There’s something interesting going on with Apple and the US Govt regarding a request to make a specialized boot for an iPhone that was involved in a terrorist attack in the US.
What Apple is being asked to do is push a version of their software to a recovered phone (or create a tethered boot environment,) that does not include the ability to wipe the phone after so many (10?,) failed attempts at getting in.
This will allow agents to just keep entering codes until the phone finally unlocks.
What would probably happen is that Apple would be asked to create a brute force unlock app behind that that would run several million unlock codes against the phone a minute until it finally figured out what actually worked.
Apple’s steadfastly against this because once you unlock here, countries all over the world will request the ability, and next thing you know idea that any iPhone is somewhat secure from prying government eyes is completely gone.
The one bit of protection some people have from a government agency rooting through their digital life to find something to prosecute them for is gone.
Now, the US, FBI, Obama, and the DoJ probably aren’t planning on coming for everyone’s iPhones to see who has been committing thought crimes in a non-synced doodle app, but you can rest assured that the instant that software is out there some tyrant elsewhere will have their agents rounding up suspected dissident’s iPhones.
“But that’s not us,” you say. True, and when an American businessman gets detained in (come up with the name of a fake country that doesn’t sound racist,) and their phone gets taken and they get prosecuted because their dumb ass had photos of (insert dictator, leader, president, etc here) getting (reamed, rammed, sitting on, eating, executing) a (animal, human, toilet, child) or even a browser history of such, what then?
Keep in mind, people store passwords in password manager and Chrome. Someone gets into your phone they probably can get your email, which means they have access to pretty much everything including resetting your bank passwords, getting the confirmation text with the 2-factor authentication, etc.
But wait, this is only going to be for the US govt right? Nope. If it is proven Apple can do this, anywhere they want to sell their product local law enforcement/governments are going to demand it. Including (insert country whose hands you are certain if your phone fell into you’d be blackmailed or robbed blind).
Now, that’s what this is about. Or is it?
Before the idiots decided to open fire at an office party and die in a misdirected attempt at meaning, they communicated via Facebook (we’ve got that,) SMS (we’ve got that,) phone calls (we’ve got that,) emails (got those,) and perhaps something else which we have no idea what it might be. Not even a suspicion from what I’ve read so far.
So we’re going to create the atom bomb of privacy destruction to see if maybe there was more to this.
OK, I understand the idea. But understand that once we create that tool publicly people who lose their iPhone lose their identity, and people die for stupid emails their friends sent them while they’re enjoying their stay in (insert country whose hands you are certain if your phone fell into you’d be blackmailed or robbed blind).
That being said, if the NSA, Homeland Security, and DoJ don’t already possess the ability to copy off the contents of an iPhone and brute force it, I think we should ask for our trillions back we spent on insecurity. They have this ability, why they’re going after Apple to do something rather than making up a cover story saying “we found a post-it-note with the terrorist’s iPhone code,” I don’t know.
Apple can’t even keep their phones from being jailbroken for long by hackers who aren’t paid to hack it, and they try.
So in my scenario (insert country whose hands you are certain if your phone fell into you’d be blackmailed or robbed blind,) now has the brute force unlocker on a Tuesday and by Wednesday it’s on ThePirateBay with 8,000 seeders and the first post claiming that it’s a barely watchable copy and to get the real one at his DVD quality website, and one clueless person claiming that they must be reviewing the wrong thing.
And when you leave your phone in the park, by the time you’ve gotten to the office you’ve sent all your money to a website in Uzbekistan and your credit cards are maxed out. Oh also you’ll find there are emails in your sent items from your phone that would tend to incriminate you in a scheme to assassinate a world leader.
So yeah, head on over to Western Union and send a money order to (insert country whose hands you are certain if your phone fell into you’d be blackmailed or robbed blind,) or the FBI is going to be talking to you, if you survive being SWATTED. Yeah, they’ve got your address, you ship stuff to it on Amazon all the time, or it’s set as Home in maps ;)
Anyway, proceed like your phone can be confiscated and hacked at all times, because it can, this is just some weird sideshow that oddly benefits Apple in the long run.
I believe our agencies already have the ability to break a consumer grade encryption scheme, there is no real security given enough time, this public showdown is really bizarre.
So yeah, Apple can help or not help, result is the same in my opinion. All this does is make Apple appear like they’ve got something that the NSA can’t hack (seriously, write protect, remove one line of code from the loader, change the 10 tries to -1,) and that’s just advertising.