Rick Charlie

Apple, Encryption, and Your Security

Apple Encryption and your Security should definitely be on your mind.  I have been a Computer Forensics Expert for over 10 years, and trained by people who basically started the science way back when.  Back when there was a treasure trove of easily accessible personal data, and a myriad of ways to get it.  As little as 5 years ago, the ease at which I could get at your data, even things you thought you deleted forever, would scare you shitless if you knew.  Things have changed.

Currently, the FBI wants Apple to create something that they really don’t want in existence.  A Backdoor or Master Key into a phone.  At the moment, that does not exist, for any phone.

The FBI has a really good reason for this request – they have the phone from one of the attackers in the 2015 San Bernardino massacre.  This phone may contain very important data to that case.  Not only might it fill in some gaps, but it also could contain some names, numbers and locations of others that could be very valuable to the case, or even the security of the country.  The only problem is, the phone is locked, and they don’t have the key.

Not only is it locked, but it is locked in such a way that if they even attempt to crack it, they risk losing all the data if they try and fail.  They have 9 tries.  If they would fail on the tenth, the phone gets wiped clean.

So, this is a worthy cause, right?  Why not just do it this one time?  Do it, then destroy it.  Create a Master Key, one to rule them all – Right?


One Ring

Because people are REALLY bad at keeping secrets!

Listen, those of us in the Forensic community would love nothing better than a master key.  It would save a ton of time and hassle.  I heard a local law enforcement official on NPR this morning talk about how he has about 190 phones currently involved in cases, that they can’t touch.  It’s frustrating.  The information is there, you KNOW it’s there, but you can’t get it.

Encryption uses very complex algorithms to turn your pictures, texts, documents, databases, and any other digitally stored data into complete garbage, that nothing can read.  There is currently no known pattern in each media that uses it.  You can see it, because you create the key with a password.  But your key won’t open someone else’s device.

Encryption is now a part of almost everything we do digitally.  We have it, mostly because people, companies and governments wanted it. How much of your life is on your phone?  Are there plans, or documents on your company laptop that others might pay dearly for?  I find it rather comforting to know that the power grid in this country isn’t going to suddenly go down because there is no master key to access it.

It wasn’t always this way.  And my job was a LOT easier before encryption.  But so was hacking, and company theft.  Remember back in 2014 when all those celebrity pictures suddenly came out?  Apple closed that gap.  (there was a rumor in the Forensic community that the “flaw” was actually part of a master key at that time, and that the flaw was leaked through someone in law enforcement, just a rumor though).

While this all makes mine, and law enforcement’s job more difficult, not having a back door in personally helps me to sleep more secure at night.  The FBI, or the NSA, or Anonymous can’t get in to places that maybe we want them to, but neither can the bad guys, or the terrorists.

Like the one ring, master keys in the wrong hands can be catastrophically dangerous.  Just this once happens again, and again until one day, the key is stolen, and then who knows who might get it.  And, unlike In the Lord of the Rings, there is no Frodo or Gandalf to save us.


Rick Charlie signature

Here is the first secret message, the other is embedded into the hex of the cover picture.

Show Buttons
Hide Buttons