Author Topic: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...  (Read 20825 times)

Offline tk[as]

  • Server Admin
  • Dragon
  • *****
  • Posts: 5021
    • View Profile
ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« on: February 23, 2016, 10:18:56 PM »
do you believe the FBI needs apple's permission/help to hack an iphone? do you think the source code is so complex that even with the resources available to the FBI, they cannot hack it on their own?


just curious about your thoughts on this matter.

Offline Delete mine too

  • Death Knight
  • *********
  • Posts: 2652
  • http://meatspin.com
    • View Profile
    • http://meatspin.com
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #1 on: February 26, 2016, 05:33:03 PM »
do you believe the FBI needs apple's permission/help to hack an iphone? do you think the source code is so complex that even with the resources available to the FBI, they cannot hack it on their own?


just curious about your thoughts on this matter.
It's possible that the situation is true, but come on the shit they can do... They probably spied on the apple developers and this is just a trick to get people to use IOS. Either or i would not be surprised.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #2 on: April 06, 2016, 03:35:27 PM »
There is no need for that.  They got the pw by using normal investigative procedures (duh, ask next of kin).  Theres no need to lower security just because the FBI or anyone else is to lazy to ask your mom what your pw might be.  I can tell you that from first hand experience with FBI cracking procedures, that they can take literally a PILE of documents associated with any case, run it through something similar to John the Ripper and do simple bruteforce attacks but they are more specific to the person.  It will go through names, bdays, addresses, etc trying combinations (forwards, backwars, common character replacements, etc) of anything and everything they have ever gathered that is associated with that person.  More likely than not, a person's pw is something that they associate with (easy to remember for that person).  IMO,  this is one of the possible ways that they "hacked" the iphone in CA.  The other is simply asking someone what the pw might be.

Bottom line,  the FBI was simply trying to use this case as an excuse to be lazy.  There has never, and never will be a valid reason that will ever justify lowering encryption security.
« Last Edit: April 06, 2016, 03:42:24 PM by {Lance} »
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline Rit

  • Grunt
  • ***
  • Posts: 245
    • View Profile
    • Rit's Youtube
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #3 on: April 07, 2016, 03:27:56 PM »
I'm just a low level tech but it takes me 5 minutes to bypass a password on a Android phone. I have never been able to get into an iPhone. 

Offline Lambchops

  • Ogre Mage
  • ********
  • Posts: 1541
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #4 on: August 17, 2017, 09:33:34 AM »
I know this is an old post, but I just noticed it, and it's an interesting topic, so here's my 20c..

Firstly I know very little about Apple stuff specifically, I'm a PC guy and I have never owned an iPhone.

Android vs. iPhone security.

I am quite sure that iPhone security would be 1000000x better than Android. In fact I'm pretty sure that a Commodore-64 would have better security than an Android phone.

Android is open-source, but the project was instigated, supported and guided by Google. Google's #1 business is data-mining, that's where they came from and that's how they make billions. Android is pretty much designed to have all of your personal information fed straight to Google and anybody they want to sell it to - this isn't a secret, read the fine print.

I still use Android phones (they are really cool and handy) I just don't use them to access my personal secure info. Email ... NO, Facebook NO... none of that TYVM.

Philosophically, I think Apple are at least trying to make their stuff reasonably secure. Mainly because apart from their brand appeal, that's pretty much all they have to offer that you can't get from an Android phone for 25% of the cost.

So to the core question here:
IS IT POSSIBLE TO MAKE A SECURE PHONE?


The answer is most definitely YES.

Apple (or anybody) could make their phones 100% secure ... and release the source code ... and even the people at Apple would still not be able to get into them. The fact that Apple can get into them is simply because they have built in back doors for themselves.

NOTE: I am talking about the device being shut down/sleeping and it being impossible to access without the correct password; if you are accessing some network resource, there is always the chance of that communication being intercepted, although if properly encrypted that should still require compromising one of the devices involved in the transaction (phone/modem/server..)

To make a device secure, you only have to have all the user data saved to encrypted storage then use the user's password to encrypt the full encryption key for that storage device. I've never looked it up, but I assume this is how it is done.

Without going into too much nerdy detail, modern encryption algorithms are secure because of the amount of time it takes to calculate very large prime numbers, which is considerable, so once the encryption key becomes sufficiently large, the amount of time required to reconstruct the key exceeds the age of the known universe... You have a better chance of success getting your cat to type in random passwords for you.

There is no getting around this, it is a mathematical fact. Nobody has ever reversed this kind of encryption, it is beyond the knowledge of mankind.

All that stuff on TV where someone finds some encrypted hard drive and some actor pretends to type something on a keyboard, then magically the plans to the death-star appear..... it's all just complete and utter garbage.

All of the hacks and exploits that are used to breach security do it by attacking faults in the hardware/software that is handling secure transactions - i.e. where some machine somewhere already knows what the decryption key is, that machine is tricked into either decrypting the data for an unauthorised user or supplying the key to them so they can decrypt it themselves.... but actually reverse engineering the key? No sir. No way. Never happening.... not without a quantum computer ayway.

There is no need for a local encryption key to ever be transmitted or leave the device. If the encryption process was not in any way deliberately compromised by the manufacturer, or some malicious software installed on the device (keyloggers trojans etc.) there would simply be no possible way that anyone could ever access it.... unless your cat got REALLY lucky.

Attempts at hacking it would have to involve trying to exploit vulnerabilities in the OS to get it to supply information, but this could ONLY be done when the user had unlocked the phone with their password. If you phone was not compromised, and you switched it off, then the FBI, Apple and Santa-Claus all working together could never get into it.

Even if you assume that people aren't stupid enough to use their kid's birthdays or the name of their goldfish or whatever,  social hacking techniques are a real threat. People are more aware these days than in the past, but for serious security the most dangerous types of attack remains someone tricking a user into entering their password under a spycam or into a compromised device and simply recording what they type in etc.

... but anyway .... could they make their phones totally secure? YES. Have they done this? NO. Because they themselves can break into their own phones, so if the FBI or whoever do manage to break in, they will do it by hacking the back doors Apple have built in themselves.

... and any manufacturer will always cave in the end and give the FBI what they want – although not before getting a whole lot of security publicity by making a big deal out of it in the media.

                                                                                                :critter:


KIDDIES CORNER: Want to hack the entire world's security and become a Cyber-GOD? Just develop a fast algorithm for calculating large prime numbers ..... easy right?
;)
its gooder to hax hard and NEVER get caught!

Offline mousEtopher

  • Administrator
  • Ogre Mage
  • *****
  • Posts: 2065
    • View Profile
    • War2.me
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #5 on: September 21, 2017, 08:37:53 AM »
great post Lamby, very interesting & informative & in classic entertaining Lamby style! this gives a nice primer to the subject of encryption technology which I have only some limited familiarity with but is a highly important issue for safeguarding the right to personal privacy. it also clarifies why the old version of the discontinued TrueCrypt is still such effective & valuable encryption software
squeak!

Offline shesycompany

  • Death Knight
  • *********
  • Posts: 3587
  • retired, be in music section
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #6 on: February 16, 2019, 03:27:22 AM »
yourfucked

Offline Lambchops

  • Ogre Mage
  • ********
  • Posts: 1541
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #7 on: February 17, 2019, 06:28:25 AM »
great post Lamby, very interesting & informative & in classic entertaining Lamby style! this gives a nice primer to the subject of encryption technology which I have only some limited familiarity with but is a highly important issue for safeguarding the right to personal privacy. it also clarifies why the old version of the discontinued TrueCrypt is still such effective & valuable encryption software

Oh thanks mousey, missed this reply when you posted it.

Yeah, TrueCrypt is an excellent example of my point. It's old, unsupported, open source and uses multiple known algorythms but a TrueCrypt volume is still uncrackable and will remain uncrackable, unless the type of quantum processor that is still very much in the realms of sci-fi is ever realised.

There are methods that theoretically could work if an active machine is comprimised, but if it's switched off then the hard drive is just an unreadable brick, now and forever.


Heh good ol' EC digging up vintage threads  :)

its gooder to hax hard and NEVER get caught!

Offline shesycompany

  • Death Knight
  • *********
  • Posts: 3587
  • retired, be in music section
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #8 on: March 20, 2019, 09:15:39 PM »
crashing my neurons lol

Offline shesycompany

  • Death Knight
  • *********
  • Posts: 3587
  • retired, be in music section
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #9 on: March 20, 2019, 09:15:58 PM »
lol old to me is more like 2002 yahoo

Offline picka_materina

  • Grunt
  • ***
  • Posts: 63
  • I like logs
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #10 on: September 23, 2019, 06:30:13 PM »
... but anyway .... could they make their phones totally secure? YES.
Actually, no. To make something "totally secure", it would have to be void of any and all outside influence other then the person handling the device, that includes the kernel/OS and everything on it. This is clearly not possible and not done by anyone so no. There are "semi" secure things such as agencies making their own soft/applications, but they're still open to the agency itself that created that same soft.
You can encrypt all day long, once you "install" something/anything you can get fucked. Did you code your OS? No. Well then you're not 100% secure. This will never change, it's impossible to have something 100% secure.

And cryptography was never about things being reversible. They're called "hashes" for a reason. They're not meant to be reversible. Long gone are the days of things being reversible. And long gone are the researcher focusing on the reversibility. It's by accident mostly that collisions are found in hashes.

ya, post's old, i have nothing to write about and jordan never spoke here. Where are thou?
Yea its me.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #11 on: September 25, 2019, 08:13:15 PM »
... but anyway .... could they make their phones totally secure? YES.
Actually, no. To make something "totally secure", it would have to be void of any and all outside influence other then the person handling the device.... <SNIP GARBAGE>

Wrong.  The only way to secure an electronic device is to remove any power sources to it and then melt it into goo just to be certain it's gone for forever,  then bury the evidence of the goo and hope no one finds it.  Still dumb as a rock I see.
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline shesycompany

  • Death Knight
  • *********
  • Posts: 3587
  • retired, be in music section
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #12 on: September 26, 2019, 12:13:28 AM »
noone like s me jessu ran ooff goddamn

Offline shesycompany

  • Death Knight
  • *********
  • Posts: 3587
  • retired, be in music section
    • View Profile

Offline Lambchops

  • Ogre Mage
  • ********
  • Posts: 1541
    • View Profile
Re: ATTN: Tupac, Lance, Jordan... any other programmers/hackers...
« Reply #14 on: September 26, 2019, 10:30:12 AM »
If you phone was not compromised, and you switched it off,

Duh. Try reading, you might learn something.

-- edit --

...and actually I wrote that when phones still actually switched off. These days they tend to have the batteries sealed in them so you can't remove them, and even when they are "switched off" they aren't completely off.

This is just another example of phone manufacturers deliberately making their devices less secure, and just further proves my point.

If the phone's data was correctly encrypted and the device was completely powered down, it would be totally secure. There is no reason why they can't all be made this way, but they are all made with back doors deliberately built in.

If anyone can't understand that, I suggest re-reading my original post then doing some research and/or getting and education.


melt it into goo just to be certain it's gone for forever

No mate. Encryption works. You have been watching too much TV.

There are methods that theoretically could work if an active machine is compromised, but if it's switched off then the hard drive is just an unreadable brick, now and forever.

... and yes the FBI put a whole team of cyber-specialists on it, and they got exactly nowhere. Look it up.

« Last Edit: September 26, 2019, 11:03:07 AM by Lambchops »
its gooder to hax hard and NEVER get caught!