Kill someone remotely from 25 feet and you can be a long way away before it's even realised that the insulin pump didn't simply malfunction, but was manipulated.
Assuming it can be determined the pump was manipulated. Which isn't a given.
Insulin pumps have two delivery modes:
Bolus, which is used to deliver a large dose of insulin - for example to correct for high blood sugars or to dose for carbs in a meal;
Basal, which is a slow, continuous dosage intended to keep blood sugars level over time. _and_ which, on this model of pump, can be automatically by adjusted based on time of day.
So, all you realistically would need (in theory) would be line of sight, since the 25' limitation is a bluetooth spec limitation and not a hard and fast physical limitation, and to know what time the person typically goes to bed.
I would think a hacker with murderous intent would be much more likely to use a weapon, not a computer.
A weapon is a state of mind, not an object. You can be beaten to death with the (trivially) detachable seatbelt on an airplane if you put your seatmate in a mind to do so.
An insulin pump is no different. It would, however, be damn near impossible to prove or identify after the fact. There's no such thing as "insulin poisoning", there's just "hypoglycemia, resulting in unconsciousness, followed by death" if not caught in time.
"Somebody should explain to him that encryption is just mathematics and banning encryption is a little like legislating the value of pi. I believe Indiana has experience with this."
At last. A Plausible explanation for Common Core Math. Who new the US Government was capable of a long game?
Last Friday, Salah Abdeslam, one of the suspects in the Paris attacks, was arrested in Brussels. He apparently stated, during questioning, that additional attacks were planned.
Last night, additional attacks were carried out. In Brussels.
They had a terrorist suspect- in-hand, being interrogated, and by several accounts cooperating with the authorities that had him in custody - and the attacks still caught authorities unaware.
As for the caliber of engineer required, considering this isn't "write an OS" but rather "remove or disable a 10 counter" it's likely that the work could be done by a junior - or someone out of the country for that matter. It's not the highest of high end jobs."
Urm, no.
From the order:
(1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Arguably, (1) and (3) might be fairly simple, although given that I haven't seen the IOS source code, I can't say for certain.
(2) on the other hand, seems fairly unlikely to be currently implemented - although it may be implemented in debug code that can be turned enabled elsewhere in the code.
All of the above - regardless of how the requirements are implemented - would need to be validated and survive regression testing and quality control before the code could be loaded onto the phone.
"Essentially, if Apple's employees refuse to do the work, Apple would likely have to fire them with cause. End of benefits, end of vested shares, end of it all. It's unlikely that any engineers would take that risk (unless they got very, very bad legal advice)."
Software engineers capable of doing this type of coding at Apple's scale are in high demand. In all likelihood, no engineer who quit Apple over this would be unemployed for longer than they chose to be.
Similarly: Because of the caliber of software engineer required, it would quite likely be difficult to replace them on short notice.
You're watching 3 (at minimum) distinct - but related - fights, and really, it's more akin to a chess match:
Court of public opinion - seems like apple may be winning here
Court of Law - Apple seems to have solid arguments, but the law is fungible. It'll be years before we know the outcome
Political fight on Capital Hill - the jury is still out on this. The public won't get a real sense of where this _really_ lies before November, at the earliest.
Each of these will turn, at least in part, on the others. For example, if the FBI wins the political fight and gets the legislation they want, the court battle will likely be moot. Whether or not they get that legislation is at least partially dependent on the results of the elections, etc.
We've just seen the finish of the opening, and now we're seeing the beginning of the middle game.
That's it. This is a textual representation of a 2048 bit RSA key. generate a CSR and a public key, and you can plug it into any Apache web server. Or use it to sign email. Or sign applications. And those signatures will be valid on any system with the public key installed as a certificate authority.
If you were to see Apple's private key exported like this one is, it would look very similar, although (hopefully) 4096 bits instead of 2048 (twice as long). And it might be DSA, instead of RSA. I'm certain it's stored in a _very_ tightly controlled environment.
This key fits trivially into a paste buffer. So would Apple's. You could print it and type it in by hand if you were so inclined. Or take a picture and OCR it. And if that happens - just once - it potentially puts the security of every Apple device on the planet at risk.
Now, this is a simplistic example. I'm sure Apple's implementation utilizes a hierarchy of similar keys, with limited uses, etc, all signed by a single, master key which is stored in tamper-proof hardware, requires multiple people to get to it, etc. But that master key only has to get exported once to the wrong individual to compromise the entire system.
But if that individual is associated with, say, education or works with kids in any way, an accusation/investigation is often sufficient to destroy the individual's career, family life, etc.
If passed, it would be exceedingly easy to intercept, record, and subsequently expose their never-ending corruption.
Actually, if you start from the premise that it's already exceedingly easy for TLA's to intercept, record, and subsequently expose the never-ending corruption of our elected political heroes, it explains a great many things.
On the post: Johnson & Johnson Warns Insulin Pump Owners They Could Be Killed By Hackers
Re: Re:
Assuming it can be determined the pump was manipulated. Which isn't a given.
Insulin pumps have two delivery modes:
So, all you realistically would need (in theory) would be line of sight, since the 25' limitation is a bluetooth spec limitation and not a hard and fast physical limitation, and to know what time the person typically goes to bed.
On the post: Johnson & Johnson Warns Insulin Pump Owners They Could Be Killed By Hackers
Re:
A weapon is a state of mind, not an object. You can be beaten to death with the (trivially) detachable seatbelt on an airplane if you put your seatmate in a mind to do so.
An insulin pump is no different. It would, however, be damn near impossible to prove or identify after the fact. There's no such thing as "insulin poisoning", there's just "hypoglycemia, resulting in unconsciousness, followed by death" if not caught in time.
On the post: US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption
Re: Re: Re:
On the post: US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption
Re: Re:
boy it'd be nice if we could edit comments :)
On the post: US Attorney Suggests Solution To Open Source Encryption: Ban Importation Of Open Source Encryption
Re:
At last. A Plausible explanation for Common Core Math. Who new the US Government was capable of a long game?
On the post: Burr & Feinstein Officially Release Anti-Encryption Bill, As Wyden Promises To Filibuster It
All it needs is a little logo
On the post: Before We Even Know The Details, Politicians Rush To Blame Encryption For Brussels Attacks
Lets look at the timelines...
Last night, additional attacks were carried out. In Brussels.
They had a terrorist suspect- in-hand, being interrogated, and by several accounts cooperating with the authorities that had him in custody - and the attacks still caught authorities unaware.
And the go-to evil technology is encryption?
On the post: Apple Engineers Contemplate Refusing To Write Code Demanded By Justice Department
Re:
On the post: Apple Engineers Contemplate Refusing To Write Code Demanded By Justice Department
Re: Re: Re: Doesn't work out
Urm, no.
From the order:
Arguably, (1) and (3) might be fairly simple, although given that I haven't seen the IOS source code, I can't say for certain.
(2) on the other hand, seems fairly unlikely to be currently implemented - although it may be implemented in debug code that can be turned enabled elsewhere in the code.
All of the above - regardless of how the requirements are implemented - would need to be validated and survive regression testing and quality control before the code could be loaded onto the phone.
On the post: Apple Engineers Contemplate Refusing To Write Code Demanded By Justice Department
Re: Doesn't work out
Software engineers capable of doing this type of coding at Apple's scale are in high demand. In all likelihood, no engineer who quit Apple over this would be unemployed for longer than they chose to be.
Similarly: Because of the caliber of software engineer required, it would quite likely be difficult to replace them on short notice.
On the post: White House Begins To Realize It May Have Made A Huge Mistake In Going After Apple Over iPhone Encryption
Re:
On the post: Apple General Counsel Blasts Justice Department For Crazy Filing
Re:
Each of these will turn, at least in part, on the others. For example, if the FBI wins the political fight and gets the legislation they want, the court battle will likely be moot. Whether or not they get that legislation is at least partially dependent on the results of the elections, etc.
We've just seen the finish of the opening, and now we're seeing the beginning of the middle game.
On the post: Senator Feinstein Revives Stupid Idea That Internet Companies Are 'Materially Supporting Terrorism' If ISIS Members Use Their Sites
Re:
On the post: Senator Feinstein Revives Stupid Idea That Internet Companies Are 'Materially Supporting Terrorism' If ISIS Members Use Their Sites
Re:
On the post: Apple Might Be Forced To Reveal & Share iPhone Unlocking Code Widely
Maybe part of the problem here...
This is a 2048 bit RSA key I just generated:
That's it. This is a textual representation of a 2048 bit RSA key. generate a CSR and a public key, and you can plug it into any Apache web server. Or use it to sign email. Or sign applications. And those signatures will be valid on any system with the public key installed as a certificate authority.
If you were to see Apple's private key exported like this one is, it would look very similar, although (hopefully) 4096 bits instead of 2048 (twice as long). And it might be DSA, instead of RSA. I'm certain it's stored in a _very_ tightly controlled environment.
This key fits trivially into a paste buffer. So would Apple's. You could print it and type it in by hand if you were so inclined. Or take a picture and OCR it. And if that happens - just once - it potentially puts the security of every Apple device on the planet at risk.
Now, this is a simplistic example. I'm sure Apple's implementation utilizes a hierarchy of similar keys, with limited uses, etc, all signed by a single, master key which is stored in tamper-proof hardware, requires multiple people to get to it, etc. But that master key only has to get exported once to the wrong individual to compromise the entire system.
On the post: New Mexico Attorney General Would Rather See Sexting Teens Treated As Sex Offenders Than See His Funding 'Jeopardized'
Re: Re: Dangerous Territory
But if that individual is associated with, say, education or works with kids in any way, an accusation/investigation is often sufficient to destroy the individual's career, family life, etc.
On the post: New Mexico Attorney General Would Rather See Sexting Teens Treated As Sex Offenders Than See His Funding 'Jeopardized'
Re:
It'll be interesting to read the cease & desist/take down demand when it (inevitably) gets sent to Techdirt and is subsequently posted.
On the post: Apple Might Be Forced To Reveal & Share iPhone Unlocking Code Widely
Re: Re: clarification
It's a computer, with an OS/Firmware.
Functionality aside, It's fundamentally no different than any other Internet of Things device.
"Dear Amazon: We think Individual X may be up to something illegal. Please provide a custom firmware for their Alexa...."
"Dear Samsung: We think Individual X may be up to something illegal. Please provide a customer firmware for their smart TV..."
On the post: Apple Might Be Forced To Reveal & Share iPhone Unlocking Code Widely
Re: clarification
Only Apple is known to have the key(s) necessary to sign such code.
On the post: Congressman Proposes Law Banning Government From Purchasing Apple Devices
Re:
Actually, if you start from the premise that it's already exceedingly easy for TLA's to intercept, record, and subsequently expose the never-ending corruption of our elected political heroes, it explains a great many things.
Next >>