What Apple is trying to do here is pure genius. What they are attempting to do is tell everyone that there phones are UN-hackable by the government. And that they will continue to create a greater, beefier version of its OS' in the future to repel hacking threats by big gov. powers. In doing this, they will get a greater increase in buyers of their products that use the Mac OSX or iOS Operating Systems by those people who fear big data, the NSA, and other gov. spying rings.
I know that in a heart beat I would purchase or use on OS that says it is un-hackable by a gov. and have valid proof of the OS being able to repel attacks.
Basically from all of this media attention, the gov. is only giving Apple more money to put towards its security teams. Maybe they might want to tighten their lips and be more quiet on this subject so they do not allow more money to be thrown at Apple.
You contradicted yourself if you had an "unbreakable box" police work would be impossible. Things like public records are what allow for said police work because those exist there can never be a truly private or unbreakable system.
There is nothing wrong with privacy but there is with immunity to the law. The warrant system exist for a reason. If it was properly implemented we wouldn't be in the mess we are today.
It would be nice to have more videos from @DeusQain about networking (if he has time to actually record them!). @wendell videos are pretty cool, he has the ability to explain things really easy and in depth and he covers a lot of technical topics that are quite interesting.
@wendell For the follow-up video: You say that a lot of the time, the encryption standards themselves are very secure, but the implementation of them is often flawed.
As I understand it, this could occur either through ignorance of the person doing said implementation ("what the heck's a salt??") or a malicious third party ensuring the implementation is designed in such a way that they have the ability to circumvent it.
My question is this: How can one tell how secure an encryption implementation is and what are some good ones to use out of the popular well known ones on the market today (truecrypt (officially insecure but unproven), bitlocker, ubuntu LUKS full disk encryption, SSL / TSL in browsers ect)
We can't forget these companies that provide devices and services, not just Apple, they don't just get a request or warrant from the government to provide information. They also enter into contracts with the government that we will all never see or hear about until 10 or 20 years go by. They get paid to release information to the authorities. I'm not saying this is a bad thing, just that it is happening. They also receive lots of funding for their research projects from the government, which they in turn hand off to universities and other 3rd party developers. I would assume that the level of a company's co-operation would directly impact the amount of taxpayer money they take in every year. This Apple situation is definately a marketing strategy, and has no bearing on the real truth of what is going on. No one else will report on these type of issues that know anythting about technology, and so it is totugh to get tot the truth. I'm glad you guys are doing it!
That's exactly what they're doing, or rather the media. It's misleading info & false advertisement, if consumers seriously think they can store data on a device or network which is controlled by a business or organization eligible to follow laws, in a way that no-one except the users has access to it, needs to have their brains examined.
Funny thing, CNN Money actually did an okay digestion of actually reporting what would be done to the phone. It Auto played after the Bill Gates video. We all know what is being asked of Apple, nice to see a main stream outlet actually being articulate about it. http://money.cnn.com/video/technology/2016/02/19/apple-fbi-debate.cnnmoney/
Please Don't use the 2nd amendment to fight for encryption, JayzTwoCents and Paul's Hardware will have to move to arizona, and it will just be a discussion of how many bit's do you need to defend yourself.
What I'd like to know tho is that does all these regulations imply only US citizens? I don't think foreigners get the same treatment, as they haven't in the past. US privacy regulations talk about 'citizens' and not 'human beings' -like they do at least here in Fin. EDIT: my memory failed me; they don't state 'human beings', rather 'data subjects' so I guess you don't need to be human lol
Apple manages to be even worse in Brazil with their pricing, upgrading the RAM on the top of the line 27" imac costs U$988.26. The upgrade to the 1TB SSD costs U$1152.97. The whole computer in the US costs U$4099 with the same specs in the Brazil this thing costs a whopping U$8539.29... That over twice what it costs in the US... Apple never again.
@wendell As a techie, I appreciated and understood everything you guys were talking about, but you guys should make up a video that's a bit more non-techie friendly so we can share it with our uneducated friends/family. :)
On the impenetrable room, I have to disagree with Wendell just as if we need unbreakable encryption we should have that option, in our home we should be free to build whatever we like as long as it meets construction codes and doesn't infringe on anyone else, think of it as a safe room for your family in the case of a break down of society (tinfoil hat on/off).
I do have to agree though about Apples motives......also Mr Gates is even further out of touch with reality then I even imagined, all in all good job/episode guys!
So, the FBI wants Apple to make a signed program that will allow them brute force the password.
@wendell said that such a program can be used on any phone.
But, is it possible for Apple to make such a program that only works a specific phone ?
For example, a program that only works on a phone with a specific serial number (or IMEI, or whatever), and if the FBI wants to access a different phone, then Apple will have to make another program.
The FBI won't be able to modify it to work on other serial numbers because it's signed.
My major has to do with digital forensics so I understand things regarding a forensic view. Cellebrite is amazing piece of software and hardware. I honestly love it because it makes my job easier as a digital forensic investigator. With your idea on hardware debugging contacts on the phone. It already exists, and we use it in the digital forensics world as well. It called Joint Test Action Group, JTAG. This is basically a standard on many that allows testing and debugging on printed secure boards. https://en.wikipedia.org/wiki/Joint_Test_Action_Group In digital forensics we JTAG for various things, locked android phones with USB debugging disabled or proprietary OS. The biggest thing we use JTAG for is for dumping all the raw, physical data on the device. http://forensicswiki.org/wiki/JTAG_Forensics There is another thing beyond JTAG, often used as a last resort because it has the possibly of completely destroying the evidence. This is called chip-off. This is when the memory chip is physically removed from the motherboard and then using various tools we can obtain the raw data of the chip. http://forensicswiki.org/wiki/Chip-Off_Forensics
Honestly, Apple's encryption to me is another challenge for forensic investigators. Instead of getting some half-assed tool from Apple or even the key. I want digital forensic investigators to come up with a really intuitive way around or through it.
OK, since it was suggested that we ask questions, I'll be happy to do so, though they'll probably get buried in a sea of replies.
Unless I'm terribly wrong, the FBI is asking for a way to brute force the phone's encryption key without the added limitations of: a) lag time between retries b) phone erasing memory
1) Well, the actual data security does NOT depend on any of those. These are NOTHING, and nobody relied on ANY of those when they though of encrypting their device. All the user has to do, is to have a truly random key/select a strong password. These added security measures could not even be there in the first place, and it would make no difference. Bruteforcing should be hopeless, yet the police is ASKING for a way to bypass these tiny obstacles, so that it can begin a trip to Mars on foot. Does the iphone impose password limitations? I don't get it. Why is this being made such a big deal? They are NOT putting a backdoor in their actual encryption implementation, I don't see why you (the TEK crew) use this term.
2) Why can't they just open up the phone, get to the memory chips and dump all contents so that they can "passively" brute force at will (that is, without artificial iOS software limitations)?
I assume a different way to do things would be to give the phone in question to Apple, let them install dodgy iOS IN-PREMISES, conduct brute force (if that's as simple as they make it out out be), then give out whatever data.