Author Topic: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe  (Read 10134 times)

0 Members and 1 Guest are viewing this topic.

Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Like, look at it this way: presumably the San Bernardino guy left the door locked on his apartment. When the police showed up there should they have just jiggled the knob and said 'welp, can't violate his privacy!'? Or when they asked the landlord for the key, should he have gone straight to the press and decried this sinister erosion of civil liberties? If you don't think law enforcement should ever be able to search anyone's belongings, how do you expect crimes to be solved? If the state is allowed, after appropriate due process, to lock someone in a jail cell for years on end, why can't they look at a phone even after due process?
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline Herra Tohtori

  • The Academic
  • 211
  • Bad command or file name
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
I don't really care much about the details - they're asking Apple to provide assistance in breaking into one of their customer electronics devices. That means they're expected to undermine their own security solutions and, in doing so, make it at least theoretically possible for other parties to replicate the feat. Even if it's just facilitating easier brute force attack on a simple numerical PIN code. Of course the same won't work on strong passwords, but it's the underlying principle that disturbs me.


No company should ever be expected to do that and even if they've done this in the past, it's quite reasonable for them to say, "We don't want to do this".


The question isn't whether companies can, or are allowed to, offer such assistance. Rather, the question is should it be possible for the law enforcement or intelligence organizations to force them into giving that assistance by a court order (under threat of fines, sanctions, or even personal criminal consequences). If that were to happen, then it could become a worrisome precedent case - if it were to be held up in the supreme court, when the case inevitably ends up there.


So far, though, it appears this is not much more than FBI being pissed that Apple is not jumping to render the assistance they think they're entitled to, and that's causing some waves in social media as well as in the US legislative functions (senate/congress).


Like, look at it this way: presumably the San Bernardino guy left the door locked on his apartment. When the police showed up there should they have just jiggled the knob and said 'welp, can't violate his privacy!'? Or when they asked the landlord for the key, should he have gone straight to the press and decried this sinister erosion of civil liberties? If you don't think law enforcement should ever be able to search anyone's belongings, how do you expect crimes to be solved? If the state is allowed, after appropriate due process, to lock someone in a jail cell for years on end, why can't they look at a phone even after due process?


No, see, the analogy is this: The terrorist's house has a special lock that requires a specific key to open. The terrorist has rigged his entire house to explode if someone tries to break in, and there's no other way to defuse it than to legitimately open the lock. So FBI goes to the lock company and asks for them to help them gain access to the house.

The lock company can make a key, but that same key will - if someone gets access to it - make it possible for anyone to open any of those other locks around the world. Lock company doesn't feel comfortable with the situation, and explains that they don't think they should make that key in the first place, much less entrust it to FBI, or anyone for that matter.


Of course the analogy fails because digital information is much easier to protect with passwords and encryption, while physical evidence is impossible to hide in such a way. That's why the police doesn't need to ask for the lock company to open the door - they can just break in and enact their search warrant.
« Last Edit: February 21, 2016, 01:18:58 pm by Herra Tohtori »
There are three things that last forever: Abort, Retry, Fail - and the greatest of these is Fail.

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
You've apparently read nothing I've said. Would it be wrong for the FBI to require, with a court order, that the shooters' landlord give them access to their apartment?
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline Herra Tohtori

  • The Academic
  • 211
  • Bad command or file name
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
I was including your latest comment in my post to avoid double posting, it just took a while to type.

It's a different situation, and getting the landlord to open the door doesn't compromise the lock security of the rest of the population - it's just done to keep the door intact.
There are three things that last forever: Abort, Retry, Fail - and the greatest of these is Fail.

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
This measure does not compromise the phone security of the rest of the population. If your phone security is contingent on a 4-digit passcode the thing compromising it is reality, not the government.
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline Herra Tohtori

  • The Academic
  • 211
  • Bad command or file name
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
This measure does not compromise the phone security of the rest of the population. If your phone security is contingent on a 4-digit passcode the thing compromising it is reality, not the government.


This particular measure, maybe not. As I said, the details are not the crux of this matter.


The problem is in the principle of the thing - should the government be allowed do force companies to compromise the security in their devices for law enforcement or intelligence access in general?


And before you say that the measure doesn't compromise the phone security, I would argue that yes, it theoretically does. It might be unlikely, but it would be in theory possible for someone to gain access to the new firmware that allows easier brute force attacks on the PIN code.


You're correct that a longer, stronger password would probably frustrate any brute force attack within human life time, but again - it's the principle of the thing. If FBI gets approval to force Apple into rendering this assistance, that could easily end up becoming a precedent case if it were to be upheld in the supreme court. Supreme court decisions tend to be interpreted almost like laws in themselves, after all.
There are three things that last forever: Abort, Retry, Fail - and the greatest of these is Fail.

 

Offline Ghostavo

  • 210
  • Let it be glue!
    • Skype
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
They are asking for a tool to allow for a faster retry of your PIN number which, as someone else showed in this very thread:

It could be a 4-digit pin; it could be 6 digits, or it could be this.

If you allow brute force approaches to be faster you ARE weakening security.
"Closing the Box" - a campaign in the making :nervous:

Shrike is a dirty dirty admin, he's the destroyer of souls... oh god, let it be glue...

 

Offline Dragon

  • Citation needed
  • 212
  • The sky is the limit.
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
And before you say that the measure doesn't compromise the phone security, I would argue that yes, it theoretically does. It might be unlikely, but it would be in theory possible for someone to gain access to the new firmware that allows easier brute force attacks on the PIN code.
Except it doesn't compromise it even theoretically. See this article (already posted on the previous page):
http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/
There's nothing stopping an independent hacker from writing the same thing FBI wants Apple to write. The entire purpose of the Apple's digital signature system is to prevent such unauthorized updates from being applied. The thing that only Apple can do is authorizing that particular phone to install the altered firmware. Any modifications (needed to make it run on other phones) would invalidate the signature, making the software useless.

This situation is pretty much analogous to asking for a master key to search someone's house. Very much justified in here, I think that FBI should have the ability to search someone's phone if they have a warrant (which they do).
The old "it's been happening for a while so it's fine" argument.  That DOES NOT make it okay.  And the fact that Apple is using this for publicity doesn't negate the fact that it's what they SHOULD do.  I don't want a corporation OR the government having unfettered access to my data (which is part of the reason I don't have a smartphone).  But if I had to pick one, it would be the corporations.  The government has proven time and time again that they don't give a flying **** about civil liberties.  It's easier to resist corporations by not buying their **** than it is the government, who can and do change the rules to suit them.
Have you ever tried boycotting a giant, multinational corporation like Apple or Google? Here's a hint. It doesn't work. Corporations are less vulnerable to public opinion than just about any form of government short of a military dictatorship (yes, even an absolute monarch is, by some measures, more accountable). Have you seen the things they get away with? The government must be careful about changing the rules, or it's going to, well, stop being the government. A corporation may lose customers, but it'd take a lot more to put a dent in it, especially as they tend to be spread over multiple nations. Not to mention that in many cases you'd have to stop using their services altogether, as opposed to directly paying them. Google gets a huge amount of money from its search engine, despite it not costing a regular user a single cent (and IIRC, even getting it to find your website is free). Not even a violent revolution against them is feasible, since they're not located in any particular place nor headed by a particular person (both the headquarters and the CEO are important, but ultimately replaceable). Government regulations are the only thing keeping them in check (relatively speaking).

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
What the FBI is effectively asking for here is for a landlord to open the door to a suspect's home. The privacy implications are the same, the legal framework is in principle the same; the only difference here is that the landlord in question has more money than most to burn on lawsuits.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline Ghostavo

  • 210
  • Let it be glue!
    • Skype
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Not really, the landlord actually owns the property being searched. This case is more akin to a safe maker being asked for an easier way to crack their safes.
"Closing the Box" - a campaign in the making :nervous:

Shrike is a dirty dirty admin, he's the destroyer of souls... oh god, let it be glue...

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
And Apple still owns the software running on the iPhone, according to the EULA.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline Herra Tohtori

  • The Academic
  • 211
  • Bad command or file name
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
And before you say that the measure doesn't compromise the phone security, I would argue that yes, it theoretically does. It might be unlikely, but it would be in theory possible for someone to gain access to the new firmware that allows easier brute force attacks on the PIN code.
Except it doesn't compromise it even theoretically. See this article (already posted on the previous page):
http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/
There's nothing stopping an independent hacker from writing the same thing FBI wants Apple to write. The entire purpose of the Apple's digital signature system is to prevent such unauthorized updates from being applied. The thing that only Apple can do is authorizing that particular phone to install the altered firmware. Any modifications (needed to make it run on other phones) would invalidate the signature, making the software useless.


That doesn't seem internally consistent.

True - a malicious hacker could write the same thing FBI wants Apple to provide for them. It is also true that to get it to work, they would have to do the extra work of perfectly spoofing Apple's digital signature system. That would be required to authorize the software update.

The former part is more likely than the latter - the best chances of spoofing Apple's digital signatures is to hack (or social engineer) Apple and gain the required information.

The same method could, in theory, be used to gain access to the specific software that enables brute forcing through the PIN code layer of security. Or they could hack FBI or whichever law enforcement organization received the software for their use (their security is probably worse than Apple's because FBI doesn't need to protect their profit margins). In that case, the malicious hacker doesn't even need to do any work besides that required to gain the information, which they can then use to brute force their way into any phone that is compatible with the modified OS.

And before anyone says, I fully acknowledge that it would require quite a convoluted chain of "ifs" to be fulfilled before the proposed "brute force" attack enabling version of the OS could be used for any malicious purposes by a third party. But it is theoretically possible.


But, once again, the details of *this particular case* are not really what interests me.

The core issues is that Apple is asked to undermine their own security solution on their devices. Question is, should the government be allowed to make such requests into demands or orders instead of just politely asking if they would like to help in this matter.

Quote
This situation is pretty much analogous to asking for a master key to search someone's house. Very much justified in here, I think that FBI should have the ability to search someone's phone if they have a warrant (which they do).


It isn't anywhere close to analogous because of the differences between digital security and real life security, like doors and locks.


And, by the way, I fully agree that in this particular case, it might well be justified to use any means necessary to open the phone. But the implications of forcing Apple into doing it could be much bigger than are acceptable.


The real question, in my opinion, remains: Should governments be allowed to force IT companies to undermine their own security solutions?

Are they entitled to do so? If yes, to what degree? Will the limit be just making brute force attacks feasible and hoping for a weak password? Or would more complicated demands, like fully developed backdoors, be considered? And in what context would these tools be used? Regular criminal cases? Terrorism investigations? Issues of national security? How to guarantee no warrantless access, or access by third parties?
There are three things that last forever: Abort, Retry, Fail - and the greatest of these is Fail.

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
The real question, in my opinion, remains: Should governments be allowed to force IT companies to undermine their own security solutions?

Are they entitled to do so? If yes, to what degree? Will the limit be just making brute force attacks feasible and hoping for a weak password? Or would more complicated demands, like fully developed backdoors, be considered? And in what context would these tools be used? Regular criminal cases? Terrorism investigations? Issues of national security? How to guarantee no warrantless access, or access by third parties?

The current law seems to be (IANAL) that requests or orders like this have to be extremely limited. An order to unlock a device or account is OK, an order to unlock every device is not.

Similarly, a law that would make comprehensive encryption solutions illegal would also not be OK.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
If apple doesn't do it for them, the DOJ/FBI is just going to do their own thing and have a team dedicated to cracking iPhones. I'm sorta surprised they don't already.

They do.

There are a number of techniques law enforcement has for cracking into encrypted devices, but they're getting fewer with each passing day and so the calculation of risk-reward plays into it.  Do they potentially burn a cracking technique to access one device, especially one as relatively unimportant as this?

I honestly think this is about establishing precedent rather than the FBI actually being unable to crack this phone.

You are correct.  Law enforcement organizations around the world have been increasing unhappy about the withdrawal of tech corporations from providing readily-accessible, often warrantless, access to encrypted or  otherwise-sensitive electronic systems.  Of course, the authorities in this case also apparently burned the iCloud backup and made their job a lot harder in the process, so it wouldn't surprise me if they genuinely need assistance getting into this particular phone.
« Last Edit: February 25, 2016, 01:43:39 pm by MP-Ryan »
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Yeah, the iCloud fiasco was kinda funny. You can imagine someone in the FBI office shouting "Goddamnit Carl!" over that one.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline AtomicClucker

  • 28
  • Runnin' from Trebs
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Well, to be blunt I support Apple in this case because the FBI screwed up and is now asking Apple to clean up their mess.

It sets both a dangerous legal precedent for police abuse AND weakening security, as let's be honest, if Watergate and the FBI screwing with Martin Luther King, Jr and Johnny Cash have shown us, the FBI is all too human. My take is that we're simply giving the government too much leeway, and the All Writs Act is being used carte blanche for the government equivalent of a secret order to unlock encryption systems.

The very fact the FBI didn't "freeze" the data and consult Apple first before breaking into the phone nearly blew my mind.

Some of you are saying that Apple has to be complicit in abetting the government in essentially retrieving evidence THEY, THE FBI, screwed up. Criminally speaking, the government has committed a minor form of perjury by not properly isolating and procuring the evidence, and that has wide and dangerous implications for the legal system.
Blame Blue Planet for my Freespace2 addiction.

 

Offline MP-Ryan

  • Makes General Discussion Make Sense.
  • Global Moderator
  • 210
  • Keyboard > Pen > Sword
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
carte blanche for the government equivalent of a secret order to unlock encryption systems.

It's not carte blanche, or secret. The order is very specific to this one phone and this one phone only.

Quote
Criminally speaking, the government has committed a minor form of perjury by not properly isolating and procuring the evidence, and that has wide and dangerous implications for the legal system.

Um, no.  That's not even remotely correct.
"In the beginning, the Universe was created.  This made a lot of people very angry and has widely been regarded as a bad move."  [Douglas Adams]

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
Okay, I've changed my mind now that it's clear that the iPhone is obviously a doomsday weapon containing a lying-dormant cyber pathogen
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
 :shaking: Is it ChickenPox?

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: John McAfee - Apple backdoor - Godwin's, defines "Hacker", threatens to eat shoe
To get back to the OP: John McAfee really has no idea what he's talking about.

Quote
Now I'll probably lose my admission to the world hackers' community, however, I'm gonna tell you. You need a hardware engineer and a software engineer. The hardware engineer takes the phone apart and it [sic] copies the instruction set, which is the iOS and applications [sic] and your memory, and then you run a piece, a program called a disassembler which takes all the ones and zeroes and gives you readable instructions. Then, the coder sits down and he reads through, and what he's looking for is the first access to the keypad, because that's the first thing you're doing when you input your pad. It'll take half an hour. When you see that, then you reads the instruction for where in memory this secret code is stored. It is that trivial. A half an hour.

To quote Ars: It's true that Apple could have designed the iPhone this way, if Apple was staffed exclusively by idiots.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns