Federal judge FORCES Apple to help FBI decrypt San Bernardino killers iPhone 5C

[Thony]

1 hour ago, 13CA350 said:

Look at the OP. They said it's impossible

I dont buy it. If u make something and u have a massive team and shit ton of resources then u know your product inside out. There is always a way. 

 

As we have been proven in the past: "Nothing is impossible".

 

Also, cant trust big companies

They could easily say its imposoible just to shut the media.

[Yoinkerman]

2 minutes ago, Thony said:

I dont buy it. If u make something and u have a massive team and shit ton of resources then u know your product inside out. There is always a way. 

 

As we have been proven in the past: "Nothing is impossible".

 

Also, cant trust big companies

They could easily say its imposoible just to shut the media.

I trust apple more than the American justice system, and I don't trust apple at all

[Thony]

8 minutes ago, Yoinkerman said:

I trust apple more than the American justice system, and I don't trust apple at all

U cant trust anyone but thats a whole another debate  my opinion stays.

[Bsmith]

brute force? seriously FBI, you want to brute force it? well guess that 10 times until deletion keeps them already at bay, I wonder what they would if they encounterd apple's encryption afterwards

[jasonr22]

Although I know there are a lot of Apple Haters out there I am glad they are standing their ground on this.  The biggest concern here is not whether they can but that they should not be forced to create a way to backdoor their own system, when it doesn't already exist.  In this situation you would have to think about the long term effect of what is being ask, and not why it is being asked.  I have no doubt that they have no sympathy for the terrorists.  In cases like this you would have to ask yourself one question.  What would happen if they did this, and 2, 4 6+  years down the road the FBI keeps requesting this type of service for US citizens.  If they do it once based on a Court order then the FBI would have a legal precedence to request, and get it done again, for anything they deem "in the interest of public safety".  It is extremely bad precedent for the FBI to be allowed to do this.

 

Never choose to relax security protocol due to emotional circumstance.  It may make you look heartless but in the long run you will pay dearly for not holding your ground!

[Yoinkerman]

19 minutes ago, Thony said:

U cant trust anyone but thats a whole another debate  my opinion stays.

Its more likely they're saying its impossible in a reasonable timeframe or cost to the company.  Not that no one can do it ever.  Context is important.

[Entropy]

Now,  I'm against governments being able to decrypt your information at will,  but if you're attached directly to the murder of multiple people...  You tossed that right to privacy away already. 

 

I get that people don't trust governments with their data,  but I don't get this notion that murderers are entitled to the same level of privacy. 

[Bensemus]

Will this file Apple is creating disable the phones ability to wipe itself in the case of 10 wrong passwords? Would be quite funny if the FBI does crack the phone after a few months just to realize it wiped itself a few seconds after they started brute forcing it.

[Yoinkerman]

12 minutes ago, Entropy said:

Now,  I'm against governments being able to decrypt your information at will,  but if you're attached directly to the murder of multiple people...  You tossed that right to privacy away already. 

 

I get that people don't trust governments with their data,  but I don't get this notion that murderers are entitled to the same level of privacy. 

Why would they need information from the guys phone?  He is dead.  They can't put him on trial or convict him.

[Entropy]

8 minutes ago, Yoinkerman said:

Why would they need information from the guys phone?  He is dead.  They can't put him on trial or convict him.

To find possible connections and accomplices to the crime,  I'd imagine.

[Yoinkerman]

Just now, Entropy said:

To find possible connections and accomplices to the crime,  I'd imagine.

So, to fish?  

 

That definitely doesn't pass the sniff test.

[13CA350]

1 hour ago, Bsmith said:

brute force? seriously FBI, you want to brute force it? well guess that 10 times until deletion keeps them already at bay, I wonder what they would if they encounterd apple's encryption afterwards

 

1 hour ago, Bensemus said:

Will this file Apple is creating disable the phones ability to wipe itself in the case of 10 wrong passwords? Would be quite funny if the FBI does crack the phone after a few months just to realize it wiped itself a few seconds after they started brute forcing it.

 

Deletion after 10 incorrect pass code attempts is a setting that is off by default but the user can enable if they wish. There's no way to tell if it's on or not unless you go into the settings app.

 

So, I'd imagine that he left it off because it would have been wiped already.

[Bensemus]

2 minutes ago, 13CA350 said:

Deletion after 10 incorrect pass code attempts is a setting that is off by default but the user can enable if they wish. There's no way to tell if it's on or not unless you go into the settings app.

 

So, I'd imagine that he left it off because it would have been wiped already.

I know its default off. I'd guess if you have illegal stuff on your phone you would turn it on. Is there a pop-up after 10 attempts saying the phone has been wiped? I've never purposely entered my passcode wrong 10 times to test it.

[biggiebody]

1 hour ago, Yoinkerman said:

So, to fish?  

 

That definitely doesn't pass the sniff test.

He has possible connections to ISIS, getting information from his phone with connections to ISIS could prevent another attack like this.  Why is that so hard to understand?

[Misanthrope]

1 hour ago, Yoinkerman said:

So, to fish?  

 

That definitely doesn't pass the sniff test.

Aye, their argument boils down to "because of reasons" instead of reasons they say "terrorism"

[Bsmith]

49 minutes ago, 13CA350 said:

 

 

Deletion after 10 incorrect pass code attempts is a setting that is off by default but the user can enable if they wish. There's no way to tell if it's on or not unless you go into the settings app.

 

So, I'd imagine that he left it off because it would have been wiped already.

 

In that case the FBI would be safe to brute force it's way in, but what I read from the letter is that they are stuck at that point and that they are very sure that he has the 10 times option enabled.

[Bensemus]

2 hours ago, Bsmith said:

In that case the FBI would be safe to brute force it's way in

The phone would still  lock itself for longer and longer periods of time after every failed attempt so even if it doesn't wipe itself they can't brute force it until they get rid of the time out.

[TroubleKlef]

3 hours ago, biggiebody said:

He has possible connections to ISIS, getting information from his phone with connections to ISIS could prevent another attack like this.  Why is that so hard to understand?

so we're throwing away the right to privacy on a maybe?

 

We're dealing with dangerous levels of precedent here. 

[ionbasa]

So interestingly enough, Apple doesn't claim for it to be impossible like they keep telling the public. Instead they're now saying that doing so could put other users at risk if the modified firmware is used for bad intentions or gets into the wrong hands.

 

That's total Bullshit. Apple tried to convince its users that it can't decrypt or modify firmware, yet Apple is now saying it's dangerous to do so. Meaning: Apple knows of an way to actually make it happen. They're just pushing back.

 

Honestly, the better thing to have been done was for Apple to just have cooperated rather than saying its possible, but they don't want to do it. They could have kept it 'hush hush' but rather decide to blow it up publicly. Don't think Apple won't suffer repercussions via their investors, backers, users. It puts Apple in an interesting position, defend privacy of users, or acknowledge that their helping terrorists hide data (What the public interprets from the media).

 

I'd rather see this type of situation be handled on an case by case basis. Rather than giving the FBI an all mighty 'master' firmware which disables security checks, Apple should just do it themselves when subpoenaed to do so. This means that such firmware never leaves their labs and the government won't have the firmware to abuse.

 

Its not an black and white issue people, it's all gray and murky. There no good way to look at this case.

[Bsmith]

35 minutes ago, Bensemus said:

The phone would still  lock itself for longer and longer periods of time after every failed attempt so even if it doesn't wipe itself they can't brute force it until they get rid of the time out.

 

Or they could play the proper techsavey goverment agency and develop themselves a tool that allows you to acces the phone while it's hooked to a computer system, which shouldn't be impossible, I mean the great FBI is one of the US best agencies right? they must have something else then brute muscle/compute power.

[RagnarokDel]

I dont think they understand how encryption works...

[Stuff_]

5 hours ago, Thony said:

I dont buy it. If u make something and u have a massive team and shit ton of resources then u know your product inside out. There is always a way. 

 

As we have been proven in the past: "Nothing is impossible".

 

Also, cant trust big companies

They could easily say its imposoible just to shut the media.

You don't buy it? How about instead of determining your own idea based on your ignorance, you research the encryption methods used by Apple (AES-256) and then do some research as to what that means, and how you would go about cracking it. 

 

You'll soon realize that, no, Apple can not decrypt the device without some sort of backdoor, which they claim does not exist. 

[ionbasa]

Just now, RagnarokDel said:

I dont think they understand how encryption works...

They're not asking apple to decrypt the phone. They're being asked to modify the embedded firmware to prevent lockouts due to bruteforcing or having the phone auto-erase after a certain number of incorrect tries.

 

Apple already admitted it was possible, just not directly. Instead they're saying it endangers their entire user base if they comply, meaning, it's possible since they haven't given an technical reason why it shouldn't be possible.

[RagnarokDel]

Just now, ionbasa said:

They're not asking apple to decrypt the phone. They're being asked to modify the embedded firmware to prevent lockouts due to bruteforcing or having the phone auto-erase after a certain number of incorrect tries.

 

Apple already admitted it was possible, just not directly. Instead they're saying it endangers their entire user base if they comply, meaning, it's possible since they haven't given an technical reason why it shouldn't be possible.

I know that, I'm just saying it defeats the purpose of  encryption if you can just do that.

[Stuff_]

1 minute ago, RagnarokDel said:

I know that, I'm just saying it defeats the purpose of  encryption if you can just do that.

Well, to be fair, according to Apple's security documentation, they say:

 

" By setting up a device passcode, the user automatically enables Data Protection. iOS supports six-digit, four-digit, and arbitrary-length alphanumeric passcodes. In addition to unlocking the device, a passcode provides entropy for certain encryption keys. This means an attacker in possession of a device can’t get access to data in specific protection classes without the passcode.

 

The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.

 

The stronger the user passcode is, the stronger the encryption key becomes. Touch ID can be used to enhance this equation by enabling the user to establish a much stronger passcode than would otherwise be practical. This increases the effective amount of entropy protecting the encryption keys used for Data Protection, without adversely affecting the user experience of unlocking an iOS device multiple times throughout the day.

 

To further discourage brute-force passcode attacks, there are escalating time delays after the entry of an invalid passcode at the Lock screen. If Settings > Touch ID & Passcode > Erase Data is turned on, the device will automatically wipe after 10 consecutive incorrect attempts to enter the passcode. This setting is also available as an administrative policy through mobile device management (MDM) and Exchange ActiveSync, and can be set to a lower threshold.

 

On devices with an A7 or later A-series processor, the delays are enforced by the Secure Enclave. If the device is restarted during a timed delay, the delay is still enforced, with the timer starting over for the current period"