Apple Tells US Judge It's 'Impossible' To Break Through Locks On New iPhones (reuters.com) 225
An anonymous reader writes: Apple told a U.S. judge that accessing data stored on a locked iPhone would be "impossible" with devices using its latest operating system, but the company has the "technical ability" to help law enforcement unlock older phones. Apple's position was laid out in a brief filed late Monday, after a federal magistrate judge in Brooklyn, New York, sought its input as he weighed a U.S. Justice Department request to force the company to help authorities access a seized iPhone during an investigation. In court papers, Apple said that for the 90 percent of its devices running iOS 8 or higher, granting the Justice Department's request "would be impossible to perform" after it strengthened encryption methods.
Sounds like (Score:5, Insightful)
Re: (Score:2)
Sounds like a challenge!
Not really. It is not hard to break, just not something they want to, or can do automatically. So yes there is no easy way of doing, so it is "impossible"...
Re: (Score:2)
You know of a way of breaking AES encryption?
Weird. It's almost as if the very basic principles of encryption went flying right over your head...
Clue: The WD hard drives mentioned in the story below this one are encrypted using AES.
http://it.slashdot.org/story/1... [slashdot.org]
Re: (Score:2)
Re: (Score:2)
Doesn't matter if it's encrypted. There are only 10,000 four-digit PIN combinations, and iPhones don't self-destruct after a certain number of tries. Pretty easy to brute force it.
Encryption is a necessary but not sufficient condition for security.
Even if it did self-destruct, that wouldn't help. You wouldn't bruteforce on a live device, you do it offline.
Re: (Score:3)
Even if it did self-destruct, that wouldn't help. You wouldn't bruteforce on a live device, you do it offline.
You would, if you could. But the unlocking requires the presence of the particular processor on that phone, it doesn't work offline. Even with iOS7 devices, Apple could never unlock without the actual complete device.
Re: (Score:3, Informative)
Doesn't matter if it's encrypted. There are only 10,000 four-digit PIN combinations, and iPhones don't self-destruct after a certain number of tries. Pretty easy to brute force it.
Encryption is a necessary but not sufficient condition for security.
Apple recently moved to six-digit codes minimum for all phones, by default. With the presence of finger reader this is not much of an issue.
You can reduce or increase the security requirements of the passcode, but that is a personal choice.
Ref: https://support.apple.com/en-g... [apple.com]
Re: (Score:2, Informative)
Everybody things biometric ("fingerprint") security is everything! A fingerprint is one of the easiest thing for an attacker to obtain -- we leave them on everything we touch. It's a trivial matter to reproduce to the degree required by those cheap sensors. (Mythbusters did this years ago with a simple thumb scanner door lock. I've done the same with the optical scanner on many laptops -- without having to lick the paper, even.)
Re: (Score:3)
My phone locks out after 10 wrong attempts and needs to be restored. This is a setting in iOS.
Re: (Score:2)
You know of a way of breaking AES encryption?
I know a way to break any encryption based on a password, passphrase, pincode or fingerprint, it is called brute-force, with normal length passwords and pin-codes it is even doable in a reasonable timescale. Of course Apple is under no obligation to do hacking on behalf of the court system, so they can honestly say they have no way of bypassing the encryption, all they can do is assist in brute forcing it.
Re:Sounds like (Score:5, Informative)
Additionaly the root keys are only held in the co-prossesor and co-mingled with a UID (which even apple doesn't know) as well as the password. You can't begin a dictionary or pin attack without pulling out that UID (and cosidering the co-proccessor is running L4, the only way I know to do it is use nano-meter scale probes to spy on the hardware as it operates. The root of the file-system is encrypted by a key held only in the security co-processor, and the comingled password is used in a sort of chain of trust with the hardware key to secure file-metadata and per-file encyprion keys.
The firmware is designed to resist brute force, and apple fixes every known vulnerability to brute-force it discovers. The update mechanism requires the user password and cannot be rolled back to a prior vulnerable version, So apple can't provide a targeted device update to enable brute-forceing. At best the forensic team will have to sit on the device and hope a new vulnerability is discovered, and hope the data erase after 10 failed attempts was not enabled by the user.
https://www.apple.com/business... [apple.com]
Re: (Score:2)
and this, my dear fellow slashdotters, is why we need more platforms. we NEED people to run windows phones, blackberries with neutrinoOS, android with enforcing selinux, ubuntu phones with tight apparmor, ios with integrated lawyers, tizen with something else, etc.. we all know about eggs and baskets. apps should be written in some stupid interpreted javascript crap that works on all platforms, run preferably in containers/jails/zones/whatever.
Re: (Score:2)
Simple.
1. Remove the flash.
2. Mount it with a non Apple device.
3. Run a dictionary attack on the password.
With the right equipment, it would only take a few hours depending on the complexity of the user's password.
Am I missing something?
Re: Sounds like (Score:3, Informative)
Yes, the security processor handles the passwords, the flash is encrypted with a sufficiently long symmetric key, brute force will take longer theoretically than the heat death of the universe, though every few years it seems to halve. The better attack is against the keychain in the active device. Depending on whether the user updated to a longer pin, then only a few days. But if they did enable a passphrase, then no, back to very long time beyond usefulness to LEOs, assuming they didn't choose correct-hor
Re:Sounds like (Score:5, Informative)
Yep. Starting with the iPhone 4, the flash media is encrypted with a key held in the device memory. That key is encrypted with the device UID key, the user's PIN (if enabled), and an instance key. The encryption key is changed when you select "Clear and Delete Everything" (it throws away the key and generates a new one, and re-encrypts it).
Moving the flash chip to a new device means you lack the per-device key which makes the flash inaccessible.
It's a fairly sophisticated system and short of implementation flaws, it's unbreakable.
Re: (Score:3)
Simple.
1. Remove the flash.
2. Mount it with a non Apple device.
3. Run a dictionary attack on the password.
With the right equipment, it would only take a few hours depending on the complexity of the user's password.
Am I missing something?
Yes you are missing a lot.
https://www.apple.com/business... [apple.com]
https://developer.apple.com/li... [apple.com]
Apple has done a lot of work to improve their systems.
So has Microsoft, FWIW.
It was public knowledge even before the breach at Sony that system failures and
the naive use of systems by customers would prove to be trouble. Those without
their head up their exit port could read the writing on the wall.
Another less discussed topic is IPv6 and the internet of things.
Some minimum safety existed behind home NAT but with IPv
Re:Sounds like (Score:5, Interesting)
I see this as a marked strengthening of Apple's platform. If truly not even Apple can unlock or decrypt the phones, then that's a huge benefit to using the platform.
Of course this reminds one of TFA from last week, where it was claimed that the NSA had made some sort of computing breakthrough and could decrypt even standards that are thought to be secure today.
Re: (Score:3)
Sure. Assuming they're doing it right then your phone is secure. At least so long as you don't install that new Upset Walruses game making the rounds that includes a discrete monitoring component that harvests everything you do on the phone, credentials included. Or contract any virus or worm with a similar payload.
Still, a huge step forward from the historic state of affairs - at least if someone wants to spy on you they have to be proactive about it.
Re: (Score:2)
And you cannot "root" it either... because you don't know how, doesn't mean someone else hasn't figured it out.
Re: (Score:3)
Either that or they're just trying to sell you a new phone
Among the list of items most users seek to get when upgrading their phone, I doubt being "NSA Proof" is in the top 10. After all, these are the same morons that wait for days in line hoping to be first to brag about getting the newest iPhone.
Re:Sounds like (Score:4, Insightful)
Every device that is capable of running iOS 8 is the iPhone 4S and greater...so pretty much 5 generations of devices. I doubt many people have a 5+ year old iPhone at this point. iPhone 4 and under account for 4% of the current iOS market share. (source: https://david-smith.org/iosver... [david-smith.org] )
I doubt that they are now using this as a gimmick to try and force people to upgrade to a new handset at this time.
Re: (Score:2)
It's not like Joe or Jane iPhone User can even tell you what this stuff is, let alone that they would make buying decisions based on it if they are still milking an iPhone 3G
That, Detective, is not the right question (Score:5, Insightful)
I'm not sure the judicial conviction of this one suspect is worth granting law enforcement the unfettered ability to deputize anyone, any time it's convenient.
Re: (Score:2, Informative)
Re: (Score:2)
[Engaging in evidence-gathering duties] is their duty when the court orders it so as part of evidence gathering. Law 101, dude.
No, it is not. There's a big difference between providing information they have, which is their legal duty, and gathering information that they wouldn't otherwise have, which is not their legal duty. That's why plea bargains that provide immunity are a thing: they can't order you to do their job for them, but they can provide strong incentives for you to do so.
Re: (Score:2)
I'm curious if the headline is the exact wording used by apple (unlikely) as it implies there may be an access method that was built in. The encryption wouldn't be broken then.
It probably applies to pre-iOS 8 devices where data protection/whole system encryption wasn't enabled by default but the device is locked by a passcode. IIRC, iOS 8 did more than just enable data protection by default, I think some kinds of changes were made to strengthen the data protection process.
Apple are probably referring not just to whole device encryption but weaknesses in pre-8 encryption processes that allow them to extract decryption keys.
Re:That, Detective, is not the right question (Score:5, Insightful)
Because, apparently, it is now "un-American", or straight up illegal, for private companies to NOT be part of the spy apparatus.
So, either you accept the provisions of stuff like the PATRIOT Act which says every company is required to participate and keep it secret ... or you have to somehow get a court to overturn that (or have the lawmakers repeal it).
But, make no mistake about it, in the present situation, spying is a given, the requirement for corporations to help is real, and the expectation that making something you can't help them break into is just helping terrorists.
So, yes, this may not the be the right question. The problem is to whom are you supposed to ask the right question?
Because apparently most Americans now accept this crap as perfectly normal, and have fully embraced that if you have nothing to hide you have nothing to fear.
The cope creep of national security and terrorism to common day to day crimes was inevitable. And now law enforcement expects to bypass any legal controls, and get what they wish because they want it.
Papers please, comrade. That particular cat has been out of the bag for a while.
Re: (Score:2)
This is the exact reason why Apple made changes to their encryption and is actively fighting it.
Are any other phone companies doing the same?
Re:That, Detective, is not the right question (Score:4, Insightful)
you sucker. Do you have any evidence to support your position? Apple moves only to make money. The "apple ecosystem" and the efforts they make to prevent jailbreaking are proof positive that their only ethic is more profit. You've been trolled by dirty capitalists.
Of course. But if they want to sell to non-US users having encryption that actually protects privacy might be a plus. We care just as much if not more than Americans, particularly since we got fuck all legal recourse if the NSA decides that all my data belongs to them. Nobody expects Apple to be doing it out of the goodness of their heart, they're doing it because it's good business. And now that the cat is out of the bag, if the US tries to push an official government backdoor that's fine with me because it won't sell in the rest of the world. It only worked as long as it was a secret and now it's not.
Re: (Score:2)
So, either you accept the provisions of stuff like the PATRIOT Act which says every company is required to participate and keep it secret ... or you have to somehow get a court to overturn that (or have the lawmakers repeal it).
But, make no mistake about it, in the present situation, spying is a given, the requirement for corporations to help is real, and the expectation that making something you can't help them break into is just helping terrorists.
I remember Mr. Comey on TV saying as much. He certainly has made it clear that he does not think a lock the FBI can't open should be permissible.
We also know patriot act requires production of "any tangible thing" as if the "third party doctrine" did not already.
Yet there is a difference between being compelled to assist with opening a lock or providing information to advance a specific "investigation" vs being ordered by government not to produce a lock that can't be opened in the first place. The author
Re: (Score:2)
Because apparently most Americans now accept this crap as perfectly normal, and have fully embraced that if you have nothing to hide you have nothing to fear.
That's because they either don't care enough or they don't understand the issue. Most tech savvy people understand what power comes with access information. I'm willing to trust the authorities within reason but I will protect my data just in case.
I've said this before and I still stand by this belief that the user should have the right to protect his data. Should this person be in a position where access to the data can prove him innocent OR guilty, he should have to provide access to the data with the ris
Re: (Score:2)
You seem to be under the illusion they care what either SCOTUS has said, or what the Constitution says.
I'm not entirely sure that's true any more.
Law enforcement increasingly doesn't know, or doesn't care what the law and the courts have said. They just want whatever is expedient.
There's just far too many examples of them completely ignoring stuff to believe they still care about what is strictly legal. They seem to think legal is whatever they say it is.
Re: (Score:2)
You act like this is new - it's not. Law enforcement has always worked like this.
We have checks and balances (Police balanced by courts balanced by legislatures) for this problem.
Re: (Score:2)
I typically am opposed to Apple's way of doing business. This action I applaud. As many commenters have already stated, "Impossible" is not possible when it comes to hacking BUT for Apple to rebuke the USGOV in saying they can't is a great example to set.
That being said: It's also entirely likely that they are making a big show of saying no while quietly working with the man behind the scenes. "It's way better for the public to think we can't do this and helps us sell iDevices but here's the magic tool you
Re: (Score:2)
Of course, I recognize the convenience of my belief system; as, if there are no corporations on the side of privacy in a Corporatocracy, we are truly SOL.
Re: (Score:2)
It was in the past. For example, the phone companies (well, phone company initially) set up their networks to make it easier for law enforcement to wiretap if they showed up with a warrant.
But given recent publicity about NSA data collection, all of that public trust and goodwill is probably gone now.* I don't think playing the "Apple is being a bad corporate citizen!" card
Re: (Score:2)
Do you suppose anyone's left employed in public relations at the NSA?
Re: (Score:2)
Yes, it is.. if you point your gun at their face and say "do my job, or else." It can be anyone's obligation to do anyone else's job.
There is no theoretical upper bound to power. There's only the question of how much power you have so far. And right now, 99% of American voters think the government does not yet have nearly enough power, and we all need to do much more to give more of our power to them.
Pointing a gun at someone does not obligate them to do anything. It's a threat, but the one being threatened does not have to acquiesce. They can choose to not obey and call the bluff. It may cost them their life, but there is still no obligation.
Bad guys (Score:4, Insightful)
This is what encryption is for. Keeping data from the bad guys.
Re: (Score:3)
This is what encryption is for. Keeping data from the bad guys.
So, it has come to this. Law Enforcement are now the bad guys. I'm not saying I disagree (at least not in all contexts), but it is a sad state of affairs in a once promising nation.
Re: (Score:2)
Frankly, law enforcement did this to themselves.
No pity here.
Cue new legislation in 3...2... (Score:2)
Introducing the "Mom, Freedom, and Apple Pie Anti-Terrorist Act of 2015," that requires that all phone manufacturers build in government approved backdoors into every phone. And after a few Democrats and Rand Paul pretend to object to it, and briefly pretend to stand up against it, it will be approved by Congress with a unanimous vote and signed by the President (who will also pretend to give a flying fuck about privacy concerns by pinkie-swearing that it won't be abused).
Re: (Score:2)
So what government gets to control the backdoor on my phone?
Re: (Score:2)
All of them? At the very least, with data sharing agreements they'll all get access to it.
Are you still laboring under the illusion pretty much all the governments are colluding to fuck over their citizens rights?
Re: (Score:2)
Re: (Score:3)
Yes sure, you can enroll an iOS device in MDM and then send it an unlock command. The end-user has to agree and approve this first of all of course.
Apple have built the system so that it is immune to a direct unlock. Apple and Microsoft have been giving clear signals that they no longer want to be stuck in the middle of international legal / court disputes requiring them to unlock under court order. So they've re-engineered their encryption and unlock protocols so that they no longer hold any master keys
Re: (Score:2)
That would realy depend if it was running or not. If it was fully powered down it needs credentials to decrypt the storage and finish booting (I am assuming they are similar to android devices). If it's powered up and connected to even wifi what's stopping it from getting a remote wipe command?
RF shielding is fairly easy, they make evidence collection bags for just this purpose they even keep the phone charged. Both major OS's have build in remote wipe capabilities. So you would need the carrier and the
Re: (Score:2)
Re: (Score:2)
These sort of countdown clocks exist for other things. It would be extremely hard to fully implement as an app, they simple dont have the access. It might be able to erase a sdcard but not the rest.
Re: (Score:2)
There's two flaws here. 1: When your device is encrypted on KitKat and below, you must enter the decryption password to boot. So no remote access unless the device is already running (which it probably is, but still). I don't know if Lollipop and above are different since I keep encryption off in favor of speed. 2. You can install all the apps you want remotely, but they must be launched by the user at least once before they can start running any background processes. There was an exploit in Android 2.1 and
Re: (Score:2)
There's two flaws here. 1: When your device is encrypted on KitKat and below, you must enter the decryption password to boot. So no remote access unless the device is already running (which it probably is, but still). I don't know if Lollipop and above are different since I keep encryption off in favor of speed.
The same is true on Lollipop and Marshmallow. Note that on KitKat and below, breaking the device decryption is not terribly hard, since most user passwords are weak, for convenience. What you do is:
1. Access the flash directly. The easiest way is probably to desolder it from the device and pop it into another device.
2. Read the crypto footer on the data partition. This contains the disk encryption key (DEK), encrypted with a key encryption key (KEK) derived from your password with scrypt.
3. Brute force
Re: (Score:3)
On Android you can browse the Play Market on a desktop-browser and remotely install applications on your phone, with no confirmation or anything needed on the phone.
That only helps if apps can unlock the device. They can't on Android, and I see no reason why they'd be able to on iOS, either.
Re: (Score:2)
On iOS you have to unlock your phone before you sync with iTunes, so I don't think you can push an app over WIFI without knowing the passcode.
Re: (Score:2)
On iOS you have to unlock your phone before you sync with iTunes, so I don't think you can push an app over WIFI without knowing the passcode.
Unless the computer it is syncing with has previously synced with that iPhone. During the first access of the phone by a computer, the phone pops up a box asking if this computer should be trusted, and if the person selects yes, a cookie is exchanged. At a later time, if the phone is hooked to the same computer, because of the cookie it will automatically be allowed to access the phone's contents. This is one of the ways law enforcement uses to access seized phones, by also seizing the computer it syncs
"Impossible" for Apple (Score:5, Interesting)
It's a straight up application of Schneier's Law:
-- Bruce Schneier [schneier.com]
Someone [nsa.gov] might be able to break it, but if they can I doubt they'd talk about it.
Re: (Score:2)
I'm not sure they're denying that:
"In court papers, Apple said that for the 90 percent of its devices running iOS 8 or higher, granting the Justice Department's request "would be impossible to perform" after it strengthened encryption methods."
When the courts ask "can you provide us with the key for this device?", the answer isn't "yes, theoretically, we could, if we invested millions of dollars and years of effort, there's a possibility to crack it", the answer is "no, we are not able to."
Marketing (Score:3)
This sounds like a marketing scheme to get people to think:
"Oh nos! DOJ can break into my 'older phones' running 'iOS [7 or lower]'! Better buy the newest one!"
Re: (Score:2)
My biggest question (Score:2)
How does an Apple customer verify that the claim is true?
Can you prove that you aren't a pedofile? (Score:2)
nt
Re: (Score:2)
In other news (Score:2)
In other news, the Department Of Homeland Security declares that Apple is now an "Enemy of the State", and will be moving to seize all of their assets.
Re: (Score:2)
That will be a day of great internal struggle for most /.'ers.
Re: (Score:2)
That will be a day of great internal struggle for most /.'ers.
Yes, but that will be offset by the news that DHS will also declare Microsoft to be an "Enemy of the State".
Re: (Score:2)
There is relatively little to seize in the US.
Lol, that's okay, they aren't really bound by that whole "homeland" thing.
If they need to they'll just tap the FBI or whoever to go after their assets, wherever they may be.
It isn't impossible... (Score:2)
Re: (Score:2)
Re: (Score:2)
2) Why they want to avoid compelling the owner to unlock the phone is not stated.
Because legally compelling someone doesn't mean that they will unlock it, just that they'll face further punishment if they don't unlock it.
Re: (Score:2, Informative)
Oh, and because it could fall under 5th amendment right to not incriminate yourself.
Unless you use the fingerprint lock... which courts have ruled [macrumors.com] isn't protected by the 5th.
Re: (Score:2, Informative)
In iOS 9 ( at least)you have to enter you passcode once every 48 hours even with finger print lock.
I have gone a weekend without entering the passcode and suddenly couldn't use my fingerprint anymore.
I wish this part was better documented because it then becomes trivially easy to hit the wall between mandatory unlock and the passcode timer.
Re: (Score:3)
Also you need the passcode upon booting. Simply reboot the phone before handing it over to the police.
Re: (Score:3)
Really think of Carrier IQ, think of its ability to capture everything you do from key presses to app usage to files, to log everything. That is still present on every handset
Except iPhones for the last ~4 years.
http://allthingsd.com/20111201... [allthingsd.com]
Re:Seized phone (Score:5, Funny)
Made in USA = backdoored, Snowden showed us that.
Lucky they're made in China then!
Re: Remember - Apple is a hardware company. (Score:5, Informative)
> do your homework
ha, at least read Apple's security whitepaper if you're going to tell other people to do so. Newer iPhones (5s and later) have trusted hardware - older ones don't, it's that simple. You need a certain OS level to use it effectively, obviously.
I don't even own any iOS devices and I know this. It's no crime to not stay advised of the market, but if you're going to castigate others you really need to be well-informed.
Re: (Score:3)
Don’t have Trusted Hardware? Hmm? In what way don’t older iPhones have trusted hardware?
Re: Remember - Apple is a hardware company. (Score:5, Informative)
Re: (Score:3)
Long story short, PIN codes and such aren't long enough to be cryptologically secure so if you can copy the state you can brute force it easily. So what happens is you have a trusted chip that takes a PIN on one end, returns the AES key to decrypt on the other end. This chip has a countdown so if you enter the wrong PIN too many times, it'll wipe the key. It's also tamper-proof so if you try to open up the chip and alter the countdown or read the key directly it'll self-destruct. Essentially Apple is using
Re: (Score:2)
Long story short, PIN codes and such aren't long enough to be cryptologically secure so if you can copy the state you can brute force it easily. So what happens is you have a trusted chip that takes a PIN on one end, returns the AES key to decrypt on the other end. This chip has a countdown so if you enter the wrong PIN too many times, it'll wipe the key. It's also tamper-proof so if you try to open up the chip and alter the countdown or read the key directly it'll self-destruct. Essentially Apple is using the same kind of chip as "Trusted Computing"/"Secure Boot" uses to protect the private keys, nobody is supposed to be able to be extract them.
It's not quite that good. Secure Enclave isn't a separate chip, and it's not tamper-reactive. Secure Enclave is Apple's application of ARM's TrustZone, which provides a secure virtual CPU. Everything runs on the main CPU, but in a mode that provides access to all of the hardware, while the normal OS is restricted in what it can access. For example, pages of memory can be marked secure, in which case the MMU will not allow the normal (non-secure) OS to access them.
Done right, TrustZone is invulnerable to s
Re: (Score:2)
The key here is "somewhat". I specifically recall an article about a guy using an electron microscope to retrieve information like this. It would be extremely hard to do for average people though, and Apple is well within its rights to tell the Judge that if he wants this information, he can pony up the several million dollars it would take to extract the key.
Or talk to the NSA, if it were a national security matter.
Re: (Score:2)
I specifically recall an article about a guy using an electron microscope to retrieve information like this.
Electron force microscopy is one way, but there are others, some that are much cheaper and more accessible. I may be giving a Black Hat talk next year about one of them, so I won't say any more for the moment :)
Re: (Score:2)
tell the Judge that if he wants this information, he can pony up the several million dollars it would take to extract the key.
Sorry, should have responded to this as well. Even if you do the EFM attack, it won't cost several million dollars. You can rent the time required on the necessary equipment for a few thousand dollars, at most. Many grad students could get it for free.
Re: (Score:2)
People have extracted key from "secure processors" via hardware probes, but it is very difficult especially on the newest-gen lithography
And the apple model provides more guarantees than that. It layers a pin-derived key and a generated on-chip key at different levels of the file system.
The Secure Boot protocol does not guarantee secure key storage and does not require a specialized chip to implement. It's strongly recommended you rely on hardware mechanisms to verify the firmware, but su
Re: (Score:2)
Re: Remember - Apple is a hardware company. (Score:4, Interesting)
And for convenience sake it only affects OLDER devices. Seriously, Troll? OS is software, Apple could patch it to a similar level of encryption, or better for the stock price - advise you to upgrade the hardware.
There is a military axiom about not defending indefensible positions. What would you have Apple do? Patch ancient 2nd and 3rd gen iPhones. Should Microsoft still be patching Windows 2000? Should Fedora still be patching FD12? And don't tell me that old phones being obsoleted because they are unable to run a new OS is some sinister plan by Apple to force users to buy new phones. I have a small pile of old Android phones and tablets that were orphaned (as in: Your device is incompatible with this version of Android) long before the end of their useful life because they could not handle the bloat of the new Android OS. Operating systems get upgraded, hardware becomes obsolete and some people do not bother to upgrade and that is a platform independent fact so if you want to rag on Apple try finding something better to complain about.
Re: (Score:3)
In most cases, if you root those devices there are third-party ROMS that can run much more recent versions of Android on them. No such pathway exists for apple users.
Re: Remember - Apple is a hardware company. (Score:3)
Which version of the Moto X? I've got a shiney new (released end of Aug. 2015) Moto X Play (not available in US)... I have been following an XDA Developers thread where they are putting together a CM12 build for it. Seems they were able to root and replace the bootloader quite easily.
Re: (Score:3)
Root what? Are you basing your view of an entire ecosystem on a single device from a single vendor? From what I've seen there hasn't been a single phone by Samsung, HTC, or from the official Nexus line that didn't have a root exploit (and in the case of some Nexus devices a written guide in Android's official docs of how to root).
Save for a few carrier specific variants, but that is only something that happens in the USA.
Re: (Score:2)
Re: Remember - Apple is a hardware company. (Score:5, Informative)
OS 9 - the current version runs on devices as old as the 4S. I believe the 4S was introduced in 2011. That's a lot longer than 2 years.
It doesn't matter when it was *introduced*, what matters is when it was *discontinued* -- because people were still buying them new up until that day.
The iphone 4 was discontinued in September 2013. That means, yes, ios9 was released before some iphone 4 users had their phones for 2 years.
And the iphone 4 wasn't eligible for ios8 either which was released a year ago.
So anyone who bought an iphone 4 in mid-late 2013 had support for their phone dropped within a few months of buying it.
Apple is pretty good about updates compared to most android vendors. But there is lots of room for improvement at Apple too.
Re: (Score:2)
I'll have to call you a troll. I have an iPhone 4S since 2011 and it runs iOS9 just fine. Sure, there is some lag here and there and the screen is cramped, but I'm much better off with iOS9 than I was with iOS7. I actually gained in battery life.
So, there's that.
Re: (Score:2)
Yeah, because an operating system for a computer platform where performance doesn't double every year, and networking standards don't change every 3 years (desktops / laptops) is exactly the same as an operating system for a platform where they do (mobile telephones)
How long has Microsoft continued to support Windows Phone 7? Oh, right until Windows Phone 8 came out. And how many of those WP7 devices got upgrades to WP8? Not very many, if any at all.
So even with your Microsoft example, it's a double stan
Re: (Score:2)
Apple is already a plenty attractive target. Plenty of prestige to be gotten from something like this already.
Re: (Score:2)
Anything is possible.
So it's impossible for anything to be impossible?
Re: (Score:2)
Anything is possible.
So it's impossible for anything to be impossible?
No, but some "impossible" things may just be very very hard and take a long long time, and that also means it may take a long, long time to show that it definitely can't be done.
Apple should use the deep thought defence:
Judge: your task is to decrypt this phone
Apple: tricky
Judge: but can you do it?
Apple: yes, but it may take a while
Judge: how long?
Apple: approximately seven and a half million years
Now find an expert witness to prove Apple is wrong...
Re: (Score:2)
You missed out the best bit:
"Seven and a half..."
"What, not til next week?"
"...million years."
Re: (Score:2)
Possibly.
Re: (Score:2)
Re: (Score:3)
My understanding is that the key, encrypted by the user's unlock code and device ID, is stored on a secure hardware module that is unique to the processor on that specific phone. You can configure the phone to erase the key after 10 wrong attempts. This makes it pretty much impossible to brute force the passcode via the OS. What I don't know is if the 10 tries setting is enforced at the hardware level or the OS. If it's only the OS, I suppose you could rig up something to interface with the hardware sec
Re: (Score:2)
The fingerprint is only good once the phone has been previously unlocked via the passcode. After the phone is either rebooted, or if it's been greater than 48 hours since last unlocked, then then phone can no longer be unlocked via the fingerprint.
My guess is that there is a cache of the decryption key that is stored in RAM. a power cycle will clear that, or the phone clears it itself after 48 hours.
Re: (Score:2)
or cut off the finger...