Good luck John McAfee, socially engineering a corpse…

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Anti-virus veteran and US presidential candidate John McAfee has written an article for the press, offering to decrypt the San Bernardino iPhone for the FBI, free of charge.

He says that it will take him up to three weeks, and he will principally use social engineering.

Here is my video response to John McAfee:

John McAfee offers to crack iPhone encryption for FBI... using social engineering! | Graham Cluley

Sign up to our free newsletter.
Security news, advice, and tips.

Personally I suspect that Mr McAfee is just socially engineering us all, in order to get some free publicity.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

18 comments on “Good luck John McAfee, socially engineering a corpse…”

  1. coyote

    Next we're going to hear about the Necromancer of San Bernardino National Forest which John McAfee (aka imitator of Lord Sauron) would like us all to believe that it's really Mirkwood (to be fair I actually would like to believe it …) and there is really a place there called Dol Guldur. The next thing we know the Witch-king of Angmar (actually a fake version of him) will be back. Following that the One Phone, the Ruling Phone will indeed be declared found (the Ring was of course found long before the incident at Dol Guldur).. and since the Ring(tone?)wraiths cannot (normally) die John can social engineer ('torture') the FBI (since they are the ones that found the phone, see?) for more information on the whereabouts of the Password (just like the second [yes, second!] Dark Lord Sauron did Gollum).

    You know.. even though that doesn't work exactly (since all Sauron wanted was to have the Ring back on his finger .. whereas the FBI wants the information stored IN/ON the phone and they actually have the Ring.. Phone)… I think I'm starting to like the idea! The FBI being taught a lesson by a Dark Lord… Why not?

    John McAfee is full of it and he knows it (which is obviously the reason for the farce above).

    In any case I hope they don't get the information because there is no good (i.e. legitimate) reason to have it. They only want power. That's all they care about and any claim to the contrary is a lie. And they bloody well know it too. I wish Apple very well here and frankly wishing them well is wishing the entire world well (including ironically the authorities).

  2. Jim

    I took it to mean that he was going to socially engineer Apple, to get their private key. In which case, jolly nice of him to give them a sporting chance by mentioning it on the Internet.
    Then again there's always the chance he hasn't got the foggiest idea what he's talking about. :-)

  3. Techno

    It's not as stupid as it sounds. Islamists are fanatic obsessives and may have used passwords from the Koran, a book that they fanactically abide by.

    Having said that, I don't think he can do it though.

    1. Sir Glenn · in reply to Techno

      The FBI has had the phone for over 3 weeks, they can`t do it, Any legal action between Apple and the U.S Govt is going to take longer than that, So, let him try it, he has the credentials and experience. What can it hurt? have him do it at an FBI office so he can be monitored.

      1. Chris · in reply to Sir Glenn

        It can hurt a lot. There's a good possibility that there will be ten attempts to guess the passcode allowed before the device erases itself forever. All the FBI needs is this restriction removing in order that they can brute-force it.

    2. coyote · in reply to Techno

      Maybe this is my tired head but your point(s) is(are) not making much sense to me. What does social engineering a corpse (which won't really work, will it?) have to do with what he (might) have used as a password?

      Even if the Quran was relevant, though, manipulating words and following ideals[1] – no matter how legitimate – does not equate to them following [it] fanatically unless the it refers to their interpretation. But if they truly were following it then all (or at least many more) Muslims would be in support of militants and I've known many Muslims that were wonderful people (who were then treated horribly after the New York attack) perhaps even more wonderful than people of other religions (who I've known). They would of course want you to believe (and encourage the belief because it helps them) they are strictly following it but it isn't helpful. Then you have translations, interpretations and these change over time.

      [1] You note that the Irish Republican Army started out with good intentions but turned into thugs and you note that the different IRAs (continuity, provisional, …) still make claim to the ideals for their own agendas.

    3. pjm · in reply to Techno

      Passwords from the Koran? Take another hit off the pipe.

  4. EC

    Let's see how many can think outside of the box. China makes almost all electronics. What would it take for china to put a chip in that can compromise any system? Routers from Cisco are now made in china , your phones. Just think everything you use is made by another country and you rely on that other country to keep your electronics safe LMAO

    1. coyote · in reply to EC

      A better question is 'how many can and willingly think in general' (although the question has an obvious answer and is equally rhetorical as I'm sure yours is). But I don't see how your points are relevant (though it's true that those in a specific unnamed nation who want China punished are only asking for trouble since China owns said nation). (Not that the latter really matters much if at all. My response is probably similarly immaterial.)

  5. Aaron Ververs

    I predict that in the end, his fruits will be much like the translation performed at Nelson Mandela's memorial service.

  6. steel

    The thing I do not like about this is once used it will go nuts to the point they will order your phone opened up for a speeding ticket ! Too many laws after 9-11 to protect us have been abused no warrant searches wire tapping look what Snowden uncovered . Now look at air travel a pain in the butt TSA any one ??

    1. coyote · in reply to steel

      And said event is only one example of many. There are always excuses but sometimes it is more extreme (note the irony there). I'm afraid that this is one of those times.

      I'd also say that Snowden only made it known to the wide public but it wasn't as if the NSA had a history of these types of things (including secrecy .. though not necessarily doing a good job in their time); he made certain specifics known and he seems to really enjoy the attention it got him (which is the thing I don't like about him .. his loving all that attention, the drama, everything). But travelling should always be with such concerns; it's not as if this was the first plane hijacking: humans let down their guard once things have calmed down and then complain when something goes wrong, something that shouldn't have been allowed in the first place if they were responsible. Yet if they actually were intelligent these things would be handled better. Thankfully I don't have to worry about it because I hate travelling; at least I don't have to worry about it directly.

      This same problem is with computer security (and any other kind of security).

  7. mdnealy

    McaFee is running for president? The author sounds pretty spot on to me.

    1. coyote · in reply to mdnealy

      Yes but I'd say it's all about attention – something John loves (and he probably loves this post and ever response). He's a joke and I'd like to believe (but I'm not 100% certain) he knows it.

  8. Dean of Students UMA

    That's not what the fbi wants. They want a front door (cause their not ashamed of denying you your right to privacy.) to get what they want. If they wanted the contents of that phone there's plenty of people that can get into that thing. This is just another example of some authority playing king of the hill big shot arrogance and petulance throwing a tantrum to get what they want. And they want every cop on the planet to be able to get your information (it's not like they're protecting your information or protect your information from the people that are taking it against your will and selling it for profit.)

    1. Chris · in reply to Dean of Students UMA

      You couldn't more misguided and paranoid. Nobody – not even Apple – can get into the phone as it stands. What they want is the brute forcing restrictions removed so that they can perform as many guesses as needed, in order to gain access to information that would almost certainly ultimately help save lives.

      Put it this way, you can have a reasonable expectation of privacy in your home (assuming you do not live in a totalitarian state) – unless a judge issues a warrant because there's a good chance that you are involved in terrorism/murder/drugs etc. Then you can expect your door to be forcibly removed, if you don't open it. Just because you build an extremely strong, almost impregnable door, doesn't mean you shouldn't be subject to the same laws that we all are.

      1. coyote · in reply to Chris

        1. It's not paranoia. Even if it was unreasonable though it still isn't paranoia (but it's actually a reasonable concern).
        2. The fact Apple can do what they want means they might as well be able to get into it 'as it stands'; the only way not is if you're talking semantics. And semantics here are meaningless because in the end Apple can do what they want (so it seems). But the concern isn't whether many can or can't get into the phone. The concern is much more serious because the phone is only one example of many more – including some to come.
        3. It always amuses me, things like:

        'Put it this way, you can have a reasonable expectation of privacy in your home (assuming you do not live in a totalitarian state) '

        As if the west can't become totalitarian (for one example). Believing that is just stupid. I'm not claiming you're stupid but that very thought is stupid. That's the reality.

        4. The OP is actually right whether or not the FBI (and other organisations) will admit it. And they love people like you because you miss certain important points (that I shall not get into because it's something that people seem to miss no matter how it's worded to them – and I only came across this article again by chance but actually have other things to do).

  9. Bob

    There's some excellent commentary on these pages:

    https://www.schneier.com/blog/archives/2016/02/judge_demands_t.html
    https://www.schneier.com/blog/archives/2016/02/friday_squid_bl_514.html

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.