute force attack. 

 

Those are called traffic camera's I'm sure you can go find the website to see what pictures they gather and frankly whoever is selling that garbage is scamming the cities because it they are typically pretty low res, grainy, low bandwidth, crappy cameras. Security cameras are orders of magnitude higher quality than a traffic camera. 

 

Most don't even sample very often and many are wireless and in remote locations like mountain highways so a live 30 fps feed would be extremely expensive. Those cameras are so crappy you would have great trouble getting automatic license plate results from such images.

 

The UK certainly does have total live road surveillance. You can tell because the cameras a much bigger physically speaking and there are orders of magnitude more than any traffic camera system.

 

Traffic cameras are still crappy traffic camera's in my city I would certainly notice them getting HD cameras installed over the tiny cheap probably just a usb webcam slapped in a tiny box.

 

Again you don't understand basic cryptography there is no way for anyone but Apple to use any special version on a different phone with just a simple hash check used to tie it to one phone. To re-purpose it you would need Apple's private signing authority which provides much more power than just signing a DFU update. If you had that ablity then you don't need any backdoor OS as you have the entire ecosystem.

I know the camera's at the road are in a big-ass box and there are 2 lenses, so at least the outside doesn't look like crap. And they can recognize license plates so i can imagine the quality is good.

 

And we don't have mountain stuff over here, just all relatively flat and also a quite high average population density. There isn't a place here that doesn't have a house in a few mile radius so there is probably everywhere some decent connection to use for the camera's. And we can't see what they see btw, it's not online available. The only thing we can see is how busy traffic is on a map that's usually quite wrong. So it doesn't even work properly for what it should do in the first place.

 

Also there are at some places average speed camera's and they are like really weird. It's a pole with i believe 6 camera's on them and they all look pretty scary.

It's really a pole with camera's all over it, and i'm sure that they also can check license plates because that's exacly what they are designed to do.

 

And don't you think that getting as much power from apple is what the fbi wants? And i know getting the encrypted data off it and brute-forcing it that way is not an option unless they wait like 9 quadrillion years or whatever. I don't know, at least a really long time which makes it not an option.

[LAwLz]

5 minutes ago, Roawoao said:

Again you don't understand basic cryptography there is no way for anyone but Apple to use any special version on a different phone with just a simple hash check used to tie it to one phone. To re-purpose it you would need Apple's private signing authority which provides much more power than just signing a DFU update. If you had that ablity then you don't need any backdoor OS as you have the entire ecosystem.

And you are still missing the point. Even if we ignore all the other stuff we have already discussed (like bypassing signature checks, the OS wasn't designed for it and therefore it might not work as we expect it to do etc) you still run into the issue of "well Apple signed it before, so they should do it again". This case will determine how future cases are handled. If Apple gives in now, they will also have to do it in future cases. That's how the law works. It looks at past rulings.

Like you said before, they could just do a bump of the memory and then attack that. I suggested that several pages ago as well. Wanna know why they haven't done that? Probably because this case is not about gaining access to this particular phone. It's about setting a standard for how future cases will be handled. Since this case is about a known terrorist it is easy to just go "well it's obvious that they were bad guys and we need access to the phone".

 

 

1 minute ago, samcool55 said:

And don't you think that getting as much power from apple is what the fbi wants? And i know getting the encrypted data off it and brute-forcing it that way is not an option unless they wait like 9 quadrillion years or whatever. I don't know, at least a really long time which makes it not an option.

Depends on what kind of password it is. If it is just a short PIN then it will be really fast to crack. If it is a more complicated password then good luck breaking it...

[Roawoao]

16 minutes ago, samcool55 said:

I know the camera's at the road are in a big-ass box and there are 2 lenses, so at least the outside doesn't look like crap. And they can recognize license plates so i can imagine the quality is good.

 

And we don't have mountain stuff over here, just all relatively flat and also a quite high average population density. There isn't a place here that doesn't have a house in a few mile radius so there is probably everywhere some decent connection to use for the camera's. And we can't see what they see btw, it's not online available. The only thing we can see is how busy traffic is on a map that's usually quite wrong. So it doesn't even work properly for what it should do in the first place.

 

Also there are at some places average speed camera's and they are like really weird. It's a pole with i believe 6 camera's on them and they all look pretty scary.

It's really a pole with camera's all over it, and i'm sure that they also can check license plates because that's exacly what they are designed to do.

 

And don't you think that getting as much power from apple is what the fbi wants? And i know getting the encrypted data off it and brute-forcing it that way is not an option unless they wait like 9 quadrillion years or whatever. I don't know, at least a really long time which makes it not an option.

Those big ass boxes are probably red light cameras and the flash units. Those are probably even worse then digital cameras as they may even be film based if they are in huge boxes. It could also be a speed trap all of which only trigger if the red light pads or speed sensing system is tripped so it can't track you very easily unless your running every light at 200mph. Those typically don't even do live video but high res still images.

 

Those are called traffic enforcement cameras the reason why you don't see the images is because they don't fire very often. The traffic maps are generally not based on the video feed but in road inductive loops that sense when cars are present. These can be poor indicators as different vehicle types can mess around with the sensing or in the case of a motorcycle not be picked up at all.

 

ASLR systems will typically have an IR illuminator you can check with most digital cameras as their ir cut filters are not perfect.

 

No your confused the user pin code is a joke to brute force. Apple's private signing key is going to be basically impossible to crack. If the FBI seized Apple's signing keys there would be an internet back draft of unimaginable proportions that would literally be the end of internet security if they started taking private keys left and right which is why the FBI are not asking for that. The way public private keys work is apple can sign anything they want and your never going to be able to sign as apple without literally stealing the private key physically.

 

13 minutes ago, LAwLz said:

And you are still missing the point. Even if we ignore all the other stuff we have already discussed (like bypassing signature checks, the OS wasn't designed for it and therefore it might not work as we expect it to do etc) you still run into the issue of "well Apple signed it before, so they should do it again". This case will determine how future cases are handled. If Apple gives in now, they will also have to do it in future cases. That's how the law works. It looks at past rulings.

Like you said before, they could just do a bump of the memory and then attack that. I suggested that several pages ago as well. Wanna know why they haven't done that? Probably because this case is not about gaining access to this particular phone. It's about setting a standard for how future cases will be handled. Since this case is about a known terrorist it is easy to just go "well it's obvious that they were bad guys and we need access to the phone".

 

Depends on what kind of password it is. If it is just a short PIN then it will be really fast to crack. If it is a more complicated password then good luck breaking it...

I think your making some odd assumptions about Apple not knowing how to program their own operating system to just SHA256 hash the encrypted user partition and device UID and not install if it doesn't match the hard coded value in the update code. I don't really see a problem if Apple is the one who controls the special software as it cannot be abused by anyone but apple. All the court orders are very public and if the FBI started asking for general purpose ones the public shit storm would be unimaginable as it should be. Apple would be able to refuse/resist fight it out in the courts for such a general request.

 

The matter at hand however is different this is for a specific phone which has no secure enclave and is easy to tie a special version or not even need one in the first place. The past rulings already are not in Apple's favour they have complied in the past so the precedence is set long ago.

 

Dump of the memory and attack that is a backdoor free method but Apple also doesn't want to just fold instantly. Apple is best suited to doing this technical measure and the reason they won't do it right now is that would cause a PR nightmare for Apple which would hurt their security reputation with users even if it has no backdoor. By fighting it all the way to the top they can come away with it saying we did fight for the users even if at the end they capitulate and just dump the flash memory.

 

[samcool55]

1 minute ago, Roawoao said:

Those big ass boxes are probably red light cameras and the flash units. Those are probably even worse then digital cameras as they may even be film based if they are in huge boxes. It could also be a speed trap all of which only trigger if the red light pads or speed sensing system is tripped so it can't track you very easily unless your running every light at 200mph. Those typically don't even do live video but high res still images.

 

Those are called traffic enforcement cameras the reason why you don't see the images is because they don't fire very often. The traffic maps are generally not based on the video feed but in road inductive loops that sense when cars are present. These can be poor indicators as different vehicle types can mess around with the sensing or in the case of a motorcycle not be picked up at all.

 

ASLR systems will typically have an IR illuminator you can check with most digital cameras as their ir cut filters are not perfect.

 

No your confused the user pin code is a joke to brute force. Apple's private signing key is going to be basically impossible to crack. If the FBI seized Apple's signing keys there would be an internet back draft of unimaginable proportions that would literally be the end of internet security literally which is why the FBI are not asking for that. The way public private keys work is apple can sign anything they want and your never going to be able to sign as apple without literally stealing the private key physically.

 

No it's not a speed trap. Because they look different and are mounted on their own pole. And also they don't flash, i have seen a lot of people speeding past them and never saw one flashing. Also i would be suprised if they aren't digital because some of them are stupidly hard to reach and are usually mounted to a bridge or a light pole so you can't even get them easily down. And some of them are also less than a year old. And they do produce a video feed, that's what the mayor told us when they got introduced.

[Roawoao]

19 minutes ago, samcool55 said:

No it's not a speed trap. Because they look different and are mounted on their own pole. And also they don't flash, i have seen a lot of people speeding past them and never saw one flashing. Also i would be suprised if they aren't digital because some of them are stupidly hard to reach and are usually mounted to a bridge or a light pole so you can't even get them easily down. And some of them are also less than a year old. And they do produce a video feed, that's what the mayor told us when they got introduced.

Then they are just security cameras not traffic anything. It is technically a public space so not much in the law to protect you as you are also allowed to record the cameras and people around you on the road as well (dash cameras). If your city is the one installing them maybe you should vote for a different council next time if you don't agree with what they are doing. We got our red light cameras ripped out because residents didn't like them and they didn't reduce accidents anyway.

 

Businesses can also put security cameras on their premises as well and have been for ages due to theft and insurance claims. I'd guess your city has residents that in the bulk are fine with UK levels of video surveillance where things like automatic vehicle tracking, and pervasive video surveillance is the norm.

 

In our city the cameras are on a 2-15 minute delay with no stored data all on the city website with crap resolution and the signal drops out often to just transmission delayed. In Europe things are different I guess with countries like UK getting things like 4K security feeds because SD is useless. (it is)

[samcool55]

13 minutes ago, Roawoao said:

Then they are just security cameras not traffic anything. It is technically a public space so not much in the law to protect you as you are also allowed to record the cameras and people around you on the road as well (dash cameras). If your city is the one installing them maybe you should vote for a different council next time if you don't agree with what they are doing. 

Well yea it's legal. But it's just an example of how stuff goes from innocent and helpful for the civilians to a mass surveillance system that's able to track people everywhere.

And they are trying more and more ways to do that, and sometimes the law says they can't, but they don't give a damn about that as we all know.

 

Also it will only get worse and worse, and you will get punished eventually for the smallest mistake you make. You drive accidentally a couple of miles above the speed limit? Instany logged and that crime, as little as it is, will be tied to you the rest of your life. And that's where we are heading to. A development that i really don't like.

 

People are tracked everywhere because they want to make the world safer, but i personally feel hunted down and i don't want to go outside anymore because whatever i do, someone will know, save, and store it for longer than i live. 

 

And if you do something unusual, that gets also logged.

For example you are going home after a party and it's dark, and you have to walk from A to B, and you know that it's quicker to do that if you walk for example through a park.

I won't be suprised if this trend keeps going, the next day the cops will be at your door asking why you walked through a park in the middle of the night. It might sound really crazy, but that's where we are heading to. The stuff to do such things are already appearing, and the size of it is growing rapidly.

[Roawoao]

21 minutes ago, samcool55 said:

Well yea it's legal. But it's just an example of how stuff goes from innocent and helpful for the civilians to a mass surveillance system that's able to track people everywhere.

And they are trying more and more ways to do that, and sometimes the law says they can't, but they don't give a damn about that as we all know.

 

Also it will only get worse and worse, and you will get punished eventually for the smallest mistake you make. You drive accidentally a couple of miles above the speed limit? Instany logged and that crime, as little as it is, will be tied to you the rest of your life. And that's where we are heading to. A development that i really don't like.

 

People are tracked everywhere because they want to make the world safer, but i personally feel hunted down and i don't want to go outside anymore because whatever i do, someone will know, save, and store it for longer than i live. 

 

And if you do something unusual, that gets also logged.

For example you are going home after a party and it's dark, and you have to walk from A to B, and you know that it's quicker to do that if you walk for example through a park.

I won't be suprised if this trend keeps going, the next day the cops will be at your door asking why you walked through a park in the middle of the night. It might sound really crazy, but that's where we are heading to. The stuff to do such things are already appearing, and the size of it is growing rapidly.

Well technically everything you type and look at here on this forum is also tracked and LMG can and will moderate your actions if the need arises. It isn't like logging, tracking, ... is going to harm you by its mere existence. I highly doubt with more cameras they will be able to track more people it usually works in reverse which is why the NSA download the internet concept is stupid. Yes in theory you could track everyone but how are going to have the resources to do it for no particular reason.

 

The world is just swimming in data nowadays and that is just how it is. Average speed ticking is actually really smart technically speeders should pay for the increased risk it presents. In our city you we have the wrong way about speeding get caught too many times or too much speeding then your car gets impounded and your stuck on the side of the road. Your license can and will get automatically for too many tickets (they don't care what the ticket was for or the speed) revoked and you have to pay thousands in safety fees there is no proportionality if even if your caught 1-2 kph over too many times. Or you can pay thousands of dollars over 5 years but if you go over the ticket history limit your still going to get your license revoked.

 

In our system a speeding ticket is not considered a criminal act (although this means you basically have no recourse but to pay early and save... your automatically guilty even if the cop has no video evidence or speed camera his word supersedes yours because it is just a fine) it is considered a civil offence. It will not ruin your life unless your in my city and speed too much and need to drive and get your license revoked for a year. (I take transit no tickets that way although I'm sure the NFC system tracks me everywhere but will get confused since the system is generally garbage)

 

Tracking does in some cases make you safer. PLBs are an example and why planes over oceans don't require tracking is mind boggling. Tracking every single person is basically impossible even if there is a technical system to do it. One could say Google is more suited to tracking your every move than your cities cameras but it is more about advertising to them than anything else.

 

I'd suggest just not caring it isn't like the cameras can see into your soul or anything.

 

I don't know what you mean by unusual being logged as the cameras are dumb as bricks even with deep learning software. If you asked a camera to automatically log everything unusual your probably going to get a tree swaying creating odd shadows.

 

You do know your phone probably already does that tracking no cameras needed. It is far easier that way anyway and for location services it is handy. Your cell towers can usually locate you pretty well inside cities and you can't even stop that from logging your every move.

 

Just don't be so paranoid think of yourself as noise to the system if they ever tried tracking you it would amount to nothing but a waste of their resources. If everyone was really noisy then total surveillance would be garbage. One reason why the NSA download the internet project was so not very useful. 

[XDroidie626]

16 hours ago, Roawoao said:

Apple signs the custom OS version modifying to use on another single device would require that same signing authority. It isn't a tool either it is just a edited version of the software that runs on the phone and if you use a strong password your safe. The FBI isn't asking for the phone to be decrypted just the UI software OS level actions to be removed such as the password retry count to auto-wipe and ux delays that are on top of the hardware delays. Since there is no secure element these are trivially bypassed in software.

 

So while it is legally bad news technically speaking it is easy to achieve and would not easily be re-purposed to any other phone without more court orders. Ultimately if Apple's signing authority was compromised then you don't need any special OS version that messes with the lock screen you can just delete the lock screen entirely and sign that version and push it out to all phones if you use a time delay to sync up the actual effect you could decrypt, unlock, disable, compromise virtually all Apple devices in one instant (Assuming you have the private hardware root signing keys which are much more important than anything else). 

 

The problem is the drives hash, if there is anything changed on that device, even if a file is opened on it the hash will change, which will lead to tampered evidence and will fail, they need the image of the OS to be moved to a secure system and then do it, but thats where the encryption is involved, its so strong they couldn't physically brute force the system.

Apples stand point is this, As much as we would like to help you, we cant without risking our users privacy and well lets be honest neither UK or USA can be trusted with data... its obvious that they will use it on mass scale if they got this tool.

 

Lets put it this way, If you owned an iPhone (Like me) I don't particually have any info on it that is incriminating towards me or my family/friends but I respect my privacy and don't want someone I don't know and cant trust to look at my info.

My work phone (Also an iPhone) has very sensitive info on it, they encryption stops people snooping the data on it, hell I even use VPNs when I am on anything other than my home network and works personal network.

 

Encryption helps me daily to stay secure and keep my info safe from anyone I do not want to see. This is why Apple should say no regardless of who they are, I agree this incident is awful, but Apple simply should not put their customers at risk from governments who cannot be trusted, which is the point apple are making here.

We should be grateful that apple puts its customers first, I doubt Microsoft would do this.

 

[Roawoao]

17 minutes ago, XDroidie626 said:

The problem is the drives hash, if there is anything changed on that device, even if a file is opened on it the hash will change, which will lead to tampered evidence and will fail, they need the image of the OS to be moved to a secure system and then do it, but thats where the encryption is involved, its so strong they couldn't physically brute force the system.

Apples stand point is this, As much as we would like to help you, we cant without risking our users privacy and well lets be honest neither UK or USA can be trusted with data... its obvious that they will use it on mass scale if they got this tool.

 

Lets put it this way, If you owned an iPhone (Like me) I don't particually have any info on it that is incriminating towards me or my family/friends but I respect my privacy and don't want someone I don't know and cant trust to look at my info.

My work phone (Also an iPhone) has very sensitive info on it, they encryption stops people snooping the data on it, hell I even use VPNs when I am on anything other than my home network and works personal network.

 

Encryption helps me daily to stay secure and keep my info safe from anyone I do not want to see. This is why Apple should say no regardless of who they are, I agree this incident is awful, but Apple simply should not put their customers at risk from governments who cannot be trusted, which is the point apple are making here.

We should be grateful that apple puts its customers first, I doubt Microsoft would do this.

 

No you don't understand the whole point is so that it will only install on the encrypted phone specifically at this moment in time. Until they crack the pin code the encrypted user data will not be touched at all. And yes it is the point that even the phone after it is cracked cannot have the same OS update flashed to it anymore so that it only works in this one particular case for one terrorist's encrypted volume. The OS is not the encrypted user data. A SHA256 hash and the UID coded validation check would make it a single use patch. Literally once they are done with the phone and wipe it clean it could be resold and the same patch would not work on it ever again because the SHA256 hash of the encrypted user data would never match.

 

Private public key model protects such a specific version (not that it is needed) as a brute force of the raw encrypted blob's key is also possible by just dumping the flash. If UK/US wanted to use it enmass they would have to first seize apple's private keys to sign the modifications however they want. This would be a nuclear option no one will win the internet will catch fire stuff like that and much more than just your lock screen will be insecure at that point.

 

Sorry Apple can look into your phone if you use iCloud of find my iphone. It is a server mediated process that bit you can turn it off but that isn't recommended as your backups and theft protection will be lost. An apple engineer can probably look at your info if they really wanted to break the rules.

 

Your work phone is probably under device admin or at least it should be for corporate control over your work phone which means it is more your workplace managing that device they can even remotely wipe your phone if they so choose to and read anything you do on it. (Why the terrorist's work phone wasn't managed properly by his workplace's IT department is just incompetence)

 

VPNs are good for security against local snooping but a government can still just get the ISPs to work it back to you (You connect to VPN, VPN connects to a server all that the government need to do is to knock off all other users (get a court order to give your account exclusive access for a period of time) and your none the wiser that they just tracked you down). Encryption isn't being compromised by Apple in this case either it actually is why any special version only would work on one phone.

 

Microsoft and Google assist law enforcement. Bitlocker drive encryption can be configured in a strong manner but it isn't the default. Neither is Apple's system set to default to maximum security either. Andriod FDE is dumb as bricks so its only usually as strong as your passcode, however they don't provide any UX hinting which is technically a security up vs. apple's lock screen. By default apple encourages 4 or 6 pin codes while android just give you a line of text to enter which is more likely to result in a non-numeric only password for the boot process.

 

 

[Sauron]

The problem is not decrypting that one phone, the problem is that this opens up the way to decrypting them all and possibly remotely. A potential solution would be hand the phone over to apple, let them decrypt it while keeping their method secret, then returning it unlocked.

 

Apple losing a little money for this is completely irrelevant, safety and privacy should both come before corporate interest for a government. The real issue is that in this case pursuing safety may completely nullify the privacy of apple customers.

[Sauron]

18 minutes ago, Trik'Stari said:

Point is, don't trust the government. They are only out to justify their own existence, and get more power for themselves. That's all they've ever done. That goes for both sides of the aisle.

"all they've ever done" seems a little extreme to me, the u.s. is still a realtively civil and free country whereas what you describe would be a straight up dictatorship. There are certainly a lot of countries that I would call more free or civil than the US, but that doesn't mean the situation is as damatic as you picture it.

[Trik'Stari]

Just now, Sauron said:

"all they've ever done" seems a little extreme to me, the u.s. is still a realtively civil and free country whereas what you describe would be a straight up dictatorship. There are certainly a lot of countries that I would call more free or civil than the US, but that doesn't mean the situation is as damatic as you picture it.

I feel that any time they've done something that was for the best interest of the citizens (lets say, over the past 30ish years or so), the only reason they did so was for their own self interest. As in keeping us from getting pissed off enough to recall and remove them from office etc.

 

There might be people in the federal government who actually take the idea of being a "civil servant" seriously, and want to do good by the people of the united states, but as far as congress goes, it's a cesspool of scum and villainy in my book.

[Sauron]

Just now, Trik'Stari said:

I feel that any time they've done something that was for the best interest of the citizens (lets say, over the past 30ish years or so), the only reason they did so was for their own self interest. As in keeping us from getting pissed off enough to recall and remove them from office etc.

 

There might be people in the federal government who actually take the idea of being a "civil servant" seriously, and want to do good by the people of the united states, but as far as congress goes, it's a cesspool of scum and villainy in my book.

Their motivations hardly matter if what they do is in some way good for the country. That's the point of a democracy, force the government to serve the people at least in some way or risk not being reelected.

[Trik'Stari]

Just now, Sauron said:

Their motivations hardly matter if what they do is in some way good for the country. That's the point of a democracy, force the government to serve the people at least in some way or risk not being reelected.

True, but I still don't forget about their motivations, whenever they argue in favor of something I ask myself "are they doing this for our good, or their own good?"

[WoctorDho]

So, I found this article today...

http://www.theverge.com/2016/2/19/11068684/apple-iphone-encryption-justice-department-fbi

Quote

Justice Department says Apple’s defense of encryption is just a marketing stunt

In a new motion filed today, the Justice Department is seeking to force Apple to comply with the order asking it assist the FBI in breaking into the iPhone 5C of San Bernardino shooter Syed Farook. "Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this court's [previous order], Apple has responded by publicly repudiating that order," US attorneys wrote. Going further, the Justice Department considers Apple's refusal "to be based on its concern for its business model and public brand marketing strategy" above all else.

 

Apple was originally granted five business days to respond to the order issued on February 16th, with an additional three-day extension putting the deadline at February 26th. However, the Justice Department is increasing the pressure after Apple CEO Tim Cook posted an letter on his company's website outlining the plan to resist the order. The Justice Department didn’t wait for Apple’s official legal response, claiming that by posting its letter to Apple customers earlier this week, the company "made its intention not to comply patently clear."

 

"APPLE HAS RESPONDED BY PUBLICLY REPUDIATING THAT ORDER."

 

"The government does not seek to deny Apple its right to be heard, and expects these issues to be fully briefed before the Court; however, the urgency of this investigation requires this motion now that Apple has made its intention not to comply patently clear," US attorneys added. "This aspect of the investigation into the December 2nd, 2015 terrorist attack must move forward." The DOJ says Apple has "consistently complied with a significant number of orders" in the past for devices running earlier versions of iOS, and that "to facilitate a warrant is therefore not unprecedented."

 

While Apple is facing strong opposition from the US government, it's also seeing a mounting coalition of support from other Silicon Valley giants. After Google CEO Sundar Pichai stood behind Cook in a series of tweets on Wednesday, both Facebook and Twitter came out in support of Apple. Twitter CEO Jack Dorsey linked Cook's letter in a tweet yesterday afternoon and Facebook released a statement saying it "will continue to fight aggressively against requirements for companies to weaken the security of their systems." Facebook said the government's demands "would create a chilling precedent and obstruct companies’ efforts to secure their products." Other tech companies, including Facebook-owned WhatsApp and Microsoft, have sided with Apple, although to varying degrees of solidarity.

This article sources the following...

http://www.cnbc.com/2016/02/19/doj-files-motion-to-compel-apple-to-comply-with-fbi-order.html

... which again says:

Quote

"Apple's current refusal to comply with the court's order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy," the motion said.

My Opinion: 

I am not a fan of Apple's products, but when I first heard that the FBI needed to go to Apple to be able to get into an iPhone, it made me rethink that apple's products might not be so bad.  Even thought I don't care for ios, this security would be a huge selling point for me if I were looking for a new phone. Although we don't know that what is said about Apple is true, it made me reconsider my growing views on Apple. If this is true, I would be quite disappointed in Apple. 

 

I'm curious to see what you all think of this.

[Mornincupofhate]

On 2/17/2016 at 7:26 PM, DeadEyeKozi said:

So much for a Federal Bureau of Investigation if they can't decrypt an Iphone password, Anyway, I don't think Apple should provide them with the file, however they should just decrypt it themselves.

 

Edit: Read the rest of the post. Yeah, I don't think apple should be forced to supply the FBI with the file, but once again, for the people who lost their lives, they should at least decrypt this phone

They've decrypted like 80 iphones before, but the terrorist this time, setup his iphone with the self destruct thing, where if they've done 10 failed brute attempts, the iphones erases everything on the drive