The thing about the issue is that Apple can't open the phone. Any well-encrypted device released in the past few years has been designed in such a manner where even the original manufacturer is incapable of breaking its own encryption.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Donald Trump Calls on Apple to 'Step Up to the Plate' and Unlock iPhones Used by Florida Mass Shooter
- Thread starter MacRumors
- Start date
- Sort by reaction score
The thing about the issue is that Apple can't open the phone. Any well-encrypted device released in the past few years has been designed in such a manner where even the original manufacturer is incapable of breaking its own encryption.
Easy this is opt-in and it encrypts your passcode with your iCloud password thus allowing you to unlock with your iCloud password.
Apple isn't privy to your passcode in this instance though, it's still protected by your password which they do not store in plain text.
My question/point is you can't access the 'forgot password' from a locked iPhone screen. You need the passcode before you can get to that point.
Violent criminals have given up their rights when they decided to become violent criminals
I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies
As for dangerous precedents set to move the goal post on what's acceptable in terms of 'privacy violations' -- we are long past that inflection point, with the discovery of NSA dragnet spying on every single law abiding citizen, just cuz, and the Patriot Act playing into the fears of 9/11, and all the rest of it.
Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.
Gotta love predictability of responses. Makes me feel... omniscient... or something
--
I always think - what absolute mental hell it must be to always find ways to justify otherwise totally outrageous things just to not give Cheetoh an ounce of credit for having his heart in the right place like it makes any difference. You guys have given yourselves another full-time job, only it doesn't pay emotionally or otherwise and there are no benefits
I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies
As for dangerous precedents set to move the goal post on what's acceptable in terms of 'privacy violations' -- we are long past that inflection point, with the discovery of NSA dragnet spying on every single law abiding citizen, just cuz, and the Patriot Act playing into the fears of 9/11, and all the rest of it.
Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.
Gotta love predictability of responses. Makes me feel... omniscient... or something
--
I always think - what absolute mental hell it must be to always find ways to justify otherwise totally outrageous things just to not give Cheetoh an ounce of credit for having his heart in the right place like it makes any difference. You guys have given yourselves another full-time job, only it doesn't pay emotionally or otherwise and there are no benefits
Last edited:
I forget which version of iOS Apple upgraded it's security practices in but basically once a device is locked on modern versions of iOS there is no way for Apple or anyone else to touch it without the passcode.
That includes doing a "software" update that removes the passcode or bypasses the passcode protection. The firmware has to be hacked to allow custom firmware to be installed without unlocking the device first.
Furthermore nearly all data on iPhone is encrypted at rest, and that encryption key is also derived from the passcode, without the passcode getting inside the phone still provides very little value.
The only thing that Apple could do in the past (and has since been fixed) was do a custom version of the software that removed the limit of passcode tries so law enforcement could brute force unlock it (which with 4 digit passcodes takes surprisingly little time with a specially made device).
[automerge]1579063788[/automerge]
I agree violent criminals give up their rights and Apple has and will continue to provide as much info to law enforcement they legally can / are required to by law.
The law however does not say Apple *must* include a backdoor in iOS so law enforcement can spy on any citizen it wishes at the whim of a judge's subpoena and it also does not say that Apple can be compelled to force it's engineers to create a custom version of the OS to try and subvert the protections it provides currently.
Until the law changes Trump and everyone else can get f*cked. And changing the law to allow that would be a serious detriment to everyone as the harm it would allow via malicious actors far outweighs the small benefit of getting into a very small number of devices to prevent further crimes.
That includes doing a "software" update that removes the passcode or bypasses the passcode protection. The firmware has to be hacked to allow custom firmware to be installed without unlocking the device first.
Furthermore nearly all data on iPhone is encrypted at rest, and that encryption key is also derived from the passcode, without the passcode getting inside the phone still provides very little value.
The only thing that Apple could do in the past (and has since been fixed) was do a custom version of the software that removed the limit of passcode tries so law enforcement could brute force unlock it (which with 4 digit passcodes takes surprisingly little time with a specially made device).
[automerge]1579063788[/automerge]
I agree violent criminals give up their rights and Apple has and will continue to provide as much info to law enforcement they legally can / are required to by law.
The law however does not say Apple *must* include a backdoor in iOS so law enforcement can spy on any citizen it wishes at the whim of a judge's subpoena and it also does not say that Apple can be compelled to force it's engineers to create a custom version of the OS to try and subvert the protections it provides currently.
Until the law changes Trump and everyone else can get f*cked. And changing the law to allow that would be a serious detriment to everyone as the harm it would allow via malicious actors far outweighs the small benefit of getting into a very small number of devices to prevent further crimes.
Trump tries so hard to look like this big macho guy that it just ends up looking childish instead
Is he a criminal if he hasn’t been convicted of a crime though? |
That's irrelevant to the DOJ issue. The DOJ's issue is that certain communication apps (WhatsApp in particular) used by the shooter do their own data encryption. So it doesn't matter if they have access to that data via iCloud-- it's encrypted. You can copy it to another phone, but you better be able to also supply the decryption key used by WhatsApp, which is derived from the iPhone key.
[automerge]1579064647[/automerge]
Your post is totally off the deep end, starting with the opening senrence. NOBODY that I have read here, prior to your post has said anything to do with the rights of the shooter. As far as predictable is concerned: I guess it is predictable that someone would post a narcissistic rant based on some bug in his own head that no one else has been talking about. Personally I don't find fighting with strawmen all that satisfying, but to each his own.
Last edited:
Awesome real conversation / debate! I welcome it.
I should preface by I am no expert, and I presume most if not everyone I'm talking to here isn't either but that's not to dilute my convictions of the matter - My understanding is these devices could already be cracked open with Cellbrite, etc. if in the hands of authorities, and they really are just wanting the records of these violent criminals without resistance and protection from Apple (since you know a phone is a gateway into someone's entire life, being so dependent on it) not to explicitly roll out iOS backdoors on a red carpet, though some interested parties would be salivating over the notion.
Also imo, its naive to assume three letter agencies don't already have backdoors of their own discovery. N Nerdy hackers sit on 0days, Apple is immune from the dragnets of NSA?
It's a matter of where Tim Apple stands ideologically on the issue, and he seems to side with criminals.
You don't think iOS 13, or any iOS/macOS is a leaky ship? I like their products, but we are talking about consumer level end point devices by the end of the day
Tim Cook sides with criminals (though this guy is a suspect, not a criminal) because he refuses to compromise the privacy of every iPhone owner?
No it doesn't work that way. What you know is old information that no longer works for years.
Apple can't magically bypass the passcode because everything is locked inside an isolated Secure Enclave, including the decryption key of flash storage. Without that key every single bit of data on iOS devices is inaccessible because they're all encrypted before writing onto the flash memory.
Before SE, Apple is capable to make a modified version of firmware, signing with their master certificate, and upload to the target phone via DFU. In the modified version of firmware they can lift the error limiting that auto wipe data after certain errors, thus make the brute force applicable. And that's exactly what FBI asked for in San Bernardino case. Due to very obvious reason, Apple was unwilling to do that.
But things changed after SE. Now everything regarding to security must first go though SE, including passcode verification. DFU firmware update is no longer valid since all your data is inaccessible until SE says yes, and SE can easily wipe out everything, simply by erasing the decryption key stored in it. And SE is booting separately from the main system: it has its own memory storage and running its own kernel. Every encryption and decryption of the main flash storage is solely done in SE that even the main processor doesn't know what the decryption key is.
It's just plain impossible to have a "explicit code" now.
P.S. It also worth noting that the "2017 Secure Enclave Hacking" incident is a fake news. The hackers just extracted the firmware and tried to decrypt a partial of it. They didn't even figure out how it really works, let along finding a way to access decryption key.
No Cellebrite did not find any "backdoor" but exploit the hardware structure of old iPhone 5C. They made a device that cut off signals when the passcode is incorrect and force shutdown the machine, before the error input counts accumulate. Without the auto wipe limitation, you just need to try 10,000 times to get it unlocked and it takes just few hours to do so.
Any iPhone after 5C is not applicable for this method, not to mention the iOS devices with SE.
Something needs to be clarified.
End-to-end encryption means that data is encrypted and decrypted on the device end before they're sending to the cloud or after they're downloaded from the cloud, and the key will not be submitted to the server side. In Apple systems this key is generated from the hardware unique ID combined with your local user account info (such as passcode), and that's why you need to set up two factor authentication, because the original device that encrypted these message must pass the key onto the device you're logging in via another PK-based end-to-end channel that just constructed when Apple pushes verification code to these devices.
It also means that only Apple device is capable to decrypt these data, not any arbitrary web browser. As a result, data that can be accessed outside of Apple device, i.e. everything on iCloud.com web interface, are **NOT** encrypted using end-to-end. So far as we know, only a part of highly sensitive data are encrypted by end-to-end, including Health, Keychain, payment, and Siri. Anything else, including device backup, are **NOT** encrypted using end-to-end but a standard AES symmetry master key.
With or without two factor authentication, Apple CAN recover the backup onto a new device, and will submit to the law, as they did in both San Bernardino and this case.
He is right. iMessage is end-to-end encrypted ONLY during transmission that Apple can't intercept. All the iMessage conversation **DATA** stored on your device is not. It's handled in the same way as other data on your iOS device. And you CAN recovery your iMessage from backups.
However, the newly received messages that is not yet included in the last backup, like the ones in San Bernardino case that FBI accidentally bricked the phone before they reaching Apple, can not be recovered, of course.
Last edited:
Stricter gun control has literally been proven to work, all around the world.
Not allowing a non resident to get a gun licence for “hunting” and then use said licence to legally buy a semi automatic firearm would have reduced the potential for this particular attack. How many gun attacks do you see with bolt action rifles - you know, the sort of thing people actually hunt with?
The tsa master key fiasco is a pretty good example of why “a key just the good guys can use” (which presupposes the tsa are “good guys”, but that’s a different discussion) is a fantasy idea spouted as reality by those in power who yearn for more.
Well I’m convinced this administration isn’t asking for backdoor exploit handouts they literally just want all the guys records , and Tim being a globalist is more on board with this recurring trend from one political party of catch and release criminals back into society. Open borders, and ideological pats on the back along the whole journey. It’s all so perfect
And only harms every day citizens but not at all coveted elites who don’t have to worry about their own security or finances being on another planet proverbially speaking, protected and unaffected while the world turns to hell
Why bother having law and justice at all if these guys can rinse and repeat what they’re doing and powers that be turn a blind eye and borderline are encouraging this kinda behavior
But I’m done now; at least with you
Last edited:
...hoo boy.You also don’t believe in rehabilitation for people convicted of crimes?
You can’t get the guys records without exploiting something.
I get it, you’re libertarian.
Defending a mass shooter, and claiming they’re a suspect not a criminal is a bad look. But you do you homie
You’re not a criminal until you’re convicted of a crime.
Where am I defending a mass shooter?
Being a criminal is a statement of fact, not a subjective label.
Just tell him it would allow people to see his tax returns, that will shut humpty dumbty trumptyup.
Problem is if Apple left a loop hole that allows them to get in, then someone else can figure it out. The whole point of encryption is to protect the data, and leaving a backdoor completely defeats that purpose.
All this despite the fact that the phones in question are totally already compromised -- so the government obviously is just trying to use this incident as a way to exert pressure on Apple to break their encryption. If it was about the investigation, they could just go the route they went with the San Bernadino phone. As the WSJ reported yesterday: