• DOJ threatened to seize iOS source code unless Apple complies with court order in FBI case
    22 replies, posted
[quote]The United States Department of Justice (DoJ) has slid a disturbing footnote in its court filing against Apple that could be interpreted as a threat to seize the iOS source code unless Apple complies with a court order in the FBI case. The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter’s iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple’s rhetoric in the San Bernardino standoff as “false” and “corrosive” because the Cupertino firm dared suggest that the FBI’s court order could lead to a “police state.”[/quote] source:[url]http://www.idownloadblog.com/2016/03/14/dos-threats-seize-ios/[/url] For those of you that do not know what this means, this means that the government would be able to push updates [I]as if they were apple and would appear to be completely native and legitimate, and it would set a precedent for them to be able to do this on every single other piece of hardware and software[/I] [t]http://i.imgur.com/WMJymt3.jpg[/t]
[QUOTE=phygon;49938108]and it would set a [b]president[/b] for them to be able to do this on every single other piece of hardware and software[/QUOTE] it's "precedent" for further notice They need to royally fuck off. The court can pretty much throw this out, can't it?
[QUOTE=RikohZX;49938130]it's "precedent" for further notice They need to royally fuck off. The court can pretty much throw this out, can't it?[/QUOTE] Autocorrect nabbed me
Good to know the President thinks the Government should have final control over all private devices.
If the government gets the source code after about 2 months hackers are going to be stealing everyone's info in the world that have a ios device.
[QUOTE=DELL;49938431]If the government gets the source code after about 2 months hackers are going to be stealing everyone's info in the world that have a ios device.[/QUOTE] How the hell will having source permit that? Linux is open source, none of that is happening on any large scale.
[QUOTE=rndgenerator;49938447]How the hell will having source permit that? Linux is open source, none of that is happening on any large scale.[/QUOTE] Linux benefits from having a relatively small market share and thus not getting very large attention from malware producers. Apple doesn't have that luxury, and they also don't benefit from everyone peer-reviewing their code to prevent obvious vulnerabilities. The concern is that releasing these items would make it easier to create malware to infect them with, and would also make it trivial to break into these devices if you physically obtain them.
[QUOTE=rndgenerator;49938447]How the hell will having source permit that? Linux is open source, none of that is happening on any large scale.[/QUOTE] The government having "just" the source code would actually be largely pointless unless they could locate a bug. But, they would no doubt get the private keys used to sign updates as well. Once those are out, anyone would be able to push arbitrary updates to any iOS device. Truly terrifying prospect there.
[QUOTE=rndgenerator;49938447]How the hell will having source permit that? Linux is open source, none of that is happening on any large scale.[/QUOTE] The open source nature of Linux means experts around the globe are constantly fixing bugs and exploits and working to keep it secure. If the source to iOS were to leak, hackers would be able to pour through and find all the exploits that Apple either isn't aware of or hasn't fixed yet.
[QUOTE=soulharvester;49938548]Linux benefits from having a relatively small market share and thus not getting very large attention from malware producers. Apple doesn't have that luxury, and they also don't benefit from everyone peer-reviewing their code to prevent obvious vulnerabilities.[/QUOTE] Linux dominates server market though, which is a large market for hackers. It only has smaller share in user field. Unless iOS is full of holes (they'd get exploited to fuck without source if that was the case), public source will not cause mass hackings. That's just fearmongering.
Obviously not available on iPhones, but is there a free alternative for a phone OS that doesn't allow some outside company to force updates on your phone? I doubt Android in it's current form would allow something as such, but is there another linux-based OS?
[QUOTE=rndgenerator;49938447]How the hell will having source permit that? Linux is open source, none of that is happening on any large scale.[/QUOTE] In my understanding, iOS updates have to be digitally signed for the phone to take them at all. I'm guessing that even on top of that there's more security measures that prevent the OS from being modified. Otherwise the FBI could reverse engineer it and remove the security features preventing a brute force. You can remove them on a jailbroken phone, but to jailbreak in the first place I believe you need access to the homescreen, which of course they're trying to get in the first place. I haven't been following the case so I could be wrong, but it sounds like the FBI and DoJ either want Apple to create such an update for them, or to give them the source and private keys so they can do it themselves. Either one is a horrible precedent to set. I dunno about non-government entities getting access from this, but even without them we still have to worry about the US government gaining full unrestricted access to the iOS.
[QUOTE=proboardslol;49938586]Obviously not available on iPhones, but is there a free alternative for a phone OS that doesn't allow some outside company to force updates on your phone? I doubt Android in it's current form would allow something as such, but is there another linux-based OS?[/QUOTE]There's small ones like ubuntu (if it's even working) and firefox that are unlikely to run on your phone. If you're really concerned about this, it's probably best (and easiest) to just flash a custom ROM to your phone with google apps, and then using f-droid for software. Or go botnet-lite mode like I do and have minimal google apps. Also iphones can install android, it's not really recommended because the OS isn't near as well optimized as iOS. but yeah. There used to be meego but.... rest in peace.
[QUOTE=rndgenerator;49938575]Linux dominates server market though, which is a large market for hackers. It only has smaller share in user field.[/QUOTE] User Share is what tends to get targeted for malware production, users are a lot easier to trick into installing malware than server operators. If you're going to be messing with servers that's more of an active hacking kind of deal, where as with users you just kind of put malware out on the web and wait for them to install it/run it. [QUOTE=rndgenerator;49938575]Unless iOS is full of holes (they'd get exploited to fuck without source if that was the case), public source will not cause mass hackings. That's just fearmongering.[/QUOTE] That's not fear mongering, that's the reality of starting open-source versus developing closed source. If closed-source software gets leaked, whoever has it gets a much easier time finding exploits in the software than those who are open source from the get-go. When a project is closed source, less scrutiny goes into securing it under the assumption that people won't be able to hunt for bugs in the code in the first place, making it more of a guessing game for people trying to exploit it than anything else. Releasing the source code for IOS will make it much less secure.
[QUOTE=proboardslol;49938586]Obviously not available on iPhones, but is there a free alternative for a phone OS that doesn't allow some outside company to force updates on your phone? I doubt Android in it's current form would allow something as such, but is there another linux-based OS?[/QUOTE] You can chuck Linux on most phones
This is why I will never go to ios open source is the only true way to stay in control of your device so long as your the root user. I've recently started learning how to build android roms from aosp source code which is cool. I'm not saying I could one up the government because I obviously couldn't but having control over your device with root makes me feel safer than being on ios.
Question for people who know more about encryption and what not: How easy would a "back door" be to break into by cybercrimnals? I know that is one of the main criticisms of installing a back door. People who argue against it say that this would be crippling from a security standpoint.
[QUOTE=Pantz Master;49939090]Question for people who know more about encryption and what not: How easy would a "back door" be to break into by cybercrimnals? I know that is one of the main criticisms of installing a back door. People who argue against it say that this would be crippling from a security standpoint.[/QUOTE] Wholly depends on the backdoor. There could be a backdoor that allowed brute forcing to be easier if the OS is allowed to be overwritten, which would only be possible with physical access to the phone; or; the encryption could be made to just a password and not encrypting anything at all; which again you'd need physical access to take advantage of but it'd be much easier to get around.
[QUOTE=Pantz Master;49939090]Question for people who know more about encryption and what not: How easy would a "back door" be to break into by cybercrimnals? I know that is one of the main criticisms of installing a back door. People who argue against it say that this would be crippling from a security standpoint.[/QUOTE] All it would take is knowledge of the back door, and maybe the security key. You could brute-force the key after tinkering with the code a little bit and once you break one key, you have that key for all the devices that use it. If they add a backdoor like the government wants, all it takes is someone looking for that back door long enough, or maybe easier, getting that information from the government, who can be quite awful at safe guarding information from people who shouldn't have it. And what's to stop a government employee from selling or leaking that information? Why should we take that risk? Once that key's exposed it's exposed, there's no "redo", it's over, damage done.
Old men don't understand technology and thus destroy everything instead of learning.
[QUOTE=Disgruntled;49939406]Old men don't understand technology and thus destroy everything instead of learning.[/QUOTE] Oi, Old women are doing it too, you sexist!
[QUOTE=Disgruntled;49939406]Old men don't understand technology and thus destroy everything instead of learning.[/QUOTE] Or understand it fine enough and just want unrestricted access as a form of control Like mobile phones have caused governments to topple, that has to make them nervous
[QUOTE=Pantz Master;49939090]Question for people who know more about encryption and what not: How easy would a "back door" be to break into by cybercrimnals? I know that is one of the main criticisms of installing a back door. People who argue against it say that this would be crippling from a security standpoint.[/QUOTE] It depends. The thing about a backdoor is, no matter how hard it is to crack, once it's cracked.... it's over. All security instantly vanishes. More than that, the government shouldn't be able to step in and view anything they want without due process, which back doors would enable them to do.
Sorry, you need to Log In to post a reply to this thread.