Israeli biz fingered as the FBI's iPhone cracker

Twofish

Re: Enough.

> I've long been suspicious of AES256 since the DES decryption debacle when an academic broke it with a custom piece of kit.

Except that DES has never, not even to this date, had any significant weakness found. The custom piece of kit was doing nothing more than brute-forcing all possible 2^56 keys.

If that's the only weakness which AES256 has (or even AES128), it's good for the lifetime of the universe. That's not to say there *aren't* weaknesses in AES; just that your argument about DES is at best irrelevant.

If you want to look at something to worry about, go look at Diffie Hellman: designed in the 1970's and with fixed magic numbers in the modp groups.

> no one can have any confidence in the financial system until a true, dependable, Open Source, and uncrackable crypto system is in place

There is no such thing as uncrackable crypto, with the possible exception of one-time-pad and a source of true randomness.

But we do have crypto which is infeasible to crack given current capabilities. And it *is* Open Source, both its design and many implementations of that design.

I won't bother repeating the xkcd about the $5 wrench, but it still stands: there are many, many soft spots which are much weaker than the crypto itself. The wetware in front of the keyboard is the biggest one.

Easy way to find out

"so many tinfoil hats needed lately."

1) No need for tinfoil. Call the hearing, FBI goes to court and states how it can magically now crack the phone while previously saying it couldn't.

2) Call the Israeli (other) company to court to confirm that it ONLY JUST NOW wrote software that could crack it, despite claiming it as a long standing capability of their software.

3) Hilarity ensues or false statement explained.

On the face of it an implausible false statement was made to the court, and so that needs to be investigated and closed up.

To lie to court is perjury even when the FBI does it.

Re: At last, some good news about Windows phones

Indeed, wondered the same thing.

Oh well, as the only two users we should be safe!!!

Re: At last, some good news about Windows phones

> Too good to be true?

Or just security that isn't good enough to need such an expensive toolset to crack?

Re: At last, some good news about Windows phones

NSA had backdoor access to Skype, what makes you think the attitude is any different to Windows Phones?

http://news.softpedia.com/news/Skype-Provided-Backdoor-Access-to-the-NSA-Before-Microsoft-Takeover-NYT-362384.shtml

Re: My god; it's full of stars

There's a reason Israel and America are bestest friends forever.

Well, to be fair, they ARE very good at crypto and have been for many years.

Re: eh? But i thought

You mean you think all Jews think the same and all Israelis are Jewish. Don't let ignorance get in the way of a good jibe!

Re: That president thing...

Yes, I'm sure President-Cum-Dictator Trump would indeed welcome the use of his SturmTrumpers to ride over any and all petty considerations of legality, liberty, and legislative legerdemain.

But I understand: the demon OttoKorrect changed precedent to president in your post. No worries, your point is valid.

Just couldn't resist a dig at the USA's current Idiot-In-The-Running.

I suppose the reasoning was that while they could hire a firm to do the best they could to crack the phone, they might also open up a legal precedent forcing mods to proprietary code. It could then be applied to other companies, including Microsoft, Google, Red Hat, etc.

Fail.

Re: Happy now ?

They already had access to that toolkit. Did you miss the link to the existing contract?

Aug 28, 2013 5:15 pm

The Federal Bureau of Investigation (FBI) intends to award, on a sole-source basis, a fixed price purchase order to Cellebrite USA, Inc. 266 Harristown Rd. Ste 105 Glen Rock, NJ 07452.

Cellebrite will provide two Cellebrite USA UFED Touch Ultimate Kits (Logical and Physical Mobile Forensic Solution) for use in Forensic casework.

Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers. The system will quickly extract phonebook, pictures, videos, SMS messages, call histories, ESN/IMEI information, and deleted SMS/call histories off the SIM for rapid analysis. Cellebrite supports all major technologies (DMA, CDMA,GSM, IDEN) including, Smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm and Symbian) for over 95% of all handset models worldwide....

Given this, it certainly does appear that the FBI was using this as a pretext to gain new powers. I'm no Apple fan, but I'm glad they stood up to the pressure.

FWIW, I actually do feel better that law enforcement can unlock encrypted devices in cases like this, where a judge on a non-secret court has reviewed the specific request and determined there is a lawful reason for doing so.

Re: Happy now ?

>Are you all feeling much safer now when you know that there is commercial entity that can unlock any iPhone without court order<

So, what you're saying is that, if you don't know about something, it doesn't exist?

Don't tell me, let me guess: you're one of those people who've never installed an antivirus/antimalware solution because your systems have never been compromised; never taken an HIV test because you've never had HIV.

>and that FBI now has access to that toolkit ?<

Gosh! You mean that the FBI never knew about Cellebrite until now? Or that Cellebrite would never have agreed to work with the FBI until they were certain that someone else /wouldn't/ work with the feds first?

I've got some natural news for you that I think you might find interesting. I don't know if it's true, because I haven't wasted any time investigating, but (apparently) if we all stopped vaccinating our kids then there'd be no need to vaccinate them in the first place.

Re: Happy now ?

Much safer? No. A little safer? Yes. The thing that worried me about the whole thing, is that if they could lean on Apple to help, it could become a routine procedure. "Hey Tim, we've got another cart of phones to unlock." Whereas I'm sure this Israeli forensic company's services don't come cheap, so they're not going to unlock every phone they get off somebody caught with an ounce of weed or whatever.

I have no problem with them bringing heavy hacking tools and extracting data from the phones of real terrorists like Syed. I just don't want it to be so easy they can do it for no good reason.

Israeli company =/= Israeli intelligence, same as American company =/= American intelligence etc. etc.

Do you actually know something, or just making up allegations to suit?

Re: There are many ways to crack this nut

Phones made of C4?

An interesting new approach: the phone is both detonator and bomb - an all-in-one solution!

I don't know if I'd be up for it myself - what if someone calls me when it's in my pocket?

Re: There are many ways to crack this nut

>something that would be triggered by the owner himself (warranty void, etc.) whenever physical access to the guts were to be sought?

Or link it to a heart-rate monitor app?

Whatever the case, Schneier's point has been demonstrated. It is almost impossible to reliably defend against terrorism because each attack is unique. Whether or not there is anything useful on that iphone, no terrorist will forget to wipe their phone before heading into a battle.

Methinks, however, that the FBI will continue to want the capability which no longer has any relevance to terrorism.

Re: So they did hand it over to Abby

and/or McGeek.