McAfee Says He Lied About iPhone Hacking Method To Get Public Attention 171
blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."
Yes (Score:5, Insightful)
Re:Yes (Score:5, Insightful)
Translation from McAfeeSpeak:
"I made it all up to sound big, bad, and awesome... but now with the FBI really interested in doing just that, well..."
Re: (Score:3, Insightful)
Pretty much. I think McAfee is awesome and we've got a few things in common - including a love of South America (and I'll leave it at that). However, he's a lunatic. We might also have that in common but my shrink assures me that I'm sane.
At any rate... I've been earnestly asked why I'd not vote for him as president. At the time, I said (I was being polite) that I figured he should start with a lower office and demonstrate capability because he hadn't yet shown any capacity to be a politician. In hindsight,
Re:Yes (Score:5, Insightful)
That said. I trust him more than Donald Trump.
At least McAfee came clean and admitted that he had been lying instead of trying to perpetuate the lie and throwing insults at anyone who questions him.
Re: (Score:3)
Re: (Score:2)
At least McAfee came clean and admitted
That makes him unfit to hold office.
Re: (Score:2)
Re:Yes (Score:4, Insightful)
Re: (Score:3)
"Start with governor or some small State or Senate or something." Screw that.
John,
It's time to man-up and buy a South American island in a country you can pay off to secede. Invite other like minded individuals, make passports, do it right!
Some of us do understand (and even admire) the right to do and be as you care to, socially acceptable or not. Sounds a lot more sustainable and easier to keep the locals out of your pocket.
Re:Yes (Score:5, Informative)
Ayup. The only thing noteworthy about the earlier press was the fact that he was being taken seriously, despite pulling stunts along these lines for years. The guy wants the spotlight and yearns to be seen as relevant. That time is long-since past, if it was ever here at all.
Re: (Score:1)
Re: (Score:1)
Yes, because Americans have shown they have no problem voting for liars....
Re: (Score:2)
Bad operand types for binary operators. First type: string, second type string and integer.
Re: (Score:3)
data PublicityStrumpet = Trump | McAfee Integer ... }
instance Fractional PublicityStrumpet where {
Problem solved!
Re:Yes (Score:5, Funny)
Re:Yes or No? (Score:4, Informative)
I am surprised by how accepting the
On a less factious note: In the days when iPhones had exploitable boot loaders, one could boot a version IOS in RAM, that let you brute force the PIN as long as you wanted to without wiping the phone. On iPhone 4 it took about 29 minutes to try all 4-digit combinations from 0000 to 9999. (The default PIN length at the time)
The only two things stopping you today from still doing this is: 1) the lack of a known vulnerability in the boot loader, thus requiring your "Special IOS" to be signed by Apple; and 2) changes to the H/W crypto chip in new models that force longer and longer time outs before you can try another PIN.
Although retries get longer, I don't think there is any limit set, in hardware, on how many retries you can have (yet); that's still handled by IOS.
Re: (Score:3, Interesting)
On the newest iPhones (A7 processor and newer), the Secure Enclave enforces the rules. This is a coprocessor chip with code baked in during manufacture and is implicitly trusted. It also has the AES-256 algorithm and key that protects the storage. The key is locked in the silicon with no way to extract it; the chip manufacturer doesn't keep it and Apple never has it. In order to access the encrypted storage, the request must pass through the SE. The class keys that are used are derived from the baked-i
Re:Yes or No? (Score:5, Informative)
Therefore, a change to iOS is capable of altering the 10-strikes rule on their devices, and that's what the FBI is asking Apple to do.
Yes. Except one thing.
Loading a recovery image requires putting the device in *Recovery Mode*, and that's a hardware DFU mode whereby you talk to a small piece of firmware whose only job is to overwrite the Flash contents.
It doesn't load shit into RAM and run it in order to overwrite the flash contents while preserving data: it's a *RECOVERY* mode, not an *UPDATE* mode. It's what you do as a last resort, assuming you backed your crap up to the iCloud, because if you didn't, that shit is *gone*.
To do an *UPDATE* without overwriting the user data portion of the flash contents, you talk to the *ptpd*, which implements the DFU protocol at a higher level, in user space. How do you do that? Well, first, you have to make the ptpd willing to talk to you (or iTunes). How you you do that?
You UNLOCK the frigging phone.
So to load the image that the FBI wants Apple to write for them, and then to load, you'd have to unlock the phone to enable you to unlock the phone.
Cluebat here. Knock knock knock... is that you, head? Yeah, there's two DFU implementations in the iPhone. What? You didn't know that? Well now you do. Yeah. Yeah. We can write the image you want us to write, and then we can load it onto the iPhone, but to do that, it will wipe out the very data you seek. What? No, we can't make monkeys fly out our ass... I think you are confusing us with Jim Carrey in that movie "Bruce Almighty".
People really do not understand technology... especially technology designed to prevent exactly the type of thing the FBI wants done.
Re: (Score:2)
The FBI's request relies on there being some as yet undisclosed security flaw which would enable Apple to load the software into memory on the iPhone and execute it from there. Your claim of impossibility relies on there being no security flaw (currently undisclosed, or even currently *unknown*) that would enable such.
The current Jailbreaks for that model and later are *tethered* jailbreaks. This means that the iPone must be *unlocked*.
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
When the CPUs were revis
Re: (Score:2)
Earlier jailbreaks, including the "game over" jailbreak used by redsn0w, were based on the fact that it was a Samsung chip with a known firmware bootloader flaw. When it was checking the cryptographic signature on the boot loader that would load the rest of the OS, you could buffer overflow the cryptographic check itself, and cause the execution of arbitrary code.
BTW: To do this, you *STILL* had to overwrite the bootloader itself in Flash. And the way that NAND flash works is you reset a block to all 1's (and it has to be the entire block), and then write 0's out where you don't want 1's. So all you have to do is put a TEA sum and the 10 count in the bootloader block, and even with the hardware DFU mode, you've screwed the ability to do an untethered jailbreak, unless they wrote an entire new bootloader. Not that this iPhone model has that flaw in the first place
Re: (Score:2)
Can't they just pull out the hard drive and brute force it?
How much time have you got, because you are talking a 256 bit AES key that uses a UUID in the processor and a GID for the device model and a PIN from the user to generate there... You can fake the GID, but good luck on that whole UUID thing... you left that behind when you pulled the flash chip out of the device that had the processor the UUID lives in.
Re: (Score:3)
No. Brute force has limits.
The storage is in Flash RAM, not a hard drive, but they can probably get a copy of the encrypted data. That's not a problem.
What is a problem is that AES-256 has no known weaknesses for this kind of situation. AES-256 in this case means the key is exactly one random number between 0 and 2 to the 256th power (2^256). That's not just a big number, that's a mind-blowingly big number. kIf every molecule in the entire universe was an advanced supercomputer capable of testing a billi
McAffee admits he did something to get attention (Score:4, Insightful)
Re:McAffee admits he did something to get attentio (Score:5, Informative)
He is trying to get attention by being honest? That's brand new it seems.
Re: (Score:2)
Re:McAffee admits he did something to get attentio (Score:5, Insightful)
He is trying to get attention by being honest? That's brand new it seems.
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
Re: (Score:2)
He is being honest about being dishonest!? Is that a redeeming attribute? - confused-
No, that simply makes you an incompetent liar.
Re: (Score:2)
Which puts him on par with all the other people running for president. Anyone seeking the US presidency should by default be disqualified and thoroughly investigated by the IRS, and the FBI.
Re: (Score:2)
Better than getting it by killing his neighbors.
Re: (Score:3)
Aside from outright admitting it, what else is new?
At least he didn't kill anyone this time.
We hope
Douche (Score:2)
But we already knew that.
President (Score:2, Informative)
He should run for president if he is willing to lie so blatantly. Oh, looks like he already is.
Re:President (Score:5, Informative)
The big difference between him and most politicians is that he's willing to admit when he's lying. Someone like a Trump or a Clinton would just say that they were just being "misunderstood", or that the media "took them out of context".
Re:President (Score:4, Insightful)
Clinton - and most other politicians - claim to be "misunderstood", "taken out of context", or issue insincere apologies when they are called on outright lying. (As opposed to just twisting the truth.) Trump, on the other hand, doesn't seem to care if he lies or tells the truth. When he's caught on lying (e.g. saying he saw thousands of Americans celebrating on 9-11 as the towers came down), he doubles down and insists it's true because he says it is. If he says the sky is green with pink polka dots, it doesn't matter how often you point to the blue sky above you or show him photos, he'll keep insisting it is. For someone who claims to not be a politician, he out-politicians the politicians. (And that's not meant as a compliment.)
Re: (Score:2)
Trump, on the other hand, doesn't seem to care if he lies or tells the truth. When he's caught on lying (e.g. saying he saw thousands of Americans celebrating on 9-11 as the towers came down), he doubles down and insists it's true because he says it is. If he says the sky is green with pink polka dots, it doesn't matter how often you point to the blue sky above you or show him photos, he'll keep insisting it is. For someone who claims to not be a politician, he out-politicians the politicians. (And that's not meant as a compliment.)
He's a Narcissist. One of the hallmarks of someone with a Narcissistic personality disorder is that when they make a mistake, it's not their fault, it's the fault of the people around them. They make pretty good door-to-door salesmen since they don't take rejection personally. After all, if you reject their offer, it's YOUR fault for being stupid enough to reject them. Not their fault for selling a crappy product.
A Narcissist is very good at projecting confidence, regardless of whether that confidence is ba
Re: (Score:2)
Well, technically "New Jersey" and "overseas" are not always contradictory. /s
Re: (Score:1)
He hasn't admitted to lying about murder
Re: (Score:3)
Re: (Score:2)
This practice is referred to as "drumpfing." Or at least, it should be.
Comment removed (Score:5, Insightful)
Re:So, he's a lying asshole... (Score:5, Funny)
We expect politicians to lie. Geeks, not so much (well, unless they're also vendors, but...)
Re:So, he's a lying asshole... (Score:4, Insightful)
Re:So, he's a lying asshole... (Score:5, Informative)
It's John McAfee. Okay, so maybe it was believable; but if you're honestly surprised by the follow-up, you haven't been paying attention. This is a guy who posted a video on Youtube where he talked about banging underaged girls and smoked a bunch of meth.
McAfee isn't out to defraud people; he's just out to be a loud caricature. I'm sure some day he'll say something serious in a sensational and ridiculous way; I'm equally sure he'll keep saying things that sound serious and then turn out to be just noise, because that's what he does now. He doesn't get attention because people believe him; he gets attention because he's interposed himself into a situation and drawn attention to himself, and we all recognize the act. You *can* play off that act honestly, but it's not a requirement.
Re: (Score:1)
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
Do NOT put Sanders in the same category as Hillary Clinton.
Hell, I don't agree with Trump but even he's not the untrustworthy pathological lying sack of shit that Hillary Clinton is.
Re: (Score:2)
Re:So, he's a lying [bleep]hole... (Score:2)
Bet: If Ted and Marco are honest, I'll install Windows 10.
Re: (Score:2)
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
They're experts at selling the lie.
McAfee is an amateur in comparison.
Re: (Score:2)
Can't understand why he's not as popular as Trump, Sanders, or Clinton. He's doing the same things they are!
-jcr
He admitted he was lying. Not only is that not the same thing as Trump Sanders or Clinton, but that's an outright assault on the character of the public office itself.
Re: (Score:2)
How the FUCK can you put Sanders into the same category as Trump or even Hillary when it comes to honesty!?
They're politicians.
A varan might be different from a crocodile and an alligator, but you still don't want to hand your baby over for a kiss.
Re: (Score:2)
impossible (Score:2, Insightful)
A narcissistic jerk lying for attention? What is this world coming to? Next up we'll hear that some useless Hollywood slut has publicly posted nudes to get in the headlines again!
McAfee Says He Lied About iPhone Hacking Method To (Score:3)
No. Shit.
Shocked (Score:5, Funny)
Re: (Score:2)
Maybe he's lying about lying to get attention (Score:5, Funny)
My faith in humanity is RUINED! RUINED I say! (Score:3, Funny)
If I can't believe everything John McAfee says, there's no point in living!
Re: (Score:1)
He once said that the anti-virus software that currently bears his name is crap, so he's not wrong all the time.
News for ... nerds? (Score:3)
Now, if you were *really* going to be a genius at getting in a snarky comment to make yourself seem intelligent, you'd go back in time to the article where his now-disavowed claims were originally covered, and you'd post all about how you know it's a lie from the outset, rather than boost yourself up in hindsight.
Re: (Score:3)
Err... I actually remember the Slashdot thread. Other than some who haven't got a clue or refuse to get a clue, everyone that opined said he was full of shit. I think my dog even farted upon hearing the news. I believe that the majority even speculated that he was saying it for attention.
So, you might be right? People might want to refer back to the original thread and point out that they were witty and just knew it was a hoax, and for attention, all along. Of course, that'd not be much better than me specu
He can't even get the pronunciation of his own nam (Score:5, Informative)
Mc-Afee not MAC-A-fee
Re: (Score:2)
That's right. I pronounce my name as "Supreme Ruler of the Universe and Beyond, bow when You Gaze Upon Me" and anyone who pronounces it as "David" is wrong!
me, I'm going with "Max Power" (Score:2)
[*] curses, foiled again by
Now hold on a minute. (Score:3)
Re: (Score:2)
That iPhone might be infected with the Michelangelo virus.
hack the planet
Re: (Score:2)
In other news... (Score:2)
Re: (Score:2)
He's probably surprised people take him seriously (Score:1)
How to uninstall McAfee [youtube.com]
Called it (Score:2)
Called it [slashdot.org]
I thought McAfee's position was more along the lines of "Look at me! Look at me!" with the idea that he could say any old shit, get the attention he craves and then not have to deliver anything as no-one in their right mind would let him near that phone.
Not that it was particular hard to call.
Re: (Score:2, Informative)
Congratulations! Here is your prize: A big, shiny trophy [goatse.info]
So his coders are shit must be why the software is (Score:2)
So his coders are shit must be why the software is so slow.
Re: (Score:2)
Adobe writes the shit software, and they own the trademark. He disavowed their software a long time ago and has nothing to do with making it.
What he really got, (Score:2)
was "a batshitload of public attention".
it's not personal attention that he wants (Score:5, Interesting)
he's trying to bring attention to the issue, that the FBI is trying to fool everyone into thinking they cannot crack an iphone.
“That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
“So I come up with something sensational,” he continued. “Now, what I did not lie about was my ability to crack the iPhone." ...
Later in the interview, McAfee described his method, which involves “decapping” the phone’s processor and acquiring the device’s unique identifier (UID), that may allow someone to brute force the phone’s password
he's not wrong either. a grad student explained this in a blog post from October 2014.
Why Apple's iPhone encryption won't stop NSA (or any other intelligence agency) [blogspot.com]
excerpt from the post:
If Apple did their job properly, however, the UID (device encryption key) is completely inaccessible to software and is locked up in some kind of on-die hardware security module (HSM). This means that even if Eve is able to execute arbitrary code on the device while it is locked, she must bruteforce the passcode on the device itself - a very slow and time-consuming process.
In this case, an attacker may still be able to execute an invasive physical attack. By depackaging the SoC, etching or polishing down to the polysilicon layer, and looking at the surface of the die with an electron microscope the fuse bits can be located and read directly off the surface of the silicon.
Since the key is physically burned into the IC, once power is removed from the phone there's no practical way for any kind of self-destruct to erase it. Although this would require a reasonably well-equipped attacker, I'm pretty confident based on my previous experience that I could do it myself, with equipment available to me at school, if I had a couple of phones to destructively analyze and a few tens of thousands of dollars to spend on lab time. This is pocket change for an intelligence agency.
Once the UID is extracted, and the encrypted disk contents dumped from the flash chips, an offline bruteforce using GPUs, FPGAs, or ASICs could be used to recover the key in a fairly short time.
Re: (Score:2)
Re: (Score:3)
the whole point of the FBI query is so they can maintain a legal chain of evidence in extracting the data. Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Cite?
I see absolutely no reason that disassembling the hardware breaks the chain of evidence. Said disassembly just has to be done by experts who will testify to the steps they used to extract the data and that the device was not out of their control. The NSA might not want to testify to the means used, I suppose, but I don't see why not because this is a really straightforward process. It requires specialized skills and tools, but nothing not present in many university research labs.
1. Remove the flash
Re: (Score:2)
That problem has existed for as long as it's been possible to bear false witness. It's been such a pervasive problem that it's been codified into laws since we put them to tablet and papyrus. Just because you can *also* do it with the contents of a flash drive doesn't make it anything new.
Re: (Score:2)
How do you prove that the evidence was not altered if the original is destructed?
Testing a DNA sample is also destructive, as are many other forensic tests. The key is that you have a disinterested technician performing the analysis, documenting each step in the process, and later testifying about it. If necessary, you can also keep recordings of the whole process, and subject those to chain-of-custody rules. If you really, really want to be careful, you allow the defense to provide their own expert witness who observes the entire process.
In addition, the process I described specifica
Re: (Score:2)
Everyone KNOWS the NSA can crack this by disassembling the hardware, but that method is not admissible in court.
Why wouldn't it be? Here's a process that should allow any untrustworthy idiot to crack the phone while having no risk of false data:
1) Copy the hard drive, being careful to maintain chain of custody
2) Let random untrustworthy person crack the phone
3) Use decryption key to decrypt copy of hard drive from evidence locker
Re: (Score:2)
You can check that the results are correct; that is even better than proving the method you used to get the results are sufficiently accurate or repeatable.
It's not a lie (Score:2)
What exactly did he lie about? (Score:2)
I'm confused. From the stories, he claimed to able to crack the iPhone without Apple's help. Then he said he lied about that. But then reaffirmed that his people would be able to crack the iPhone.
What am I missing?
The search for Trump's running mate is over (Score:1)
Admittedly Scar, Pennywise, or Joffrey Baratheon would better fill in the gaps in Trump's "skills", but they're all dead....and also fictional, though that distinction doesn't seem to stop the Trump train.
I don't buy it (Score:2)
In good company! (Score:3)
Apple's only way out is to change their system so that what the FBI is asking for is impossible from here forward.
So it has come to this (Score:2)
Oh I have to hang my head in mourning. It sure is a sad day.
McAfee is now as useful and trustworthy as the product carrying his name.
Begs the question... (Score:2)
Lying to get attention? (Score:2)
No way! (Score:2)
The guy who said he was going to break in via social engineering when the only people who know the passcode are dead was lying? Wow. Never saw that coming.
He's just trying to save face (Score:2)
I think that he did think he knew how to break into an iPhone. But then after his interview, he found out that breaking into a modern mobile device is not the same as breaking into a computer back in the 80s and 90s, so he's just trying to save face.
Don't worry : (Score:1)
Nobody believed a word of it ^_^
RTFA, the slash story is 100% wrong (Score:2)
He says he simplified the method so a stupid reporter could understand some of it.
So, no more valueless posts about him then? (Score:2)
Imagine if (Score:2)
... the press stopped reporting the shit said by people that have been busted lying publicly.
This makes Cringeley look stupid (Score:1)
Re: And much like Donald Trump... (Score:2)
why people would put their faith in him in the fucking first place
He's an eccentric, deviant asshole in a very refreshing sort of way and his talking points appeal to critical thinking (as opposed to Trump's, which are clearly right out of Mein Kampf)...
you know, 'cuz he's KOOK KOO... (Score:2)
Knowing McAfee, it would probably be in his hot tub.
Re: (Score:2)
Re: (Score:2)