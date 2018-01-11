FBI Calls Apple 'Jerks' and 'Evil Geniuses' For Making iPhone Cracks Difficult (itwire.com) 116
troublemaker_23 shares a report from iTWire: A forensics expert from the FBI has lashed out at Apple, calling the company's security team a bunch of "jerks" and "evil geniuses" for making it more difficult to circumvent the encryption on its devices. Stephen Flatley told the International Conference on Cyber Security in New York on Wednesday that one example of the way that Apple had made it harder for him and his colleagues to break into the iPhone was by recently making the password guesses slower, with a change in hash iterations from 10,000 to 10,000,000. A report on the Motherboard website said Flatley explained that this change meant that the speed at which one could brute-force passwords went from 45 attempts a second to one every 18 seconds. "Your crack time just went from two days to two months," he was quoted as saying. "At what point is it just trying to one up things and at what point is it to thwart law enforcement? Apple is pretty good at evil genius stuff," Flatley added.
If it is easy to crack for the FBI, it is easy to crack for anyone.
Any "back doors" will be converted to front doors ( or windows ) soon enough.
And the timing of such a statement. Meltdown and Spectre still in the news, then this.
And if they get the laws they want, they know that cyphertext == plaintext? At least for the bad guys.
If the encryption is breakable, the bad guys will be just as able to break it.
If some kind of key escrow is used, the bad guys will figure out how to compromise the keys ( bribing devs to insert "bugs", bribing devs to make the keys available to the bad guys in addition to law enforcement, bribing the law enforcement key holders to deliver the keys, etc ).
Didn't have to bribe anyone to break every DRM (Score:2)
Companies have spent hundreds of millions of dollars trying to encryption this and that, from various forms of DRM to game console and locked bootloaders. It ALWAYS gets broken, sometimes shortly *before* the product is released. No need to bribe anyone;security is just hard because breaking things is easier than making things. It's a fact that if people can make it, people can break it.
Re: Didn't have to bribe anyone to break every DRM (Score:3)
You're confusing different things. DRM and copy protection are relatively easily cracked because the keys used for decryption have to be available to the software/device in order for it to function; they're just obfuscated in various ways that make them difficult to obtain. On the other hand, when you encrypt a device yourself the encryption key/password does not need to be stored anywhere other than in your head.
And a lot of people - including the FBI guy there - seems to think that his agency is a bunch of saints and always has been and always will.
They should go and read some biographies not written by FBI people about J. Edgar Hoover.
That's almost treasonous talk when Republicans and Democrats are in charge.
And a lot of people - including the FBI guy there - seems to think that his agency is a bunch of saints and always has been and always will.
They should go and read some biographies not written by FBI people about J. Edgar Hoover.
Yeah, I've watched the X-Files. I know the FBI is full of jerks and evil dicks (I was going to say 'genuises', but let's face it, most are far from it).
STABLE genuises
Nerd resentment (Score:2)
Re:Can they be that stupid? (Score:5, Insightful)
To quote CGPGrey [youtube.com]: "there's no way to build a digital lock that only angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics or less of an angel than they appear."
FBI are reminding you they are bullies (Score:5, Insightful)
Pre-cracked encryption is worthless. Might as well force everyone in the world to use TSA locks for physical security, where there are only 5 keys in the world that open them, providing no security at all.
FBI now providing free marketing! (Score:5, Funny)
The FBI is now indicating we should buy Apple devices because the security is good.
Re: FBI now providing free marketing! (Score:5, Interesting)
Either that, or they are lulling their targets into believing they are secure with apple products.
Posted from my secure iPhone
Re: FBI now providing free marketing! (Score:1)
Indeed, notably absent is any mention of how much easier it is for them to unlock the latest generations of phones. Fingerprints and face scans are both fairly easy for the FBI to obtain or create.
Indeed, notably absent is any mention of how much easier it is for them to unlock the latest generations of phones. Fingerprints and face scans are both fairly easy for the FBI to obtain or create.
Except after rebooting, panic lock, or 48 hours the PIN is required to unlock the phone first.
If you think someone is gonna take your phone for bad purposes, shut it down or panic lock it quick. Then the facial/fingerprint recognition is useless.
Except after rebooting, panic lock, or 48 hours the PIN is required to unlock the phone first. If you think someone is gonna take your phone for bad purposes, shut it down or panic lock it quick. Then the facial/fingerprint recognition is useless.
Or just disable the damn thing if you believe there's any reason the police would want to go on a fishing expedition using your phone. You don't have to use it...
Or maybe that is what they want you to believe...
Interesting point. This is quite the sales pitch for Apple's security practices.
Re: (Score:3)
Maybe this is just me, but government/intelligence agencies repeating so many times the message "Apple is the most secure" makes me thing: they already have an pre-cracked encryption and are trying to enforce this devices between his "enemies".
When cases and prosecutions start moving forward instead of phones sitting around in evidence lockers waiting to be cracked to find the evidence they need, you'll probably have a good idea where their capabilities lie.
Oh absolutely. I once waited for AAA for over an hour and a half when they told me it would be 20 minutes. Talk about feeling like a sucker.
Yup. If the IRS threaten to lock you up, just ignore them.
it's a decision (Score:3, Insightful)
Apple isn't any "smarter" or "evil-genuis-y" than any of the other guys out there. They just decided to take their customer's privacy seriously. Google, Facebook, etc are just as smart or evil genius-y, they just put their targets elsewhere because having their customers' information more public is their business model.
I can't speak for anyone else, but I have lots of other issues with Apple, both technical and businesswise.
It still remains a fact that their core business model revolves around the sale of their own hardware and software.
The other biggies are either all or largely about monetizing data about their users.
This difference has real consequences.
I don't buy for a second that Apple care more about privacy out of the purity of their hearts. But their business model allows them to deliver on that front should the
Who's fault is this? (Score:5, Insightful)
Congress Is About To Vote On Expanding the Warrantless Surveillance of Americans [slashdot.org]
I think it's hilarious that they don't realize that it's their own insatiable desire to spy on everyone that is the primary driving force behind the spread of encrypted communications. That they don't realize this truth makes it all the more funny.
Re:Who's fault is this? (Score:5, Insightful)
What these people forget is that average people use these devices to do online banking/shopping/bill pay and that a lost or stolen device that doesn't have good encryption is just another way identity theft and fraud can happen. If protecting the people from fraud and identity theft that costs it's victims over $15 billion a year isn't a priority for these people then they shouldn't be in law enforcement.
It's not law enforcement that makes me want to keep my phone encrypted and password protected it's all the thieves and fraud.
No, that's not a default. Everyone with toddlers would be absolutely pissed if it were
Failure to understand the goal of the encryption (Score:3, Insightful)
They don't do it to thwart law enforcement. They do it to thwart criminals, terrorists, foreign intelligence agents (aka spies), etc.
If the law enforcement people happen to use the same techniques as those groups, well......
Oh cry me a river dance. (Score:5, Funny)
You're not the first Flatley to stomp your feet about something.
Pointless (Score:2)
The only brand of criminals the FBI will catch are the stupid ones.
The more intelligent types realize LE focuses on the phones too much and will simply ensure that they do not conduct their business via the devices in question.
They must know this so it begs the question once again: Are they really interested in criminals phones, or the ability to look at anyones phones on demand ?
Though the way LE treats folks these days, we're all pretty much criminals in their eyes.
I know that story... (Score:2)
FBI, is your security hard to crack? Why? (Score:4, Insightful)
I cannot believe we actually hire allegedly educated individuals to work in the FBI who can't fucking grasp the concept that Apple didn't make good security because of the FBI. Apple made good security because of the actual evil in the world, and to protect their customers.
Wonder how the FBI would feel if we turned around and started asking them the same damn thing about their encryption. How dare they make it very difficult to brute-force. Of all the nerve...
That's nothing (Score:2)
Come back when they're calling them "scoundrels" and "nerf herders".
Courts can order you to unlock your phone (Score:2)
Courts can order you to unlock your phone [wired.com], which means that the FBI is talking about investigations, not prosecutions. I suppose it depends on the investigation; if the phone contains the location someone in North America of a nuclear device set to explode in the next hour, then it might be great if the device got unlocked. Google et al. just cooperate with law enforcement; Apple has opted not to give itself a back door so it does not have to deal with the drama. Public opinion might change after the mushro
"Might"? Remember 9/11?
Only on the internet.
And I swear she said she was 18!
Not black and white (Score:2, Interesting)
The question, as always, is whether the good outweighs the bad.
If we could somehow create magical impenetrable *physical* fortresses that cannot be opened or accessed by the duly-empowered law enforcement and judicial powers of a democratic society, would we say that's just the way it is?
Or would we have a discussion about it on the context of public good and the rule of law?
Re: (Score:3)
Re:Not black and white (Score:5, Interesting)
Re: (Score:3)
You have way too much belief and trust in the US as a "democracy" and "free society." This kind of society ended after 9/11, if it ever existed at all. We might as well build as many fortresses as possible (even if they contain nothing illegal), just to frustrate law enforcement which has made an industry out of eroding Americans' freedoms.
You know what we should do to prevent terrorism? Stop pissing off the terrorists. That's right -- stop fighting wars in places where we don't belong. Stop playing fa
Neo-Nazi charged with terrorism in attempt to wreck Amtrak train, complaint says
A white man who was involved with neo-Nazi groups and who attended a "Unite the Right" rally in Charlottesville has been charged with terrorism for attempting to wreck an Amtrak train, according to a criminal complaint filed in US District Court.
https://www.cnn.com/2018/01/09... [cnn.com]
I also made a helpful graphic for determining when something is "terrorism":
https://twitter.com/daveschroe... [twitter.com]
Domestic terrorists been coming out of the woodwork literally since the 1800s. The KKK. The Haymarket bomb. Weather Underground. Symbionese Army. McVeigh. The "Sons of Gestapo" train wrecking incident. Not to mention mass shootings.
None of this lead to the kind of expansion of the mass surveillance and security-theater apparatus that's happened since 9/11. We'd be better of as a country if we took the advice "never forget" as sentimental garbage and forgot 9/11 ever happened. Moved on, stopped quak
Re: (Score:3)
You have way too much belief and trust in the US as a "democracy" and "free society." This kind of society ended after 9/11, if it ever existed at all
... You know what we should do to prevent terrorism? Stop pissing off the terrorists. That's right -- stop fighting wars in places where we don't belong. Stop playing favorites in the Middle East and Central Asia. None of the countries there are our problem.
This, exactly. In the aftermath of 9/11, I repeatedly said "By all means, hunt down and kill the bastards who did this to you. But then give your heads a shake, do some soul searching, and ask yourself what you did to them to make them so pissed off that they would sacrifice their own lives to fly planes into your buildings". Instead, government took advantage of the attacks, and the anger and fear they generated among Americans, to hugely expand and consolidate their own power base.
You know what we should do to prevent terrorism? Stop pissing off the terrorists.
Appeasement is the best policy! This is why I always tell women that the best way to prevent rape is to stop saying "no".
Re:Not black and white (Score:5, Insightful)
I hate to defend Apple (literally.. I do HATE to defend Apple), but:
"There is no one "right" answer to a question like this save the ones we collectively and imperfectly come to as a society. Absolutist assertions that it is either unbreakable, impenetrable encryption for all, or nothing, are false."
"Apple believes it is protecting freedom. It's wrong."
Well, that absolutist assertion seems like you have an answer in mind.
You're trying to mask it, but a backdoor is a backdoor. If Apple are capable of creating a version of the OS that will update over an existing version on a targeted iPhone and thus render the encryption on their iPhone moot - then there is NOTHING stopping a person at Apple from, say, reading the president's private bedroom photos from his iPhone.
You can say "it won't happen", you can say "nobody would do that", you can say "you just need to pick people carefully", etc. but the fact is that at the end of the day some small group of Apple employees have some method of access to every Apple device on the planet. To suggest that this could never be misused would be false.
As such, to not even have THE CAPABILITY is to render the possibility moot. No, we won't push out targeted firmware to an individual iPhone identified by law enforcement - we'll design systems such that we CAN'T EVEN DO THAT (i.e. one iPhone is no different to any other and can't be identified by such a system). That's how to secure your customers and your business. A kind of legal self-denial if you like. The best way to ensure you can't get drunk is to not have the alcohol in the house at all.
Your other arguments in that article are literal red herrings;
"Apple is welcome to use every legal mechanism possible to fight this court order â" that is their absolute right. But to start and grow their company in the United States, to exist here because of the fundamental environment we create for freedom and innovation, and then to act as if Apple is somehow divorced from the US and owes it nothing, even when ordered by a court to do so, is a puzzling and worrisome position."
So... because Fuck Yeah America! they are required to kowtow and not use a valid legal argument in a US court? I think that's what that article says there. If the US court wished to sanction them, they could and would. You could literally stop Apple operating overnight if the courts so determined that they were that non-compliant. But they presented an argument, which clearly won enough doubt to not push through such orders to being prosecutions for failing to comply. And the rest of the "because they're in the US, they should give us something" stuff is just a distraction based on national pride.
This is about the only thing Apple have ever done that I approve of. It shows that they have at least some semblance of a principle, and - amazingly - it would be much cheaper and easier to comply. They are literally costing themselves money to secure a freedom. That's the one good thing I've ever been able to say about Apple, ever.
And it is securing your freedom too. How? If a guy at Apple can do it, so can a guy at the NSA order him to do it and also to then never speak of it, and that guy at the NSA could easily be working for a foreign state, or to try to discredit the president, or be someone who wants to set you up, etc.
By not allowing the creep to start, publicly, visibly, legally, at great expense and when they could just kowtow, Apple has done more of a service in this small act than can be countered by stopping a terrorist.
Evil: Yes (Score:1)
but geniuses? Thats a stretch.
How dare you lock your door! (Score:2)
Apple (Score:3)
Hate Apple products.
Hate Apple business tactics.
Hate Apple's complete lack of social responsibility.
Hate Apple design.
Their one redeeming feature: That they don't just make it easy for the FBI (or anyone else).
Tell them off and call them names for anything else, I'll be right there cheering you on. But insulting them because they won't deliberately weaken security just in case their users happen to be a terrorist? Yeah, that I won't just jump on board with.
I can't help it, but I somehow think something's VERY wrong when siding with a corporation makes more sense than siding with the government that allegedly works for you...
Re: (Score:3)
A corporation also isn't supposed to work for me. Unless I'm a shareholder. There is no pretending that a corporation has ANY kind of obligation to do ANYTHING for my benefit. Even the product they sell me is at best a necessary evil so they can turn a profit.
An elected government is BY ITS VERY DEFINITION as a government elected by the people for the people supposed to work for me. If it isn't, it loses the very foundation of its claim to power.
Re: (Score:2)
Offering a good or service is the necessary evil on the way to your money. If I could make you (legally) give me your money without providing anything in return, I would do so.
For reference, see religion.
Rooting Android devices to audit them is fairly trivial compared to Apple's stuff. And since 99% of the idiots are unable to secure their own devices, it's also fairly trivial to break in and get the information you want.
"Evil" (Score:1)
Translation (Score:4)
We at the FBI are a bunch of lazy twats who regard the constitution as a piece of toilet paper if it makes our job harder. We also know perfectly well that any backdoor in encrypted software makes the encryption worthless but pretend otherwise in public because we only care about ourselves.
Basically either this guy is evil or an idiot and I'm pretty sure someone at the FBI understands how encryption works so I'm favoring evil. Either way it isn't a good situation for our civil right to have the cops demanding a master key to everyone's (figurative) house.
I agree (Score:2)
It's insanely difficult to root and audit the damn things. About time the FBI is working for us and demanding that we get control over the hardware we buy.
(Sarcasm is in the eye of the beholder...)
Two months still sucks (Score:3)
Law enforcement (Score:5, Insightful)
Evil geniuses ? (Score:2)
Don't let the FBI know that they have a pool at their new building with "freakin' sharks with lasers" too !
F*cking Bunch of Idiots (Score:1)
LOL how delicious! (Score:2)
Mmm yes, cry more sweet tears for me, privacy invaders! Weep at the reality of encryption! Muahahaha!
Math? (Score:2)
Either I need to take my morning coffee or something doesn't add up...
Okay, so from 45 attempts per second to 1 attempt per 18 seconds.
That means that previously there was 810 attempts per 18 seconds, now there is only 1 attempt.
