Apple Used DMCA Takedown to Temporarily Remove Tweet With iPhone Encryption Key

[shplock]

It doesn't. Jesus, I hope they correct this article. It isn't a Secure Enclave or whatever encryption key. It's the key to decrypt an iOS Secure Enclave Firmware File so security researchers can decompile it and find bugs and report them. This in NO way affected user privacy.

Do you really think that security researchers, who want to improve product security, would tweet a master decryption key to everyone's data?


I love simple Google searches.
There is no copyright on algorithms. ... There are some cryptographic algorithms which are patented, but most are not and some used to be patented (but patents ultimately expire)
https://arstechnica.com/civis/viewtopic.php?f=20&t=1123453

You assume that all hackers are security researchers and no such thing as black hat hackers right?
You also think that this hacker is a security researcher and not a person who just wants their fame on the net to feed their ego for a moment.
No excise for posting any code like this at all and with respect you are not an expert in this field and neither am I so w ehav Eno way of knowing if it is the secure enclave or the code to the vault at Coca Cola no matter what a bizarre and random google site claims.
[automerge]1576110163[/automerge]

At worst a jailbreak makes it so you have to restore the device in iTunes. It's pretty hard to actually brick an iOS device from just jailbreaking it.

Wrong, it has and does happen a lot and there is more to it than simply 'unlocking' your device. It comes as no good to anyone.
Only leads to disaster at some point.
[automerge]1576110254[/automerge]

The key can’t be copyrighted. That guy posts a lot of bad information.
[automerge]1576104038[/automerge]

First off, he’s not a dimwit.

If he can get the key, then it is safe to assume others have it also. It is better to make it public and force Apple to do something versus letting people think it is secure.

If he does this then with respect he is a dim whit and secondly you are then ok with your ATM pin being posted and made public so that forces you to improve your security at your bank right?
Please give me your card details and pin etc.
Many thanks

 

[Analog Kid]

Jailbreaking is one of the dumbest things a human can do aside from playing golf in a lightning storm and hopping the fence to pet a tiger at the zoo.

While I don’t completely agree with your view, I admire the intensity of it...

now I want to hear the story about Asia and Sicilians

Yes, yes you do.

 

[Swift]

DMCA takedown requests have real abuse potential. It's a problematic system to say the least.

So what is the usefulness of posting that tweet? Or the fun? If somebody actually manages to crack the Secure Enclave, cui bono, as the Romans said. Who benefits?

 

[centauratlas]

And this is an example of why no one except the owner should possess the private keys for anything. e.g. iCloud etc.

While this appears to be the firmware encryption key for the secure enclave processor on 13.4b4 (per twitter's discussion), it is an example showing why no matter how good (or bad) the motives, eventually private keys to anything will leak if they are shared. Any mandated backdoor will eventually leak and everyone's data will be compromised, not just one person's.

Anything secured by a common private key is a disaster waiting to happen.

 

[confessJason]

Jailbreaking is one thing, but trying to crack open the secure enclave is a whole other. That's where your biometric data is stored, and there's absolutely no good that can come from that.

No, no, you have it all wrong. These are humanitarian efforts to help Apple strengthen their encryption. Apple has obviously weak security. These hackers should be commended.

 

[macfacts]

There's zero good that can come from compromising the Secure Enclave that I can see.

It will now shut up those that think apples products are secure.

 

[PickUrPoison]

"i like my devices jailbroken" is the new "i'm vegan"

It actually reminds me of something I liked to say when I was seven or eight, being babysat by my 14 year old sister: “you’re not the boss of me”!!!

 

[fairuz]

they see Apple's actions as an attempt to stifle the jailbreaking community

Well yeah. Nobody has given a crap since 2010.
[automerge]1576113626[/automerge]

there are 2 ways to tackle this:
a) sue everyone that expose this
b) get your **** together and make a more secure system!

The fact that Apple is against backdoor etc. means that Apple wants super secure system. The fact that this guy was able to discover and issue he should be able to claim bounty program reward and Apple should make the devices stronger and more secure. Its all about attitude.

Talking marketing crap vs doing real thing are two different things.

On that topic, I would rather have iOS releases when they are truly ready instead of doing one every year and take 6 months or so to fix all the bugs and issues.

It's hardware security, so it'll be cat-and-mouse no matter what you do. Security through obscurity is provably the only way to deal with this sort of thing. That's what the secure enclave is. Publishing secret keys without giving Apple advance notice is just criminal.
[automerge]1576114003[/automerge]

If he’s got it, then the toothpaste is out of the tube. If it’s crackable, and this guy didn’t crack it, it would just be a matter of time before someone did. Better for the world to know it’s been cracked than to continue in blissful ignorance.

If it leaked from within Apple, then some one is in deep 💩.

My guess is Apple took it down for a few days to slow down its dissemination while they try to get ahead of the problem.

The standard protocol for this is tell Apple first. They might even give you money. If they don't do anything, then you go public.

 

[sdf]

The keys cannot be copyrighted, since they contain no original or creative work. It'd be like trying to copyright 2+2=4.

It's 48 8-bit characters.

 

[1146331]

The keys are not copyrightable since they have no creative expression, but the DMCA contains also anti-circumvention provisions which potentially covers them.

The problem is, these anti-circumvention provision can only be enforced by a court issuing a restraining order, not through a DMCA takedown notice. That's the reason I believe Apple is actually abusing the system.

Said that, Streisand effect is already in full force...

Southpark really emphasized the Streisand effect.

 

[Lalatoon]

So there is a one key that can reverse engineer all T2 chips out there? Is it not a poor a poor design for a secure enclave having this kind of master key. Basically that can be consider as a backdoor.

 

[macfacts]

You assume that all hackers are security researchers and no such thing as black hat hackers right?
You also think that this hacker is a security researcher and not a person who just wants their fame on the net to feed their ego for a moment.
No excise for posting any code like this at all and with respect you are not an expert in this field and neither am I so w ehav Eno way of knowing if it is the secure enclave or the code to the vault at Coca Cola no matter what a bizarre and random google site claims.
[automerge]1576110163[/automerge]


Wrong, it has and does happen a lot and there is more to it than simply 'unlocking' your device. It comes as no good to anyone.
Only leads to disaster at some point.
[automerge]1576110254[/automerge]


If he does this then with respect he is a dim whit and secondly you are then ok with your ATM pin being posted and made public so that forces you to improve your security at your bank right?
Please give me your card details and pin etc.
Many thanks

Not even the same thing. This is more like some guy releasing the blueprints to the ATM. If it was designed properly, then no problem.

 

[Glockworkorange]

Jailbreaking is one of the dumbest things a human can do aside from playing golf in a lightning storm and hopping the fence to pet a tiger at the zoo.

It’s not really necessary anymore. I could see the arguments for it 10 years ago, but now?

 

[davidg4781]

I will keep my iPad jailbroken (with checkra1n) no matter what kind of crap Apple tries to do against it. Jailbreaking = freedom to do what i want with my device.

This is a serious question that local people can never really answer. What is it you want to do with your device that you can’t if it’s not jail broken?

 

[SystemHasFailed]

"i like my devices jailbroken"

Emphasis on the "broken" part...

 

[ersan191]

They also DMCA’d a bunch of posts on /r/jailbreak

 

[pika2000]

This is a serious question that local people can never really answer. What is it you want to do with your device that you can’t if it’s not jail broken?

Pirate apps and download torrents.

I mean it would be silly risking security just to get trivial things like different icons or animated wallpaper, right? /s

 

[v0lume4]

"i like my devices jailbroken" is the new "i'm vegan"

The easiest way to find the vegan is -- they'll tell you. 😁

 

[Kabeyun]

You’re confusing confusing with conflating... I know, it’s confusing.

Lol, sorry... I couldn’t resist! =)

No. I know precisely what “conflating” means, and it is precisely the word I meant to use.

 

[supergt]

This is a serious question that local people can never really answer. What is it you want to do with your device that you can’t if it’s not jail broken?

Far more than you would imagine. You can turbocharge your iPhone including quick animations, faster opening of apps, and better performance on the home screen. My personal favorite is ability to downgrade apps, no YouTube ads, changing the app splash screen to black, no silly swipe to unlock, and battery percent instead of an icon. And up until iOS13 it was the only way to get dark mode, unobtrusive volume hud, and better control center functionality. You can thank the jailbreak scene for the improvements Apple makes painfully slowly via each yearly iOS iteration. The truth is a lot of the innovation Apple claims as their own happens by developers working behind the scenes on a jailbreak.

 

[Peepo]

Apple better watch cuz then people will start making T-Shirts, then it's all over for em!

 

[tennisproha]

Why would apple retract it? I want apple to crack down on this. There’s no reason anyone should be broadcasting a security risk.

 

[MRSooner]

Jailbreaking is one of the dumbest things a human can do aside from playing golf in a lightning storm and hopping the fence to pet a tiger at the zoo.

saw this today:

 

[Grey Area]

You absolutely own the device - And you're agreeing to the EULA which states you cannot modify it (software, NOT hardware) at all.

Not sure about the US, but in the EU it is common that a EULA would have to be presented to the customer before the purchase to be legally binding. My Apple store did not hand me a stack of papers beforehand, nor was the EULA printed on the box, so me clicking "agree" on the EULA after purchase means nothing.

(Note that this usually only applies to the EULAs of the product itself - downloading additional software or using additional services may involve binding EULAs, which can lead to grey areas when important system updates or cloud services come with their own agreements. Though even then there are contract laws and consumer rights voiding unreasonable EULA clauses.)

 

[subjonas]

So what does this mean? Secure Enclave is one step closer to being compromised, possibly already? Is there anything Apple can do to remedy this?