Once they know that Apple can do it, they can force them to do it again.
 

Apple has no magic "key".

The (unique) encryption key is on the phone.

Nope they are protecting the rights of all Apple users.



Government wants it cracked, they need to figure it out.



 

Which really is the whole basis behind my opinion that there NEEDS to be a TPM, TEE, or Apple's "Secure Device" or whatever the term of the time is that hardware needs to fundamentally make software unable to break the disk encryption key protections on the device. There is nothing to subpoena or use warrants to coerce big companies when there is nothing they can do on the software side to weaken the devices once it leaves the factory and ends up in a consumers hands.

And to an extent they've done part of this. The software hacks they want Apple to add don't immediately decrypt the device, they only allow automation of brute force attempts on the device. They do stop taking material off the device and putting it on supercomputer to crack which is great. It means a sufficiently strong key will still keep the device secure.... But a typical short pin or whatever still would not which is unfortunate. Additional hardware protections can prevent this and its unfortunate that a large number of devices in use today don't have this. They should and I've said that for years.

Different key. Software signing keys sign Apple official updates, Apple and only Apple has the private portion of this key. Device encryption key protects device data.

The government opened a pandora's box they can't close. Remember "The Fappening"? Hackers hacked into Apple by using methods the government uses to break encryption codes. They basically try all the combinations of the password till something works. Well, about that time Apple came out and said they would fix this issue and make the Iphone more secure. This is the result of those efforts. After so many attempts to break the passcode it triggers the phone wipe. Apple also introduced Apple Pay which stores your credit card information on the phone. So, there's even more reason to keep this data encrypted. Lets face it the data stored on phones is very sensitive and people have every right to want that data kept secure.

... They didn't brute force devices to make the Fappening happen, they abused a vulnerable component of the icloud website and a phishing attack to get these celebs website passwords. Not even close to the same thing. Not even the same sport.

For Apple they'll call it an antitrust case.

Ok, well the aftermath of all that resulted in Apple getting serious about encryption on Iphones.

Granted but if the link posted here is correct, how would Apple creating a program (which they would keep) to target this specific device, an older device at that, make other iPhones (especially newer Apple Pay compatible ones) less safe.  Serious question because I am no tech guy?

It sets a court precedent that the government will use to open up newer phones as the technology advances. There's no stopping it once it happens. Apple doesn't want to be bombarded with "crack this iphone" request for every single case from someone with a badge. In the wrong hands the technology can be used to infiltrate every Iphone Apple sells.

This isn't about getting the one phone cracked.  It never has been about getting the one phone cracked.

If Apple decided to be good people and make this tool because they wanted to help with terror then they would be answering warrants from every PD in the country to provide the software for their case and Apple couldn't say they didn't have the ability.

Because that "program" (or OS really) would leak faster and harder than George Washington's shower cap.

No disrespect to the father of my country.

Once created that OS (Operating System) would be the KEY to exploit every iPhone out there.

Surely it would be kept as safe as emails from the Secretary of State for the U.S. no?

There are two flawed assumptions in the question. First, that Apple would keep the software. If the phone is in possession of the FBI at any point in time, the software is in their possession forever. Second, that it is possible to target one device. If one device can be cracked, they all can. That's why people are saying that this issue is not about this phone and this terrorist attack. It's about what the Fedgov WILL do in the future, for all cases.

Look at the Patriot Act - everybody swore honest injun it would only be used to protect America from terrorists, no way it would be used against garden variety criminals. But how many garden variety prosecutions have come out of it versus terrorist cases? We know, for an absolute fact, that "just this once" is a lie, and "just for terrorists" is a lie. Those statements cannot possibly ever be true, because of the basic, flawed nature of human governments.

Here is Apple's official stance and explanation.

http://www.apple.com/customer-letter/


This should clear up a bit of the incorrect info here.

Someone mentioned it earlier, it only works with older phones/software, that "vulnerability" has been fixed with the newer devices.

It's 2-3 pages back, folks smarter than me discussing it...

You guys can't be this naïve!?

In case no one else has posted it, just heard that some LEO are already saying they'd like to have the program as well to use in cases involving rape and murder.

And no, I'm not joking, think it was the New York Chief of Police, I'll go see if I can find a story, this was audio/interview on a news channel.

GeoHot? George Holtz (sp?)

Apple can try to create another OS for the phone in question, but you don't just design and write code, run it through a simulator, and throw it onto a production system (in this case, the terrorist's phone).  You write code, test the pieces, test the whole, test the installation on the hardware - which would in theory be another phone exactly like the production phone, right down to the hardware configuration and internal settings - but that doesn't exist.  So, the software really can't be too device-specific, or the only time it will be truly "tested" is when it gets installed on the terrorist's phone.  That is NOT the time you want to find out the OS doesn't work, or something important got overwritten, and now the data on the device is truly fooked...

Not accurate. Apple put themselves in this mess by being the only authorized certificate authority for these devices. So they do, in fact, have a magic key.

What the Gov wants to do, which Apple can not only do, but likely already has dev builds that do, is update the phone's firmware with a version that implements the security functionality differently. Essentially, this lets the Gov brute force the password on the phone. They have requested that Apple do this, with the resulting firmware update tied specifically to the phone itself, i.e. this isn't something that can be easily ported.

Apple is going to lose this one. First they will appeal, and argue that they "can't" do this. High school kids can take take the stand and explain that they can. Apple can then say that they "won't" resulting in an order from a judge to turn over their iOS source code. No one wants that.

This isn't a tech fight, and this isn't even a privacy fight, this is the richest company in the world fighting about money, and hoping the world forgets how their previous iCloud vulnerability exposed thousands of people's personal documents and photos. Tim Cook could give two shits about his customer's rights and privacy, as anyone who has ever read the EULA for iTunes, or looked at the sticker price fore an iPhone, would know.

This isn't a backdoor, it's a one off solution to a technical problem. Apple could have chosen to implement device encryption in a different manner, and prevented all of this, but then they would have had to quit counting their stacks of $100s for a few minutes.

Dumbest thing I have read in a good long while.

That this is even an issue proves beyond any shadow of a doubt that Apple does some fine device security.

The "issue" is that all current gen iPhones can be decrypted, by Apple. Apple does "proprietary" device security, not "fine" device security. They completely constrain how you use the device and what you can put on it in order to provide for "security" and their bottom line.

I actually know a little bit about encryption, since a good part of my job is digital security. Apple has misled all of their customers and just been caught with their pants down. Instead of rushing to fix things, they are rushing to court. There are plenty of encryption implementations that would have prevented this entire issue, but Apple didn't use them...

So wait a minute, educate an old guy out here because we seem to have come full circle on this issue within this very thread.................why should Apple make their phones so non owners/other people can decrypt them?

What do you mean by "Apple has been caught with their pants down"?

What is it you think they should have done with these phones encryption wise that they didn't do?

And, if you don't mind, consider the 4A ramifications?

Thanks for any info.

You're not paying attention.

Apple absolutely has the private keys that are required to upload software onto the phone.  The only reason the FBI is claiming they can't do it themselves is that they don't have that key.  

I know that Apple does not have the hardware key embedded in the AES chip, nor do they have the PIN.  If they build a piece of malicious software, *SIGN IT*, and upload it into the phone, then the FBI can (supposedly) run an automated cracker on the PIN and recover the PIN, which will allow them to unlock the phone, which decrypts private storage.

And this "KEY" is the same basically for all phones?

Already been done.

Zdziarski.

Strange that Apple unlocked the phones 70 times before

http://www.thedailybeast.com/articles/2016/02/17/apple-unlocked-iphones-for-the-feds-70-times-before.html

Maybe this time it's because it's a protected class?

Basically this.  Encryption is not proprietary to individual companies. They all use the same RSA algorithm that is open source.  And when I mean "they" I mean everybody banks, Wall Street, the government at all levels, military , small and big business.  

If one agency has the tools to decrypt at will, the agency literally having the keys to the kingdom.

It would only take one person to essentially bring our economy to a grinding halt and steal trillions of dollars.  The temptation is too great.  

Basically our whole economy rests on the RSA and if it can be cracked at will then it is worse than and Nuclear Bomb.

But, if I understand it correctly, only on older versions of the iphone, not the iphone 6. In the case of the 6, Apple could legitimately say, "we simply can't".

The "old" way encryption was handled on iPhones is when they were legally seized by LE, they would be mailed in to Apple, wait a few months, and Apple would decrypt them and then mail them back. This is because Apple also possessed a master encryption key.

Then the Fappening happened. Apple has for years insisted that its proprietary security was the best security (I'm a long time Mac user, 20+ years, but the only good security choices they ever made was basing the OS on Unix, and making full disk encryption easy to use). After the Fappening, people started to take a hard look at Apple's security, and Apple tightened a lot of things up, both on OS X, and on iOS. The biggest change to iOS was the encrypt by default, which they can easily get away with because the phones all come with solid state drives. Please note that Mac OS OX is not encrypt by default, because Apple still wants to charge you an insane amount extra for a solid state, and full disk encryption slows down older disk drives pretty bad.

With the new change, Apple argued that it couldn't unlock iPhones, because it didn't possess a master encryption key. This was only half true. As the court filings show, Apple could still push system updates on the firmware level, even to locked phones. So, Apple still possessed the ability to engineer its way into any of the phones, because they let the phone still trust signed Apple updates, even in a locked state. Apple has stated for better than a year that "even we can't get into these phones." The recent filing shows that isn't true, thus Cook's anger. Apple never wanted these filings public because they explicitely lay out the simple steps the Government needs to follow.

If you know anything about software development, you know that Apple likely already has a tool that does exactly this, because you build different systems for development and testing.

Anyway, it would be trivial for Apple to store personal data on a section of the phone that can only be unlocked by the user. I expect that this court order will drive them in that direction soon. That becomes a 4A issue, and a privacy issue, and a good conversation for American's to have.

Apple and privacy nuts are twisting the current issue to represent that, but its actually pretty straight forward. In the US, courts can command third parties to commit reasonable actions to facilitate lawful investigation. You can argue whether or not this court order is reasonable, but where Apple appears to have its pants down is that that "tool" they are being asked to write is pretty trivial, despite their previous protestations that it was impossible.

That simply isn't true. The hash is generated in part off of the passcode the user provides. Apple doesn't have some 'skeleton key', you know. Or apparently, don't know.

Your position is that if Apple just designed IOS with a backdoor for the government, this would be a non-issue. I contend that it is a fucktarded and ignorant position to have.

No, we're talking about past devices -- iPhone 5c and older.  The iPhone 5s and newer use a completely different security model.  

Thanks for the info!!

The last paragraph is contrary to what has been posted here and now I am back to square one.

That is the whole issue and if it is a one time thing that they could do with this specific phone I do not see the problem unless that trivial "tool" would now be available to the FBI and could be used on all their phones?

Why is Apple doing this?  

I am still a bit unclear on their objections and why they, for all intents and purposes, are lying if what you say is correct?

My above post should help explain this, but we're talking about two different types of keys.

iPhone 6 - encryption keys exist on phone only. Previous models Apple also maintained a key. These keys allowed you to access the contents of the phone, even if you didn't know the pin.

Apple is basically the only CERTIFICATE SIGNING AUTHORITY for its devices. So, you write software for an iPhone, it needs to be signed using Apple's key for the device to trust it. This is different than any encryption on the phone itself. Its kind of like if iTunes will only play MP3s you downloaded from the Apple store, and won't play any other types of MP3. The government is asking Apple to write software with this certificate key that changes the security parameters of the phone (software update), to better facilitate brute forcing it. They aren't asking them to do anything with the device encryption itself.

But Muh Privacy on my Chinese phone...wat about muh freedom...

Or you guys don't know the difference between the numbers '7' and '8'.

It's more complicated than that, but sort of.

Ok cowboy, I said nothing of the sort. I said if Apple encrypted the devices properly, this wouldn't be an issue. Apple has a "skeleton key" in the form of the ability to push out of bands software updates to locked phones. You're stuck on the device encryption key which has nothing to do with the current legal arguments. I get that this is a complicated topic, but you're clearly way out of your depth if you took anything I said as advocating for Apple to install a government backdoor.

Let me make it easier for you:
Ability to issue out of bands software updates with self signed certificates -> compelled to do the same by courts -> forced to unlock all current gen iPhones for which there is a proper court order -> much butt hurt on the Apple side who promised for years to all its customers that their $600 a year handset was secure.

Different kind of phone.  Different software.  Different security.

5s and newer, the Secure Enclave chip should prevent this capability.

So because you don't approve of their security methods they should be compelled to provide the government with a back door?

whoa...  

hold on.   This has nothing to do with any of that.  

Whole different ballgame here.  Nobody's talking about cracking RSA or AES.

I believe the only people caught with their pants down were the .gov agencies. The Patriot Act, the NSA surveillance, the "thorough" back ground checks on people immigrating into the country, these, along with all the other "protections" failed. We've been hit 3 times recently by islamist terrorist, Ft. Hood, Chattanooga, and now San Bernadino. All these "programs" didn't do a damn thing to stop these terrorist, so now they're scrambling to put the focus elsewhere.

And I'm fairly certain that however jihadi jimmi was communicating with other jihadis, it wasn't with his work phone for pete's sake. Remember them tossing their electronics in the lake?

Apples going to end up doing this because of all the statist whining and .gov fear mongering, and when they do the phone won't contain anything other than curry recipes and goat porn.

So if Apple complies..............then the FBI will now have this "KEY" or "procedure" to get the key for future unrelated purposes?

No.

No.

Apple has been talking about the 5s and newer with secure enclave.  Not the 5c and older.  The 5s is damn near three years old IIRC.

The Fappening had nothing to do with any of this.  

FDE runs just fine on spindle devices, it has for quite some  time.

The "tool" Apple is being asked to write is absolutely not "trivial", and we don't even know if it's actually possible.  It might be, it might not.  I doubt Apple has written anything like it or wants to write anything like it.

itunes plays any MP3.  

Apple has never maintained an encryption key for their devices.  Previous devices allowed Apple to unlock them.  The 5c may be vulnerable to having malicious software created by Apple loaded on it, but I'm not so sure that's the case -- Apple isn't saying it's impossible, which kind of surprises me.

Anything from the 5s and newer shouldn't be vulnerable to these kinds of attacks.

But you just said previously that Apple definitely does have the keys needed to upload firmware, etc., so are we talking about a trivial difference?

Ah, glad to see our resident statist chiming in.

They aren't lying, then just either don't understand (this is relatively complicated), or don't want to be educated. Most people here have only read the headlines, so they are arguing facts from the past year, whereby Apple has claimed it cannot access its current iOS devices, under any circumstances, despite any sort of legal process. This is because they no longer maintain a master encryption key. This meant that if you lose your pin you are SOL, and Government is similarly SOL.

People who work in the security industry have always known this was complete and utter bullshit. But in the intervening months, thousands of phones have been seized, and ignored by LE.

Then you have today, where the Government unexpectedly unseals its motion compelling Apple to participate. This is where the details are, this is where you understand why Cook is so upset. In order to access the iPhone, the government needs a very simple thing - Apple to sign a piece of software that changes the security implementation on the phone, so that it doesn't erase after 10 entries, and so that there is no delay between entry periods. This means brute forcing even a six digit pin in a matter of minutes. The problem for Apple, is that this isn't a back door, there are plenty of legal precedents for these types of court orders, and the request is pretty simple and straight forward. So simple and straight forward people will once again question Apple's ability to properly implement security, and it will be hard for them to argue that this is actually burdensome. So you get Cook going on and on about "Backdoor", but the reality is that all the Government actually needs is the certification key and they can do this on their own.

I get why Apple is choosing this for their stand, but I don't think the facts support them on this one. This has no bearing for the rest of our iPhones, at the moment, but this certainly will open the floodgates for seized iPhones to be unlocked. Apple will better implement its protocols, and we'll be back to having an actual 4A/encryption/backdoor argument.