FBI director James Comey have publicly lobbied for the insertion of cryptographic “backdoors” into software and hardware to allow law enforcement agencies to bypass authentication and access a suspect’s data surreptitiously. Cybersecurity experts have unanimously condemned the idea, pointing out that such backdoors would fundamentally undermine encryption and could exploited by criminals, among other issues.
"could exploited by criminals" is sadly a disingenuous claim. A cryptographic backdoor is presumably a "Sealed Box"[1] type construct (KEM + symmetric-cipher-encrypted package). As long as the government can keep a private key secure only they could make use of it.There are plenty of reasons not to tolerate such a backdoor, but using false claims only provides potential ammunition to the opposition.
[1] <https://libsodium.gitbook.io/doc/public-key_cryptography/sea...>
And Apple has a backdoor that only Apple can use. Why don't criminals exploit Apple's backdoor?
Source/reference? I’m not aware of such a backdoor
See the posting above about the Arstechnica article.
During the last days of 2023 there was a big discussion, also on HN, after it was revealed that all recent Apple devices had a hardware backdoor that allowed bypassing all memory access protections claimed to exist by Apple.
It is likely that the backdoor consisted in some cache memory test registers used during production, but it is absolutely incomprehensible how it has been possible for many years that those test registers were not disabled at the end of the manufacturing process but they remained accessible for the attackers who knew Apple's secrets. For instance any iPhone could be completely controlled remotely after sending to it an invisible iMessage message.
"Convenient software/hardware bugs"... but "they are not backdoors, I swear!"
Can't Apple just push an software update with some:
I think we are nearly certain that the bug is because of a MMIO accessible register that allows you to write into the CPU's cache (its nearly certain this is related to the GPU's coherent L2 cache).
But I don't think it's 'incomprehensible' that such a bug could exist unintentionally. Modern computers and even more so high end mobile devices are a huge basket of complexity that has so many interactions and coprocessors all over the place I think it's very likely that a similar bug exists undiscovered unmitigated.
I don't think the iMessage was invisible I think it deleted itself once the exploit had run, its also worth noting just how complicated the attack chain was and that the attacker _needed_ a hardware bug just to patch the kernel whilst having kernel code execution.
How is their update path not considered a backdoor? They can sign and serve you any update that they want.
Which backdoor do you mean? I'm not an Apple expert by any means, but I thought they encrypted customer data in a way that even they can't get to it? Wasn't that the crux of this case, that Apple couldn't help the FBI due to security measures, prompting the agency to ask for a backdoor?
What's an update? They can sign and push any code they want remotely.
IIRC the question is when the phone is totally locked, e.g. if you turn it off then turn it back on and haven't entered the PIN yet. In this state even apple can't get an update to run, the secure hardware won't do it unless you wipe the phone first. And your data is encrypted until you unlock the phone.
In practice though most people are screwed b/c it's all already in icloud.
with advanced data protection, it's encrypted before it hits iCloud, so apple, nor the feds can't get at it.
https://arstechnica.com/security/2023/12/exploit-used-in-mas...
Looks like criminals were using it for four years undetected.
FWIW this is a fair and valid argument. Generally, no one entity should have that much power. Doesn’t really matter if it’s USG or a tech giant.
It's not a false claim, assuming the feds will keep such a key "secure" is not backed by evidence. Top secret materials are leaked all the time. Private keys from well secured systems are extracted from hacks. The FBI having such a key would make them a very profitable target for the various corps that specialize in hacking for hire. For example, NSO group.
If the power doesn't exist, nobody can exploit it.
Do military cryptographic keys leak often? Do nuclear codes leak?
The times highly valuable cryptographic keys leaked for various cryptocurrency exchanges it has generally if not always been due to gross negligence.
Such a key would be highly sensitive and it would also require very little traffic to use. You would just need to send the secure system a KEM (<100 bytes) and it will respond with the symmetric key used for the protected package.
I don't doubt they could secure it. Can even split the key into shares and require multiple parties to be present in the secure location.
For many years, the code was 00000000.
https://arstechnica.com/tech-policy/2013/12/launch-code-for-...
What are you going to do with a nuclear code without access or authority to launch the nukes?
nuclear codes are probably not used as much as phone backdoors. local police wants access too and other governments so I do believe it would leak
You're creating so many assumptions that nothing you've stated could be concluded to be an honest reflection of reality.
Nobody has to know the rate of leaks, it's irrelevant. Gross negligence is not necessary, how would you even know? Leaks by definition are rarely exposed, we only see some of them.
A "highly sensitive" key doesn't mean anything. Assigning more words to it doesn't somehow change the nature of it. Humans are bad at securing things, that's why the best security is to not have a system that requires it.
Whatever hypothetical solution you have would be crushed under the weight of government committees and office politics until your security measures are bogus.
Let’s see:
Mercedes recently forgot a token in a public repository which grants access to everything.
Microsoft forgot its “Golden Key” in the open, allowing all kinds of activation and secure boot shenanigans.
Microsoft’s JWT private key is also stolen, making the login page a decoration.
Somebody stole Realtek’s driver signing keys for Stuxnet attack.
HDMI master key is broken.
BluRay master key is broken.
DVD CSS master key is broken.
TSA master keys are in all 3D printing repositories now.
Staying on the physical realm, somebody made an automated tool to profile, interpret and print key blanks for locks with "restricted keyways" which has no blanks available.
These are the ones I remember just top of my head.
So yes, any digital or physical secret key is secure until it isn’t.
It’s not a question of if, but when. So, no escrows or back doors. Thanks.
I've been waiting for those wildvine keys to leak which would finally let me choose what to play my stuff on. But it still hasn't happened. They are getting better at secrecy sadly.
Since Widevine L3 is completely implemented on software, there are tools you can use, but L2 and L1 are have hardware components, and secure enclaves are hard to break. Up to par ones have self-destruction mechanisms which trigger when you bugger them too much.
On the other hand, there are 4K, 10bit HDR + multichannel versions everywhere, so there must be some secret sauce somewhere.
This is not a rabbit hole I want to enter, though.
It's apparently now trivial to brute force the private key used for Windows XP-era Microsoft Product Activation, as another example. (that's where UMSKT and the like get their private keys from)
Your devices would be secure as long as a private key that happened to be the most valuable intelligence asset in the United States, accessed thousands of times per day, by police spread across the entire nation, was never copied or stolen.
Well, it's a good thing that we don't have to worry about corrupt police /s
You assume a perfect implementation of the backdoor. Even if the cryptographic part were well-implemented, someone will accidentally ship a release build with a poorly safeguarded test key, or with a disabled safety that they normally use to test it.
It's an unnecessary moving part that can break, except that this particular part breaking defeats the whole purpose of the system.
The same government that failed to keep all of it's Top Secret clearance paperwork secure? How soon we forget the OPM hack...
As Pauli said, "That's not even wrong". It cannot even meet the basic criteria for truth or falsehood.
It's simply naked hubris.
Which government? Software crosses borders.
You can bet that if the US mandated a back door to be inserted into software that was being exported to another country, that country would want to either have the master key for that back door, or a different version of the software with a different back door or without the back door. A software user could choose the version of the software that they wanted to use according to which country (if any) could snoop on them. It's unworkable.
That's a disingenuous claim since it's known they can't
Not disingenuous. Keys are stolen or leaked all the time. And the blast radius of such a master key would be extremely large.
Well, keep in mind they would have to keep it secure in perpetuity. Any leak over the lifetime of any of that hardware would be devastating to the owners. Blue Team/Defensive security is often described as needing to be lucky every time, where as Red Team/attackers just have to get lucky once.
This attack vector is in addition to just exploiting the implementation in some way, which I don't think can be handwaved away.
That's a big "if". Look at how the government has protected physical keys...
Ever since the TSA accidentally leaked them, you can buy a set of keys on Amazon for $5 that opens 99% of "TSA approved" locks
Are they lobbying for this because they can't access stuff today and "need" it or is just a psyop so we believe what that they cannot access it today.
Ill take "what is vault 7" for $500.