[–] GassyMcGasface 1 points 26 points (+27|-1) ago 

Unless they pay apple the unlocking fee.

[–] [deleted] 0 points 10 points (+10|-0) ago 


[–] CentrunAtoZ 1 points 2 points (+3|-1) ago 

Apple - "I sell dongle and dongle accessories"

[–] Mumbleberry 0 points 4 points (+4|-0) ago 

[–] ArchmageMordenkainen 2 points 15 points (+17|-2) ago 

But where's the feature that stops Apple from unlocking iPhones?

This is just more virtue-signalling bullshit from Apple, they plan to do nothing of the sort and are just trying to get people to forget that they've been violating their own user's privacy for far longer.

[–] RollinDaGrassTyson 0 points 6 points (+6|-0) ago 

Every company that has collaborated in unconstitutional surveillance programs is a traitor to the American public. Guess who's on that list.

[–] Mumbleberry 0 points 4 points (+4|-0) ago 

[–] karmatic 0 points 1 points (+1|-0) ago 

Apple has hardware security modules that wipe when the firmware is changed.

Apple can’t break iCloud - it’s why users have to approve adding new devices to the keychain. When you approve on an iPad (for example), it encrypts the key with the public key of the iPhone that’s being added, so only that iPhone can decrypt the user data.

[–] Boris 0 points 7 points (+7|-0) ago 

Didn't they get into the san Bren phone by simply cloning it and brute forcing the password? With big enough CIA computers, this can't be very difficult. In any case, this seems like theater and is more likely a back door!

[–] Master_Foo 0 points 5 points (+5|-0) ago 

I don't have specific information on what happened, but on the surface, that seems unlikely.

Typically, passwords are stored as hashes, I don't know specifically what algorithm the iphone uses, but modern systems are going to use at least SHA256. Brute forcing an SHA256 hash is outside the capability of any organization. Even the CIA. The energy consumed and time required to farm that kind of problem would cause the heat death of the universe.

The best case scenario would be that the user had a weak password and the CIA went through a database of common passwords. Which in that case, the fool got what he deserved. A weak password is almost the same thing as having no password.

[–] bothrubberandgum 0 points 4 points (+4|-0) ago  (edited ago)

Almost all iPhones have 4 or 6 number PINs, giving you 60 million options at most. Decoding a hash would be incredibly stupid here. Though they added alphanumeric options but you have to toggle advanced settings or something.

[–] sjwTroll 0 points 0 points (+0|-0) ago 

My understanding was the wiring prevented them from brute forcing it on other machines, making it slow, and it would auto delete after so many attempts.

There was some mysterious reset with the online backup my guess from what I remember is they already knew what was on it but wanted a legal precedent for Apple to give them a custom version of the software to hack.

[–] karmatic 0 points 0 points (+0|-0) ago 

Yes, but that’s because it’s an older phone.

Newer phones have their keys burned into the processor and have a “Secure Enclave” where keys are stored.

If you copy the flash, it’s useless to any other phone, because the key is in the CPU and won’t come out.

Imagine a box that has switches on one side and lights on the other. You enter the data with the switches, and the lights show the encrypted data out. Just looking at the lights won’t tell you what the wiring of the box on the inside is.

That key can’t be pulled out in software because the key and encryption is physically put into gates. The only access that software has is to the inputs and outputs - there is no direct connection from the software to the keys. They can just enter data on the switches, hit “go”, and read the lights.

[–] bruddah 0 points 5 points (+5|-0) ago 

Trust us!

- Apple

[–] NorthernMan 0 points 3 points (+3|-0) ago 

Another article stated they work with law enforcement though

[–] karmatic 0 points 1 points (+1|-0) ago 

I run a company that makes security hardware. We follow the law and cooperate with law enforcement, too.

That cooperation isn’t worth much, though. Our keys are in hardware security modules. Customers have access to the source code (so we can’t backdoor it), and putting a device into firmware update mode erases all the data.

The same things that protect against our employees betraying our customers protect against subpoenas too. We can’t give law enforcement what we don’t have, and we can’t be made to do something impossible.

If law enforcement wanted our assistance in exploiting a bug we found, we would promptly fix said bug and notify the customers.

Cooperating with law enforcement and following the law does not mean making their job easy, or actually being useful to them.

[–] Kr1ll1nX 0 points 0 points (+0|-0) ago 

Every tech company works with law enforcement assuming a CALEA, or a general purpose warrant has been issued and provided to said company.

[–] mazgola 0 points 1 points (+1|-0) ago 

real threat is thieves i think.

[–] Aida01 0 points 1 points (+1|-0) ago 

good information

[–] MrPim 3 points 1 points (+4|-3) ago 

Ah haha ha ha ha ha ha hajahajahahshsjJahabhHaHA

[–] shiwankaswe [S] 5 points 0 points (+5|-5) ago 


[–] Mumbleberry 3 points 0 points (+3|-3) ago 

Go fuck yourself, faggot

load more comments ▼ (16 remaining)