Apple Can Unlock iOS 8 Without User Permission

According to statements made by Apple, devices running iOS 8 prevent Apple from extracting your private information (citation below). This unfortunately is not true is much as we'd like it to be.

The program that controls your passcode from being viewable by Apple is no different than the program that allows you to browse Internet pages. It can be updated. The program inside iOS 8 that does updates has root (administrative power). That means it can modify, replace, delete ANY software on your device. A simple request by the party that wants the information on your phone would simple replace the existing program that make the key inaccessible with a code that makes it accessible.

The recent claims of the FBI saying this is travesty seems to be either buffoons that don't understand their technology or a charade creating a sense of false security.

As far as Apple goes, this is a total embarassment to programmers who see right through your false claims of security.

Apple will see their sells decline to goverments by propagating a false sense of security, instead of making the phones truley resistant against privacy attacks.

The true solution lies in a second motherboard added to the device that boots a tiny read only os live that runs only the app meant to communicate with the internet. A standalone packet encryption card would take the data and send it to a network card. A preshared key would ensure no middle man attacks. The separated security motherboard stops all sniffing from the main motherboard. No other apps loaded in the mini live os give it the running app a true hardware sandbox, not just a vunerable software one. The live os would need international security audits, meaning if multiple goverments use it, then your have the highest level of security. If only the American gov uses it, it's not. The live os could firewall all connections an app trys to make to the internet, asking for permission first, stopping malicious apps from leaking from peer to peer encrypted communication. Banking would finally become safe online. Anyway, Apple is far from protecting their users.

source: http://www.washingtonpost.com/busin...12af58-3ed2-11e4-b03f-de718edeb92f_story.html

 

The US Goverment can force Apple to covertly sign the replacement, therefore creating a false sense of security with present claims.

The US Goverment legally is allowed to covertly create backdoors in any American comminucation product. This backdoor could easily usurp any signing process and Apple would be forbidden by law to speak of it. Read about NDAA if you think talking would be a smart idea, because such a backdoor is targeted at terrorists and if you interfere with terrorist investigations (which require no proof) you aid and abed them and NDAA says you can disappear without trial.

It would be better for Apple to actually make it truely impossible, which requires a hardware solution For example, the passcode program would run on it's own mini-motherboard being it's own root. The passcode device would only encrypt and decrypt and could not be sent commands by the motherboard of the phone (impossible to update). As long as there is a root program that overpowers the passcode program, no one is safe.

In light of the real dangers of spyware, privacy is obviously becoming more and more important to international governments and consumers. America needs more exports to slow down debt. Govermentally forced insecure products will increase our debt by destroying potential sales.

I want to see a real Fourth Ammendment Privacy Checkmate with Apple's products. When Apple does that I offer you this tv ad:

Fade In.

Angled in on a chess board with black and white pieces on a black and white checkered board. White knight moves into checkmate on black king.

Fade out.

Black Screen in White Font:
To be owned,
or not to be owned.
That is the question.

Fade Out.

Fade In.

Now we see a the new iPhone that can't have a signed key by Apple that replaces the passcode program with a governemnt spyware one, because you realize it's not a software solution, it's a hardware solution!

Apple has failed to accomplish the security they claim they now have in protecting users phones. To get a better product, we must call them out on this one.

 

Assuming there is no backdoor, the passcode program could not be replaced without putting in your passcode. My point is that Apple could be forced to replace it covertly during a update, after you've put in your passcode.

While you are up and running, root will always be a threat because root usurps anything and if don't know the exploit planted, you are owned.

One solution: The passcode program runs on it's own separate hardware, aka an encryption card. It will handle all encryption and decryption hiding it from iOS 8 root. This should be a tiny pluggable usb device allowing users to throw out the goverment spyware encryption cards. Non-American manufacturers who know security and privacy will drive their sells. Even in the case of covertly forced backdoor in iOS 8, the card would destory it's effectiveness.

Checkmate government spooks!

 

Internalltionally audited encryption cards that are approved by goverments would have the highest level of trust. They are the simplest thing to audit. They just encypt/decrypt. That's all they need to do. Try auditing iOS 8. It would take years and by the end of the audit it would be obsolete and the new version would exist.

The turtle stacks ends with a international audit of something an Arduino 101 student could accomplish as their term project. When you know Germany uses it, Russia uses it, China uses it, well, we're done here...

 

You are talking about software rules. Software rules can be covertly change when the password is entered, becuase goverment can own your root due to their authority. To really be safe with the present situation: (1) you have to assume no privacy breaches exist. (2) And never enter your passcode for an update. I wouldn't call that security.

Passcode software solutions asks the user to trust they are protected.

Hardware solutions ensure the users knows they are protected. The OS would not have access to the devices key! The OS ask for a partion table from the encryption card. The OS could then ask for any file. The encryption card decrypts the file before it arrives to the OS. The OS has no direct connection to the drive, it cannot see the encrypted files and therefore could not try brute force attacks by comparing the result of encrypted files.

----------

Sir, an insult is not a valid argument. It just an indication of your laziness to make a proper argument.

If you have something intelligent to add, let's hear your argument on how root having control of the passcode process (iOS 8 and all existing operating systems) is better than...

a hardware device that controls the passcode process and that hides the encryption from root.

Hardware vs. Software.

Let me give you a hint, the hard science wins.

 

You're missing the point just like the others. You are assuming the changes are being made without permission. The changes would be made covertly after you enter the passcode. Apple could not tell you this was being done by law. Again, the encryption cannot be done in the OS, that's threat. A separate device uncontrolled by the OS would take that exploit of the goverment away.

The same mistake is made by those who trust the https, ssl. They brag about the mathematics of the encryption, but encryption is not weakest link, it's how it's used. The handshake makes it owneable by the middle man. Same in this situation. The best encryption is useless if root can covertly change your passcode security through goverment order, leaving an exploit that the highest bidder or best hackers can use as a backdoor to your phone as well.

 

Apple is does not have authority over govement, government has authority over Apple. So, you are wrong. Goverment can tell Apple to shut up and they will follow orders. That means you don't get to talk about a back door. It's publically made obvioius in legislation, Ok?

Yes, an update can be made for a single user, because a single user can make an update. The concept of spoofing is not new and applies to updates and key signing.

Apple has no separate encryption card, so you're wrong. My hardware solution is nothing like Apples. Apples solution is owned by root. My solution is not owned by root and the update process.

Let me offer another slogan?

Fade In

Black Background, White Letters:
Is your encryption owned by root?
Fade to black.

Fade in.
Then your owned.

Fade out.

Fade in.

The internationally audited encryption card spinning in darkness with the cool reflective shiny surface.

Fade out.

Black Background, White Letters:

Don't Be Owned.