Quote Originally Posted by sonatine View Post
Quote Originally Posted by SrslySirius View Post

How does Apple comply with this request without revealing how it was done? Would the FBI simply hand over the phone and not observe Apple's people doing the work? After Apple returns the phone, would the FBI be able to see what was done and repeat it? If the workaround involves fiddling with the hardware, could an iOS update actually prevent it from being done again? Does encryption really serve any purpose if we actively work on circumventing it?

These are not rhetorical questions (except maybe the last one). I really don't know much about infosec.

I believe the court order was for the unencrypted data and/or PIN, not to produce a viable backdoor, so I doubt there would be any FBI involvement beyond signing for the output once handed off. And Apple could, in theory, cover their tracks with regards to specific breach techniques, but probably the FBI could figure out how things went down by visually inspecting the circuitry and seeing which chips had their pins exposed by having the protective enamel burnt off with acid (SOP, generally).

That said, I think the only reason this dust up is taking place is because the NSA already has the tools to get the data and those tools are classified, so it makes sense to at least try to get Apple to do it.

As for IOS updates 'fixing' the backdoor, I seriously doubt it. A lot of those chips are deliberately installed 'read-only' with hardware mitigations to enforce it, but those hardware mitigations go out the window completely when you expose the actual inner guts of the chip and know what youre doing. Plus a lot of them checksum their image and verify integrity against another read-only source so youre now compromising two chips, or dedicating a lot of work to modifying the image in a way that doesnt impact the checksum, which we've already seen in the wild with MD5 in the form of discreet bit modifications (and hash collisions (hence file integrity checks, SSL certs, binary keys etc no longer using MD5 or worse)). And maybe they use that checksum as a salt for the encryption of the data, at which point you now need to intercept that signal in real time and MITM it both ways during the decrypt'ish() calls.

And honestly I dont think Apple even has the tools to do that.



The NSA should, however.

Again, just spitballing, this isnt my strength.
Apple should reply to the government in plain English "even if its a white lie", that they do not have ability to crack the encryption without destroying the data on the phone. with a paragraph something like above thrown in for good measure, (I have no idea what that means, but it sounds impressive enough to get average Joe consumer from getting pissed at them) to back up their claim. What's the government going to do. Say lier lier pants on fire.


Everybody knows Hillary lied about the e-mail server, yet the FBI hasn't even come out with a ruling or thrown her ass in jail despite over 100 agents working on that case. If people in a Hillary administration are allowed to do what ever the fuck they want, security be damned, she is a far great threat than two dead terrorists. Why don't they commit their limited resources to go after some living terrorists.

Governments been fighting with companies like Microsoft, Apple, and google for years trying to gain access to secure data. This is just another round in a long fight.