Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Unlocking the phone of a criminal in a "one off" situation...I agree.
But don't show the FBI how to do it.
Do it for them and let them look.
Telling them how to do it = slippery slope.

The thing about the issue is that Apple can't open the phone. Any well-encrypted device released in the past few years has been designed in such a manner where even the original manufacturer is incapable of breaking its own encryption.
 
No. As a new phone owner, I can't just pick and choose whichever backup I want. I need my login information to restore my backup from the cloud to a new device. If they had the login information to allow them to restore to a new device, then they wouldn't need the cloud at all since they would already have access to the original phone. If it was as easy as you're implying, we wouldn't be having this conversation as the government would have had what they wanted ages ago.

How do you unlock an iPhone with an iCloud password?
 
  • Like
Reactions: 26139
How do you unlock an iPhone with an iCloud password?

Easy this is opt-in and it encrypts your passcode with your iCloud password thus allowing you to unlock with your iCloud password.

Apple isn't privy to your passcode in this instance though, it's still protected by your password which they do not store in plain text.
 
Easy this is opt-in and it encrypts your passcode with your iCloud password thus allowing you to unlock with your iCloud password.

Apple isn't privy to your passcode in this instance though, it's still protected by your password which they do not store in plain text.

My question/point is you can't access the 'forgot password' from a locked iPhone screen. You need the passcode before you can get to that point.
 
  • Like
Reactions: 26139
Violent criminals have given up their rights when they decided to become violent criminals

I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies

As for dangerous precedents set to move the goal post on what's acceptable in terms of 'privacy violations' -- we are long past that inflection point, with the discovery of NSA dragnet spying on every single law abiding citizen, just cuz, and the Patriot Act playing into the fears of 9/11, and all the rest of it.

Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.

Gotta love predictability of responses. Makes me feel... omniscient... or something

--

I always think - what absolute mental hell it must be to always find ways to justify otherwise totally outrageous things just to not give Cheetoh an ounce of credit for having his heart in the right place like it makes any difference. You guys have given yourselves another full-time job, only it doesn't pay emotionally or otherwise and there are no benefits
 
Last edited:
I forget which version of iOS Apple upgraded it's security practices in but basically once a device is locked on modern versions of iOS there is no way for Apple or anyone else to touch it without the passcode.

That includes doing a "software" update that removes the passcode or bypasses the passcode protection. The firmware has to be hacked to allow custom firmware to be installed without unlocking the device first.

Furthermore nearly all data on iPhone is encrypted at rest, and that encryption key is also derived from the passcode, without the passcode getting inside the phone still provides very little value.

The only thing that Apple could do in the past (and has since been fixed) was do a custom version of the software that removed the limit of passcode tries so law enforcement could brute force unlock it (which with 4 digit passcodes takes surprisingly little time with a specially made device).
[automerge]1579063788[/automerge]
Violent criminals have given up their rights when they decided to become violent criminals

I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies

Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.

Gotta love predictability of responses. Makes me feel... omniscient... or something

I agree violent criminals give up their rights and Apple has and will continue to provide as much info to law enforcement they legally can / are required to by law.

The law however does not say Apple *must* include a backdoor in iOS so law enforcement can spy on any citizen it wishes at the whim of a judge's subpoena and it also does not say that Apple can be compelled to force it's engineers to create a custom version of the OS to try and subvert the protections it provides currently.

Until the law changes Trump and everyone else can get f*cked. And changing the law to allow that would be a serious detriment to everyone as the harm it would allow via malicious actors far outweighs the small benefit of getting into a very small number of devices to prevent further crimes.
 
  • Like
Reactions: CarlJ
Violent criminals have given up their rights when they decided to become violent criminals

I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies

As for dangerous precedents set to move the goal post on what's acceptable in terms of 'privacy violations' -- we are long past that inflection point, with the discovery of NSA dragnet spying on every single law abiding citizen, just cuz, and the Patriot Act playing into the fears of 9/11, and all the rest of it.

Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.

Gotta love predictability of responses. Makes me feel... omniscient... or something

--

I always think - what absolute mental hell it must be to always find ways to justify otherwise totally outrageous things just to not give Cheetoh an ounce of credit for having his heart in the right place like it makes any difference. You guys have given yourselves another full-time job, only it doesn't pay emotionally or otherwise and there are no benefits
Is he a criminal if he hasn’t been convicted of a crime though?
 
  • Like
Reactions: IG88
I'm implying that the phone itself may not need to be unlocked. If you can verify the backup is of a particular iPhone you can use that backup to restore to another iPhone at which point you have a copy of the original phone.

An iCloud backup, unless exemptions were set, is a full representation of an iPhone at a particular point in time. You can do a backup yourself, destroy the original iPhone and then restore it to another iPhone yourself can you not?

One one can do with that and whether it would be legally usable is another matter.

That's irrelevant to the DOJ issue. The DOJ's issue is that certain communication apps (WhatsApp in particular) used by the shooter do their own data encryption. So it doesn't matter if they have access to that data via iCloud-- it's encrypted. You can copy it to another phone, but you better be able to also supply the decryption key used by WhatsApp, which is derived from the iPhone key.
[automerge]1579064647[/automerge]
Violent criminals have given up their rights when they decided to become violent criminals

I hardly see how 'the right to privacy' or 'orange man bad' is a defensible stance on this one, but alas, I'm sure I'll see things fly off the rails in no time with replies

As for dangerous precedents set to move the goal post on what's acceptable in terms of 'privacy violations' -- we are long past that inflection point, with the discovery of NSA dragnet spying on every single law abiding citizen, just cuz, and the Patriot Act playing into the fears of 9/11, and all the rest of it.

Fwiw, I would maintain the same exact stance when Cook raised a stint about Obama wanting the lid blown open on the San Bernardino terrorist and all info surrounding that.

Gotta love predictability of responses. Makes me feel... omniscient... or something

--

I always think - what absolute mental hell it must be to always find ways to justify otherwise totally outrageous things just to not give Cheetoh an ounce of credit for having his heart in the right place like it makes any difference. You guys have given yourselves another full-time job, only it doesn't pay emotionally or otherwise and there are no benefits

Your post is totally off the deep end, starting with the opening senrence. NOBODY that I have read here, prior to your post has said anything to do with the rights of the shooter. As far as predictable is concerned: I guess it is predictable that someone would post a narcissistic rant based on some bug in his own head that no one else has been talking about. Personally I don't find fighting with strawmen all that satisfying, but to each his own.
 
Last edited:
The law however does not say Apple *must* include a backdoor in iOS so law enforcement can spy on any citizen it wishes at the whim of a judge's subpoena and it also does not say that Apple can be compelled to force it's engineers to create a custom version of the OS to try and subvert the protections it provides currently.

Awesome real conversation / debate! I welcome it.

I should preface by I am no expert, and I presume most if not everyone I'm talking to here isn't either but that's not to dilute my convictions of the matter - My understanding is these devices could already be cracked open with Cellbrite, etc. if in the hands of authorities, and they really are just wanting the records of these violent criminals without resistance and protection from Apple (since you know a phone is a gateway into someone's entire life, being so dependent on it) not to explicitly roll out iOS backdoors on a red carpet, though some interested parties would be salivating over the notion.

Also imo, its naive to assume three letter agencies don't already have backdoors of their own discovery. N Nerdy hackers sit on 0days, Apple is immune from the dragnets of NSA?

It's a matter of where Tim Apple stands ideologically on the issue, and he seems to side with criminals.

You don't think iOS 13, or any iOS/macOS is a leaky ship? I like their products, but we are talking about consumer level end point devices by the end of the day
 
Awesome real conversation / debate! I welcome it.

I should preface by I am no expert, and I presume most if not everyone I'm talking to here isn't either but that's not to dilute my convictions of the matter - My understanding is these devices could already be cracked open with Cellbrite, etc. if in the hands of authorities, and they really are just wanting the records of these violent criminals without resistance and protection from Apple (since you know a phone is a gateway into someone's entire life, being so dependent on it) not to explicitly roll out iOS backdoors on a red carpet, though some interested parties would be salivating over the notion.

Also imo, its naive to assume three letter agencies don't already have backdoors of their own discovery. N Nerdy hackers sit on 0days, Apple is immune from the dragnets of NSA?

It's a matter of where Tim Apple stands ideologically on the issue, and he seems to side with criminals.

You don't think iOS 13, or any iOS/macOS is a leaky ship? I like their products, but we are talking about consumer level end point devices by the end of the day

Tim Cook sides with criminals (though this guy is a suspect, not a criminal) because he refuses to compromise the privacy of every iPhone owner?
 
  • Like
Reactions: Chidi
There aren’t. That is literally what Apple has been defending for years. Just because you have somehow convinced yourself that Apple doesn’t do this based on literally zero evidence except your Apple bias doesn’t make it a reality.
[automerge]1579047871[/automerge]

Thank you Tim. And the "ostrich with head in hole" award goes to....
 
You're believing that there's some magic cryptography that guarantees that you can only try 10 pins. There isn't. There's explicit code that Apple wrote that can be bypassed by Apple. In fact, this code has been changed by Apple during regular iOS updates, e.g. when they added the feature to require a PIN once a week.

No it doesn't work that way. What you know is old information that no longer works for years.

Apple can't magically bypass the passcode because everything is locked inside an isolated Secure Enclave, including the decryption key of flash storage. Without that key every single bit of data on iOS devices is inaccessible because they're all encrypted before writing onto the flash memory.

Before SE, Apple is capable to make a modified version of firmware, signing with their master certificate, and upload to the target phone via DFU. In the modified version of firmware they can lift the error limiting that auto wipe data after certain errors, thus make the brute force applicable. And that's exactly what FBI asked for in San Bernardino case. Due to very obvious reason, Apple was unwilling to do that.

But things changed after SE. Now everything regarding to security must first go though SE, including passcode verification. DFU firmware update is no longer valid since all your data is inaccessible until SE says yes, and SE can easily wipe out everything, simply by erasing the decryption key stored in it. And SE is booting separately from the main system: it has its own memory storage and running its own kernel. Every encryption and decryption of the main flash storage is solely done in SE that even the main processor doesn't know what the decryption key is.

It's just plain impossible to have a "explicit code" now.

P.S. It also worth noting that the "2017 Secure Enclave Hacking" incident is a fake news. The hackers just extracted the firmware and tried to decrypt a partial of it. They didn't even figure out how it really works, let along finding a way to access decryption key.

No you are completely misunderstanding. Cellebrite is going through a backdoor. The anti-hammer provisions are a front door. Cellebrite can't modify core OS code due to OS signing. Apple holds the signing keys and can.

No Cellebrite did not find any "backdoor" but exploit the hardware structure of old iPhone 5C. They made a device that cut off signals when the passcode is incorrect and force shutdown the machine, before the error input counts accumulate. Without the auto wipe limitation, you just need to try 10,000 times to get it unlocked and it takes just few hours to do so.

Any iPhone after 5C is not applicable for this method, not to mention the iOS devices with SE.

Also note the caveat "End-to-end encryption requires that you have two-factor authentication turned on for your Apple ID.". If you didn't turn it on, they have access to everything on iCloud.

Something needs to be clarified.

End-to-end encryption means that data is encrypted and decrypted on the device end before they're sending to the cloud or after they're downloaded from the cloud, and the key will not be submitted to the server side. In Apple systems this key is generated from the hardware unique ID combined with your local user account info (such as passcode), and that's why you need to set up two factor authentication, because the original device that encrypted these message must pass the key onto the device you're logging in via another PK-based end-to-end channel that just constructed when Apple pushes verification code to these devices.

It also means that only Apple device is capable to decrypt these data, not any arbitrary web browser. As a result, data that can be accessed outside of Apple device, i.e. everything on iCloud.com web interface, are **NOT** encrypted using end-to-end. So far as we know, only a part of highly sensitive data are encrypted by end-to-end, including Health, Keychain, payment, and Siri. Anything else, including device backup, are **NOT** encrypted using end-to-end but a standard AES symmetry master key.

With or without two factor authentication, Apple CAN recover the backup onto a new device, and will submit to the law, as they did in both San Bernardino and this case.

Again, your first article explicitly discusses iMessage, something you apparently posted but didn't read. iMessage is end-to-end encrypted, but your article specifically notes that if iCloud messages and backup is turned on, then that protection is lost.

He is right. iMessage is end-to-end encrypted ONLY during transmission that Apple can't intercept. All the iMessage conversation **DATA** stored on your device is not. It's handled in the same way as other data on your iOS device. And you CAN recovery your iMessage from backups.

However, the newly received messages that is not yet included in the last backup, like the ones in San Bernardino case that FBI accidentally bricked the phone before they reaching Apple, can not be recovered, of course.
 
Last edited:
This makes about as much sense as banning guns 🤦‍♂️
Stricter gun control has literally been proven to work, all around the world.

Not allowing a non resident to get a gun licence for “hunting” and then use said licence to legally buy a semi automatic firearm would have reduced the potential for this particular attack. How many gun attacks do you see with bolt action rifles - you know, the sort of thing people actually hunt with?

The tsa master key fiasco is a pretty good example of why “a key just the good guys can use” (which presupposes the tsa are “good guys”, but that’s a different discussion) is a fantasy idea spouted as reality by those in power who yearn for more.
 
Great argument.

Well I’m convinced this administration isn’t asking for backdoor exploit handouts they literally just want all the guys records , and Tim being a globalist is more on board with this recurring trend from one political party of catch and release criminals back into society. Open borders, and ideological pats on the back along the whole journey. It’s all so perfect
And only harms every day citizens but not at all coveted elites who don’t have to worry about their own security or finances being on another planet proverbially speaking, protected and unaffected while the world turns to hell


Why bother having law and justice at all if these guys can rinse and repeat what they’re doing and powers that be turn a blind eye and borderline are encouraging this kinda behavior

But I’m done now; at least with you
 
Last edited:
Well I’m convinced this administration isn’t asking for backdoor exploit handouts they literally just want all the guys records , and Tim being a globalist is more on board with this recurring trend from one political party of catch and release criminals back into society. Open borders, and ideological pats on the back along the whole journey. It’s all so perfect

Why bother having law and justice at all if these guys can rinse and repeat what they’re doing and powers that be turn a blind when

I’m done now; at least with you

...hoo boy.You also don’t believe in rehabilitation for people convicted of crimes?
You can’t get the guys records without exploiting something.
I get it, you’re libertarian.
 
...hoo boy.You also don’t believe in rehabilitation for people convicted of crimes?
You can’t get the guys records without exploiting something.
We get it, you’re libertarian.

Defending a mass shooter, and claiming they’re a suspect not a criminal is a bad look. But you do you homie
 
Unlocking the phone of a criminal in a "one off" situation...I agree.
But don't show the FBI how to do it.
Do it for them and let them look.
Telling them how to do it = slippery slope.

Problem is if Apple left a loop hole that allows them to get in, then someone else can figure it out. The whole point of encryption is to protect the data, and leaving a backdoor completely defeats that purpose.
 
All this despite the fact that the phones in question are totally already compromised -- so the government obviously is just trying to use this incident as a way to exert pressure on Apple to break their encryption. If it was about the investigation, they could just go the route they went with the San Bernadino phone. As the WSJ reported yesterday:

Just a few years ago, many iPhones were almost impossible to crack, but that is no longer true, security experts and forensic examiners say. Companies including Grayshift LLC, Israel’s Cellebrite Mobile Synchronization Ltd. and others offer methods to retrieve data from recent iPhones.

“We’ve got the tools to extract data from an iPhone 5 and 7 now,” said Andy Garrett, a chief executive of Garrett Discovery, a forensics investigation firm. “Everybody does.”
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.