|Totally divorced from reality!
Updated from April 2016
Apple vs. The FBI
This one was just unbelievable to me. In case you haven’t been watching the news lately a Federal Judge ordered Apple to create a software tool that would bypass security mechanisms in Apple’s software so that the FBI, (and anyone else who got the hands on this "tool") could perform what’s known as a bruteforce password attack to guess the password on the phone. The bruteforce attack is trying all sorts of passwords until you get the finally get the right one.
Here is how it works.
Starting with versions of its operating system released in 2014 and later, Apple uses two factors to secure and decrypt data on the phone;
- The password the user chooses
- A unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured.
The user’s password gets “tangled” with the secret key to create a “passcode key” that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes, and if the result is the correct passcode, the device and data are unlocked.
To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes “permanently” inaccessible. This happens after 10 failed guesses, if the user has enabled the iPhone’s auto-erase feature
In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. Instead of being able to try hundreds or thousands of password guesses per second, the feds would only be able to try eight or nine per second. With all the possibilities that exist that could take a very long time.
The FBI wanted Apple to create a version of its software that eliminated these two protections. Apple told them no!
Now for a little reality
Number one, we proceed from a false premise. The iPhone is not impregnable, it’s not even close. It is slightly more secure than the Android devices and slightly less secure than the Windows phone but these and others including Symbian and Blackberry can be hacked!
And it is no secret either. Law enforcement, detectives and private investigators in this country and abroad do it every day. A whole industry exists to provide these services. A simple Google search for Mobile Device Forensics will provide enough research material to keep you reading for a week. The National Institute of Standards and Testing, (NIST) even has guidelines for testing and evaluating these tools.
Companies like Cellebrite, Teel Technologies, Phone Forensics, just to name a few. will provide you with the hardware, software, training to extract data and cloud based information from these devices. They will even provide the services and do it for you. Cellebrite, which has been in this business since 1999, even has a contract to provide their services to the FBI!
All it takes is money. OK so it takes a lot of money. You will have to buy upwards of twenty grand worth of equipment that is only good for one thing and goes obsolete faster than teenage fashions. Plus you will need considerable training on how to use this equipment. It isn’t what you would call intuitive or user friendly.
And if all else fails you could just get one of the previously mentioned companies to do it for you. They can provide you a full report of calls, texts, pictures, videos and more. Of course that will take even more money. But on a case like this that is nothing. The FBI reportedly spent over 1.3 million dollars in the fight against Apple. The cost of the equipment wouldn’t even pay for the lawyers bar tab.
What is wrong with these people? Particularly organizations like CNN, ABC, CBS, FoxNews and their “Investigative Reporters” who don’t seem aware of any of this. And then we have the idiot politicians who immediately jump and make demands. Vowing to defend one side or the other, (mostly the FBI) and issuing proclamations and making more demands.
And who is in charge at the FBI where the left hand doesn’t seem to know what the right hand is doing. The people who broke Watergate can’t seem to find a multibillion dollar industry right in their own back yard. Who, if anyone, is running these organizations?
And then at the last moment the FBI dropped the case. They finally got the information they needed and without any help from Apple. What took you guys so long?
I am not a big fan of Apple
but I am solidly behind them on this one. I may even go so far as to buy one of their overpriced toys just to help support them. It is Apple’s job to make the device as secure as they can. It is the job of others to crack that security.
The lesson in all of this is ...
...never put anything on your phone that you don’t want to share with ten million other people. Pictures, music, documents and personal information can be extracted if your phone gets into the wrong hands. And it seems that the people we trusted in the past are totally incompetent now. Once the data it is out there on the web there is no chance of pulling it back again!
And as always with any important data remember to make a back up!
Go back to the top