Overclock.net › Forums › Industry News › Technology and Science News › [CNET] Apple's iMessage encryption trips up feds' surveillance
New Posts  All Forums:Forum Nav:

[CNET] Apple's iMessage encryption trips up feds' surveillance - Page 12

post #111 of 122
Quote:
Originally Posted by Rubers View Post

Right, but you can't change your hash on these devices. It's hard coded into the silicon.

And my point is that the NSA will have this stuff well under their control.

You think you're hiding your stuff from them, but in reality they'll have anything they want, if they want it.

your point isn't really a point though. it's purely speculative and this article suggests otherwise (that's why they're complaining).

on top of that, as several people have pointed out, even if it were possible that wouldn't mean it would be practical in most instances, due to the time involved
post #112 of 122
Sounds more like federal troll bait.

"We can intercept iMessages easily but lets say we can't so all the criminals or people who think of doing any funny business will communicate through iMessage".

It's easier to nab people when you have all of them in one basket.
post #113 of 122
Eh I wouldn't be surprised if there was introduced either a modification to ios where there would be an archive of device certificates or ability to control a device at the end point level. You don't need to break encryption if you already captured the clear text data. Perhaps some government sponsored malware similar to stuxnet ?

Also it's amusing to me that so many of you haven't heard of hashing or one way functions ("if it can be encrypted it can be decrypted" etc). While the whole point of encrypting data is to retrieve it later, you can easily create an implementation where the only real method of attack ends up being brute force..
Edited by beers - 4/5/13 at 4:50pm
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #114 of 122
Quote:
Originally Posted by perfectblade View Post

your point isn't really a point though. it's purely speculative and this article suggests otherwise (that's why they're complaining).

on top of that, as several people have pointed out, even if it were possible that wouldn't mean it would be practical in most instances, due to the time involved

My point is solid. The NSA have the worlds best cryptographers and I fully believe they can crack AES256 without breaking a sweat. It's in the interests of national security that people believe it's unbreakable.
The Riginator
(20 items)
 
 
Wife's Rig
(5 items)
 
CPUGraphicsRAMHard Drive
Qualcomm Snapdragon S600 Adreno 330 2GB LPDDR3 NAND Storage 
Hard DriveOSMonitorKeyboard
Samsung 32GB MicroSD Android 4.4.2 KitKat 5 inch (441ppi) 1080x1920 Super AMOLED SwiftKey 
Power
2600mAh Battery 
  hide details  
Reply
The Riginator
(20 items)
 
 
Wife's Rig
(5 items)
 
CPUGraphicsRAMHard Drive
Qualcomm Snapdragon S600 Adreno 330 2GB LPDDR3 NAND Storage 
Hard DriveOSMonitorKeyboard
Samsung 32GB MicroSD Android 4.4.2 KitKat 5 inch (441ppi) 1080x1920 Super AMOLED SwiftKey 
Power
2600mAh Battery 
  hide details  
Reply
post #115 of 122
Quote:
Originally Posted by Rubers View Post

My point is solid. The NSA have the worlds best cryptographers and I fully believe they can crack AES256 without breaking a sweat. It's in the interests of national security that people believe it's unbreakable.

http://www.theinquirer.net/inquirer/news/2102435/aes-encryption-cracked

It takes a while, longer than we want to spend.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #116 of 122
This is impressive. More companies should do this.
post #117 of 122
If it isn't a publicly stated service, such as telecommunications, they can't do squat. You can run a personally encrypted VPN anywhere you wish, run it with AES or RSA and be secure. Though what you want, ideally, is a private VOIP protocol. Implement that and do a direct connection with VPN, use AES (faster) or RSA (SLOW!) for an extremely safe connection. Tapless phone calls anyone?

Being secure if you wish isn't hard, what's hard is giving the technology to people at an affordable rate. With a computer it is a lot easier to set these up, unfortunately due to specific laws you are mandated backdoors (local legislature regulations, do not apply to everyone).

This is an issue with every government, their isn't much they can do.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #118 of 122
Quote:
Originally Posted by Rubers View Post

My point is solid. The NSA have the worlds best cryptographers and I fully believe they can crack AES256 without breaking a sweat. It's in the interests of national security that people believe it's unbreakable.
The govt uses AES. If AES is broken, then there would be a new standard. If NSA can crack it, then it's possible others could crack it.
post #119 of 122
Quote:
Originally Posted by 5entinel View Post

Cleaned and reopened. Could we not have such hostility in this thread? Name calling won't be tolerated on this site.
Actually, trucrypt was sort of cracked last year

http://www.informationweek.com/security/encryption/forensic-tool-cracks-bitlocker-pgp-truec/240145127

It's ocn, what do you expect? Want to see actual hostility? Look at any amd vs nvidia fanboy thread, or perhaps an amd vs intel fanboy thread.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
2500k 5.0 ghz 1.39v Asus p8p67 deluxe SLI 465 4 gb gskill 1600mhz Cas 6 
Hard DrivePower
ocz vertex 2 60 gb 650 watt 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
2500k 5.0 ghz 1.39v Asus p8p67 deluxe SLI 465 4 gb gskill 1600mhz Cas 6 
Hard DrivePower
ocz vertex 2 60 gb 650 watt 
  hide details  
Reply
post #120 of 122
#1 the issue with this is more than likely a problem with the way iMessage is set up. This was originally caused because Apple wanted to pull their apple to apple messages out of SMS standards so that their devices could talk to each other privately on their own type of VPN that ATT could not charge users for text traffic with. That means Apple had to treat it like encrypted internet traffic. They then built the front end so that messages to other devices still went over sms and messages to iOS devices were re routed internet style. The back-end needed to be secure so they simply hand off the traffic to the encrypted destination device using standard PCI like trusted key.

Normally the carrier, ie ATT, Sprint, etc would get the request for the monitor messages from a phone. They could see any SMS messages sent to traffic but then not get any of the encrypted gibberish from iMessage to iOS device due to it being rerouted by apple. That being said Apple could data mine their data and get the messages out for the government but that would require a different type of request other than the standard warrant request which gets rubber stamped by Judges all the time and would not be live data unless apple was by request monitoring a specific users complete iMessage traffic.

#2 the second problem with it is the way our carriers have set up wireless. If you are trying to bypass the carrier all together and perform your own monitoring and support for a single device you are following then you would have to intercept the digital traffic on its way to the tower or have access to the tower network the carrier is using which then starts to step on the FCC's toes and would require their cooperation.

#3 don't for a second fall into complacency thinking a single static method of encryption is the end all top level of security. There is a reason that PCI requirements are about to bypass softkey encryption all together and move to hardware ipv6 based access. The cyber criminals of today are getting better and better at breaking or patterning encryption methods so that they can bypass controls. I get emails at the company I work for weekly and there are literally thousands of penetrations attempts with PCI performed on the various banking industries around the world happening all the time. The best method we have is to constantly change trusted keys so that we can remain secure.
12 Thread i7x
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3960X Rampage IV Extreme XFX Vega64 WC - RX-VEGMXWFXW G.Skil F3-170000CL9-4GBZH Ripjaws Z DDR3 2133 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 840 EVO WD WD30EFRX Samsung DVDWBD SH-B123L Corsair H80 
OSMonitorMonitorMonitor
Windows 10 Pro 64Bit Samsung U28E590D Vizio 22" M220VA Vizio 22" E220VA 
KeyboardPowerCaseMouse
Overclock.net Edition Ducky 1087 10 Key-less Bl... XFX-850 Black Edition HAF - 932 Black Edition Cooler Master Storm Inferno 
Mouse Pad
World of Warcraft Cataclysm Collectors Edition 
  hide details  
Reply
12 Thread i7x
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3960X Rampage IV Extreme XFX Vega64 WC - RX-VEGMXWFXW G.Skil F3-170000CL9-4GBZH Ripjaws Z DDR3 2133 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 840 EVO WD WD30EFRX Samsung DVDWBD SH-B123L Corsair H80 
OSMonitorMonitorMonitor
Windows 10 Pro 64Bit Samsung U28E590D Vizio 22" M220VA Vizio 22" E220VA 
KeyboardPowerCaseMouse
Overclock.net Edition Ducky 1087 10 Key-less Bl... XFX-850 Black Edition HAF - 932 Black Edition Cooler Master Storm Inferno 
Mouse Pad
World of Warcraft Cataclysm Collectors Edition 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [CNET] Apple's iMessage encryption trips up feds' surveillance