Apple's new encryption

[Peter1469]

Apple's new encryption

This is great news if true. I hope other companies follow suit.

Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.


The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

[Captain Obvious]

Like that's going to stop big brother.

I'm guessing it's more of a PR move than anything else, they'll just be indicted for obstruction of whatever and fined.

[Peter1469]

Captain Optimism strikes!

[Captain Obvious]

Captain Optimism strikes!

Seriously though, you think the DOJ or whoever is just going to say "oh well, guess we can't use that data"?

[Matty]

Hey! If the IRS can hide $#@! from we the people then of course we need to pave a lane for the people. Yay for Apple.

[Green Arrow]

This is a good move that I fully support.

[waltky]

Granny says, "Dat's right - if anybody can, the Jews can `cause dey a smart people...

Report: Israeli Firm Helping FBI to Open Encrypted iPhone
March 23, 2016 — Israel's Cellebrite, a provider of mobile forensic software, is helping the U.S. Federal Bureau of Investigation's attempt to unlock an iPhone used by one of the San Bernardino, California shooters, the Yedioth Ahronoth newspaper reported on Wednesday.

If Cellebrite succeeds, then the FBI will no longer need the help of Apple Inc, the Israeli daily said, citing unnamed industry sources. Cellebrite officials declined to comment on the matter.

Apple is engaged in a legal battle with the U.S. Justice Department over a judge's order that it write new software to disable passcode protection on the iPhone used by the shooter. The two sides were set to face off in court on Tuesday, but on Monday a federal judge agreed to the government's request to postpone the hearing after U.S. prosecutors said a "third party" had presented a possible method for opening an encrypted iPhone.

The development could bring an abrupt end to the high-stakes legal showdown which has become a lightning rod for a broader debate on data privacy in the United States. Cellebrite, a subsidiary of Japan's Sun Corp, has its revenue split between two businesses: a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices and technology for mobile retailers.

http://www.voanews.com/content/israe...e/3250762.html

[waltky]

Secret not likely to stay secret for long...

FBI trick for breaking into iPhone likely to leak, limiting its use
Sat Apr 2, 2016 - The FBI's method for breaking into a locked iPhone 5c is unlikely to stay secret for long, according to senior Apple Inc engineers and outside experts.

Once it is exposed, Apple should be able to plug the encryption hole, comforting iPhone users worried that losing physical possession of their devices will leave them vulnerable to hackers. When Apple does fix the flaw, it is expected to announce it to customers and thereby extend the rare public battle over security holes, a debate that typically rages out of public view. The Federal Bureau of Investigation last week dropped its courtroom quest to force Apple to hack into the iPhone of one of the San Bernardino shooters, saying an unidentified party provided a method for getting around the deceased killer's unknown passcode.

If the government pursues a similar case seeking Apple’s help in New York, the court could make the FBI disclose its new trick. But even if the government walks away from that battle, the growing number of state and local authorities seeking the FBI’s help with locked phones in criminal probes increases the likelihood that the FBI will have to provide it. When that happens, defense attorneys will cross-examine the experts involved.

A new Apple iPhone 5C is on display at a Verizon store in Orem, Utah

Although each lawyer would mainly be interested in whether evidence-tampering may have occurred, the process would likely reveal enough about the method for Apple to block it in future versions of its phones, an Apple employee said. "The FBI would need to resign itself to the fact that such an exploit would only be viable for a few months, if released to other departments," said Jonathan Zdziarski, an independent forensics expert who has helped police get into many devices. "It would be a temporary Vegas jackpot that would quickly get squandered on the case backlog." In a memo to police obtained by Reuters on Friday, the FBI said it would share the tool "consistent with our legal and policy constraints."

Even if the FBI hoards the information - despite a White House policy that tilts toward disclosure to manufacturers - if it is not revealed to Apple, there are other ways the method could come to light or be rendered ineffective over time, according to Zdziarski and senior Apple engineers who spoke on condition of anonymity. The FBI may use the same method on phones in cases in which the suspects are still alive, presenting the same opportunity for defense lawyers to pry. In addition, the contractor who sold the FBI the technique might sell it to another agency or country. The more widely it circulates, the more likely it will be leaked. “Flaws of this nature have a pretty short life cycle,” one senior Apple engineer said. “Most of these things do come to light.”

MORE

[waltky]

Apple iPhone not so secure after all...

Government Hackers, Inc.
April 6, 2016 • The revelation that an Israeli firm cracked the iPhone raises questions about state-corporate espionage.

The Federal Bureau of Investigation (FBI) court battle with Apple over the security system in place on iPhones appears to be over. But some experts in the communications security community are expressing concern because of the Bureau’s unwillingness to reveal what exactly occurred to end the standoff. According to government sources speaking both on and off the record, the FBI succeeded in breaking through the Apple security measures with the assistance of an unidentified third party. The technique used was apparently not a one-off and is transferable as the Bureau has now indicated that it will be accessing data on a second phone involved in a murder investigation in Arkansas and is even considering allowing local police forces to share the technology. That means that the FBI and whatever other security and police agencies both in the U.S. and abroad it provides the information to will have the same capability, potentially compromising the security of all iPhones worldwide.

The breakthrough in the case leads inevitably to questions about the identity of the company or individual that assisted the Bureau. It means that someone outside government circles would also have the ability to unlock the phones, information that could eventually wind up in the hands of criminals or those seeking to disrupt or sabotage existing telecommunications systems. No security system is unbreakable if a sophisticated hacker is willing to put enough time, money and resources into the effort. If the hacker is a government with virtually unlimited resources the task is somewhat simpler as vast computer power will permit millions of attempts to compromise a phone’s operating system.

In this case, the problem consisted of defeating an “Erase Data” feature linked to a passcode that had been placed on the target phone by Syed Farook, one of the shooters in December’s San Bernardino terrorist attack. Apple had designed the system so that 10 failures to enter the correct passcode would lock the phone and erase all the data on it. This frustrated FBI efforts to come up with the passcode by what is referred to as a “brute force” attack where every possible combination of numbers and letters is entered until the right code is revealed. Apple’s security software also was able to detect multiple attempts after entry of an incorrect passcode and slow down the process, meaning that in theory it would take five and a half years for a computer to try all possible combinations of a six-character alphanumeric passcode using numbers and lowercase letters even if it could disable the “Erase Data” feature.

MORE

[MisterVeritis]

This successful attack on the counter-brute-force attack mechanism will cause every device provider to re-evaluate how they ensure the privacy of data at rest on their devices.