BC CRIME
Saved by @Mollyycolllinss

My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/

 This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. 2/
We wrote an enormous report about what we found, which we’ll release after the holidays. The TL;DR is kind of depressing:

Authorities don’t need to break phone encryption in most cases, because modern phone encryption sort of sucks. 3/
I’ll focus on Apple here but Android is very similar. The top-level is that, to break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user’s passcode, you either need to guess that — or you need the user to have entered it. 4/
Guessing the password is hard on recent iPhones because there’s (at most) a 10-guess limit enforced by the Secure Enclave Processor (SEP). There’s good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X. See photo. 5/
There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it.

So if they can’t crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? 6/
The boring answer very likely is that police *aren’t* guessing suspects’ passcodes. They’re relying on the fact that the owner probably typed it in. Not *after* the phone is seized, in most cases. Beforehand. 7/
You see, iPhones can be in one of two states, which are respectively known as “Before First Unlock” (BFU) and “After First Unlock” (AFU). This is pretty self-explanatory.

When you turn your phone on and enter the passcode in the morning, you switch your phone from BFU->AFU. 8/
When you first unlock your iPhone after power-on, it uses your passcode to derive several sets of cryptographic keys. These stay in memory inside your phone, and are used to encrypt the file system. 9/
When you lock your iPhone (or press the button on the side, or leave it alone until the screen goes blank), exactly *one* set of keys gets “evicted”, ie erased from memory. Those keys are gone until you enter your passcode or use FaceID.

All of the other keys stay in memory. 10/
The key that gets evicted on lock is used to decrypt a subset of the files on the filesystem, namely the ones that have a specific protection class (NSComplete). The keys that don’t get evicted can be used to decrypt all the other files.

(This is all well-known so far BTW.) 11/
So the upshot of this is that, if police can capture your phone in the AFU state (yours is almost certainly in that state for 99% of its existence) *and* they have a software exploit that allows them to bypass the OS security measures, they can get most of the files. 12/
The real question is: what exactly does “most of the files” mean, and the corollary is “why not protect *more* than just a few of the files with that special key (the one that gets evicted)”. That’s where things get depressing. 13/
Apple *sort of* vaguely offers a list of the apps whose files get this special protection even in the AFU state. But notice how vague this language is. I have to actually decode it. 14/
Notice how this text simply reports that some app data is “protected through encryption” (this is vague and meaningless, since it doesn’t say whether it’s AFU or BFU) and other app data is explicitly only protected in the BFU state (before you first unlock.) Why so vague? 15/
Here is a version of the same text from back in 2012. Notice how it explicitly states that “Mail, App Launch images, and Location Data” are protected using the strongest type of encryption.

So it seems that Apple is actually protecting *less* data now than in 2012. Yikes. 16/
(Our most likely guess: Apple has weakened the protections on location data in order to enable fancy features like “location based reminders”. So they had to weaken the language in the security guide. This isn’t great.) 17/
But whether you look at the 2012 or 2020 data, the situation sucks. The built-in apps that definitely use strong AFU protection are:

Mail (which probably already exists on a server that police can subpoena, so who cares.)

App launch data (🤷‍♂️)

That’s not great. 18/
3rd party apps can opt-in to protect data using the strongest type of encryption, so this isn’t necessarily the whole story. But let’s list some data that *doesn’t* get AFU protection:

Photos
Texts
Notes
Possibly some location data

Most of what cops want. 19/
So this answers the great mystery of “how are police breaking Apple’s encryption in 2020”. The answer is they probably aren’t. They’re seizing unlocked phones and using jailbreaks to dump the filesystem, most of which can be accessed easily since keys are in memory. 20/
Oh my god my thumbs. 21/
Anyway, this leaves basically only one remaining question:

Why is so little of this data encrypted when your phone is AFU and locked? And the answer to that is probably obvious to anyone who develops software, but it still sucks. 22/
Most apps like to do things in the background, while your phone is locked. They read from files and generally do boring software things.

When you protect files using the strongest protection class and the phone locks, the app can’t do this stuff. It gets an error. 23/
Apple provides some tools to make this less painful: for example, they have a “write only” protection class.

But for the most part it’s annoying for software devs, so they lower protections. And if Apple *isn’t* using strong protection for its in-house apps, who will? 24/
If I could tell Apple to do one thing, I would tell them to figure this problem out. Because without protection for the AFU state, phone encryption is basically a no-op against motivated attackers.

Maybe Apple’s lawyers prefer it this way, but it’s courting disaster. 25/
For those who would prefer to read this thread in the form of a 65-page PDF that also discusses cloud backup systems and Android, here is our current paper draft: https://t.co/k3Qw0DNIoI

This will be on a pretty website soon. Thanks for not blocking me after this thread. // fin

More from Crime

Jennifer Mercieca
Jennifer Mercieca
@jenmercieca
An academic mystery novel in which we learn that the culprit murdered the victim because they could not agree on which font to use for their very important committee memo.

The tension builds throughout the book as they exchange drafts of the memo, each time changing the font back to the "proper" font.

No one mentions the font changes, they just seethe.

Exasperated, one of them sets up a Qualtrics survey for the committee. It has only one question: "what is the correct font to use for this committee's correspondence?"

Qualtrics data is inconclusive.
CRIME
Scott Hechinger
Scott Hechinger
@ScottHech
Anjanette Young. A 20 year social worker. Just back from work. Police invaded her home. Naked. Begged for clothes. Cuffed. 40 minutes of terror. Apologized & left. Then tried to cover it up. Defender: "What happened that night is the norm in Chicago."

"Chicago police & city officials fought to suppress the truth of what happened that night. They almost succeeded. Now, Chicago Mayor Lori Lightfoot is calling for accountability. But would she have done so if her legal team or police had been successful in burying the facts?"

"We also must acknowledge how Young’s innocence & class are connected to her believability as a victim. Change one of these factors-if they had the right house, if she was not a professional, if she was using or dealing drugs-& maybe we would all be less concerned about her."

If Anjanette Young were, in fact, "guilty," or a less "sympathetic" victim of police abuse, "her experience would be consistent w/ the logic that assumes Black women should be treated w/ suspicion. And, most likely her experience would never be made known to the general public."

The normal course: "Victims & accused are dehumanized,. Many are moved through the system in complete silence. The state decides how their stories are told & what forms of accountability are just. Neither the victims nor the accused are centered in any processes of healing."
CRIME
Advertisement
Bar & Bench
Bar & Bench
@barandbench
Hearing in MJ Akbar's criminal defamation case against Priya Ramani to begin before Additional Chief Metropolitan Magistrate Ravindra K Pandey.

After the transfer of Judge Vishal Pahuja, parties are making arguments afresh.

#MeToo #PriyaRamani #MJAkbar #Metooindia

@mjakbar


Hearing begins.

#MJAkbar #PriyaRamani

#MeToo

@mjakbar

Senior Advocate Rebecca John for Priya Ramani begins.

John sums up the submissions made by her in the previous hearings.

It is my truth, made in public interest and good faith: John

#PriyaRamani
CRIME
Ottawa Public Health
Ottawa Public Health
@ottawahealth
SEX, DRUGS & SANTA CLAUS

It's Friday, March 278th, 2020, and this is the longest thread we've ever written. Let that sink in.

So, we need to talk about how we're going to spend our holidays. Before we get into it, let's pause to appreciate being able to have this talk. (1/13)

We should be proud of our efforts that got us here. But we must stay the course. The winds can quickly change if we let our guard down.

We'll still celebrate the holidays...no one is taking that away from us. It'll just be different than normal. So let's chat about that. (2/13)

You've likely heard the term 'harm reduction' before. It's a pillar of public health based on reducing harms while still respecting autonomy. Evidence shows that just telling people to avoid certain things can be futile, so this approach guides you on being safer about it. (3/13)

Yes, when things are really bad, stronger methods are needed (i.e. lockdowns), but we're not there now.

So, why not say DO NOT GATHER WITH ANYONE & be done with it? Because experience tells us it doesn't work. Look at the ill-fated "Just Say No!" campaigns of the 80s-90s. (4/13)

Or go watch Reefer Madness. It's...it's a thing.

In our approaches to sexual health or substance use, our goal isn’t to simply tell you not to do something and then call it a day. It’s to provide you with the best information available so that you can make safer choices. (5/13)
CRIME
Nomas21
Nomas21
@Ghost_411
Exposing the human trafficking NGOs

Seven non-government organizations have orchestrated with human traffickers to smuggle illegal immigrants into Greece, according to Migration Minister Notis Mitarachis.

The Greek minister told The Times that NGO’s from Somalia, Britain, Turkey and elsewhere assisted in the smuggling of illegal immigrants to Greece.

Mitarachi highlighted that the Norwegian non-governmental organization Aegean Boat Report, and the London-based Al-Khair Foundation assisted human traffickers.


Five other European NGO’s are also complicit in being human traffickers the crime and helping illegal immigrants enter the country.

“Contacts in Mogadishu facilitate transport to Istanbul, even paying for migrant airfare on Turkish Airlines,” the minister said. “From there, migrants are transported to key points along the Turkish coast, working with aid groups to push them to islands like Lesvos”, he said.
CRIME

You May Also Like

Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
Do you know?

The Golden Shine on the artificial jewellery of modern times is a gift by Nagarjuna.

Now,u might be wondering,who is Nagarjuna?

Nagarjuna was the name of an ancient Indian scholar&scientist whose name is associated with the fields of Alchemy,Chemistry& Metallurgy.


He conducted a number of alchemic and Metallurgical experiments directed towards transforming base elements into Gold.
According to Eduard Sachau's Alberuni's India, Nagarjuna was termed as a Metallurgist who was born 100 yrs before Alberuni's time, who was born in 973 CE.


According to some records Nagarjuna was born in 9th century CE near Somnath,Gujarat and according to some Tibetan & Chinese sources he was born in Vidarbha,Maharashtra from where he later migrated to Deccan region.


Edward Schau quotes in his book,'They have a science similar to Alchemy and Nagarjuna is famous for this science which they call as 'Rasayana'.

Nagarjuna's book 'Rasaratnakara' is one of the earliest documented texts on Alchemy,Chemistry & Metallurgy in Sanskrit.Nagarjuna successfully discovered through his experiments the alchemy of transmutation of base metals into Gold.This was not real gold but a gold like substance.
ALL
Jonathan Ware
Jonathan Ware
@ReassessHistory
Rhino Barges

One of the dullest, coolest, more bizarre and fascinating pieces of kit used in Normandy.

Which NO ONE REALLY CARES ABOUT.

BUT I DO AND YOU SHOULD TOO.
/1

#WW2 #SWW #History


Planning for Overlord and Neptune had a serious snag, how to get troops from LSTs onto the beach as simply ramming them onto the beaches and dropping the ramp was known to damage the exceptionally vulnerable LSTs and felt to be unsustainable in the mid to long term. /2


LSTs were essential in sustaining Overlord's progress and were a subject of major headaches in the planning phase, and a real subject of friction when it came to launching additional amphibious operations such as Dragoon.

A single LSTs loss represented a capability nick. /3


So, logic dictated, we don't really want these remarkable but rare and highly valuable vessels constantly doing beach landings, we want something to act as a medium between ship to shore, and in came the (mostly) American designed Rhino. /4


I fucking love Rhinos.

Seriously.

Graceful lines of pure industrial pedigree.

Modular.

LOOK AT IT. /5
HISTORY
Advertisement
\u0936\u094d\u0930\u0940\u092e\u093e\u0932\u0940 \u0939\u093f\u0924\u0947\u0936 \u0905\u0935\u0938\u094d\u0925\u0940
श्रीमाली हितेश अवस्थी...
@HiteshAwasthi89
Bhu Varaha Swamy Temple

Bhu Varaha Swamy temple is a Hindu temple, located at Srimushnam, in the South Indian state of Tamil Nadu. Constructed in the Dravidian style of architecture...


the temple is dedicated to Varaha (Bhu Varaha Swamy), the boar-avatar of the god Vishnu and his consort Lakshmi as Ambujavalli Thayar.

The temple had contributions from Medieval Cholas of the 10th century with later expansions by Thanjavur Nayak king Achuthappa Nayak.


A granite wall surrounds the temple, enclosing all the shrines and the temple tanks. There is a seven-tieredrajagopuram, the temple’s gateway tower.

Six daily rituals and three yearly festivals are held at the temple, of which the Chariot festival....


celebrated during the Tamil month of Vaikasi (April–May), being the most prominent. The festival also symbolises Hindu-Muslim unity in the region – the flag of the chariot is provided by Muslims; they take offerings from the temple and present to Allah in the mosques.


Source & Pic credit : Anusri
ALL
STEALTH JEFF
STEALTH JEFF
@drawandstrike
So it's now October 10, 2018 and....Rod Rosenstein is STILL not fired.

He's STILL in charge of the Mueller investigation.

He's STILL refusing to hand over the McCabe memos.

He's STILL holding up the declassification of the #SpyGate documents & their release to the public.

I love a good cover story.......

The guy had a face-to-face with El Grande Trumpo himself on Air Force One just 2 days ago. Inside just about the most secure SCIF in the world.

And Trump came out of AF1 and gave ol' Rod a big thumbs up!

And so we're right back to 'that dirty rat Rosenstein!' 2 days later.

At this point it's clear some members of Congress are either in on this and helping the cover story or they haven't got a clue and are out in the cold.

Note the conflicting stories about 'Rosenstein cancelled meeting with Congress on Oct 11!"

First, rumors surfaced of a scheduled meeting on Oct. 11 between Rosenstein & members of Congress, and Rosenstein just cancelled it.
ALL
Paras Chopra
Paras Chopra
@paraschopra
1/ Here are my notes from @robertwrighter's book - Nonzero: the logic of human destiny. I enjoyed the book very much.

The basic premise of the book is that history has a direction which favors co-operation and non-zero sum games, and that causes an increase in complexity.


2/ Starting from the first replicating molecule which co-operated with an outer layer to form first proto-cell, evolutionary and cultural history is full of examples where two entities come together to survive and progress a lot more than they would have done individually.

3/ This co-operative entity fares much better than two individual entities because of specialization. If two entities are in the same boat - that they win together or lose together - then trust is implicit.

4/ In a non-zero sum game, trust causes entities to focus on what they do best.

For example, eukaryotic cells - the ones animals and plants have - emerged when two proto-cells merged, and one took the role of energy generator (mitochondria), the other specialized in protection.

5/ Some scientists believe that even nucleus in a cell is a result of an early cell merging with another cell.

So M&A is not a recent phenomena, entities have been merging because of common interests ever since life started.
CULTURE