top 200 commentsshow 500

[–]B_P_G 3651 points3652 points  (187 children)

Best advertising Apple could possibly have.

[–]SpaceMasters 833 points834 points  (164 children)

Or best thing make people think you don't have a crack.

[–]ibpointless2 158 points159 points  (14 children)

Usually, the $5 wrench hack works.

[–]spikeboy4 135 points136 points  (2 children)

[–][deleted] 29 points30 points  (0 children)

every sub, every post, look far enough and you'll eventually find it

[–]PanamaMoe 249 points250 points  (144 children)

Seriously, I highly doubt they don't have a way to get in, they just don't have a way that they can tell people about. The government does a lot of shit and they really like to make people think that they play by the same rules we do.

[–]DamagedFreight 379 points380 points  (79 children)

They don't.

At the heart of Apple's security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001. After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future-even a quantum computer-would be able to crack a truly random 256-bit AES key. The National Security Agency has approved AES-256 for storing top-secret data.

-- https://gizmodo.com/5934234/ios-encryption-is-so-good-not-even-the-nsa-can-hack-it

Also there is not, and will never be, a golden key. It would make all their encryption worthless because of precedence and leaks.

[–]Vote_for_asteroid 126 points127 points  (39 children)

There are other ways to implement backdoors though. Or weaken the key generation etc. I'm not saying they have done that, I'm just saying.

[–]epote 130 points131 points  (30 children)

The problem is not the encryption algorithms but end point security. Best encryption in the world if they have your password its worthless. And getting someones pass is easy, very easy, I can guarantee you your GF has seen you input your pass,

[–]MrHaxx1 238 points239 points  (7 children)

your GF

I fucking wish

[–]sontaj 168 points169 points  (6 children)

GF can't see your password if you don't have a GF. -points to head-

[–]tigerwash 72 points73 points  (0 children)

end point security


[–]adminhotep 11 points12 points  (0 children)

Meatware code is out of date in today's security environment.

[–]yunus89115 5 points6 points  (4 children)

1236 is my passcode and it has yet to be cracked.

[–]APSTNDPhy 50 points51 points  (15 children)

What a very informed opinion. -_-

[–]MrAcurite 7193 points7194 points  (74 children)

"Bully brands student 'Nerd' after putting a lock on his lunchbox, after bully swears he was just going to rifle through his food without taking anything"

[–]half_breed_muslin 2119 points2120 points  (36 children)

he was just going to rifle through his food without taking anything

unless he finds something that shouldn't be there... then... good ol' retroactive probable cause...

[–]jerrysburner 700 points701 points  (19 children)

With a possible side of civil asset forfeiture...those damn crime committing assets...

[–]PanamaMoe 222 points223 points  (5 children)

I couldn't help but take that sandwich sir, it was a necessary loss to ensure that you are a law abiding citizen. You should be thanking me for being so thorough at my job!

[–]Skrap93 106 points107 points  (3 children)

That sandwich shot a guy just next week.

[–]varro-reatinus 101 points102 points  (8 children)

The United States vs. Six Homemade Cookies, found in a nerd's lunchbox

"Your honour, Grade 6 Bully Willie Obbleton on behalf of the government..."

[–]jordantask 38 points39 points  (1 child)

Nelson the bully paces back and forth in front of Milhouse on the witness stand, pondering his questioning tactics before grabbing Milhouse and repeatedly punching him in the stomach

Lisa: "Objection, Your Honour!"

Bart: "I'm gonna allow it."

[–]varro-reatinus 9 points10 points  (0 children)

"You gimme those cookies!" thud thud thud

[–]Silntdoogood 25 points26 points  (3 children)

"Your honour, grade six bully was expressing concern for Timmy's well being when he asked " Why are you hitting yourself?"

I cite “United States v. Article Consisting of 50,000 Cardboard Boxes More or Less, Each Containing One Pair of Clacker Balls" Government ordered seizure of these toys under the Federal Hazardous Substances Act because children could hit themselves.


[–]IKnowUThinkSo 13 points14 points  (0 children)

Those cookies were asking for it! Look at how delicious they appear! Who wouldn’t eat them immediately?

[–]tomytronics 77 points78 points  (9 children)

But with a tough lock on an unbreakable box, the bully would have no way of knowing if there's a detailed plan to blow up the school or just a small carton of milk, plain strawberry jam sandwich and an apple inside. All the bully gets is a pretty looking box that may stink up after a while.

[–]flapadar_ 64 points65 points  (7 children)

Unless the bully relentlessly beats the nerd with a $5 wrench

[–]JumpForWaffles 51 points52 points  (4 children)

I imagine the bully would save the cash and just beat him with the box

[–]l0rdishtar 29 points30 points  (0 children)

who needs probable cause when you can just do parallel reconstruction and manufacture it.

[–]WRedeemerW 110 points111 points  (2 children)

And the nerd is going to grab his dad's rifle to get his lunch back.

Plz don't put me on the list fbi.

Just a joke.

Right guys

[–]chooxy 36 points37 points  (0 children)

We're going to need you to hand over your lunchbox, unlocked.

[–]Pureg4sm 63 points64 points  (14 children)

If the nerd didn’t have anything to hide he shouldn’t need a lock on his lunchbox

[–]Tyler4077 105 points106 points  (10 children)

Maybe he has nothing to hide but wants a lock on his lunchbox to prevent people from stealing his lunch money and other personal information he happens to keep in his lunch box. Identity theft can ruin lives.

[–]Conservative_Merican 38 points39 points  (1 child)

Saying that you don’t have anything to hide so you you’re not worried about having your right to privacy violated is akin to saying you’re fine with having your right to free speech violated because you don’t have anything to say.

[–]superbabe69 45 points46 points  (2 children)

Identity theft is not a joke Jim! Millions of families suffer every year!

[–]Ohshitwadddup 10 points11 points  (1 child)

Bears, Beets, Battlestar Galactica

[–]runMechanical 2 points3 points  (0 children)

what is going on? what are you doing?!

[–]obthrice 20 points21 points  (2 children)

So, the nerd should have built an alternative entrance to the lunchbox so only the bully could open it, yet everyone else would think it was closed.

[–]atomacheart 18 points19 points  (1 child)

So the nerd put on a secret lock with a secret code that only the bully has, only the bully let slip that information and now everyone can get into the lockbox and the owner thinks only the bully can.

[–]bruce656 8 points9 points  (0 children)

The bully would also like for the nerd not to lock his house or his car. Maybe the nerd doesn't have anything to hide, but the bully has no right to know what he's eating for lunch, and if he really wants to know, bully should get a warrant.

[–][deleted] 3 points4 points  (0 children)

Same reason I let strangers wander around inside my home

[–]wonder-maker 1375 points1376 points  (65 children)

I don't hear the NSA complaining...

[–]uncertainusurper 601 points602 points  (8 children)

That’s because they are sharing a sleep number.

[–]Mig_Whsiperer 156 points157 points  (6 children)

So theyre barely talking, and one of them is watching letterman?

Which one is the old man with erectile dysfunction?

[–]ISIXofpleasure 171 points172 points  (16 children)

The point of the NSA is to not exist. They can’t be making statements all over the place so they get the FBI is scream and holler bc the FBI is to contain criminals and the NSA is to contain civilians.

[–]Derp800 88 points89 points  (8 children)

No Such Agency.

[–]asoka_maurya 24 points25 points  (4 children)

Its a tad difficult to believe considering they have a website and logo, feature regularly on EFF's twitter feed and have a bunch of movies made about them. The real "No Such Agency" is something else says the tinfoil hat inside me.

[–]Derp800 11 points12 points  (1 child)

Well yeah, after a certain point that term became a joke instead of what people actually said. ;) For a while they tried to deny it existed, though.

[–]yunus89115 5 points6 points  (0 children)

DIA, they exist and it's known but the average civilian doesn't know about them.

[–]sylver_dragon 2 points3 points  (0 children)

This is more a throw back to when they were still trying to hide in plain sight. The government used to deny their existence. Unfortunately, every secret has a half-life based on the number of people who know it. The more people who know a secret, the sooner it becomes public. Ultimately, the NSA was just too big to keep under wraps. Towards the end of that time, the joke ran, "There's No Such Agency, just ask them, they'll tell you."

[–]kerbaal 17 points18 points  (3 children)

The point of the NSA is to not exist

On this, I can support the NSA; I would love for them to not exist at all.

[–]NoobieSnax 5 points6 points  (1 child)

Careful what you wish for. Well probably end up with something even more intrusive...

[–]Tri_Harderrr 77 points78 points  (30 children)

dont be naive, they're hacking the shit out of those phones.

[–]Dorito_Lady 134 points135 points  (28 children)

Yeah. That’s why they had to pay an Israeli firm to help crack on iPhone 5c...

Which was already obsolete, had an old version of iOS, and the processor wasn’t part of the generation that even had a Secure Enclave on it.

Real geniuses at work there, huh?

[–]seeking_theta 81 points82 points  (20 children)

Or it was all for show, and they could have just handed it to the NSA to crack anyway. Instead THEY almost got the manufacturer to give them a back door. When Tim Cook did the world a solid, they had to save face and pretend they couldn't hack it themselves.

[–]vikinick 37 points38 points  (7 children)

I think you're overestimating how often the NSA and FBI share tools.

Information? Yeah, sure they'll pass information around like cake. But tools? The FBI isn't getting them from the NSA.

[–]nightwing2000 7 points8 points  (0 children)

Too true. If the FBI thinks they're the adults and local police are the children - then the NSA thinks they're the adults and the FBI are the children.

[–]MrKrabsel 701 points702 points  (10 children)

I would use that in the next Apple ad.

[–]gablerr 676 points677 points  (7 children)

Oh, no. They are far too easy to crack -Typing on my shattered phone screen

[–]argf00 44 points45 points  (0 children)

Glass is just a really fragile material. I got tired of my note 8's case and after a week of no case, the back cracked. Luckily the front didn't crack and I've put the case back on since then.

[–]TexasWithADollarsign 386 points387 points  (24 children)

I hope Apple bricks this guy's smartphone.

[–]could_gild_u_but_nah 74 points75 points  (20 children)

They could technically clone it repeatedly and keep trying.

[–]JoseJimeniz 52 points53 points  (16 children)

Except the encryption keys are held in hardware; with no way to know what they ware, and no way to extract them.

Which is why decryption attempts have to be performed on the hardware.

[–]iJeff 21 points22 points  (5 children)

Unlike my Surface Pro 4 that automatically backs up the hardware decryption keys to Microsoft. Its billed as a convenience allowing you to login to your account to retrieve them.

[–]Bobjohndud 14 points15 points  (3 children)

Keep in mind that Micro$oft cooperates with all intelligence requests, constitutional or not. your security is gone right there

[–]S35X17 13 points14 points  (9 children)

I read somewhere there a two Israeli firms who are helping authorities around the world with iOS hardware locks.

[–]JoseJimeniz 25 points26 points  (7 children)


They probably found a bug in the SecureEnclave code and exploited it.

Hopefully Apple figured out the vulnerability and closed it. They were demanding the FBI turn over information on how it was done.

Fortunately any evidence the FBI obtain they won't care try to use in court - as they'd have to explain their chain of evidence - and how the phone was hacked. For now the FBI just realized that the San Bernadino terrorists phones contained nothing useful.

[–]AnUnwelcomePresence 31 points32 points  (0 children)

IIRC the device they unlocked was an iPhone 5c, so it didn’t have a Secure Enclave. I assume that made it easier to hack and that whatever method they used can’t be used on the iPhone 5S and above.

[–]muntaxitome 5 points6 points  (0 children)

Modern systems have a secure part that is very hard to clone (Apple calls it secure enclave). This is basically what the FBI is complaining about.

[–]shitterplug 3 points4 points  (0 children)

Nope. Apple phones are 'hardware encrypted'. They really can't do shit to get into it.

[–]OhHeyalNah 340 points341 points  (163 children)

But with the facial recognition feature, can’t a cop just hold the phone up to the persons face and bam! It’s unlocked!

[–]victorfiction 288 points289 points  (41 children)

Yea but it doesn’t work if you make a silly face.

Edit: Seriously I just tried it.

[–]JimBrady86 240 points241 points  (25 children)

Nothing a taser can't fix.

[–]victorfiction 263 points264 points  (10 children)

That’s how you end up with permanent silly face.

[–]ImSpartacus811 62 points63 points  (9 children)

Would it be apt to call that a... taser face?

[–]molotok_c_518 21 points22 points  (0 children)

What was your second choice... Scrotum Hat?

[–]Neurorational 78 points79 points  (11 children)

"Ha ha, copper, that was my taser face - my iPhone can only be unlocked with my orgasm face!"

[–]Yggdrasilcrann 81 points82 points  (1 child)

"That can be arranged" ziiiip

[–]Joshtopher_Biggins 34 points35 points  (3 children)

taser face

Sounds like a good street name

[–]Eknoom 12 points13 points  (3 children)

Do you know how they milk semen from bulls?

Electrode to the testicle, I imagine a taser to the nuts would do similar...

[–]nightwing2000 3 points4 points  (2 children)

Actually I heard it was an electrode up the butt, to stimulate the prostate.

[–]floydBunsen 3 points4 points  (1 child)

they do this for sheep too.

[–]ShadowOfAnIdea 5 points6 points  (0 children)

Would be an amazing excuse to never resond to your s.o.'s texts

[–]DirkDiggler531 35 points36 points  (13 children)

Eyes have to be open too, so they can't unlock your phone while your asleep

[–]Carol_Dough 67 points68 points  (3 children)

Most have their eyes open when they die

[–]photenth 46 points47 points  (1 child)

Bonus: Once you are dead you can't complain about your right to privacy.

[–]k3rn3 30 points31 points  (0 children)

Solution: die with your tongue hanging out and X's for eyes, for security reasons

[–]911ChickenMan 11 points12 points  (8 children)

Or blinded by pepper spray.

[–]markmore679 143 points144 points  (75 children)

I've always thought about this. The only reason I use fingerprint recognition is because it's convenient. If somebody really needed to get into my phone, it'll be easier to obtain my thumb than a complex password

[–]SixPackAndNothinToDo 237 points238 points  (51 children)

Weirdly, the Supreme Court has decided that police can require you to open your phone using your fingerprint, but can't require you to give out your password.

Before handing your phone to the police, make sure the password is on.

[–]douko 179 points180 points  (10 children)

Biometrics are something you have/are, so they can be compelled by the court like regular fingerprints, etc.

Passwords are something you know, and you can't be compelled to testify against yourself.

[–]PsychoBored 87 points88 points  (4 children)

So potentially, if we one day have 'brain scanners' (thinking black mirror), would someone be required to take it to find out your password since it is something you are/have (in your brain)?

I think the laws need to be updated to stay up to date with the technology.

[–]Mac33 59 points60 points  (19 children)

On an iPhone you can press the power button 5 times quickly, and that locks it so it requires your passphrase.

[–]fullforce098 38 points39 points  (9 children)

I wish there was a way to set a specific finger to lock it down and require password. Like my thumbs and right index finger unlock the phone but if I use my left index finger, it locks it down. That way if I forget to hit the power button 5 times or whatever it is on Android, and the cop demands I unlock it I just use my left index and "Oh what? That's odd it's locked more now how did that happen?"

[–]flippedlife[🍰] 14 points15 points  (3 children)

If you just use a wrong finger a few times it will lock out Touch ID.

[–]DemIce 6 points7 points  (2 children)

Though in the scenario where you're being compelled to unlock it using your fingerprint, wouldn't purposely using the wrong finger (presuming that could be proven) lead to an obstruction charge?

[–]StockingsBooby 3 points4 points  (0 children)

They could only prove purpose if you admit it.

Plus, my proper finger has trouble with TouchID fairly often.

[–]cheers_grills 7 points8 points  (3 children)

You can propably do it with root.

[–]MonkeyNews247 6 points7 points  (11 children)

This is not true in the UK though

[–]CaCl2 8 points9 points  (9 children)

UK doesn't have protection against self-incrimination?

[–]alexmbrennan 34 points35 points  (3 children)

Not since section 49 of the regulation of investigatory powers act came into force in 2007 - it's up to 5 years in prison if you don't decrypt data on demand, and potdntially an extra 5 years if you tell anyone about the section 49 notice after being told not to.

This isn't exactly news, but for some reason no one cared about these bizarre information security policies until the Tories came to power.

[–]iehova 11 points12 points  (0 children)

Wow I feel terrible for the people who have actually forgotten encryption keys.

I had a laptop I had to reformat last year because I forgot my disk encryption password. I'd have been screwed if I was being investigated and lived in the UK.

[–]Jebusura 4 points5 points  (0 children)

Holy balls! Are you sure about that? That's insane really. What would happen if you forgot a password to an encrypted device that you hadn't been using for years (and therefore legitimately could have forgotten the pass key)?

[–]DamagedFreight 58 points59 points  (3 children)

If you are ever detained - turn your phone OFF (hold down the button). This conserves battery of course and the passcode is required on boot and a fingerprint or faceprint won't work until the passcode is used.

[–][deleted] 8 points9 points  (0 children)

And for iPhone X if you hold the power and volume up button to get to that menu where you can shut off. That’s all you actually need. You can exit that menu without turning off and then faceid is turned off

[–]Confirmation_By_Us 2 points3 points  (0 children)

Don’t wait until you’re detained.

On iPhones, click your power button five times before you go through airport security, or a border crossing, or when you get pulled over. Basically anytime you expect to interact with authorities.

[–]im4potato 13 points14 points  (6 children)

TouchID doesn't work with severed fingers, although I think you'd let them into your phone before you let them do that.

[–]WhoreaTheExplorer 21 points22 points  (5 children)

Yeah Touch ID actually detects the natural static that your pulse produces as a security feature to stop a severed thumb or somebody trying to hijack your fingerprints somehow

[–]ProbablyanEagleShark 4 points5 points  (2 children)

Because what really matters here, is making sure they can't get into your phone.

[–]eatsfooddrinkscoffee 18 points19 points  (0 children)

To be fair, this also disincentivizes dismemberment.

[–]nightwing2000 2 points3 points  (0 children)

If it's gotten to that point, at least your phone contents, bank information, contact phone numbers, etc. are not an open book.

[–]SpaceMasters 21 points22 points  (2 children)

My pixel will sometimes make me use my pin. Usually when I reboot it or when it thinks I've died and someone's pressed my dead finger on the scanner.

[–]wasteoffire 8 points9 points  (0 children)

Mine often does if I have any amount of sweat on my hands

[–]Tslat 15 points16 points  (3 children)

Like Sixpack has said below - US law dictates that biometrics is not legally exempt.

If the police require your facial id to open your phone, they have the legal right to require you to do it. This applies to fingerprints too.

A password however, they cannot

[–]could_gild_u_but_nah 22 points23 points  (2 children)

That's why i dont use that stuff. I dont have anything to hide. But its none of their fucking business.

[–]rapescenario 2 points3 points  (2 children)

What if I told you I was going to cut your thumb off if you didn't give me the password.

[–]superbabe69 10 points11 points  (0 children)

“Go for it, it’s impossible to get in if my thumb is cut off”

Then sue for cruel and unusual punishment

[–]nightwing2000 2 points3 points  (0 children)

Think of it as a trade-off. Consider what is worse - they cut off your thumb which won't work, or they have the information on your phone? If it's that classic spy-thriller scenario where the phone has the list of double agents or the plans to the super-bomb, maybe a thumb is worth it.

or, don't use your thumb. Wait, you have two thumbs... which one is it?

[–]muchdogeisenseinyou 22 points23 points  (1 child)

After a few tries it will make you enter the passcode.

There’s also a button combo that will disable it quickly.

[–]RGTP_314 20 points21 points  (10 children)

I think they still require you to enter the passcode at regular intervals.

[–]bazhvn 15 points16 points  (9 children)

Pretty long interval actually (some 24 or 48h I don’t remember exactly). But there’re option required attention (ie open eyes looking into the screen) or just quickly turn off the biometric security (press power button 5 times).

[–]RGTP_314 16 points17 points  (7 children)

To be honest, biometric security is a step backward anyways. We're constantly broadcasting the information needed to unlock biometric security. The password + auto-wipe combo is a must if security is a priority.

[–]lannisterstark 32 points33 points  (1 child)

That's because biometrics should have always been the username, never the password.

[–]nullstorm0 2 points3 points  (0 children)

Apple already knows this. TouchID was implemented for two reasons, both of which boil down to “people are lazy”. The first was Apple Pay, because there’d be significantly less adoption from users if it instead required a PIN or password. The second is that people were just leaving their phones unsecured and unencrypted because they didn’t want to have to type in a password every time they opened it.

And as much as a password is better than biometrics, biometrics is better than nothing.

[–]Engineerdude05 9 points10 points  (1 child)

Not really. Just like finger print unlock, if you press the wake button 5 times, it will require you to enter password before allowing finger and facial recognition unlock to be used again. So a quick 5 taps is all you need to counter your proposal.

[–]SixPackAndNothinToDo 14 points15 points  (5 children)

Doesn't work if you have your eyes closed.

Also, before you hand it to the cop, hit the side button five times and it locks down the phone, requiring a password.

There's a lockdown option like this on all iPhones.

[–]ziekke 7 points8 points  (0 children)

*on all iPhones running iOS 11

[–]AwwwSnack 12 points13 points  (2 children)

No, actually. You have to make eye contact (part of why a mask model of a person won’t work either) . And if you hit the lock button five times it disables Face ID and starts a countdown to call emergency services.

[–]lordofthebinge10 4 points5 points  (0 children)

You can disable it and force a password.

[–]CaptainAlcoholism 89 points90 points  (11 children)

How dare those jerks stand up to our tyrannical, unconstitutional surveillance state.

[–]mouthpanties 269 points270 points  (32 children)

I cant handle this week. "Shithole" and now "jerks"... it offends my sensibilities!

[–]Mig_Whsiperer 32 points33 points  (5 children)

Just wait till they break out the leather.

[–]mouthpanties 30 points31 points  (4 children)

-clutches pearls-

[–]roiben 83 points84 points  (2 children)

ITT: Everything is a conspiracy and the goverment is a genius, well oiled, competent and effective institution.

[–]CJ_Guns 38 points39 points  (0 children)

Alternatively, anything remotely positive about Apple is a planted ad.

[–]Crazyhates 7 points8 points  (0 children)

Don't forget stable.

[–]TheAdAgency 96 points97 points  (3 children)

One FBI forensic agent != official stance of the FBI

[–]JerryLupus 6 points7 points  (0 children)

And making it harder to crack!=too difficult to crack

"Harder" and "more difficult" is NOT impossible.

Apple recently made its iPhones even harder to access.  It has recently added a trick that makes password cracking software much slower, making it more difficult for law enforcement to break into phones, he said. 

[–]BackupBackdown 45 points46 points  (0 children)

Those jerks, protecting people's privacy and all that shit. What kind of dick does that?

[–]NukeMagnet 116 points117 points  (83 children)

Notice they don't complain about Android

[–]JoseJimeniz 67 points68 points  (19 children)

Apple does have a better design than Android.

The data sitting in the Android filesystem is encrypted. This is true today when you use full-disk encryption (FDE) provided by dm-crypt. It is also true of file based encryption provided by ext4 filesystem. Data at rest is encrypted.

On the other hand, encryption keys on Android are not wiped from memory when the phone is locked.

The phone needs keys in memory in order to function:

  • It's how it can check your email while locked
  • it's how it can connect to wifi networks
  • it's how it can show who's sending the text

The dm-crypt key is entered during boot, and is not wiped from memory when the phone is locked. Otherwise the OS couldn't function.

Apple does have a better design

Apple iOS does not use FDE, they use per-file encryption of users files. The extraordinarily interesting (ingenious) thing about their implementation is that there are three different levels of keys. This allows different level of access to files:

  • files that are unlocked as soon as the device boots
  • files that are unlocked the first time your unlock your phone (and remain unlocked until the device is rebooted)
  • files that are unlocked when you unlock your phone, and locked again when the device is locked (I.e. the key is wiped from memory when the device is locked)

It's important to note:

  • some files (encrypted at rest) always have the key available
  • some files (encrypted at rest) remain available even after you lock your phone
  • some files (encrypted at rest) are only available while the phone is unlocked

It's also important to note that even though Apple does wipe some keys from memory on lock: it doesn't wipe all user keys. Otherwise the phone couldn't function.

For Apple system applications, they always tried to use the the key that is wiped from memory on lock. By default, 3rd party apps were encrypted with the key that not wiped during device lock. Any third party app had to opt-in to the "only while device unlocked" key. The concern was compatibility - that some apps would fail if their files were not available when the app first runs at boot (when the user hasn't yet unlocked the phone, releasing the app data).

It was 2 or 3 years ago, when Apple finally defaulted "all* apps to the "available while unlocked" key. And that caused the big stink with the FBI because now data is being encrypted, and the keys are wiped when locked.

But not all data is locked when phone is locked. Reboot your Apple phone, do not unlock it yet, and get a text message. The phone will not be able to show you your contact's picture. Now unlock the phone by entering your pin, lock the phone again, and receive a text: the phone can show you your contact picture. That is because your contacts are unlocked when you first enter your PIN and that key is not wiped from memory until reboot. The data it is still encrypted at rest: the key is just available in memory.

Could Android adopt this kind of multi-level key model? Sure. But it would require completely violating the existing programming model, breaking the API promises given to every app that already exists.

The Apple A7 has a customized version of the ARM's "TrustZone" - that Apple named the "Secure Enclave".

The TrustZone/SecureEnclave is a separate area of the phone that runs a different, miniature, operating system. It is smaller so that there's less chance of being able to root-kit it with exploits (less code, less possibility for bugs).

  • The SecureEnclave operating system can see and access the entire phone
  • The iOS operating system cannot access the Secure Enclave area

The Secure Enclave is where the code exists that enforces a time delay when you manually try to bruteforce keys. And it's the code in the Secure Enclave that wipes the phone if you exceed your number of failed attempts. And it is the code in the Secure Enclave that encrypts the user's password with the hardware bound key in order to create the file-encryption key.

Without the hardware-bound private-key, and the Secure Enclave on that phone to run it, you cannot re-create the encryption key needed to decrypt files.

The FBI is unable to modify the code in the Secure Enclave, because it must be digitally signed in order to run, and only Apple has the private key.

What needs to happen in the next iteration of all phones, is that the hardware itself - before transferring control to the SecureEnclave/TrustZone/TEE operating system - needs to calculate the hash of the entire Secure Enclave firmware. That hash needs to be kept in memory of the hardware - unwriteable by any code running in the Secure Enclave.

In this way, the encryption key for files on the phone are the "entangled" mixture of:

  • the user's pin/password
  • the hardware-bound private key
  • the fingerprint of the Secure Enclave code

That way if anyone modifies the code of the Secure Enclave, the original encryption key cannot be recovered.

Such a concept (a piece of dedicated hardware storing a hash of the code that makes up the operating system) already exists in the PC universe: It's the TPM. The TPM allows you to "bind" a password to the current state of the system. Modifying the BIOS, the boot sector, or core operating system files, will mean you cannot recover the original encrypted data.

I assume Apple engineers already know this, are already thinking about it, and are in already in contact with ARM (the designers of the iPhone processors), to investigate doing it.

Unfortunately it would probably be like a 2 year cycle to design and test new hardware. We need it now!

Other phones have the equivalent of the Secure Enclave. It's ARM's TrustZone.

  • Apple called it "Secure Enclave"
  • Samsung called it "Trusted Execution Environment"

But Apple was the only one to employ

  • per-file encryption
  • on by default
  • with a key that is wiped from memory every time you lock your phone.

The best Android has is dmcrypt - whole volume encryption, which doesn't dismount when you lock your phone. Android needs to adopt an entirely new filesystem in order to support per-file encryption.

[–]KniFey 7 points8 points  (1 child)

I think Android 8 introduced per-file encryption.

[–]Acheron-X 8 points9 points  (0 children)

It's been in the OS since Android 7. There are many problems with it however - see this article.

in 2016 Android is still struggling to deploy encryption that achieves (lock screen) security that Apple figured out six years ago. And they’re not even getting it right.

I really do hope that they can get it right however; a cheaper and equally high-quality alternative is a good thing.

[–]iJeff 2 points3 points  (0 children)

Excellent post - thanks.

[–]JonTheFeeder 2 points3 points  (0 children)

wow, TIL a lot about phone security

[–]Zipperskin 2 points3 points  (1 child)

As an Android partisan I want to thank you for explaining an area where Apple has inarguably implemented a superior technology.

So... thanks!

[–]muchdogeisenseinyou 220 points221 points  (36 children)

Doesn’t help that Google’s entire business model is selling your personal data.

[–]SixPackAndNothinToDo 108 points109 points  (18 children)

Google doesn't sell your personal data.

As someone who has used Googles ad network, I can attest to that.

Google uses your personal data to target ads. But no one outside of Google ever gets to see it. If anything, Google is incentivised to keep your data under very high security, because your data is such a competitive advantage to them.

[–]ZoomBattle 52 points53 points  (7 children)

because your data is such a competitive advantage to them.

I am overcome by a warm and fuzzy feeling and I wish the modern world wasn't so fucked up that I could be joking.

[–]SixPackAndNothinToDo 23 points24 points  (0 children)

I'm not saying it's good. I'm just saying it is what it is.

[–]Tslat 6 points7 points  (1 child)

Something has to pay for them servers

[–]ZoomBattle 3 points4 points  (0 children)

Yeah, I'm just talking about how strangely reassuring it is that my data is worth something and worth protecting.

[–]doxxmebro 5 points6 points  (0 children)

Incentives drive the world, feelings aren't worth much.

[–]Asystole 5 points6 points  (0 children)

I wish the modern world wasn't so fucked up

Which non-fucked up point in history would you prefer?

[–]olivias_bulge 7 points8 points  (0 children)

Mostly because you have to enable much of the encryption and most dont. Also 'android' is too broad to be meaningful.

[–]tenten8401 16 points17 points  (0 children)

Depends on the phone. Some have proper encryption and security and some can easily just be plugged in and messed with. The way manufacturers ditch a phone's support for their newest models so fast really pisses me off.

[–]RedHermit1982 16 points17 points  (2 children)

That would make the Apple Store the "Jerk" Store

[–]tenaughtfive 2 points3 points  (0 children)

They called, and they’re running out of you!!!

[–]SoaDMTGguy 2 points3 points  (0 children)

And they’re all out of you!

[–]LonoRising 147 points148 points  (3 children)

“FBI convinces morons that iPhones are unhackable.” No, really, go ahead and speak freely - we are so totally not listening to you....

[–]bagel-master 5 points6 points  (0 children)

I always give the “noNSA” label to my questionable messages, so it’s cool.

[–]ShapesAndStuff 21 points22 points  (0 children)

Yea it just reads like an ad and nothing else.

[–]WWDubz 3 points4 points  (1 child)

If one FBI employee calls apple jerks, is that the entire FBI calling apple jerks?

[–]iamwhiskerbiscuit 3 points4 points  (0 children)

The FBI are jerks for forcing tech companies to create back doors which hackers use to cause HUNDREDS OF BILLIONS of dollars in damages. Damages that taxpayers have to pay for... Including Millions of stolen IDs. Apple... Is ultimately saving taxpayers billions of dollars and a whole lot of headaches. Thanks Apple...

[–]modsarevirgins 33 points34 points  (12 children)

this sounds more like fake news advertising than anything. omg guise, iphones are so hard to crack now.

[–]adamdavenport 6 points7 points  (3 children)

Seriously—they even mention brute forcing a password to unlock a phone, but iPhones have had the “everything gets erased after x attempts” thing for years, I don’t know what they’re talking about when they say “apple slows the number of attempts per minute”

[–]TwoToedSloths 3 points4 points  (2 children)

If you continuously input an incorrect password the phone locks up for 1 minute, then 5, then 10, then an hour, and so on.

[–]adamdavenport 2 points3 points  (1 child)

...if you put in 10 incorrect passwords, the device wipes itself. Maybe they’re saying if you disable that? It’s enabled by default.

[–]Its3pic 23 points24 points  (5 children)

Well tbf, they are. To gain root access, aka crack the iPhone you need an exploit that bypasses iBoot and KPP, like how people use exploits to create Jailbreaks. It’s literally 1 in a million to find a working exploit for one version of IOS

[–]JCMcFancypants 3 points4 points  (0 children)

I could see that.

"Hey, random FBI employee, I'll give you $500 to bitch publicly about how great my product is."

[–]Stupid_Triangles 2 points3 points  (0 children)

That is both of their jobs so... I guess this is news.

[–]ATPsynthase12 2 points3 points  (0 children)

corrupt government agency with too much power gets angry at tech company for making their products too difficult to crack and spy on citizens

I HATE apple products but I hate corrupt govt. alphabet agencies even worse.