Author Topic: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe  (Read 10136 times)

0 Members and 1 Guest are viewing this topic.

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Well kids, it looks like Cybersecurity's experiment in Ritalin deprivation has well and truly thrown his hat into the ring over the issue of the FBI trying to force Apple to hack the San Bernardino phone.

In an impressive speech he manages to mention Hitler, set back the public view of hackers to the early 80s and threaten to eat his own shoe on national TV. But don't take my word for it, read the whole thing on Ars.



And then afterwards we can have a serious debate about whether Apple should cave in to the government demands or not.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
That poor shoe, what has it ever done to deserve being eaten....
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Poor, poor shoe :(

Btw, what the hell's the Berdinando Phone?

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
It's an iPhone the FBI seized in a terrorism case. Since they can't crack it, they used an over 200 year old statute to force Apple to produce a firmware for that specific phone which would allow the FBI to submit pin codes to it electronically without triggering any of the auto-delete features these things have.

Apple is fighting this, because they believe (rightly so, IMHO) that the average user's right to privacy trumps the state's right to the information on that phone.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline Rhys

  • 26
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Poor, poor shoe :(

Btw, what the hell's the Berdinando Phone?

The phone belonging to one of the shooters in that attack in San Berninardino, California a few months ago. A few days ago, the DOJ specifically ordered Apple to create a custom piece of firmware to bypass the encryption on the device.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
BTW, in case you hadn't noticed it, he's claiming that he's going to figure out the PIN code using social engineering. On a dead man's phone.

Yeah, even rubber-hose cryptanalysis isn't going to help you in this case.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline NGTM-1R

  • I reject your reality and substitute my own
  • 213
  • Syndral Active. 0410.
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Says the man who claims he faked heart attacks in a Guatemalan jail to avoid being questioned on the murder of his neighbor in Belize.

EDIT: Mcafee, that is, not Karajorma. I'm sure Karajorma's escapades in China with the MSS are equally entertaining, but he hasn't blogged about them to my knowledge.
"Load sabot. Target Zaku, direct front!"

A Feddie Story

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
EDIT: Mcafee, that is, not Karajorma. I'm sure Karajorma's escapades in China with the MSS are equally entertaining, but he hasn't blogged about them to my knowledge.

I could tell you, but then I'd have to kill you. :p
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Bobboau

  • Just a MODern kinda guy
    Just MODerately cool
    And MODest too
  • 213
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
If apple doesn't do it for them, the DOJ/FBI is just going to do their own thing and have a team dedicated to cracking iPhones. I'm sorta surprised they don't already.
Bobboau, bringing you products that work... in theory
learn to use PCS
creator of the ProXimus Procedural Texture and Effect Generator
My latest build of PCS2, get it while it's hot!
PCS 2.0.3


DEUTERONOMY 22:11
Thou shalt not wear a garment of diverse sorts, [as] of woollen and linen together

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
There's another article about the subject on Ars. It's quite interesting how what you'd think of as just casual PIN number level security is actually causing them such a problem. I mean it takes next to no work to watch someone and figure out their key, but if you don't have have it, then it's remarkably difficult to crack.

Basically they can't upload new software to the phone unless they have Apple's key. I assume they could simply upload a new OS and hope that they could recover data but they would also risk losing everything that way.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
If it was as simple as uploading new firmware, they would have done it already.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Well once a new OS was uploaded you'd just need to scan the flash memory and try to recover files. I the case had gone against them, I suspect they'd try it since they'd have nothing to lose.

Of course if the phone memory was itself encrypted, you'd be screwed. And without the PIN number, there might be no way to know.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
AIUI, iPhones use the PIN as one component of their decryption keys, so unless you have the PIN, you won't be able to decrypt the phones' content.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline Bobboau

  • Just a MODern kinda guy
    Just MODerately cool
    And MODest too
  • 213
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
one would think the FBI for one of their biggest cases and national security would be able to disassemble the phone and retrieve the content of the phone's (encrypted) memory. without a very public spat with the phone's manufacturer. and we know there is a small town sized data center dedicated to cracking encryption owned by the NSA.
Bobboau, bringing you products that work... in theory
learn to use PCS
creator of the ProXimus Procedural Texture and Effect Generator
My latest build of PCS2, get it while it's hot!
PCS 2.0.3


DEUTERONOMY 22:11
Thou shalt not wear a garment of diverse sorts, [as] of woollen and linen together

 

Offline Dragon

  • Citation needed
  • 212
  • The sky is the limit.
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Can't they just brute-force it? It's a bloody 4-digit number (at least on my phone). How hard can that be? 9^4 equals 6561. A lot of tedious clicking, but hardly impossible even if you have to hire a human to do it, given a few days. Or do the Apple phones use some sort of feature to prevent that?

I don't like this situation because either way, it can establish a dangerous precedent. If the FBI gets their way, that means the government can force corporations to give up access to private data (admittedly, this wouldn't the first time it happened. Even Swiss banks were forced to do that). On the other hand, if Apple gets their way, that means corporations can get away with denying government directives. I think the latter case could potentially be worse, as corporations are much less accountable than all but the most dictatorial of governments.

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Can't they just brute-force it? It's a bloody 4-digit number (at least on my phone). How hard can that be? 9^4 equals 6561. A lot of tedious clicking, but hardly impossible even if you have to hire a human to do it, given a few days. Or do the Apple phones use some sort of feature to prevent that?

Several things about this: iPhones slow down passcode entries if too many false ones are entered sequentially; in addition, if too many passcode entry attempts fail, iOS may wipe the phone. The FBI wants Apple to provide them with a firmware that disables any autodeletion features and that additionally allows them to use WiFi or Bluetooth or USB or whatever to submit pin codes to the device electronically, bypassing the timeout mechanisms in the process.
Furthermore, it is unknown what exactly the passcode is. It could be a 4-digit pin; it could be 6 digits, or it could be this.

Quote
I don't like this situation because either way, it can establish a dangerous precedent. If the FBI gets their way, that means the government can force corporations to give up access to private data (admittedly, this wouldn't the first time it happened. Even Swiss banks were forced to do that). On the other hand, if Apple gets their way, that means corporations can get away with denying government directives. I think the latter case could potentially be worse, as corporations are much less accountable than all but the most dictatorial of governments.

What the latter case actually means is that corporations would be forced to build backdoors into their devices. This completely undermines their basic security, and is thus undesirable; You are endangering sensitive data of millions of people just to have a way to get at the data of a couple hundred. This is not a proportional response.

Secondly, consider that one of the minor points of contention between the US and China at this moment is the US' insistence that Chinese vendors should stop adding backdoors into systems shipped to the US. Do you want to live in a world where the US is allowed to do this, but everyone else isn't? Or worse, a world where no device can ever be considered trustworthy enough for sensitive information?
« Last Edit: February 19, 2016, 09:12:50 am by The E »
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Calling this a 'backdoor' seems dramatic. Rule 1 of netsec is that an attacker with physical access always wins. I'm frankly amazed that the FBI apparently can't just pull the data out of the phone and brute force it without needing Apple's help; possibly they're just leaning on Apple first because it's easier.

If your private data is vulnerable to brute-force attacks like this, it isn't securely private in the first place.
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
I mean, the basic fact of the matter is that the keys to backdoor your phone already exist. Are you really saying Apple can be trusted with them any more than the government can?
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Calling this a 'backdoor' seems dramatic. Rule 1 of netsec is that an attacker with physical access always wins. I'm frankly amazed that the FBI apparently can't just pull the data out of the phone and brute force it without needing Apple's help; possibly they're just leaning on Apple first because it's easier.

If your private data is vulnerable to brute-force attacks like this, it isn't securely private in the first place.

Please read this.

Every piece of information of interest here is encrypted in AES-256 or better, using keys based on the crypto hardware in the device itself. Without retrieving the hardware keys (which ultimately requires having the passcode for the device), it's doubtful that a brute-force attack on the encrypted data would succeed in reasonable time.

So yes. Leaning on Apple is definitely easier than trying to break AES.

I mean, the basic fact of the matter is that the keys to backdoor your phone already exist. Are you really saying Apple can be trusted with them any more than the government can?

Ultimately, yes. Unless, of course, it's in Apple's business interest to use weak security.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Here's an article from Ars Technica to back up my stance: the FBI are asking for help with brute-forcing the PIN, not the master keys for the encryption on every Apple device.

And come on, man, telling me we should trust corporations because 'it's against their business interests to **** us over' is classic libertarian bull****. At least the government is nominally accountable to the people.
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.