Hacker News new | past | comments | ask | show | jobs | submit login

The knowledge will only spread. The software can only leak.

Then why don't we have Apple's private keys yet?

Plenty of companies keep a lot of things very secret, including things like powerful debug modes, for a long time. At least long enough that everybody forgets the details and the software has long since rotted away.




Because it's Apple who keeps them, not FBI.

Nobody in FBI would give a damn about leaking the patched OS image: it's Apple's reputation on stake, not FBI's.


But. The FBI doesn't want the keys in this case. They not even want a build that works for on any phone but the one in question.

There is nothing of value for the FBI to leak.

This is the huge difference between this order (which I can live with) and blanket encryption backdoors using key escrow or other crap (which I'm absolutely vehemently against and willing to fight to the teeth)


"They not even want a build that works for on any phone but the one in question."

That is completely not true. There is no way to make such a thing that can only work on one particular phone. There will be some point at which the compromised firmware image checks to see if it's that device, at which point it would be possible to change that to whatever device you want.

"This is the huge difference between this order (which I can live with) and blanket encryption backdoors using key escrow or other crap (which I'm absolutely vehemently against and willing to fight to the teeth)"

No, there is absolutely no difference between those two.


If Apple hands the FBI a signed, compiled firmware image that say, checks the serial number of the phone, how does it make the jump to 'whatever device' they want? Why were Leos previously filing for multiple court orders for each older iPhone requiring a backdoored image?


> That is completely not true. There is no way to make such a thing that can only work on one particular phone

The technique that makes this possible is described in Apple's iOS Security White paper, page 6 ("System Software Authorization"): https://www.apple.com/business/docs/iOS_Security_Guide.pdf

This mechanism explains why you can't take an old release of iOS off a different phone and copy it to yours.


You've missed the point: By doing this, they've shown that it's possible, and that they already have the tools. Meaning that next time, it's going to be almost impossible to say no.


Yes, there is. Firmware updates must be digitally signed using Apple's private key. That means no one except Apple can edit out the device check, or indeed modify the firmware in any way.


The original argument is that if an bruteforcy firmware were created that there are now more people who have knowledge and they (Apple employees) are at great risk of exposing the capability in a real way.

Not LEOs.


If Apple rotates their keys, that means that their private keys can be unlearned, whereas a method to backdoor iPhones could not be unlearned in the same way.


If the backdooring method uses a special firmware update that needs to be signed by Apple, rotating their keys means that it could be unlearned as well.


The court order specifically requests a firmware update that can only be used with that particular device ID.


Replying to the reply: the FBI doesn't want this leaked because it would jeopardize their own agent's apple devices.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: