Apple refuses to decrypt terrorist iPhone

[Dizzy1]

there is no such thing as an unbreakable electronic code.

Absolutely true. Hackers are always one step ahead.

[Queen K]

I wonder what the FBI found on it.

[Donald G]

Unread postby Queen K » 5 minutes ago

I wonder what the FBI found on it.

Careful Queen K. In history, "curiosity killed the cat".

[FreeRights]

I do not see that that makes one iota of difference. The FBI had requested and obtained a Judicial Order for the Terrorist Protectors to release the information to them. They made a decision and will have to live with the consequences of their Terrorist Protecting decision not to comply with the Court Order

While I haven't actually taken either side to this debate, it's still important to have the right information. The post I quoted was factually incorrect.

[dogspoiler]

The point I was trying to get across earlier is that if Apple was concerned about the privacy of their customers they should not have the ability to unlock that phone anyway.
If that was the case they could tell the judge, "gee we would love to but we can't we made it impossible".
What they did was try to make a point by refusing, but picked a very unpopular way to do it.
If the phone was built so they could not unlock it, the judges order would not stand up.

[the truth]

I wonder what the FBI found on it.

imo if they found information on that phone that could of prevented another attack , that has already happened , and or prevented them from catching someone since the act,they should charge apple under the treason act

[dontrump]

The point I was trying to get across earlier is that if Apple was concerned about the privacy of their customers they should not have the ability to unlock that phone anyway.
If that was the case they could tell the judge, "gee we would love to but we can't we made it impossible".
What they did was try to make a point by refusing, but picked a very unpopular way to do it.
If the phone was built so they could not unlock it, the judges order would not stand up.

Understood but that is not the reality of things here as they went.The phone was able to be unlocked.Cook the owner of Apple being the democratic left wing loon he is brought a phoney privacy belief into the mix. He made a lot of people think if they did this one phone then all phones would be in jeopardy.simply put not true nor did the FBI demand for the code themselves they just wanted this one phone unlocked.I have to laugh at the national media attempt to smear Trump because one of his aids grabed a bimbo by her arm to move her out of their way and yet not one condemns this awful act by Apple that is putting many lifes in possible danger of death etc

[Jlabute]

http://www.theverge.com/2016/3/31/11335 ... e-arkansas

Now the FBI are unlocking an other iPhone in a murder case. Apple wants to know how they cracked it. Looks as though Apple will be rethinking their encryption/security.

[Donald G]

Since the FBI was able to unlock the phone I wonder if Apple knew all along that the phone could be accessed and have been knowingly selling something that they knew to be false ??

[GordonH]

Since the FBI was able to unlock the phone I wonder if Apple knew all along that the phone could be accessed and have been knowingly selling something that they knew to be false ??

No one has built un-crackable/unhackable cellphone.

[the truth]

and no one ever will

[Jlabute]

That's a really good question Don.

I don't know enough about how Apple does security and/or encryption. Is the FBI solution HW and/or SW based? According to the document, even a JTAG interface to the HW(hardware) shouldn't work. In electronics, if you can connect up some i2c, spi, or communication lines to a connector/header inside the phone, you can read contents off chips perhaps... easier if the data is not encrypted. When Apple says "Data Protection" are they referring to just an encrypted passcode and the ability to erase all data after 10 failed attempts?

Is Apple not telling us something? Maybe the FBI is putting on an act that they couldn't hack iphones? lol. Beats me. Unless there is a weakness somewhere and some tech company just happened to know the answer, put up their hand and said, no problem. How can you know the solution unless it is industry wide, or you study iphone for a living. I heard what may have been down is download the flash contents in to a simulator where they repeatedly attempted to crack the passcode - brute force.

According to this article, all data is AES256 encrypted through the DMA path and is based on keys that can't be read: Perhaps, a software hack to bypass the login? Beats me. I would assume that JTAG or programming headers would be disabled and only internal re-flashing would be available.

Hardware security features
..."Cryptographic operations are complex and can introduce performance or battery life problems if not designed and implemented with these priorities in mind. Every iOS device has a dedicated AES 256 crypto engine built into the DMA path between the flash storage and main system memory, making file encryption highly efficient.
The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID or GID as a key. Additionally, the Secure Enclave’s UID and GID can only be used by the AES engine dedicated to the Secure Enclave. The UIDs are unique to each device and are not recorded by Apple or any of its suppliers.
The GIDs are common to all processors in a class of devices (for example, all devices using the Apple A8 processor), and are used for non security-critical tasks such as when delivering system software during installation and restore. Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UIDs and GIDs are also not available via JTAG or other debugging interfaces.
The UID allows data to be cryptographically tied to a particular device. For example, the key hierarchy protecting the file system includes the UID, so if the memory chips are physically moved from one device to another, the files are inaccessible. The UID is not related to any other identifier on the device. Apart from the UID and GID, all other cryptographic keys are created by the system’s random number generator (RNG) using an algorithm based on CTR_DRBG. System entropy is generated from timing variations during boot, and additionally from interrupt timing once the device has booted. Keys generated inside the Secure Enclave use its true hardware random number generator based on multiple ring oscillators post
processed with CTR_DRBG.
Securely erasing saved keys is just as important as generating them. It’s especially challenging to do so on flash storage, where wear-leveling might mean multiple copies of data need to be erased. To address this issue, iOS devices include a feature dedicated to secure data erasure called Effaceable Storage. This feature accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level.

[Woodenhead]

- back up the effaceable storage section of the memory
- use its icloud backup (duh - but they buggered that one up like a 5 year old would)
- "de-capping"
- intercept wifi connection
- utilize already known vulnerabilities/"bugs" (many exist for various firmware versions - there's even a lock screen bypass bug for some IOS versions, lol) and/or proof of concept tools (any reputable tech university probably has a tool or two they could have used, ready to go)

there's a lot more, but those are the ones that should be simple and obvious to orgs like the FBI etc. It's all very average stuff to anyone just a bit more familiar with comp systems than your average IT guy at work. This is an area where the reality is dominated by endless technical jargon and minutiae; makes for a dull read so it's easier to bludgeon forums and facebook posts with typical blunt rhetoric. "but trrrstsss and mah money vs. privacy and potatoes durr hurr derpty derp!!!!"

[Dizzy1]

imo if they found information on that phone that could of prevented another attack , that has already happened , and or prevented them from catching someone since the act,they should charge apple under the treason act

Ludicrous.

[the truth]

ya who cares about doing all we can to catch terrorists,god forbid