Hacker News new | past | comments | ask | show | jobs | submit login
How Law Enforcement Gets Around Your Smartphone's Encryption (wired.com)
14 points by fortran77 10 days ago | hide | past | favorite | 11 comments

This is a red herring. Since 2011 iPhones signed in to iCloud (on by default) back up almost all data on the phone to Apple without end-to-end encryption, making all of the data available to Apple at any time without the user or phone.


They don't need to backdoor the phone, the backups are encrypted to Apple. They divulged user data to the US at least 30,000 times without a warrant/probable cause in 2019 per their own transparency report.

The handset security is mostly irrelevant now that we have cloud-based software encryption backdoors in the form of non-e2e "unencrypted" backups.

Where do you see that Apple transparency data?

Apple doesn't say anything about warrants in their report, AFAICT. https://www.apple.com/legal/transparency

FISA orders are the warrantless ones.

Most mildly-technical people already knew you could only get the full benefits of device encryption if your device is powered off when it gets attacked. I assume this applies to desktop systems too. Not really new information here as far as I can tell.

Article discusses technicalities around After First Unlock (AFU) state of the phone etc. . I would expected a mentioning of https://xkcd.com/538/ instead.

Seems to be a classic example of the old security vs convenience tradeoff. If you want everything available all the time then there is a good chance that everything is also available to others. Smartphones by their nature are insecure and should not be trusted with important data.

> Smartphones by their nature are insecure and should not be trusted with important data.

This is false. Like any other computer, they can be configured with more secure or less/in-secure software.

If you had to type in a long passphrase every time you got a text, you would no longer use a smartphone to do that anymore. So, yes, in theory you could have a locked down phone but form would follow function.

hardware token would be a solution

A hardware token that would have to be available and usable at all times.

The more ways there are to access a device, the less secure it is, period.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact