Hard Worker
本站元老
- 注册
- 2012-08-31
- 消息
- 4,053
- 荣誉分数
- 1,260
- 声望点数
- 373
明天开始发货的 I Bomb 16
- 主题发起人 Hard Worker
- 开始时间
metropolis
本站元老
- 注册
- 2010-12-10
- 消息
- 8,361
- 荣誉分数
- 1,535
- 声望点数
- 323
现在各种商品都有可能被植入后门,人心慌慌,有可能通讯设备被遥控,电器植入病毒,一般商品携带细菌和病毒,食品带毒。。。。。
metropolis
本站元老
- 注册
- 2010-12-10
- 消息
- 8,361
- 荣誉分数
- 1,535
- 声望点数
- 323
据说手机加后门比寻呼机,对讲机难得多。
苹果最不安全,全程被老美监控。从你苹果手机中的图片,文件,通话,短信记录,全程掌握。
几年前一个老共国安系统一个处长级别的,去境外执行任务,竟然用苹果手机,把重要文件存在ICLOUD, 被人家全程掌握,证据确凿,连耍赖的机会都没有。
现在老共很多人员业务能力实在太差。不是一般的差,到处都是安全漏洞。LOL
chengse
本站元老
- 注册
- 2014-11-07
- 消息
- 733
- 荣誉分数
- 104
- 声望点数
- 153
Apple–FBI encryption dispute
2 languagesTools
Appearance
hide
Text
- Small
Standard
Large
- Standard
Wide
- Automatic
Light
Dark
From Wikipedia, the free encyclopedia
An iPhone 5C, the model used by one of the perpetrators of the 2015 San Bernardino attackThe Apple–FBI encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected.[1] There is much debate over public access to strong encryption.[2]
In 2015 and 2016, Apple Inc. received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS 7 and older" in order to assist in criminal investigations and prosecutions. A few requests, however, involve phones with more extensive security protections, which Apple has no current ability to break. These orders would compel Apple to write new software that would let the government bypass these devices' security and unlock the phones.[3]
The most well-known instance of the latter category was a February 2016 court case in the United States District Court for the Central District of California. The Federal Bureau of Investigation (FBI) wanted Apple to create and electronically sign new software that would enable the FBI to unlock a work-issued iPhone 5C it recovered from one of the shooters who, in a December 2015 terrorist attack in San Bernardino, California, killed 14 people and injured 22. The two attackers later died in a shootout with police, having first destroyed their personal phones. The work phone was recovered intact but was locked with a four-digit passcode and was set to eliminate all its data after ten failed password attempts (a common anti-theft measure on smartphones). Apple declined to create the software, and a hearing was scheduled for March 22. However, a day before the hearing was supposed to happen, the government obtained a delay, saying it had found a third party able to assist in unlocking the iPhone. On March 28, the government claimed that the FBI had unlocked the iPhone and withdrew its request. In March 2018, the Los Angeles Times reported "the FBI eventually found that Farook's phone had information only about work and revealed nothing about the plot" but cited only government claims, not evidence.[4]
In another case in Brooklyn, a magistrate judge ruled that the All Writs Act could not be used to compel Apple to unlock an iPhone. The government appealed the ruling, but then dropped the case on April 22, 2016, saying it had been given the correct passcode.[5]
Background
[edit]Main article: Crypto Wars
James Comey, former FBI director
Tim Cook, chief executive officer of Apple Inc. Cook and former FBI Director Comey have both spoken publicly about the case.In 1993, the National Security Agency (NSA) introduced the Clipper chip, an encryption device with an acknowledged backdoor for government access, that NSA proposed be used for phone encryption. The proposal touched off a public debate, known as the Crypto Wars, and the Clipper chip was never adopted.[6]
It was revealed as a part of the 2013 mass surveillance disclosures by Edward Snowden that the NSA and the British Government Communications Headquarters (GCHQ) had access to the user data in iPhones, BlackBerry, and Android phones and could read almost all smartphone information, including SMS, location, emails, and notes.[7] Additionally, the leak stated that Apple had been a part of the government's surveillance program since 2012, however, Apple per their spokesman at the time, "had never heard of it".[8]
According to The New York Times, Apple developed new encryption methods for its iOS operating system, versions 8 and later, "so deep that Apple could no longer comply with government warrants asking for customer information to be extracted from devices."[9] Throughout 2015, prosecutors advocated for the U.S. government to be able to compel decryption of iPhone contents.[10][11][12][13]
In September 2015, Apple released a white paper detailing the security measures in its then-new iOS 9 operating system. iPhone models including the iPhone 5C can be protected by a four-digit PIN code. After more than ten incorrect attempts to unlock the phone with the wrong PIN, the contents of the phone will be rendered inaccessible by erasing the AES encryption key that protects its stored data. According to the Apple white paper, iOS includes a Device Firmware Upgrade (DFU) mode, and that "[r]estoring a device after it enters DFU mode returns it to a known good state with the certainty that only unmodified Apple-signed code is present."[14]
Apple ordered to assist the FBI
[edit]The FBI recovered an Apple iPhone 5C—owned by the San Bernardino County, California government—that had been issued to its employee, Syed Rizwan Farook, one of the shooters involved in the December 2015 San Bernardino attack.[15] The attack killed 14 people and seriously injured 22. The two attackers died four hours after the attack in a shootout with police, having previously destroyed their personal phones. Authorities were able to recover Farook's work phone, but could not unlock its four-digit passcode,[16][17] and the phone was programmed to automatically delete all its data after ten failed password attempts.
On February 9, 2016, the FBI announced that it was unable to unlock the county-owned phone it recovered, due to its advanced security features, including encryption of user data.[18][19] The FBI first asked the National Security Agency to break into the phone, but they were unable to since they only had knowledge of breaking into other devices that are commonly used by criminals, and not iPhones.[20] As a result, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS". Apple declined due to its policy which required it to never undermine the security features of its products. The FBI responded by successfully applying to a United States magistrate judge, Sheri Pym, to issue a court order, mandating Apple to create and provide the requested software.[21] The order was not a subpoena, but rather was issued under the All Writs Act of 1789.[22][23] The court order, called In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate #5KGD203, was filed in the United States District Court for the Central District of California.[24][25][26]
The use of the All Writs Act to compel Apple to write new software was unprecedented and, according to legal experts, it was likely to prompt "an epic fight pitting privacy against national security."[27] It was also pointed out that the implications of the legal precedent that would be established by the success of this action against Apple would go far beyond issues of privacy.[28]
Technical details of the order
[edit]The court order specified that Apple provide assistance to accomplish the following:
- "it will bypass or disable the auto-erase function whether or not it has been enabled"[25] (this user-configurable feature of iOS 8 automatically deletes keys needed to read encrypted data after ten consecutive incorrect attempts[29])
- "it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available"[25]
- "it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware"[25]
There has been much research and analysis of the technical issues presented in the case since the court order was made available to the public.[30]
Apple's opposition to the order
[edit]The February 16, 2016 order issued by Magistrate Judge Pym gave Apple five days to apply for relief if Apple believed the order was "unreasonably burdensome". Apple announced its intent to oppose the order, citing the security risks that the creation of a backdoor would pose towards customers.[31] It also stated that no government had ever asked for similar access.[32] The company was given until February 26 to fully respond to the court order.[33][34]
On the same day the order was issued, chief executive officer Tim Cook released an online statement to Apple customers, explaining the company's motives for opposing the court order. He also stated that while they respect the FBI, the request they made threatens data security by establishing a precedent that the U.S. government could use to force any technology company to create software that could undermine the security of its products.[35] He said in part:
In response to the opposition, on February 19, the U.S. Department of Justice filed a new application urging a federal judge to compel Apple to comply with the order.[36] The new application stated that the company could install the software on the phone in its own premises, and after the FBI had hacked the phone via remote connection, Apple could remove and destroy the software.[37] Apple hired attorneys Ted Olson and Theodore J. Boutrous Jr. to fight the order on appeal.[27]
The same day, Apple revealed that in early January it had discussed with the FBI four methods to access data in the iPhone, but, as was revealed by a footnote in the February 19 application to the court, one of the more promising methods was ruled out by a mistake during the investigation of the attack. After the shooter's phone had been recovered, the FBI asked San Bernardino County, the owner of the phone, to reset the password to the shooter's iCloud account in order to acquire data from the iCloud backup. However, this rendered the phone unable to backup recent data to iCloud, until the new iCloud password was entered. This however, requires the phone to be unlocked.[38][39][40] This was confirmed by the U.S. Department of Justice, which then added that any backup would have been "insufficient" because they would not have been able to recover enough information from it.[41]
Legal arguments
[edit]The government cited as precedent United States v. New York Telephone Co., in which the Supreme Court ruled in 1977 that the All Writs Act gave courts the power to demand reasonable technical assistance from the phone company in accessing phone calling records. Apple responded that New York Telephone was already collecting the data in question in the course of its business, something the Supreme Court took note of in its ruling. Apple also asserts that being compelled to write new software "amounts to compelled speech and viewpoint discrimination in violation of the First Amendment. ... What is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone's user?" Apple argued that the FBI had not made use of all of the government's tools, such as employing the resources of the NSA. A hearing on the case was scheduled for March 22, 2016.[42]
San Bernardino County District Attorney Michael Ramos filed a brief stating the iPhone may contain evidence of a "lying dormant cyber pathogen" that could have been introduced into the San Bernardino County computer network,[43][44][45] as well as identification of a possible third gunman who was alleged to have been seen at the scene of the attack by eyewitnesses.[46] The following day, Ramos told the Associated Press that he did not know whether the shooters had compromised the county's infrastructure, but the only way to know for sure was by gaining access to the iPhone.[47][48] This statement has been criticized by cyber-security professionals as being improbable.[48][49][50][51]
Tim Cook's statements
[edit]In an interview for a Time magazine cover story, Cook said that the issue is not "privacy versus security ... it's privacy and security or privacy and safety versus security." Cook also said, "[T]his is the golden age of surveillance that we live in. There is more information about all of us, so much more than ten years ago, or five years ago. It's everywhere. You are leaving digital footprints everywhere."[52]
In a March 21, 2016, Apple press conference, Cook talked about the ongoing conflict with the FBI, saying, "[W]e have a responsibility to protect your data and your privacy. We will not shrink from this responsibility."[53]
FBI withdrawal of request
[edit]On March 21, 2016, the government requested and was granted a delay, saying a third party had demonstrated a possible way to unlock the iPhone in question and the FBI needed more time to determine if it will work.[54][55][56] On March 28, 2016, the FBI said it had unlocked the iPhone with the third party's help, and an anonymous official said that the hack's applications were limited; the Department of Justice withdrew the case.[57][58] The lawyer for the FBI claimed that they were using the alleged extracted information to further investigate the case.[59]
On April 7, 2016, FBI Director James Comey said that the tool used could only unlock an iPhone 5C like that used by the San Bernardino shooter as well as older iPhone models lacking the Touch ID sensor. Comey also confirmed that the tool was purchased from a third party but would not reveal the source,[60] later indicating the tool cost more than $1.3 million and that they did not purchase the rights to technical details about how the tool functions.[61] Although the FBI claimed they were able to use other technological means to access the cellphone data from the San Bernardino shooter's iPhone 5C, without the aid of Apple, law enforcement still expresses concern over the encryption controversy.[62]
Some news outlets, citing anonymous sources, identified the third party as Israeli company Cellebrite. However, The Washington Post reported that, according to anonymous "people familiar with the matter", the FBI had instead paid "professional hackers" who used a zero-day vulnerability in the iPhone's software to bypass its ten-try limitation, and did not need Cellebrite's assistance.[63][64] In April 2021, The Washington Post reported that the Australian company Azimuth Security, a white hat hacking firm, had been the one to help the FBI, with work from security researchers Mark Dowd and David Wang.[65] In 2020, the New York Times reported that "new data reveals a twist to the encryption debate that undercuts both sides," with public records showing that at least 2,000 US law enforcement agencies had since acquired "tools to get into locked, encrypted phones and extract their data," mostly from Cellebrite and Grayshift.[66]
Hard Worker
本站元老
- 注册
- 2012-08-31
- 消息
- 4,053
- 荣誉分数
- 1,260
- 声望点数
- 373
Hard Worker
本站元老
- 注册
- 2012-08-31
- 消息
- 4,053
- 荣誉分数
- 1,260
- 声望点数
- 373
炸完更漂亮
