Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] iPhone break Re: Encrypt Everything? Good Luck With That

The writeup about "NAND Mirroring" suggests what I expected all along: I
really thought the FBI and major state/city police CSI units would have the
resources to extract a flash-memory chip from any phone, read/copy the
contents, and run the code externally to the phone (or put the chip back into
the phone in a reverted state for multiple password-guesses). The current
Apple IOS 9.0 doesn't contain protections against that, but it's not hard to
imagine Apple upping the ante again in the next version to make this style of
attack ever-more difficult.

What was annoying about this whole episode was that the FBI director would go
on TV, with a straight face, claiming they didn't have a way to accomplish
this. This brute-force attack is plain and obvious, and while the FBI's tech
staff may not match that of a large tech company's, I can't imagine there
being a whole lot of idiots there (indeed I went to a local conference in
November where one of the FBI's tech-elites gave a talk, mainly about her role
as advocate for women in tech).

So the FBI lied. (Surprised? I guess not.) Apple isn't out of the woods on
this, though: the whole thing makes them look bad to at least some subset of
their customers no matter how it plays out. They played up the "privacy"
aspect of encryption, presumably for PR reasons; the real issue that I see is
now that commerce has migrated to the Internet, the foundation of commerce now
includes encryption technology. Undermining encryption means rebuilding a new
foundation for commerce; not likely to happen.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /