mfioretti: iphone*

Bookmarks on this page are managed by an admin user.

21 bookmark(s) - Sort by: Date ↓ / Title / Voting / - Bookmarks from other users for this tag

  1. It's important to note here that the cryptography aspect is robust. The FBI is not asking for, and Apple almost surely could not provide, any kind of bypass or backdoor for the cryptographic parts of the system. There is no "master key" that can decrypt the files or otherwise break the dependence on the PIN key. The cryptography appears to be secure.

    In practice, encryption isn't usually defeated by cryptographic attacks anyway. Instead, it's defeated by attacking something around the encryption: taking advantage of humans' preference for picking bad passwords, tricking people into entering their passwords and then stealing them, that kind of thing. Accordingly, the FBI is asking for Apple's assistance with the scheme's weak spot—not the encryption itself but Apple-coded limits to the PIN input system.

    PINs, especially four-digit PINs, are highly susceptible to brute-force attacks. With four digits and hence only 10,000 possible combinations, it's straightforward to simply try every number in sequence until you hit the right one. To combat this, the iPhone uses three specific techniques.

    The first is that the iPhone imposes delays between PIN attempts. While the first four attempts can be entered back-to-back, the iPhone will force you to wait one minute before the fifth attempt, five minutes before the sixth, 15 minutes before the seventh and eighth, and a full hour before the ninth.

    The second technique is that the iPhone can be configured to wipe the device after ten failed PIN attempts. When this option is turned on, the phone will discard its file system key after 10 bad PINs, rendering all the file system metadata (including the per-file keys) permanently inaccessible.

    The third and final technique is that the computation used to derive the PIN key from the PIN itself is slow, taking approximately 80 milliseconds.

    It's the first two of these mechanisms that the FBI is asking for assistance with.

    The problem for the FBI is not so much the development of the software; it is getting that software to run on the iPhone.

    The iPhone requires that its firmware have a digital signature that authentically demonstrates that the firmware was developed by Apple and has not been subsequently modified. The FBI does not have (and is not asking for) access to Apple's signing key. It is instead asking for Apple to use its signing key to sign the custom firmware so that the iPhone will accept it and run it. It is this signature requirement that means the FBI cannot create the software itself.

    It's this same requirement that also means that iPhone users would be safe even if the special firmware leaked. Changing the embedded unique identifier within the special firmware would break the signature and thus cause targeted iPhones to reject the firmware. This is why complying with the court demand would not jeopardize the security of any other phones. The cryptographic safeguards don't allow it.


    Indeed, and Apple already knows this, but to publicly be seen "decrypting" an iphone is bad for business, which is what this is all about. Sure Apple, and Google, and Microsoft, and anyone else that can sign updates to your device can easily and trivially spy on you, grab keys to decrypt whatever you have, and etc.

    That's not the point, the point is no one thinks about that, until that is a huge public deal like this case has become crops up. Then, if Apple gives in, people will hear about it (from news sites like this) and will suddenly not trust Apple, causing them to lose business. Nevermind that everyone else can do the same thing, people won't know that though, because if they did they wouldn't be surprised by this either.

    I disagree. This is not grandstanding. The government is using this case as a Wedge Strategy. They waited for the perfect case to bring to the courts. Terrorism. National Security. All of that mania. And with attacks all over the globe and ISIS still big news, it creates a level of fear that helps push things along.

    Tim Cook might have been bombastic in his response, but it was a measured response carefully calculated to respond to the threat at hand.

    Or, more to the point, does acquiescence now obligate Apple to perform similar work on political dissidents for China, people suspected of insulting the king in Thailand, or people with two X chromosomes for Saudi Arabia?

    Exactly this.

    Once the FBI gets its way here, it will open the floodgates. The FBI will then make hundreds if not thousands of requests for this "individual software" for each and every iphone they want to peak into. This is the real danger - that simply through attrition Apple will be forced to create the "true" backdoor, if simply because the FBI and all the other three letters make so many requests that it becomes impossible for Apple to create and sign individual firmwares for each and every request. The FBI doesn't give a shit what's on that phone - they've already got everything they need about "contacts" from the phone companies. They are using this tragedy to further their agenda.

    I'm not sure what they think this phone has on it that they cannot already "see". They can ask the service provider for the numbers called and texted and I'm sure that the browsing history etc is also available from the provider. I have an iphone and store a ton of stuff on it but the plans for shooting up a work party are not complicated. get a gun and ammo, drive, shoot. just what information do they think they MIGHT find that MIGHT make a difference?

    This whole case has about 0 on either side to do with the specific San Bernardino case, or whether Apple can break this specific phone. The whole point of this shit show is to establish a precedent under which the FBI can use the All Writs Act to compel significant engineering work against crypto targets by the people who designed them. They've been running at this wall for a while now 0 » but this case has a decent chance of using the force of public opinion to force an otherwise crazy overbroad reading of the scope of the All Writs Act
    Voting 0
  2. You can’t turn around on the internet without reading hand-wringing about Facebook and the potential extortion of media companies that depend on the social network for traffic, but publishers signed up by the dozens for Apple News. (Vox Media included.) It doesn’t seem nearly as threatening, because Apple has virtually no incentive to make money against news the way Facebook does. Apple has $178 billion in the bank; Apple News could lose a million dollars a year for the next five years and it’s not clear anyone would even notice. Hell, Apple News could lose a million dollars a year for a hundred thousand years and Apple would still have over $50 billion to burn.

    In one fell swoop, Apple’s taken the entire media machine and turned it into just another feature of the iPhone.

    Spotify needs a free service because that’s how it gets people in the door and convinces them to pay, but the labels hate the free service because it doesn’t pay them enough. Spotify needs to add subscribers at a high rate to cover the revenue gap; the best way to add more subscribers is to aggressively sign people up for the free tier, increasing the revenue gap. The flames climb ever higher into the night.

    Apple doesn’t have any of these problems, because it just wants people to buy iPhones. You can pay the $9.99 a month for Apple Music and unlock almost all the songs in the iTunes library, or not. It’ll barely dent Apple’s balance sheet either way; the company is doing a music service because it likes music and sees the writing on the wall as digital downloads collapse in favor of streaming services. Spotify has to invent an entirely new business model, but Apple just has to make listening to music marginally easier.

    The entire music industry, turned into just another feature of the iPhone.
    Voting 0
  3. the freaking out continues. Over in the Washington Post, there's this bit of insanity:

    “Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

    Um. No. That's just ridiculous. Frankly, if pedophiles are even thinking about encryption, it's likely that they already are using one of the many encryption products already on the market. And, again, this demonizing of encryption as if it's only a tool of pedophiles and criminals is just ridiculous. Regular everyday people use encryption every single day. You're using it if you visit this very website. And it's increasingly becoming the standard, because that's just good security.
    Voting 0
  4. mi stavo recando ad un appuntamento utilizzando il programma di navigazione integrato nel mio smartphone, quando mi sono chiesto in che modo riuscisse a captare l’orientamento così accuratamente, promettendomi di indagare una volta rientrato a casa.
    Una veloce ricerca su internet ed ecco la risposta: un magnetometro molto preciso, integrato direttamente nel device ed in grado rilevare costantemente i mutamenti del campo elettromagnetico di base del nostro pianeta.
    Qui è nata l’idea di iElectrosmog: perché sfruttarlo solamente per far funzionare una bussola, quando con i dovuti accorgimenti avrebbe potuto trasformarsi in uno strumento professionale per la rilevazione delle onde elettromagnetiche e quindi dei livelli di elettrosmog ?
    Voting 0
  5. Apple's fingerprint sensor on the iPhone 5S doesn't always work the way it should
    Some iPhones don't approve fingerprints they're supposed to approve
    Sensor is susceptible to problems caused by dust, moisture, and electrostatic discharge,
    User error could also be causing some people's issues with the Touch ID system
    Tags: , , , by M. Fioretti (2013-12-04)
    Voting 0
  6. The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.

    Apple had released the new iPhone with a fingerprint sensor that was supposedly much more secure than previous fingerprint technology. A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days.

    "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints." 1 »
    Voting 0
  7. -
    Tags: , , , by M. Fioretti (2013-09-23)
    Voting 0
  8. For 14 years, the coal industry has been pushing the myth the Internet is an energy hog. For 14 years, I (and other scientists) have been debunking that myth. Last week, I promised a detailed debunking of the iPhone=Refrigerator calculation from Dr. Jon Koomey, the world’s foremost authority on the electricity consumption of the Internet. Here it is.
    Voting 0
  9. the hidden and artificially cheap cost of electricity (“Compare the feeling of paying your utility bill to the irritation of forking out $3.50 a gallon to fill up your car”) reduces the incentive for technology companies to push for energy efficiency in their devices. Having to charge your iPhone constantly is annoying, but we don’t think of it as expensive. We don’t think about the fact that 10 percent of the world’s total electricity generation today is devoted solely to the ICT system.

    But as wireless technology only grows more and more accessible — according to predictions, 1 billion people could be using the cloud by next year — its share of the world’s power will keep ballooning. We’ll need to invest more research in making digital devices more efficient. More urgently, we’ll need to wean the cloud off coal.
    Voting 0
  10. aking the homely iPhone as an example, Mazzucato pointed out that most of its key capabilities came from government-financed research projects:

    Internet access (which makes it a smart, not stupid phone) grew out of DARPA
    GPS grew out of the defense department's NAVSTAR
    Touch screen technology was funded by the CIA and National Science Foundation
    Voice recognition software SIRI derived from defense or military research spending

    And Apple got its start (along with Compaq and Intel) with investment from the Small Business Innovation Research Initiative.

    As for the other lauded behemoth, Google, well that was started when the National Science Foundation invested in its original search algorithm.
    Voting 0

Top of the page

First / Previous / Next / Last / Page 1 of 3 Online Bookmarks of M. Fioretti: Tags: iphone

About - Propulsed by SemanticScuttle