[Update 3/3/16]John McAfee Reveals To FBI, On National TV, How To Crack The iPhone (RT Interview)

[No Nrg]

John McAfee went on national TV and explained in simple instructions how the FBI could open the iphone in 30 minutes with two people.

https://www.youtube.com/watch?v=MG0bAaK7p9s

(forgot how to embed video)

 

Not sure how I feel about him revealing this to the public as there are people out there with the smarts to pull it off. That's of course assuming what he claims actually works. I don't have the technical background to verify or falsify his claim.

 

Also, had no idea this guy was running for president in the fringes of the political spectrum. Does he seriously think anyone would elect him?

 

Update 1:

Here's an update to the whole thing from Ars provided by @Kloaked: http://arstechnica.com/security/2016/03/john-mcafee-better-prepare-to-eat-a-shoe-because-he-doesnt-know-how-iphones-work/

 

Supports the notion that McAfee is talking out of his ass as usual, just trolling.

 

Update 2 3/3/16:

John McAfee squares off with former FBI officer Steve Rogers about the iPhone backdoor demanded by the FBI on CNN.

https://www.youtube.com/watch?v=HqI0jbKGaT8

 

TL;DW

 

Quote

McAfee: This is not an issue of privacy or security, this is about how you want to access the phone. The FBI is asking for a master key. I have been in this business my entire life, there has never been a single instance of a master key or back door being placed in software that was not accessed in a matter of weeks by foreign agents or black hat hackers. There is simply no way to keep this within the FBI.

 

 

Basically McAfee is solely against a backdoor method of cracking the Iphone.  

 

[TidaLWaveZ]

2 minutes ago, No Nrg said:

John McAfee went on national TV and explained in simple instructions how the FBI could open the iphone in 30 minutes with two people.

https://www.youtube.com/watch?v=MG0bAaK7p9s

 

Not sure how I feel about him revealing this to the public as there are people out there with the smarts to pull it off. That's of course assuming what he claims actually works. I don't have the technical background to verify or falsify his claim.

 

Also, had no idea this guy was running for president in the fringes of the political spectrum. Does he seriously think anyone would elect him?

 

McAfee's a tosser.

[Mo_z_Art]

If it works, Apple has to fix this as soon as possible! All that data on those Iphones one could steal (of course, firstly you have to steal the phone but still... problems!)

[Guest Kloaked]

I'm no developer or anything but what he says make sense at first thought. Dunno about the time frame or the legitimacy.

 

But on his other point, the FBI has to know how to break into the phone. They just want to be able to have that universal key for malicious reasons, is what he's saying.

 

I just know McAfee is a huge troll so don't take anything he says literally.

[K0MP4CT]

Just now, Mo_z_Art said:

If it works, Apple has to fix this as soon as possible! All that data on those Iphones one could steal (of course, firstly you have to steal the phone but still... problems!)

There's always a workaround sadly.

[rEaGeNeReary]

5 minutes ago, Mo_z_Art said:

If it works, Apple has to fix this as soon as possible! All that data on those Iphones one could steal (of course, firstly you have to steal the phone but still... problems!)

Rules number 3 of security: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

 

http://technet.microsoft.com/en-us/library/hh278941.aspx

[No Nrg]

5 minutes ago, Kloaked said:

I'm no developer or anything but what he says make sense at first thought. Dunno about the time frame or the legitimacy.

 

But on his other point, the FBI has to know how to break into the phone. They just want to be able to have that universal key for malicious reasons, is what he's saying.

 

I just know McAfee is a huge troll so don't take anything he says literally.

I agree, FBI already probably has the crack in the works without Apple. They are just riding the pony with this case to see if they can gain the ability to crack any phone with no work needed.

[Silverfields]

This is going to sound completely noobish to the people who know a lot about the subject, but why doesn't Apple just give them a backdoor, and patch it after they use it?

Hell, all they'd have to do it make a public announcement, explain that they're making a backdoor for the FBI. Then, they'd announce that until the user installs a patch to the backdoor, it will be possible for the FBI get access to your phone. People would update, and then it wouldn't be an issue.

[dalekphalm]

2 minutes ago, NLR said:

This is going to sound completely noobish to the people who know a lot about the subject, but why doesn't Apple just give them a backdoor, and patch it after they use it?

Hell, all they'd have to do it make a public announcement, explain that they're making a backdoor for the FBI. Then, they'd announce that until the user installs a patch to the backdoor, it will be possible for the FBI get access to your phone. People would update, and then it wouldn't be an issue.

Because it sets a precedence, that's why Apple is refusing.

 

If they do this now, this one time, it will mean that in the future, the government can bully Apple into making changes or rewrites to their operating system at all. The government should not have that kind of control over a company - especially one that operates internationally.

 

Because if Apple does it for the US, then the UK, China, etc, are all gonna come crawling asking for the same treatment.

[Trik'Stari]

Damn. He rekt the FBI

[Silverfields]

7 minutes ago, dalekphalm said:

Because it sets a precedence, that's why Apple is refusing.

 

If they do this now, this one time, it will mean that in the future, the government can bully Apple into making changes or rewrites to their operating system at all. The government should not have that kind of control over a company - especially one that operates internationally.

 

Because if Apple does it for the US, then the UK, China, etc, are all gonna come crawling asking for the same treatment.

While I understand your point, why doesn't the government make a law/regulation stating that if you're convicted of breaking certain laws, you lose the right to encryption or something? That way, the FBI cannot legally ask for a backdoor unless its under strict regulation, and we don't have stupid drama like this.

EDIT: By certain laws, I mean really horrible things that result in a threat to the security/lives of the country.
 

[Sharp_3yE]

It's fine him to tell us about this because hackers, Apple and FBI should know this. It's a work around for not just iOS like MacAfee said.

 

so FBI is lying to us. They can get into that phone. This is why we can't trust Government and have to be careful about what they are saying or trying to do.

 

[dalekphalm]

1 minute ago, NLR said:

While I understand your point, why doesn't the government make a law/regulation stating that if you're convicted of breaking certain laws, you lose the right to encryption or something? That way, the FBI cannot legally ask for a backdoor unless its under strict regulation, and we don't have stupid drama like this.

EDIT: By certain laws, mean really horrible things that result in a threat to the security/lives of the country.
 

Here's the problem: If the FBI can get their hands on this backdoor, then so can hackers.

 

Furthermore, there is the risk that someone will abuse their power within the FBI (or other government organizations - it's happened before), and start to profile someone who is innocent.

 

Example: A group of peaceful protestors that protest against current government policies and the government body - advocating a change in leadership or something - some director at the FBI decides to take actions into his own hands.

 

Example 2: FBI Agent Smith thinks his wife is cheating on him. He decides to steal her phone (He can claim that she lost it for a while) and have it cracked via the backdoor, so he can snoop through her personal data - perhaps to try and catch the "evidence" of the hypothetical affair.

 

Example 3: FBI Agent Jones is bitter over her husband divorcing her for a younger woman. She decides to abuse her power to track their data, and wants to use this backdoor as a method of snooping into his new life.

 

These are just some examples of potential problems. Options #2 and #3 aren't even that extraordinary. The people who work at the FBI, the State Department, etc, they are just that - people. There are good ones and bad ones. Ethical honest ones, and douche bags who will use whatever advantage they can get.

 

Furthermore, that's not even counting what could happen if a hacker group or a criminal cartel got their hands on the backdoor.

 

Once you create something - once it goes into the wild - it can NEVER be removed.

[Silverfields]

4 minutes ago, dalekphalm said:

-snip-

I get your point, making a backdoor at all is bad. However, I've heard about horrible security/OS breaches on various OS's. All they had to do was release a patch, and the problem was fixed after it was installed. Is iOS different in that case? Again, if a backdoor was made, wouldn't it only affect a certain version on iOS? Wouldn't people be able to fix the backdoor via another update? I find myself very confused, as I thought security issues could be fixed rather easily once a patch is made and distributed.

[dalekphalm]

Just now, NLR said:

I get your point, making a backdoor at all is bad. However, I've heard about horrible security/OS breaches on various OS's. All they had to do was release a patch, and the problem was fixed. Is iOS different in that case? Again, if a backdoor was made, wouldn't it only affect a certain version on iOS? Wouldn't people be able to fix the backdoor via another update? I find myself very confused, as I thought security issues could be fixed rather easily once a patch is made and distributed.

You're missing the bigger picture.

 

The fact that they can simply patch any backdoor that they create after the fact is not the point. The point is that the Government would have set a precedence, that even if Apple created a backdoor and then patched it, the Government could simply request a new backdoor any time they wanted.

 

Also, with the type of backdoor that the FBI has requested, it would literally work on any iPhone capable of running iOS8/9, so pretty much, any iPhone 5 or higher (Possibly the 4 series as well). If they gained physical access to the device, they could - in theory - flash the iPhone with the hacked/backdoor iOS version.

 

Apple is saying that this cracked version should not ever be created in the first place.

[Silverfields]

I didn't know that they wanted a backdoor of THAT scale. I thought they wanted a backdoor just for the terrorists iPhone, so they could try and glean some useful information out of it.

I thought it was a bunch of people getting pissed off that their precious encryption was being threatened. Didn't realize that they were actually RIGHT this time.

The question is, why doesn't the government make a law dictating that when convicted of a high level crime, you lose the right to encryption?

[SpaceNugget]

Remember guys, the topic of this thread is in the title, its not whether or not apple should build a backdoor.

 

That being said, McAfee didn't tell anyone anything. By his standards I am an open heart surgeon. Here are my instructions on how to perform heart surgery: cut someone open, fix their insides, and sew them back up! Also heres how to program: Open a text editor, type your code, save and compile it and collect your cash! If you need any other tutorials hit me up, I can do this all day.

[No Nrg]

4 minutes ago, NLR said:

The question is, why doesn't the government make a law dictating that when convicted of a high level crime, you lose the right to encryption?

That brings up the question, what constitutes a high level crime? That definition would be left up to the FBI and still be open for the potential of abuse from within.

[Silverfields]

Just now, No Nrg said:

That brings up the question, what constitutes a high level crime? That definition would be left up to the FBI and still be open for the potential of abuse from within.

It wouldn't be up to the FBI, it would be left up to the lawmakers(not that's any better in some cases). I would assume that any act of terrorism, once CONVICTED of it, would result in a loss of encryption. Not sure what else would qualify in this case. The key to a law like this would be that the subject HAS to be convicted for them to lose this right, not before, or during the conviction process. Any use of a tool like this on a none convict would have to result in punishment, as there would be laws in effect to counter abuse of said backdoors.

[dalekphalm]

6 minutes ago, NLR said:

I didn't know that they wanted a backdoor of THAT scale. I thought they wanted a backdoor just for the terrorists iPhone, so they could try and glean some useful information out of it.

I thought it was a bunch of people getting pissed off that their precious encryption was being threatened. Didn't realize that they were actually RIGHT this time.

The question is, why doesn't the government make a law dictating that when convicted of a high level crime, you lose the right to encryption?

How do you enforce a law like that? If you give law enforcement all of the master keys to all of the various encryption software around the world, then you're basically making encryption meaningless.

 

Not to mention, the government at various levels HAVE been hacked before. If the government has a list of master encryption keys, that list can be stolen. If that list was stolen, then that would be the biggest disaster in cybersecurity of all time.

[handymanshandle]

While I'd normally agree with what he has to say from at least how his company runs it would seem that he would otherwise be an advocate of intrusiveness as McAfee's anti-virus software can act like malware. 

[Silverfields]

24 minutes ago, dalekphalm said:

How do you enforce a law like that? If you give law enforcement all of the master keys to all of the various encryption software around the world, then you're basically making encryption meaningless.

 

Not to mention, the government at various levels HAVE been hacked before. If the government has a list of master encryption keys, that list can be stolen. If that list was stolen, then that would be the biggest disaster in cybersecurity of all time.

I'm not sure if you're reading what I'm typing, but allow me to make this simple for you.

"How would you enforce a law like that?" - It wouldn't be an enforceable law, it would be a law that only comes into effect when a person is convicted of a certain crime(Like terrorism).

"If you give law enforcement all of the master keys to all of the various encryption software around the world, then you're basically making encryption meaningless." - Are you even reading what I've typed? Only high level crime like terrorism would result in the encryption being broken, for the sole purpose of getting information to stop further attacks. There WOULDN'T BE a list of master keys. If a convict has data that's encrypted, the government in question would either crack it themselves, or they'd request a key from the provider of the encryption. No banks of keys, no way to abuse it.

"Not to mention, the government at various levels HAVE been hacked before." - Obviously they have, but I doubt a hacker would try to hack a government PC  just to crack someones encryption. It just wouldn't be worth it. That, and they'd have to find where the small bit of code is even stored before they could try to get it.

"If the government has a list of master encryption keys, that list can be stolen. If that list was stolen, then that would be the biggest disaster in cybersecurity of all time." - Again, there is no list in the first place, so this is a moot point.

[dalekphalm]

3 minutes ago, wcreek said:

While I'd normally agree with what he has to say from at least how his company runs it would seem that he would otherwise be an advocate of intrusiveness as McAfee's anti-virus software can act like malware. 

He hasn't been a part of the McAfee AV company since 1994...

[handymanshandle]

Just now, dalekphalm said:

He hasn't been a part of the McAfee AV company since 1994...

Eh 

[LAwLz]

Ohh McAfee you're such a troll. That's not how encryption works, and you know it.

The outcome of this might be good (people realizing that the FBI are full of shit) but I don't think misinformation is the right way to do it. The password is not stored like that, and even if it was it would certainly not be in plain text.