Let's Talk Mobile Encryption/Security

[ShadowCaptain]

I feel this is the start of a dark path for technology, and its hard to know what is right and wrong, security vs privacy vs national security, its not an easy topic to debate

[SparkyRain]

Plotwist. They where able to get in all the time and only waited for public approval. That seems all like a public stunt to cut down privacy even further.

 

Privacy is a human right? Appartly not in the U.S.  

 

[LAwLz]

Wow what a big surprise!... Said nobody who has done some research on the subject.

 

7 hours ago, Orangeator said:

FBI swore that they only wanted to get into only one phone, but Tim Cook knew and was right.

 

7 hours ago, ALwin said:

The FBI said they only wanted to get into one phone IF it was Apple that helped them do it.

No you are both wrong. FBI never said that they only wanted access to one phone (with or without Apple's help).

According to the court documents the FBI requested Apple to unlock 12 other iOS devices the day after the court asked Apple to help the FBI. This was never, ever under any circumstances just about one single device. They might have presented their arguments as if it was just about a single phone, but that was never their intentions and they made that clear in their actions.

[Serin]

The assumption is that Apple will be improving its encryption in the near future.

[ShadowCaptain]

10 minutes ago, Serin said:

The assumption is that Apple will be improving its encryption in the near future.

Just to add that also we are not sure if the method used here would even work on the newer devices, it might only be something that applies to old phones, but without knowing the method its hard to say

[samcool55]

Good god... Now what?

Apple said it's impossible, but it is possible. 

Good thing about this: no backdoor! Even tho they broke into the phone, we aren't a step closer to the backdoor, i think, and i hope.

 

And knowing apple, they will fix this quite quickly probably.

 

It is sad tbh somehow, i mean we used to protect ourselves against hackers and virusses, and now it look like we also have to protect ourself against the flippin gov...

[ShadowCaptain]

7 minutes ago, samcool55 said:

SNIP

 

Their tactic might not work on the new phones, so we might not have anything to worry about yet

[OPSJono]

10 hours ago, DrBell17 said:

I'll set the baseline and tell everyone the secure mobile setup I'm using at the moment:

• Samsung Galaxy S7 (Exynos Variant)
• Fingerprint Lock with secure backup password containing upper-case, lower-case, symbols and digits.
• Samsung Knox enabled with FRP (Factory Reset Protection)
• Full device encryption including on the MicroSD card.

You may have a different view of what smartphone you find to be the most secure, please feel free to leave a comment, if you liked this article and wanna hear more from me then please give me a thumbs up. ?

Off topic, but:

 

I'm thinking of getting the S7.

 

How is TouchWiz and the how bad is the finger print magnet?

[samcool55]

1 minute ago, ShadowCaptain said:

 

Their tactic might not work on the new phones, so we might not have anything to worry about yet

I hope apple fixes it! Maybe they can't fix it with a software update for current phones but if they fix it hardware wise in next phones that's the least apple can do.

[ShadowCaptain]

4 minutes ago, samcool55 said:

I hope apple fixes it! Maybe they can't fix it with a software update for current phones but if they fix it hardware wise in next phones that's the least apple can do.

As far as I know its already harder or impossible with the iphone 6 and 6s, this was an older iPhone 5/5c so thats why it was easier

[Hexram]

Apple... lol. 

 

Why couldn't they have made a cyptographically signed program that only works with the one serial number? 

 

I guess they forced the FBI's hand to use another method.

 

13 hours ago, TechFnatic said:

Most main stream phones use very good encryption, take the iphone for example, they use AES-256 bit encryption which has  2^256 different possible keys. In other words, the average Joe isn't going to get into your smart phone, at least not easily. The govt. has supercomputers, but even with those it's very hard to break the encryption, basically you'd have to be important enough for the government to waste resources on cracking your device.

I dont think they could break the 256 bit encryption. They would find a weakness in the implementation. 

[Trik'Stari]

4 hours ago, AlexTheRose said:

Some say it started with Reagan. Some say it started with Nixon. Some say it all started when Kennedy was shot. Some say Sanders will save us all.

 

The real answer to “when the thread of plutocracy began” goes back to the country’s founding. Same goes for the long-winding thread of idiocy that has wound its way through our sociopolitical to-dos, where people think that democracy means “my ignorance is just as good as your knowledge.” You know about President Jackson right? He was a good ol’ boy who was mostly known for the Trail of Tears (and being on the $20 bill). Every President before him was an aristocrat or other wealthy, well-connected individual performing a masquerade on a democratic facade.

 

The government has always been run by scoundrels to some extent. And freedom constantly needs defending – no, that doesn’t mean idly twiddling your fingers and occasionally asserting support for the military is good enough. People need to be constantly involved politically—yes, even when the times are good, I think we made that mistake already with the Baby Boomers—if we ever hope to have a decent republic. And I feel like far too many people fail to realise this.

The real tragedy is that people think there is an actual difference between democrats and republicans.

[ALwin]

2 hours ago, LAwLz said:

Wow what a big surprise!... Said nobody who has done some research on the subject.

Well the subject wasn't important nor was it of any priority to me.

 

I don't really care what happens, as long as terrorists and criminals are brought to justice and given the punishment they deserve.

 

Edit:

If I had the technical know how, I'd design a tool that lets the FBI crack any and all encryption, and give it to them for free.

[captain cactus]

The reason the FBI got into the iPhone 5C was because it was an iPhone 5c. Every iPhone since the 5S has had something called a Secure Enclave. If we assume the FBI went with NAND mirroring (which is the most likely suspect since the FBI "only" spent $15k on it. Hitting the NAND with a laser and have acid involved would make that cost go up into the 6 digit numbers) it would only work on any iDevice with an A6(X) or lower since they don't have that dedicated chip. If you try to do anything to the NAND on an iDevice with a Secure Enclave it'll quite literary self destruct and the data on that device will be permanently and irreversibly lost.

 

The FBI didn't need a back door into this iPhone. They wanted Apple to make the more recent devices less secure and they thought they could get that willy nilly by using terrorist victims and putting fear in the general public. Boy were they surprised when Apple politely said fuck you to that. The reason they dropped this case is so that they don't have to disclose how they got in since there no longer is a case. Not that Apple wouldn't know how. They'd just get an iPhone, lock it, send it to those Israelis, have them unlock it with the full documentation on how they did it and boom, another hacking method known and now possible to fix.

[Eroda]

now all apple has to do is make their encryption tougher and close all back doors so the next time they try to force apple they can say sorry we designed it so its impossible junk the phone

[GSN]

2 hours ago, OPSJono said:

Off topic, but:

 

I'm thinking of getting the S7.

 

How is TouchWiz and the how bad is the finger print magnet?

That's fine, I actually have a review active of the S7 Edge on another post right here that you can check out if you want. Overall I think the phone is pretty good, Touchwiz has been really slimmed down since the original Galaxy devices.. As for it being a fingerprint magnet, it has a glass back, so as always it's going to be pretty sticky but grab a case and you've got an amazing device

[OPSJono]

1 minute ago, DrBell17 said:

That's fine, I actually have a review active of the S7 Edge on another post right here that you can check out if you want. Overall I think the phone is pretty good, Touchwiz has been really slimmed down since the original Galaxy devices.. As for it being a fingerprint magnet, it has a glass back, so as always it's going to be pretty sticky but grab a case and you've got an amazing device

Thanks, I'll read through your review now!

[Centurius]

Blackberry supported the FBI on this. I wouldn't trust them a bit 

[dragosudeki]

This is a repost (however the original post had a different title that would make you believe that this was not a repost). 

https://linustechtips.com/main/topic/573217-lets-talk-mobile-encryptionsecurity/?do=findComment&comment=7509112

[Trik'Stari]

Easy solution:

 

Stop. Putting. Private. Financial. Information. On. Your. Phone. You massive blockheads.

Don't. Take. Nude. Selfies (or other incriminating photos)

 

If you must do so, use a pre-paid debit card with no overdraft on it.

[Centurius]

14 minutes ago, Trik'Stari said:

Easy solution:

 

Stop. Putting. Private. Financial. Information. On. Your. Phone. You massive blockheads.

Don't. Take. Nude. Selfies (or other incriminating photos)

 

If you must do so, use a pre-paid debit card with no overdraft on it.

In modern society it's a bit difficult to not have sensitive information on a phone, especially someone's business phone.

[Orangeator]

3 hours ago, dragosudeki said:

This is a repost (however the original post had a different title that would make you believe that this was not a repost). 

https://linustechtips.com/main/topic/573217-lets-talk-mobile-encryptionsecurity/?do=findComment&comment=7509112

Oh my bad, I never saw that and searched my title and keywords of it before posting and figured no one has posted about it. Sorry.

[Tech_Dreamer]

dat thread merge doe.. 10/10

[ionbasa]

14 hours ago, Trik'Stari said:

They're backing out, until the public loses interest. Just like congress did with the so-called "internet freedom act". Now they've been under-funding the FCC in an attempt to secretly stop them from doing their job.

 

God our government is full-retard. Why we don't recall all of them, is beyond me.

 

15 hours ago, Potato_King said:

The government is still probably gonna do it because they can. That's what the government does!

 

As for the FBI randomly backing out, I agree it's a bit fishy. It's like saying "only you could save the world"(like in every single video game) and 1 day later saying "hey check this out! We did it ourselves! Cool right?"

 

Just the government doing government things.

To address both of you:

The government isn't just randomly backing out of the case. They contracted with Cellebrite one day before the legal paperwork was filed against Apple. The case was (now) resolved outside the original court filing.

 

Legally, if an filling is resolved externally, the case becomes dismissed. Otherwise its just an waste of public resources to continue with the court hearing even though it's been resolved.

 

I'm not saying the FBI may pursue this case further at a later point in time, just pointing out why they are withdrawing their case.

 

Unrelated to the above:

One thing to point out: Cellebrite and Apple have contracted together currently (and in the past), for who knows what. But Apple claimed there would be no other way of getting into the iPhone 5c other than an backdoor and new iOS version. If Cellebrite knew that wasn't the case, then Apple could possibly be charged with lying under oath. Assuming Apple and Cellebrite know the same technical flaws and details of the iPhone hardware in question, and Cellebrite can provide documentation showing Apple knew of an alternative way.

This isn't so far fetched. Considering Cellebrite in part is an security consulting company that specializes in cellular phones and digital forensics. If they knew of an flaw, then Apple also knows of an flaw, since Apple has been (and still is) one of their customers.

 

The story gets more and more  interesting by the day.

[Trik'Stari]

4 hours ago, Centurius said:

In modern society it's a bit difficult to not have sensitive information on a phone, especially someone's business phone.

True, but still. Avoid having financial information on your phone. Personal information is a bit different. I'd still highly recommend against ever putting your SSN# on your phone.

 

(assuming you are from the US, and have a SSN# )