New York Law Enforcement Officials Operate $10 Million Lab Designed to Crack iPhones

[Xian Zhu Xuande]

All well and good. This is fine. What isn't fine is demanding that a government be given a "backdoor" through encryption which, effectively, amounts to a backdoor any government or entity may use to target journalists, activists, etc. And, frankly, the United States has been working hard to demonstrate themselves as a country which does not deserve a particular level of trust in this regard, either.

It's a shame how hard it seems to be for people to understand that there's no magic "backdoor" or "key" that is different from a security flaw any sufficiently capable entity may exploit.

 

[Rocko99991]

So they have a faraday cage ad they use intelligent social engineering to get a start at passwords, okay.
The answer is not a backdoor that he is asking for.
For everyone that reads this you need an alphanumeric passcode.

My current passcode has 12 digits/letters and symbols.
This means that even if they can generate 26 million passcodes a second.

There are 46 keys * 2 functions for each key.
This means that my password will has 3.68x10^23 combinations.
This is 1.4x10^16 seconds to brute force the attack or 3.9x10^12 hours.
So they will never brute force it unless they just get lucky.
Couple that with at the end of every attempt, the enter key must be used.
If you use a 4 digit passcode, a brute force attack renders it useless in 9999 attempts.
Actually it's half that if the approach is either sequential or starts from the middle.
A six digit passcode isn't better.
Use a password that has letters (upper and lower case) numbers and symbols.

A password that is any length is more secure than a passcode.
A password can be any length and makes it much more difficult to brute force.

If you use a less secure 4/6 digit passcode, you should have your phone set to wipe after 10 attempts.

I say don't give them a chance and I'm not doing anything illegal.
My right to privacy, is a right.

Wipe after 10 attempts should be turned on by all, no?

 

[barkomatic]

What we have here then is that law enforcement can only see privacy from the lens of their profession--to be able to get at the information they need to solve or prevent a crime. They are unable to grasp the larger issue of the harm that will be done to everyone should Apple and Google create backdoors for them that will be hacked by various criminal organizations, governments and individuals within weeks of being granted.

When Vance says he thinks there should be a "balance"--what he is advocating for really isn't a balance at all. Smartphone data would be readable by anyone with a high level of technical expertise.

 

[lostngone]

""That's not their call. And it's not their call because there's something bigger here at issue rather than their individual determination of where to balance privacy and public safety. What's bigger is you've got victims and you've got a law enforcement community who have strong imperatives that should be recognized and balanced equally with the subject decision-makers by the heads of Apple and Google. Today, I think it's unbalanced. "

Vance is right in my opinion, it isn't Apple's call....

It is my call as a citizen of the United States that is protected under the 4th amendment. I am glad that Apple is at least trying to give me the tools to do so. If law enforcement wants access to the device they can get a search warrant for the device and then it is up to me if I want to give it to them or rot in jail for contempt.

 

[Hazmat401]

I feel sorry for the New York City tax payers

I’m starting to appreciate the T2 Chip in my mac.... can’t believe I said that. Think I’ll enable file vault too

 

[icolove]

I'm ok with this. Apple felt it wasn't fair when the FBI wouldn't tell them how they cracked an iPhone.

There is a solution here, but both sides are stubborn and one is stubborn for public relations (you simply can't convince me Apple actually cares about privacy) while the other is stubborn for claimed public safety.

This could all be done behind closed doors like so many other things, and everyone would continue to live their lives.

 

[GermanSuplex]

Seems like overkill. However, I'm ok with this. This is really just a more expensive version of what hobby hackers and those with ill intent do all the time. The money being used and all that is a separate issue for a different debate, but in terms of trying to hack the phones themselves, that is the way it should be done, as opposed to passing laws or strong-arming Apple or any other tech company into providing a back door into their software.

 

[Art Mark]

The argument he puts forward seems rather silly to me - at this time. Maybe I'll change my mind. But right now I can't understand the notion that no one should ever be allowed to have anything private. And that is the core of what they are saying. There have always been 'codes' and methods/systems/hardware used by military or others, that are impossible, or nearly so, to break. No, not impossible - everything is breakable - but very difficult to break. Obviously the military uses them, as does special services, CIA, FBI ETC. What they may be unintentionally calling for is breakable everything. Which is not what they want I don't think. They want breakable items for civilians only. This is odd. And putting backdoors into things would guarantee that .. well, anyone in Govt. or in anyway involved would use what exactly? Every system is breakable. It's the fact it's difficult that is perplexing these guys. Imagine any corporate traveler who has compote info on his devices. This 'balance' he speaks of is an illusion. Criminals have never played by the rule that they only use methods and systems that are obvious or breakable. This numb-minded argument has to end. There is no RIGHT that everything made has to be easily searchable by the police whenever they wish. What's next? No one should have padlocks because they make it difficult for police to open things?

 

[Rigby]

It's really amazing. We already live in a surveillance society that should be the wet dream of every law enforcement officer (as well as authoritarian regimes everywhere). And yet they are still demanding more ...

 

[justperry]

Really not reason why, in 2020 and with all the free password manager options out there, you can't keep things secured. Most all of my passwords are 36 character and include multiple symbols. I rotate them out every 6 months.

WTF, a 36 character password can't be cracked for (almost) infinity, why rotate them.
Mine is 15 characters long, same, takes forever, won't change it, unless I suspect someone made a video from it.

 

[DoctorTech]

What data are they really looking for when they want to break into an iPhone?

They can get a list of numbers called from the carrier.
They can get the location history of the phone from the carrier.
They can get the SMS messages from the carrier.

Are they looking for messages re: planning? Logistics? Are they trying to break into "plan my heist" data?

Are they just looking to see what other contacts the potential perpetrator might have/be talking to?

Excellent points (although I agree with another comment that they can get iMessages from the carrier). I am not a LEO but I have worked with LEOs, both patrol officers and senior leadership. I strongly suspect the thing they are most wanting is the address book so they can flush out networks of who is "connected" to who. I always wonder how many pizza delivery guys end up on watch lists because they have shady customers. Yes, LEOs can get meta data of all phone calls from the carrier but there are numerous apps that allow communication in ways that would make the carrier data useless.

LEOs would also like to rummage through everything else on the phone just to see what they can find. An app for 53 Bank or Horizon Bank may tip them off about a bank account they were not aware of phone owner had. A photo of the owner with an unknown person may tip them off about a possible safehouse where the owner of the phone could either be hiding or may have hidden items (they could find the identity of the unknown person through facial recognition software). Access to the suspects email could divulge receipts for items nobody knew the phone owner had purchased. etc. etc. Seemingly innocent information discovered on a phone could send the investigation down paths they would have never thought to pursue without access to the data on the phone.

While I understand strong encryption makes investigations more difficult, I believe the rights of the 99.9999% of us who are not terrorists outweigh the arguments for weakening encryption and/or coercing companies to implement back doors. I am NOT anti-law enforcement but just do a Google search for "officer arrested" or "agent arrested" to see how often those entrusted with guns and badges to protect us end up on the wrong side of the law.

 

[ersan191]

Our tax dollars at work...
[automerge]1579644280[/automerge]

(you simply can't convince me Apple actually cares about privacy)

Ah, I see you’re immune to both logic and evidence.

 

[BC2009]

Man there must be a lot of crimes planned on iPhones...

apparently.

Apple should add a new setup screen...

—-
“Do you want to activate True Tone Display?”
—-
“Do you plan to commit a crime and hide evidence of it on this iPhone?”
—-
“Let’s setup Hey Siri...”

 

[Dave-Z]

Wipe after 10 attempts should be turned on by all, no?

And if you're particularly adventurous, you can use a configuration profile to drop that number down to whatever you want. So you can have your phone secure erase itself after 3 attempts, if you want.

See the section "Passcode Policy Payload":

https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf

 

[Kabeyun]

Vance says that law enforcement is entrusted with a responsibility to "protect the public"

And once they have the keys to the backdoor, who protects the public from them?

 

[justaregularjoe]

Apple's argument is that it provides iPhone data from iCloud without breaking into the iPhone itself, but Vance says that a serious criminal doesn't have an iCloud backup.

I'm curious: do 'serious criminals' have a list of their accomplices, co-conspirators, suppliers, financiers, and motives in their phone with significant data to connect those to real people? Like criminal_plans.doc?

 

[tridley68]

what did law enforcement do before there were smartphones?
What a bunch of whiners

Sit around in public paid cars wasting gas and eating donuts

 

[MarkC426]

So this is basically legalised hacking......🤪

 

[Jim Lahey]

This is all starting to really wind me up.

One has to wonder at what stage this starts to crossover into a crime in and of itself? I mean, is wilful computer hacking not illegal?

 

[MarkC426]

Screwed up world......
If it was you or I we would be banged up without a doubt.

 

[velocityg4]

NYC spending $10 million for such a stupid anti-consumer intrusive purpose.... they could have spent it instead on the countless homeless and vagrants roaming the streets of NYC.

Heck yea! $10 mil could get a bunch of homeless scoops. 🧐

 

[MarkC426]

And Trump want’s Apple products made in USA or include extra taxes....!
Get priorities right..... 🤨
Seems like everyone is obsessed with ‘we need access’ to your device.
You can’t, so get over it....stand firm Tim, don’t give in to the politics.......

 

[Bswails]

Color me shocked - yet another gov't stooge who doesn't understand you can't crack one iPhone without compromising every other as well

I believe they understand that now..and that’s what should be concerning for the rest of the public.

 

[btrach144]

So all user privacy and security must be sacrificed in order to make this guys job easier because there are 1 or 2 rotten people amongst us?

The math doesn't add up on that one.

 

[PinkyMacGodess]

And, um, how has that worked out?

We should not have to be afraid of our own government. But an intelligent person really should be.

Only a fool trusts their government. But throwing that much money at a wall is kinda bizarre...