Tim Cook: Apple Won't Create 'Backdoor' to Help FBI Access San Bernardino Shooter's iPhone

[sudo1996]

But if Apple puts a way in the software to disable the auto erase, it could be used by anyone. Then it just becomes pointless, and everyone's iOS devices would then be vulnerable to a brute force attack.

It's not real security (see above), but Apple could change this method every minor iOS version in case the secret gets out. You still need physical access to the device, so it's iPhone thieves we're worried about, and they're not going to know how to do it. Even if a secret got out, they'd be lucky if it matched the iOS version on the phone.

I hate how Tim Cook is saying this stuff about freedom and whatever because there's obviously already a backdoor: Apple can put an alternate iOS version on there. So anyone can, in theory. I'll bet the FBI is just going to do it themselves. Or, better yet, they'll get Apple to do it and won't tell anyone, then Tim Cook will say that they refused.

 

[bradl]

Also, in the end, you unlock it by knowing a 4-digit numeric code. Seems that iOS tries to make that unguessable using guess throttling, and apparently, it's possible to disable that. 4 digits is only 10K possibilities, easy to break.

This assumes you are using the default passcode capability. Since IOS7, I've been using alphanumeric, which uses longer than 4 characters. That makes it inherently harder to break, putting it on par with any alphanumeric/special character password scheme.

BL.

 

[bitslap47]

It's not real security (see above), but Apple could change this method every iOS version in case the secret gets out. You still need physical access to the device, so it's mostly iPhone thieves we're worried about, and they're not going to know how to do it.

I hate how Tim Cook is saying this stuff about freedom and whatever because there's obviously already a backdoor: Apple can put an alternate iOS version on there. So anyone can, in theory.

You have to know how to trick the phone into installing an update without being unlocked and without user interaction. DFU or other method would erase the data they want. It's possible a security flaw exists to trick it into an upgrade and you could spoof the Apple Server.

 

[aristobrat]

I hate how Tim Cook is saying this stuff about freedom and whatever because there's obviously already a backdoor: Apple can put an alternate iOS version on there. So anyone can, in theory.

I think Apple can, but since iOS devices have to "check in" and report their OS with Apple servers before it activates, I'm curious how easy it would be for someone to create an alternate iOS version that will pass Apple's activation check. That'd be a jailbreakers dream, IMO.

 

[sudo1996]

This assumes you are using the default passcode capability. Since IOS7, I've been using alphanumeric, which uses longer than 4 characters. That makes it inherently harder to break, putting it on par with any alphanumeric/special character password scheme.

BL.

Yeah, I'm using alphanumeric for the same reason. I only bring up the 4-digit code because that's what the SB shooter was using, so that's what they're trying to unlock. Also, most people use that.

 

[aristobrat]

It's possible a security flaw exists to trick it into an upgrade and you could spoof the Apple Server.

Don't you think the jailbreak community would be all over that, if it was possible? Hmmmm

 

[Mikael H]

Also, in the end, you unlock it by knowing a 4-digit numeric code. Seems that iOS tries to make that unguessable using guess throttling, and apparently, it's possible to disable that. 4 digits is only 10K possibilities, easy to break.

But (at least in modern iPhones), these four (or six, or n, depending on your passcode) digits are tightly linked to the individual phone, meaning that if you "lift" the stored data from the phone, you'll have to crack the actual encryption.
I'm unsure if there is a way of cracking the specific phone in this case, but it looks as though the FBI is using this case to try to force Apple to purposely weaken security in upcoming iPhone/iOS versions, in which case we're back at the security by obscurity discussion: it's only secure as long as no-one figures it out - and people will spend considerable resources on trying to figure it out if they know it's there.

 

[bradl]

Yeah, I'm using alphanumeric for the same reason. I only bring up the 4-digit code because that's what the SB shooter was using, so that's what they're trying to unlock. Also, most people use that.

Not an excuse for putting in a 'backdoor' to the phone. We all know what our first US Postmaster General said about freedoms and security, so I won't go to mentioning that... yet.

BL.

 

[bitslap47]

Don't you think the jailbreak community would be all over that, if it was possible? Hmmmm

Not necessarily. That'd be hard to do large scale on the net. People would need to setup alternate DNS, access to the valid Apple Cert, etc. Apple could do it... probably nobody else unless the real cert was leaked.

 

[sudo1996]

But (at least in modern iPhones), these four (or six, or n, depending on your passcode) digits are tightly linked to the individual phone, meaning that if you "lift" the stored data from the phone, you'll have to crack the actual encryption.
I'm unsure if there is a way of cracking the specific phone in this case, but it looks as though the FBI is using this case to try to force Apple to purposely weaken security in upcoming iPhone/iOS versions, in which case we're back at the security by obscurity discussion: it's only secure as long as no-one figures it out - and people will spend considerable resources on trying to figure it out if they know it's there.

Yeah, it looks like they aren't going to take the flash memory off the phone. They want to run the modified iOS on that phone and guess the code. That's the only way to do it, supposedly.
[doublepost=1455737644][/doublepost]

I think Apple can, but since iOS devices have to "check in" and report their OS with Apple servers before it activates, I'm curious how easy it would be for someone to create an alternate iOS version that will pass Apple's activation check. That'd be a jailbreakers dream, IMO.

Wait, I doubt this is true. An iOS device does not need an Internet connection to boot up. I know iTunes verifies the software with Apple if you install it through that.

 

[aristobrat]

but it looks as though the FBI is using this case to try to force Apple to purposely weaken security in upcoming iPhone/iOS versions,

Hmm, I got something different from the open letter.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

 

[apolloa]

This story was on our national news on television tonight, and as they said the FBI will just go to the higher courts, I would think if it's like other countries then if the FBI is handling an official criminal investigation, which I imagine it is, then Apple can be held for obstructing those investigations which I believe is a possible jail sentence, Tim Cook goes to jail, now that would be something.
And I doubt going crying to the government will help them either.

 

[apolloa]

Dear Apple Customers,

Although we told you all the other day that the error 53 occurred as we believe third party repair shops are capable of hacking our encryption and accessing your data. The FBI or the US government or any other agency or law enforcement in the US have this capability, they are asking for our help to assist in a criminal investigation of the ISIL terrorist group, we have firmly stated NO we will not help, to protect the data of our users.

............

So basically Apple is doing what it always does and is protecting it's profit margin first and foremost, because it's been utterly full of hypocritical BS lately that is for nothing else other than to protect that profit margin, masked under the blanket of security.

 

[aristobrat]

So basically Apple is doing what it always does and is protecting it's profit margin first and foremost, because it's been utterly full of hypocritical BS lately that is for nothing else other than to protect that profit margin, masked under the blanket of security.

At this point, I don't particularly care why Apple is doing it (profit margin, whatever), it's just interesting to me to see a US company stand up to the government like this.

What company's profit margin has been hit by not taking this stance?

 

[furi0usbee]

I agree, if your entire family was violently murdered and unlocking an iphone would solve the case, I would the killers go free than have the chance for someone to see pictures of my cats.

I guess I'm not as selfish as you. My life/privacy isn't worth more than the rights of a society. Although I don't agree with, I applaud people who are against the death penalty, even when they are the victims of horrific murder in their families.

Bottom line, encryption should be used more, not less, and don't ever take away my right to privacy/encryption just because you have been harmed in any way, just as I won't take your rights away should I be harmed.

No back doors, no exceptions. I will live and die by the sword of privacy.

 

[AbSoluTc]

And you prevent others from hijacking this method....how?

Or the guilt of the next terror attack is on you.

The quote above is the exact point everyone is making, yet you skip it. Do you have an answer to that?

Now to your comment about terror attacks, it seems you have fed into what the government is spewing. Terrorist attacks will happen no matter what... why compromise something secure for the sake of preventing something with a slim chance of happening?

 

[gnasher729]

Where is the limit?
If creating a backdoor meant avoiding another 9/11, what would be the right thing to do?

I don't know what makes you think this would avoid another 9/11.
In this particular case, the perpetrators (who are dead, by the way), are known to have destroyed several devices and hard drives. They didn't destroy this iPhone. Why not? Unlikely that they forgot. Two logical explanations: a. This iPhone was purely for private use and the only thing the FBI could find is their Candy Crush high score. b. They relied on the iPhone being 100% uncrackable.

So maybe Apple would be able to read the contents of this phone. I doubt there is much useful information on it. But even if there is, no terrorist will in the future leave an iPhone behind, because they will know that it can be cracked.

 

[whsbuss]

The quote above is the exact point everyone is making, yet you skip it. Do you have an answer to that?

Now to your comment about terror attacks, it seems you have fed into what the government is spewing. Terrorist attacks will happen no matter what... why compromise something secure for the sake of preventing something with a slim chance of happening?

Its similar to taking away the rights of legal gun owners because criminals use illegal guns. I think SCOTUS will have to make the call on this. Challenging the constitution is their job.

 

[BaldiMac]

Yes, apparently according to Apple themselves, a third party repair shop can easily hack your phone and it's encryption by replacing a dodgy finger print scanner, yet the ENTIRE US government and it's CIA and FBI and other law enforcement departments can't hack your device...

Apple really talks out of its bottom sometimes, and for the record I'm not with Apple on this one.
The price of freedom you enjoy everyday is to give up privacy for the freedom to be protected, don't like it then be prepared to lose some of that freedom.
And it's disgusting Apple is talking rubbish when vital evidence is being requested to prove someone innocent or guilty, what if the guy is innocent but gets the death sentence, who cares right when you don't know them, but that nasty government won't spy on you...
Or what if he's guilty and walks free and kills Tim Cook, what would you say then when accessing his iPhone would have produced evidence to send them to jail?

Well America if you vote Trump in I think the government spying on you is the least of your problems anyway.

Dear Apple Customers,

Although we told you all the other day that the error 53 occurred as we believe third party repair shops are capable of hacking our encryption and accessing your data. The FBI or the US government or any other agency or law enforcement in the US have this capability, they are asking for our help to assist in a criminal investigation of the ISIL terrorist group, we have firmly stated NO we will not help, to protect the data of our users.

............

So basically Apple is doing what it always does and is protecting it's profit margin first and foremost, because it's been utterly full of hypocritical BS lately that is for nothing else other than to protect that profit margin, masked under the blanket of security.

Not very shocking that when you assume that someone is being hypocritical, you perceive them to be hypocritical.

 

[NT1440]

Dear Apple Customers,

Although we told you all the other day that the error 53 occurred as we believe third party repair shops are capable of hacking our encryption and accessing your data..

Uhh....error 53 is bricking the device to PREVENT a malicious TouchID sensor from being used to decrypt the secure enclave....

 

[CmdrLaForge]

What is the US's long running policy about terrorists? "Do not negotiate". The reason? Because once you start there's no stopping it. Even if Apple had the capability, as soon as they do it once precedent has been set and they would have to setup an entire department just to handle the court orders.

As I understand you mean this as an analogy - and in that the federal agency are the terrorists? And Apple is the US? Or what are you saying ?

 

[gnasher729]

In this case they help the terrorist and not the government so who do they support? Also no need for a generic backdoor. The FBI can deliver just this phone to Apple secret lab. They do their data magic there and hand over the phone in its original state and the data on a USB stick.

The terrorists are beyond help, they are dead. Apple uses the old principle that they don't give people what they ask for, but what they need. The government asks for help to break this phone, making every single iPhone, including every single iPhone owned by a US citizen, insecure. Destroying essential freedoms of the people is directly playing in the hand of the terrorists. Apple gives the government what they need: Respect for the privacy of their citizens.
[doublepost=1455740213][/doublepost]

C'mon. If the FBI has a search warrant from a court because they have a suspects phone I would be more worried that they are guilty if they do not help..

A search warrant gives the FBI the right to search. It doesn't force anyone to help them.

 

[TouchMint.com]

I know it's been said before but do they not realize once you create a backdoor for 1 party all parties can use that backdoor? I wish people understood tech before making rash decisions.

 

[NT1440]

Its similar to taking away the rights of legal gun owners because criminals use illegal guns. I think SCOTUS will have to make the call on this. Challenging the constitution is their job.

Not to veer off track here, but what gun rights have been taken away? All I ever see, after 7 years, is the gun crowd in a delusional paranoid state that Obama is perpetually on the verge of taking the guns.

 

[gaximus]

Not sure what is patriotic about this. To me it is more a marketing move but maybe you can explain how not helping the authorities is patriotic.

Ever seen the Patriot? Its kind of all about going against the authorities.