SoylentNews is people
SoylentNews
from the prosecutors-want-access-to-everything dept.
The New York Times features a joint (and very one sided) opinion piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes. They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large.
Except, there is no proof that having such a backdoor would conclusively allow them to solve the case and wouldn't require actual police work.
(Score: 4, Interesting) by jmorris on Wednesday August 12 2015, @06:26AM
Be careful what you wish for.... you might get it good and hard up the pooper. If they can really make a phone that can't be cracked then it is, pretty much by definition, equally capable of being unrootable and unjailbreakable too.
And does anyone really think Apple doesn't have a way to force an FOTA without user intervention? And if they can, then yes they could craft an update to null out the lock code and have that one handset be given that update when it checks in. Assuming of course that data is enabled, updates via data are enabled, Wifi is enabled and they know an AP it would automatically connect to, etc, etc.
Most phones are anything but secure though, even if they are locked. So some beefing up of security is probably a good thing. I'm still using a Tegra3 based LG Optimus 4X. Utterly insecure. Utterly.
Entryway #1 is where it gets rooted; the stock recovery is 'secured' in that it is RSA signed and and unless you have unlocked the bootloader it is proof from tampering. But you don't need to tamper. The damned thing will take a sideloaded update signed with the Android SDK TEST KEY. Game over. Yea it made getting root easy peasy but ANYBODY can read anything from the phone if they can send it a file signed with a widely published key and have it run as root.
Entryway #2 is less of a bungle but totally unpatchable. They let their blob.bin file escape and if you have looked at a Tegra you know that means game over. NVidia has a ROM in the die itself with a recovery/initial load program and all turning on the AES encyption means is you need that encrypted blob to get back in and you can read all of the partitions off the flash. Yes the bootloader is still encrypted but you can read out all of the other data. While it only recently leaked out to xda-developers raise your hand if you think law enforcement hasn't had that file for years.
People like us prevailed on LG to unlock the bootloader and they added it. But unless you have already rooted you have to do it their way and it involves a wipe so that isn't a new security flaw. So good on them.
(Score: 1, Informative) by Anonymous Coward on Wednesday August 12 2015, @06:31AM
If they can really make a phone that can't be cracked then it is, pretty much by definition, equally capable of being unrootable and unjailbreakable too.
What? The point is to put all the power in the hands of the user. That includes Free Software, or else it can't truly be trusted.
(Score: 2, Insightful) by Anonymous Coward on Wednesday August 12 2015, @07:12AM
If the manufacturer prevents you, who have paid them money for a device, from rooting/jailbreaking it, then you have paid good money for a device you are at most renting. Maybe that's all right, but you need to keep that in mind. The manufacturer ought to provide you with any and all encryption keys required to root the device should you choose to do so, perhaps with the usual caveats about warranties. Rooting should never have to involve the exploitation of a security flaw in the device!