[Cryptography] FBI engages Isreali company to crack IPhone security
Tom Mitchell
mitch at niftyegg.com
Thu Mar 24 03:55:47 EDT 2016
On Wed, Mar 23, 2016 at 9:36 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> At 08:01 PM 3/23/2016, Ray Dillinger wrote:
> >This grudge match between the FBI and the NSA is heating up!
> >I wanna get some popcorn and a ringside seat to see what the
> >NSA does to spite the FBI for making them look like idiots.
>
> Two words: plausible deniability.
>
> Also, $15k isn't nearly enough for what the FBI is going to do to their
> reputation when the FBI says "Oops, you screwed up & wiped ths
> *terrorist's* phone".
>
It appears to me that as an Israeli company they are far enough from US law
that they could be a vent for a secret NSA/CIA method or discovery. They are
also far enough removed to make it hard for a US court to compel them to act
again and again.
The $15,000 price tag seems too low for anything involving new software
and testing.
The service and software development would be much more than $15K
in isolation. The life of the service product seems limited after this one
phone.
A software hack/bug could and should vanish on the next Apple bug fix.
Sufficient disclosure to Apple of the exploit or method would
seem necessary to allow the content to be admissible in court.
But perhaps not for a drone strike or parallel reconstruction :(
i.e.
Q to Apple: based on confidential disclosure is this data extraction
possible?
A1: Yep it is possible.
A2: Heck we still do not know. As far as we can tell it is still
technically
a cat in a box we are unwilling to open.
Bug ... bug fix update follows.
The price might be OK for a hardware hack that begins with a slurp of the
data from the RAM. As a qualified forensic service, data retention seems to
be a necessary and required first step. Desolder... slurp. Install socket
unslurp.
For the US DOJ an Israeli company is as close to a friendly safe harbor for
secrets as
there might be out there. A TLA could have delivered tools and methods to
distance
the agency from what might have been questioned in the US. Example:
Massachusetts
police offices replied to requests for information saying the SWAT teams in
the state
are private corporations, exempting them from open records laws.
It may also be a safe outlet for Apple and the distasteful to Apple
business
of other legally compelled services. Yes, Apple may have leaked a bug
report hmmm...
Apple could effectively deny further like requests on this and older
hardware because
a service company has surfaced.
i.e. We Apple charge $150,000.00 per device and did you know that another
$15,000.00
service exists.
Contractors can keep secrets that agencies might not.
Win Win.... for now.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160324/a31060c3/attachment.html>
More information about the cryptography
mailing list