DMCA to the rescue!
Dick pics for everybody!!!
So the FBI learned that Appleâs claims of airtight security are grossly exaggerated. Iâm wondering if Apple leadership is quietly relieved. They couldnât very well say our products are imperfect, but they knew it and really the only people who seemed not to were the FBI. Did someone at the Hoover building finally swallow their pride and take a trip up to Fort Meade to ask for help?
âWhatâs clear is that the FBI does not have the in-house capability to develop exploits,â Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an encrypted phone call.
Yeah, you heard that right. VICE is hip! nyah nyah nyah nyah nyah!
yeah isnât this illegal under the DMCA? Canât Apple sue the Feds for this?
Whereâs my popcorn?
If the FBI had an intern whoâd taken the first semester of the Intro to Computer Science course at his college, they knew that neither Apple nor anyone else had built âairtight securityâ into a physical device.
Obviously theyâd have preferred to establish a precedent where Apple could be compelled to create exploits as needed and on demand, but I donât think anyone thought that this phone would stay at the lock screen forever if the FBI really and truly wanted in.
Well, Apple came out the loser here. Although the FBI didnât get the court ruling they wanted, it appears they donât need it. But for Apple, theyâre now branded as the maker of phone with poor security.
and yet
But for many of the remaining American smartphone users, strong data encryption was never really an option. Most Android phones donât encrypt the data thatâs stored on the device, and many come with messaging services that donât encrypt data thatâs sent back and forth between devices.
Unlike iPhones, which are exclusively made by Apple, Android phones are produced by many different manufacturers. Thatâs made it much more difficult for Googleâthe company that designs Android softwareâto turn on device encryption by default. Many of the devices that run Android software have cheap or out-of-date hardware that canât handle continuous encryption and decryption. Google recently required that all new Android devices encrypt device data by defaultâbut exempted slower (and therefore cheaper) phones, making encryption a de-facto luxury feature
so yes. Apple needs to go back the drawing board. But that doesnât mean that Android can be legitimately described as the secure alternative.
I guess, if you donât know anything about encryption or securityâŚ
But thereâs no such thing as perfect security, especially if the attacker has physical access to the device.
I think that you may be overestimating the curriculum of Intro CS 1.
We still donât know what mysterious âoutside assistanceâ the FBI received, and rumors that an Israeli firm sold them an exploit remain unverified. The government says it wonât share the method it used to access the San Bernardino iPhone, but it feels safe to assume that however they did it, they bought the rights to do it again and again.
Or, they bought the rights to do it once. What are the chances of the Israeli firm successfully suing them if they do it again and again?
Maybe. But it canât be that obscure a computing/security concept if I know it.
Correct. Because that title belongs to Windows. Yeah.
NAND mirroring, sucka. Itâs not rocket science.
the FBI is just like all of us who canât stop eating salty snacks.
https://technet.microsoft.com/en-us/library/hh278941.aspx
The ten immutable laws of security, law #3 in effect here. Once they have physical access to you device, itâs not your device.
In the end, it may be as simple as making a mock fingerprint and using that. Remember that you may not be forced to reveal your password, but law enforcement can take your fingerprints and use them. It just requires a special printer to make a usable copy, and is a known hack.
In other words, the whole cracking the PIN thing might be a smokescreen.
At least not when you pit a consumer-priced widget against a nation-state budget. Commercial software may actually be of higher quality than all but the formally-verified-at-great-expense specialty stuff; because development costs get spread over a zillion units; but pretty much the only resistance to physical attacks in consumer toys is either a side effect of miniaturization and integration and devices built to be user-serviceable only by nanites; or because some DRM scheme demands it.
Iâm not sure whether offense or defense is currently the winner in the world of nation-state budget secure hardware; but thatâs a lot scarcer and harder to get physical access to.
The 5c didnât include a fingerprint sensor, so that was vanishingly unlikely to be the attack in this case; but in general fingerprint readers are a pure convenience feature against all but the most casual of attackers. Lifting a print just isnât all that hard, and sensors just arenât all that picky. Better than nothing against a nosy roommate or something; but thatâs a low bar to clear.
