Posted on 03/10/2016 10:42:30 AM PST by MeganC
If you truly believe that any encryption you can buy in the public square is 100% secure.. well let’s us just say that is special.
Remember, not that long ago, all the celebrities that got their nude selfies splashed all over the internet? The FBI can, and has, gotten into that phone. This is a much different game being played.
Sounds like something that would be outlawed in the old Soviet Union, like private access to copying machines.
Remember, when they outlaw encryption, only outlaws will have encryption.
As far as the celebrity selfie "hack," again, do you research. That was the result of a very successful spear fishing campaign where the users provided their usernames and passwords at the request of bulk emails sent directly to them. It was NOT an attack against anything encrypted. This CNet article does a decent post-mortem. There was no compromise of encryption.
The majority of compromises are at the hands of insiders (look up the Home Depot POS compromise) or aren't really compromises at all but successful social engineering attacks against specific targets. There's not been a single, documented successful attack against a properly implemented PKI environment. As long as you're using the latest and greatest (TLS1.2 with SHA2 signatures), you're as safe as anyone can be.
Pinging dayglored;, ThunderSleeps, Shadow Ace, for their ping lists. . .
Thanks to MeganC for the post.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
I agree with you, but the totalitarians at the EPA, BATF, FCC, FDA and all the rest seem to think otherwise
So they buy em in Nevada, Arizona or Oregon ..... Stoopid Kalipornia Polidiots.
Uh, Samsung is in South Korea. National sovereignty? Every hear of it? Apple? Are we at war? Regulating commerce does not extend to telling anyone how to design their products beyond environmental hazards and safety. They attempted to do that with firearms. Didn't get too far.
I see you are still making up 98% percent of what you post. You do know that 98% of all online statistics posted–just like this one and yours–are made up by the posters on the spur of the moment. You most of all have a predilection for pulling "facturds" from your rear end to forward your ignorant claims.
In addition to all personal data stored on the iPhones and iPads being encrypted to 255 bit AES encryption standards, you'll find what's also protected here:
http://www.welivesecurity.com/2015/09/10/ios-9-security-boosted-2fa-stronger-passcode/
No. Apple does not have the key. Without a key, it is literally impossible to decrypt 256 bit Advanced Encryption Standard data in anything except astronomical time frames. Only the customers hold the keys to their devices.
They do. They know that anyone can put a 256 bit Advanced Encryption Standard App on any cellular device to encrypt the data they want hidden. . . there are hundreds of them out there. They are pragmatists. They can't stop it.
>No. Apple does not have the key. Without a key, it is literally impossible to decrypt 256 bit Advanced Encryption Standard data in anything except astronomical time frames. Only the customers hold the keys to their devices.<
Apple may not have the key but I would be greatly surprised if there were no back door known by Apple to gain access. The owner of the terrorist phone is dead. If what you say is true then there would be little reason for the FBI to take Apple to court.
“Government does not have the right to tell manufacturers what their products will look like.”
Actually, they do. ITAR.
How about the old fashioned way? Serve a warrant to the owner of an encrypted device, seize said phone & if owner refuses to make data on phone accessible, sort it out in the courtroom with a judge.
It is all about sneak & peek. The agencies who are against encryption want the ability to access smart phones without any prior notification. Delayed notification will be routine and would be extended indefinitely.
The owner has waived all rights to the phone and data within.
In this particular case, yes. Unfortunately San Bernadino did not implement MDM and the FBI screwed up when they had the county change the password.
I am looking at the long game.
No, it was not the current iPhone, or even the past three versions of the iPhone.
The supposed and claimed "hack" was a hack into iCloud, not the iPhones themselves. But even hacking into iCloud was not what actually happened. The "fappening" involved social engineering their way into the celebrities' individual accounts by the simple expedient of changing their passwords through the "Forgot My Password" answering of their too simplistic security questions which, for celebrities, was as easy as reading their celebrity biography. There was no "hack", no superior computer skills required, only stupid celebrities answering truthfully to security questions such as "What elementary school did you go to when you were eight years old?" and "What was your mother's middle name?" The answers to those questions are found in ANY celebrity biography worth its salt, and the perverts who collect nude pictures merely did good research. They got the celebrities AppleID email addresses, told the system they had forgotten their passwords, and then did their research to answer the security questions and changed the password to one of their choosing. In. Copy everything, and out, before the celebrity gets the emailed alert there's anything amiss.
It had nothing to do with brute forcing their way in using "iBrute" which coincidentally was released the same week as the "fappening" was made public. The facts, as revealed later, found that the "fappening" photos were being offered on 4Channel and Reddit for several WEEKS before "iBrute" was every released, and "iBrute" as released could not have even done what was claimed for it, in that it used a dictionary of only the 500 most common passwords. Only two of those passwords met Apple's criteria for use on iCloud. Even more interesting were two passwords that did not match all of the others, being constructed of random characters. These were the iCloud passwords used by the author of "iBrute" and his main tester to prove the concept.
The only way iBrute would possibly work would be to use a dictionary of all possible 8 to more than 16 character passcodes using all 223 characters available from Apple's character set, in an online system that after each try, takes you back to the start to try again. Each try takes at least one minute. The potential number of KEYS you'll need to try will be a mere
In English, that's:
Thirty-seven duodecillion, five hundred sixty undecillion possible passwords.
At one per minute, to try every possible password, it would only take our iBrute user:
In English, thats:
Seventy-one nonillion, four hundred sixty octillion years.
Just to steal some some nude selfies?
The 256 bit Advanced Encryption Standard, by definition, can have only one key.
There ARE NO BACKDOORS to 256 bit AES Standard encryption. The iPhone 5C is not quite as locked down as the 5S, 6, 6S, 6Plus and 6S plus. It is not quite as secure as those modes in that it does not have a Secure Enclave, but its Encryption Engine, which instead of being independent as on those models, is buried deep inside the A6 processor but has its own independence from the data processor segment of that processor. It, and the special code and data stored in it, is unreadable by the data processor or by a ny app running in RAM or any hardware or software probe.
The FBI is demanding that Apple create a new iOS version that voids the lock-outs that prevents playing around with entering the user passcode. . . which opens the phone. The phone allows only ten tries before it makes the data forever unavailable on the phone. Apple does not have the user's passcode.
I'm sure the FBI and others would like this but this would not help with the San Berdoo terrorist's phone. The encryption is of course an Apple trade secret and has value. I would hope that the courts would protect this. But who knows now days. I know that California is trying to stop the sales of strong encrypted phones but they are fascists.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.