Apple's new USB security feature has a major flaw

[aakopa]

4 minutes ago, wasab said:

Shareholders can act against the interest of the company as well. I had read about many hostile takes overs in which the entire board of directors is replaced and former CEO fired. 

Well that is the case usually when the leadership of the company (CEO and board) isn't acting in the interest of shareholders. In that case shareholders have the ultimate power to replace them.

[wasab]

2 minutes ago, aakopa said:

Well that is the case usually when the leadership of the company (CEO and board) isn't acting in the interest of shareholders. In that case shareholders have the ultimate power to replace them.

If I am the founder of a company, I will be pretty pissed if these shareholders are forcing acquisition or bankruptcies just so they can boost their stocks. 

 

[aakopa]

7 minutes ago, wasab said:

If I am the founder of a company, I will be pretty pissed if these shareholders are forcing acquisition or bankruptcies just so they can boost their stocks. 

 

Well If you are the founder and have given up your stake in the company by IPO or selling your shares in the market it's no longer your company. The owners always decide. Sometimes founders circumvent this by creating alternate stock with higher voting power than the one that is on the market. That's how Mark Zuckerberg has 60% of the voting power in Facebook with only actually owning 25% of the equity.

[Dylanc1500]

9 minutes ago, aakopa said:

Well If you are the founder and have given up your stake in the company by IPO or selling your shares in the market it's no longer your company. The owners always decide. Sometimes founders circumvent this by creating alternate stock with higher voting power than the one that is on the market. That's how Mark Zuckerberg has 60% of the voting power in Facebook with only actually owning 25% of the equity.

A-stock and B-stock. That's why Berkshire Hathaway's A-stock is currently valued at $286,887.00, yet their B-stock is at $189.76.

[wasab]

21 minutes ago, DrMacintosh said:

In no way does that make any sense. 

Of course it makes perfect sense. 

[wasab]

10 minutes ago, aakopa said:

Well If you are the founder and have given up your stake in the company by IPO or selling your shares in the market it's no longer your company. The owners always decide. Sometimes founders circumvent this by creating alternate stock with higher voting power than the one that is on the market. That's how Mark Zuckerberg has 60% of the voting power in Facebook with only actually owning 25% of the equity.

Doesn't change the fact that the share holders can be acting against the interest of the company, it's employees, and its customers. 

 

The fact you think it is totally morally justifiable just because they invest in the company is what led to such deterioration in the quality of products and services as well as shady corporate practices. 

[wasab]

4 minutes ago, valdyrgramr said:

You do know he's just going to go into further denial, right?

Ain't denial if I am right.

[aakopa]

23 minutes ago, wasab said:

Doesn't change the fact that the share holders can be acting against the interest of the company, it's employees, and its customers. 

 

The fact you think it is totally morally justifiable just because they invest in the company is what led to such deterioration in the quality of products and services as well as shady corporate practices. 

Well that depends on what you consider the best interest of company to be. In my opinion the mission of a company is to create more wealth for it's owners. So in that definition the best interest of the company are also the best interest of shareholders.

 

In my opinion people need to direct the direction where companies head with their products by voting with their wallets. If you don't like that a company makes products with bad quality don't buy them. When profits go down the company will react and increase the quality of products.

[wasab]

10 minutes ago, aakopa said:

Well that depends on what you consider the best interest of company to be. In my opinion the mission of a company is to create more wealth for it's owners. So in that definition the best interest of the company are also the best interest of shareholders.

That makes a great mission statement!

 

Company A: our mission is to make the most profit for our shareholders even if that means compromising the quality of our products/services, treating our workers like shit and alienating our customers. 

 

Competitor B: our mission is to endeavor  to provide the best products and services for our customers with unrival user experiences. We have a strong sense of corporate responsibility  to ensure fair treatment of our value employees and customers. Let the people at wall street curse us but we are going to place the interest of our  customers first, our employees 2nd, and share holders last. 

 

Which company do you think is going to last longer? 

[aakopa]

7 minutes ago, wasab said:

That makes a great mission statement!

 

Company A: our mission is to make the most profit for our shareholders even if that means compromising the quality of our products/services, treating our workers like shit and alienating our customers. 

 

Competitor B: our mission is to endeavor  to provide the best products and services for our customers with unrival user experiences. We have a strong sense of corporate responsibility  to ensure fair treatment of our value employees and customers. Let the people at wall street curse us but we are going to place the interest of our  customers first, our employees 2nd, and share holders last. 

 

Which company do you think is going to last longer? 

Well if the Competitor B is a public company people will try to take over it to gather the possible profits. Also when company doesn't focus on profits it's not going to stay competitive for long, product development needs money as well.

 

Also making top quality products doesn't mean you can't be making good profit. As long as you can market and sell to audience that is willing to pay the price for your quality product it works just fine.

[wasab]

7 minutes ago, aakopa said:

Well if the Competitor B is a public company people will try to take over it to gather the possible profits. Also when company doesn't focus on profits it's not going to stay competitive for long, product development needs money as well.

You seem to suggest that company can't be profitable if it isnt downright greedy. 

[aakopa]

3 minutes ago, wasab said:

You seem to suggest that company can't be profitable if it isnt downright greedy. 

If you want to run a private company you can limit your profits. But I don't see how companies run by max profits have any less staying power. If they treat customers bad people will stop buying their products and their profits will go down, then they have to fix this aspect to keep going.

[PlayStation 2]

4 hours ago, SC2Mitch said:

You underestimate the use of the FBI and their responses to scenes of terror, shootings, etc. 

Yeah, like putting someone in solitary confinement for fucking tax evasion.

Good on ya, Alphabet Agency!

[AnonymousGuy]

I kinda shrug at this because I know Apple will patch it and I'll get that patch automatically anyways.  iOS isn't like Android where unless you have a Google device you're fucked for getting updates.

 

The easiest fix would be to have the lightning port disabled by default and you have to unlock to turn it on.  I haven't plugged my phone into my desktop in years, so this would be fine with me.

[EPENEX]

Sure there are some bugs, but it's better than nothing. I'm glad Apple is doing this.

[captain_to_fire]

6 hours ago, Fetzie said:

So if law enforcement want your phone, then simply hold the power button for a few seconds to force a reboot and they can't use the exploit?

They can't. Assuming you can reboot your phone before the feds seize it.

[Jtalk4456]

10 hours ago, williamcll said:

I don't think someone can just pull a faraday cage out of nowhere.

police expecting to seize phones will have them handy, so yeah...

[mr moose]

Won't be long before they find a way to make it an offense like destroying evidence if you refuse to unlock a phone that is being held as evidence.

 

All this "we're more secure" rhetoric is just PR work.  

[AnonymousGuy]

17 hours ago, mr moose said:

Won't be long before they find a way to make it an offense like destroying evidence if you refuse to unlock a phone that is being held as evidence.

 

All this "we're more secure" rhetoric is just PR work.  

I don't think it's just PR work at all.  Have you ever heard of law enforcement having trouble getting into an Android device?  Probably not, but you have heard of them struggling to get into an old-ass iPhone.  A big part of the security comes from iPhones getting updates regularly which 99% of Android phones don't get, especially beyond 12 months out.

 

Then there's the more abstract argument that Apple isn't in the business of whoring data out like Google is.

[Arika]

I think some people are misinterpreting what the point of this is. It's not.meant to complete lock out law enforcement, it more designed so that they have to go through the correct channels and get a warrant if there is a valid reason.

 

However with that said, Apple should have something in place that can grant temporary access in extreme and timed circumstances. For example the police are aware of a series of bombing that are going to occur, they catch one of them and need access to their phone to see if they have been communicating and find the next location and time.

 

I do fear that this could also have a negative affect on Apple if the iPhone becomes known as the phone of choice for criminals because they know they can't access their phone immediately, even if there is a legitimate reason for it.

[mr moose]

4 hours ago, AnonymousGuy said:

I don't think it's just PR work at all.  Have you ever heard of law enforcement having trouble getting into an Android device?  Probably not, but you have heard of them struggling to get into an old-ass iPhone.  A big part of the security comes from iPhones getting updates regularly which 99% of Android phones don't get, especially beyond 12 months out.

 

Then there's the more abstract argument that Apple isn't in the business of whoring data out like Google is.

 

Do you think security is of paramount concern to law enforcement?   They can get the information if they want it (don't fool yourself into think an iphone is any more secure than android when you have the resources of the NSA, FBI, CIA, BH90210 etc), the issue is having to go through the correct channels as @Arika S mentioned.   At the moment they face having evidence thrown out because there are arguments to be made about searching a phone without permission, while having an official backdoor circumvents some of those arguments (police are allowed to test and search through bags held in evidence but not devices?). 

[AnonymousGuy]

5 hours ago, Arika S said:

I think some people are misinterpreting what the point of this is. It's not.meant to complete lock out law enforcement, it more designed so that they have to go through the correct channels and get a warrant if there is a valid reason.

 

However with that said, Apple should have something in place that can grant temporary access in extreme and timed circumstances. For example the police are aware of a series of bombing that are going to occur, they catch one of them and need access to their phone to see if they have been communicating and find the next location and time.

 

I do fear that this could also have a negative affect on Apple if the iPhone becomes known as the phone of choice for criminals because they know they can't access their phone immediately, even if there is a legitimate reason for it.

 

Nope, I refuse to subscribe to the "because terrorism" argument.  Any backdoors or "special exceptions" that Apple implements will either get abused or exploited in ways that weren't originally intended.  I've seen the same argument thrown around against encryption.  Oh let's not have encrypted chat "for security".  Welcome to China or some other totalitarian shithole.

 

I'm glad my phone gets more and more secured with every update.

[Arika]

12 minutes ago, AnonymousGuy said:

 

Nope, I refuse to subscribe to the "because terrorism" argument.  Any backdoors or "special exceptions" that Apple implements will either get abused or exploited in ways that weren't originally intended.  I've seen the same argument thrown around against encryption.  Oh let's not have encrypted chat "for security".  Welcome to China or some other totalitarian shithole.

 

I'm glad my phone gets more and more secured with every update.

I'm not suggesting a not a backdoor. I'm saying that there needs to be something in place that law enforcement can contact Apple, raise their case as to why they need immediate access without having to wait for a warrant, as depending on the circumstances a warrant may be too late. It will be up to Apple to make the decision as to whether or not it's a legitimate excuse. and if they unlock it, it's only available for x amount of time to find what they need to, after that it's locked again and will not be unlocked again without a warrant.

[D13H4RD]

Inb4 iOS 11.4.2

[Blade of Grass]

On 2018-07-10 at 10:17 AM, captain_to_fire said:

Good thing iOS 12 is still in beta. No wonder Grayshift is bold enough to say they managed to circumvent URM. 

 

But then again, URM will kick in after an hour. The OP explicitly states that the seized iPhone should be unlocked within an hour. I think one hour is a good enough grace period for law enforcement. But for the security conscious person, aside from not unlocking the device for an hour, rebooting the iPhone will also activate URM. 

You can always activate it by entering and exiting SOS mode. 

On 2018-07-10 at 12:50 PM, Fetzie said:

So if law enforcement want your phone, then simply hold the power button for a few seconds to force a reboot and they can't use the exploit?

Yeah, or go into SOS mode 

15 hours ago, Arika S said:

I think some people are misinterpreting what the point of this is. It's not.meant to complete lock out law enforcement, it more designed so that they have to go through the correct channels and get a warrant if there is a valid reason.

 

However with that said, Apple should have something in place that can grant temporary access in extreme and timed circumstances. For example the police are aware of a series of bombing that are going to occur, they catch one of them and need access to their phone to see if they have been communicating and find the next location and time.

 

I do fear that this could also have a negative affect on Apple if the iPhone becomes known as the phone of choice for criminals because they know they can't access their phone immediately, even if there is a legitimate reason for it.

No. They really shouldn’t. Doing so just creates a larger attack surface for attackers to try and exploit. There is not such thing as a “secure back door”.