[saurik]

The reality is that Apple already has unfettered access to this device: they left themselves a backdoor to which only they have the key, in the form of a "secure" update mechanism that is so "secure" that even the user can't control it, only Apple can. To me the actual question here is whether the FBI should be allowed to ask and then force Apple to use the backdoor Apple built into their product; Apple painting this as if they are being asked to build a backdoor instead of use an existing one is them being nothing more than dishonest in an attempt to twist the story and shift the blame. So yes: I think it is fair to describe the security of this device, from the perspective of Apple, as nothing more than a ribbon, as Apple already has "unfettered access to [your] data". Apple trusts users so little that they don't give users control of the hardware they own... this is frankly a good lesson on them that this is responsibility they should never have hoarded. "Here's hoping that the iPhone 7 no longer has a backdoor that is controlled by Apple."

[pfg]

I don't think this is a fair assessment. Apple is being asked to create a firmware version without brute force rate-limiting. With a sufficiently complex passphrase, the FBI is still SOL. They're not being asked to create a firmware version that would decrypt the disk - which would be impossible due to the iPhone's security architecture. The fact that only Apple is in a position to sign firmware that could do this is a positive thing in this context. The only alternatives are no firmware signing at all (so everyone could run this attack), no updates at all, or enforcing the rate-limiting in a HSM (which is what they're doing on the latest generation iPhones).

[saurik]

> Apple is being asked to create a firmware version without brute force rate-limiting.

This is a one line of code change for Apple and would take them a few minutes. FWIW, there are people in the iOS jailbreaking community who could do this without the source code rather quickly. I'll even go so far as to say that we actually already have all the tools for this lying around for the iPhone 4, and with only minimal changes made by even less qualified engineers they would probably work on the iPhone 5C.

> With a sufficiently complex passphrase, the FBI is still SOL.

Most people use the 4- or 6- digit PIN number. One presumes that in this case the user did so (and you can tell, as the UI is different depending on the kind of passphrase used), or the FBI wouldn't be quite so excited to bother here. It takes mere minutes to crack a 4- digit PIN code on the iPhone 4.

> The fact that only Apple is in a position to sign firmware that could do this is a positive thing in this context. The only alternatives are no firmware signing at all (so everyone could run this attack), no updates at all, or enforcing the rate-limiting in a HSM (which is what they're doing on the latest generation iPhones).

You have conveniently removed "allow the user to lock everyone out from firmware updates except themselves" from the list of possible options :/. While I am perfectly happy with the idea that some people might want to allow Apple to update the firmware on their device, I would much rather no one be able to do that unless they go through me, and as I own the hardware and it is my data that is on the line, I should have the right to make that decision. Apple is selling locks, claiming them to be secure, while not only sitting on a master key but now claiming that it isn't really a master key, which is not just disingenuous but outright dishonest at this point.

[pfg]

I think there are a lot of conflating issues in this discussion.

Firmware signing and how updates are delivered are one thing. I would argue that having only one possible adversary is preferable to everyone being able to create firmware that runs on your device. If there's a practical and secure approach that would allow users to install only firmware updates they approve of, I'd be all for that[1]. In the end - please correct me if I'm wrong - this would require a user-generated key or passphrase of some sort, and then we're back at a brute-force problem and the question of how secure is that passphrase and how are rate-limits enforced.

The iPhone's disc encryption, however, does not rely on this so-called master key. That's why I think calling this a backdoor isn't a fair assessment. It's entirely reliant on the complexity of your passphrase. The iPhone's security architecture, including the firmware signing and in newer versions the secure enclave, make attacks against this significantly harder (or next to impossible, if the secure enclave firmware is actually read-only ... something that definitely needs to be clarified). Compare this to your typical desktop full-disk encryption, where you usually have no countermeasures whatsoever against this kind of thing.

[1]: Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.

[saurik]

> Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.

I think users should be allowed to make the security tradeoffs they consider relevant. Many people leave a key to the door of their house somewhere outside but nearby, yet I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want. Meanwhile, this enables the people who want more security than "I trust Apple, all of Apple's employees, Apple's security from hostile third parties, and the government under which Apple does business" to go "above and beyond".

> That's why I think calling this a backdoor isn't a fair assessment.

I am using this term because Apple is using this term: they said "They [the FBI] have asked us [Apple] to build a backdoor to the iPhone." when what the result would be would still require brute forcing a passcode to get the data in question. They make it sound extremely hard, but in fact it is really easy for them to do this: it is a single line of code changed; what makes it possible for them to do this is not that they haven't bothered to build it, it is that they are moral enough to not want to do it, and they are the only people with the key... but the key, fundamentally, is equivalent to the power the FBI wants. The FBI could "build" this backdoor for themselves if Apple handed them that key.

[studentrob]

> I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want.

Shouldn't Apple be allowed to do as it wants?

> what is fundamentally different is only that people realize the government might be able to force Apple to use their key.

The public already knows from the ongoing debate that the current iPhone is unlockable by Apple. What difference does it make if the key does not exist yet, as Apple says, or if it does, as you say? Everyone knows the power is in Apple's hands. We'll all demand better iPhone security as a result of this discussion.

> this enables the people who want more security ... to go "above and beyond".

I understand you are asking Apple for a specific feature that gives more security. Regardless of the existence of this particular case, you would still be trying to raise awareness and gather support for pushing Apple to implement that feature. Is that fair to say? I support you in that effort. I also think this discussion ought to be held separately, perhaps after the case, so that we can focus on not giving the DOJ any means to handcuff the tech companies. The results of this case will have a dramatic impact on all tech, and if you truly care about privacy and security, you will support Apple's stance.

Let's table the debate about how Apple needs to improve its phone security and allow users to update firmware, and focus on matters at stake: whether or not the DOJ should be able to compel Apple to hand over the key. Whether or not that key has been created is irrelevant to the fact that if the DOJ wins this case, it is one step closer to mandating that Apple make all their phones unlockable.

[acqq]

> I'll even go so far as to say that we actually already have all the tools for this lying around for the iPhone 4, and with only minimal changes made by even less qualified engineers they would probably work on the iPhone 5C.

Then there's even less reason to use All Writs to make Apple do it, unless it's to make the precedent to force the device makers to backdoor their products.

Just do it, for all of us, make that tool for 5C. But don't support FBI using this case to make "All Writs able to change products" precedent.

[saurik]

You seem to still fundamentally misunderstand the situation, as you seem to be challenging me to build the tool today and get Apple off the hook, as if that was all that mattered.

I can build the tool. What I can't do is sign the result. The only thing any of us are missing is the 4096-bit RSA encryption key used to sign the firmware. The way we load this tool onto the iPhone 4 is using a vulnerability in their bootloader that lets us bypass the signature check. There is only 512 bytes of data at question here, not some insurmountable amount of work.

[acqq]

> he only thing any of us are missing is the 4096-bit RSA encryption key used to sign the firmware.

Ah, so Apple's encryption does actually work.

That's the essence of the good encryption: everything is known, except the key. You are not supposed to have it. FBI, hopefully, isn't supposed to have it too. That's why we have laws. Checks and balances and stuff. Laws made for specific cases, not "we can do anything."

[saurik]

If this were a normal door lock that someone possessed the master key to, the FBI would have just requested access to the master key temporarily. The FBI is not operating outside the law here: they have a court order. While in some ways it would be more horrific, I'd almost rather see them ask the more analogous question "we would like a copy of your master key" to see how Apple responds, as they'd no longer be able to pretend like it would take them a lot of time to build what the FBI wants: the FBI would just be asking for literally 512 bytes of data that Apple has that stands between them and their goal.

[rrego]

You're really missing the point. Yes the only relevant code that is going to be run on that device will code signed by Apple. I don't think FBI will have direct access to this "key".

The FBI wants Apple to create "malicious" code/update/software version that would allow for multiple decryption attempts among other things. Apple CAN comply with these requests, probably easily. However, by doing so they will destroy trust in Apple signed code and set a precedent.

It doesn't matter WHO has the key because Apple will be acting in proxy.

[studentrob]

It sounds like you could really make use of that key

[zer01]

Fair points, though to be fair the iOS platform is by and large the most secure mobile platform we have (please correct me if I'm wrong, you absolutely know better than I). Still, as long as the backdoor remains, it will always be possible to carry out malicious updates like this.

As far as I understand the secure enclave has been updated a couple times since it's introduction, so I legitimately hope this was a v1, with secure enclave v2 (without update functionality) waiting to be released in Sept.

As a side-note - one of the things I struggle with is I'm not convinced that Apple really had a tangible reason to make it as secure as it is, especially when their main competition was android, which is fairly laughable with security thanks to the OEMs.

[saurik]

I think Apple in general and Tim Cook in specific are highly moral people: I think they are truly looking at security as a way to make the world a better place; in discussions I have had with employees at Apple, they truly do attempt to build systems where even they don't have access to your information... only at the same time, but somehow from the other side of their mouth, when questioned about their ability to do things that are evil when they do have that ability, they just say "well, we'd never do that", and refuse to discuss scenarios where "we" is difficult to define (as it only takes a finite number of disgruntled employees to decide to do something bad) or they are forced by external parties (such as the United States government). I'm honestly kind of glad to see that latter scenario actually play out, and particularly to see it play out so publicly, so we can see how they react as "well, we'd never do that" even has the possibility of turning into "fuck, we were forced to do that".

[zer01]

Agreed, I'm extremely glad this is being done in such a public fashion. It's important to have transparency about these issues.

[brbsix]

Doesn't the secure update mechanism simply permit access to the system partition? This late in the game, how can that possibly give Apple user filesystem keys? Those require the PIN or password. An OS update at this point can only permit rapid brute force iteration. Obviously "unfettered access to the device" is really useful to steal user keys while the device is unlocked, but it's not so helpful after the fact.

[saurik]

> Obviously "unfettered access to the device" is really useful to steal user keys while the device is unlocked, but it's not so helpful after the fact.

Exactly: the ability for Apple to send a specific user a different firmware update than they send everyone else is extremely brutal and there is absolutely no way the user (no matter how intelligent) could even tell that they were being targeted as the only person who has even remotely powerful access to the firmware being loaded is Apple themselves.

> This late in the game, how can that possibly give Apple user filesystem keys? Those require the PIN or password.

You just brute force this. On the iPhone 4 it took minutes to brute force a 4- digit PIN code, and clearly it wouldn't be a challenge to brute force a 6- digit PIN code (this is still less than a day). If the user has a password, it might take a while (depending on how good it is), but it is still a guaranteed attack. You can quibble with me on the definition of "unfettered", but I maintain that "will take (maybe) some time but almost no effort to get a 100% success rate, and which will complete almost certainly before the statute of limitations expires on the crime" is not usefully "fettered".

[NEDM64]

Sure. It's a Backdoor that only you and Apple know of. Right?

[saurik]

No: it is a backdoor that everyone in the world knows of, including the FBI, which is why this is even a question. Apple is the only party allowed to change the software running on the device, using their software update encryption key: this is a backdoor into at least this device (an iPhone 5C).

[rrego]

More or less correct if fully trusting any signed code by a third party (Apple) is a backdoor. For what it's worth, signed code imparts security benefits to Apple and Android users who indeed can't be trusted to not screw up their own phones.

Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.

FBI would have done better to ask Apple in secret. Apple really made the only possible choice when faced with a public request.

[zer01]

Signing code can only do so much.

What Apple possesses is the somewhat unique ability to design a system that is actually secure by burning the key into the secure enclave and not allowing it to be updated. The only way someone would be able to get to it then is by attacking the physical hardware itself (which I'm sure an NSA-level attacker could do), but it would render this entire thing moot, as even Apple wouldn't be able to unlock the phone if it wanted.

I say unique because they can bake security into the actual hardware design, and tightly control how the entire thing works, which android & windows simply can't do. In order to trust your OS (and in turn, your signed software), you have to trust your hardware first. The security of the entire system falls apart if you can't trust your hardware.

[saurik]

> FBI would have done better to ask Apple in secret. Apple really made the only possible choice when faced with a public request.

I agree. I will go further and say that I hope Apple would make the same decision in secret. I believe Apple in general and Tim Cook in particular to be not just moral, but "principled", in that I feel like he's unlikely to back down from a moral argument without being beaten into submission. I hope Apple fights this one to the death.

> Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.

The question at hand is whether it makes sense to trust a company when their government wants them to do something and may technically have the law (as broken as you or I or even "almost everyone" feels that law is) on their side. This is the same discussion about putting data on servers in other countries run by companies that might bow to the will of some oppressive totalitarian regime, only the server is in your pocket and the regime is the United States through the FBI.

[camillomiller]

This is completely upside down. Can all Apple haters for once put down their haters' hat and try and be reasonable for the good of everybody?

You phrased all that just to get to the conclusion that Apple is an over-controlling company imposing rules on otherwise super tech savvy users. Well sorry to break the news for you, but people decide on their own which smartphone to buy.

Globally, most of the time, it's an Android phone. Globally, most of the time, it's an OLD and cheap Android phone, with firmwares so old and so full of holes that calling it insecure would be an euphemism.

But hey, I suppose they're much better off, since they can DECIDE what phone to buy, right? It's certainly not their income deciding for them... Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!

[saurik]

As long as you don't care if someone can attempt to pull the data from your phone like this, then sure: go ahead and buy that phone. The people generally in these threads, however, and apparently the opinion of Apple itself, is that the FBI should not be able to get the data off of this device; as it stands, Apple can guarantee their eventual success.

> Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!

This makes no sense. Sure: someone can make their device less secure if they want. I absolutely support you doing that. They can also try to use vulnerabilities to take back control of their device and make it more secure (though with an iPhone there are some serious issues with this, due to how almost impossible it is to lock Apple out). But what does this have to do with the conversation at hand? Can you connect any of this back with the FBI discussion?

[camillomiller]

> This makes no sense. Sure: someone can make their device less secure if they want. I absolutely support you doing that.

Well yeah, I guessed so. People in Cupertino probably think that's basically your mission :D (I don't, though). What I wanted to say is that building a security platform that completely locks you out of the device you're building is 1) Hard 2) full of political and legal implications. Even then, Apple is the only manufacturer with such a clear roadmap in that. Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way? When they're less secure by design?

That was my objection.

[saurik]

> People in Cupertino probably think that's basically your mission :D (I don't, though).

Good, because anyone who thinks that even casually is either completely uninformed or an idiot :/. (I vaguely apologize for the bluntness, but this is an insinuated attack even with the statement that you don't believe it, at which point one would question why you brought it up in the first place.)

> Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way?

You clearly have never been to one of my talks; I outright told an entire audience of people at DragonCon, most of whom used Android devices, that they should not use an Android device if they even remotely cared about security, and sat there and took it as they boo'd me: I am extremely vocal about the flaws in Android devices.

Only today, we are talking about Apple. And today, Apple is being disingenuous: they are making it sound like it would be some herculean effort to build some massive crowbar to defeat their otherwise impenetrable device, when in fact what the FBI wants can be accomplished by Apple in a matter of hours, and that the underlying security of this device comes down to something Apple would rather people believe is a good thing--that they have more access to the hardware you own than you do--than ever even momentarily consider to be a flaw.

[camillomiller]

I'm a non-native speaker Jay, don't imply insinuations, because I'm usually not so subtle with my language. That was just a bad joke.

Believe me, I do think your work is phenomenal. Period. I'm sorry I've never been to one of your talks. If you'll ever do one in Berlin in the future I won't certainly miss it. :)

That said, I understand your point but I don't really agree. You're saying Apple is doing all this while basically lying for what? Sheer publicity? Do they really think that this kind of unusual marketing would be good for them?

It's the implications (legal, not technical ones) that are at stake here. Three hours of Apple engineers' time spent working for the government, by the way, would already account as an unreasonable burden, in my book. Especially after they already complied with the FBI requests just to find out they messed up the iCloud password...

Is iOS much more secure that any other mobile platform? Isn't Apple saying just that? And don't you believe it's true? Apparently yes, you do! They do are working towards what you advocate for here (making the users' data completely unaccessible to them). Just look at the evolution of security from iOS 7 to iOS 9. We're still not there, yet. Maybe that's what's brewing for iOS 10, who knows...

By the way, since we're here and you're clearly the best person to ask... I'm curious about how Apple stores and keeps their private signing key for iOS secure. How do they do that? Has anybody ever tried to steal that? That's something nobody's talking about, but I'm really curious about the physical implications of keeping something like that safe.

[pfg]

I would imagine the firmware signing key is stored on a Hardware Security Module (HSM). Devices like that are tamper resistant (for example, they might be configured to delete the key if someone is messing with the device).

HSMs generally support signing operations, so it's likely the key doesn't leave the device at all. They might be using a configuration with shared secrets (smart card + PIN, etc.) where at least n shares need to be present to operate the HSM. Those secrets are probably held by a small number of high-level Apple employees.

It's probably similar to the DNSSEC Root Signing Ceremony[1]. Well, hopefully slightly less insane.

[1]: https://www.cloudflare.com/dnssec/root-signing-ceremony/

[camillomiller]

@saurik:

https://news.ycombinator.com/item?id=11171131

:)

[zer01]

Don't pigeon-hole yourself, most people just want a phone that can load facebook and is cheap. The number of people who care about security is definitely rising, but they're still in a fairly small minority.

Also I'd venture that Saurik is quite the opposite of an "Apple hater", as he created cydia (https://cydia.saurik.com/), and contributed arguably the most to the iphone jailbreak community to date.

[acqq]

> from the perspective of Apple, as nothing more than a ribbon, as Apple already has "unfettered access to [your] data"

No! Since iOS8 Apple intentionally encrypts the user's data on the phone in a way that even they don't have access to them.

They have access to the hardware, to be able to reconfigure it, but not the encrypted data on the phone. Because the data is encrypted, intentionally so.

And they have access to the iCloud backup data and they gave that data to the FBI. Then FBI actually locked their access to the phone by changing the iCloud password.

[saurik]

This is an iPhone 5C, which does not have the "secure enclave" feature, and it isn't even clear helps as Apple has stated to reporters that it is possible to do what the FBI wants, so we know the software on that component must be mutable. If it was actually impossible to do the thing the FBI wanted them to do then we would not even be having this discussion today: Apple would just say "can't, sorry" and the FBI would be forced to move on with their lives as nothing Apple could do would help them get access to the device.

[acqq]

Secure Enclave is irrelevant here. Even without Secure Enclave the data on iPhone 5C is encrypted with the user's password and Apple doesn't have access to the data as it doesn't have user's password, contrary to your claim that "Apple has the access to the data." No, FBI has access, but only to the encrypted data.

And FBI can't decrypt it. They locked themselves out of the phone, actually. And the phone is not the private phone of the killer, he destroyed that one, and his computer too. And note that he didn't care about this phone.

FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.

[saurik]

It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4 (which I only specify as that's where we were last able to easily do this in the jailbreak community; it might be faster now), and most people likely don't use terribly strong passwords; the FBI might also have "leads" on what the password is, but not good enough ones that they feel confident dealing with ten attempts. This is a backdoor to the lock: you can quibble with me over the definition of "unfettered" (I do not consider "it will take some time, but I absolutely have a 100% chance of getting access without fail" terribly "fettered", but it definitely is more than the people who are frustrated with this situation seem to want the FBI to have).

> FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.

... and we should be thankful the FBI didn't simply demand the 4096-bit key Apple uses to sign firmwares, because that's all they actually need--nothing more than 512 bytes of data--in order to accomplish the thing everyone is upset about here.

[acqq]

> It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4

Please make it then for iPhone 5C. You would do the world a favor.

If you claim you don't have the needed RSA key, then you confirm that the encryption actually works. And you know that your "tool" wouldn't work on the copy of the encrypted data, too. Nice for consumers, isn't it, hardware-dependent functioning encryption by Apple.

[saurik]

I don't... you just seem really confused here :(. You are conflating the key used to sign the data on the disk with the key used to sign a software update for the system; the FBI here wants firmware for the device, signed to work on this device, that will allow them to brute force the PIN code (or password) used to generate the disk encryption key. I am saying that the actual software is something that many people in the community could build, and would require almost no effort for Apple to produce. The only reason I, in fact, can't do this, is because I don't have a key that Apple is sitting in possession of right now: the key that is used to sign these firmware updates. That one key is the backdoor, as that key is the only thing standing between someone and accomplishing what the FBI wants, and it will let you do not only this but all kinds of other evil things you want to do to anyone's phone.