Flaw Discovered In Apple iMessage Encryption, Reminding Us That Compelled Backdoors Are Idiotic

[Reefa]

One of the points that seems to be widely misunderstood by people who don't spend much time in computer security worlds, is that building secure encryption systems is really hard and almost everything has some sort of vulnerability somewhere. This is why it's a constant struggle by security researchers, cryptographers and security engineers to continually poke holes in encryption, and try to fix up and patch systems. It's also why the demand for backdoors is idiotic, because they probably already exist in some format. But purposely building in certain kinds of backdoors that can't be closed by law almost certainly blasts open much larger holes for those with nefarious intent to get in.

Case in point: over the weekend, computer science professor Matthew Green and some other researchers announced that they'd discovered a serious hole in the encryption used for Apple's iMessage platform, allowing a sophisticated hacker to access encrypted messages and pictures. And, Green, who has been vocal about the ridiculousness of the DOJ's request against Apple, notes how this is yet more evidence that the DOJ's request is a bad idea:

 

Quote

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

 

It's worth noting that the flaw that he and his team found would not have helped the FBI get what it wants off of Syed Farook's iPhone, but it's still a reminder of just how complex cryptography currently is, at a time when people are trying to keep everyone out. Offer up any potential backdoor, and you're almost certainly blasting major holes throughout the facade.

Apple is getting ready to push out a software update that will fix the flaw shortly. And this, alone, is yet another reason why the DOJ's case is so dangerous -- since the method it wants to use to get into Farook's phone is via its capabilities to push software updates. Patching software holes is a major reason to accept regular software updates, but the FBI is now trying to co-opt that process to install unsafe code. That, in turn, may prompt people to avoid software updates altogether, which in most cases will make them less safe.

 

SourcE

[steven36]

Apple vs. FBI: Secret Formula Found or is FBI Embracing Defeat?

Quote

 

FBI files motion to delay the hearing, claiming it may be able to unlock the iPhone in question without Apple’s help

The much-anticipated court showdown between Apple and the FBI has been postponed. Federal lawyers filed a motion on Monday with the US District Court of Riverside, California, requesting that the scheduled hearing be delayed because the government may no longer need Apple’s help in cracking into the San Bernardino mass shooter’s iPhone.

An “outside party” contacted the Department of Justice (DoJ) to possibly help unlock the handset in question, the filing claims. Some outside cryptographers — whose identities have not been revealed — seemto have showed the FBI over the weekend how to decrypt the data. The FBI therefore requested for a delay in the court meeting with Apple Inc. (NASDAQ:AAPL) till the new method is tested.

 

The battle between the FBI and the world’s most valuable company to unlock the encrypted iPhone 5c has spanned over three months now. Syed Rizwan Farook, the owner of the phone, killed 14 and injured 22 at a San Bernardino county facility in December.

 

If the new method proves to be successful, then according to the filing, “it should eliminate the need for the assistance from Apple.” Judge Sheri Pym, who originally issued the order in February demanding that Apple comply with the FBI’s demands for special bypass software, reviewed the filing and granted the request. Meanwhile, she gave the government until April 5 to file a new status report on this issue.

The latest revelation from the FBI contradicts its original claim that the shooter’s phone could not be accessed without Apple’s help. This was the federal authority’s key premise to seek a court order against the tech giant under the All Writs Act. The new information, therefore, seemingly weakens the FBI’s legal case.

 

In a conference call addressing the new development, Apple’s attorneys stated that there is a possibility that the DoJ and FBI will return with their original demand. Although the company is interested in knowing the details about the unlocking, it is also aware that the FBI is under no compulsion to share this information.

 

The origin and identity of the “outside party” assisting the federal investigators remain unknown. FBI director James Comey previously claimed to have unsuccessfully approached the National Security Agency (NSA) for help with the device. It is possible that the NSA, which has access to the world’s top tech specialists, has figured out a way to assist the FBI.

 

 

The FBI’s success in decrypting the iPhone without Apple’s assistance would be good news for the company. Not only will it prevent the company’s direct legal involvement in the case, it will also enable Apple to maintain its resolve of not compromising consumer privacy. The company will also be able to avoid internal conflicts; iOS engineers had threatened to exit the company, if the court directed them to weaken encryption.

 

While Obama’s government has at times refused to openly support either party, the polls indicate that the American public has been largely divided over the issue. The Department of Defense believes that weakening encryption technology could create greater security threats. So, it would not be wrong to assume that the FBI may not be able to guarantee privacy, if it forces Apple to bypass its own encryption.

 

http://www.bidnessetc.com/65882-apple-fbi-secret-formula-found-fbi-embracing-defeat/

 

 

Is Matthew Green helping the FBI ?