Friday, February 19, 2016

About McAfee's claim he could unlock iPhone

So John McAfee has claimed he could unlock the terrorist's iPhone. Is there any truth to this?

No, of course this is bogus. If McAfee could do it, then he's already have done it.

In other words, if it were possible, he'd just say "we've unlocked an iPhone 5c running iOS 9 by exploiting {LTE baseband, USB stack, WiFi stack, etc.}, and we can therefore do the same thing for the terrorist's phone". Otherwise, it's just bluster, because everyone knows the FBI won't let McAfee near the phone in question without proof he could actually accomplish the task.

There's a lot of bluster in the hacking community like this. There is a big difference between those who have done, and those who claim they could do.

I suggest LTE baseband, USB stack, and WiFi stack because that's how I'd attack the phone. WiFi these days is pretty well tested, so that's the least likely, but LTE and USB should be wide open. I wouldn't do anything to help the FBI, though. The corrupt FBI goes around threatening security-researchers like me, trampling on our rights, so they've burned a lot of bridges with precisely the people who could help them in such situations.

I would assume the NSA already has an LTE baseband exploit for Apple phones. If they don't, then what else are they wasting their tax dollars on? However, the NSA hates the FBI (and rightly so: the FBI are a bunch of corrupt fucktards), so I don't see them wanting to help the FBI in any way. Indeed, the entire point of te USA FREEDOM ACT was to wrest control of the phone metadata from the NSA and give it to the FBI, so the NSA is particularly hating the FBI right now.


  1. Why wouldn't the President force the NSA to do the dirty work for the FBI? I, as a layperson, don't think what you're saying makes sense.

  2. Maybe this is off-base, but my gut is telling me this is a political, not national security issue. If they believed there was actually information on that phone that could protect vital interests, then the NSA would have done their job and broken the phone with the LTE baseband exploit or such that (as Robert said) they almost certainly have. The phone is a physical piece of evidence seized in an investigation (so "metadata" doesn't enter into it); so it should be legally cut-and-dry that both agencies can take their best shot at breaking it open.

    It may well be that the FBI already has a pretty good idea what will be on that phone. Maybe there was even a computer or cloud backup that they've already been able to get into. The "undecryptibility" of this phone is a political gold-mine for the FBI, because they've been pushing Congress very hard to enact regulations requiring encryption backdoors, and the San Bernadino Two's phone is just about the best PR they could get for their cause.

    In other words, "Never let a crisis go to waste..."

  3. pithom, the days when a President could force NSA to do anything they don't already want to do are long past. They have complete recordings of every national politician's every activity going back at least a decade. For those politicians who haven't done nineteen things they wouldn't want made public, NSA have forged evidence of that horrible shit they haven't done. Comb-over Donny's desk will be covered with stacks of his own surveillance dossiers when he walks into the Oval the morning after his inauguration.

    A better question would be if there's anything NSA can't force the President to do.

    Even if NSA were inclined to do the President a favor, why on earth would he waste it on something FBI wants?

  4. I have no doubt he could do it (seriously look at all the iOS security holes being brought to light each week, we also *KNOW* the NSA can, so why not?), he's just playing his version of the same game the FBI and Apple are playing.

    It is to the great benefit of both the FBI and Apple to do the whole smoke and mirrors thing and end up pretend apple won, therefore your average Joe who knows nothing about security will think iOS is bulletproof and all their data is totally secure when it in reality isn't. apple sell more devices to gullible people, and the FBI doesn't need to contend with encryption it can't (or can't easily) deal with.

    McAfee knows this, he would gain nothing, but potentially loose a great deal by actually publicly cracking the phone, or blowing the whistle on the whole ruse. He does however stand to gain a great deal by saying "yea, me and my team probably could have, but we weren't allowed, so we'll never know" it's actually a very clever play, that gets his name connected (and in the limelight) without any actual risk.

  5. I don't believe he was thinking of a vulnerability in any of the stacks, he mentioned "We will primarily use social engineering, and it will take us three weeks."

    My guess is that he would social engineer the manufacturers in China into revealing information about the processor GID or even looking for predictable patterns in the UID. Theoretically if he could get them to reveal that information, it would significantly reduce the keyspace making cryptanalysis easier.

    I do agree with you in that if he could do it, he would have followed the "better to ask for forgiveness then permission" perspective. Either way, I a part of me hoped they took him up on the offer, it would be interesting to watch anyone eat their shoe.