Perhaps they designed it NOT to be broken.But they know how the internals work. So they would have the best chance at breaking it.
That is the point... after all.
Perhaps they designed it NOT to be broken.But they know how the internals work. So they would have the best chance at breaking it.
The best kind of security is one you can show every aspect (code, mathematical theory, etc.) to everyone, friends and enemies, and everyone agrees, they can't break it. This is why Open Source is so powerful in the area of security: there is no false sense of security through obscurity.
Apple can't break the encryption because they didn't make the encryption. They specifically picked one they can't break. The FBI knows this. They aren't asking Apple to crack encryption. They are asking for a way to circumvent the secure enclave chip that will wipe the phone after 10 failed attempts at guessing the code. There's only 1 million codes to try, if they could try them one every 2 seconds, worst possible case, they would have the code in 23 days.
So is Apple sitting hard on the key, or is there simply no key? The former would indicate Apple is, as accused, using this as an opportunity to generate warm fuzzies from its customers. The latter would be more palatable, to me anyway.
As a megacorp, I've always found it rather unbelievable that Apple doesn't have the ability to crack it's own keys. But if they won't decrypt this phone because they genuinely can't, wouldn't that be a better argument to the Feds?
Yeah, I believe Secure Enclave is a feature of the A7 chip and above. The 5C uses the A6.The iPhone 5C doesn't have a secure enclave.
Isn't that the whole point?
Otherwise... security that can be broken isn't really secure
Isn't the 26th the day of the shareholders meeting? They've had protests at those before.Apple now has until February 26 to file its first legal arguments against the court order.
This. really good security can't be undone. Its not meant to be cracked.
I use a backup software like this. during setup you give it a password. They tell you in no uncertain terms do not forget it as they cannot recover it. Lose the PW, lose the data basically.
Main benefit to this is removes the bad employee in the cloud problem. Old boy at the cloud place wants to take some data and burn bridges and hope the score covers that....your data won't be cracked in theory. Or as readily anyway....
Also enter the 10 tries things....brute force 10 times and done. Simple solution to complex problem.
So is Apple sitting hard on the key, or is there simply no key? The former would indicate Apple is, as accused, using this as an opportunity to generate warm fuzzies from its customers. The latter would be more palatable, to me anyway.
As a megacorp, I've always found it rather unbelievable that Apple doesn't have the ability to crack it's own keys. But if they won't decrypt this phone because they genuinely can't, wouldn't that be a better argument to the Feds?
What kills me is the fact that if Apple chose to rewrite iOS, this device in question would need to be updated or restored, therefore possibly destroying evidence. After all, they can't back up and restore the device because the password is different now. FBI just might be screwed in this case.
"No, but we really, REALLY want you to compromise the security of all your devices to satisfy this one whim. Just this one timeeee... We promiseee."
In spite of my disagreement with this guy on a lot of issues, Tim has been absolutely heroic in this issue of privacy. Just fantastic.
The sad thing is they wont find anything important on that phone. Its just about getting in.
...
and DESTROY the custom version of ios so that there is no possibility of anyone other using it again. But then again its the US government and this thing is not about getting into THIS ONE phone, its about getting easy in all phones in the future. .....
Does Apple actually have the ability to force an iPhone to accept an update without logging into it?They don't have a key. What the FBI wants Apple to do is to write a custom version of iOS that ignores some of the security features and makes a brute force attack feasible.
I'm hearing two things.
- That there is no key, period.
- That there may have been a key if they didn't change the password already. Apparently the iCloud backups can be accessed, which is interesting? If everything is being backed up, and those backups can be decrypted by Apple, doesn't that defeat the purpose of strong encryption on-device?
One must wonder.
Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
But they know how the internals work. So they would have the best chance at breaking it.
Does Apple actually have the ability to force an iPhone to accept an update without logging into it?
Or, one must do some research and stop wondering.
There is no key that Apple can provide, period. That isn't to say there isn't a key; obviously there is. It is on the device, encrypted using a 4-digit or 6-digit password.
That key is not what the FBI is asking for at all. The FBI is asking Apple to change the firmware so they can try each of the 10,000 4-digit (or 1,000,000 6-digit) passwords possible on the device (using automated means, obviously) without locking or erasing the device. When the proper passcode is put in, the data-encryption key is retrieved using that passcode and used to unlock all of the data on the device itself.
So, that's your first thing you are hearing. Now the second.
Per https://www.apple.com/privacy/approach-to-privacy/ :
That is, all iCloud data is encrypted using Apple's keys which are stored on their servers. iCloud Keychain (your saved passwords etc) are encrypted by the device using keys that only exist on your devices (which is why if there are authentication problems between iCloud-connected devices it is almost always the keychain that needs to be turned off and back on).
Not everything is backed up. First, obviously, iCloud Keychain is backed up but not retrievable from that backup without at least one participating device. Second, though, many apps specifically exclude their data from backups - this includes iMessage and Facetime as examples, which also employ (256-bit AES) end-to-end encryption similar to iCloud Keychain so only the participating devices can read the messages.
Getting at this non-backed-up data is the stated rationale for the FBI wanting to get into the phone itself rather than just getting access to the most recent backup (which they can't get because they borked the backups themselves anyway).
Of course, the more pertinent facts are that (1) the murderers in this case used their own personal phones and a laptop, all of which they thoroughly destroyed before going on their rampage; (2) the phone in question was a work-issued phone. It is highly unlikely, knowing what has been revealed to this point, that there will be any remotely usable information on the device in question. However, we do have to admit that we don't know everything about the case. That said, the FBI is charged with doing everything legally possible to track down every lead to the crime; it is not charged with caring about privacy or overall system security. They also almost assuredly have many less-devastating avenues to pursue in the physical world rather than compromising security for everyone in the world.
I'd also add that (3) we are not talking about massive terrorist attacks here. We are talking about a lone-wolf attack which killed a small number of people and by all evidence to date (most compelling: that there have not been related follow-up attacks) was an isolated event. This is hardly the type of event which should rationally lead the public to freak out and grant the FBI massive new powers to invade our privacy.
What kills me is the fact that if Apple chose to rewrite iOS, this device in question would need to be updated or restored, therefore possibly destroying evidence. After all, they can't back up and restore the device because the password is different now. FBI just might be screwed in this case.