SoylentNews is people
SoylentNews
from the so-simple-that-a-gov't-employee-could-do-it dept.
Russia Today reports
The US public doesn't need a Digital Security Commission; they need the FBI to stop deceiving everyone and tell the truth that it wants to spy on Americans, John McAfee, developer of the first commercial anti-virus program told RT's Ed Schultz.
[...] "The FBI wants Apple to change their software so that it removes the check for security, so that we don't check for security anymore. Once it has that software, they can use that software on any phone. But they say they only need it for one phone."
[...] "You need a hardware engineer and a [software] engineer. The hardware engineer takes the phone apart and copies the instruction set, which are the iOS and applications, and your memory. And then you run a program called a disassembler, which takes all the ones and zeros and gives you readable instructions. Then the coder sits down and he reads through. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your pad. It'll take half an hour. When you see that, then he reads the instructions for where in memory this secret code is stored. It is that trivial--a half an hour.
...The FBI knows this, Apple knows this."[...] "In either case, if they (the FBI) don't know, that is tragic; if they do know it, then they are deceiving the American public and Apple and everyone else by asking for a universal key."
Video
Do you see any flaws in McAffee's explanation?
Previous: Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones
Seems Like Everyone has an Opinion About Apple vs. the FBI
Update: TPP-Exposing Journalist Ed Schultz Lands on His Feet at RT
John McAfee Announces He Will Run For President of the United States
(Score: 5, Insightful) by mth on Sunday March 06 2016, @04:15AM
While the approach McAfee outlined most likely won't work (I'd be very surprised if Apple stored the PIN rather than use it as input for a one-way function), I agree that the FBI could probably crack the phone.
If they can dump the flash (via JTAG or perhaps even via the update protocol), they could copy all the data to multiple new iPhones and brute force the PIN. They could even avoid having to do a full re-image of those phones by figuring out where the failed PIN entry counter is stored and resetting the counter when it is one attempt below the wipe limit.
The most benign explanation I can think of is that bureaucracy led to the wrong people being assigned to the project. A more cynical explanation would be that the FBI wants to (ab)use a terrorism case to set a precedent that manufacturers have to break encryption when asked to do so because the FBI is worried that they might not be able to crack future phones. Or perhaps they want a quicker way of cracking phones so they can afford to do it on more cases.
(Score: 1) by baldrick on Sunday March 06 2016, @05:15AM
Yes - I would have expected them to have copied the full data and run it in an emulator by now.
the FBI/CIA/NSA/CNTS must have the ability to do a raw dump of most of the popular smartphones
... I obey the Laws of Physics
(Score: 0) by Anonymous Coward on Sunday March 06 2016, @09:32AM
If you ask me, all of this is about trying to save face. Make things look like you could use the products of a US company without immediately becoming the bitch of the US gov.
(Score: 4, Insightful) by q.kontinuum on Sunday March 06 2016, @10:14AM
If they can dump the flash (via JTAG or perhaps even via the update protocol), they could copy all the data to multiple new iPhones and brute force the PIN.
Unlikely. The encryption/decryption key is most likely stored on a separate TPM chip and can't be reasonably copied. It would be decrypted by entering the right pin and then used to decrypt the flash.
In an insecure system the firmware of the device deletes the flash after N attempts. In a better system, the firmware deletes the encrypted key from the TPM chip. In an even better system, the TPM chip has a checksum of the decrypted key and deletes the key after N attempts within the TPM chip, with this part of the software of that chip being immutable.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 3, Insightful) by Anonymous Coward on Sunday March 06 2016, @11:00AM
You are correct.
The correct pin code and half of the larger (and more entropic) key to decrypt the drive are stored inside a security chip on the iPhone.
When the correct pin is entered the software is given the other half of the key and then it decrypts the device. McAfee is wrong, it's not called "instruction set". It's called "software", specifically "firmware". Once the phone's firmware image is obtained, you can change it all you want. You can even load in into a virtual machine / emulator on a super computer and try to brute force the drive encryption -- but you only have 1/2 of a large random key. That's what the FBI wants to avoid.
The FBI wants to bruteforce the pin code, since that will be significantly faster. It doesn't help them to brute force the pin code when not running on the device because the part of the key they're trying to unlock is not stored in firmware or software. The changes the FBI wants made to the firmware / software would be to not erase the keys after 10 wrong attempts. What McAfee is suggesting the changes to the firmware are trivial. This is correct. However, the changes made can not be re-uploaded to the phone, as McAfee assumes. The firmware / OS software is signed and any changes will then fail a fingerprint test.
The way the firmware is signed is that a hash of the payload is encrypted with an asymmetric public key, and the output stored right next to the hash. Only Apple (and probably the NSA, or CIA) has the private key that can sign a firmware payload.
The FBI is lying. Once they get their hands on a modified firmware that's signed, they can flash it onto any compatible device and crack the pincode in short order. However, the FBI is not lying in that they will permit the entire unlocking and cracking procedure to happen inside Apple, and the FBI only be given the device data. The FBI is correct that this would only affect one phone. However, it will set a legal precedent via which subsequent requests to judges will have them rubber stamping requests for Apple to perform the phone hack and turn the data over to the FBI.
Apple is protesting because this will force them to do a bunch of work for the FBI, and that's unconstitutional. Apple could avoid all of that work if they just hand over the modified and signed firmware for that phone. Apple's signing system is not as secure as it could be in that they do not generate a new signing key for each device. This would require each update to be signed uniquely for every phone they are installed on. So Apple just has one signing key for many devices and that means a hacked firmware is available to all.
In the future Apple will likely place the unlock counter into the security chip which has the key -- it would be trivial to make a 4 bit adder, and that chip already has a delete key feature...
What's fishy to me is that all the FBI had to do was take the phone into the environment it typically operated under, and it would have initiated a backup to "cloud" storage -- Except the FBI had the iCloud key changed to prevent this. So, they locked themselves out of the device, and they don't want to have to rely on the NSA to unlock the phone for them. Were I the judge I'd tell them, "Tough Titties, Ya Blew it! Get outta 'ere! Go make nice with your agency friends and stop harassing Apple."
(Score: 0, Disagree) by Anonymous Coward on Sunday March 06 2016, @05:24PM
First this....
Then...
I should stop there since you apparently think the digital key is stored in the magical fairy dust apple dusts under the touchscreen.
However this seems naive and highly speculative about the intentions and capabilities of the FBI
This entire discussion is stupid security theater (I have no proof, that is my opinion). The face is that securing your device with a 4 digit pin is token security. There is always a way to get engineer a work-around, as evidenced by the device deleting the keys after 10 attempts. With the correct equipment and reverse engineering you can hack the hardware and then trivially hack the 4 digit pin, as many many comments on this site and elsewhere have pointed out.
(Score: 0) by Anonymous Coward on Monday March 07 2016, @01:17AM
I should stop there since you apparently think the digital key is stored in the magical fairy dust apple dusts under the touchscreen.
The pin code isn't stored there. It's stored in a secure chip off the main CPU. This is covered in their security specification. The only way to get at the pincode without brute forcing it would be to peel off layers of silicon and hope that you don't destroy the keys in that chip in the process. You are legitimately a moron.
(Score: 0) by Anonymous Coward on Monday March 07 2016, @01:21AM
First this....
it's not called "instruction set".
Confirmed retarded. An instruction set is the set of instruction opcodes that a processor accepts. It is not the actual set of software for the device. By your logic "digits" and operations are algorithms. No, algorithms are made of many digits and operations but digits and operations themselves are not Algorithms. Algorithms are to software what digits and symbols are to an instruction set.