iOS Cracking tools used by FBI leaked by hacker

[patrickjp93]

2 minutes ago, laminutederire said:

What @LAwLz said, and don't forget not doing that all the time is a direct consequence from the choice to live in society. That's this principle of giving up some freedoms to be a member of society is not new, it has been theroricized by Rousseau and Hobbs centuries ago, and it is in the best interest of men to work with others for their survival for instance.

In the case of games, we end up un Kant's morality theory, where you will pay for a game not because you want to, but because you want other to pay for your work, so you have to work for theirs. Because reciprocity is the basis of not raping each other off everything we have!

In addition to that, there have been research papers about the way our brain is functioning which is a direct consequence of a natural selection approach based partly on the capacity to collaborate. I need to search it again to find it if you want.

That reciprocity only stretches as far as problems we as individuals cannot solve. That is the basis of companionship. If you can solve a problem yourself, you most likely will. 

[laminutederire]

3 minutes ago, patrickjp93 said:

That reciprocity only stretches as far as problems we as individuals cannot solve. That is the basis of companionship. If you can solve a problem yourself, you most likely will. 

You can't solve everything alone though. Well you can, but not with the same comfort. You'd have to live in a independent farm you have made yourself, but that's a tedious work which doesn't let you enjoy that much everything else. You then end up belonging to society to some extent, because even if you could do it yourself it is more efficient and pleasant not to do so. If you buy a game, you most likely cannot produce it yourself,  so you're either bored or you enter in a social binding with developers by playing their games and pay for it. When nobody does, developers don't make games, and you are left without any games. The only rationale for people is to rely on other people paying for them in some way. But to me it feels like a lack of intellect to understand the deeper consequences more than an inherent evil. 

[Bouzoo]

14 minutes ago, patrickjp93 said:

And many people pre-order because they have to have it Day 1. If a pirated version was available day 1 and everyone knew about it, most would choose to pirate it.

I hardly disagree.

People have pre-ordered way before aggressive DRM like Denuvo (even at the time of horrible, horrible Starforce protection at the time of King Kong game). People that pre-order have the money and (mostly) don't care about piracy. In fact, last year we learned that pre-order numbers are declining, and that was the time when the least new AAA games got cracked. If that showed us anything is that pre-order has nothing to do with pirating, but people having enough with day 1 releases, delays, etc.

Again, people that pre-order don't care about piracy. People that wait for reviews on the other hand...

[captain_to_fire]

2 hours ago, LAwLz said:

The biggest problem with FDE for phones is that people don't shut their phones off all the time. They lock them. With FDE, all your data is either encrypted or decrypted. With FDE, as soon as you have typed in your password once, the key is saved in RAM until you turn your phone off again.

All I'm saying is that Apple should add full disk encryption as an option for the user, not something turned on by default. With file level encryption, it can be bypassed using the operating system's vulnerabilities like a lock screen loophole since the OS is already loaded upon boot. Assuming someone is frequently shutting down their phones (inconvenient I know), full disk encryption is unaffected by the OS's vulnerabilities since on startup, it will not load the OS (pre-boot environment) without the encryption key. Assuming the password is a long alphanumeric one, it will take years even for a super-computer to brute force attack a 128-bit encryption. If someone decides to wipe out all the data, they can't recover the files since wiping an encrypted drive will strip off the encryption keys, making the files unreadable.

 

But of course as you put, FDE can be cracked if the device is already booted. How I wish someone can come up with a way to use full disk and file level encryption side by side. 

[vorticalbox]

16 hours ago, AresKrieger said:

This is why you don't put computers that contain sensitive info on a network or the internet, if you have to have physical access to the device hacking it become essentially impossible without confrontation and capture

 

watch this

[VerticalDiscussions]

EverythingApplePro covered this :p. Well, as long as they release firmware and this script requires special machinery for the effect we should see too many threats towards newer devices (Iphones, Ipads, etc).

[AresKrieger]

4 hours ago, LAwLz said:

That's ridiculous. What do you expect them to do? Have someone go with a USB memory stick back and forth every time they need to access something on their server? Not take any backups? Only allow one person to work at a time?

If the information is truly sensitive then yes, though I don't consider this particular data set to be quite that sensitive, also if the facilities are really secure then you could do a network within the building as it would still require physical access but would make looking at the data for facility members easier.

[vorticalbox]

1 hour ago, AresKrieger said:

If the information is truly sensitive then yes, though I don't consider this particular data set to be quite that sensitive, also if the facilities are really secure then you could do a network within the building as it would still require physical access but would make looking at the data for facility members easier.

encryption and restricted access is a much more feasible option. Such as limited access to the server from the a select number of internal ips.

[christianled59]

 

14 hours ago, patrickjp93 said:

Everyone would pirate if they could. Even Valve is now having problems with that. Service is not everything. Greed is.

Eh, pirating games isn't necessarily difficult. Nowadays, there's a crack for just about any game that I want. I'd still prefer to buy the game on steam. It's loads more convenient. Convenience is a major factor you're leaving out. Additionally, DRM hardly helps. I see your point of having it last through the launch window, but that rarely happens anymore. 

 

 

"We think there is a fundamental misconception about piracy. Piracy is almost always a service problem and not a pricing problem," he said. "If a pirate offers a product anywhere in the world, 24 x 7, purchasable from the convenience of your personal computer, and the legal provider says the product is region-locked, will come to your country 3 months after the US release, and can only be purchased at a brick and mortar store, then the pirate's service is more valuable." -Gabe Newell

[LAwLz]

6 hours ago, patrickjp93 said:

Probabilistic model says no. Many charities do fail, and some game launches have failed completely because of piracy.

There is 0 evidence that proves this, because you can't prove that the game would have sold well if it weren't for piracy.

Correlation does not imply causation.

 

Here is an extreme example which shows why.

Imagine if I wrote a game, but I only sold it in this small village I live in which has something like 1000 inhabitants. Now, obviously my game won't sell very well because I am only reaching a very limited market. Also, let's say the price for my game was 500 dollars. Not 50 dollars, 500.

Then one of my legitimate customers uploads that game to the pirate bay and the game goes viral. It becomes a massive success with 10 million downloads. I could blame piracy for why my game failed. I only sold 10 copies and if everyone who pirated it bought the game I would have sold 10 million!

Or I could blame my pricing and distribution model. In the end, nobody can really say which one is objectively to blame here. It might even be that because of the high price, I only needed to sell 300 copies to break even, and 290 people in my village did end up pirating it.

But would I have sold 300 copies if it weren't for the pirates? We don't know, and we can never prove that either unless we invent a machine which can travel to parallel universes.

 

 

6 hours ago, patrickjp93 said:

The Helper's High is like any high, be it athletic, intellectual, or chemical, in that some people experience it and some don't. 

Yes, which is why I listed more reasons why someone might do it that weren't just "people get a helper's high".

 

 

6 hours ago, patrickjp93 said:

And many people pre-order because they have to have it Day 1. If a pirated version was available day 1 and everyone knew about it, most would choose to pirate it.

A pirated version was available on day one for The Witcher 3, and everyone expected it to be. Yet it sold like crazy.

 

 

 

 

4 hours ago, hey_yo_ said:

With file level encryption, it can be bypassed using the operating system's vulnerabilities like a lock screen loophole since the OS is already loaded upon boot.

No... You're getting file-encryption and full disc encryption mixed up.

FDE = The only thing protecting your files is the lockscreen, since all files are fully decrypted (otherwise the lockscreen wouldn't work. The lockscreen files are decrypted at the same time everything else is)

File encryption = Even if the lockscreen is bypassed, your files are still safe encrypted. (The lockscreen files can be decrypted while your other files are still encrypted).

 

Trust me (or look into it yourself, your choice). File encryption is safe and more convenient than FDE. There is no reason for using FDE at all, if you have properly implemented file encryption (like Apple, but sadly not Android).

[ARikozuM]

I'm glad there are (might be) white-hats that do things for the greater good vs their own benefit. Though, he/she could still use the program for themselves.

[Bananasplit_00]

im surprised it took this long honestly...

[GDRRiley]

9 hours ago, LAwLz said:

That's ridiculous. What do you expect them to do? Have someone go with a USB memory stick back and forth every time they need to access something on their server? Not take any backups? Only allow one person to work at a time?

You can have it set to only work on the local network and that alone would make it much harder to get in. 

[Granular]

I really don't think PRISM participant Apple cares about security.

Seeing as what the FBI wanted with the San Bernadino phone was a way to disable protection against brute forcing the pass code, I wouldn't put it past third parties to find a way to disable it, but I equally wouldn't put it past Apple to publicly antagonize the FBI for a bit for the sake of advertising their OS as being secure and then give/sell a backdoor to companies like Cellebrite to distribute to any governments wanting access before they take any actions that might make a dent in Apple's profits.

[Hugh_Mungus]

I just wanted to add that the Hacker who Stole the Cracking Tools RELEASED the Code to the PUBLIC

[LAwLz]

2 hours ago, GDRRiley said:

You can have it set to only work on the local network and that alone would make it much harder to get in. 

Good idea. I am sure they haven't thought of that. Their file server where they keep all their products and secrets probably has a nice welcome page that anyone can access from the Internet.

 

 

 

By the way, the data obtained also shows that Cellebrite has been working with Russia and Turkey among others. So remember when I said "even if you trust US authorities, the same tools could be used in countries which have oppressive leaders such as Russia which actually hunt down people who accept/encourage gay people, because it's against the law". Well, looks like it was actually already happening.

Just another reason why we need better encryption which not even the government should be able to break.

[patrickjp93]

8 hours ago, christianled59 said:

 

Eh, pirating games isn't necessarily difficult. Nowadays, there's a crack for just about any game that I want. I'd still prefer to buy the game on steam. It's loads more convenient. Convenience is a major factor you're leaving out. Additionally, DRM hardly helps. I see your point of having it last through the launch window, but that rarely happens anymore. 

 

 

 

 

Lasting 3 months is rare? Yeah okay...

[Wolther]

8 hours ago, christianled59 said:

-snip-

There are lots of games released this year that have lasted through the launch window without being cracked in that time frame.

[elfensky]

14 hours ago, patrickjp93 said:

Probabilistic model says no. Many charities do fail, and some game launches have failed completely because of piracy.

 

The Helper's High is like any high, be it athletic, intellectual, or chemical, in that some people experience it and some don't. 

 

All people are assholes. The only variables are how much and when.

 

And many people pre-order because they have to have it Day 1. If a pirated version was available day 1 and everyone knew about it, most would choose to pirate it.

*double take when reading comments*

How did a thread about FBI iOS tools turn into a video game piracy talk o.O?

[Drak3]

9 minutes ago, ElfenSky said:

*double take when reading comments*

How did a thread about FBI iOS tools turn into a video game piracy talk o.O?

Because Patrick.

 

Because nearly irrelevant is tangent worthy, apparently.

[AnonymousGuy]

iOS 10.2.2 incoming with all this shit fixed.

 

Android users will probably continue to get fucked for the foreseeable future except for the minority of Nexus/Pixel owners.

[Oshino Shinobu]

22 hours ago, Hugh_Mungus said:

I just wanted to add that the Hacker who Stole the Cracking Tools RELEASED the Code to the PUBLIC

He released the old tools that are useless on new or updated devices. The tools for cracking newer and current devices were not released to the public. 

[SpaceGhostC2C]

p

On 2/3/2017 at 7:55 PM, Oshino Shinobu said:

Luckily, the data was taken by what appears to be an ethical hacker, as they have not released any tools or data that can be used to crack current software, but I would not be surprised if they have given the tools they gathered to the respective developer to help them patch holes in their security. 

 

Well, if releasing the tools to the general public for free seems unethical, imagine privately selling them to a handful of interested buyers... Having said that, I have no clue of who these people are or what have they done with their loot, but not releasing thing in itself doesn't tell much.

On 2/3/2017 at 9:22 PM, AresKrieger said:

This is why you don't put computers that contain sensitive info on a network or the internet, if you have to have physical access to the device hacking it become essentially impossible without confrontation and capture

That's a blanket statement against e-commerce, then. Because I don't see it happening without sensitive info (means of payment data/credentials/etc) and and an internet connection in the same computer.

Of course, you can always buy everything at local shops with a bag of gold, which would require confrontation and risk of capture to intercept, thus making it much safer. Oh, wait  

 

20 hours ago, Oshino Shinobu said:

He released the old tools that are useless on new or updated devices. The tools for cracking newer and current devices were not released to the public. 

Where the definition of "current" is "any device the hacker didn't release cracking tools for"? That's discrimination among users, penalizing those who don't change their devices that often or still find uses for their older, undamaged hardware.

[Oshino Shinobu]

18 minutes ago, SpaceGhostC2C said:

Where the definition of "current" is "any device the hacker didn't release cracking tools for"? That's discrimination among users, penalizing those who don't change their devices that often or still find uses for their older, undamaged hardware.

It's a matter of software and hardware, not just hardware. If people have chosen to not update their software, that's on them. It doesn't cost anything to receive security updates from Apple. The "current" is any device with the latest version of the software/firmware, not necessarily a hardware change (at least, that's what I meant by it, hence the use of "new" and "updated".

[SpaceGhostC2C]

6 minutes ago, Oshino Shinobu said:

It's a matter of software and hardware, not just hardware. If people have chosen to not update their software, that's on them. It doesn't cost anything to receive security updates from Apple. The "current" is any device with the latest version of the software/firmware, not necessarily a hardware change (at least, that's what I meant by it, hence the use of "new" and "updated".

So how do you exactly update an Android 2.2 device when no one released further updates for it (nor would it be able to run them anyway)?

In other words, should I permanently disconnect my glorified alarm clock from the internet because this guy says so? No more online weather for me?