SoylentNews is people
SoylentNews
from the so-simple-that-a-gov't-employee-could-do-it dept.
Russia Today reports
The US public doesn't need a Digital Security Commission; they need the FBI to stop deceiving everyone and tell the truth that it wants to spy on Americans, John McAfee, developer of the first commercial anti-virus program told RT's Ed Schultz.
[...] "The FBI wants Apple to change their software so that it removes the check for security, so that we don't check for security anymore. Once it has that software, they can use that software on any phone. But they say they only need it for one phone."
[...] "You need a hardware engineer and a [software] engineer. The hardware engineer takes the phone apart and copies the instruction set, which are the iOS and applications, and your memory. And then you run a program called a disassembler, which takes all the ones and zeros and gives you readable instructions. Then the coder sits down and he reads through. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your pad. It'll take half an hour. When you see that, then he reads the instructions for where in memory this secret code is stored. It is that trivial--a half an hour.
...The FBI knows this, Apple knows this."[...] "In either case, if they (the FBI) don't know, that is tragic; if they do know it, then they are deceiving the American public and Apple and everyone else by asking for a universal key."
Video
Do you see any flaws in McAffee's explanation?
Previous: Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones
Seems Like Everyone has an Opinion About Apple vs. the FBI
Update: TPP-Exposing Journalist Ed Schultz Lands on His Feet at RT
John McAfee Announces He Will Run For President of the United States
(Score: 5, Informative) by Gravis on Sunday March 06 2016, @05:00AM
i've done some embedded development and reverse engineering, so i'm qualified to at least say that his plan might work but only if Apple fucked up their software security implementation (which has been broken multiple times already). Apple did do one thing that was smart which is put in a dedicated core that is specifically for security. However, if Apple fucked up the hardware security, it could be accessible via JTAG (for hardware based debugging) which would be a near instant security fail and even easier than that John suggested.
HOWEVER, even if Apple managed not fuck up the software for a third time or the hardware at all, it's still trivial for them to get the info they need. Andrew Zonenberg, a Grad student versed in silicon reverse engineering wrote this up back in 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency) [blogspot.com]
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
(Score: 5, Funny) by Anonymous Coward on Sunday March 06 2016, @05:31AM
Given all of that, one thing is clear to me now: you and I have drastically different definitions of the word "trivial."
(Score: 2) by jasassin on Sunday March 06 2016, @06:36AM
Assuming an alphanumeric passphrase with symbols on the number row, that is 16 characters long... (assuming you have the 256bit AES key and uuid) how long would it take? I know it depends on the hardware you're using, so let's say you have the top supercomputer in the world (Tianhe-2, which means Milky Way-2, with a performance of 33.86 petaflop/s [quadrillions of calculations per second or Pflop/s] on the Linpack benchmark). How long would it take? Can someone do the math on that? I can't but I'm very curious.
jasassin@gmail.com GPG Key ID: 0x663EB663D1E7F223
(Score: 0) by Anonymous Coward on Sunday March 06 2016, @10:52AM
How long would it take? Can someone do the math on that? I can't but I'm very curious.
Let's see ... carry the 1 ... exactly 1/2 hour. Hey, McAfee was right!
(Score: 2) by inertnet on Sunday March 06 2016, @11:43AM
That's an interesting approach. But could it be possible without physically going into the chip, by scanning it with some kind of high definition x-ray device, something that can penetrate and make an image of the IC?