I wanted to re-post this news about Cellebrite being able to (probably) decrypt iPhones and discuss an important implication of it.https://twitter.com/iblametom/status/968144061642231808 …
-
Show this thread
-
I've seen a handful of proposals to add "law enforcement access" to the encryption used in devices like phones and tablets. These come in various flavors, some of which are better than others 2/
3 replies 2 retweets 22 likesShow this thread -
The "best" proposals rely on physical access to the device. They say something like "there is a master key back at Apple HQ, and it can only be used if you get physical access to the device". 3/
1 reply 1 retweet 16 likesShow this thread -
Usually "physical access" means something more than just "access to the memory". It relies on some hardware inside of the phone that can detect an attempted access; this is a safeguard against someone stealing the master keys. 4/
1 reply 2 retweets 9 likesShow this thread -
What these proposals are saying is "this scheme works if we can build a secure co-processor that will stand up to a sophisticated attacker or intelligence agency". 5/
2 replies 2 retweets 14 likesShow this thread -
Which brings us back to the Cellebrite news at the top of this thread. If these reports are correct, then the strong implication is that Cellebrite has bypassed the protections provided by Apple's "Secure Enclave" co-processor. 6/
2 replies 7 retweets 26 likesShow this thread -
In short, this means that despite the efforts of the richest and most serious hardware companies in the space, a third-party Israeli contractor has managed to disable exactly this sort of security co-processor. 7/
3 replies 19 retweets 47 likesShow this thread -
If Cupertino can't solve this problem when they're strongly incentivized to do so, you're not going to solve it either. This entire design approach has to be viewed as compromised. 8/
6 replies 20 retweets 67 likesShow this thread
I don't entirely buy the claim that Apple has incentive to make LE access to device impossible. The inventive is to look like they gave their hardest good-faith effort while still succumbing to state-funded-level attackers...
-
-
Replying to @RichFelker @matthew_d_green
...so they can say "see, you were able to pay hackers to break it, now stop pestering us for a backdoor".
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.