John McAfee Offers To Decrypt The San Bernardino iPhone For Free

[HardOCP News]

Not only is John McAfee offering to decrypt the San Bernardino iPhone for free, he promises to eat his shoe on TV if he is not successful in breaking the encryption.


With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension. About 75% are social engineers. The remainder are hardcore coders. I would eat my shoe on the Neil Cavuto show if we could not break the encryption on the San Bernardino phone. This is a pure and simple fact.

 

[Highwind]

He knows full well that he will not be granted permission to attempt it. Thus making for easy publicity.

 

[ZeqOBpf6]

lolololol if your first reference is "attends Defcon"

 

[melteye]

How the fuck does attending Defcon qualify anyone? Odd one.

 

[ShagnWagn]

Why does he have the best hackers if he is not creating hacks themselves to infect computers to sell more antivirus copies? I've always wondered about this. Especially if they are the only ones to "detect" [their own?[ virus.

 

[DocSavage]

This is turning out to be rather hilarious. I wonder how easy it would be to botch hacking the phone and mess it up permanently... Would anyone really trust McAfee with the phone?

 

[the-one1]

Would he like ketchup or mustard on his shoe?

 

[otherweeb]

I say Oorah John. Someone has the balls to try. Better him than some unknown entity overseas that we discover from pirate sites selling it (and you know there's folks working on it)

I'm sure they don't start with THE phone, but break into the model many times before trying that. But there is the 'social engineering' aspect. It's possible they'll deduce the password of the perp.

 

[Sonicks]

I'm curious how the hell he's going to manage breaking into the phone using 'mostly social engineering'.....

 

[Exavior]

I'm curious how the hell he's going to manage breaking into the phone using 'mostly social engineering'.....

magic

 

[heatlesssun]

You gotta figure the FBI is getting all kinds of offers to hack this phone. I'm thinking that a third party probably could and that actually might be the best thing for everyone in this case.

 

[spugm1r3]

He knows full well that he will not be granted permission to attempt it. Thus making for easy publicity.

He is also insane enough to actually eat his shoe, so the risk is pretty low even if they bite.

 

[otherweeb]

I'm curious how the hell he's going to manage breaking into the phone using 'mostly social engineering'.....

Maybe the perp was an idiot and used the same password on everything. Many people use a repeating number or pattern. With all the damn passwords we have how many of us make a unique obscure one with every site or device. Remember these two were not dedicated Jihad agent geniuses, just wannabees.

Or maybe it's the Apple code writers that used shortcuts and left assailable doors behind.

 

[NickJames]

I'm curious how the hell he's going to manage breaking into the phone using 'mostly social engineering'.....

Ask Apple really nicely.

 

[leeleatherwood]

They probably already have hacked that version of phone, so they already know how to do it.

 

[DocSavage]

Maybe the perp was an idiot and used the same password on everything. Many people use a repeating number or pattern. With all the damn passwords we have how many of us make a unique obscure one with every site or device. Remember these two were not dedicated Jihad agent geniuses, just wannabees.

Or maybe it's the Apple code writers that used shortcuts and left assailable doors behind.

I like that. They should try to hack the perp's garage door.

 

[Quix]

I'd love to see them try.

 

[auntjemima]

Why do people feel it would be so hard for a hacker group to do this? I see a lot of "good luck, lol" comments but nothing to suggest why.

Let's all remember that their cloud services were stated to be impenetrable as well... remember how that went?

 

[PornoSatan]

They're gonna social engineer the shit outta that encryption

 

[Darunion]

Why do people feel it would be so hard for a hacker group to do this? I see a lot of "good luck, lol" comments but nothing to suggest why.

Let's all remember that their cloud services were stated to be impenetrable as well... remember how that went?

Because I can't and nothing I saw on reddit said it has been done so it is impossible. It really does just come down to time and resources, and motivation which is amplified by people saying it can't be done.

 

[FLECOM]

what the heck is HackMiami? I'm pretty sure there are no smart people here, it's a wasteland

 

[potency]

Maybe he'll use his social engineering team to trick Apple into unlocking it?

 

[lcpiper]

I could social engineer that phone open;

Kelly's Heroes - Maybe He's a Republican

 

[FrgMstr]

Exclusive pics.

 

[TwiceOver]

I would pay money to go to a show where he and John Legere try to out crazy each other.

 

[Trimlock]

Hes trying to advertise his portfolio. He won't get access to the phone, the FBI would of lost their damn minds if they give it up to him of all people.

 

[Verge]

How the fuck does attending Defcon qualify anyone? Odd one.

Yea the drinking code game by the pool is fun, but doesn't necessarily imply computer savant. I was just there to drink.

 

[amddragonpc]

Just wondering if the FBI tried asking Siri to unlock the phone. All they have to say is, "Siri, Tim Cook says unlock phone". ;-)

 

[Exavior]

I am actually more curious in knowing how that works for them to design a OS update that allows the phone to no loner be encrypted. How exactly do you update the software on the phone if you can't access the phone?

 

[Trimlock]

I am actually more curious in knowing how that works for them to design a OS update that allows the phone to no loner be encrypted. How exactly do you update the software on the phone if you can't access the phone?

Good question actually. I think they can access the phone just none of the data on the phone due to the encryption. I'm not 100% sure how encryption works on iOS, if you can chose to encrypt portions or if you chose encryption you automatically chose the entire phone to be encrypted.

 

[Rahh]

I really want to see a movie about John McAfee. Some of the stories surrounding this man are GOLD for movies.

 

[eneq]

Why does he have hackers that are skilled in social engineering? How does that help him create a security product? I can understand a few as consultants but 75%? Almost seems like he is doing something else...

Exavior I assume the way an official "hack" would be done is to push a custom OS update using the operators update mechanics or alternatively a local update, if the pusher has access to the proper signing tools for the images its definitely possible. The pushed update then have all the password fail penalties removed so that a brute force attack is feasible.

Alternatively the OS update could extract the password hashes for offsite power crunching/table lookups but in general a good password would make the attacks moot but come on who among the population has a "good" password, especially on a mobile phone (probably a 4-8 character pin code).

 

[lcpiper]

I am actually more curious in knowing how that works for them to design a OS update that allows the phone to no loner be encrypted. How exactly do you update the software on the phone if you can't access the phone?

No, you do a software update that no longer locks the phone at all, update software, reboots, no lock function. You don't have to do anything at all with the encryption, just take the unlocked phone, dump all the user and meta data, hand it over on a flash drive.

Then, to undo your handywork, reflash it to the correct OS version, turn it back over to the courts as the physical evidence it is.

I keep saying this, you don't have to do anything at all to the encryption of this phone, the OS, nothing.
The entire encryption thing is a ploy to fan the flames of malcontent.

Have you not been fanned?

 

[gsilver]

With this case, it's about legal precedent, not the unlocking of a simple device. The feds could probably unlock it themselves fairly easily, but if they force Apple to do it, they open the gateway to all kinds of nefarious backdoors.
And if McAfee does it, there's no legal precedent set, just spending.


And I don't believe for one second that the feds will be the only ones who will be able to exploit any backdoors built into encryption.

Kind of ironic that "national security" involves making a lot of the nation less secure in the name of a power grab.

 

[otherweeb]

what the heck is HackMiami? I'm pretty sure there are no smart people here, it's a wasteland

Smart people only visit Miami.

 

[MrTroy03]

Unless there is a flaw in the software or encryption, then it is simply a matter of math and you can't just crack into high level encryption like that. That's the point.

 

[lcpiper]

With this case, it's about legal precedent, not the unlocking of a simple device. The feds could probably unlock it themselves fairly easily, but if they force Apple to do it, they open the gateway to all kinds of nefarious backdoors.
And if McAfee does it, there's no legal precedent set, just spending.


And I don't believe for one second that the feds will be the only ones who will be able to exploit any backdoors built into encryption.

Kind of ironic that "national security" involves making a lot of the nation less secure in the name of a power grab.

How can Apple unlocking this phone set a precedent. They have complied and unlocked phones in the past, if a precedent was set it was set years ago.

McAfee won't be doing any unlocking of this phone, that's just foolish click-bait.

And no one has to touch the encryption, Apple just has to unlock the phone as they have in the past, this is an older phone, people already know Apple can do. Hell, Apple already told the court they can do it. Apple is just trying to argue that they shouldn't have to do it and they are throwing up all the dust they can to throw people off track and generate support.

Ummm, You didn't click on that did you?

 

[Jagger100]

He knows full well that he will not be granted permission to attempt it. Thus making for easy publicity.

Yes, but he is also saying, in a non-confrontational way, that the FBI could hack the phone if they really wanted to with the implication this is just a pissing contest to set a precedent that Apple co-operate with government against encryption.

 

[Tobyz28]

Dear John (ha!),
To prove your point (that McAfee has the baddest hackers around) you don't need that iphone to prove it. Just purchase the same model, contact the PD for some information on what was encrypted, replicate the environment on the phone you just purchased. Now hack it.

If successful present you're findings to apple so they can better their product, once apple patches - make public the process to exploit the vulnerability. PD can now use that to break into the phone on their own dime.
If unsuccessful, eat your shoe on TV.

Now everyone is happy.

 

[lcpiper]

Unless there is a flaw in the software or encryption, then it is simply a matter of math and you can't just crack into high level encryption like that. That's the point.

Doesn't take a flaw. My god. How do Apple iPhones get new Operating Systems or system updates?

It's push from the provider right?

And don't they sometimes push full OS updates?

Do you think they test software updates and the push in a lab environment before they go live with it?

So they already have a lab, and a process, and all they need is a custom update, push it to the phone in the lab, isolated the way test labs are, and now the phone doesn't even have a locking function, it's wide open. Download the data and you are done.

Hell, if you want, you can reload the original OS and put the phone back the way it was after you've pulled all the data from it.

I know this, the government knows this, hackers know this. If you can show me I am wrong please do, point it out and I will recant and admit I'm wrong.