Home Inmate Central

Inmate Central, where civil and family-friendly discourse about off-audio topics (other than religion and politics) is welcome.

RE: Me too

As I understand it, the boot loader requires an image that is signed by Apple. This allows operation without completely wiping memory. Normally, the code (signed by Apple) would enforce the restrictions on PIN tries and if exceeded wipe out the encryption key. The alternative approach is to use a "jailbreak" that somehow buypasses the loader, but known (to us) jailbreaks end up zeroing all of memory, thereby erasing the encryption key. (This is not to say that their might be other types of jailbreaks that the FBI doesn't have access to, or if they do have access to them they aren't saying.)

The technical details would seem to depend on specifics of the iPhone hardware. My guess is that these differ from model to model. It is likely that the earlier ones had a semi-secure boot loader. It strikes me that the boot loader should be smart enough to know that the phone was already unlocked by the user and then allow firmware upgrade without zeroing out the encryption key, but if locked any flashing of firmware should include, as a first step, complete wiping of the phone. Then, assuming that the boot loader can not be modified (and most hardware supposedly provides for this) then it would not have been possible for Apple to help the FBI. (It might be possible to extract the key out of the hardware through reverse engineering in a chip development laboratory, but this is not a reliable process and would be extremely expensive.)

TL;DR. My guess is that Apple screwed up the security of their boot loader on this particular model of the iPhone. That's assuming that what we see in the legal briefs and news stories are accurate. It is certainly possible that Apple has other connections with the NSA and there are hidden backdoors they know about and all of this is disinformation. However, this would be pure speculation.

If spook agencies are involved, do not expect to get a straight answer. I know this from personal experience. I also know that top management in charge of computer security of several computer companies had strong connections with NSA and appropriate security clearances. I had a number of conversations with these people and enjoyed telling them how some of their secret stuff worked, with the goal being to see their eyes roll and then they told me they had to terminate the conversation.
Tony Lauck

"Diversity is the law of nature; no two entities in this universe are uniform." - P.R. Sarkar


This post is made possible by the generous support of people like you and our sponsors:
  Amplified Parts  


Follow Ups Full Thread
Follow Ups
  • RE: Me too - Tony Lauck 02/28/1610:13:26 02/28/16 (0)

FAQ

Post a Message!

Forgot Password?
Moniker (Username):
Password (Optional):
  Remember my Moniker & Password  (What's this?)    Eat Me
E-Mail (Optional):
Subject:
Message:   (Posts are subject to Content Rules)
Optional Link URL:
Optional Link Title:
Optional Image URL:
Upload Image:
E-mail Replies:  Automagically notify you when someone responds.