User Panel
User Panel
User Panel
|
Posted: 2/18/2016 11:59:19 AM EDT
[#1]
Quote HistoryQuoted:
There are no Iphone plans without a data plan. You can look to straight talk wireless they have $45 plans unlimited talk/text with 5 gigs of data. They operate on Verizon and AT&T towers depending on the model of phone you get. Quote HistoryQuoted:
Quoted:
Thanks Chief. I may be in the market to replace my antique flip phone with an iPhone 6. 
Does anyone know if Verison supports an iPhone with text only and no data (wifi only) plans? There are no Iphone plans without a data plan. You can look to straight talk wireless they have $45 plans unlimited talk/text with 5 gigs of data. They operate on Verizon and AT&T towers depending on the model of phone you get. Strange, my daughter is using a T-Mobile pay as you go plan with no data and she's on an iPhone. Trade-off is that T-Mobile coverage is for shit. We purchased the phone separately though. |
|
|
|
Posted: 2/18/2016 12:08:45 PM EDT
[#2]
Quote HistoryQuoted:
They can *ask* the court for relief from the order. That doesn't mean the court will agree with them that it is "unreasonably burdensome". Quote HistoryQuoted:
Quoted:
A portion of the Court Order that hasn't been mentioned much is this: "To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order." Seems like a perfect solution to Apple's dilemma about performing the work the Court has ordered. If would seem safe for Apple to declare that this project WOULD BE "Unreasonably Burdensome" and therefore decline to initiate the project. Who would be able to claim it wasn't? I assume the only persons knowledgeable enough are Apple's security engineers, whom I have to believe do not want to write a crack to their own program, even if it is possible. Tim Cook: So you see, Comrade Citizen Judge, we can't do it ! Anything else? They can *ask* the court for relief from the order. That doesn't mean the court will agree with them that it is "unreasonably burdensome". Very true. However, its worth noting that this isn't the first time the government has used the All Writs Act against Apple. Most of the time they've acquiesced...until recently. It may be that their own security features have evolved to a point that it is unreasonably burdensome to comply past a certain generation of phone. It may also be that they see the continued and ongoing use of the AWA to force their cooperation as a third party as a problem they need to challenge sooner or later, or it will become the FBI's defacto 'backdoor' for encryption legislation they can't get through congress. |
|
|
|
Posted: 2/18/2016 12:09:53 PM EDT
[#3]
Quote HistoryQuoted:
The "issue" is that all current gen iPhones can be decrypted, by Apple. Apple does "proprietary" device security, not "fine" device security. They completely constrain how you use the device and what you can put on it in order to provide for "security" and their bottom line. I actually know a little bit about encryption, since a good part of my job is digital security. Apple has misled all of their customers and just been caught with their pants down. Instead of rushing to fix things, they are rushing to court. There are plenty of encryption implementations that would have prevented this entire issue, but Apple didn't use them... Quote HistoryQuoted:
Quoted:
Quoted:
Dumbest thing I have read in a good long while. That this is even an issue proves beyond any shadow of a doubt that Apple does some fine device security. The "issue" is that all current gen iPhones can be decrypted, by Apple. Apple does "proprietary" device security, not "fine" device security. They completely constrain how you use the device and what you can put on it in order to provide for "security" and their bottom line. I actually know a little bit about encryption, since a good part of my job is digital security. Apple has misled all of their customers and just been caught with their pants down. Instead of rushing to fix things, they are rushing to court. There are plenty of encryption implementations that would have prevented this entire issue, but Apple didn't use them... How? |
|
|
|
Posted: 2/18/2016 12:11:16 PM EDT
[#4]
Quote HistoryQuoted: Yeah, that pesky warrant requirement that the government 100% met in full compliance with the 4A... So statist to fully comply with the constitution and get a completely legal warrant and then expect people to follow what the court says. Bullshit like this is why people laugh at the fringe on the right who constantly rail about how much they love the constitution and then start name calling like children when law enforcement follows that same constitution to the letter. Quote HistoryQuoted: Quoted: Quoted: But Muh Privacy on my Chinese phone...wat about muh freedom...  Ah, glad to see our resident statist chiming in. Yeah, that pesky warrant requirement that the government 100% met in full compliance with the 4A... So statist to fully comply with the constitution and get a completely legal warrant and then expect people to follow what the court says. Bullshit like this is why people laugh at the fringe on the right who constantly rail about how much they love the constitution and then start name calling like children when law enforcement follows that same constitution to the letter. Apple already provided all of the data in their possession. That's what a warrant is for. What the government wants to do is compel Apple to perform work on their behalf, to modify the phone so that the FBI can attempt to crack it. That goes WAY beyond the requirement to provide data pursuant to a search warrant, and does not appear to have any Constitutional basis. It opens Apple up to considerable jeopardy and can cause harm to their business. |
|
|
|
Posted: 2/18/2016 12:12:54 PM EDT
[#5]
Quote HistoryQuoted:
You're not paying attention. Apple absolutely has the private keys that are required to upload software onto the phone. The only reason the FBI is claiming they can't do it themselves is that they don't have that key. I know that Apple does not have the hardware key embedded in the AES chip, nor do they have the PIN. If they build a piece of malicious software, *SIGN IT*, and upload it into the phone, then the FBI can (supposedly) run an automated cracker on the PIN and recover the PIN, which will allow them to unlock the phone, which decrypts private storage. Not paying attention, or too dumb to follow the conversation? At this point, I'm not sure which. 
|
|
|
|
Posted: 2/18/2016 12:17:09 PM EDT
[#6]
Quote HistoryQuoted:
There are no Iphone plans without a data plan. You can look to straight talk wireless they have $45 plans unlimited talk/text with 5 gigs of data. They operate on Verizon and AT&T towers depending on the model of phone you get. Quote HistoryQuoted:
Quoted:
Thanks Chief. I may be in the market to replace my antique flip phone with an iPhone 6.
Does anyone know if Verison supports an iPhone with text only and no data (wifi only) plans? There are no Iphone plans without a data plan. You can look to straight talk wireless they have $45 plans unlimited talk/text with 5 gigs of data. They operate on Verizon and AT&T towers depending on the model of phone you get. The cheapest plan that I am aware of is $30 T-Mobile exclusively through WalMart. It has 100 voice minutes and 5Gb of data per month. |
|
|
|
Posted: 2/18/2016 12:17:42 PM EDT
[#7]
Quote HistoryQuoted: They have guns too...with which they could kill people at will but they don't. I understand where you are coming from but this will be like many other tools that go into the toolbox and get used only when you have the correct legal authority. There is a ton of sensitive technology that can only be used with the correct authority and paperwork. This will be no different. Quote HistoryQuoted: Quoted: Quoted: ............... Yeah, that pesky warrant requirement that the government 100% met in full compliance with the 4A... So statist to fully comply with the constitution and get a completely legal warrant and then expect people to follow what the court says. Bullshit like this is why people laugh at the fringe on the right who constantly rail about how much they love the constitution and then start name calling like children when law enforcement follows that same constitution to the letter. But if what Apple is saying is true and by complying the FBI will now have access to other peoples phones..........should they be trusted with that sort of ability? Currently, with this FBI and ESPECIALLY this DOJ by extension I say FUCK NO I do not trust them and neither should you as a right winger. Tinfoil on my part..........maybe. They have guns too...with which they could kill people at will but they don't. I understand where you are coming from but this will be like many other tools that go into the toolbox and get used only when you have the correct legal authority. There is a ton of sensitive technology that can only be used with the correct authority and paperwork. This will be no different. Because they know they aren't the only ones with guns and that the minute a large enough portion of the population decided they were a threat, there wouldn't be a Federal agent left alive. Which would suck for the good ones, including many of my friends. When I look at my Facebook feeds, some of the people I see who trust the government the least are the ones with the most exposure to it. Think Extorris's attitude towards the NYPD, but coming from Batt boys or SF. |
|
|
|
Posted: 2/18/2016 12:28:55 PM EDT
[#8]
Quote HistoryQuoted:
They can *ask* the court for relief from the order. That doesn't mean the court will agree with them that it is "unreasonably burdensome". Quote HistoryQuoted:
Quoted:
A portion of the Court Order that hasn't been mentioned much is this: "To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order." Seems like a perfect solution to Apple's dilemma about performing the work the Court has ordered. If would seem safe for Apple to declare that this project WOULD BE "Unreasonably Burdensome" and therefore decline to initiate the project. Who would be able to claim it wasn't? I assume the only persons knowledgeable enough are Apple's security engineers, whom I have to believe do not want to write a crack to their own program, even if it is possible. Tim Cook: So you see, Comrade Citizen Judge, we can't do it ! Anything else? They can *ask* the court for relief from the order. That doesn't mean the court will agree with them that it is "unreasonably burdensome". The Court knows it's asking for something they can't prove exists or is even possible. Apple can deny both possibilities, and without any evidence to the contrary, what is the Court's option then? Fairy Dust, Unicorn Farts? Apple is in a position to say "Not Gonna Happen" and just stick to that. Besides, Fishing Expedition. We can all speculate that the phone contains North Korea's nuke launch codes, or something or nothing else. It's not Apple's problem, and they shouldn't have to undo .gov's fuck ups. |
|
|
|
Posted: 2/18/2016 12:30:10 PM EDT
[#9]
Quote HistoryQuoted: No, these are two different things. Software updates are cryptographically signed by Apple so the device know that the updates it is receiving are legitimate. This prevents third parties -- say the FBI -- from installing rouge software. The data on he phone is encrypted and can only be decrypted by the phone after the proper passcode is entered. There is no way around that. (Now, to prevent brute force attacks (just trying every possible passcode, one at a time) the operating system has additional safeguards, including rate-limited login attempts and self destruction after a number of failed login attempts.) What the government is requesting -- and what may be possible on this model -- is that Apple write a compromised version of the operating system that eliminates the additional safeguards so the government can brute-force the passcode and decrypt the phone. Quote HistoryQuoted: Quoted: Quoted: You're not paying attention. Apple absolutely has the private keys that are required to upload software onto the phone. The only reason the FBI is claiming they can't do it themselves is that they don't have that key. I know that Apple does not have the hardware key embedded in the AES chip, nor do they have the PIN. If they build a piece of malicious software, *SIGN IT*, and upload it into the phone, then the FBI can (supposedly) run an automated cracker on the PIN and recover the PIN, which will allow them to unlock the phone, which decrypts private storage. But, if I understand it correctly, only on older versions of the iphone, not the iphone 6. In the case of the 6, Apple could legitimately say, "we simply can't". No, these are two different things. Software updates are cryptographically signed by Apple so the device know that the updates it is receiving are legitimate. This prevents third parties -- say the FBI -- from installing rouge software. The data on he phone is encrypted and can only be decrypted by the phone after the proper passcode is entered. There is no way around that. (Now, to prevent brute force attacks (just trying every possible passcode, one at a time) the operating system has additional safeguards, including rate-limited login attempts and self destruction after a number of failed login attempts.) What the government is requesting -- and what may be possible on this model -- is that Apple write a compromised version of the operating system that eliminates the additional safeguards so the government can brute-force the passcode and decrypt the phone. AND it has to be something that can be forcibly loaded on the phone, without user intervention, and without compromising the data on the phone. |
|
|
|
Posted: 2/18/2016 12:38:21 PM EDT
[#10]
Quote HistoryQuoted:
Give me a bit to digest. Quote HistoryQuoted:
Quoted:
What they want Apple to do is build a modified OS that bypasses all the safeguards they built into both the software and hardware, and allows them to interface something to the phone to brute force the PIN and unlock it. It's a little more involved than that, but that's the way I understand it. The whitepaper Apple wrote will give you a good understanding of what Apple's doing in terms of security and why. Give me a bit to digest. Ok, so at a glance I'm falling more toward the "can't be done" camp if we are assuming iOS 9. Per the court order, .fed wants to flip the bits to allow an uninhibited brute force attack of the passcode. That being the request the assumption has to be that the passcode is either the 4 or 6 digit numeric option. What is not clear is where the security configuration lives or how they expect to get at it from RAM. Would seem that the better route would be to go after LLB or iBoot to sideload a clean OS without security enabled. Admittedly, I only took a cursory look at the crypto implementation for the file system. If that's tied to OS-specific factors then clean OS goes out the window. |
|
|
|
Posted: 2/18/2016 12:38:29 PM EDT
[#11]
This thread explains so much about GD... I've never seen such bad gauge coming from people who profess to be tech experts.
No one except Apple knows exactly how easy the Gov's order is to implement, because no one but Apple has the actual source code or experience with iOS firmware/hardware. That said, people who reverse hardware and software for a living believe that this is trivial. Why? Because we're talking about interacting with two relatively simple functions - a pin rate limiter, and a pin counter. There is no reason to believe an iOS update that ignores these functions is difficult to create, or doesn't already exist as a debug build. You have to remember that Apple pushes updates to millions of phones. Their worst nightmare is an update that bricks all of the handsets. Hardware and OS manufacturers always have debug builds of software that interact differently with with the product, especially when it comes to basic security protocols. Apple and DOJ have apparently been having these discussions for months, over this phone. News reporting is that Tim Cook is angry mostly because the order was made public. As someone who actually works in infosec, I read the ruling and was completely surprised by how simple the gov approach was to solving this. I was surprised, because I'd taken Apple at face value when they said nothing of this sort could be done. All of us are simply giving this our best guess as to how quickly, and easily, Apple can respond to this. All the tech part aside, Apple's reaction is very, very telling. I don't know the last time I've heard a Silicon Valley company say they preferred a ruling such as this to stay sealed... |
|
|
|
Posted: 2/18/2016 12:55:12 PM EDT
[#12]
Quote HistoryQuoted:
so what did this kook do to his iphone that made it so hard to bust open? I assume this is more than the 4 digit code I put it into mine? Most likely a passphrase |
|
|
|
Posted: 2/18/2016 1:01:43 PM EDT
[#13]
Quote HistoryQuoted:
Damn I didn't know it was an iPhone pin lock that was kicking their ass. They changed the way the phone logs failed attempts because some guys in England figured out to brute force them. No it's the encryption 99.9999 percent chance he has a strong passphrase and trying to guess that is almost impossible |
|
|
|
Posted: 2/18/2016 1:12:00 PM EDT
[#14]
Quote HistoryQuoted:
Apple already provided all of the data in their possession. That's what a warrant is for. What the government wants to do is compel Apple to perform work on their behalf, to modify the phone so that the FBI can attempt to crack it. That goes WAY beyond the requirement to provide data pursuant to a search warrant, and does not appear to have any Constitutional basis. It opens Apple up to considerable jeopardy and can cause harm to their business. Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
But Muh Privacy on my Chinese phone...wat about muh freedom... Ah, glad to see our resident statist chiming in. Yeah, that pesky warrant requirement that the government 100% met in full compliance with the 4A... So statist to fully comply with the constitution and get a completely legal warrant and then expect people to follow what the court says. Bullshit like this is why people laugh at the fringe on the right who constantly rail about how much they love the constitution and then start name calling like children when law enforcement follows that same constitution to the letter. Apple already provided all of the data in their possession. That's what a warrant is for. What the government wants to do is compel Apple to perform work on their behalf, to modify the phone so that the FBI can attempt to crack it. That goes WAY beyond the requirement to provide data pursuant to a search warrant, and does not appear to have any Constitutional basis. It opens Apple up to considerable jeopardy and can cause harm to their business. Apple didn't get served with a search warrant. This might have already been posted... http://www.npr.org/2016/02/17/467115555/apple-challenges-use-of-all-writs-act-in-order-to-unlock-attackers-iphone http://gizmodo.com/the-227-year-old-statute-being-used-to-order-apple-into-1759736160 (a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction. (June 25, 1948, ch. 646, 62 Stat. 944; May 24, 1949, ch. 139, § 90, 63 Stat. 102.) "In 2005, Judge James Orenstein dismissed the government when it tried to convince him he could use All Writs to authorize surveillance, saying that this sort of All Writs interpretation “invites an exercise of judicial activism that is breathtaking in its scope and fundamentally inconsistent with my understanding of the extent of my authority.” And in 2015, Orenstein even questioned whether All Writs was appropriate for compelling Apple. “The question becomes whether the government seeks to fill in a statutory gap that Congress has failed to consider or instead seeks to have the court give it authority that Congress chose not to confer,” he wrote. (Getting our privacy potentially fucked isn’t funny, but it is excellent that these judges are named Orenstein and Gorenstein. Petition to get them a reality television program, like Judge Judy, only Judge Orenstein & Gorenstein, sort of a Siskel and Ebert type situation.) The judge who gave this week’s court order, US Magistrate Judge Sheri Pym, has given Apple five days to respond to the request. Now, remember that 1977 Supreme Court case that I described as a “turning point?” That case determined that third parties (like Apple) can assist the government, if certain conditions are met. If it is “unreasonably burdensome” for that third party, it doesn’t have to help. So Apple needs to persuade Pym that creating custom malware is an undue burden on Apple. If it does, there’s a chance she could decide that All Writs won’t fly in this case. If she decides in favor of the government, however, this case will set a very serious precedent that will encourage agencies to pursue court orders to compel tech companies to cooperate, even if that cooperation means forcing companies to create security backdoors that undermine the purpose of the products they create." |
|
|
|
Posted: 2/18/2016 1:21:30 PM EDT
[#15]
Quote HistoryQuoted:
Except that Apple apparently has a way to do exactly that, which is what the Judge is ordering Apple to furnish to the government. Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
It is not feasible to do, that is the whole point of their encryption mechanisms. Hay guys, undo math! ~ Government If they get unlimited tries, they will unlock the phone. Guaranteed. That isn't how it works. The encryption keys are tied to chips on the phone. You can't image the phone and have unlimited retries to crack the PIN. The most you could do is crack the AES256 key, but that will take infinite time. Except that Apple apparently has a way to do exactly that, which is what the Judge is ordering Apple to furnish to the government. Apple has a way of doing this exactly like you can go build a fence for free. There is no existing way for Apple to do this. They want Apple to make it. They want Apple to pay their employees to design a work around so they can defeat iPhone security. "Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction." |
|
|
|
Posted: 2/18/2016 1:32:23 PM EDT
[#16]
Quote HistoryQuoted:
Most likely a passphrase Quote HistoryQuoted:
Quoted:
so what did this kook do to his iphone that made it so hard to bust open? I assume this is more than the 4 digit code I put it into mine? Most likely a passphrase According to the US Attorneys motion, it is a numeric passcode. Page 5, lines 3-5. PDF 
|
|
|
|
Posted: 2/18/2016 1:34:28 PM EDT
[#17]
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts?
|
|
|
|
Posted: 2/18/2016 1:36:11 PM EDT
[#18]
Quote HistoryQuoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. |
|
|
|
Posted: 2/18/2016 1:40:16 PM EDT
[#19]
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 |
|
|
|
Posted: 2/18/2016 1:41:10 PM EDT
[#20]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 lol |
|
|
|
Posted: 2/18/2016 1:41:50 PM EDT
[#21]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 That's unbelievably special. ETA: Actually a decent article, but I don't foresee much success should he find himself with the opportunity to try. |
|
|
|
Posted: 2/18/2016 1:42:32 PM EDT
[#22]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 Libertarian candidate for President, right there! 
|
|
|
|
Posted: 2/18/2016 1:42:45 PM EDT
[#23]
Quote HistoryQuoted:
Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. Quote HistoryQuoted:
Quoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. OK, I think I've got it: the PIN plus a unique # in the phone itself generates an encryption key that only the phone knows. Plus the escalating "time out" feature helps makes brute force impractical and after 10 incorrect attempts the phone erases itself? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? ETA: if you're running iOS9. |
|
|
|
Posted: 2/18/2016 1:42:53 PM EDT
[#24]
Quote HistoryQuoted:
Ok, so at a glance I'm falling more toward the "can't be done" camp if we are assuming iOS 9. Per the court order, .fed wants to flip the bits to allow an uninhibited brute force attack of the passcode. That being the request the assumption has to be that the passcode is either the 4 or 6 digit numeric option. What is not clear is where the security configuration lives or how they expect to get at it from RAM. Would seem that the better route would be to go after LLB or iBoot to sideload a clean OS without security enabled. Admittedly, I only took a cursory look at the crypto implementation for the file system. If that's tied to OS-specific factors then clean OS goes out the window. Quote HistoryQuoted:
Quoted:
Quoted:
What they want Apple to do is build a modified OS that bypasses all the safeguards they built into both the software and hardware, and allows them to interface something to the phone to brute force the PIN and unlock it. It's a little more involved than that, but that's the way I understand it. The whitepaper Apple wrote will give you a good understanding of what Apple's doing in terms of security and why. Give me a bit to digest. Ok, so at a glance I'm falling more toward the "can't be done" camp if we are assuming iOS 9. Per the court order, .fed wants to flip the bits to allow an uninhibited brute force attack of the passcode. That being the request the assumption has to be that the passcode is either the 4 or 6 digit numeric option. What is not clear is where the security configuration lives or how they expect to get at it from RAM. Would seem that the better route would be to go after LLB or iBoot to sideload a clean OS without security enabled. Admittedly, I only took a cursory look at the crypto implementation for the file system. If that's tied to OS-specific factors then clean OS goes out the window. I believe that the reports state that the phone is running iOS 9. |
|
|
|
Posted: 2/18/2016 1:45:33 PM EDT
[#25]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 That McAfee is a funny guy :-) |
|
|
|
Posted: 2/18/2016 1:47:01 PM EDT
[#26]
Quote HistoryQuoted:
Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? Quote HistoryQuoted:
Quoted:
Quoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? Correct. The white paper linked earlier quoted 5.5 years to brute force a 6-digit PIN were the wipe option not configured. It follows that a 4-digit PIN would be less and a custom length PIN or alphanumeric passphrase would be more. |
|
|
|
Posted: 2/18/2016 1:49:44 PM EDT
[#27]
Quote HistoryQuoted:
Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? Quote HistoryQuoted:
Quoted:
Quoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? No, the 5c will also wipe the memory after 10 failed attempts, it's running the latest iOS version. They're asking Apple to create a special version of iOS that doesn't contain the auto-destruct feature and/or PIN entry delays and load it onto the phone. Apple has to do it because only Apple has the digital signing key that will allow the new software to be loaded onto the phone. FBI can now brute force the phone in a matter of minutes, assuming a 4 digit PIN code. Apple says they won't or can't do that. 5s and on iPhones are a different story. |
|
|
|
Posted: 2/18/2016 1:50:27 PM EDT
[#28]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 Why doesn't he just go find a random person on the street with a iPhone 5c and pw protected and ask them to let him hack their phone and make a youtube video. Seems simple enough way to test his boast. |
|
|
|
Posted: 2/18/2016 1:52:09 PM EDT
[#29]
Quote HistoryQuoted:
No, the 5c will also wipe the memory after 10 failed attempts, it's running the latest iOS version. They're asking Apple to create a special version of iOS that doesn't contain the auto-destruct feature and/or PIN entry delays and load it onto the phone. Apple has to do it because only Apple has the digital signing key that will allow the new software to be loaded onto the phone. FBI can now brute force the phone in a matter of minutes. Apple says they won't or can't do that. Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? No, the 5c will also wipe the memory after 10 failed attempts, it's running the latest iOS version. They're asking Apple to create a special version of iOS that doesn't contain the auto-destruct feature and/or PIN entry delays and load it onto the phone. Apple has to do it because only Apple has the digital signing key that will allow the new software to be loaded onto the phone. FBI can now brute force the phone in a matter of minutes. Apple says they won't or can't do that. Why would it allow an OS update without the PIN anyway? |
|
|
|
Posted: 2/18/2016 1:53:04 PM EDT
[#30]
The craziest thing is that it was a work phone and there is probably nothing on it anyway.
|
|
|
|
Posted: 2/18/2016 1:56:05 PM EDT
[#31]
Quote HistoryQuoted:
Why would it allow an OS update without the PIN anyway? Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
Quoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Pretty much, with a couple properly configured settings. ETA: The encryption is automatic once the passcode is configured. Wipe on missed PINs is optional. Plus the escalating "time out" feature also makes brute force impractical, correct? And this capability exists on the 5s and later iPhones, making them essentially unassailable while the San Bern shooter's 5c is somewhat less hack proof (i.e. impossible with the 5s and later, possible with the 5c and earlier)? No, the 5c will also wipe the memory after 10 failed attempts, it's running the latest iOS version. They're asking Apple to create a special version of iOS that doesn't contain the auto-destruct feature and/or PIN entry delays and load it onto the phone. Apple has to do it because only Apple has the digital signing key that will allow the new software to be loaded onto the phone. FBI can now brute force the phone in a matter of minutes. Apple says they won't or can't do that. Why would it allow an OS update without the PIN anyway? That's a good question. I'm thinking the software engineers at Apple may have thought of exactly this scenario when implementing the security protocols on iOS 9, thus bringing you back to square 1: the PIN problem. |
|
|
|
Posted: 2/18/2016 1:58:03 PM EDT
[#32]
Quote HistoryQuoted:
The craziest thing is that it was a work phone and there is probably nothing on it anyway. That's the part that makes people think this is a ruse to get Apple and tech companies to play ball. Terrorists are paranoid as fuck, and not necessarily as stupid as some would have us believe. Would he really have placed sensitive info on his government owned work phone? That kind of stuff always comes with a "anything on the device is subject to monitoring" warning from the .gov agency. Even if it isn't, the warning and risk of being monitored on a device is there. |
|
|
|
Posted: 2/18/2016 2:00:03 PM EDT
[#33]
Quote HistoryQuoted:
Why would it allow an OS update without the PIN anyway? I'm not familiar with iOS update procedures, can it be set to update without user intervention? Leave the phone on, it periodically checks in with the update servers, and when there is system updates will they get installed automagically? |
|
|
|
Posted: 2/18/2016 2:01:14 PM EDT
[#34]
Quote HistoryQuoted:
I'm not familiar with iOS update procedures, can it be set to update without user intervention? Leave the phone on, it periodically checks in with the update servers, and when there is system updates will they get installed automagically? Quote HistoryQuoted:
Quoted:
Why would it allow an OS update without the PIN anyway? I'm not familiar with iOS update procedures, can it be set to update without user intervention? Leave the phone on, it periodically checks in with the update servers, and when there is system updates will they get installed automagically? No. |
|
|
|
Posted: 2/18/2016 2:02:27 PM EDT
[#35]
Quote HistoryQuoted:
Help the Android guy out: are you telling me that all I have to do is buy an iPhone, set a 4-digit PIN and it's now "encrypted" insomuch as essentially no one else can unlock the phone w/o the PIN and if they attempt to brute force it, it will erase itself after however many failed attempts? Android has encryption feature also, check your my device settings |
|
|
|
Posted: 2/18/2016 2:02:47 PM EDT
[#36]
Quote HistoryQuoted:
No. Quote HistoryQuoted:
Quoted:
Quoted:
Why would it allow an OS update without the PIN anyway? I'm not familiar with iOS update procedures, can it be set to update without user intervention? Leave the phone on, it periodically checks in with the update servers, and when there is system updates will they get installed automagically? No. Whelp that seems to make the government's request all the more impossible... |
|
|
|
Posted: 2/18/2016 2:05:03 PM EDT
[#37]
Quote HistoryQuoted:
Here's the solution.
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 Well, since McAfee is an admitted bath salts abuser, I don't think I would take him up on an offer to mow my lawn, much less have him "hack" an iPhone. |
|
|
|
Posted: 2/18/2016 2:33:37 PM EDT
[#38]
Quote HistoryQuoted:
That's unfortunate as I think there would be a market, albeit a small one. Basically, I want an iPhone that I can use like my iPad, i.e. no data, wifi only. Just different in size. ETA: There are programs I could use for SMS that are already wifi capable. Quote HistoryQuoted:
Quoted:
Quoted:
Thanks Chief. I may be in the market to replace my antique flip phone with an iPhone 6.
Does anyone know if Verison supports an iPhone with text only and no data (wifi only) plans? Unlikely. iPhones don't exactly do text only. They use a system called "iMessage", which tries to get a data connection (end to end encrypted) with an iPhone on the other end. If that fails, and you've enabled it to fall back, then it will try to send the message over sms. That's unfortunate as I think there would be a market, albeit a small one. Basically, I want an iPhone that I can use like my iPad, i.e. no data, wifi only. Just different in size. ETA: There are programs I could use for SMS that are already wifi capable. This has been a bone of contention for many people for years, really since around the original iPhone release. But the carriers don't allow any "smart" devices to be used on their networks without a data package. Even if you were to buy a phone third party, as soon as it connects to the carriers network, the network recognizes the model of the phone due to the unique identifier, IMEI or ESN (dependent on carrier), and will automatically add one of the lower tier data packages to your line. And as Josh had mentioned, a lot of the features of the phone wouldn't work correctly, iMessage being one. While you were on wifi the phone would default over to iMessage when messaging someone with and Apple device, as soon as you moved away from wifi however there would be no data connection the device could use to send the message (iMessage uses the data network, not standard SMS/Text), and any iMessage you send would hang up and have to be sent as standard text. You can turn the iMessage feature off, but then what's the point of having the expanded capability? The other option would be to use a phone you purchase outright, either from a store or from a friend or relative, and use that with one of the "budget" carriers such as Cricket, Straight Talk, etc. Some of those carriers are TERRIBLE, some actually aren't bad, and the whole shebang with talk-text-web can be had for around $50 a month. I'd start a thread in GD and get feedback for carriers in your area before I went the prepaid route, and there are some you'd want to stay away from even though they are "nationwide". /highjack |
|
|
|
Posted: 2/18/2016 2:43:00 PM EDT
[#39]
Quote HistoryQuoted:
If the terrorists went to the trouble for physically smashing both of their personal phones and removing and disposing of the hard drive form their computer. I would tend to think that if the guy left his work phone intact, there probably isn't anything of value on said phone. So it looks to me like the FBI should reasonably believe that there is really little to be gained from cracking the phone for this case. But the precedent would be enormous in terms of future access. This is a really important point! |
|
|
|
Posted: 2/18/2016 2:43:36 PM EDT
[#40]
Quote HistoryQuoted:
How? Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
Dumbest thing I have read in a good long while. That this is even an issue proves beyond any shadow of a doubt that Apple does some fine device security. The "issue" is that all current gen iPhones can be decrypted, by Apple. Apple does "proprietary" device security, not "fine" device security. They completely constrain how you use the device and what you can put on it in order to provide for "security" and their bottom line. I actually know a little bit about encryption, since a good part of my job is digital security. Apple has misled all of their customers and just been caught with their pants down. Instead of rushing to fix things, they are rushing to court. There are plenty of encryption implementations that would have prevented this entire issue, but Apple didn't use them... How? I'm guessing the type of "encryption" where .gov has a master key... |
|
|
|
Posted: 2/18/2016 3:03:44 PM EDT
[#41]
I'm pretty sure most of what you guys are asking about has been covered here.
|
|
|
|
Posted: 2/18/2016 3:06:08 PM EDT
[#42]
Quote HistoryFeel free to jump in anytime.
|
|
|
|
Posted: 2/18/2016 3:11:26 PM EDT
[#43]
Quote HistoryQuoted:
Feel free to jump in anytime. Quote HistoryQuoted:
Feel free to jump in anytime. "Oh, another thread?" He got me, I clicked it... 
|
|
|
|
Posted: 2/18/2016 3:45:58 PM EDT
[#44]
Quote HistoryQuoted:
... They didn't brute force devices to make the Fappening happen, they abused a vulnerable component of the icloud website and a phishing attack to get these celebs website passwords. Not even close to the same thing. Not even the same sport. Quote HistoryQuoted:
Quoted:
Quoted:
Quoted:
Quoted:
And the federal government oversteps its authority yet again. The article said it was a county owned phone so I do not see a privacy issue here. Am I missing something? The government opened a pandora's box they can't close. Remember "The Fappening"? Hackers hacked into Apple by using methods the government uses to break encryption codes. They basically try all the combinations of the password till something works. Well, about that time Apple came out and said they would fix this issue and make the Iphone more secure. This is the result of those efforts. After so many attempts to break the passcode it triggers the phone wipe. Apple also introduced Apple Pay which stores your credit card information on the phone. So, there's even more reason to keep this data encrypted. Lets face it the data stored on phones is very sensitive and people have every right to want that data kept secure. ... They didn't brute force devices to make the Fappening happen, they abused a vulnerable component of the icloud website and a phishing attack to get these celebs website passwords. Not even close to the same thing. Not even the same sport. Indeed. Also something that would have been defeated by using two-factor authentication. Which was available at that time. |
|
|
|
Posted: 2/18/2016 3:49:59 PM EDT
[#45]
Quote HistoryQuoted:
Indeed. Also something that would have been defeated by using two-factor authentication. Which was available at that time. It would have just as easily been defeated by the victims not being complete morons. |
|
|
|
Posted: 2/18/2016 3:57:15 PM EDT
[#46]
The bottomlines are:
1. Apple could do something to let them eventually get into the 5c. 2. There's nothing anyone can do to get into a 5s and newer. Right? |
|
|
|
Posted: 2/18/2016 3:58:35 PM EDT
[#47]
Quote HistoryQuoted:
The bottomlines are: 1. Apple could may be able to do something to let them eventually get into the 5c. 2. There's nothing anyone can do to get into a 5s and newer. Right? |
|
|
|
Posted: 2/18/2016 4:02:23 PM EDT
[#48]
Quote HistoryQuoted:
Quote HistoryQuoted:
Quoted:
The bottomlines are: 1. Apple could may be able to do something to let them eventually get into the 5c. 2. There's nothing anyone can do to get into a 5s and newer. Right? ++ |
|
|
|
Posted: 2/18/2016 4:08:05 PM EDT
[#49]
Quote HistoryQuoted:
Most likely a passphrase Quote HistoryQuoted:
Quoted:
so what did this kook do to his iphone that made it so hard to bust open? I assume this is more than the 4 digit code I put it into mine? Most likely a passphrase A pass phrase transliterated from an odd middle-eastern language? |
|
|
|
Posted: 2/18/2016 4:31:04 PM EDT
[#50]
Quote HistoryQuoted:
Quote HistoryQuoted:
Quoted:
The bottomlines are: 1. Apple could may be able to do something to let them eventually get into the 5c. 2. There's nothing anyone can do to get into a 5s and newer. Right? This seems to be the case. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
