[Another one] Father asks Apple to unlock his deceased child's iPhone

[SansVarnic]

1 minute ago, Enderman said:

"OH look someone has a different opinion then me, they are wrong"

 

lol go get a life if you seriously are gullible enough to believe the father "just wants to look at photos" 

its pretty obvious he wants to stalk everything that kid has done online

 will continue the battle to recover my child’s iPhone data. I will not give up

 

he really needs some therapy if someone else's private conversations are so necessary to him

Bit defensive there... 

I did not say you are wrong because your opinion is different, I am saying you are wrong, because you are wrong. Simply put.

 

I don't know about the dad so much and I really don't care, it his right to have access to his sons photos if it helps him to cope with the loss but either way the phone is still the property of the family. And just because he is having an obviously difficult time dealing with his young sons loss is not an obvious go to for "obvious he wants to stalk everything that kid has done online". 13 is quite young to pass away and for any family to lose a member at that age would be very difficult to accept. 

 

Like I said you are out of your league here and are superficially jumping to conclusions beyond that which are realistic. I am trying to be civil with you here, settle down.

[bobhays]

1 hour ago, wcreek said:

 

I will peacefully disagree.

I think that there many reasons that the phone of a loved one should be able to be unlocked by the family so that maybe they can find some solace in whatever they can get off that phone.
I do there might be a way to balance security/privacy and a special bypass of a security.

Perhaps like the option to have your Facebook page converted into a legacy/memorial to you after you have died. In some regard implement that for when you set up the phone or security option that if in the off chance you have died a family member can recover your stuff.

 

Though in this case there might be a chance that they don't have to circumvent the security in the phone and that the data they're after might actually be on iCloud itself.

 

I do think that there is a difference between a family trying to recover pictures from a loved one who has died and a government agency trying to gain easy access into other devices.

 

Yea, I think a good solution would be to set up a recovery/backup password/email which you would just give to a family member.

[Beskamir]

59 minutes ago, wcreek said:

 

I will peacefully disagree.

I think that there many reasons that the phone of a loved one should be able to be unlocked by the family so that maybe they can find some solace in whatever they can get off that phone.
I do there might be a way to balance security/privacy and a special bypass of a security.

Perhaps like the option to have your Facebook page converted into a legacy/memorial to you after you have died. In some regard implement that for when you set up the phone or security option that if in the off chance you have died a family member can recover your stuff.

 

Though in this case there might be a chance that they don't have to circumvent the security in the phone and that the data they're after might actually be on iCloud itself.

 

I do think that there is a difference between a family trying to recover pictures from a loved one who has died and a government agency trying to gain easy access into other devices.

 

But my point was that if one can get it, then what's stopping the other from strong arming access to it as well? Basically in the interests of all, security should never be compromised. Good encryption should never be breakable no matter what the circumstances are because the moment it's breakable, is the moment where it might as well be reduced to another checksum algorithm.

[Enderman]

5 minutes ago, SansVarnic said:

Bit defensive there... 

I did not say you are wrong because your opinion is different, I am saying you are wrong, because you are wrong. Simply put

Oh wow your proof against all which I have stated is so very convincing...

There is no need for the father to look through personal conversations. It does not help anything. As I said before, you have trouble looking past some words on your screen to see the real intentions behind getting into someone's personal device.

 

Like seriously, this shouldnt even be on the news. "father cant snoop through his dead son's data, tries to get company to unlock phone for him"

just ridiculous.

[handymanshandle]

1 minute ago, ElfFriend said:

But my point was that if one can get it, then what's stopping the other from strong arming access to it as well? Basically in the interests of all, security should never be compromised. Good encryption should never be breakable no matter what the circumstances are because the moment it's breakable, is the moment where it might as well be reduced to another checksum algorithm.

I agree to an extent, I still think there's some way of balancing the importance of security and allowing access to a phone in the event of the owner or user dying and the family deciding that they wish to retrieve pictures or other data that might provide solace to the family.

All the current security measures that Apple has can stay in place but as I said in my post  something like the Facebook Legacy Page/Memorial page feature which allows the user to set a friend or family member to change their profile to a legacy/memorial page, something similar I think can be done for a family member accessing a deceased family member's phone.

[Centurius]

1 hour ago, Swndlr said:

This isnt even a privacy issue anymore, really is moral and ethical.

A lot of people will say this is dumb and there probably isnt anything valuable on the phone (like pictures and whatnot) but I guarantee had you been in the same situation (dead mom, dad, brother, wife, whatever) you would be pleading for help from Apple, the government, someone. What if the last ever family photo you had of yourself with a dead family member was on it, and you took it like 3 days ago and they died this morning, how would you feel?

Just some food for thought.

The thing though is that it is a privacy issue. If Apple honours this single request it will have no ground to stand on when any government organization(including the Chinese, Russians and so many other dictatorships with police state structures) comes knocking for access to a device. It is quite conceivable that this would cost lives in the long run. Not to forget the obvious risk of a hacker figuring out how to replicate the method/stealing it from Apple once it exists.

[Tic-Tac]

Why this topic has 3 pages?

[Swndlr]

1 hour ago, Enderman said:

"OH look someone has a different opinion then me, they are wrong"

 

lol go get a life if you seriously are gullible enough to believe the father "just wants to look at photos" 

its pretty obvious he wants to stalk everything that kid has done online

 will continue the battle to recover my child’s iPhone data. I will not give up

"DATA" aka EVERYTHING

he really needs some therapy if someone else's private conversations are so necessary to him

you cant expect someone who has gone through something like that to be thinking straight, do you?

I dont mean to butt in here, but I think you may be overthinking this. You really dont think the dad just wants to retrieve pictures? What would be the point in going through old, private conversations that the kid had? Its not like the dad can punish his dead son for talking to his friends about doing drugs or whatever  

[captain cactus]

It's an iPhone 6? Sorry, not possible without writing special software to bypass the security. Once it's done here everybody wants to unlock iPhones all over the globe, and that's not worth it. At all. This is exactly why Apple fought the FBI so hard.

[ShadowCaptain]

Nope don't unlock it

[UnknownEngineer]

5 hours ago, SamStrecker said:

Desolder the flash storage resolder it on another surrogate board and boom all the data you want 

If only it was that simple, there is still the encryption to worry about, sure you can read the 1's and 0's, but you can't do anything with them. And that is assuming the the chips with the data on the have absolutely 0 logic on them, they too could have a system in place that allows them to "refuse" giving the data if the hardware asking changes.

[JAKEBAB]

If Apple does this they are going to have a shit ton more people waiting in line for the same thing, I guess they could charge for it? Even if Apple could do it they would like idiots with all the hype about privacy they promote. (which personally i call bs anyway)

[VerticalDiscussions]

Dont tell me he doesnt even have a couple of pictures from his son, taken with a point and shoot camera from the early 2000's? Couldnt he have gotten a camera and have printed the photos on it, before he died? He might not even like what hell find on his sons Iphone...

[LAwLz]

6 hours ago, Swndlr said:

This isnt even a privacy issue anymore, really is moral and ethical.

A lot of people will say this is dumb and there probably isnt anything valuable on the phone (like pictures and whatnot) but I guarantee had you been in the same situation (dead mom, dad, brother, wife, whatever) you would be pleading for help from Apple, the government, someone. What if the last ever family photo you had of yourself with a dead family member was on it, and you took it like 3 days ago and they died this morning, how would you feel?

Just some food for thought.

No I would not be pleading to Apple. Why? Because I have read the iOS Security Guide and knows how it works.

 

 

6 hours ago, SansVarnic said:

You did not read what I said, also you are mixing two threads into the same one. This thread is not about the FBI unlocking a it about a parent wanting his child's phone unlocked. Two different issues.

I fully understand what is going on here and your explanation is incorrect.

What you are missing from what I said is this; I do not support Apple making a back door nor did I say I did. I said I support Apple unlocking the the phone (completely different thing) for the family since it is their property.

No... The issues are the same, and the solution are the same. You are asking Apple to make a backdoor.

Do you understand how encryption works? There is no way of getting the info without the password, unless a backdoor exists.

So, since you claim this is "an easy issue to resolve", I want you to explain to me how Apple would go about unlocking the phone.

 

 

2 hours ago, UnknownEngineer said:

If only it was that simple, there is still the encryption to worry about, sure you can read the 1's and 0's, but you can't do anything with them. And that is assuming the the chips with the data on the have absolutely 0 logic on them, they too could have a system in place that allows them to "refuse" giving the data if the hardware asking changes.

I think this is a good time to explain to everyone how the encryption on iPhones with a security enclave works. It seems like some people in this thread thinks that encryption is magic and Apple are sorcerers who can bend it at will.

Spoiler

The password to your iPhone is not stored anywhere on the device. The only way to get into the phone is by typing in the correct password. Since the person in this case is dead and nobody else knows the password, we would have to resort to what's called "brute force". That is when you just guess different passwords until you find the correct one.

 

Guessing a 4 digit PIN is not that hard. There are only 1000 possible combinations. The algorithm that is used is intentionally made to be slow (using something called PBKDF2*), but since we only need to test up to 1000 passwords it would only take about 15 minutes to do.

*For those of you who are interested, PBKDF2 means that the iPhone takes your password, feeds it into a function which generates a new password based on the input, and then the new password gets run through the same function again which generates another new password. This process is repeated several thousands of times (I think it is currently 10,000 times in iOS) before it arrives at the real password. SO when you type in your password, it getss changed 10,000 times before it becomes the right password.

 

Since it's bad that anyone could break the iPhone's encryption in about 15 minutes, Apple decided to include a delay. Every time you enter the wrong password, you have to wait before you can try again. This delay increases every time you enter the wrong password. It is very important to note that this is not a property of the encryption algorithm, it is a feature Apple implemented in the OS.

 

Someone suggested removing the flash chip and then brute forcing it. That way you won't get the delay the OS puts on you whenever you type in the wrong password. The problem with that strategy is that the encryption is tied to the hardware. It is tied to the hardware in the form of a 256-bit long UID (unique identification number). The password for the encryption is not just the PIN you enter on the lock screen. The actual password that gets used to decrypt the content is a combination of your PIN and this UID. That means that if you remove the flash chips and try and brute force it on another computer, you will have to brute force a password with the strength of 256 bits, instead of less than 10 bits.

 

So why not just extract this UID? That way we can run the brute force on an external machine. The UID can not be extracted. Not even the CPU running in the highest privilege mode can read it. Instead, what the CPU does when it wants to decrypt something is to call a separate of the SoC called the crypto engine. This is the only part which has access to the UID. What it does is take a request from the CPU and uses the UID as the key for decrypting something.

 

On the iPhone 5S and above there is also a chip called the security enclave. This is actually a full blown computer which runs its own OS (based on the L4 microkernel), has its own CPU, UID and crypto engine in it. All password verification and management in iOS takes place in this chip if it is available. The security enclave also uses secure boot which means that its OS can not be tampered with, because it will refuse to boot if that happens (same thing Apple uses to ensure that you don't install Android on your iPhone). Not even iOS itself can modify this code, and everything in the OS's memory is encrypted so that it can not be accessed from the outside world. Again, not even iOS running in the highest privilege level can do anything to the security enclave. It is its own separate computer that lives inside the iPhone and it is built for the sole purpose of being secure.

 

There are two things to top it all off, the delays for failed password attempts are enforced by the security enclave on devices which have it. The only thing iOS and the CPU can do when it wants to encrypt/decrypt something is to make a request to the security enclave (along with the password). The security enclave then spits out a password based on the input, which iOS then checks to see if it worked.

 

One thing worth noting is that we don't know how the security enclave's update process works. There is a possibility that Apple got the power to push out an update which the security enclave will accept, and that disables the delays. The more likely scenario however is that Apple has locked themselves out of updating the secure enclave as well. It is possible to do by for example binding the update process to the PIN (which Apple has no way of knowing, only the owner knows it).

(I hope that text is comprehensive and easy to follow. I wrote it in one go and don't have time to read though it).

So again, the dad might as well be asking Apple to resurrect their son. This is entirely out of Apple's hands. There is nothing they can do except build in a backdoor in future versions of the OSes, and that would be terrible.

[ShadowCaptain]

8 minutes ago, LAwLz said:

I think this is a good time to explain to everyone how the encryption on iPhones with a security enclave works. It seems like some people in this thread thinks that encryption is magic and Apple are sorcerers who can bend it at will.

99% of people just dont understand 

 

it doesnt matter about morals, or ideals, or anything, what matters is that Apple have created security, and are not able to break it without compromising it in some way
 

It is about the greater good
 

What is more important.. one mans photos of his dead son, or the security of the millions of people, banks, and companies using iOS

 

[atrash]

My condolence to the father for losing his child but compromising the phone encryption just to retrieve your kid's photos is not a small matter as this could possibly affect other iphone users too in one way or another.

 

And please dont tell me as a parent you didnt even keep a single photo of your kid in your phone or anywhere else? 

[Enderman]

6 hours ago, Swndlr said:

I dont mean to butt in here, but I think you may be overthinking this. You really dont think the dad just wants to retrieve pictures? What would be the point in going through old, private conversations that the kid had? Its not like the dad can punish his dead son for talking to his friends about doing drugs or whatever  

the dad wants everything because he's not thinking straight and believes having every last memory will make him feel better

 

idk about you, but if I found some pretty inappropriate stuff on that phone, it definitely wouldnt make me feel better...

 

this is more than just pictures, if he wanted to see a selfie of his son then he could just go on social media where it is posted

[dragosudeki]

2 minutes ago, Enderman said:

...

this is more than just pictures, if he wanted to see a selfie of his son then he could just go on social media where it is posted

If he only wanted pictures, wouldn't Apple be able to send him the pictures saved on the Cloud or something (Assuming it is saved online)?

What I'm thinking is he probably wants to fully unlock it so that he can wipe it and sell/give it to someone. 

[Enderman]

4 minutes ago, dragosudeki said:

If he only wanted pictures, wouldn't Apple be able to send him the pictures saved on the Cloud or something (Assuming it is saved online)?

What I'm thinking is he probably wants to fully unlock it so that he can wipe it and sell/give it to someone. 

i dont think so, it looks like he wants to just see everything the kid was doing on the phone, far more than just pics

 

if he wanted to wipe it and sell it he wouldnt need to unlock it in the first place

[Undertow_]

14 hours ago, Enderman said:

you dont get over something by hoarding memories and photos of the past

The story is touching, sure, but the reality of it is having secure information is more important than 1 father having a couple more pictures.

[FruitBasketSilex]

14 hours ago, Enderman said:

lol sure like a couple pics and inappropriate text messages are going to bring his son back

Wow, you are a piece of shit.

 

Holy shit, man. Do you, just, not fucking understand human emotion at all?

[Enderman]

3 minutes ago, FruitBasketSilex said:

Wow, you are a piece of shit.

 

Holy shit, man. Do you, just, not fucking understand human emotion at all?

Well you see, in higher education they teach you "critical thinking" which is using logic instead of letting emotions dictate your actions.

Clearly emotion is something you let get to you a bit too much.

[FruitBasketSilex]

12 hours ago, Enderman said:

nah just playing devils advocate

Your statement is not "playing devil's advocate"

14 hours ago, Enderman said:

lol sure like a couple pics and inappropriate text messages are going to bring his son back

That's just being an absolute waste of space. Honestly, if you actually put in thought, and that sentence was what you decided upon, just go fucking off yourself right now because that's the kind of shit this world doesn't need.

 

Seriously, a man loses his child, wants to get family pictures off of the kids phone, and all you can fucking think is that.

[Orangeator]

This kid must of had friends that knew his password. I know that just about every teenager on earth has a best friend that knows their phones password. 

[Enderman]

1 minute ago, FruitBasketSilex said:

Your statement is not "playing devil's advocate"

That's just being an absolute waste of space. Honestly, if you actually put in thought, and that sentence was what you decided upon, just go fucking off yourself right now because that's the kind of shit this world doesn't need.

Seriously, a man loses his child, wants to get family pictures off of the kids phone, and all you can fucking think is that.

Well first of all, its not your son, so I dont see why you need to use that language.

To me it sounds like you're getting a bit too upset about something that doesnt even have anything to do with you.

 

Second, its pretty obvious that no, he doesnt want "just some pictures" he wants access to all the private conversations and internet activity of the kid

Maybe your emotions are getting in the way of logical thinking