Apple and the FBI password search.....

[Gromett]

Say Apple is forced to provide a method that allows a "Brute force attack" for that the bad guys need your phone, shoulder surfing seems to me a much easier way for crims to get access to your bank account. So I still don't see the problem, and their are some very clever people with government funds (China) to support them who could possibly alter Apples software themselves, after all, aren't the chips made there?

Ian

No, Apple devices can't be brute forced currently. There is no technical way to do this. The court is trying to force apple to create software/hardware and modify the phone to allow this to happen.

No one can bruteforce the devices currently not china, not the US (NSA) and not the UK. That is why creating this technology is so dangerous. Once it is made it can't be unmade and other WILL get their hands on it by one means or another.

Crims shoulder surfing is an easy thing to prevent. Once this technology s out there it is only a matter of time before criminals get a hold of it. They could then potentially remotely access your device for their criminal activities. Or at best they would have immediate access to the contents if they stole your device. The whole point of the encryption system is to prevent this.

 

[Gromett]

Say Apple is forced to provide a method that allows a "Brute force attack" for that the bad guys need your phone, shoulder surfing seems to me a much easier way for crims to get access to your bank account. So I still don't see the problem, and their are some very clever people with government funds (China) to support them who could possibly alter Apples software themselves, after all, aren't the chips made there?

Ian

I have tried to think of a way to explain this and this is the closest I can get.

Say a lock manufacturer designs an unpickable, unbreakable lock due to criminal activity.
The government then forces them to change the design to include a master key that can open any of these locks. Other governments then demand a copy of this key.
It is only a matter of time before some dodgy government sells it to Iran or someone else. It is only a matter of time before criminals get access to it. Once this master key is created it will escape...

That is what the US courts are trying to force apple to do. Change the design of the device to allow them to get access and effectively provide them with a master key. There are obvious differences here but in essence this is one of the arguments against doing this.

 

[sdc77]

Sorry, but that's not the case. 90% of the information they obtained was either 'old news', or pertained to stuff they already knew. If their had been any pre intelligence, then the atrocity you mention would never have taken place. And as for the 'switched on' French police, who knew that the attack on Charlie Hebdo was on the cards, but failed to act on the information they had. (Except for the positioning of a poorly armed single police officer, who paid for that stupidness with his life).

You're quite simply wrong on everything prior to your charlie hebdo stuff

 

[sdc77]

That is what the US courts are trying to force apple to do. Change the design of the device to allow them to get access and effectively provide them with a master key.

Seems reasonable to me.

Apples "you can't make a back door only for the good guys" approach is ultimately going to create legislation that will prevent that approach in future imho.

 

[Gromett]

Seems reasonable to me.

Apples "you can't make a back door only for the good guys" approach is ultimately going to create legislation that will prevent that approach in future imho.

Not sure if you are agreeing with me or not ...

As I have said previously. The Legislative branch has tried to do this in the past and it has been rejected. The courts are trying to do what has been specifically rejected by the Legislative branch of government.

^{_{Subscribers  do not see these advertisements}}

 

[sdc77]

We agree I think.. on what's happening but we seem to differ on why. I think the existing law is being used as well as it can (as there is no other suitable legislation) and asking the judiciary to rule is proportionate and correct.

 

[olley]

If someone creates an unpickable lock you simply take an angle grinder to it.
I hear what you say gromett, but us humans are a very clever breed, and if the need is great enough, someone will find a way.
The Enigma machine was by today's standards pants, but in 1940 it was state of the art, and it needed 1940's state of the art, a genius and a war imperative to beat it, if the same happened today?

Ian

 

[Deleted member 29692]

It is 6 digits I believe not 4 and it is alphanumeric not just numeric? 10,000 is a magnitude too small.

Sorry, you're right.

It can be a 6 digit alphanumeric one if you want it to be but it isn't as standard.

I just had to double check on my phone to make sure.

 

[Deleted member 29692]

This isn't just an Apple issue. Treating it as another reason for some Apple bashing is completely missing the point.

All of the other major providers of similar services - Google, who control Android, Facebook, Microsoft & Twitter - have all come out in support of Apple and are filing their own legal motions reflecting this.

http://recode.net/2016/02/25/google...acking-apple-with-a-legal-filing-in-fbi-case/

This case has the potential to completely change mobile communications and the way a lot of us live our lives. You wont be able to have any confidence that the device you use for communications, banking, as a diary & shopping is secure or trustworthy.

Anyone who believes that the US government is being honest about a single use back door for this single terrorism case is naive in the extreme. Once it starts it won't stop. There are already hundreds of cases filed in US courts asking for similar orders that have nothing whatsoever to do with terrorism.

 

[Deleted member 29692]

It is covered here
https://assets.documentcloud.org/do...-Vacate-Brief-and-Supporting-Declarations.pdf

Page 30 and 31. It also covers ISIS guidance on encryption.

Page 9 raises an interesting point:

There is specific US legislation - The Secure Data Act of 2015 - that explicitly prohibits the government from seeking to compel any private company to do what they are trying to force Apple to do.

^{_{Subscribers  do not see these advertisements}}

 

[mariner]

This bit is interesting. Looks like the FBI made a major balls up!

Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network, see Hanna Decl. Ex. X [AppleInc., iCloud: Back up your iOS device to iCloud], which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.

Had the FBI consulted Apple first, this litigation may not have been necessary

 

[Gromett]

This isn't just an Apple issue. Treating it as another reason for some Apple bashing is completely missing the point.

I am an Apple basher big time and do avail myself of the opportunities to partake in my little hobby . However on this issue Apple have absolutely got it right.

 

[Gromett]

Page 9 raises an interesting point:

There is specific US legislation - The Secure Data Act of 2015 - that explicitly prohibits the government from seeking to compel any private company to do what they are trying to force Apple to do.

That is only one of the legal issue. It is a good plank in their argument though as it meshes nicely with the limitations on the All Writs Act and the 1st Amendment making quite a power overall argument.

This bit is interesting. Looks like the FBI made a major balls up!

Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network, see Hanna Decl. Ex. X [AppleInc., iCloud: Back up your iOS device to iCloud], which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.

Had the FBI consulted Apple first, this litigation may not have been necessary

Yup, and this self inflicted injury has only been picked up by the techy sites not the major press..

 

[Deleted member 29692]

Anyone who thinks that Apple should be compelled in this case needs to read some Orwell because that's where we would end up.

 

[Gromett]

If someone creates an unpickable lock you simply take an angle grinder to it.

I did say unpickable AND unbreakable lock.

I hear what you say gromett, but us humans are a very clever breed, and if the need is great enough, someone will find a way.

Many many clever minds have been working on these things for decades. The science and maths behind cryptography is now well established. They know exactly what is required to crack this encryption and we know how quickly processing power is increasing. We can fairly accurately predict when each key length for each encryption method will fall. There is no back doors or short cuts available. The mathematical proofs are as solid as it is possible for them to get. You will just have to trust me when I say this technology is not breakable until we have a magnitude more processing power. Also worth noting even if you crack one key it is only that one key that you have cracked not the whole system...

^{_{Subscribers  do not see these advertisements}}

 

[Deleted member 29692]

It's not a fishing exercise

“Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t.”

- FBI Director James B Comey Jr

Not a fishing exercise?

 

[Gromett]

“Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t.”

- FBI Director James B Comey Jr

Not a fishing exercise?

To add to this...

San Bernardino Police Chief Jarrod Burguan said

"there is a reasonably good chance that there is nothing of any value on the phone."

If memory serves it was his work phone not his personal phone. He is most unlikely to use his work phone for this purpose. Defining it as fishing is probably stretching it somewhat.

 

[Tootles]

You're quite simply wrong on everything prior to your charlie hebdo stuff

Well, If I'm right on Charlie Hedbo, I'm right about the rest. And if I'm right about Charlie, surely that defies your statement that the French Police are 'switched on'??

 

[Deleted member 29692]

That is only one of the legal issue. It is a good plank in their argument though as it meshes nicely with the limitations on the All Writs Act and the 1st Amendment making quite a power overall argument.

The constitutional arguments are pretty compelling.

When added to the legal ones it's hard to see how the government has a case. The attempt at misusing the All Writs Act is obvious.

 

[Gromett]

Just a quick thought on this as well. Even if Apple were to fail in their court case and were forced to do what is requested of them...
A 6 digit alphanumeric code has 2 176 782 336 possible combination (6^36).
Apple has stated that without the delay in the software it would take 80ms to attempt each code.
This is my attempt at maths..
2176782336 combination / .08 per second = 27209779200 seconds.
27209779200 / 60 seconds = 453496320 minutes
453496320 / 60 minutes = 7558272 hours
7558272 / 24 hours = 314928 days
314928 / 365 days = 862.816 years.

Lets just hope they don't enter them in consecutive order and that they didn't use zzzzzz as their access code...

By the time they get into the phone how much value will the information have?

*PS: These numbers don't seem/feel right to me but I can't place my finger on it. My head is fried at the moment

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I figured out my mistakes.....
It should be 6^62 not 6^36. upper case 26 + lowercase 26 + 10 digits =62 with 6 characters = 6 ^ 62

Also I did a straight divide. I should have done 1/.08 = 12.5 per second.
I will leave the maths alone now as my head is a shed.... I want to avoid making any more errors and looking foolish

 

[Deleted member 29692]

*PS: These numbers don't seem/feel right to me but I can't place my finger on it.

I don't think they are.

I think it's

2176782336 combination X .08 per second = 174142587 seconds

/60 = 2902376 minutes

/60 = 48372 hours

/24 = 2015 days

/365 = 5.5 years

That's if 6⋀36 is right which I'm not sure of (can't find the hat symbol on Mac)

 

[Gromett]

I don't think they are.

I think it's

2176782336 combination X .08 per second = 174142587 seconds

/60 = 2902376 minutes

/60 = 48372 hours

/24 = 2015 days

/365 = 5.5 years

That's if 6⋀36 is right which I'm not sure of (can't find the hat symbol on Mac)

I realised my mistake right after.... (see previous post)

I couldn't be bothered to redo the maths.... I was programming all weekend and my brain needs a rest....

I thought I can't have been the only one curious about how long it could take. Did a quick google and found this...

https://www.washingtonpost.com/news/wonk/wp/2016/02/17/how-long-it-takes-to-crack-an-iphone/

It has some interesting facts as well. The iPhone 5s doesn't have the secure enclave and the 6 digit code only came with IOS 9....


The actual figure for how long it could take to crack is up to 144 years....

PS: To get the ^ symbol it is SHIFT + 6 on a normal UK keyboard.

 

[Gromett]

This is worth a read.. It is a forensics experts opinion on the case including what is required and what Apple will need to do.

http://www.zdziarski.com/blog/?p=5645

 

[Deleted member 29692]

PS: To get the ^ symbol it is SHIFT + 6 on a normal UK keyboard.

^^^^^^

That'll teach me to look at the keyboard instead of trying to be clever with ALT-whatever

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

^^^^^^

That'll teach me to look at the keyboard instead of trying to be clever with ALT-whatever

All that mickey taking I suffered at school for taking typing instead of a sport at age 13 was worth it ..

I use that char a lot not just in maths. In regexp's it marks the start of the line.

 

[Gromett]

Apple have won a court case very similar to the San Bernadino one.

http://www.bbc.co.uk/news/world-us-canada-35692931

 

[Gromett]

This is a pretty good explanation of why backdoors are a bad idea.

http://www.csoonline.com/article/30...ls-of-intentionally-weakening-encryption.html

If you are wondering what the DROWN vulnerability is http://www.theregister.co.uk/2016/03/01/drown_crypto_flaw_analysis/

 

[Gromett]

Even more interesting...

http://arstechnica.co.uk/tech-polic...-a-man-whose-wife-was-shot-3-times-in-attack/

 

[tonyidle]

I can't see the point of any Government requiring access or a backdoor or encryption keys to any electronic device. Criminals, or more especially, terrorists, aren't entirely stupid. For any communication by any means, it's easily possible to create a code that doesn't depend on electronics, can be transmitted in any form (including on paper), and that cannot be cracked. The structure and keys for the code can be changed weekly (or daily) and the key transmitted in plain language wouldn't materially help anyone access the content. The only assumption is that the information is not to be broadcast to large numbers of people as that would require communicating the means by which the code could be cracked to every intended recipient. For important information to be passed around a small group it would work perfectly.

^{_{Subscribers  do not see these advertisements}}