Apple, FBI, and hacking iPhones

Isn't that the very issue at stake? The FBI can't attack iOS to retrieve the data, so they're demanding that Apple build a backdoor into the OS in order to extract the data. Basically, they want to flash a compromised version of the OS onto the phone to bypass the security features and encryption. According to Apple, this backdoor doesn't exist and if it did, it would be incredibly dangerous to all iPhone users around the world.

 

Any "bad guy" worth their salt would probably not risk being compromised by something as easily lost/stolen as an iphone. This is just a giant marketing opportunity for Apple. While they hide behind the guise of being righteous.

 

The encryption on the phone is solid, the problem is that Apple could write software that would take away the passcode protections: 10 failed tries causes a data wipe or the back-off delays require an ever increasing amount of time to try all passcodes against.

The problem is these protections aren't in hardware, which wouldn't allow you to bypass these restrictions.

 

This is wrong on a couple of counts:

While I bet the NSA has some way in, a locked iPhone using iOS 8 and above is very tough to crack. Different than a jailbreak.

If anything, this is really hurting Apple's marketshare. Most people side with the government on this one. I have no doubt Apple's losing sales because of their stance.

 

This is a vulnerability Apple would have to create that doesn't currently exist.

 

The DOJ has now threatened to sue to acquire the iOS source code, in fact.

To me it sounds like the current version of iOS doesn't have a vulnerability, but changing the source code could create a vulnerability that doesn't currently exist. I'm not a programmer so I won't claim any kind of authority on this, but if you need to create a custom version of the OS in order to bypass the security, doesn't that imply that the existing version of the OS has very good security?

 

I'm not asking to challenge, I'm asking for clarification. Like I said, I'm not a programmer, but I do try to keep informed.

 

True

How do you define good security? Perfect security? No. Better or worse than the competition? I'd argue yes.

Also very true.

I don't think there is such a thing as a perfectly unhackable device. That said, every company right now, server and device based is constantly trying to get three steps ahead of hackers to make their life more difficult so things are not easily crackable by script kiddies. I'd like to think Apple is doing ok in that department and better than most Android phones out there.

 

It's that the FBI doesn't want to deal with ever increasing security, they want it eaaasy. It's not this one rather pointless phone, it's the precedent they want of making these things easy. It's the same battle congress fought 20 years ago. Sorry, FBI. You'll have to always try and stay one step ahead of companies' security.

 

That is a good question. Do Android or Windows offer better encryption than iOS? Some other phone OS I'm unaware of?

 

That's the purpose of the 'Secure Enclave' that ships with the newer iPhones, it's a closed system that can't be tapped into without losing the keys to all the data.

Apple can upload a signed blob to any phone, that's how it's supposed to work because they're a trusted entity and you can't update iOS without this capability, is this what you're suggesting is wrong? Because the FBI is asking for a signed blob with a compromised security mechanism to allow brute-forcing the PIN. Not even Apple can get the data without finding the PIN first.

 

All iOS 8 and above drives are encrypted (which is what started this). What's not protected enough is the means to write software to allow the FBI to brute force the passcode.

Admittedly, this would be an even more unresolvable issue if passcodes were long enough, but they were 4 digits minimum in iOS 8 and now they are 6 digits minimum in iOS 9. Probably still not enough.

That said, this doesn't prevent the FBI/NSA/etc. from attacking any encrypted drive itself, the hope is that their tools for breaking encryption will take decades and not seconds/minutes, like a 4-digit passcode.

 

but isn't the point Purrin that anyone can't do this? only apple could release a changed version of iOS that would load, china/the NSA/the CIA can't do it because they don't have the signing keys to do so.

I do think it is a security flaw that a new version of iOS can be loaded without having to put the pin in first, and i would guarantee that all of the current "holes" in the iPhone's security will be filled with the release of iOS 10 and the iPhone 7.

The problem is balancing customer access to their own data in the instance that they lose their pin or password(i would be willing to bet this happens a hell of a lot more often than we think), but i think after this case that they will be sealing these holes regardless, or at least providing an option for security minded folks. I would even go so far as to think they will be encrypting iCloud backups so they can't even give those to the FBI in the future, and a giant middle finger over the whole case