About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Home » Industry Watch » The Technological

Apple Cooks Barr & Benner

Simply wishing for it won't make it happen.

Get It

Try It

It's a common belief in the IT teaching profession that the worst and most hopeless students are the lawyers, and it's not improbable that the worst of them are those that go on into politics. Hillary Clinton's historic bungling is a perfect example. And now Bill Barr joins the honour roll, aptly assisted by a reporter at the New York Times.

New York Times:
Barr Asks Apple to Unlock iPhones of Pensacola Gunman
by Katie Benner

There are so many things to cover in this bizarre story - and its bizarre coverage - that it's hard to pick a good starting point, or even to decide when it's prudent to jump off the merry-go-round.

AG Barr 'asked Apple in an unusually high-profile request to provide access to two phones used by the gunman'.

How were they supposed to do that? This rivals a recent panicky statement by Sweden's bungling PM that his local law enforcement must 'get better at decrypting' mobile phones.

Do none of these people know how this sort of encryption works? And yes, that's a rhetorical question, for of course none of them have the foggiest.

But does it end with only IT-illiteracy?

'This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence', Barr said, without thinking for one second that if there truly was a back door, then it'd be open to the world. Their lack of understanding when it comes to the most elementary of IT truths is surpassed only by their complete lack of understanding of the bigger picture.

Barr accused Apple of providing no 'substantive assistance'. What 'substantive assistance' would you like, Bill? Would you like them to unveil their own quantum computer, so they can crunch through those devices and perhaps have intelligible data sometime in the next 2,000 years?

It gets worse. From the NYT piece.

'Apple has given investigators materials from the iCloud account of the gunman, Second Lt Mohammed Saeed Alshamrani, a member of the Saudi air force training with the American military...'

Sorry, but does anyone recall why the date '9/11' is so remembered? Or why members of the royal family of Saudi Arabia were shuttled out of the US in the immediate aftermath? No? No one? And AG Barr wants to accuse someone else of not providing 'substantive assistance'?

'The company has refused to help the FBI open the phones themselves, which would undermine its claims that its phones are secure.'

Here it's Benner making a fool of herself. Note her thinking here, unequivocally, that a 'claim' that a gadget is 'secure' can be undermined as soon as you crack it open. This is not about Apple respecting people's privacy. Not this time. This is about a simple - yet evidently obscure - fact (for some) that you can't crack encryption like that. And that's why it's used.

Anyone who thinks Barr and his buddies have given that any sort of logical thought?

'Justice Department officials said that they need access to Mr Alshamrani's phones to see messages from encrypted apps like Signal or WhatsApp...'

Gosh. The jihadist was using software under the control of Facebook, and using another app with a single cluster point. Had the NSA wanted, they could perhaps have helped. But maybe they already are, as with Microsoft and Skype? If you look through that prism at the right angle, that is...

'The evidence shows that the shooter was motivated by jihadist ideology', Barr says, in the surprise statement of the century.

But Bill. Stop. Give us a moment. What would you expect that creep to reveal? And have you ever heard of that other Bill, Bill Binney? The one who said that the actual data - such as you seek - isn't really that important, but the metadata is?

You remember Binney's ThinThread? Binney and Drake and others ran ThinThread on current data after 9/11, and found that, indeed: ThinThread would have prevented 9/11. On metadata alone.

[Note: that clip won't stay up forever, so watch it now.]

'Apple said that it would turn over only the data it had, implying that it would not work to unlock the phones and hand over the private data on them', writes Benner, again distorting the truth. There can be no such implication. THAT ENCRYPTION IS INTENTIONALLY DESIGNED SO YOU CANNOT CRACK IT, YOU CANNOT UNLOCK IT, OR WHATEVER YOU THINK THEY DO WITH STUFF LIKE THAT. GOT IT, KATIE?

This paragraph has more of a ring of truth:

'Apple's stance set the company on a collision course with a Justice Department that has grown increasingly critical of encryption that makes it impossible for law enforcement to search devices or wiretap phone calls.'

Ah! So it's the type of encryption that makes life difficult? What kind of encryption would they like? ROT-13, perhaps?

Here's a mixed bag.

'The confrontation echoed the legal standoff over an iPhone used by a gunman who killed 14 people in a terrorism attack in San Bernardino, Calif., in late 2015. Apple defied a court order to assist the FBI in its efforts to search his device, setting off a fight over whether privacy that was enabled by impossible-to-crack encryption harmed public safety.'

Saying Apple 'defied' a court order - no matter how the court ruled - is again twisting the truth, which somehow seeps into the end of that paragraph (highlighted in bold).

So what would Benner and Barr like Apple to do? Someone snaps their magic fingers and abracadabra the encryption is broken?

'The San Bernardino dispute was resolved when the FBI found a private company to bypass the iPhone's encryption.'

This is murky. How many people believe it?

New York Times:
US Says It Has Hacked iPhone Without Apple, Ending Lawsuit
by Katie Benner (2016-03-28)

By the same author. And for the reason given above, the FBI dropped the case? Really? Perhaps it's true. Perhaps. But didn't they want a landmark ruling? Something, at least superficially, doesn't add up.

How about an encryption/decryption key? And, if such a key exists, why not use the same firm again?

'Apple will not back down from its unequivocal support of encryption that is impossible to crack', writes Benner.

Geez, girl. If encryption can be cracked, it's not encryption, is it? Not much more than a speed bump.

When people were putting 64-bit DES together, the hackers at Ft Meade intervened and begged them not to make it more than 56-bit, so their own supercomputers had a chance to crack it. 56-bit. Keep in mind that adding a single bit would have made it at least twice as difficult. Apple's message digest code today is up to at least 512-bit (SHA) with SHA-8192 not far away (or already here). Do the math.

Remember L0phtCrack?

Peiter Zatko ('Mudge') cracked Microsoft passwords with it. But they were passwords, not encryption keys, and he exploited weaknesses in the method Microsoft used. There's no indication that standard algorithms today have any such weaknesses.

'Barr indicated on Monday that he is ready for a sharp fight. He had said last month that finding a way for law enforcement to gain access to encrypted technology was one of the Justice Department's highest priorities.'

Go for it, dude. Knock yourself out. But clean this up whilst you're at it, OK?

'The investigation into the shooting also found that some Saudi students training with the American military in Pensacola had ties to extremist movements while others possessed pornography, which is forbidden in Saudi Arabia. About a dozen trainees will be sent back to Saudi Arabia as a result.'

Apple Forums:
Forgotten encryption password how to reset

'If the backup you're trying to restore from is encrypted, you will not be able to use that backup if you can't remember the encrypted backup passcode.'

'If on a Mac, & you elected to save the passcode to your Keychain, you can recover the passcode from your Keychain. Otherwise, your backup data is unrecoverable.'

'While you can continue to sync/backup, if you can't remember it & want to remove it, you'll have to delete your existing backups, & restore your phone as a new device. Your data will be unrecoverable.'

'You delete your existing backups here: iTunes > Preferences > Devices.'

Wired (Poulsen) October 2014:
Apple's iPhone Encryption Is a Godsend Even if Cops Hate It

'Rather than welcome this sea change, which makes consumers more secure, top law enforcement officials, including US Attorney General Eric Holder and FBI director James Comey, are leading a charge to maintain the insecure status quo.'

'John Escalante, chief of detectives for Chicago's police department, predicts the iPhone will become the phone of choice for the paedophile.'

'The issue for law enforcement is that, as with all strong crypto, the encryption on the iPhone is secure even from the maker of the device. Apple itself can't access your files, which means, unlike in the past, the company can't help law enforcement officials access your files, even if presented with a valid search warrant.'

Take that last paragraph again.

'The issue for law enforcement is that, as with all strong crypto, the encryption on the iPhone is secure even from the maker of the device. Apple itself can't access your files, which means, unlike in the past, the company can't help law enforcement officials access your files, even if presented with a valid search warrant.'

The following article is good for further reading, as it explains why, in the past but no longer now, Apple could in fact actually help law enforcement. That Barr and Benner can ignore this is perplexing.

Just Security October 2014:
Smartphone Backdoors and Open Computing
by Julian Sanchez

'In fact, much personal data on the phone was already being strongly protected on the iPhone by default under iOS 7, and therefore already inaccessible to either Apple or law enforcement.'

Apple can't do anything about this one. Bill and Katie don't seem to know what they're talking about. And wishing for the impossible won't make it happen.

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Copyright © Rixstep. All rights reserved.