PDA

View Full Version : Apple Ordered to Create a Backdoor



kennyleri
02-17-2016, 09:46 AM
I hope this doesn't happen. IMO I agree with Tim Cook that this will lead to a lack of security and privacy and lack of control on using. Here is the link (https://www.yahoo.com/politics/apple-vows-to-fight-federal-order-to-share-san-124228263.html). This is like opening the proverbial can of worms. What do you folks think?

Kenny

dtravis7
02-17-2016, 10:41 AM
Is the government demanding Apple do it to all iPhones or just the one 5c that that murderer used?

lclev
02-17-2016, 10:48 AM
I am torn. I agree with what Tim says in the post. But I think of what those people did and what could be on the iPhone that could lead to other terrorist. The cost of freedom is never free but are we willing to pay the price of a potential loss of privacy? I believe we have lost so much of our privacy already. Do we give up more?

I find it ironic that after Apple created an internal "kill" switch to brick a stolen phone, the government required a "kill" switch be put in all phones. It was a great idea until they figured out just what that meant for law enforcement and getting information off a phone. Now it is not so great. I understand it is the encryption that is an issue in this too.

I totally get why the FBI wants the information on that iPhone. I could almost agree to allowing Apple and only Apple to open the iPhone if a court orders it, but I fear that would open the door to widespread abuse. I do not support a government provided override - because I do not trust them to overuse it.

In addition, any backdoor that is created can be hacked. And if they are forced to create a backdoor next to be eliminated will be the ability for the owner to brick their own iPhone using the "find my phone" app.

Lisa

lclev
02-17-2016, 10:49 AM
Is the government demanding Apple do it to all iPhones or just the one 5c that that murderer used?

Read Tim's post - http://www.apple.com/customer-letter/

kennyleri
02-17-2016, 11:00 AM
Is the government demanding Apple do it to all iPhones or just the one 5c that that murderer used? Just this phone but the problem arises with "control" of how and when they decide to use it.

Lisa..I couldn't agree more with your assessment. Again we all know the government likes power and they do lack control of using it. I hope this isn't a long road down a slippery slope. Opening a permanent back door will only change the way the bad people do their deeds and then the rest of use suffer, like our lives haven't changed enough.

Kenny

harryb2448
02-17-2016, 04:39 PM
Gosh you guys get your knickers in a twist. Let terrorists and murderers rule. Their individual rights are obviously more important than the community's. Get Apple to open the phine and hand it over then. Simple!

lclev
02-17-2016, 06:33 PM
Harry I wish it were that simple. I totally agree with opening the terrorist's iPhone and actually Apple had no issues with that. What caused the problem was the judge who issued the court order included in it that Apple must develop a software backdoor for law enforcement to use. Supposedly before they used it this would take a judge issuing a warrant/court order to do that. And for the moment I will let slide the fact that I believe it will be abused. But if there is a backdoor just how long before it is hacked and the reason for the ability to lock and brick a stolen iPhone will be a mute point?

Lisa

XJ-linux
02-17-2016, 10:56 PM
Apple has a fiduciary responsibility to it's investors and their stock takes a BIG hit the second the headlines read "Apple Designs iPhone Backdoor for Government Investigations". They aren't opening that phone up for as long as possible. Hang a civil liberties flag on it if that sells, but that isn't the motivator.

Personally, I'm not for giving up any more civil liberties than we already have in the name of The War on Terror™. I'd rather waterboard a hundred jihadis than give them the satisfaction of handing over more personal freedoms in the name of security. But hey, I'm old school.

harryb2448
02-18-2016, 01:32 AM
It is really that simple. Be safe or meet the consequences. The safety of the community comes first period.

kennyleri
02-18-2016, 10:55 AM
Great opinions folks but this is going to be the courts for some time I believe.

lclev
02-18-2016, 01:25 PM
Yes it is! And if the courts rule to create the backdoor then here comes the lawsuits from iPhone owners concerning a violation of privacy laws. It shall be interesting to watch.

Lisa

Cr00zng
02-18-2016, 04:13 PM
That's really simple... Apple could provide the requested firmware update, without giving the firmware to law enforcement.

Have the iPhone in question delivered to Apple to have Apple techs remove the password lockout limit. Deliver the iPhone to law enforcement and let them have at it, go ahead and crack the password. Once it's done, revoke the certificate used for the special firmware and everybody is happy...

If the FBI is not happy and want to install the firmware themselves, then it's quite evident that they are looking for a backdoor for iOS.

I would not doubt that one of the intelligence agencies had already unlocked the iPhone and the court order is just a smoke screen. They don't want to admit that they already have ways to access the encrypted iPhones...

XJ-linux
02-18-2016, 05:12 PM
The FBI needs a plausible chain of custody regarding this iPhone - every single thing that has been done to it, by whom, when, and how it was done - if it wants to use it for prosecutions in court, or to obtain warrants for search, seizure or wiretaps from a court.

This is why the FBI (DHS) needs "Apple assistance" to open it, unless they want to either disclose in court records that they successfully surreptitiously opened it, or have a big redacted pubic record regarding the opening process which is as good as saying they cracked it.

Apple doesn't want that either, because the conclusion is that Apple iPhones are hackable by the US government without any help from Apple. As such, Apple will eventually "open" it for them, but will kick the can a while publicly to save their image and stock value.

ManoaHi
02-18-2016, 07:01 PM
It is really that simple. Be safe or meet the consequences. The safety of the community comes first period.

No, that is incorrect. The reality is that any such back door access will always be after the fact. In other words, it would have happened anyway. Just talking about it is not illegal. Back doors will, not might, be broken and it could be a matter of hours. Then the terrorists will use your phone to do their communications then you are likely to be arrested, if not, a person of interest, which means they can monitor your every move. I don't get that creating a back door is safe for the community. It does nothing to increase safety.

I think you are thinking that only law enforcement will have the ability to use the back door, which has been proven wrong so many times.

ozznixon
02-18-2016, 07:10 PM
This whole event is stupid, the FBI has been strong arming Apple about this. However, FBI has a federal rule for all of us that own Internet and VoIP businesses - called CALEA. We have to log and record all information and make it available upon court request. Why don't they start there... go to the carrier, they have copies of all our texts, network communications, phone calls, etc. We are a smaller company with servers here in Richmond and 16 other cities, and 100's of terabytes of archived calls and network traffic. No need to crack a device!

Now, for Apple, this is not something they want do... they will lose the trust of the consumer. FBI being backed by Microsoft?

Ozz Nixon
Found and Sr. Sofware Architect
3F, LLC.

Pvee
02-18-2016, 07:16 PM
Don't know if this was exactly like the Government request was worded, but from a marketing standpoint, If Apple complies with this the rumor mill would likely have a big impact on future sales.
Like what if they set it up so suspected criminals would get this version when they do an upgrade. True or not, it's a worry. We know how accurate the no fly list is..

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation.
In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

zewazir
02-18-2016, 07:22 PM
The feds seem to think all Apple has to do is write a piece of code that disables the kill switch in the iPhone. Not true. While they could indeed write the code to turn off the kill switch HOW DO THEY INSTALL IT ON THE PHONE? An individualized update to the iOS wold have to be accepted by the user - but they need the pass code for that, and they can't hack the passcode with the kill switch in place.

I don't think this is an issue of Apple refusing to do something to help out law enforcement, but rather Apple trying to explain to the non-geeks that it is simply not doable in the manner they want, and illegal for them to do it any other way.

ManoaHi
02-18-2016, 07:30 PM
Is the government demanding Apple do it to all iPhones or just the one 5c that that murderer used?
The FBI is currently only intersted in this one phone, ostensibly to identify others involvement and they only wanted the auto-wipe disabled after 10 incorrect attempts. The FBI were willing to brute force to unlock the phone and that is all they requested. The judge, however, ordered Apple to create a back door. Clearly the judge is not qualified to make tech related judgements. He either misunderstood the request or thinks that disabling the auto-wipe and a back door are the same thing. Or he made up his own mind (even though he is supposed to remain impartial).

ozznixon
02-18-2016, 07:35 PM
Why not build a device which they can pull he guts of the iphone, and treat it like a slave drive on a PC... boot the master device, mount the secondary device and voila... data.

Patent that idea!
O.

pm-r
02-18-2016, 09:16 PM
Did not BlackBerry have a similar user data protection with some of their devices and was there not a similar type attempt to make them provide some sort of access several years ago or were they exempt because they were a Canadian company??? As if that would matter to some… :Not-Amused:

ManoaHi
02-18-2016, 09:33 PM
Why not build a device which they can pull he guts of the iphone, and treat it like a slave drive on a PC... boot the master device, mount the secondary device and voila... data.

Patent that idea!
O.


Why not build a device which they can pull he guts of the iphone, and treat it like a slave drive on a PC... boot the master device, mount the secondary device and voila... data.

Patent that idea!
O.

That's not the problem. What you would get when you mount the "guts" is "voila...garbage, oops". It is still encrypted with a "baked in code" + user's password. Sure they may get the password eventually (remember you can make the password really long and complex), thus making it hard to brute force, but how will they get the "baked in code". It's in the crypto engine, which sits in the DMA path. Once you start messing with the DMA path you risk corrupting the data. This is also true of the Samsung Android phones/phablets as well, don't forget that if Apple loses, the entire industry (all makes an models) will be affected since the FBI would have a precendent case. Don't think of this as just an Apple issue.

Mr. D
02-18-2016, 09:36 PM
I had a relative hiding under a table in the San Bernardino terrorist shooting! I'm a moderate Liberal & behind privacy 100%, but Apple better damned well figure out a way to obey Federal warrants for information on "specific iPhones" or Americans will turn against Apple! No company should be able to sell a system that allows terrorists & criminals to communicate secretly & safe from a "specific Federal Warrant issued on one specific phone"! My God, are we trying to aid criminals & terrorists?? That would be making a profit by aiding terrorists & criminals to keep law enforcement from detecting crimes & terrorism! No information should be denied a legal warrant issued by a judge on a specific iPhone, computer or any other method of communication in an investigation!

c5vetter
02-18-2016, 10:49 PM
The iPHONE is CALEA compliant (by US Gov't & international treaty), and IF that is not enough -- change the law and spell it out specifically what you want ALL mobile phone manufacturers to do and be compliant. Crippling Apple changes nothing in this argument.

ManoaHi
02-18-2016, 10:52 PM
...Apple better damned well figure out a way to obey Federal warrants for information on "specific iPhones" or Americans will turn against Apple!
1. Does anyone have proof that the iPhone was used in the shooting?
2. Anyone with half a brain won't use the company's phone for such communication. The phone comes under the company's control.
3. Could this person have got another phone and used that intead? Sort of a no-brainer.
4. Did the FBI get the meta data (which is not encrypted) from the service provider? This determines if that phone was ever used. They would not have had enough time to sift through it after getting a warrant for the service provider. Another no brainer.
5. Please remember that the government madated kill switches:
http://www.theverge.com/2014/7/21/5920667/why-governments-are-scrambling-to-pass-smartphone-killswitch-laws
most manufactures already built it into their phones. But most have to be turned on, do we have proof the he turned it on?
6. We have MDM so we can wipe any of our company phones at any time if they are lost or stolen. Has the employer stated that they didn't wipe the device?
7. This is not an Apple only issue. If Apple loses, it will be a precedent case for any electronic device with strong encryption. That would even include banks. Also hackers will get into the backdoors eventually and if gaping, it could be just hours. In other words at that point law enforcement would be so overwhelmed, with fraud, robbery, identity theft, ransom, other severe crimes. Right now, they have to resort to low tech phishing.
8. Everytime the government gets involved in tech, it has many unintended consequences. Like when encryption technology, the US was second to none and then the tech became "munitiions" and thus barring US companies from spreading their encryption tech outside the US. Now the US is way behind as other countries don't have such restrictions and have significanly leap frogged the US, even our allies.

"Americans will turn against Apple!" Actually, no, the exact opposite. They will turn against Apple if they capitulate, but it has much much farther reach than just Apple. I have an iPhone 6S (iOS) and a Samsung S6 (Android) they both have strong encryption. They would be compromised, to the hackers, if not the government. You also realize that if Apple loses, the government can do this without a warrant and the criminals never bother with warrants. Also, terrorists or criminals will have the means to encrypt their communications if easy to hack current technology, where the manufacturures won't even have a clue to undo. Then warrant or not, the encrytion could never be undone, where it sits right now.

Cr00zng
02-18-2016, 11:33 PM
The FBI needs a plausible chain of custody regarding this iPhone - every single thing that has been done to it, by whom, when, and how it was done - if it wants to use it for prosecutions in court, or to obtain warrants for search, seizure or wiretaps from a court.

You seem to forget that the court order does allow for the possibility of:

the custom firmware might be used only at an Apple location
with the FBI having remote access to the passcode recovery system

This is why the FBI (DHS) needs "Apple assistance" to open it, unless they want to either disclose in court records that they successfully surreptitiously opened it, or have a big redacted pubic record regarding the opening process which is as good as saying they cracked it.

Apple doesn't want that either, because the conclusion is that Apple iPhones are hackable by the US government without any help from Apple. As such, Apple will eventually "open" it for them, but will kick the can a while publicly to save their image and stock value.

The court is asking Apple to provide a a custom code for the specific iPhone in question that removes the device wipe after ten unsuccessful try and the progressively increasing delay time between entering the PIN. In addition, it also ask for allowing programmatic enter of the PIN, instead of manually via the screen. There's no request in the court order about encryption backdoor, nor does FBI need one if they can crack the PIN with the court ordered custom firmware code for the device in question.

The requested custom firmware, that can include serial number, WiFi/Bluetooth MAC, etc., would be signed by Apple. Any changes to this firmware, even just a single character, would invalidate the firmware certificate of authenticity and as such, would refuse to load. And to be the safe side, the device in question could have the latest available iOS version installed, once the PIN had been recovered. At which point Apple can just revoke the certificate for the custom firmware.

The question is, does Apple have the technical capabilities to perform these steps? The FBI seems to think so and the court/judge agreed with them since all three items requested from Apple are, well, based in software and Apple should have the technical capability to comply with the court order.

Doing so does not mean that the US government could hack any iPhones on their own, quite the contrary. The request actually proves that Apple's encryption method is solid and the only way to decrypt the data is to discover the PIN that cannot be done without Apple's help.

In general, I still support Apple's decision for appealing the court order. It is the right thing to do, making it hard for the FBI to submit such request. I also believe that in this case, Apple will cave in due to the case at hand. Especially, if they have the technical capabilities to assist the FBI in their effort to investigate every aspect of the heinous crime committed by the owner of the device in question. Apple owns that to their users...

urbanman2004
02-19-2016, 02:41 AM
Even though I own no Apple mobile devices (i.e. iPhone) this is why I never trust the government.

cbarney
02-19-2016, 02:52 AM
i've read that iOS8 wipes out all date following ten unsuccessful attempts to enter the 4-digit passcode.

i use iOS8 and had never heard of this feature. is it a user preference, or is it built into the operating system? is there no way to turn it off?

chscag
02-19-2016, 03:15 AM
i've read that iOS8 wipes out all date following ten unsuccessful attempts to enter the 4-digit passcode.

i use iOS8 and had never heard of this feature. is it a user preference, or is it built into the operating system? is there no way to turn it off?

Not a user preference. It's a security feature built into the firmware of the iPhone once iOS 8 is loaded and there is no way to turn it off or defeat it.

bogwort47
02-19-2016, 11:29 AM
Hi Everyone

First off, I believe that this whole thing may have got out of hand - mis-handled?? Read this: http://www.thedailybeast.com/articles/2016/02/17/apple-unlocked-iphones-for-the-feds-70-times-before.html

Regrettably, the judge that issued the 'order' obviously did not understand what or was misguided in what he was being persuaded to do by the 'security services?', or else he would have realised that it would create a serious ongoing risk to personal and national/world security which none would wish for.

OK, so it has been done before for individual phones and unless there is something different, which we haven't been told about, it should be possible now.

Apple are quite correct to refuse sharing, let alone a 'backdoor' for reasons that it is inappropriate to go into in public, but are well known to those knowledgable in risk management.

It is possible that an error of judgement was made at a relatively low level leading to the misguidance of the legal process. If this is the case, then a speedy back down might unblock the current impasse and lead to a speedy resolution of this matter by the 2 parties who must have national and world security as their top priority.

In the legal parlance, senior partner would have a private chat with senior partner and this 'difficulty' should go away with little or no change to anyone's level
of risk.

Hope this sheds some light on these issues...

Meadoway
02-19-2016, 02:24 PM
Apple are right to resist the demand by US Govt.

Apple did not kill those people, it was a deranged individual who under the current trendy guise of being a muslim and follower of Islam, for what ever reasons decided to kill some people using guns.

Many other people have been killed in the same manner and those people up to now it appears have not been a user of an iPhone? -I think not.

Many others have and will be killed in the same manner and they will be white people who pull the triggers and are not “Arabic types clutching copies of the Quran and a Kalashnicov”

So, instead, why not call for better security services in the USA?

Why not pressurise Muslim clerics and supporters of Islam and urge them to be doing more to identify and eliminate the nutters in their midst ?

So why not have a go at the Gun manufacturers ?

So why not have a go at the ease by which Americans can procure guns?

Apple are right to refuse to write a hack against their own product, there is a famous and fairly recent period in the UK when it was possible to hack phones, - the actions of those who did it cost a newspaper its business and many others their freedom.

Once the hack exists, ones privacy is no longer secure.

Do we really have to repeat history?

cbarney
02-19-2016, 03:14 PM
Not a user preference. It's a security feature built into the firmware of the iPhone once iOS 8 is loaded and there is no way to turn it off or defeat it.

thank you. interesting that no one at apple ever mentioned this feature when i bought an iPhone 6 at the apple store.

i'm now on iOS 9.2.1 (13D15), which i assume incorporates the feature from iOS 8. no idea what the parenthetical material means.

Cr00zng
02-19-2016, 06:03 PM
Not a user preference. It's a security feature built into the firmware of the iPhone once iOS 8 is loaded and there is no way to turn it off or defeat it.
While it is correct...

The Device Firmware Update, or DFU for short, allows to update the iOS, firmware and the Security Enclave (SE) without the PIN for the iPhone, regardless of the version of iOS. The same feature allows jailbreaking the iPhone. The iPhone in question is the 5c that does not have the Security Enclave, that makes it easier for Apple to do what the curt ordered them to do. Apple is probably on its way to lock down the firmware vulnerability, by the iOS version 10.x the latest, which will make it hard if not impossible to jailbreak the iPhone.

The number of tries and time delay is "baked" into the firmware, not into the iOS. The court order isn't asking for a backdoor for the iPhone encryption, or the iOS, it is asking for specific firmware for the 5c in question to enable cracking the PIN. Once the PIN is known, the data will be decrypted by the iOS.

The White House collecting signatures for halting the efforts that compel Apple and other device manufacturers to build backdoors into their devices. Here's your chance to object against backdoors in your device....

https://petitions.whitehouse.gov/petition/apple-privacy-petition

macular
02-20-2016, 02:10 PM
Perhaps Apple will comply now that The Donald has put in his request... "Boycott Apple until such time as they give that information."

dtravis7
02-20-2016, 03:56 PM
Perhaps Apple will comply now that The Donald has put in his request... "Boycott Apple until such time as they give that information."

Apple is laughing at old Trump Card. The very fact he used HIS iPhone to do the tweet made them LOL! I told Trump, not sure if he saw what I said or not) don't let the door hit you on the rear and that Samsung would love him! :D I tried to switch to Samsung, both a Note Tablet and phone and was miserable and came back to Apple.

harryb2448
02-20-2016, 04:21 PM
Whilst USA is not my country Dennos, too often political jokes have a habit of being elected. I sure hope noti

chscag
02-20-2016, 04:22 PM
I tried to switch to Samsung, both a Note Tablet and phone and was miserable and came back to Apple.

Hey Dennis, Samsung makes nice refrigerators and wash machines. ;P

chscag
02-20-2016, 04:24 PM
Whilst USA is not my country Dennos, too often political jokes have a habit of being elected. I sure hope noti

LOL, Harry. I think a few of us would be moving to Nambucca Heads if that were to happen!

XJ-linux
02-20-2016, 11:20 PM
Perhaps Apple will comply now that The Donald has put in his request... "Boycott Apple until such time as they give that information."

Yeah.. Tim Cook is a loser! I know Apple executives, they love me! Love me! A few of them have called me.. Important Apple execs... You'd know their names. Well, they call me and tell me it's a tremendous thing I'm doing.. TREMENDOUS! They've been waiting for someone to stand up to Tim Cook. That's what they said! They thanked me!
-D.T.

pm-r
02-20-2016, 11:50 PM
LOL, Harry. I think a few of us would be moving to Nambucca Heads if that were to happen!

Man, I sure wouldn't be laughing too much, or at all if I lived or was a US citizen, and listening to and reading some of the US political headlines this evening… just bloody scary!!! :[

harryb2448
02-21-2016, 12:09 AM
We better start toughening up our immigration laws methinks Charlie!

BlakePE
03-05-2016, 04:43 PM
There's always no guaranteed of the action and control by others if the backdoor of system are build. Technology are supposed to help human being to have a better future if we use it wisely.

Dysfunction
03-06-2016, 04:33 PM
Man, I sure wouldn't be laughing too much, or at all if I lived or was a US citizen, and listening to and reading some of the US political headlines this evening… just bloody scary!!! :[

Recently I find myself very happy to hold dual citizenships.

pm-r
03-06-2016, 05:08 PM
Recently I find myself very happy to hold dual citizenships.

But no doubt disappointed that you'll have to pay or file your income tax regardless of what country you live. :(

And I see several reports on the large number of US citizenships being relinquished lately. :o

Dysfunction
03-06-2016, 08:54 PM
But no doubt disappointed that you'll have to pay or file your income tax regardless of what country you live. :(

And I see several reports on the large number of US citizenships being relinquished lately. :o

US income tax? If I live in the EU? :Confused:


I generally do not mind paying taxes, when there are advantages.

chscag
03-06-2016, 09:15 PM
US income tax? If I live in the EU? :Confused:


I generally do not mind paying taxes, when there are advantages.

LOL, some of the highest taxes in the world are in the EU. You can call it whatever you want but countries belonging to the EU for the most part practice a form of socialism which leads to tax, tax, and more tax. Of course they claim to take care of you from cradle to coffin. :P

Dysfunction
03-06-2016, 09:30 PM
Not much difference here, except where the taxes go... ;) But, this is an aside....

Back on topic,

Once the backdoor has been created, iOS is not secure. Period. “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” - B. Franklin

And it's very sad to see so many give up their freedoms without so much as a whimper. In fact, clamoring to do so willingly.

pm-r
03-06-2016, 09:38 PM
US income tax? If I live in the EU? :Confused:

I generally do not mind paying taxes, when there are advantages.



In case you were planning to move to the EU, you might want to start checking and you could start here:
https://www.irs.gov/Individuals/International-Taxpayers/U.S.-Citizens-and-Resident-Aliens-Abroad
http://www.expatinfodesk.com/expat-guide/nationality-specific-information/americans/us-tax-liability/

Assuming you have US citizenship that is… and you'd have to check if there are any advantages… but I think you may just be a wee bit disappointed as a minimum… Uncle Sam has you by your ahem, "personals"… unless you finally and actually relinquish your US citizenship… not easy I understand…

Dysfunction
03-06-2016, 09:42 PM
PM-r, it's not difficult

You have to:
appear in person before a U.S. consular or diplomatic officer,
in a foreign country (normally at a U.S. Embassy or Consulate); and.
sign an oath of renunciation.

dtravis7
03-06-2016, 10:18 PM
VERY well said Mike.


Not much difference here, except where the taxes go... ;) But, this is an aside....

Back on topic,

Once the backdoor has been created, iOS is not secure. Period. “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” - B. Franklin

And it's very sad to see so many give up their freedoms without so much as a whimper. In fact, clamoring to do so willingly.