Directory Comey made another misleading statement – twice – to Congress yesterday; namely that the FBI has attempted every possibility of unlocking the device on their own, and is even willing to accept input from any experts. Quite the contrary, at least three possibilities have come to light that the FBI has not yet explored:
The metadata of all files in the file system is encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user. The file system key is stored in Effaceable Storage. Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command from a mobile device management (MDM) server, Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.
So - if you copy that key - that one key that's, "not used to maintain the confidentiality of the data", then prevent the erasing system from working its magic.
The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.
The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.
Just because something is encrypted, doesn't mean you can't copy it. What's your source on this unreadable uncopyable "NAND" memory? Even if the filesystem key is stored encrypted by the UID and pin, if you can make a single copy of that encrypted block (and then repeatedly copy from that) - the complexity becomes a matter of brute forcing the pin (not the stronger UID or filesystem key). So, what's the story on this?
The attack makes sense. The filesystem key is not related to the UID, and the filesystem key is what is erased to prevent brute-forcing, not the encrypted file system on the SSD itself. If you get a copy of the eh, erasable memory (which may or may not be stored on the SSD), then you have the filesystem key. Be it that Apple is very mum about what actually talks to the devices, I don't know where that part of the memory is. Be it that the 5C doesn't even have a security enclave, I don't understand why you wouldn't be able to just find the key and plug in the algorithm. With the security enclave, the phones would be vulnerable to the same attack, but they'd be rate limited by the security enclave meaning a small alphanumeric code could make it impossibly long to get into - but the self destruct system is bypassable.
It's almost like the schmucks who are on the the list probably don't give a damn, except the ones who don't belong on the list or who are misidentified as being the ones on the list. Behold, KKK members David Duke and James Smith. Sure, James Smith might be the most common name in the USA, but herp derp KKK herp herp USA USA USA USA.
L8NT's patent pending methodology strips the M.A.C. addresses from packet headers and compares them to the M.A.C. addresses of known stolen devices in its database.
OK, so they want to become a patent troll.
It's a cop doing the patenting. I have no doubt he's excited and proud of his "invention". Let's think about this... Not every mom and pop burglary shop has decent IT staff, and they can get caught with said software. In fact, not every mid-sized business has decent IT staff that can make software like this. Furthermore, chances are the cops also don't have IT staff to make stuff (or use existing stuff) and then easily share it with other publicly funded IT staffs. It's almost like there's something of value to be had from dedicated developers and IT services while a large part of the computer illiterate world has yet to catch on.
I think in the case of Florida and the gulf coast, it might be better to say that a wetland is an equilibrium, and so is a coastline.
A man is known by the company he organizes. -- Ambrose Bierce