Apple Unlocking iPhones vs US Government

You are very welcome to avoid providing a few lines to let other people understand what you mean and simply repost

Nothing to avoid Jaclaz, but you are being a little bit petulant on this matter. It doesn't help bringing this sort of approach as it spoils for the rest of us in what has been, so far, a good all round discussion topic.

Do you actually work in this area, at all, Jaclaz? I noted when Rolf asked you a question in his post to you, you strangely avoided answering his question?

If you had simply asked the below, of course, I would have responded.

Can you provide a few lines to let other people understand what you mean

But I thought by that icon face you used you had quickly read but also misread my earlier post and I thought that you had not comprehended the words "EXAMINATION PROCEDURES IN EMERGENCY CASES" clearly.

The focus is as the words are written. Behind the focus is to draw out as many reports on the accidental resetting of password in this case and how to avoid that in the future. The knowledge and understanding we gain can help all of us who are required to act under pressurised circumstances.

Here are some other weblinks about this story
http//thehackernews.com/2016/03/encryption-keys-android.html?
http//thehackernews.com/2016/03/reset-icloud-passcode.html

Do you actually work in this area, at all, Jaclaz?

No, I don't, and BTW this is a public and known fact, or at least a digital investigator would have found out this in no time
http//www.forensicfocus.com/Forums/viewtopic/t=10993/
http//www.forensicfocus.com/c/aid=65/interviews/2013/jacopo-forum-member-jaclaz/

I noted when Rolf asked you a question in his post to you, you strangely avoided answering his question?

Yep, but you failed to note how that was just another "let's make things symmetric" reply, as I had asked him the same question 3 (three) times without receiving an answer in this thread
http//www.forensicfocus.com/Forums/viewtopic/t=13737/
http//www.forensicfocus.com/Forums/viewtopic/t=13737/start=21/

BTW, I perfectly understand how someone may want to not disclose what his/her activities are or - in the case of a LEO (Law Enforcement Officer) or similar - what specific force/organization he/she works for.

If you had simply asked the below, of course, I would have responded.

Can you provide a few lines to let other people understand what you mean

But I thought by that icon face you used you had quickly read but also misread my earlier post and I thought that you had not comprehended the words "EXAMINATION PROCEDURES IN EMERGENCY CASES" clearly.

I asked the focus of what, as this thread had originally (and IMHO) another focus, being titled specifically "Apple Unlocking iPhones vs US Government" and IF you really thought that I could not understand the meaning of the words "EXAMINATION PROCEDURES IN EMERGENCY CASES" you were not particularly helpful in re-posting "EXAMINATION PROCEDURES IN EMERGENCY CASES".
Most probably it's the use I make of smilies that created the misunderstanding, the one I used ? has a text description of "confused" that (in my perverted mind) I thought being accurate when asking a question like that.

The focus is as the words are written. Behind the focus is to draw out as many reports on the accidental resetting of password in this case and how to avoid that in the future. The knowledge and understanding we gain can help all of us who are required to act under pressurised circumstances.

I understood alright what the focus is according to you, "EXAMINATION PROCEDURES IN EMERGENCY CASES", I asked what was the subject of the focus.

However, it doesn't matter ) , sorry ( for the misunderstanding interlude.

jaclaz

What’s a 'cyber pathogen'? San Bernardino DA baffles security community

The "dormant cyper pathogen" 😯 is a nice new twist in the matter
http//arstechnica.com/tech-policy/2016/03/san-bernardino-da-says-seized-iphone-may-hold-dormant-cyber-pathogen/

A “cyber pathogen” could be “lying dormant” in the iPhone at the centre of the legal battle between Apple and the FBI, ready to unleash havoc on the critical infrastructure of San Bernardino county.

Funny “magical unicorn" part aside, isn't it standard procedure when seizing and examining mobile phones to block any network connections? Did anyone decipher what the judge had in mind when making this comment? ?

Did anyone decipher what the judge had in mind when making this comment? ?

To be picky, it was not the judge, it was the DA (District Attorney) while trying to convince the judge through an amicus brief.

And to me it seems to me like in this case he is actually walking the fine line
http//legal-dictionary.thefreedictionary.com/Amicus+brief

The amicus curiae walks a fine line between providing added information and advancing the cause of one of the parties. For instance, she or he cannot raise issues that the parties themselves do not raise, since that is the task of the parties and their attorneys. If allowed by the court, amici curiae can file briefs (called briefs amicus curiae or amicus briefs), argue the case, and introduce evidence.

The statement has IMHO at least one "may" in excess

The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure,

I mean, whether that particular iPhone ever has connected to the network (and when) should be a documented fact, coming from the network logs.

Anyway, if I were in the IT team of San Bernardino County computer network and I suspected that a "lying dormant cyber pathogen" was introduced in the network I would first look for it in the network, disable or neutralize it, and only later look for how exactly it was introduced.

Of course since we are in the realm of speculations/hypothesis, it could well be an "invisible, self-deleting lying dormant cyber pathogen" and the only way to know if it exists (or ever existed before self-deleting itself) would be to find the means with which it was introduced.

jaclaz

To be picky, it was not the judge, it was the DA (District Attorney)

oops - my bad roll

“.. to introduce a lying dormant cyber pathogen.. "

Forgetting about the rest of the statement by the DA, from what I understand from the phrasing in the above quoted part of the sentence and focusing just at the words marked in bold, "to introduce" means it hasn't happened yet and "dormant" means it's sleeping, resting, inactive. So if its dormant, a proper forensic handling of the device would make sure it remains at that state. Am I missing something?

So if its dormant, a proper forensic handling of the device would make sure it remains at that state. Am I missing something?

No you are not, rest assured.

However, still being picky on the exact text of the statement

… that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen …

The hypothesis in the past tense should mean that this (presumably) happened in the past, what would trigger the dormant status of the pathogen is unspecified but it is unlikely to be a new connection of the iphone to the San Bernardino network, usually whenever you place a lying dormant cyber pathogen on a network you put provisions to wake it that are not linked to a specific device, I mean what if Farook forgot the unlock password, or the device was lost/broken or fell in the hands of someone that manages to lock it by trying ten wrong passwords?

Still, traces of the lying dormant cyber pathogen should be found on the network that hypothetically hosts it, even one of the least intrusive programs in the world, NaDa v0.9
http//www.bernardbelanger.com/computing/NaDa/
is 1 byte in size wink .

Anyway some news
http//arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/

"This was a county employee that murdered 14 people and injured 22," Ramos said. "Did he use the county's infrastructure? Did he hack into that infrastructure? I don't know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone."

Seemingly more wishful thinking than anything else.

jaclaz

Yes, considering the hypothesis of the original statement

The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure,

is in the past tense could mean that this happened in the past, and if so then as you said network logs etc could prove or disprove that hypothesis. In that case the specific iPhone itself would just be the cherry on the cake. Unless the county network isn't properly secured and/or monitored ..

Anyway some news
http//arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/

includes a new statement

Ramos' office said the "Companies that introduce dangerous products, and it can be argued that the iPhone with its current encryption is dangerous to victims, are required to fix them. Companies that create environmental damage are required to clean it up," the prosecutor said in a filing Friday afternoon.

roll
From this statement only, one can get the overall logic and technical knowledge of the person making it and apply it to his other statements ..
Since when is encryption or otherwise the protection of privacy in any form dangerous to victims?? If anything in that statement was true, all arms manufacturers should be behind bars.

Since when is encryption or otherwise the protection of privacy in any form dangerous to victims?? If anything in that statement was true, all arms manufacturers should be behind bars.

Since criminals or however people making victims are "protected" by that same encryption or protection of privacy.

The wider point of debate (applicable in similar cases where a tragic event was already caused by criminal action) is that if you in any way break the encryption that a criminal uses (which is not strictly speaking dangerous to past victims, but that may potentially be dangerous to potential or future victims, and is surely dangerous to the process leading to have the criminal punished) you greatly risk to have it broken for everyone (including potential victims).

Let's say that someone belonging to an organized group of criminals or terrorists kills a person, he is caught red-handed and that on his phone a list of objectives of the group is found.

Wouldn't the impossibility of accessing that list and thus protecting the future victims be dangerous to them?

Do we have any evidence that surely such a list doesn't exist specifically on that iPhone?

On the other hand, what prevents - once a method is devised and delivered to the good FBI (or other GI or similar LE) guys - them from using it in some other ways?

trewmte posted earlier a nice scale of "crime relevance"
http//www.forensicfocus.com/Forums/viewtopic/p=6581725/#6581725

Place in your order of importance the below and highlight at what stage you would expect Apple to concede and backdoor their devices for the greater good?

10………………..backdoor device to find a burglary/car thief
9………………..backdoor device to find local cannabis supplier
8………………backdoor device to find IIoC photo distributor/procurer
7…………….backdoor device to find people trafficker
6…………..backdoor device to find arms smuggler
5………..backdoor device to find LE or civilian murderer
4………backdoor device to find agent spreading bacterial warfare
3…….backdoor device to find murderer of national president
2…..backdoor device to find kidnapper of 30 babies from hospital
1…backdoor device to find where nuclear device placed before explodes

Any level you choose, someone else somewhere is going to find acceptable level 11, 12 or 34 (or higher) in the extension of that list

…
34 ……….backdoor device to find the guy your own wife is cheating with
…
12…backdoor device to find the driver that just passed by speeding
11.backdoor device to find who made some graffiti on a public property

Only seemingly unrelated
https://en.wikipedia.org/wiki/The_Dead_Past

Happy goldfish bowl to you, to me, to everyone, and may each of you fry in hell forever. Arrest rescinded.

jaclaz

trewmte is right EXAMINATION PROCEDURES IN EMERGENCY CASES

There are based on the assumtion of device backdoored and unknown content 4 possibilities to think about

1. device not breakable - no unknown content
2 device not breakable - unknown content
3. device breakable - no unknown content
4. device breakable - unknown content

In cases 1 and 2 further damage cannot be prevented one think, but only 2 is right.
In cases 3 and 4 further damage can be prevented only by 4 as 3 is useless.

So in both cases chances are 50% of 'could have be prevented' or 'was able to prevent'. If the unknown content could prevent further damage is out of question.

As before starting to break everybody tends to fear the worst, a backdoor will for sure remain even Apple says 'no more backdoors'.

As everybody tends to self-protected thinking it will FOR EVER BE POSSIBLE TO BREAK (OR JUST WALK IN THE BACKDOOR).

Backdoors are hated by men, loved by by criminials and Gov-pushed to be from Gov/LE.

Its very clear. iOS keeps a backdoor. Its just where/who can officially read out data. Guess at certified Apple Points-of-Repair (POR) for the public and as semi-today LE.

Since criminals or however people making victims are "protected" by that same encryption or protection of privacy.

Understood, and I also understand LE's point of view in such cases. But as we all know, law tends to be abused for more than the usual 1-10 points (or 1-36 as you mentioned) of that table. Encryption is a tool used being used by everyone everywhere and the whole concept of encryption is that data remain secured. I don't want to even think about the implications of not having encryption in today's world.

The statement was

Ramos' office said the "Companies that introduce dangerous products, and it can be argued that the iPhone with its current encryption is dangerous to victims, are required to fix them.

My argument is that the statement that an encrypted iPhone is dangerous, is not logical. Guns are definitely dangerous to victims. Normal off the self items can be used to make an explosive device and therefore could be extremely dangerous to potential victims and there have been many cases where off the self products were used in terrorist activities. Do we ask these manufacturers to 'fix' their products? No. The debate on what consists danger is very wide. Even a stone is dangerous to someone that receives it on the head wink