FBI Telling Congress How It Hacked iPhone (theverge.com) 346
An anonymous reader quotes a report from The Verge: According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple's recent legal fight. Senator Richard Burr (R-NC) is also scheduled to be briefed on the topic in the days to come. [Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.] The disclosures come amid widespread calls for the attack to be made public, particularly from privacy and technology groups. However the FBI's new method works, the ability to unlock an iPhone without knowing its passcode represents a significant break in Apple's security measures, one Apple would surely like to protect against if it hasn't already. Just days after the FBI broke into the terrorist's iPhone, the FBI told law enforcement agencies it would assist them with unlocking phones and other electronic devices. We still do not know how the iPhone was hacked, nor do we know how many iPhones may be able to be unlocked from the hack. The FBI did tell USA Today the hack has not been used in any other case beyond San Bernardino.
Diane Feinstein (Score:5, Insightful)
The queen of "laws for thee, but not for me."
Guns? Why, those should be illegal! But I'm going to need some armed guards for myself, of course.
Encryption? Consumers can't be allowed to have that! Now how do I configure my secure Senate email account?
What a hypocritical cunt.
Diane Feinstein - Queen of a fascist state (Score:5, Insightful)
Diane Fienstein was born in the wrong country
She fits much more snugly in a fascist state
Re:Diane Feinstein - Queen of a fascist state (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Wooosh! Why is it that most of the really dumb people post as AC? Is it too hard to log in? I'm not complaining, just makes it easy to filter them . I'm only seeing it this time because I have mod points and looking for smart AC posts - but its a challenge.
What are you talking about? The dumb AC comments are one of the best bits about /..
Re: (Score:2)
Re: (Score:2)
The 15 million identity theft victims a year will probably not like that she is helping the criminals by attempting to make that theft easier. Perhaps she should work on something that is important to the voting public and not fear mongering.
Re: (Score:2)
You're on slashdot. Probably half the users live in California. Near her.
Re:Diane Feinstein - Queen of a fascist state (Score:4, Funny)
Once upon a time maybe, back when you first joined. Now, I would guess that 3/4 of the users are spread evenly across the high schools in every state...
Re: (Score:2)
Once upon a time maybe, back when you first joined. Now, I would guess that 3/4 of the users are spread evenly across the high schools in every state...
Speaking from first hand experience huh? Always good to know.
Comment removed (Score:5, Insightful)
Re:Diane Feinstein (Score:4, Interesting)
A politician who is against the ownership of guns that relies on armed protection (assuming that is even a choice they can make...) is not a hypocrite. The fact that they need those guards supports their message.
Re:Diane Feinstein (Score:5, Insightful)
I want to just give you a personal anecdote about terrorism, because less than 20 years ago, I was the target of a terrorist group. It was the New World Liberation Front. They blew up power stations and put a bomb at my home when my husband was dying of cancer. And the bomb was set to detonate at two o'clock in the morning, but it was a construction explosive that doesn't detonate when it drops below freezing. It doesn't usually freeze in San Francisco, but on this night, it dropped below freezing, and the bomb didn't detonate. I was very lucky. But, I thought of what might have happened. Later the same group shot out all the windows of my home. And, I know the sense of helplessness that people feel. I know the urge to arm yourself, because that's what I did. I was trained in firearms. I'd walk to the hospital when my husband was sick. I carried a concealed weapon. I made the determination that if somebody was going to try to take me out, I was going to take them with me.
- Diane Feinstein, Concealed Weapons Permit holder. Concealed permits and firearm ownership was all fine and welcome and useful for Diane when she felt threatened, but we can't have the general public enjoying such luxury to protection...
Re: (Score:2)
I don't know who this person is, so I'm taking your post at face value and.. yes, that's clearly hypocrisy. What the AC wrote, which echos criticisms of other politicians I have heard (without taking the context into account...) ,is not a contradiction.
Re:Diane Feinstein (Score:4, Insightful)
I don't know much about this women so won't defend her, but as a gender point can't politicians change their minds? Maybe she decided that carrying a gun was mostly ineffective or even made things worse overall. Not saying she did, but I know there is stuff I did 20 years ago that I wouldn't do today.
Re:Diane Feinstein (Score:4, Interesting)
To me the point is the fact that she availed herself of the opportunity (to arm herself for self defense) at some point in the past when she felt she needed to, but she would now deny to others the ability to make that same choice to protect themselves. She *may* believe that it is overall for the better, but her current context under which she is reaching that conclusion is nothing like her context previously, and that (to me) makes her conclusion suspect. Strip her of her wealth and power, and all protections not available to the average citizen, place her in a more dangerous home environment, then see how whether she quickly changes her mind again.
Re: (Score:3)
I'd say her current context gives her current point of view more credibility.
Have to disagree with you on this.
Her current context is that she has a squad of Secret Service agents armed with a range of concealable weapons, including full auto SMGs, when ever she is in public. So she is still showing that she thinks its OK for her to have guns protecting her but that everyone else is just SOL.
Re:Diane Feinstein (Score:4, Informative)
Curtailing legal gun ownership is not going to make guns disappear from the hands of criminals overnight, but you have to start somewhere
No, you don't.
we do not even know IF the phone was hacked (Score:5, Insightful)
so we can't even talk about anything further.
who is going to tell us the honest truth? all we get is the dishonest truth from every 'official' that speaks up about this.
disinformation and even more disinformation. you'd be nuts to take anything on face value, given what's at stake.
Re:we do not even know IF the phone was hacked (Score:5, Insightful)
The honest truth is that nothing on Internet or phone or computer is private. You must be nuts to believe in some overhyped security illusion on inherently insecure interconnected devices.
Ironically, what Apple has achieved is that it will not be able to fix its security issues. The exploits are going to be sold to law enforcement agencies, or just anybody ready to pay around the world, for big money and kept secret. Maybe the times when such bugs were send to vendor for free for fixing are long gone anyway, but such cases make it even worse.
Re: (Score:2)
You are right about the days of vulnerabilities being reported to developers for 'free' being gone. This is largely due to the fact that bugs are no longer easily found by accident. It takes a lot of work to find exploitable vulnerabilities in devices and applications and exploits are in high demand. Just one zero-day for IOS can sell for hundreds of thousands $$$. (http://news.softpedia.com/news/exploit-vendor-publishes-price-list-ios-valued-above-android-496449.shtml)
But Apple can certainly take measures
Re: (Score:3)
Re: (Score:3)
The honest truth is that nothing on Internet or phone or computer is private.
That's a daft assertion. If you create a VeraCrypt container with a strong key and upload it to a public server, the contents are still private. Okay, maybe theoretically there might be unknown vulnerabilities or the NSA might have a quantum computer that can crack it, but it's still harder to get in to than a safe in your home or pretty much any other kind of private storage system.
You have to be pragmatic about privacy. Otherwise you end up covering your walls in tinfoil and never going outside. Take Snow
Re:we do not even know IF the phone was hacked (Score:4, Informative)
Ironically, what Apple has achieved is that it will not be able to fix its security issues.
Wanna bet? Watch them.
Remember, the San 'Berdino iPhone was an iPhone 5C, which did NOT have the Secure Enclave chip.
The FBI is too stupid to know the difference; but there IS a difference. A BIG difference!
And I ASSURE you that Apple is burning the midnight oil searching for, and closing, any security holes in iOS after this FBI debacle; and is likely pushing more security into hardware; where it is MUCH harder to circumvent by anyone, even Apple.
They are QUITE serious about this.
Re:we do not even know IF the phone was hacked (Score:4, Informative)
so we can't even talk about anything further.
It's pretty silly to assume that in this day and age with complex systems and the device physically in the hands of those wanting to break into it that it still remains unbreakable. Yes it may have needed a bespoke solution for that particular software version but it's pretty naive and stupid to try and sweep this discussion under the rug because you believe Apple's product is completely secure.
Re:we do not even know IF the phone was hacked (Score:5, Insightful)
We also don't know if the device *needed* to be hacked by a third party. To me it looked like the FBI wanted a precedent, realized it might not get the one it wanted and then decided to back down with a, "Oh, wait, we found another way" story.
You know it's scary times when the guy wearing the tinfoil hat is starting to seem like the most sane person in the room.
Re: (Score:2)
Pretty sure they can do it (Score:2)
Pretty sure they can do it:
http://blog.trailofbits.com/20... [trailofbits.com]
More alarming than the "hack"... (Score:5, Insightful)
More alarming than the hack is the following bit in TFS:
The "hack", as I understand, was on an 5C, which is weak by comparison to the 5S and beyond. Non-event.
But the bit I quoted? Really? Limit what encryption consumers can have? I find that more alarming than "old-ass insecure phone got cracked."
I hope this dies a flaming painful death before it goes anywhere.
Re:More alarming than the "hack"... (Score:5, Informative)
Re: (Score:2)
Let the US shoot itself in the foot. The rest of the world will encrypt.
Already been there, thought common sense was starting to break through, apparently not.
Re:More alarming than the "hack"... (Score:5, Insightful)
Yeah, Apple, Google, Microsoft, Blackberry, etc should all come out publicly and say
"We will produce secure encryption for the rest of the world, however the US government has mandated that US citizens are only entitled to 2nd best, now here is a list of YOUR representatives who voted for the bill"
If the representative were Named, Shamed and Blamed they might just loose their cushy jobs.
Re: (Score:2)
Yeah, Apple, Google, Microsoft, Blackberry, etc should all come out publicly and say
"We will produce secure encryption for the rest of the world, however the US government has mandated that US citizens are only entitled to 2nd best, now here is a list of YOUR representatives who voted for the bill"
If the representative were Named, Shamed and Blamed they might just loose their cushy jobs.
The problem being that most Americans won't understand and/or won't mind as 'they have nothing to hide'.
The root cause of the problem is civilian complacence and I don't see that changing any time soon.
Re: (Score:3)
And when they do that, their CEOs can join the Quest CEO in prison.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re:More alarming than the "hack"... (Score:5, Insightful)
We are not the worst! Yeah USA!
I that really your yardstick for excellence?
Re: (Score:2)
Well, if you read slashdot, USA is the worst. Excuse me for injecting a little reality.
Re:More alarming than the "hack"... (Score:5, Informative)
Are you sure [wikipedia.org]?
Re: (Score:2, Troll)
And yet most of Europe send to be functioning rather well and with less government intrusion on their lives than the good old land of the free-to-have-all-aspects-of-life-recorded-by-the-government.
Re: (Score:2)
Let the US shoot itself in the foot. The rest of the world will encrypt.
The problem for me is that while I do not live in the US, I wind up subject to US laws, because if my Government looks like it might step out of line with what the US wants, our Prime Minister gets a round of golf with the President. I imagine he is told in private what the US wants, and the great photo ops are his payment.
Re:More alarming than the "hack"... (Score:4, Interesting)
I remember a time when the US had all the good encryption and wasn't allowed to export it. Now the rest of the world will have good encryption and the US won't be allowed to import it.
Re: (Score:2)
Let the US shoot itself in the foot. The rest of the world will encrypt.
If that becomes true, then phones sold in the US will have to conform or they will be considered contraband.
Re:More alarming than the "hack"... (Score:4, Interesting)
I studied cryptography in college in the 1980s - and all the same old methods still work, maybe the keys need to be a little longer today, but symmetric, asymmetric, time locks, etc, all still apply.
So, are we going to stop teaching encryption methods in school? How about burning the textbooks, making it illegal to post on the internet, flagging people who talk about it or search for it? Every semester institutions of higher learning are training our youth in the dangerous art of secure communication, when will it stop?
Re:More alarming than the "hack"... (Score:5, Insightful)
Be careful, or they will outlaw mathematics.
With apologies to the NRA (Score:3)
They'll get my math when they pry it out of my cold, dead cerebral cortex.
Re: (Score:2)
Be careful, or they will outlaw mathematics.
I am seriously thinking about writing them a satirical letter thanking them for their courageous and valiant fight against mathematics but that their constituents and future constituents will not be happy until they've replaced high school algebra with a less dangerous subject like household chemistry
Re: (Score:2)
I suspect that quite a few might say they've been largely successful.
I went to a private Catholic school while many of my cousins went to the local public schools. I remember a few family reunions where we'd hear stories of the shenanigans that they'd let the student get away with. One memorable story was of some students that stole some dry cleaning and wore some of the work uniforms they found to school. Turns out that those uniforms were from the welding shop my brother worked at over the summer. Wha
Re: (Score:2)
How do you stop steganography, exactly?
No, it is not relatively easy to tell if someone is using encryption, and can always be contrived so as to be impossible.
The only people who would fail to get away with using encryption if it were actually outlawed are people that are too stupid to know how to not get caught.
But those aren't the people that are the problem that law enforcement is worried about.
So they are banning Math? (Score:2)
That's what it all comes down to.
Re: (Score:3)
Limit what encryption consumers can have?
They've done it once before, when encryption was classed as a munition, so could not be exported from the US without Government authorization.
Re:More alarming than the "hack"... (Score:4, Interesting)
If encryption is a "munition" then this is not just a First Amendment issue, the Second Amendment also applies.
Along that same train of thought, anyone besides me remember those Apple commercials touting that the then new PowerMac was considered a weapon? That same law that considers encryption a weapon also controls what kind of computers we can export. That's because computers are weapons too, I guess.
They want to ban "undetectable" plastic guns, and the 3D printers that can create them. Then they tell us we can't even share the design files for the 3D printed guns. Can't have encryption that they cannot break, which I assume is so we can't share these gun designs without them knowing. Or even order a pizza without them knowing.
What are these people so afraid of?
Perhaps they fear us "peasants" might revolt.
Re: (Score:2)
> Perhaps they fear us "peasants" might revolt.
If that were the case, they'd stop. Unfortunately, we're afraid of our government. It should be the other way around.
If they thought we'd revolt, they'd stop trying to take our liberties away. A good government has a healthy respect, which is fear, the citizenry. I want my government to know they have limits and that bad things will happen if they cross the line. I want my government to remember that we're armed and how hard it is to deal with an insurgency.
Re: (Score:2)
I don't think they'll try that again. Back then they mistakenly thought that only the US had good encryption, so export controls would prevent other countries from keeping stuff secret.
A more likely strategy will be to simply mandate weak security on consumer devices sold in the US. The goal here is not to screw other countries, it's to screw yourselves.
Re: (Score:2)
"Are you currently living in an oppressive fascist regime that wants to spy on everything you do?"
And if you click that, then all the encryption is disabled. If you don't click it, then your phone is protected.
Re: (Score:2)
But the bit I quoted? Really? Limit what encryption consumers can have? I find that more alarming than "old-ass insecure phone got cracked."
They can attempt to pass whatever laws they want. There's no putting the encryption genie back into the bottle, sorry. And ultimately, any such laws passing would be an economic blow to our nation and therefore, hasn't a snowballs chance in hell of actually becoming law.
And just like with attempts to pass guns laws, such laws would not stop criminals from employing strong encryption, just like they won't be taking any guns away from criminals. Just silly nonsense that makes zero sense.
Re: (Score:2)
Limiting the encryption people can have will be extremely difficult when there are multiple open-source encryption libraries available in the wild. Even without access to sources, there are also many papers describing the principles behind popular ciphers which people can use as a starting point for a design of their own.
Sounds like an unwinnable war to me. Even if the USA declares strong consumer encryption illegal and gets it removed from Google Play, iTunes, Amazon apps, etc., people who still want to us
Re: (Score:2)
It (encryption tech) is already a controlled export - why not just turn those same standards around on the citizens?
http://www.bis.doc.gov/index.p... [doc.gov]
http://www.bis.doc.gov/index.p... [doc.gov]
Re: (Score:2)
Fighting encryption is a losing battle. At most they will put US citizens' data at greater risk by limiting what we can use while the rest of the world pushes forward into better secur
Re: (Score:2)
Re:More alarming than the "hack"... (Score:4, Insightful)
Banning encryption would be unconstitutional.
Lol, and what's your point? It's not going to stop scumbags like Feinstein and Burr. The Constitution is optional for people like them.
Re: (Score:3)
Doesn't need to be banned, just regulated - like the right to bear arms - so, no full auto weapons and no symmetric keys > 56 bits...
Re: (Score:2)
like the right to bear arms
which means, you have the right to encrypt using as many bits as you can write on your bare arm ;)
Re: (Score:2)
like the right to bear arms
which means, you have the right to encrypt using as many bits as you can write on your bare arm ;)
Nah, you have to go find a bear and take its arm. On the upside bear arms are bigger than human arms so you can have more bits.
Re:More alarming than the "hack"... (Score:4, Interesting)
The US government should realize by now that Islamic State and other terrorist groups (and increasingly even small cells or lone-wolf attackers like the ones in San Bernadino) already have (and are using) encryption software that even the NSA cant currently break and that further restrictions on cryptography wont make it any easier to catch the bad guys despite the rhetoric of the FBI, NSA and others.
That said, the whole "terrorists around every corner" angle is just a cover story to disguise the fact that the "5 eyes" governments have created a worldwide surveillance network far moire powerful than anything that has come before it and is willing to do anything they can to prevent that surveillance network going dark and cutting off their access to the world's data.
Re:More alarming than the "hack"... (Score:4, Insightful)
Yeah the problem is that governments and law enforcement.intelligence agencies want the ability to build an even bigger haystack to search through when what they SHOULD be doing is hiring more guys with the skills to find the needles in the haystack they already have.
More money spent on HUMINT and less spent collecting every piece of data in the known universe might actually lead to the next guys who want to blow up a sports stadium or an airport or a train station or a skyscraper being caught BEFORE they do whatever evil things they plan to do.
do we know the phone was hacked (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
http://www.usatoday.com/story/... [usatoday.com]
"... the agency was being inundated with requests from state and local law enforcement seeking help accessing the contents of hundreds of encrypted or damaged cellphones linked to unrelated criminal investigations scattered across the country."
"Requests involving
am I misrememberinfg (Score:5, Interesting)
or wasn't there some law about circumventing security measures on a computer device?
Re: (Score:2)
When they tell you not to use your work
Physical access (Score:2)
Re: (Score:2)
What is public is the request was for a computer related solution that would fit on any gov hard drive and open any branded phone.
Portable to take to any city, state, county, other nation and fully access any waiting phone.
http://nypost.com/2016/03/02/f... [nypost.com] (March 2, 2016)
"“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,
More importantly ... (Score:5, Interesting)
What info did the FBI get off the phone? I think it's generally considered that time was a crucial element in getting any meaningful info from the phone, and perhaps days or hours after the event, anything in there would be useless.
I'm not sure anyone has yet to convince me that more encryption = more terrorism.
Re: (Score:3)
Given the crap storm they put us through, they owe us at least a rough idea of what was found. My guess is nothing. Given the diligence to use and then destroy a burner phone, he likely had nothing of note on a work phone that I'm sure they expected was not private from his employer.
Inquiring minds want to know... (Score:3)
The whole issue (Score:3, Insightful)
Re: (Score:2)
It's little wonder the Boston Bombers managed to do what they did. All that data and all it demonstrates is that the security services are populated by complete morons.
Re: (Score:2)
A limitation on crypto and going to open court with a log from a phone just gets interesting people very interested in not talking on any phone.
All this was predicted decades ago via the GCHQ that ensured it never wen
Feinstein and Burr are scum (Score:4, Insightful)
"Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come."
Not only is this extremely stupid and utterly unworkable, but fuck these two maggots who think that it's their right to weaken our privacy.
How will the government elide encryption? (Score:2)
When math is outlawed... (Score:5, Funny)
Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.
When math is outlawed, only mathematicians and those who can read their papers will have math.
I'll tell you what the method is... (Score:2, Informative)
It's called man in the middle. They remove the memory chip from the iphone. The contents of the chip are read and saved with a chip reader. A device emulates that chip and hooks into the screen and touch screen input. It then brute forces all possible passcodes. It only requires someone with decent desoldering skills with a hot air wand.
More disinformation (Score:2)
Lies, Lies and more Lies (Score:2)
Re: (Score:2)
It's becoming clearer every day that we need phones that run OpenBSD. The OpenBSD developers have showed us time and time again that they're completely dedicated to writing damn secure software. They will even fork, fix and maintain software written by other projects if it doesn't meet their high standards, like we've seen them do with their LibreSSL project.
This is exactly the kind of thing that Mozilla could do to redeem themselves. Instead of wasting so much time and effort on Firefox OS, they could have instead provided the resources necessary to get OpenBSD to run well on Nexus phones. It's clear that Mozilla doesn't have much of a chance when it comes to the web these days, after how they've driven away so many Firefox users with unwanted and unnecessary changes. But Mozilla could reinvent itself as a provider of secure consumer-oriented software.
Hopefully they won't suck as hard as the Ubuntu Phones have so far.
no, not FreeBSD. After 20 year career in comp secu (Score:2)
No, the Playstation doesn't run FreeBSD, or free anything. It runs a proprietary operating system which includes a lot of code from another proprietary operating system which once borrowed some code from FreeBSD.
Every few years, somebody figures out a way that if you have full access to the hardware, you can open it up and do this and that and boot another OS. I don't know that ANY popular hardware is secure against that.
Going on 20 years working full time in computer security, it's my informed opinion th
Re: (Score:2)
The right tool for the job (Score:3)
For a very long time I ran Linux on everything- not just my desktops, laptops, laptops, and servers, but also my routers and everything else. Linux is so flexible that it runs 98% of all supercomputers, and also runs fine with 8 MB of RAM. For many purposes, there is a Linux distribution that's the right tool for the job.
In some cases, FreeBSD or OpenBSD is the right tool for the job. Firewalls are a great example, you want your firewall to be secure and reliable ; you don't care if it supports the lat
bash, Outlook, Photoshop, grep, awk, make (Score:5, Interesting)
I could have said that more concisely as:
--
My last two employers needed me to use Outlook and Photoshop.
My personal workflow uses bash, perl, grep, awk, and make.
All of those required tools work great on my Mac, even after I've dropped it on the concrete.
---
Mac is full-fledged certified UNIX, and it's corporate helpdesk approved. Where else are you going find that combination ?
My MacBook Pro does run Linux, Windows, and FreeBSD virtual machines all the time too, though. I click whichever OS is suited to the moment. Last week, in 18 hours, we found thousands of vulnerabilities in 14 machines running those operating systems plus Cisco, so I know none are bulletproof, but I also know some are much more secure than others. (Out full vulnerability report for 14 targets was over 1600 pages long - for the exposures we found in 18 hours).
Re: (Score:2)
Yes, it is worth it, for my employer's source code (Score:3)
I'll more directly answer your post. You posed the question of whether concerns that the government can lean on big companies and thereby get access to your computer should override other benefits of using a particular operating system. "Is it really worth it?", you asked.
In my opinion, it IS worth that risk of government finding a way to access my employee email etc, particularly if they have the laptop in custody and a warrant, like the San Bernardino case, when the alternative is that -I- don't have pr
Re:FBI hack should not be made public (Score:5, Insightful)
Because Apple helps to fund the FBI, the FBI doesn't help to fund Apple.
Re: (Score:2)
Because Apple helps to fund the FBI, the FBI doesn't help to fund Apple.
I bet they have a shit load of ipads and iphones.
Re: (Score:2)
Apple isn't willing to play ball with the FBI.. so why should the FBI help Apple out here?
Because Apple helps to fund the FBI, the FBI doesn't help to fund Apple.
I bet they have a shit load of ipads and iphones.
Did they pay for them ? :)
I guess most of them are in a locked state
Re:FBI hack should not be made public (Score:4, Insightful)
Do privacy concerns come before finding the bomb before it detonates?
Yes, they do...
If you don't have principles to stand on, then you stand for nothing and will fall, sooner or later.
Re:FBI hack should not be made public (Score:5, Insightful)
As with most theoretical ethics problems, it only seems as if there is a conflict because the proposed scenario is too vague. This is why I find philosophy irritating sometimes, once you define enough details (as you would have in a real world scenario) you'll often find that the "right" thing to do is less ambiguous than it seems.
How do we know there is a nuke that is about to go off at all, if we don't know where it is? How did we locate the person who delivered the bomb in the first place? We were tracking them closely enough to know that they planted the bomb, but not closely enough to know where? How do we know that the location and the disarming codes are on the iPhone at all? What kind of guarantees do we have that if we do get into the iPhone we can stop the bomb going off in time anyway?
If we have a 100%, no bones about it, guarantee that gaining access to this one particular iPhone will prevent a nuke going off somewhere, then by all means, break into this particular iPhone. But you'll never have that kind of guarantee, so people will always argue that we need to be able to get into all the iPhones just in case.
This is always the problem with this kind of reasoning, it leads inexorably to mass surveillance: "We have to watch everybody because somebody, somewhere, at some time will do something dangerous, and this is the only way to stop them." How about: most people are good, so let them be free.
I'd rather die in a nuclear blast in a free country, than live a long life in a police state. The real fight is not to prevent deaths due to terrorism, the real fight is to prevent terrorists from changing who we are. They can only win that fight if we let them.
Re:FBI hack should not be made public (Score:4, Insightful)
Most people are "cut you off in traffic" assholes, not "plant a nuclear bomb in downtown Manhattan" assholes. Most people are good in that they're not violent criminals, even if they are uncourteous (and Americans are not even close to being the most uncourteous people in the world).
Re: (Score:2, Troll)
But seeing "Trump 2016" chalked onto a sidewalk will make those same weak-willed twits wail in horror? [washingtonpost.com]
Awww, such special snowflakes!
I'm older, but at 18 or 20 years old my father and grandfather were jumping out of troopships while being shelled and shot at....but millennials shit their pants if the rice in the school cafeteria isn't "authentic" to the way they make sushi in Japan. I'm not making this up.
Re: (Score:2, Informative)
Crypto and homebrew don't belong in the same sentence. Even the experts occasionally get it wrong and they have decades of design and implementation experience behind them. This one is best left to the pros, with audits of their work.
Re: (Score:2)
Because we do not trust the FBI or our other federal investigatory agencies to operate transparently. Nor should we: they've a long history of relying on untrustworthy informants, and of pursuing ridiculous charges for criminal activity. Look up the David LaMacchia case for a prime example of stupidly handled criminal charges, and the Kevin Mitnick case for how badly the FBI handles hacker informants. Most of their limited number of successful investigations and prosecutions for computer crime do not actual
Re: (Score:2)
URL please? I somehow managed to miss that news.
Resetting the failed attempts counter is only part of the problem. How could the company run a brute force attack given the limitations of the i-Phone hardware? i.e. The i-Phone doesn't have thousands of fast parallel processors dedicated to handling password requests. Unless the owner was using a guessable password or something vulnerable to a dictionary attack, wouldn't it take years(centuries?) to brute-force it?