Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
IOS Democrats Encryption Government Iphone Network Open Source Privacy Republicans Security Software The Internet Apple Your Rights Online Politics Technology

DOJ Threatens To Seize iOS Source Code (idownloadblog.com) 596

An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:

"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.

This discussion has been archived. No new comments can be posted.

DOJ Threatens To Seize iOS Source Code

Comments Filter:
  • signature/brains
    • right - this isn't just police tactics; its mafia tactics.

      how nice - the fbi is now at the same level as tony soprano.

      home of the free, land of the brave. yeah, maybe a long time ago, but not anymore ;(

  • by MrKrillls ( 3858631 ) on Tuesday March 15, 2016 @05:32PM (#51703545)
    Didn't think this could get much stupider. But...
  • police state (Score:4, Insightful)

    by Orgasmatron ( 8103 ) on Tuesday March 15, 2016 @05:33PM (#51703559)

    DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."

    DOJ's response to Apple's claim that the DOJ is trying to make a police state? You guessed it: create a police state.

    Note to everyone: burn your backdoors. Do it now. Apple wouldn't be in this mess if the phone was secure against updates while locked.

    • by sims 2 ( 994794 )

      Most crypto is already open source having access to the source code should not give you an advantage in breaking the encryption itself unless the encryption was flawed in implementation.

      Why should you even be able to update the os without providing the key? it should be easy enough for apple to allow you to enter your ios passcode on the computer in the event that ios becomes corrupted for some reason.

      Even if the gov't had apples signing keys afaik they can't force an update without physical access.

  • A bad as this is... (Score:5, Interesting)

    by dwywit ( 1109409 ) on Tuesday March 15, 2016 @05:35PM (#51703569)

    What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?

    "Install this update NOW before law enforcement gets access to your phone?"

    Or am I missing something?

    If that's a feasible option, they're probably working on it right now.

    • The government could launch a massiv DDoS against Apple's update servers and spoof their IP addresses to update all the devices in the wild to their custom firmware...

    • by qbast ( 1265706 ) on Tuesday March 15, 2016 @05:45PM (#51703665)

      What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?

      "Install this update NOW before law enforcement gets access to your phone?"

      Or am I missing something?

      Obstruction of justice charges. Not writing new software just because FBI tells you to is one thing, but wilfully and actively interfering with FBI's collection of evidence is something that no judge will allow.

      • Well, since the one device in question won't be updated, there's no reason to say "obstruction of justice." Also, there is no proof that the phone in question even has any evidence. Their arguments are FAR FAR from probable cause.
    • by ai4px ( 1244212 )
      If they can get the courts to give them the keys and the source code, what good would it do apple to release a new version of IOS with new signing keys? The government would just compel them to release it again... and the 2nd iteration, they'd have a precedent.
      • by fahrbot-bot ( 874524 ) on Tuesday March 15, 2016 @06:50PM (#51704229)

        If they can get the courts to give them the keys and the source code, what good would it do apple to release a new version of IOS with new signing keys? The government would just compel them to release it again... and the 2nd iteration, they'd have a precedent.

        Which is really what the FBI wants - precedent. It's already been stated that the NSA could (probably) crack the phone, but the FBI isn't interested because they want a legal precedent - presumably to decrypt any phone any time for any reason...

        From http://www.newsweek.com/former... [newsweek.com]

        Richard Clarke (former U.S. counterterrorism official and security adviser to the president) said Monday in an interview on NPR's Morning Edition that he believes that if the FBI asked, the National Security Agency “would have solved this problem” of opening the encrypted iPhone of the San Bernardino, California, shooter.

        When asked by NPR anchor David Greene what he would have done if he was still in government, Clarke said he would taken the San Bernardino shooter's iPhone, which is at the center of a national debate over encryption, to NSA headquarters in Fort Meade, Maryland. Clarke believes the FBI is holding out in an attempt to set a legal precedent to facilitate decrypting smartphones in the future.

    • by tlhIngan ( 30335 ) <.slashdot. .at. .worf.net.> on Tuesday March 15, 2016 @05:53PM (#51703753)

      What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?

      "Install this update NOW before law enforcement gets access to your phone?"

      Or am I missing something?

      If that's a feasible option, they're probably working on it right now.

      The problem is the keys CAN'T be updated. They're burned into real ROM (as opposed to OTP), the reason being the boot ROM will verify a signature using the key it has. If the key was stored in alterable (e.g., flash) memory, then it would be possible to erase the key, program your own and jailbreak your device that way.

      Of course, that also means third parties like the government can do so as well to have it run custom bootloaders and OS and not have to go through the process to get Apple's key which is the only way to create code that will run on the SoC.

      Of course, I'm not entirely sure if the source code would have the key in it - it's possible after having the final IPSW file, Apple takes it on a USB key to a special Mac and has that Mac sign the IPSW. That Mac is airgapped and everything so to create an OS update requires physically going to the Mac and doing the signing there. For development, Apple most certainly has dev boards that don't require a signed image (it won't help the FBI to have these boards).

      I suppose the bigger question is - don't the FBI realize what kind of stink they're making? So they acquire the iOS source code. But that immediately casts a huge shadow over the US's prime industry - IP. Because sooner or later, that iOS source code WILL leak from a hack of the FBI, which means any IP industry in the US (i.e., the only sectors making money - movies, music, books, TV, software, etc) is suddenly threatened - the government can seize your content and while they promise to keep it secure, it won't be (see IRS and other hacks) and it'll be a field day - get your Hollywood new theatrical releases the day of, courtesy of the FBI.

      It seems like the FBI wants to win the battle, but lose the war. We used to mock China for their poor IP protection policies and state-sanctioned piracy, but it appears the US is going to do worse. At least the Chinese government protects Chinese IP while disregarding foreign IP.

      Anyone who deals with IP should pay a lot of attention to this case - if you can be forced to give up your IP, and you know the entity forcing you can't protect it, well, all the copyrights of the world won't protect you.

      Seriously - the level of silliness is getting absurd. Forcing Apple to give up their source code means the content industry and IP industry have a shot across the bow - the government will take what they want. And then hackers will have it too. Way to destroy one of the biggest industries in the US.

      • I wonder at which point it becomes more economical to just drop the American market altogether. Sure, the USA are a big and prosperous market but shenanigans like these carry a substantial cost with them - and at some point that cost might exceed the expected profits.
      • by SvnLyrBrto ( 62138 ) on Tuesday March 15, 2016 @07:02PM (#51704323)

        > The problem is the keys CAN'T be updated. They're > burned into real ROM (as opposed to OTP), the
        > reason being the boot ROM will verify a signature
        > using the key it has. If the key was stored in
        > alterable (e.g., flash) memory, then it would be
        > possible to erase the key, program your own and
        > jailbreak your device that way.

        Well, if the FBI tries this tack, can there be any doubt the Apple will darken the skies with so many lawyers the FBI will think it's the 11th plague? Remember IBM's antitrust case? IBM made it last more than a decade... that's longer than there's even been such a thing as an iPhone... and ground the DoJ down to the point that they eventually just gave up. Apple is richer (can afford more and better lawyers) now than IBM was then. By the time they're able to seize the iOS source code, Apple could easily have more than enough time to write an entirely new OS and iterate many generations of iPhone, to the point that all of the phones with the old key burned-in are in landfills and what the FBI gets would be useless.

        And that's aside from the value of iOS, for which Apple would have to be compensated. Can you begin to imagine what that would be? Or the additional court cases to determine said value? Does the FBI want to have a budget to do *anything* else for the next couple of decades?

        • by swb ( 14022 ) on Tuesday March 15, 2016 @08:25PM (#51704833)

          I don't think the FBI or DOJ are playing a legal short game, I think they're playing a political long game where they're looking for a legislative solution that would bypass the courts and survive some kind of constitutional challenge. Congress has historically been given wide latitude to regulate interstate commerce and it's not hard to see a law enacted that regulates commercial encryption products that requires their makers to assist lawful law enforcement requests for assistance in decrypting their products.

          I don't really buy the bad for business argument that much, though. Even if Apple were to provide some way of granting the government "assistance" I would wager the technology would still be good enough for all but the most high risk situations, and less vulnerable than similar technology made anywhere else. There are few nations on Earth that don't already have fairly draconian public security and censorship as it is -- whose security technology are you going to trust -- Indian? Chinese? Russian?

          It'd be nice if Norway, Sweden, Switzerland or the Netherlands produced a secure communications device backed by their own country's strong constitutional protections against invasion of privacy. But they would also be subject to diplomatic pressure to cooperate with law enforcement and intelligence services, something which a US based company can more easily fend off. Even the Swiss caved on a lot of bank secrecy under pressure from the US to go after tax evaders.

          Overall, I hope the FBI loses on this issue. I think they're looking for the ability to conduct anytime, anywhere surveillance that has no limits and it's scary.

        • by Jeremi ( 14640 ) on Wednesday March 16, 2016 @01:22AM (#51705911) Homepage

          And that's aside from the value of iOS, for which Apple would have to be compensated. Can you begin to imagine what that would be? Or the additional court cases to determine said value?

          No problem -- President Trump will build that backdoor and make Apple pay for it.

  • by Tablizer ( 95088 ) on Tuesday March 15, 2016 @05:36PM (#51703587) Journal

    It shouldn't be the FBI's job to lobby for or against policies with such wide political implications. It's conflict of interest, and outside of their role as part of the Executive Branch. They are to carry out of the orders of the other branches and formal political process, NOT to make or pressure policy.

    They can state their preference on political issues as they relate to crime fighting and prevention, but to aggressively push for a stance or policy is another thing.

    • You are apparently unaware of how the FBI was founded and who ran it for his entire lifetime and why that happened. The ghost that roams the halls of the FBI is Hoover and the organization still suffers from the overreach and law breaking that marked not only his creation of the FBI but his running of the organization and picking of all the agents that still run the department. The ghost of Hoover and the abuses he perpetrated will haunt the halls of Quantico until the FBI is disbanded. Even today the FBI o

  • With exactly this reasoning cited in the article.

    • by gweihir ( 88907 )

      It is not hard to predict. One thing is that Apple is wrong about this reading to a police-state. The US already is one, just in the earlier stages: The police gets most of the laws and equipment they want, without any real balancing with civil rights. When policemen rape or murder someone, they have an excellent chance to get away with it, while penalties for citizens are grossly inflated. And if you listen to Trump, you can already hear the first indicators of the fascism that invariably follows a police-

  • ... then isn't the derivative work that they make copyright infringement?
  • by perpenso ( 1613749 ) on Tuesday March 15, 2016 @05:38PM (#51703601)
    They only need the key for digital signature, the FBI has the technical expertise to hack the binaries just like black hats. Its all about the key.

    If we end up in the horrible situation where this is going to happen then morally Apple must do it. If Apple makes the changes they can also include code that restricts this version of iOS to the single phone in question. A new court order will then be needed for any other phone. However if the FBI is left to make the changes there will be no such restriction, this version would run on any phone and a court order may not be necessary for its use.

    Its a classic negative / negative decision. Both options suck but one sucks significantly worse. Apple is morally obliged to help protect its customers as best it can and that means the FBI can't be the one making the changes.
    • No matter who makes those changes, the problem is the same... If Apple makes it and just lets the FBI use it, then the FBI will just keep on asking in the future whenever they need their help, and Apple keeping it around means that there will exist a possibility that it might get misappropriated from Apple. By expecting Apple to cooperate with the FBI, the government is basically telling Apple to play Russian roulette with its own IP. What sane person would voluntarily pull a trigger of a loaded gun that was pointed at their own head, even if they knew that most of the chambers were empty?
  • by Chas ( 5144 ) on Tuesday March 15, 2016 @05:40PM (#51703633) Homepage Journal

    You know that "oppressive government" people are always talking about?

    Here's the baby pictures kids!

  • by Impy the Impiuos Imp ( 442658 ) on Tuesday March 15, 2016 @05:41PM (#51703637) Journal

    In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."

    Of course it could lead to a police state. That's what this is all about, abuse of spying capabilities.

    We just found out this week that your giant US-to-foreign email conversations database the NSA shares with you allows warrantless reading of the to: and other fields, not only without a warrant, but without even any tracking and logging .

    This is the core of the Constitutional issues the Constitution is supposed to prevent -- people in power having the ability to spy on political opponents, using government powers.

    What is to stop, or even notice, a rogue agent working for a politician spying on opponents on their behalf? Nothing, and not even a secret court nor the elected congressmen who are on a national security committee, and are nominally supposed to make sure it isn't abused, can even detect the abuse.

    How are we to know this software won't be copied and abused to crack some stolen politician's phone? Of course this assumes you are stuffed looking at who they call, anyway, to feel out their political support networks, the meta info, that itself could be abused, and is warrantless.

  • by jacobsm ( 661831 ) on Tuesday March 15, 2016 @05:42PM (#51703643)

    What's to stop Apple from creating a new corporation overseas and have them hold the IOS source code there? Apple USA no longer has access to the source code, and the new company tells the US Government to go suck an egg.

  • but there is right and wrong and I think they should pack up and leave the US. I think that would be big bump for others to follow. As a Apple hater and a Canadian I for one would welcome the Apple job creating Overlords into Canada with open arms.

  • Private property rights (that would have defended Apple in this case) were were killed in the USA the moment government was able to apply the Sherman's Act to dismantle Rockefeller's Standard Oil. This is not new, the only people who think this threat by the government Mafia is anything new are the ones who want to discriminate against some (for example discriminating against Rockefeller's right to private property is cheered by a large number of people).

    Apple is the modern day Standard Oil. This case aga

    • by OrangeTide ( 124937 ) on Tuesday March 15, 2016 @06:25PM (#51704033) Homepage Journal

      Well, the Sherman Anti-Trust Act was 100 years before many of us were born. So you can hopefully forgive us if we think this is all new. Kids are coming out of public school after being told some ideal of how America works, and suddenly discover a very different reality in adulthood.

      I think it is more telling that after breaking up Bell System in the 80's, the Baby Bells and independents of that era reform over the years under AT&T(SBC, BellSouth, Ameritech, PacBell, etc), Verizon (Bell Atlanic, GTE), and CenturyLink(Qwest/US West/Northwestern Bell). I can imagine AT&T or Verizon scooping up CenturyLink or Frontier Communication in the near future. In a way we're worse off because the monopolies of that era had some independent competition, but now even those independents are gone.

  • Hand over the source code and digital keys — encrypted. If the government wants to unencrypt it, the NSA can provide a spare computer or two. If not, oh well.
    • That would constitute contempt of court - which is a bad idea. Nice thought though.
      • Re:Sadly not viable. (Score:5, Interesting)

        by creimer ( 824291 ) on Tuesday March 15, 2016 @06:32PM (#51704099) Homepage

        That would constitute contempt of court - which is a bad idea.

        That didn't stop Microsoft. When the court told Microsoft to remove Internet Explorer from Windows, they did so by leaving Windows in a broken state. The judge was astonished by this response. Microsoft was arguing that Windows and IE were one and the same, and presented the logical conclusion of removing IE. Many years of court litigation later, Microsoft eventually complied. By then, it was a moot decision as the marketplace had moved on to leave Microsoft in the dust.

  • All that is needed for unbreakable communications is a lengthy sequence of random bytes and an XOR operator. Otherwise known as a one-time-pad. If the parties are at least marginally smart in picking and using the pad, even the NSA is boned in trying to decipher the messages.

    All this will accomplish is allow the gov. to peek into lazy and stupid criminals communiques. Apparently the FBI thinks the majority of the bad guys fall into this category. They may be right, as it stands now, but if they win, tha

    • by phantomfive ( 622387 ) on Tuesday March 15, 2016 @07:27PM (#51704515) Journal

      All that is needed for unbreakable communications is a lengthy sequence of random bytes and an XOR operator. Otherwise known as a one-time-pad.

      That comes up a lot. and it's usually wrong. [schneier.com] Basically, the weak part of encryption isn't the algorithm, it's the chain of trust. If you can successfully exchange one-time-pads, then you can successfully exchange keys and get good encryption. In fact, exchanging keys is easier.

      . If the parties are at least marginally smart in picking and using the pad

      Nah, there are a number of mistakes you can make with a one-time-pad, and schneier pointed out a few in that link from before.

    • Apparently the FBI thinks the majority of the bad guys fall into this category.

      You are assuming that the FBI/... is after the ''bad guys'' that they claim that they are. Once the feds are able to break into communications they can snoop on all sorts of people: have you pissed off a powerful politician or hampered his business interests recently ? The USA is relatively benign - but when the keys become known (as they will) to 'law enforcement' in places like Egypt, Pakistan or Burma (Myanmar) then people will start to die or disappear -- or maybe I am just naive in assuming that the US

    • by AHuxley ( 892839 )
      A person needs end to end anonymity for a one-time-pad to work well.
      If that code fragment is detected then other methods will be used to try and find the plain text data if a computer like device was used.
      Or a sneak and peek visit to add a set of cameras on site hoping the code is created by hand at the same location every time.
      Bespoke gov created malware gets pushed down onto the cell phone or computer just for that user and then digital one-time-pad anonymity and privacy are gone.
      Re "may be the even
  • First Amendment (Score:5, Insightful)

    by OrangeTide ( 124937 ) on Tuesday March 15, 2016 @06:08PM (#51703867) Homepage Journal

    Can the government compel someone to say something they do not wish to?

    As long as code is free speech (Bernstein v. the U.S. Department of State; Brown v. Entertainment Merchants Ass'n). And as long as the ruling of Citizens United v. FEC stands, it seems to me that Apple has a First Amendment right to STFU.

    I hope this results in Apple stuffing the EFF war chest to keep that organization going. And the ACLU has made strong statements in support of Apple, but I predict the ACLU won't become involved in the case.

    • Well the Supreme Court has decided that the government can compel you to purchase something. Why can't they compel you to provide something?

  • by Bruce66423 ( 1678196 ) on Tuesday March 15, 2016 @06:11PM (#51703893)
    OK - so OLD phones will be subject to this problem but new phones need a new signature from now on.
  • by surfdaddy ( 930829 ) on Tuesday March 15, 2016 @06:13PM (#51703911)

    I remember seeing movies about life in Germany under Hitler. Whether accurate or not, random people were walking on the street and officers would mutter that command to people, and if they didn't have what was wanted - bang! You might disappear. It strikes me that where we're going in the US (land of the free!) is this direction. The government HAS to be able to see ALL of your papers - only they are now electronic records. And there CANNOT be anywhere that you can put things that the government shouldn't be able to get in. I wonder how we justify being able to take a walk of two people in the woods, without the government being able to "know", upon warrant, what was said? Should we also have microphones recording at all times so that *everything* is discoverable? And what about the government that starts bending the rules of court-issued warrants, to Hoovering up of ALL records on the phone, or the internet? "It's all for your protection, and for the children....".

    • by twotacocombo ( 1529393 ) on Tuesday March 15, 2016 @06:36PM (#51704129)

      "deine papiere, bitte"

      Nazi Germany had a major advantage over the current state of the USA: There were no 1st, 4th or 5th amendments, but most importantly, no 2nd. The former cannot survive without the latter, if the Third Reich is any indicator of how badly that situation will devolve. Please keep this in mind if you ever think it's wise to pick and choose the rights that you agree with, and attack those that you do not. This is quickly turning into an all-or-nothing affair.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Um, the Nazis actually deregulated the gun control laws that were in place. See http://www.law.uchicago.edu/files/files/harcourt_fordham.pdf - p.20-21:

        "[..] With regard to gun possession, the 1938 Nazi gun laws represented a further liberalization of gun control regulations.[..] [T]he 1938 revisions completely deregulated the acquisition and transfer of rifles and shotguns, as well as ammunition."

        Granted, they did take steps to disarm the jewish people. But if you read up on the history of the Weimar Republ

  • by anwyn ( 266338 ) on Tuesday March 15, 2016 @06:22PM (#51704005)
    Could apple contract with a foreign person, outside the jurisdiction of any U.S. Court, to do all the key signing that apple currently does? The sub-contractor would work according to a contractually specified algorithm, that basically says to signs what apple wants it to sign, but refuses to sign anything coerced. The sub-contractor would store the signing key outside the jurisdiction of any US court. If this scheme is ruled illegal and apple is pushed to the wall, apple could move all of itself offshore, and the Justice department could take responsibility for the resulting job loss.
  • how the keys work (Score:5, Informative)

    by supernova87a ( 532540 ) <kepler1@hotmai l . c om> on Tuesday March 15, 2016 @06:23PM (#51704013)
    It is amazing to even try to conceive that the ham-handed FBI, with politically appointed leaders (aka morons who have no idea about building hardware/software and who are trained and incentivized to kick doors down, not pick locks) would be remotely qualified to even understand the ramifications of creating/modifying source code, signing it, and pushing it to carefully designed hardware. Much less qualified to execute on that task with a few government programmers, when it took an organization of 100s of people years to develop what is now the iPhone hardware+software encryption infrastructure.

    Just for your reference, the reason the encryption keys are so important / secret is that:
    -- All recent (>4 year) Apple hardware has built-in encryption-dedicated processing hardware
    -- This hardware has firmware burned-in with Apple public encryption keys that validate that any code has come directly from Apple without modification, on startup
    -- This key validation structure is designed to ensure that only code signed by Apple's private key can run on the phone
    -- Every iPhone has the same public keys burned on it, because that's how public keys work.

    So if Apple is forced to give its private keys to the FBI (assuming the remote likelihood they even knew what to do with it), the FBI would have the ability to encrypt and sign software for any of these iPhones. The idea (legal argument-wise or technically) that "this is about one phone" is laughable.

    Forcing someone to disclose encryption keys would be a huge violation of the First Amendment. If there is anything that qualifies as speech and knowledge, it is an encryption key / secret. Then on top of this, there is the question of whether the people at Apple who are in charge of the encryption keys (yes, individuals) would even voluntarily turn it over if given such a blatantly unconstitutional order.

    I'm sure that even people within the FBI laugh at the notion that they could develop such code without fucking it up, deploy it, and maintain the secrecy of the keys and source code from outsiders.

    And final note by the way, this legal filing was written so poorly as to be a joke. It reads like a summer intern wrote the brief after being dictated it by the paralegal to the Assistant US Attorney dashing out of a meeting.
  • 5th Amendment? (Score:4, Interesting)

    by chubs ( 2470996 ) on Tuesday March 15, 2016 @06:42PM (#51704167)
    Remember that pesky clause at the end of the 5th ammendment? "... nor shall private property be taken for public use, without just compensation." According to the stock market today, "just compensation" for Apple's IP is somewhere in the $600 Billion range.
  • by Hussman32 ( 751772 ) on Tuesday March 15, 2016 @06:43PM (#51704187)

    What surprises me from John Oliver's [youtube.com] take on this is that Lindsay Graham said we need to step back. Even he now knows that it's not a workable strategy for the government to get access to the phones.

  • by snadrus ( 930168 ) on Tuesday March 15, 2016 @06:47PM (#51704203) Homepage Journal

    Would this work?
    http://getthemonourside.blogsp... [blogspot.com]

  • Refuse to pursue clear, obvious mishandling of State secrets by its own SecState [huffingtonpost.com]. Ignore the use the IRS to attack political opponents [washingtonpost.com]. And now threaten to seize assets of a company that has done nothing wrong. Absolute fascism on display. 2017 cannot come soon enough - and as long as it's not Hillary, I don't care - Bernie or Trump would be fine. Anyone to tear down the fascist bureaucratic facade that is the Federal Government today.
  • This is so down the thread no one's going to read it, but here's my $0.02.

    The US only has one good thing going right now for them: the IT and Technology sector. It has no manufacturing (that's all down in China now), and besides Google, Apple is the only big one in the game.

    If the FBI forces Apple to give out their source code, this is how is see it playing out:

    - Not only the US but the rest of the world loses confidence in Apple products.
    - Apple stock drops like a sack of potatoes.
    - Apple is forced to downsize: massive layoffs
    - Poor sales of Apple products make having the source for iOS irrelevant (no one is using them) and the FBI ends up with its finger up its ass anyway.
  • by Beefpatrol ( 1080553 ) on Wednesday March 16, 2016 @12:40PM (#51708587)

    Remeber one of the major rules of security: If you have physical access to the machine, you have access to the data. If the machine can decrypt the data, then whomever has the machine can decrypt the data.

    If the FBI is even remotely intelligent, the first thing they did upon seizing the phone was crack that sucker open and disconnect the battery to prevent any data self-destruct or remote wipe mechanisms from functioning. To consider the case where the FBI wants to brute force it like they have been claiming, there are probably a few different ways of getting at the data. The first thing you would want to do is get a byte-for-byte copy of the flash contents. This can probably be done via JTAG, but if it can't or it is considered too risky to try, the flash chips can be unsoldered from the board and sent read commands directly via a dev board. It is not like such hardware is hard to get or restricted in any way. Once the data from the flash chips is backed up, you can brute force without risk of losing something useful. Does anyone know of any reason this wouldn't work?

    This means that all the instructions required to boot and decrypt the data are now available to be dissected offline, since the phone couldn't decrypt the data without those instructions. All that is missing is whatever the secret is that is used to encrypt the user data.

    One exception to the "immediately unplug the battery" rule might involve putting the phone in some sort of ICE mode via JTAG without rebooting it so as to get a RAM dump of the running system. If Apple were sloppy, they might have left a copy of the secret in plantext somewhere in memory. I don't know if it is possible to inject instructions into an iPhone via JTAG that would allow this without rebooting the phone, but I'm sure that could be figured out on a test device first. Maybe "immediately remove the battery" should be replaced by "immediately put the phone in a Faraday cage with a charger."

    In any case, what is most distressing about all of this is that both Apple and the FBI are clearly using this situation and the courts to get press that is favorable to their agendas. Apple wants everyone to think they are super pro-security, anti-government power, and the FBI wants everyone to think that they can't decrypt an iPhone without a backdoor. This is all just theater.

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.

Working...