[StoicEngineer]

The Times reported that iPhone has been hacked.

http://nyti.ms/1SrUyR2

What does that say about Apple's security?

Posted via CB10

[crackbrry fan]

Means that they have none.

Posted via CB10

[A_Aviator_A]

The Tines reported that iPhone has been hacked.

http://nyti.ms/1SrUyR2

What does that say about Apple's security?

Posted via CB10

Any one phone can be forensically hacked. This doesn't really say much about any secutiry. Even a blackberry could be broken into. The issue here was never whether 1 phone could be hacked, it was about the legal ramifications of the government forcing apple to put back-doors in their software.

[TCB on Z10]

Even a blackberry could be broken into.

Has something changed in the last couple of years, since the following CBC news story, or is there something I am not understanding?

"Peter Misek of the U.S.investment banking firm Jefferies says that despite reports alleging the NSA has been able to bypass the security measures intended to protect data on iPhones, BlackBerrys and Android devices, his company, based on conversations it has had with the NSA, is convinced that the security agency has not successfully cracked BlackBerry's custom cryptography.

We think it's NSA-proof, Misek told CBC's business program Lang & O'Leary Exchange. That security is so good, it takes four million years on brute compute force to hack it."

BB, Still the One

[Crapshoot2010]

Any one phone can be forensically hacked. This doesn't really say much about any secutiry. Even a blackberry could be broken into. The issue here was never whether 1 phone could be hacked, it was about the legal ramifications of the government forcing apple to put back-doors in their software.

Well from what I understand Apple claimed they did not have the technology available to do what they were being asked to do. During this time a third party apparently did.

Either Apple caved and tried to avoid a major public relations disaster or they're not as good as they claim to be.

Personally, I think Apple was involved.

Posted via CB10

[A_Aviator_A]

Has something changed in the last couple of years, since the following CBC news story, or is there something I am not understanding?

"Peter Misek of the U.S.investment banking firm Jefferies says that despite reports alleging the NSA has been able to bypass the security measures intended to protect data on iPhones, BlackBerrys and Android devices, his company, based on conversations it has had with the NSA, is convinced that the security agency has not successfully cracked BlackBerry's custom cryptography.

We think it's NSA-proof, Misek told CBC's business program Lang & O'Leary Exchange. That security is so good, it takes four million years on brute compute force to hack it."

BB, Still the One

I'm not a hacker so I don't know how to validate my opinion with a real world example, but I would think that these limitations do not apply to a forensic hack, where the data can be extracted forensically from the hardware into a virtual environment for further manipulations. Obviously something's available out there, if a third party showed up and cracked an encrypted phone in a few days.

Blackberry already has the position that they will comply with any court order to hack into a user's data, so maybe its a mute point.

[Ment]

Government didn't break cryptography in this case either. The speculation was some sort of NAND mirroring which might work on older Iphones.

[TheBirdDog]

Either Apple caved and tried to avoid a major public relations disaster or they're not as good as they claim to be.

Personally, I think Apple was involved.

Posted via CB10

Interesting theory... I actually believe that could be the case. I mean, Apple protects their image while Big Brother protects the general belief that people's privacy rights are somehow still protected at all costs. Seems possible.

[Crapshoot2010]

Either way, it doesn't bode well for Apple.

It's one thing to portray the image that you will stand up to the government and then turn around and do a back room deal with them. It amounts to nothing more than a lie really where as other companies tell you upfront they will comply with warrants.

Or they were legitimately hacked and as far as I know BB10 hasn't been hacked.


Posted via CB10

[Litigator08]

Well from what I understand Apple claimed they did not have the technology available to do what they were being asked to do. During this time a third party apparently did.

Either Apple caved and tried to avoid a major public relations disaster or they're not as good as they claim to be.

Personally, I think Apple was involved.

Posted via CB10

What the gov't wanted was a way to defeat the portion of the OS which wipes all data after 10 missed passcode entries. Apple's claim was not that they couldn't do this; after all, if they couldn't do it, then it wouldn't matter what the court ordered, since Apple could just claim compliance wasn't possible. Instead, Apple explained they could do what the FBI wanted, which was to recode the OS in such a way to defeat the feature and install it on the subject phone, but that it would take some time to do. They also did nt wish to be compelled to do it, since the goal all along was to grease the path by which the gov't could force a manufacturer to help a criminal investigation by requiring that manufacturer to bring into devices on command.

Let's keep in mind, Apple has never claimed the devices were absolutely secure, or that they couldn't be hacked. They simply claimed they had not created the tools that would do so, and preferred not to create those tools. Remember, this started when the government requested a court order in which it claimed that it had exhausted all other potential ways into the device, and needed Apple's help because there was no other option.

[Dunt Dunt Dunt]

Yes this is bad for Apple and great for Blackberry.

Anyone that thinks the FBI will get a hold of their phone... Is going to run out and buy a BlackBerry.

[Crapshoot2010]

What the gov't wanted was a way to defeat the portion of the OS which wipes all data after 10 missed passcode entries. Apple's claim was not that they couldn't do this; after all, if they couldn't do it, then it wouldn't matter what the court ordered, since Apple could just claim compliance wasn't possible. Instead, Apple explained they could do what the FBI wanted, which was to recode the OS in such a way to defeat the feature and install it on the subject phone, but that it would take some time to do. They also did nt wish to be compelled to do it, since the goal all along was to grease the path by which the gov't could force a manufacturer to help a criminal investigation by requiring that manufacturer to bring into devices on command.

Whether Apple was involved or not it didn't take all that long to get results. Something doesn't add up here.


Posted via CB10

[donnation]

Yes this is bad for Apple and great for Blackberry.

Anyone that thinks the FBI will get a hold of their phone... Is going to run out and buy a BlackBerry.

No need. Chen has already stated that they would unlock it for them.

[MikeX74]

To those hoping this will somehow lead to people running out and buying BlackBerry devices...let it go.

[nuff_said]

Yes this is bad for Apple and great for Blackberry.

Anyone that thinks the FBI will get a hold of their phone... Is going to run out and buy a BlackBerry.

Which BlackBerry? The Priv running Android which need patches monthly or BlackBerry 10 the platform with no apps and BlackBerry no longer supports?

[MikeX74]

Which BlackBerry? The Priv running Android which need patches monthly or BlackBerry 10 the platform with no apps and BlackBerry no longer supports?

I think he was being sarcastic, but I'm not sure.

[Prem WatsApp]

T0000 many zer0-day expl01ts in Apple software... =8-o

�   There's a Crack in the Berry right now...   �

[nuff_said]

I think he was being sarcastic, but I'm not sure.

Me thinks you're right, but in case others think it was a serious comment I'm hoping a dose of reality comes in with my previous comment.

[Prem WatsApp]

https://community.spiceworks.com/top...t-pulls-ai-bot

Have a read here. This is good timing for the FBI. And those exploits are just run-of-the-mill regular occurrences that "just need to be patched"... ;-D


�   There's a Crack in the Berry right now...   �

[Prem WatsApp]

It was McAfee!!!!

;-pppp

�   There's a Crack in the Berry right now...   �

[sorinv]

According to BBC, it was Israeli firm Cellebrite.

http://www.cellebrite.com/Pages/ios-...om-ios-devices

http://www.bbc.com/news/world-us-canada-35914195

[LazyEvul]

Has something changed in the last couple of years, since the following CBC news story, or is there something I am not understanding?

"Peter Misek of the U.S.investment banking firm Jefferies says that despite reports alleging the NSA has been able to bypass the security measures intended to protect data on iPhones, BlackBerrys and Android devices, his company, based on conversations it has had with the NSA, is convinced that the security agency has not successfully cracked BlackBerry's custom cryptography.

We think it's NSA-proof, Misek told CBC's business program Lang & O'Leary Exchange. That security is so good, it takes four million years on brute compute force to hack it."

BB, Still the One

Peter Misek as your source for info security analysis is laughable, at best - not to mention that those statements seem to suggest he isn't talking about BlackBerry's device encryption, because that doesn't use any kind of "custom cryptography." It uses AES, which is the industry standard for just about all data at rest these days. He's more likely referring to some element of BES. If I remember rightly, BES employs some of BlackBerry's custom Elliptic Curve Cryptography.

But even if we put those considerations aside, it is highly unlikely that the FBI has cracked the cryptography on the iPhone - it's much the same crypto that most of the industry uses, BlackBerry included, which is generally considered bulletproof.

The consensus among digital forensics folks is that we are most likely looking at a NAND mirroring technique here - basically, copying all of the phone's data off the device, then pasting it back onto the phone after they've used up all 10 password attempts to reset the password attempt counter. Much the same attack is almost certainly feasible on a BlackBerry, or any other phone on the market - to the best of my knowledge, no one currently stores the password attempt counter outside the NAND, because this is hardly a trivial attack. This is very much the kind of thing only a determined and well-funded adversary would try to pull.

Newer iPhones could theoretically solve this by storing the password attempt counter on the Secure Element, but I don't believe Apple currently does that - could be wrong though, I'll have to check Apple's security guide later.

EDIT: I should add, since it's been mentioned a couple times, that it could also be a software exploit - especially given the FBI's rush to classify the hack so shortly after it was proposed to them. This option is considered a little less likely in the forensics circles I follow, but it's not something to rule out. However, it's still not likely to have anything to do with the inherent strength of the encryption - it would most likely be a way to get around the passcode attempt limit. A jailbroken device can get around the passcode attempt limit, for instance, by overwriting the password attempt counter in the file system.

[raino]

Dang, you guys--couldn't you have hurried it up? Even I was getting tired of all the grandstanding; I was running out of things to say! -A relieved Tim Cook, upon hearing this news.

[stevec66]

Question is do you believe that it has been hacked as reported, if Apple had a hand in it as some have suggested or was it a 3rd party who cracked it. My believe is with enough time & patience any programme PC or cell phone can be hacked. Great conversation topic with lots of speculation, no doubt a Hollywood script is being written as we speak about this very subject.

Posted via CB10

[Crapshoot2010]

I think if I was an iPhone user concerned with the security of my device I would rather that it was Apple that breached the security as opposed to a third party.

Posted via CB10