Hacker News new | past | comments | ask | show | jobs | submit login
How Law Enforcement Gets Around Your Smartphone's Encryption (wired.com)
14 points by fortran77 10 days ago | hide | past | favorite | 11 comments





This is a red herring. Since 2011 iPhones signed in to iCloud (on by default) back up almost all data on the phone to Apple without end-to-end encryption, making all of the data available to Apple at any time without the user or phone.

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

They don't need to backdoor the phone, the backups are encrypted to Apple. They divulged user data to the US at least 30,000 times without a warrant/probable cause in 2019 per their own transparency report.

The handset security is mostly irrelevant now that we have cloud-based software encryption backdoors in the form of non-e2e "unencrypted" backups.


Where do you see that Apple transparency data?

Apple doesn't say anything about warrants in their report, AFAICT. https://www.apple.com/legal/transparency


FISA orders are the warrantless ones.

Most mildly-technical people already knew you could only get the full benefits of device encryption if your device is powered off when it gets attacked. I assume this applies to desktop systems too. Not really new information here as far as I can tell.

Article discusses technicalities around After First Unlock (AFU) state of the phone etc. . I would expected a mentioning of https://xkcd.com/538/ instead.

Seems to be a classic example of the old security vs convenience tradeoff. If you want everything available all the time then there is a good chance that everything is also available to others. Smartphones by their nature are insecure and should not be trusted with important data.

> Smartphones by their nature are insecure and should not be trusted with important data.

This is false. Like any other computer, they can be configured with more secure or less/in-secure software.


If you had to type in a long passphrase every time you got a text, you would no longer use a smartphone to do that anymore. So, yes, in theory you could have a locked down phone but form would follow function.

hardware token would be a solution

A hardware token that would have to be available and usable at all times.

The more ways there are to access a device, the less secure it is, period.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: