{"id":13764,"date":"2016-03-07T20:09:06","date_gmt":"2016-03-08T01:09:06","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=13764"},"modified":"2024-11-08T15:30:42","modified_gmt":"2024-11-08T20:30:42","slug":"federighi-and-cryptographers-on-fbi-vs-apple","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/03\/07\/federighi-and-cryptographers-on-fbi-vs-apple\/","title":{"rendered":"Federighi and Cryptographers on FBI vs. Apple"},"content":{"rendered":"

Craig Federighi<\/a> (via Tim Hardwick<\/a>):<\/p>\n

Your phone is more than a personal device. In today’s mobile, networked world, it’s part of the security perimeter that protects your family and co-workers. Our nation’s vital infrastructure — such as power grids and transportation hubs — becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person’s smartphone.<\/p>\n

[…]<\/p>\n

That’s why it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What’s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.<\/p><\/blockquote>\n\n

I don’t understand what this second part is referring to. It doesn’t sound like what we were talking about before<\/a>.<\/p>\n\n

Paul Wagenseil<\/a> (via Hacker News<\/a>):<\/p>\n

“I don’t think this case is about backdoors,” said Adi Shamir, who with his MIT colleagues Leonard Adleman and Ron Rivest developed the RSA encryption algorithm in 1977. “The FBI is asking Apple to do something very specific. It’s got nothing to do with placing backdoors in millions of phones around the world.”<\/p>

Martin Hellman, who developed the Diffie-Hellman encryption-key exchange with Whitfield Diffie at Stanford in 1976, disagreed, as did Rivest and Diffie.<\/p>

[…]<\/p>

“[Apple] put themselves in a position where they could state they could no longer help,” [Shamir] added. “But they failed because they didn’t close this particular loophole in which Apple can help the FBI. Apple should close this loophole, and then they can really make the argument.”<\/p><\/blockquote>\n\n

Indeed<\/a>, the backdoor is already there in that current phones will accept software updates signed by Apple, without wiping the user data. So, in theory, the FBI could simply compel Apple to hand over its signing key and then build itself the tool that it wants. The line of argument about government conscripting Apple engineers to do custom software development is a red herring.<\/p>\n\n

Likewise, it makes sense to worry about creating a special OS build—because what if it got out? But we face the same situation today if Apple’s key<\/em> somehow got out. No one seems to be talking about that happening, even though the difference is just a matter of some engineering.<\/p>\n\n

This will all get a lot more interesting when Apple makes a phone that’s secure from Apple itself.<\/p>\n\n

Blake Ross<\/a>:<\/p>\n

\n

Governments decided that allowing crew members to fully override the flying pilot using a key code would be insecure, since it would be too easy for that code to leak. Thus, there is nothing the outside pilot can do — whether electronically or violently — to open the door if the flying pilot is both conscious and malicious.<\/p>\n

[…]<\/p>\n

What’s striking is that this incident did not prompt any change in cockpit protocol in the United States. The FAA is improving mental health checks, but at 30,000 feet, we still have a security system where the parameters are widely known to criminals; where the method of abuse is clear; where we see no way for people outside the cockpit to stop it; and we’ve still<\/em> decided the public is best served by keeping the people in the cockpit in charge of the lock.<\/p>\n

[…]<\/p>\n

Unbreakable phones are coming. We’ll have to decide who controls the cockpit: The captain? Or the cabin?<\/p>\n<\/blockquote>\n

Update (2016-03-11): Christopher Soghoian<\/a> (via John Gruber<\/a>):<\/p>\n

DOJ: We tried to be nice. We could just force Apple to turn over the iOS source code and code signing keys.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"

Craig Federighi (via Tim Hardwick): Your phone is more than a personal device. In today’s mobile, networked world, it’s part of the security perimeter that protects your family and co-workers. Our nation’s vital infrastructure — such as power grids and transportation hubs — becomes more vulnerable when individual devices get hacked. Criminals and terrorists who […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-11-08T20:30:44Z","apple_news_api_id":"33054cb9-f40e-411f-90c1-7e221edd1085","apple_news_api_modified_at":"2024-11-08T20:30:44Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AMwVMufQOQR-QwX4iHt0QhQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[629,1347,31,1137,2686,209,48],"class_list":["post-13764","post","type-post","status-publish","format-standard","hentry","category-technology","tag-craig-federighi","tag-federal-bureau-of-investigation-fbi","tag-ios","tag-ios-9","tag-law-enforcement","tag-legal","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=13764"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13764\/revisions"}],"predecessor-version":[{"id":13829,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13764\/revisions\/13829"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=13764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=13764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=13764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}