War2.ru Slogan
News: Watch live streams at War2TV and replays of past streams at War2TV Reruns!


Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Welcome to the forums! We're glad to have you here! :) You can register your account here, then feel free to introduce yourself in the Server.War2.ru board & let us know who you are on the server.

ATTN: Tupac, Lance, Jordan... any other programmers/hackers... 1371  5

Ogre Mage Posts: 2334 Karma: +42/-7 ********

tk[as]

  • Ogre Mage
  • ********
  • *
  • Posts: 2334
    • View Profile
ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« on: February 23, 2016, 10:18:56 PM »
do you believe the FBI needs apple's permission/help to hack an iphone? do you think the source code is so complex that even with the resources available to the FBI, they cannot hack it on their own?


just curious about your thoughts on this matter.
Ogre Mage Posts: 2359 Karma: +76/-1 ********

tupac

  • Ogre Mage
  • ********
  • *
  • Posts: 2359
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #1 on: February 26, 2016, 05:33:03 PM »
do you believe the FBI needs apple's permission/help to hack an iphone? do you think the source code is so complex that even with the resources available to the FBI, they cannot hack it on their own?


just curious about your thoughts on this matter.
It's possible that the situation is true, but come on the shit they can do... They probably spied on the apple developers and this is just a trick to get people to use IOS. Either or i would not be surprised.
Berserker Posts: 586 Karma: +23/-3 *****

{Lance}

  • Berserker
  • *****
  • Posts: 586
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #2 on: April 06, 2016, 03:35:27 PM »
There is no need for that.  They got the pw by using normal investigative procedures (duh, ask next of kin).  Theres no need to lower security just because the FBI or anyone else is to lazy to ask your mom what your pw might be.  I can tell you that from first hand experience with FBI cracking procedures, that they can take literally a PILE of documents associated with any case, run it through something similar to John the Ripper and do simple bruteforce attacks but they are more specific to the person.  It will go through names, bdays, addresses, etc trying combinations (forwards, backwars, common character replacements, etc) of anything and everything they have ever gathered that is associated with that person.  More likely than not, a person's pw is something that they associate with (easy to remember for that person).  IMO,  this is one of the possible ways that they "hacked" the iphone in CA.  The other is simply asking someone what the pw might be.

Bottom line,  the FBI was simply trying to use this case as an excuse to be lazy.  There has never, and never will be a valid reason that will ever justify lowering encryption security.
Grunt Posts: 213 Karma: +17/-4 ***

Rit

  • Grunt
  • ***
  • *
  • Posts: 213
    • View Profile
    • Rit's Youtube
*

Rit

Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #3 on: April 07, 2016, 03:27:56 PM »
I'm just a low level tech but it takes me 5 minutes to bypass a password on a Android phone. I have never been able to get into an iPhone. 
Axe Thrower Posts: 400 Karma: +32/-0 ****

Lambchops

  • Axe Thrower
  • ****
  • *
  • Posts: 400
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #4 on: August 17, 2017, 09:33:34 AM »
I know this is an old post, but I just noticed it, and it's an interesting topic, so here's my 20c..

Firstly I know very little about Apple stuff specifically, I'm a PC guy and I have never owned an iPhone.

Android vs. iPhone security.

I am quite sure that iPhone security would be 1000000x better than Android. In fact I'm pretty sure that a Commodore-64 would have better security than an Android phone.

Android is open-source, but the project was instigated, supported and guided by Google. Google's #1 business is data-mining, that's where they came from and that's how they make billions. Android is pretty much designed to have all of your personal information fed straight to Google and anybody they want to sell it to - this isn't a secret, read the fine print.

I still use Android phones (they are really cool and handy) I just don't use them to access my personal secure info. Email ... NO, Facebook NO... none of that TYVM.

Philosophically, I think Apple are at least trying to make their stuff reasonably secure. Mainly because apart from their brand appeal, that's pretty much all they have to offer that you can't get from an Android phone for 25% of the cost.

So to the core question here:
IS IT POSSIBLE TO MAKE A SECURE PHONE?


The answer is most definitely YES.

Apple (or anybody) could make their phones 100% secure ... and release the source code ... and even the people at Apple would still not be able to get into them. The fact that Apple can get into them is simply because they have built in back doors for themselves.

NOTE: I am talking about the device being shut down/sleeping and it being impossible to access without the correct password; if you are accessing some network resource, there is always the chance of that communication being intercepted, although if properly encrypted that should still require compromising one of the devices involved in the transaction (phone/modem/server..)

To make a device secure, you only have to have all the user data saved to encrypted storage then use the user's password to encrypt the full encryption key for that storage device. I've never looked it up, but I assume this is how it is done.

Without going into too much nerdy detail, modern encryption algorithms are secure because of the amount of time it takes to calculate very large prime numbers, which is considerable, so once the encryption key becomes sufficiently large, the amount of time required to reconstruct the key exceeds the age of the known universe... You have a better chance of success getting your cat to type in random passwords for you.

There is no getting around this, it is a mathematical fact. Nobody has ever reversed this kind of encryption, it is beyond the knowledge of mankind.

All that stuff on TV where someone finds some encrypted hard drive and some actor pretends to type something on a keyboard, then magically the plans to the death-star appear..... it's all just complete and utter garbage.

All of the hacks and exploits that are used to breach security do it by attacking faults in the hardware/software that is handling secure transactions - i.e. where some machine somewhere already knows what the decryption key is, that machine is tricked into either decrypting the data for an unauthorised user or supplying the key to them so they can decrypt it themselves.... but actually reverse engineering the key? No sir. No way. Never happening.... not without a quantum computer ayway.

There is no need for a local encryption key to ever be transmitted or leave the device. If the encryption process was not in any way deliberately compromised by the manufacturer, or some malicious software installed on the device (keyloggers trojans etc.) there would simply be no possible way that anyone could ever access it.... unless your cat got REALLY lucky.

Attempts at hacking it would have to involve trying to exploit vulnerabilities in the OS to get it to supply information, but this could ONLY be done when the user had unlocked the phone with their password. If you phone was not compromised, and you switched it off, then the FBI, Apple and Santa-Claus all working together could never get into it.

Even if you assume that people aren't stupid enough to use their kid's birthdays or the name of their goldfish or whatever,  social hacking techniques are a real threat. People are more aware these days than in the past, but for serious security the most dangerous types of attack remains someone tricking a user into entering their password under a spycam or into a compromised device and simply recording what they type in etc.

... but anyway .... could they make their phones totally secure? YES. Have they done this? NO. Because they themselves can break into their own phones, so if the FBI or whoever do manage to break in, they will do it by hacking the back doors Apple have built in themselves.

... and any manufacturer will always cave in the end and give the FBI what they want – although not before getting a whole lot of security publicity by making a big deal out of it in the media.

                                                                                                :critter:


KIDDIES CORNER: Want to hack the entire world's security and become a Cyber-GOD? Just develop a fast algorithm for calculating large prime numbers ..... easy right?
;)
Administrator Ogre Mage Posts: 1686 Karma: +93/-109 *****

mousEtopher

  • Administrator
  • Ogre Mage
  • *****
  • *
  • Posts: 1686
    • View Profile
    • War2.me
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #5 on: September 21, 2017, 08:37:53 AM »
great post Lamby, very interesting & informative & in classic entertaining Lamby style! this gives a nice primer to the subject of encryption technology which I have only some limited familiarity with but is a highly important issue for safeguarding the right to personal privacy. it also clarifies why the old version of the discontinued TrueCrypt is still such effective & valuable encryption software