Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit' (theguardian.com) 242
An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.
Respectfully, that's bullshit (Score:2)
Re: (Score:2)
Re: (Score:2)
Everyone knows you can get away with any insults as long as you use the words "with all due respect" or "respectfully".
We know the FBI *can* unlock it without help (Score:5, Interesting)
We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.
The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.
Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.
Re: (Score:2)
Why do we care about time here again?
If there were a legitimate need to 'get this done as quickly as possible' they'd have been in court and done with this whole deal by now. I don't care of government employees have to work hard.
Re: (Score:2)
Forcing apple to do it would probably cost more and take longer, law suits against multinational corporations, are neither fast or cheap. What this method allows, is the future unlocking of all phones, quickly.
Re: (Score:2, Interesting)
RIIIGGHHHTT...because there is 0 expense to Apple in creating new firmware for this purpose either directly or through harm to their business. Not to mention the risk to our fundamental rights..
.
No one doubted that Al Capone deserved to be in prison. Actual investigation & developing evidence to prove the case against him was taking too long & came at considerable expense, we should have just planted evidence on him to allow us to prosecute him without all the icky issues of due process.
The FBI TODA
Re:We know the FBI *can* unlock it without help (Score:5, Interesting)
Re:We know the FBI *can* unlock it without help (Score:5, Interesting)
You can't read the key, but you don't have to. You make an image copy of the NAND flash, without worrying about what cells in the flash belong to what data. Then you make your ten tries, and if the phone wipes the flash memory, you just restore the whole image and do it again. When they get the correct passcode, the phone will unlock, and then the key in the NAND flash will become readable.
Re:We know the FBI *can* unlock it without help (Score:5, Informative)
The 5C model does not have a secure enclave chip.
Calling bullshit (Score:2, Insightful)
It's entirely plausible to me that Apple built something the FBI can't get into using their existing tools and techniques and Snowden has produced no evidence to the contrary. Don't make shit up.
Naturally his fans are obligated to defend this now and build a fictional world view around it, condemning anyone that fails to accept their bullshit... It's all enough to make you hope for a large bolide impact.
Re: (Score:2)
It's plausible, but Snowden is probably right. The iPhone 5C uses its main processor to implement lockout and erase, and that processor is subject to hardware attacks; that is, the FBI can tie into the device's hardware bus, modify RAM on the fly, disassemble programs, etc. To be actually secure, security needs to be implemented in secure hardware. The iPhone 5C has some secure hardware
Re: (Score:2)
"It's entirely plausible to me that Apple built something the FBI can't get into using their existing tools and techniques"
You fail at rule #1 of engineering: Man can make it, man can break it.
Time for a poll on this privacy-related topic? (Score:2)
Do you believe:
(1) The FBI (and friends) can hack all popular devices, but they want us to believe they can't.
(2) The FBI is using a politically convenient case to effectively outlaw encryption for regular citizens.
(3) When encryption is outlawed, only outlaws will have encryption--by circular definition.
(4) If you haven't done anything wrong, then of course there's no harm if the FBI knows EVERYTHING about you!
(5) All of the above.
Don't look at me. I'm so paranoid that I think Snowden is sincere and was de
It isn't bullshit, it is a matter of semantics. (Score:2)
If you listen to just Snowden you will not learn the whole truth because he does filter the facts available to him in order to paint a picture that suits his political views, because he is an activist, and nobody should be surprised by that because all activists and lobbyists behave that way.
so everybody is lying all around (Score:5, Insightful)
(Note that Microsoft has already been forced to give its source code to the Russian security services, and it seems likely that Apple has succumbed to similar pressures.)
Re: (Score:2)
The FBI is getting this case in the news and will use it to write new laws which will force companies to comply. Apple is getting tons of positive publicity as they are still within the letter of the law.
Both will be winners in the long term, and I find it rather unlikely that there will be any hard feelings when all is said and done.
Re: (Score:2)
Apple is fighting it due to their public image and potential legal recourse. They have advertised their phones as b
Re: (Score:2)
The current hardware brute force method requires physical acquisition of the actual device.
What the FBI is asking for would not.
There's a pretty big difference in the 'lie' as it were.
Snowden: Is Bullshit. (Score:2, Insightful)
No more needs to be said.
He Wouldn't Know (Score:4, Insightful)
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Re: (Score:2)
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Right! Because the FBI is unable to do what any lab that solders circuit boards and programs flash chips has the capability to do! If the FBI can't figure it out because they are too incompetent, then they can hire any one of these hundreds of companies that are fully capable to do it for them.
Re: (Score:2)
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Right! Because the FBI is unable to do what any lab that solders circuit boards and programs flash chips has the capability to do! If the FBI can't figure it out because they are too incompetent, then they can hire any one of these hundreds of companies that are fully capable to do it for them.
I wasn't arguing for/against their case, only that the article is basically just click-bait. For whatever it's worth, I side with Apple on this. Not because I don't feel for the victims, but because their loss shouldn't affect our freedom.
Re: (Score:3)
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Right! Because the FBI is unable to do what any lab that solders circuit boards and programs flash chips has the capability to do! If the FBI can't figure it out because they are too incompetent, then they can hire any one of these hundreds of companies that are fully capable to do it for them.
I wasn't arguing for/against their case, only that the article is basically just click-bait. For whatever it's worth, I side with Apple on this. Not because I don't feel for the victims, but because their loss shouldn't affect our freedom.
I was simply pointing out that copying a flash chip is not so difficult that one would have to know the inner workings of the FBI to figure out that they either have that capability or can contract it out if needed. Perhaps there are reasons that it isn't as simple as that, but from the articles I have read in the last day it seems pretty straight forward and something they can accomplish. It may be a slower road to keep replacing the chip with another programmed one, but we are talking capability not how q
Re: (Score:2)
He can read the same ACLU submission as the rest of us, which clearly shows that their claims are complete and utter bullshit. Which of course anybody with rudimentary knowledge of the hardware involved already knew.
Re: (Score:2)
Then they should have posted the ACLU submission. The point is that Snowden weighing in is like me making a claim about climate change...I've got an opinion, but I'm not an expert, and my belief shouldn't carry weight with anyone else.
Re: (Score:2)
It's in the summary...
Snowden is a bit more click bait than the ACLU, mostly because there's people who absolutely hate the guy. As judged by your OP...
Re:All boils down to evidence (Score:5, Insightful)
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
This all boils down to legal precedent.
Always has been.
Re:All boils down to evidence (Score:5, Insightful)
I keep hearing this but what does it matter? The government does whatever it pleases without consequence. The NSA admitted to illegally spying on members of congress. Nobody was fired or even given a letter of reprimand.
Re:All boils down to evidence (Score:5, Insightful)
The government deals with the consequences of their actions all the time. The whole Apple-FBI conflict is happening out in the open for every one to see. No classified FISA involvement or equally classified NSL's being used to force Apple into doing anything. The government is following the law and as a consequence they have already lost some high profile court proceedings over their similar requests. I predict they will lose the current FBI-Apple case as well. On the other hand the NSA serves a whole different purpose than the FBI and it's efforts are concentrated in the realm of foreign espionage which is the organizations mandate. And the only law the NSA follows on it's foreign activities is don't get caught. This is standard operating procedure for every foreign state espionage service around the world. You cannot condemn the NSA without factoring in the fact that there are some very powerful and well funded state security agencies in the world whose entire purpose is to conduct espionage operations against the US. US industrial, military, and political structures are constantly being targeted by both allies and enemies. Then you also have the non-state actors actively looking for ways to attack the US or anything associated with the US. However with all the hyperbolic statements being tossed around you would think that the US is the only country on the planet who conducts espionage operations around the world.
Re: (Score:2)
Precedent says what the courts can do are or likely to do. If someone next year wants to get Apple to crack open a phone so we can find out who ate the last box of Thin Mints from the break room, and Apple says "we can't do that", then the court will think that they indeed were able to crack the phone in the past so they should be able to do it now. Once Apple bends over it becomes much easier the next time they're asked to bend over.
The government here does NOT get to do what it pleases without consequen
Re: (Score:2)
That isn't true. The CIA is prohibited to performed law enforcement functions inside the US. The NSA is not. They can be used just like any other outside forensic service, which all levels of law enforcement use all the time. Including the FBI.
Re:All boils down to evidence (Score:5, Informative)
"“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,” "(March 2, 2016)
http://nypost.com/2016/03/02/f... [nypost.com]
Its not a "one-off" or just for this case tool.
The NSA owns that tool set, missions, contracts, bids, contractors and the wins that result. The funding and fame follow the wins . The no bid contracts and experts gravitate to the NSA ensuring every generation of telco product is wide open to the US gov and mil. Only the NSA can then secure, support or plan any such missions.
When federal and state law enforcement get in on the bids for the same tool sets? Any state contractor, federal contractor can then sell their tools at a low cost and the national publicity goes to the FBI.
Political leaders see new hi tech contractor jobs in FBI support in their states and the contractors that get the new work can the support the local political leaders re election that got them the new FBI contracts.
Everyone is now winning, new federal cash is flowing out, political leaders helped their local hi tech sector with new gov work, the FBI has a flood of new cases in open court and wins.
What was the NSA's missions, fame, role, new experts, no bid contracts, code and skills now in the hands of state officials, local law enforcement, federal gov workers, anyone working with US federal law enforcement around the world. All the ex staff and former staff who got invited in on the methods.
Anyone interesting stops using US branded trapdoor and backdoor ready turnkey network, telco and computer devices.
A few decades of easy tracking, voice prints, effortless decryption is lost in months in open court.
The cults, faith groups, criminals, dealers, embassy "agents" who once had to be seen with a phone just to keep the cover as been a normal person that was always reachable all go dark.
NSA already has it... (Score:2)
The NSA may already have the information on the cellphone, from when it was sniffed as it passed over the interwebs.
Re:All boils down to evidence (Score:5, Insightful)
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
Re: (Score:3)
Counsel: Mr Aldridge are you considering the question or are you just dead?
[silence]
Counsel: I think I'd better take a look m'lord.
[looks inside coffin]
Counsel: No further questions m'lord.
Judge: What do you mean, no further questions? You can't just dump a dead body in my court and say 'no further questions'. I demand an explanation.
Counsel: There are no easy answers in this case m'lord.
However it seems, reality can be as weird as Monty Python: http://www.scmp.com/news/asia/... [scmp.com]
Re: (Score:2)
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
There's still the guy who sold them the guns.
Re: (Score:2)
Re: (Score:2)
I had a 1972 Duster. Very reliable and economical for the time. Slant 6 engine that wouldn't quit.
Re: (Score:2)
That is true of course. On the other hand with all of the tracking/software controls going in to the newer cars, something simple, reliable, that can be tuned with a file and a screwdriver, and doesn't blab everything to everyone about where you are and what you are doing, has a very tangible appeal.
Re: (Score:2)
Re: (Score:2, Insightful)
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
Re: (Score:2)
who better than A MEMBER OF THAT CLUB to speak out?
Snowden was in the FBI? That's news to me...
Re: (Score:2)
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
Not disputing what you are saying, but:
iPhone 5c came out in Sept, 2013
Snowden was already getting in trouble in Jan 2014, and was probably out of the loop already (not getting new information) before that.
If Snowden "knows" stuff about the 5c, it's generalized and non specific unless it was cracked out of the box before it was released.
That leaves me skeptical Snowden knows what he thinks he knows.
This whole exercise is goofy, there's probably no data they need on THAT phone anyway, and anybody they a
Re: (Score:2)
If it had not been for Snowden, that iPhone and all other iPhones as well as other digital hardware would still not be encrypted properly. It is the inappropriate governmental data vacuuming that started this whole super strong encryption movement.
Re: (Score:3, Interesting)
Because people will listen to him, because he's Snowden.
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip and you've got as many goes as you need, which with a four digit PIN chosen by humans isn't that many. But even though you can point this out the relevant details in Apple's documentation, people just refuse to believe that the government can get into an iPhone without Apple's help.
That actually kinds of
Re: (Score:2)
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
Re: (Score:2)
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
Then "everyone else" would be wrong in this case. The "secure enclave" was introduced in Apple's A7 processor. The phone in question is an iPhone 5c [wikipedia.org] which has an A6 processor. There is no crypto coprocessor to store anything in. The Apple docs even describe the process used to erase the keys in question from flash.
Now as for the iPhone 5S and later, there's no question they're tougher to hack -- that's the whole point of the new hardware features. But I still wouldn't put absolute faith in the inability
Re: (Score:2)
No, I just read the documentation.
Re: (Score:2)
I don't know about McAfee, but do you really think Snowden is not getting additional information leaked to him over time?
Re: (Score:2)
I think perhaps it is you, sir, who have missed the point. McAfee admitted he was just trolling for attention when he said he could unlock the phone in question. Snowden's credentials as a source of information are indisputable at least as regards his first pilfered download. It is entirely plausible that others of similar access and philosophy may be finding a means to funnel incremental information to him for release. Not certain by any means, but not impossible.
Re: (Score:2)
Re: (Score:2)
Putin is a Real Man and does not wear skirts. Or shirts. Nobody hides behind Putin. Except Medyedev.
Re:why snowden? (Score:4, Funny)
Trump's first day in office he'll build a wall along the Atlantic and Snowden will have trouble climbing over it.
Re: (Score:2)
To the tune of My Country 'Tis Of Thee:
My Own Plutocracy,
Sweet Oligocracy,
Of thee I sing.
Land where my money's spent
On those who who represent,
Each child and innocent,
I would be king!
Re: (Score:2)
Are you that clueless that you think exposing sensitive data to the world is speaking out?
I think that Snowden in general did the right thing but realize that what he did is equivalent to espionage.
Re: (Score:2)
I expect they have some reason to keep the device physically intact.
Most techs worth their salt will just remove the storage mount it to a computer make copies. And break into the data with brute force.
But what the FBI is asking for is to get in without the running OS clear itself.
Re: (Score:2)
That has nothing to do with the (in)validity of his points.
Re: (Score:2)
Re: (Score:2)
Assuming the FBI is privy to the NSA's capabilities.
Re:15 minutes are up (Score:5, Insightful)
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
Re: (Score:2)
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
These days it's hard to tell where one stops and the other begins...the phrase "functional overlap" comes to mind.
Re:15 minutes are up (Score:5, Insightful)
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only. The fact that both agencies have been trying to expand their reach so that there is functional overlap is evidence that the two agencies are not sharing their secrets with each other so readily.
This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey. We know who the shooters were. We know who they called and when, from both the work phone in question and the other phones that were actively used by the shooters. The case is essentially closed, and would be closed if it weren't for politics. The NSA is not going to open its kimono wide to the FBI for a simple case like this one. Cooperation or no, the need to know process is still in effect.
Re: (Score:3)
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only.
That's how it was back in the 70s, but this is no longer true, and hasn't been for decades.
This is also a domestic terrorism case with no evidence that there is any foreign involvement...
Unless you're part of the investigating team, you're comment is complete conjecture. You don't know what evidence they have.
Re: 15 minutes are up (Score:5, Informative)
No, you're wrong. The NSA is a DoD office and *in theory* bound by posse comitatus and cannot be used for domestic purposes. The head of the NSA is always a commissioned general officer.
Re: 15 minutes are up (Score:4, Informative)
Posse comitatus was a Congressional act, and you can see in the text below "except in cases..." Congress also passed some other acts...FISA and Patriot come to mind...that have changed the rules. So, the "theory" has been OBE for a while.
Whoever, except in cases and under circumstances expressly authorized by the Constitution or Act of Congress, willfully uses any part of the Army or the Air Force as a posse comitatus or otherwise to execute the laws shall be fined under this title or imprisoned not more than two years, or both.
Re: 15 minutes are up (Score:2)
Re:15 minutes are up (Score:5, Insightful)
This is domestic terrorism, there is slight evidence that there was any foreign involvement or planning. The FBI needs to make the case that there is a need for cooperation. With this phone however there is not very much probable cause to assume there is any evidence of value on that phone. The FBI wishes such data exists of course, which would allow them to open up *new* investigations only, but their real motivation is not in finding any foreign mastermind of the shootings but instead they want to crack open that door with Apple to enable relatively mundane phone cracking in the future for low level cases (drug crimes, financial crimes, etc).
The FBI *claims* it's a one time only request and we should accept their word on this, except that their word has proven to be unreliable in the past and they certainly can not make this one-time-only pinkie promise on behalf of the entire US goverment or all governments around the world. Once Apple caves in then we already know there is a New York DA highly interested in getting Apple's help fishing through a few buckets full of phones. The courts rely on precedence and this would set a very large precedent for future requests.
Apple is correct in taking this case all the way to the supreme court if they have to. It is their right to do so, and they are in no way unpatriotic for asserting their rights.
Re: (Score:2)
I don't dispute what you say other than post 9-11, there is supposed to be cooperation among the various law enforcement agencies and intelligence agencies whether the terrorism is domestic or not. Whether Apple is right or wrong or there is evidence on the phone or not, does not change that.
Now if you want to delve into conspiracy theories, some say the NSA can already get into the phone, maybe even has gotten into the phone, but the FBI needs Apple to do it because 1) the NSA doesn't want it known they ca
Re: (Score:2)
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Re: (Score:2)
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Replace "supposed to cooperate" with "legally required to cooperate." I don't believe there was any such law at the time that the Enigma was developed or in use. Of particular importance is that congress passed the law requiring cooperation in terrorism cases specifically because the lack of cooperation is what led to the 9-11 attack.
Re: (Score:2)
Legally required to cooperate doesn't imply that they have to give up national secrets in order to do so, and I'm sure Congress didn't imply that they would need to.
Re: (Score:2)
If your argument is that they don't have to follow the law directed specifically at them stating they are required to share information and resources in cases of terrorism, well there is really no point in discussing the issue further.
Re: (Score:3)
Assuming the FBI is privy to the NSA's capabilities.
No problem, just subcontract it via China since they will be privy to the NSA's capabilities.
Did you people really think a private contractor in Hawaii was likely to be the only leak from that bunch of toy soldiers?
Re: (Score:3, Informative)
Re:15 minutes are up (Score:4, Insightful)
The government has a very long history that shows that they are no more credible than Snowden. The entire kabuki is to convince the public that encryption is an evil tool of terrorists, and it's working.
Re: (Score:2)
The government is actually asking, naively, "if you've got nothing to hide, why are you hiding it?" Because the use of encryption appears to be so rare at the moment it makes a lot of citizens wonder what's up with those people who actually do use encryption.
So the more people who use encryption the better as it will start to seem mundane and common place instead of setting off mental alarms in the people willing to tear up the constitution if only they can be spared the horrors from people who hate our fr
Re:15 minutes are up (Score:4, Informative)
Re: (Score:3, Insightful)
The bank is using and controlling the encryption, not the customer. And the government will never have to ask them twice to turn everything over to them. The problem (to the government) is when the customer controls the encryption and is willing to protect his own rights.
Re: (Score:2)
And the legal standard for that is "too fucking bad."
If I bury a box in a forest with my diary in it, and then they want to peek at it after I'm dead, too fucking bad. Same situation.
Re:15 minutes are up (Score:4, Insightful)
I have often said how much I appreciate Snowden's sacrifice and gifts to us. I find him, while a bit sleazy, to be a greater patriot than most of the folks I know - and I served eight years in the Marines. That's saying something - I think.
So, I've gotta ask...
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
Re: (Score:3, Insightful)
What makes folks think he's privy to this information or knows their full capacity?
While he's far from the first to voice public dissent against the NSA and their supposed capabilities, he's the only one so far they've ever publicly decried and gone through such lengths to capture and silence. The effort level of their response alone tends to strongly validate his claims.
What makes everyone believe he's telling us this of his own volition?
I don't think there's any question at least that he feels his hand was forced. I also think that even if he were being forced to say all this by the Russian government, that doesn't necessarily invalidate the content of
Re:15 minutes are up (Score:5, Interesting)
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
We can read.
This isn't really coming from Snowden, he just happened to be a high profile person who tweeted about it. His statement is based on legal filings by the ACLU and others who point out methods that the FBI could use to crack the PIN code on their own.
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers. The link [aclu.org] is right in the summary.
Re: (Score:2)
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers.
Except that wouldn't work. The thing that wipes is not the data but the key. The key is kept in Apple's equivalent of a TPM chip, so cannot be retrieved or replaced after the wipe.
http://searchmobilecomputing.t... [techtarget.com]
Re: (Score:3)
Not on the iPhone 5C, the key is kept in flash memory. The CPU doesn't have a secure memory for keys, only a factory set secret that can only be read by signed, privileged code.
Re: (Score:2)
You forgot:
"Why do people think that Edward Snowden knows more about iPhone encryption and security than the manufacturer of the iPhone, and the software engineers who wrote the OS?"
Apple has been working with the FBI since day one on this thing. If there was a way in that didn't involve a custom OS image that weakens the security, they would have done it. Apple drew a line, and the FBI is using a Federal Magistrate to challenge that line.
Re: (Score:2)
Re:15 minutes are up (Score:5, Informative)
Re:15 minutes are up (Score:5, Insightful)
The ACLU misses one point:
The FBI does not know if the erase feature is enabled. The court should force them to run through the desoldering routine at least once to figure out if maybe they don't even need Apple to disable this feature.
That they didn't try, that they go to court without being sure, tells the whole story. If this were about breaking into the phone, they would have tried this, in the time that has passed with court cases they would already be sure if they need Apple at all or not, and if it turns out that not, they probably would have already broken into the phone.
ACLU is right, but they still miss just how malicious the FBI is.
Re: (Score:3)
What are the odds that the NSA doesn't have some high-ranking Apple employees on their payroll? Just how secure is Apple's signing key?
Re: (Score:2)
I'd say it's 50/50 if they pay them or just use blackmail.
Re: (Score:2)
"Just how secure is Apple's signing key?"
Not secure enough that one can't bypass it within 10,000 guesses of the PIN.
Seriously, I could easily have this phone unlocked within a day. This court case is bullshit. Anyone with any technical chops knows it.
Re: (Score:2)
Really? Prove it. It seems there are many people speculating about how easy it would be that don't seem to understand how the encryption works. When the phone wipes, it doesn't wipe the flash, but the encryption key that is inside of a hardened chip. It isn't something that you can just retrieve and replace. So, since you KNOW how to do this, you should offer your services to the FBI, I am sure they would pay you very well to demonstrate the ability on a dummy phone.
Re: (Score:2)
When the encryption key is stored in a TPM chip, yes you do.
When the TPM erases the key after X failed attempts, you don't just get to replace the disk with a bit level image, as the encryption key is what is missing, not the data.
Re: (Score:2)
A snag is that the FBI does not want to ask, and the NSA does not want to answer. Yes, there is supposed to be cooperative sharing between security related government agencies. However the NSA does not want to give out its best secrets to a law enforcement agency. It's much like Apple in that regard in that if it helps out the FBI just once then it'll open the door for continued requests from the FBI or DOJ in the future. The bar to do this helping from the NSA has to necessarily be set pretty high and
Re: (Score:2)
Sure, if you want to be pedantic. Statistically, by the time you actually cracked it, the human race will have either abandoned Earth due to an expanding sun, or have gone extinct. Unless you get triple-Powerball-winner lucky.
For all purposes of reality, only Apple is getting that thing open unless the NSA has undisclosed methods, and they sure as shit won't disclose them for this chickenshit useless case. The only reason the FBI is going through all this is because they want to have the legal precedent
Re: (Score:2)
The code may have to be signed, for the update to be accepted on the phone.
Re: (Score:2)
If Apple can write code and copy it up to the phone, then the capabilities for doing so already exist. So why doesn't the FBI do the work themselves? I'm sure Apple would be willing to help with the electronic part - that's just specs. I think there is more at play here than whether Apple can or can't....
You need to unlock the phone to make it accept unsigned updates. You need a signed update to unlock it. So only someone with the key can unlock it.
The FBI either doesn't have a copy of the key or doesn't want to admit they do. The keys for this kind of thing are guarded by men with guns and used only on airgapped machines, at least in any competent org, and it is highly unlikely that apple would knowingly give a copy of the FBI without word of it leaking out. Another branch of government may have obtain
Re: (Score:2)
So what you are saying is that they should just compromise a 1024-bit RSA key instead of the AES-256 encrypted filesystem.
What a marvelous choice. Good thing you opined anonymously on that.
Re: (Score:2)
+1, insightful and informative