手机APP下载

您现在的位置: 首页 > 双语阅读 > 双语新闻 > 科技新闻 > 正文

专家怎么看联邦调查局破解苹果手机

来源:可可英语 编辑:shaun   可可英语APP下载 |  可可官方微信:ikekenet

In the week since the Federal Bureau of Investigation surprised Apple by saying that it might have found its own way into the San Bernardino gunman’s smartphone, investigators have disclosed nothing about how they did it.

本周,美国联邦调查局(FBI)称可能已自行找到破解圣贝纳迪诺枪击案凶手智能手机的方法,令苹果(Apple)感到惊讶。调查人员没有透露他们是怎样做到的。

But that has not stopped the security industry from guessing how the iPhone’s security was defeated and who helped the FBI to uncover it.

这令安全行业人士不禁产生种种猜测,iPhone的安全防线是如何被突破的?是谁帮助FBI解锁的呢?

The speculation is driven by both high-minded concern for the digital security of the public and hackers’ constant desire for bragging rights about who has managed to outsmart the rest.

这些猜测是出于两种高尚的担忧,一个是对公众数据安全的担忧,另一个是围绕黑客对吹嘘资本——即谁能技高一筹——孜孜以求的担忧。

Staff at Cellebrite, an Israeli mobile forensics company known to have worked for the FBI, have claimed credit in private forums for breaking into Syed Rizwan Farook’s phone, according to two people familiar with the matter. Shares in the company’s Japan-listed parent, Sun Corp, have leapt more than 60 per cent in the past week.

据两名知情人士透露,有Cellebrite的员工在私人论坛上宣称成功破解了赛义德•里兹万•法鲁克(Syed Rizwan Farook)的手机。Cellebrite是一家以色列手机取证企业,以前就为FBI提供过服务。这家公司的母公司,日本上市企业Sun Corp过去一周里股票暴涨逾60%。

Cellebrite, which has declined to comment on the matter, is one of several forensic security companies specialising in extracting data from mobile devices. Law enforcement agencies look to such businesses for help when extracting data, critical to solving a case. They often pay a high price — in some cases, hundreds of thousands of dollars — for tools that can simplify cracking a smartphone. “The cops basically want push-button forensics,” says Jonathan Zdziarski, an iPhone security expert.

Cellebrite是一家专门从移动设备提取数据的安全取证企业,该公司对此事不予置评。执法部门在提取数据时会求助这类公司,获取这些数据对破案起到关键作用。而执法部门为了获得可以简单破解智能手机的工具,往往要付出不菲的费用,有时可高达数十万美元。iPhone安全专家乔纳森•兹齐亚尔斯基(Jonathan Zdziarski)表示:“基本上警方只想简单地取证。”

As well as researching vulnerabilities themselves, these groups often scour the “grey” hacker market to buy so-called “exploits” they can package up and sell to investigators or companies for security testing.

这些企业除了自己研究安全漏洞,还经常在“灰色”黑客市场物色,购买所谓的“exploit”(漏洞),然后打包卖给调查人员或企业进行安全测试。

Marc Goodman, who has worked on cyber security for Interpol and the US government, says law enforcement agencies had long been in an “arms race” with device and software manufacturers to break their security. “This is where law enforcement and criminals have something in common,” he adds.

曾为国际刑警组织(Interpol)及美国政府从事网络安全工作的马克•古德曼(Marc Goodman)表示,执法机构早就与设备和软件制造商展开了“军备竞赛”,以突破它们的安全防线。他说:“执法者和罪犯在这一点上有共同之处。”

Security experts agree that if the FBI can hack into Farook’s iPhone 5c model, which was running a version of the iOS 9 software released last September, it could gain access to any other device with the same specifications — and most previous models. Some fear the repercussions of the FBI’s disclosure that a previously unknown flaw exists.

安全专家认为,如果FBI可以侵入法鲁克的iPhone 5C(安装了去年9月发布的iOS 9系统),或许也可以访问其他任何规格相同的设备,以及以前大多数型号。有些人担心FBI披露苹果手机存在一个前所未知的漏洞会引发不好的反响。

“The fact that there is a confirmed exploit there for a device is certainly going to get a lot of people to look for it,” Mr Zdziarski says. “Damage control is the real question here . . . The FBI’s biggest mistake has been assuming they can contain this.”

兹齐亚尔斯基表示:“一款设备被证明存在漏洞,肯定会让很多人想找到这个漏洞。现在最重要的问题是损害控制……FBI最大的错误就是以为他们可以控制局面。”

It is imperative for Apple to find out what the vulnerability is. Experts are divided on whether the FBI’s technique would have worked on newer iPhones released since 2013, when Apple introduced hardware protection known as a “secure enclave”.

苹果的当务之急是找出这个漏洞。目前专家们的分歧在于,FBI所采用的破解技术是否可用于从2013年起发布的iPhone?苹果在2013年引入了被称为“安全飞地”(secure enclave)的硬件保护。

Mr Goodman says the FBI’s method could probably not be replicated on a mass scale by cyber criminals, because it is likely to require possession of the device. Much simpler methods of tricking people into giving away the contents of their smartphones are widely available, such as persuading them to click on links containing so-called malware.

古德曼表示FBI的方法大概无法被网络犯罪分子大规模复制,因为该方法很可能需要持有具体设备。而市面上有着大量诱使人们泄露自己手机内容的更简单的方法,比如说服人们点击含有恶意软件的链接。

Until technology is developed to enable the hacking to be done remotely, the tactic would probably be used only by state-sponsored entities, such as the US or Chinese governments, searching for “super high-value targets” such as terrorists, he says. “It could be used if you are an American travelling in China and the Chinese want access to your phone.”

古德曼表示,只要远程入侵技术还没开发出来,FBI的这一手段很可能只能被有政府背景的实体——比如美国或中国政府——用于寻找恐怖分子这类具有“超高价值的目标”。他说:“比如你是个美国人,正在中国旅游,中国人想要获取你的手机数据,就可能使用上这种手段。”

Mike Janke, chairman of Silent Circle, which makes an encrypted smartphone called the Blackphone, says he is not surprised the FBI has been able to access the phone with its “tens of millions of dollars of experts”.

加密手机Blackphone的制造商、Silent Circle的董事长麦克•扬克(Mike Janke)表示,FBI花费了“数千万美元雇佣专家”,他一点不意外他们能破解手机。

He believes they copied the phone’s memory to automatically try different passcodes on the fake version without triggering the 10-passcode limit, in what is called a brute force attack. This method — sometimes known as “Nand mirroring” after the type of memory used in smartphones — might work on newer iPhones, some experts believe.

扬克认为,FBI的专家复制了手机内存,然后在仿版上自动试验不同密码,而不会触发10次密码限制,也就是所谓的暴力破解法。这种方法有时被称为“Nand镜像法”,源于智能手机的Nand存储器,有些专家认为该方法或许也能用于新版iPhone。

“It is not as hard as people think,” says Mr Janke. “There isn’t a phone in the world that cannot have its hard drive opened like this, all are susceptible.”

扬克说:“这没有人们想象的那么困难。世上没有一部手机不能像这部那样被破解,全都是可以的。”

But Adam Ghetti, chief technology officer at Ionic Security, says the FBI is likely to have used a simpler method to get into the iPhone 5c, one that could not be used on newer models. In this scenario, a hacker would have to locate the part of the chip responsible for setting the 10-passcode limit and physically solder on a new connection to a program that could reset it after nine attempts.

但Ionic Security的首席技术官亚当•盖蒂(Adam Ghetti)表示,FBI很可能采用了更简单的方法破解iPhone 5C,这种方法无法在较新机型上使用。该方法要求黑客必须找到芯片上负责设置10次密码限制的部分,然后手动焊接一条新线路连到一个程序上,该程序可在9次密码尝试后重启手机。

Apple is already laying the groundwork to discover the FBI’s method in other court cases involving locked iPhones. On Friday, it wrote to the judge in a New York drugs case asking to delay proceedings in light of the Department of Justice’s sudden discovery.

为找到FBI的破解方法,苹果已开始在其他涉及解锁iPhone的诉讼案件上做铺垫。上周五,苹果给负责一起纽约毒贩案的法官写信要求推迟审理,理由就是美国司法部的突然发现。

重点单词   查看全部解释    
setting ['setiŋ]

想一想再看

n. 安装,放置,周围,环境,(为诗等谱写的)乐曲

 
secure [si'kjuə]

想一想再看

adj. 安全的,牢靠的,稳妥的
vt. 固定

联想记忆
control [kən'trəul]

想一想再看

n. 克制,控制,管制,操作装置
vt. 控制

 
available [ə'veiləbl]

想一想再看

adj. 可用的,可得到的,有用的,有效的

联想记忆
previous ['pri:vjəs]

想一想再看

adj. 在 ... 之前,先,前,以前的

联想记忆
technique [tek'ni:k]

想一想再看

n. 技术,技巧,技能

 
exploit [iks'plɔit]

想一想再看

vt. 剥削,利用,开拓,开采,开发
n. 功

联想记忆
constant ['kɔnstənt]

想一想再看

adj. 经常的,不变的
n. 常数,恒量

联想记忆
hack [hæk]

想一想再看

n. 劈,砍,出租马车 v. 劈,砍,干咳

 
contain [kən'tein]

想一想再看

vt. 包含,容纳,克制,抑制
vi. 自制

联想记忆

发布评论我来说2句

    最新文章

    可可英语官方微信(微信号:ikekenet)

    每天向大家推送短小精悍的英语学习资料.

    添加方式1.扫描上方可可官方微信二维码。
    添加方式2.搜索微信号ikekenet添加即可。