Justice Department Wants Apple to Extract Data From 12 Other iPhones

[iLunar]

The flaw that allows a hacker to install a modified version of the OS as to allow the FBI an unlimited amount of passcode attempts. iPhone had no such flaw, it would be the end of the story there.

It doesn't have that flaw currently. The FBI needs Apple to create, they can't create it themselves. Hence why this entire conversation is even happening.

 

[\-V-/]

It doesn't have that flaw currently. The FBI needs Apple to create, they can't create it themselves. Hence why this entire conversation is even happening.

I feel like half the people talking about this have no idea what the issue even is. Even on TV they seem to have no clue as to what's actually happening.

 

[BaldiMac]

All of this could have been avoided if Apple had designed the iPhone without a security flaw in the first place. Security on the iPhone is already weak by failed design. That is a particular shortcoming of those phones. It's easy to avoid and other phones from more competent makers don't have this problem.

FBI just wants to take advantage of Apple's muck up and contary to what Apple claims, the court order has no bearing on the security of future iPhones—that is if Apple fixes the problem with the iPhone 7. Getting metadata relies on the security flaw in that particular iPhone 5c. And so what? The government can force a bank to open your safe deposit box or a landlord to open your apartment. They can access your locked desk, your journal, your medical records. Based on what legal theory shouldn't they be able to demand access to the metadata of someone's phone/computer? Corporations court ordered to provide access to where private information is stored is not new legalism. FBI always has a right to demand access to evidence. The question is whether a company can actually provide that evidence. Right now, Apple can provide access to that evidence because of flaw in the iPhone design. If the iPhone had security like Samsung phones, they could respond to the FBI by saying: Sorry, lads, there's no way of doing that.

And that would be that. The FBI is not demanding that future phones are designed to facilitate access for them. That's a legislative battle that rages on separately from the FBI demands in this particular case.

The issue here is that Apple's magical prodcut is supposed to provide a level of technical protection and it doesn't. It just doesn't.

Complying with the court order sets no precedent because it doesn't limit Apple's ability to create a more secure phone, like Samsung does because of their superior Korean craftsmenship and engineering. No manufacturer can help the government recover encryption keys from a correctly implemented system. Nothing nefarious about FBI askng Apple to help exploit an already flawed and weak cryptosystem. Giving them that help doesn't change anything about the ability to build stronger cryptographic systems that cannot break.

Tim Cook's stance isn't a moral one. Apple messed up by selling a phone with a security flaw and now he wants to save face. There's no point in debating the FBI on this one. Mr. Cook, with all due respect, the only way to secure information on a phone is to make sure that the information is technically secure. Complying with the court order will not set any precedent, nor does it create tools that will compromise privacy or security in the future. Just comply and make sure the iPhone 7 doesn't have this design flaw and be done with it. You guys screwed up. First, with the design flaw in your stupid, overrated phone, and then in handling this situation like a child who doesn't want to do his homework.

Also, enough with 16 GB devices. That's the real crime here, folks.

There's not much understanding of the actual issues in any of this rant.

 

[imola.zhp]

Wait, I thought they were not trying to set a precedent? WTF? That escalated quickly!

 

[techwhiz]

Complying with the court order sets no precedent because it doesn't limit Apple's ability to create a more secure phone, like Samsung does because of their superior Korean craftsmenship and engineering. No manufacturer can help the government recover encryption keys from a correctly implemented system. Nothing nefarious about FBI askng Apple to help exploit an already flawed and weak cryptosystem. Giving them that help doesn't change anything about the ability to build stronger cryptographic systems that cannot break.

Tim Cook's stance isn't a moral one. Apple messed up by selling a phone with a security flaw and now he wants to save face. There's no point in debating the FBI on this one. Mr. Cook, with all due respect, the only way to secure information on a phone is to make sure that the information is technically secure. Complying with the court order will not set any precedent, nor does it create tools that will compromise privacy or security in the future. Just comply and make sure the iPhone 7 doesn't have this design flaw and be done with it. You guys screwed up. First, with the design flaw in your stupid, overrated phone, and then in handling this situation like a child who doesn't want to do his homework.

Also, enough with 16 GB devices. That's the real crime here, folks.

It does in fact set a precedent.
They are not asking Apple for a key.
They demanding that Apple make a new version of software that has multiple security flaws.
It is precedent settings to attempt to force a company to develop a method of entry.

Apple never said anything inaccurate.
They said a means does not exist to get into the phone. They never said it was impossible to eventually develop a means. But that development places an undue hardship on Apple.

Most people commenting have no eff'n clue about what they are talking about.
How many of you commenting understand the following and how it is implemented:
1. Software updates that sideload?
2. Encryption and how secure SHA256 is and what governmental agency developed and released it to the public domain?
3. The ability to generate passcodes and the related time to test them on the phone?

Okay, those with hands still up, continue.

 

[jasonklee]

I understand the FBI isn't requesting Apple for any sort of master key. My understanding is that the FBI is just asking Apple to rewrite iOS to exploit a known security flaw inheretnt in all existing iPhones. All can have their software updated without knowing the passcode. The updated software has to be signed with Apple's key, of course.

An iPhone without the Secure Enclave would require just a single firmware update to iOS to disable passcode delays and self-destruction. An iPhone with a Secure Enclave would require two firmware updates. One to iOS and one to the Secure Enclave itself in order to disable passcode delays and self-destruction. The end result is the same. After modding, the devices is able to guess passcodes at the fastest speed hardware supports.

The iPhone 5c in this case lacks Touch ID, thus lacks the Secure Enclave—which wouldn't be a concern anyway. The passcode protections are implemented in software and are replaceable with a single firmware update.

This wouldn't set a precedent as it doesn't stop Apple from fixing this security flaw in the iPhone 7.

 

[rdrr]

Then Apple should do just that. Engage its lawyers and fight the court order. But they decided to drag that out into the public. Now we are discussing their opinion.

I already replied to that notion:

So the government didn't go into the public opinion arena as well? Apple or anyone that doesn't support this "court order" does not support terrorist. We asking to keep our privacy and electing to use our freedom of speech to say that. Wake up.

 

[gavroche]

They don't, actually. What really happens is twofold: 1. The _seller_, not the manufacturer, of a consumer product, has the responsibility that the product works for a certain time. Details vary. 2. When selling AppleCare, Apple has to state clearly what the customer gets. And what they get is 2 or 3 years certain warranties, _minus_ anything that the customer gets without buying AppleCare. So Apple has to tell you your rights outside of AppleCare when selling AppleCare. (Strangely that rule doesn't seem to apply to Dell, for example).
[doublepost=1456259914][/doublepost]

You are saying that a company selling products in a foreign country does not have to abide by the laws of those countries! Yikes!

 

[BaldiMac]

I understand the FBI isn't requesting Apple for any sort of master key. My understanding is that the FBI is just asking Apple to rewrite iOS to exploit a known security flaw inheretnt in all existing iPhones. All can have their software updated without knowing the passcode. The updated software has to be signed with Apple's key, of course.

An iPhone without the Secure Enclave would require just a single firmware update to iOS to disable passcode delays and self-destruction. An iPhone with a Secure Enclave would require two firmware updates. One to iOS and one to the Secure Enclave itself in order to disable passcode delays and self-destruction. The end result is the same. After modding, the devices is able to guess passcodes at the fastest speed hardware supports.

The iPhone 5c in this case lacks Touch ID, thus lacks the Secure Enclave—which wouldn't be a concern anyway. The passcode protections are implemented in software and are replaceable with a single firmware update.

How is it a security flaw if only Apple can bypass it? Let alone the fact that by choosing a strong passcode, the decryption could still takes hundreds or thousand of years with current tech.

This wouldn't set a precedent as it doesn't stop Apple from fixing this security flaw in the iPhone 7.

I'm not sure that you understand the implications of precedent. This isn't about accessing individual iPhones. This is about the FBI using the All Writs Act to force a company to weaken the security of their products. Where can that lead? Backdoors, direct real-time access, unauthorized data collection. The government will continue to push these limits.

What should happen is that Congress and the Supreme Court should debate and form the policies that govern this situation. Not the FBI and a random magistrate in a warrant decision based on a 200 year old law that has never been used in this way.

 

[randian]

Isn't universal paranoia the terrorists end game?

No, that's just a tool. Submission to Islam is the end game.

 

[Arndroid]

That's actually the reason Apple should show that it places an unreasonable burden on their part, they should show the courts the other 12 cases. That's specifically why companies and private citizens are not forced to do the work of the government and have the rights to reject such orders.



Except that's not related to the case and other 12 cases as well. The FBI is not asking for Apple's encryption key or the passcode. The FBI is asking Apple for a firmware update signed by Apple that removes the delay per incorrect passcode and allows for the automated PIN/passcode submission, to let them brute force the phone at a rapid pace.

The iPhone 5C does not have a Secure Enclave to verify the firmware update that does ask for the passcode first like in iPhone 5S and above.

And yes, you can bet that Apple is working their ass off to encrypt more of their data and eventually, disable DFU as well.




No, he didn't. The media twisted his words and reasoning into making it seem that he sides with the FBI. All of the more reasons why we can't trust both the government and the media, it's all misdirections.

No he still sided with the FBI. He still said "terrorism" in his clarification.

 

[Tech198]

If its older iOS versions, why do they need to go to Apple go force them ,,... These older versions are not encrypted anyway..


Now they say it's 12.....? did these other others just pop up overnight or something ?

 

[Poisednoise]

I'm just astonished this new revelation was let out so soon after the FBI claimed they weren't trying to set a precedent. The FBI must be some mad at the DoJ.

 

[sracer]

I feel like half the people talking about this have no idea what the issue even is. Even on TV they seem to have no clue as to what's actually happening.

That does indeed seem to be the case.

But then again this whole issue is nothing more than a smokescreen. The government doesn't need Apple in order to extract data from the phone, but they want the public to think they do.

 

[jasonklee]

How is it a security flaw if only Apple can bypass it? Let alone the fact that by choosing a strong passcode, the decryption could still takes hundreds or thousand of years with current tech.


I'm not sure that you understand the implications of precedent. This isn't about accessing individual iPhones. This is about the FBI using the All Writs Act to force a company to weaken the security of their products. Where can that lead? Backdoors, direct real-time access, unauthorized data collection. The government will continue to push these limits.

What should happen is that Congress and the Supreme Court should debate and form the policies that govern this situation. Not the FBI and a random magistrate in a warrant decision based on a 200 year old law that has never been used in this way.

FBI is asking Apple to create a version of iOS with unlimited passcode attempts and without the need of physical touch. That's what they need. Apple needs to rewrite iOS and then sign it. The exploiit is already there. FBI can't rewrite the code to iOS and even if they could and did, Apple still needs to sign it.

In the long term, the FBI’s efforts may ultimately—and ironically—undermine the agency's broader goal of accessing critical evidence by encouraging tech companies to build products that are impervious to infiltration by design.

I have a feeling the iPhone 7 will be the most secure phone on the planet.

 

[randian]

That's what they need. Apple needs to rewrite iOS and then sign it. The exploiit is already there. FBI can't rewrite the code to iOS and even if they could and did, Apple still needs to sign it.

And once they've signed it nothing prevents the FBI from reusing it an unlimited number of times.

 

[Larry-K]

No, that's just a tool. Submission to Islam is the end game.

Which version?

 

[randian]

Which version?

There's only one version. "There are many versions of Islam" is taqiyya. But a proper discussion is hardly relevant to this thread.

 

[APPLENEWBIE]

Terrorism is not a myth. The purpose of terrorism is to change through fear the way that people and countries behave. Which is why giving up your rights out of fear of terrorism is both letting them win and encouraging them.

I read recently that BEES killed more people last year than all terrorist attacks on US soil in the last 10 years combined. Time for a war on BEES!

 

[jasonklee]

And once they've signed it nothing prevents the FBI from reusing it an unlimited number of times.

Perhaps on current iPhones. But not on future iPhones.

The more I understand the unintended consequences of this court order, I more I side with Tim Cook.

 

[Larry-K]

There's only one version. "There are many versions of Islam" is taqiyya. But a proper discussion is hardly relevant to this thread.

That's what everybody says.

 

[Mac2me]

....
I'm not sure that you understand the implications of precedent. This isn't about accessing individual iPhones. This is about the FBI using the All Writs Act to force a company to weaken the security of their products. Where can that lead? Backdoors, direct real-time access, unauthorized data collection. The government will continue to push these limits.

What should happen is that Congress and the Supreme Court should debate and form the policies that govern this situation. Not the FBI and a random magistrate in a warrant decision based on a 200 year old law that has never been used in this way.

From the Stanford Law School:

CALEA limits the All Writs Act (AWA): https://cyberlaw.stanford.edu/blog/...writs-act-and-protects-security-apples-phones

More info on why the CALEA trumps the AWA: https://cyberlaw.stanford.edu/blog/...fbis-all-writs-act-order#.VssxYk0kskI.twitter

 

[thewap]

Let's just cut to the chase, why not just say - the constitution is helping terrorist?

 

[gnasher729]

You are saying that a company selling products in a foreign country does not have to abide by the laws of those countries! Yikes!

Where exactly do you see me saying that?

 

[Larry-K]

Let's just cut to the chase, why not just say - the constitution is helping terrorist?

First define "Terrorist", then look for the "Terrorist" Exemption Amendment in the Constitution.

Let me know when you find it.