News:

Long overdue maintenance happening. See post in the top forum.

Main Menu

fbiOS

Started by patric, March 04, 2016, 11:39:20 PM

Previous topic - Next topic

Vashta Nerada

Quote from: AquaMan on April 02, 2016, 09:12:48 AM
Why isn't anyone in the press or among our more intelligent humans, questioning whether the feds have actually broken the code for these phones? The underlying principles of national security, CIA, FBI, whomever, is to offer misleading, misinformation. Truth is "out there" but only a small group actually know whether they got into that phone.

That uncertainty works very well for them both legally and in the real world.




We certainly knew the "just one phone" was a lie.

http://www.cbsnews.com/news/fbi-pledges-to-assist-local-police-in-unlocking-iphones/
Less than a week after the FBI was able to unlock an iPhone used by the San Bernardino shooter Syed Farook, the federal investigators are pledging to help local law enforcement departments facing similar problems.
In a letter to local police departments, the FBI offered their assistance in hacking the Apple phones.




"Your friend over there talking to the other cop told us everything, but if you want to fill in any blanks..."

http://www.gannett-cdn.com/-mm-/7feafff857cb6e6bcb76d228a6e4eb762ccb16a4/c=105-0-3495-






Vashta Nerada

Hacker releases tools FBI used to crack San Bernardino attacker's iPhone online

Last year, the FBI ordered Apple to help crack the iPhone 5c owned by Syed Farook, one of the shooters in the 2015 attacks in San Bernardino. Apple refused, and the FBI reportedly worked with Cellebrite, an Israeli firm that specializes in mobile security. According to a statement from Celelbrite last month, a hacker breached one of its legacy servers. Now the hacker has released some of that data as a warning to the FBI.
The data released includes code that seems to relate to Cellebrite's Universal Forensic Extraction Device (UFED), and can allegedly crack older iPhones like the 5c as well as Android and Blackberry devices.
Speaking anonymously to Motherboard, the hacker explained that simply creating these tools makes their release inevitable, where they can be used by anyone with technical knowledge, including oppressive regimes around the world.
"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they told Motherboard.

https://www.engadget.com/2017/02/03/ios-cracking-tools-fbi-released/



A Motherboard investigation found that US state police and highway patrol agencies have collectively spent millions of dollars on Cellebrite technology.
https://motherboard.vice.com/en_us/article/us-state-police-have-spent-millions-on-israeli-phone-cracking-tech-cellebrite

When cops have a phone to break into, they just pull a small, laptop-sized device out of a rugged briefcase. After plugging the phone in with a cable, and a few taps of a touch-screen, the cops have now bypassed the phone's passcode. Almost like magic, they now have access to call logs, text messages, and in some cases even deleted data.

State police forces and highway patrols in the US have collectively spent millions of dollars on this sort of technology to break into and extract data from mobile phones, according to documents obtained by Motherboard.





TeeDub


If you spent any time around IT people, you would realize that phones (and deleted data) are not secure.   A simple warrant would produce all your phone records and text messages.   Likewise, data, even deleted data, is often not as gone as people may like it to be.

I also realize that this box could produce all that without the benefit of due process, so giving it to random police officers invites abuse.


I would also bet that in the 1980s and 1990s the people at the NSA would never have guessed that the public would NOT ONLY carry their own tracking and eavesdropping devices around....   But PAY for the privilege.

Vashta Nerada

Quote from: TeeDub on February 05, 2017, 05:38:23 AM
If you spent any time around IT people, you would realize that phones (and deleted data) are not secure.   A simple warrant would produce all your phone records and text messages.   Likewise, data, even deleted data, is often not as gone as people may like it to be.

I also realize that this box could produce all that without the benefit of due process, so giving it to random police officers invites abuse.


Just had to read thru this thread again to see how Apple CEO Tim Cook nailed it.
 
"Oh we need new weapons to use against terrorists but we're the FBI and we can keep those weapons out of the hands of terrorists."

Thanks for making ISIS job easier, and helping out with the election.


heironymouspasparagus

There was - and still is - available an encryption code that appears to be pretty stout - such that it seems like someone put a bug in the developer's ear to stop making it so good.  So, they just shut it down.  I suspect in fear for their lives.

TrueCrypt supports a concept called plausible deniability - that the encryption leaves so little trace that it's presence cannot be confirmed let alone decoded...whatever you have encrypted is as if it did not exist at all.  The powers that be cannot allow that.  So,  the "new" path is Bitlocker - really good, but apparently easier to 'break', and commercial, so more subject to leverage by outside parties.  Microsoft distributes it with Win 7, et al, so really,...how good can it be...?

For anyone interested in really digging deep, even the source code is available for one to look through.

For anyone geeky enough to still be reading this note, part of the story of TrueCrypt;

https://en.wikipedia.org/wiki/TrueCrypt


"So he brandished a gun, never shot anyone or anything right?"  --TeeDub, 17 Feb 2018.

I don't share my thoughts because I think it will change the minds of people who think differently.  I share my thoughts to show the people who already think like me that they are not alone.

Vashta Nerada

Why not letting the feds have an iPhone back door was the right choice.


U.S. Government Fears a Monday Explosion of the Ransomware Plague It Helped Create

    This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call
.


TeeDub


The patch has been available since March!

Maybe people should patch their systems within 90 days for critical updates.

swake

Quote from: TeeDub on May 16, 2017, 09:53:15 AM
The patch has been available since March!

Maybe people should patch their systems within 90 days for critical updates.

There was no patch for idiots still running XP/Server 2003 until this week.

patric

#38
Quote from: swake on May 16, 2017, 12:20:43 PM
There was no patch for idiots still running XP/Server 2003 until this week.

Like almost all bank ATMs and most machines at work.  I understood Win7 and 8 are also part of the toolkit.
NSA kept the vulnerability secret so they could use it themselves to "fight terrorism" so of course the terrorists turned it on us while the NSA sat back and watched.
"Tulsa will lay off police and firemen before we will cut back on unnecessarily wasteful streetlights."  -- March 18, 2009 TulsaNow Forum

heironymouspasparagus

Quote from: patric on May 16, 2017, 01:54:25 PM
Like almost all bank ATMs and most machines at work.  I understood Win7 and 8 are also part of the toolkit.
NSA kept the vulnerability secret so they could use it themselves to "fight terrorism" so of course the terrorists turned it on us while the NSA sat back and watched.


"Stress test" for the system.  See where the vulnerabilities are - which they already knew - but let it expand to see how far the tentacles extend.

"So he brandished a gun, never shot anyone or anything right?"  --TeeDub, 17 Feb 2018.

I don't share my thoughts because I think it will change the minds of people who think differently.  I share my thoughts to show the people who already think like me that they are not alone.

sgrizzle

Quote from: patric on May 16, 2017, 01:54:25 PM
Like almost all bank ATMs and most machines at work.  I understood Win7 and 8 are also part of the toolkit.
NSA kept the vulnerability secret so they could use it themselves to "fight terrorism" so of course the terrorists turned it on us while the NSA sat back and watched.

Like Patric said, most computers you see in restaurants, doctor's offices, ATMs and other "nontraditional" environments are probably running an old version of Windows in the background.

heironymouspasparagus

Quote from: sgrizzle on May 16, 2017, 04:23:35 PM
Like Patric said, most computers you see in restaurants, doctor's offices, ATMs and other "nontraditional" environments are probably running an old version of Windows in the background.


Another really scary thing is Windows CE - an old "semi-industrial" version of Win that is still used in some industrial control environments.  Just wait until your air conditioner and building automation system at work gets hacked and starts turning on heat and air at the wrong time - heat in summer, cool in winter, or both at the same time.  Turns lights on/off at random.  Locks doors.  Stops elevators.  Sets of fire alarms at random...   Gonna be some fun times...!
"So he brandished a gun, never shot anyone or anything right?"  --TeeDub, 17 Feb 2018.

I don't share my thoughts because I think it will change the minds of people who think differently.  I share my thoughts to show the people who already think like me that they are not alone.

patric

Quote from: swake on May 16, 2017, 12:20:43 PM
There was no patch for idiots still running XP/Server 2003 until this week.


A new publicly available tool is able to decrypt infected PCs running Windows XP and 7, and 2003, and one of the researchers behind the decryptor said it likely works for other Windows versions, including Vista, Server 2008, and 2008 R2.

https://arstechnica.com/security/2017/05/more-people-infected-by-recent-wcry-worm-can-unlock-pcs-without-paying-ransom/
"Tulsa will lay off police and firemen before we will cut back on unnecessarily wasteful streetlights."  -- March 18, 2009 TulsaNow Forum

patric

(Pants On Fire)  We need back doors to fight terrorists!

FBI unable to break into Texas church gunman's cellphone
http://www.latimes.com/nation/la-na-texas-church-shooting-20171107-story.html

(or just pay the Israelis for more of the tech they use to spy on their own people).



Recent history:

The FBI didn't need an iPhone backdoor — $100 of electronics does the same thing
http://bgr.com/2016/09/20/iphone-encryption-password-hack/
"Tulsa will lay off police and firemen before we will cut back on unnecessarily wasteful streetlights."  -- March 18, 2009 TulsaNow Forum

sgrizzle

Quote from: patric on November 07, 2017, 01:57:13 PM
(Pants On Fire)  We need back doors to fight terrorists!

FBI unable to break into Texas church gunman's cellphone
http://www.latimes.com/nation/la-na-texas-church-shooting-20171107-story.html


FBI claims Apple won't help them and refuses to help.

Apple provides documentation they didn't refuse anyone and even offered to help but were refused by the FBI.

Real story: FBI would just really like it if everyone would quit locking their stuff. Also leave your front door open.