FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net) 457
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
Really... (Score:3, Informative)
Re:Really... (Score:5, Interesting)
...was there ever any doubt?
There is still doubt.
The announcement is so vague that I am not convinced if they accessed the phone or are just saving face (since they didn't particularly need the contents in the first place).
Re:Really... (Score:5, Insightful)
A way to unlock the phone was described in detail long before: basically, copy the flash memory that contains the "wipe key", and restore it every time the phone "wipes" itself during bruteforcing. Given that this method is known, why is it surprising that FBI unlocked the phone? The only surprising thing here is why it took them so long to actually do that, but it's only surprising if you assume that the goal of that whole kerfluffle was to unlock the phone, and not to set the precedent to force everyone to give them the skeleton key. If it's actually the latter, then it's only logical that they gave up and just unlocked it when they realized that courts won't rule in their favor.
Re:Go a bit further (Score:5, Insightful)
It was never about gaining access to a phone in their possession, it was about being able to hack phones via the cellular phone network, with out the knowledge of the owner of the phone and marketing that access to protect another corporate player M$ who is providing that access for a fee. It was all about forcing Apple away from selling security and privacy as a luxury feature worth paying for. There is a huge difference between being able to hack a phone in your possession and being able to hack it remotely. When push came to shove the US government and M$, lost to Apple and the internet and it won't be forgotten, talk about burning bridges.
Re: (Score:3)
...was there ever any doubt?
Legally, yes. This is important because it's the first step to proving that Comey perjured himself. Now we just need to show that the FBI knew that there were companies offering this service (i.e. the FBI knows how to google "unlock iphone 5c") and either lied about it or deliberately chose not to ask them until it looked like they might lose.
This Just In (Score:4, Funny)
The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
the note mentioned PIN : 1234
eNjoy!
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:3)
that's the combination to my luggage! How did they know??
Re: (Score:2)
I Feel So Much Safer Now. (Score:5, Funny)
Sooo (Score:2)
This just in... (Score:3, Funny)
iPhone 8 will require fingerprint, retina scan, 57 digit passcode, DNA sample, and Tim Cook's voice passcode for access.
Re:This just in... (Score:5, Funny)
my voice is my passport
"FBI Claims..." (Score:5, Insightful)
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
But Out (Score:3)
Re: (Score:3)
Or until Google does, and publishes the exploit. :-)
What did Apple know? (Score:3)
Re: (Score:3)
> It's very likely that Apple knew the FBI could break in ...
Apple implied this in court when they stated that no other government body had ever requested similar access.
It's pretty clear that the FBI's motive was not this particular case - they wanted Apple to create software to allow them to have routine access to iphones without effort.
Apple's intention was to keep the bar to access high enough to hope that their phones will only be broken in the worst cases, not routinely and without a warrant by an
I can just imagine the look on their faces (Score:2)
Re:I can just imagine the look on their faces (Score:4, Insightful)
I would be very surprised if they were surprised at the lack of useful data on it.
Apple's response? (Score:4, Interesting)
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
Re:Apple's response? (Score:5, Interesting)
He phrases it as the FBI wanting a backdoor into what will effectively be an ATM machine network. Not a good look for the vendor of such a thing.
In around 2000 there were people buying fuel at the pump in one country via their phones but the banks got in the way of that being a viable payment method in general. Now Apple probably have the ability to do to the banks what they did to the music companies and actually implement the old electronic wallet idea. I'm not saying it's necessarily a good thing or a bad thing, just that it looks like Apple is heading in that direction and the FBI having a backdoor into it would be a danger to such a system.
"impossible" (Score:5, Insightful)
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
Sharing is good (Score:2)
The official declined to speculate whether the method will be used on other phones in other investigations, or if the method will be shared with law enforcement agencies at the state and local level, or if information about it will be shared with Apple.
It is a pretty safe bet the method will be used in other investigations, though I'd be shocked if the information is shared with one of those listed.
Cupertinto better get busy! (Score:2, Insightful)
Re: (Score:3)
They decrypted a 32 bit iPhone 5c running iOS 7. All indications are that security professionals think that if it had been a newer 64 bit phone with the extra encryption hardware running a later version of the OS, it would be harder to decrypt.
Re: (Score:2)
Re:Cupertinto better get busy! (Score:5, Informative)
The game does not need to be "upped". The only reason the encryption is so easily crackable is because it only had a 4 digit PIN. If the person had used a 16 character alphanumeric passcode, the encryption would be for all intents and purposes "uncrackable" as even with Apple's assistance, the FBI would never be able to brute-force the lock.
Re: (Score:3)
The wipeout doesn't wipe the entire device memory - it would be too slow. Instead, it wipes the key that encrypts that memory (one of the keys, present there for that explicit purpose - there is also the actual key that is derived from the PIN, so knowing that one key doesn't let you decrypt), rendering it a meaningless soup of bits. This is fairly standard approach in secure storage systems.
Now, said key is stored in flash memory. And it so happens that on this iPhone model, that flash memory is accessible
Re: (Score:2)
Re: (Score:2)
Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
I had asked before: has Apple ever said its phones' data are positively, absolutely, perfectly secure from others accessing it if you implement such-and-such procedures we told you to do?
I think this has been the conventional understanding but may have been a fiction generated by Apple diehards and perhaps not denied by Apple as a PR ploy. Look, it took quite some time for President Obama to get a secure Black Berry phone and Mrs. Clinton would have needed some kind of $4k + device to be secure. If Apple
THIS JUST IN (Score:5, Funny)
Theory is backing up nand chip (Score:2)
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
I don't know how necessary it would be detach the chip
Re: (Score:2)
The leading theory is: Desolder the memory chip, make an off line copy, then reattach the chip, try 10 unlock codes. If it scrambles the memory restore from back up and try next 10 unlock codes.
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
It's not that delicate. There's a Samsung engineer who was unlocking iPhones for $200 a pop with about an 95% success rate using a toaster oven for the reflow, back when there wasn't a software unlock.
Also, what I suggested in the first place. A variant of the technique would disable the flash write enable pin after it boots. That way /var/run/* is all happy, and the phone can't tell during boot.
The fix is to just try a write during pin entry, and read it back, and if it's not the same, iOS knows it's be
Re: (Score:2)
it's now time to Buy a New iPhone (Score:2)
Who knew? (Score:3, Funny)
That in 2016, the Jews would be helping the Nazis... ...it's a strange world...
The incredibly funny part is coming... (Score:5, Funny)
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Re:The incredibly funny part is coming... (Score:4, Funny)
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Method got classified by FBI, which defeats Apple being able to do so.
Re:The incredibly funny part is coming... (Score:4, Interesting)
You're the idiot:
17 U.S. Code 1201 (e) only applies if they did not crack the device before they had the contract with the FBI.
Since they demonstrated the technique to the FBI prior to the FBI contracting with them, according to news reports and statements by the FBI, including statements to the court by FBI representatives requesting a stay, it's pretty clear that the technique existed before the FBI engaged them as contractors.
While they may in fact be protected on the specific instance of the iPhone from San Bernardino, they are still liable under the act for having developed the technique prior to the contract.
If they wish to roll this in under blanket protection from another contract for previous work, or an ongoing contract for existing work in progress, they can... assuming they are willing to disclose sufficient details of the contracts in question for the court to make a determination that the prior contract(s) do in fact apply to the current case.
As they offered the breaking of the San Bernardino iPhone as a service for hire for the FBI, it's pretty clear that they intended to profit from the act of breaking into an iPhone (or more than one iPhone), and therefore the safe harbor provisions od 17 U.S. Code 1201 (g) *also* do not apply.
Have fun in court, in any case, given that the discovery process will require disclosure of the techniques in front of Apple experts to ensure that the techniques did not in fact constitute new and unique DMCA violations prior to the contract being issues/engaged.
Gotta love a case where the DMCA hoists the government on their own petard, particularly since the EFF has been trying unsuccessfully to get the anti-reverse engineering provision of the DMCA struct down for *literally years*.
Perhaps the next time the EFF goes to try and get the DMCA anti-reverse engineering provision struck down, the FBI will be willing to file an Amicus Curie Brief on behalf of the EFF's position?
On the bright side (Score:5, Interesting)
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
Re: (Score:2)
"Justice Dept. withdraws legal action against Apple over San Bernardino iPhone"
http://www.usatoday.com/story/... [usatoday.com]
has the quote ""consistent with standard investigatory procedures.''"
A method that is open court ready with the origins of any new case for any legal team to question in open court for all the other generation of phones?
Ready for a set of state and fed
Re: (Score:3)
And look at that! (Score:3)
Well-known IT security axiom (Score:5, Interesting)
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this [slashdot.org] that incorporates unreproducible physical defects unique to each NAND chip.
Re:Suggestions anyone? (Score:5, Interesting)
Re:Suggestions anyone? (Score:5, Informative)
It was an old phone without the secure enclave, they can just say that they probably already closed that hole, particularly if it was the attack of rewriting the flash.
Re:Suggestions anyone? (Score:5, Insightful)
Without secure enclave, the phone is basically wide open for pretty simple attacks on the hardware. With secure enclave, things may be a lot different.
Re: (Score:3)
Bullshit. Apple will have an excellent idea of what they did.
Re: (Score:2)
Re: (Score:3)
Re:Suggestions anyone? (Score:5, Insightful)
Re:Suggestions anyone? (Score:5, Insightful)
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
Re: (Score:3)
Given unlimited resources I imagine they can probably crack any consumer level device eventually. They just wanted to save the trouble and expense and force Apple to open it for them. When they realized that Apple wouldn't and that they could not force them to they did what they should have done to start with. The fuckers are lazy.
It's a double PR debacle for Apple/Cook (Score:2, Troll)
Apple claimed that it wanted to defend the privacy of its customers. Great.
Then they extended that principle to defending the privacy of a known terrorist, who is dead, and who consented to having his activities monitored (because the phone was owned by his employer, the County of San Bernardino). In this case, the county government was Apple's customer, and Apple was going against the wishes of its customer by protecting the privacy of the county's most nightmare employee. That's a PR debacle.
And if the
Re:It's a double PR debacle for Apple/Cook (Score:5, Informative)
The history of cryptography has shown that almost any cyrptosystem can be broken with enough time and effort.
The FBI chose to use this case as a pretext to demand that Apple provide them which what is effectively a master key to break into any iphone with negligible time or effort.
Apple's contention was that the master key solution was not warranted and they have been proven correct.
Re: (Score:3)
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
They still need to close the loophole where Apple can until update iOS on the phone without the user's explicit permission.
The FBI's whole case was that Apple could crate a new, less secure, iOS and upload it to the phone without unlocking it or disturbing the contents in the process.
Re: (Score:3)
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down.
Frankly I'm a little worried that they did find something on the phone. In a few days they may go: "See, we did find something, but because Apple resisted us the bad guys got away!"
Re: (Score:2)
and many others.
Re:Suggestions anyone? (Score:5, Insightful)
You'll note that this was NOT his personal communication device. This was his work phone, which he left behind whole. He destroyed his own personal phone, whose secrets he obviously cared about. Note also that the FBI had already gotten a backup of the data on this phone from a number of weeks prior to the attack. Given all that, it's highly probable that there's nothing incriminating on that phone at all.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Re:Suggestions anyone? (Score:5, Insightful)
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Wish I had mod points. The FBI back down because they were about to have their ass handed to them in Federal Court, setting exactly the opposite precedent that they wanted!
Re:Suggestions anyone? (Score:4, Interesting)
What I'm curious about is if now Apple can be preemptive and force this to go to court and have the order slapped down. I'm not entirely sure of the model with writs, however. They *might* be able to now claim standing and go for a suit against the FBI specifically but I'm not sure how much that'd do unless it was considered precedent setting.
Re:Suggestions anyone? (Score:5, Insightful)
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Did anyone believe that the security of an iPhone (or Android Phone) would stand up to the resources available to a nation state - particularly one known to collect zero day exploits they keep to themselves?
And don't parrot back "the FBI said it wasn't another government agency" - you might be inclined to take them at their word, but it's been obvious to me for some time that they will lie to the public if they feel it suits their interests. So we don't know who did it.
Re: (Score:2)
You're funny.
This was not a properly secured iPhone. It used a 4-digit PIN. If you're math-challenged, that's on average 4500 attempts to break it. The phone used some DRMesque hardware obfuscation alchemy to try to make that 4-digit PIN secure. DRMesque alchemy doesn't typically work. Proper encryption does typically work. It's well known among people with brains that a 4-character numeric-only passcode is not sufficient for a disk encryption password.
It is extremely likely that a properly secured Ap
Re: Suggestions anyone? (Score:5, Informative)
Everyone knew. it is 5 c. no secure enclave. the wipe is in sw. if you have bootloader hacked or bl certs it is easy. why seemingly nobody on slashdot understands this i cannot nderstand.
Re:Suggestions anyone? (Score:5, Interesting)
It was an iPhone 5c. It doesn't have the "secure enclave" that later models have, and is nowhere near as secure as these recent models, and by "recent", I mean anything that's a 5s or above.
See https://www.apple.com/business... [apple.com] for the gory details, or https://www.mikeash.com/pyblog... [mikeash.com] for a more readable version, but basically the secure enclave is designed to prevent brute-force attacks like the FBI wanted to use.
I'm reasonably certain that Apple's security team will have a larger remit on the next phone, to the extent that the secure enclave is invulnerable even to Apple (the above link speculates that it currently is not, and would therefore be vulnerable to a court warrant akin to the recent furore).
Re: (Score:2, Informative)
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
This was an iPhone 5c... it lacks Secure Enclave...
The iPhone 5s and newer do not have this problem...
Re:Suggestions anyone? (Score:5, Interesting)
Probably good for Apple, actually. The problem with using this case as a precedent for whether or not a phone manufacturer should be required to unlock a phone or not is that Apple could have assisted them with the unlocking by doing what the FBI requested (writing a custom OS to facilitate unlocking). But now, Apple has already plugged that hole in newer models, which means if the same case were to happen with a newer iPhone, it would be even more in Apple's favor. On top of that, it wouldn't surprise me if the reason the FBI has backed out of the case is because they didn't think they were going to win and so didn't want to set a precedent which would be unfavorable to them.
Assuming there isn't some similar hole on the newer phones, I'm pretty sure Apple (and privacy, for that matter) is the big winner here.
Decryption key on device means device insecure (Score:2)
The weak link is the passcode on the phone, the passcode is the only thing that keeps the decryption key on the phone secure. The fact that the phone has the decryption reduces its security. In more traditional security the decryption key is generated as need by entering a passphrase and erased after use, not stored somewhere.
sorry, clicked on wrong reply button (Score:2)
Re: (Score:2)
It's an iPhone 5C without secure area on the silicon itself. Much weaker than iPhone 6 and 6S, relying on software to do the job of the silicon.
I'd expect newer iPhones to be secure for now.
Third party breached iPhone is a week ... (Score:2)
If Apple had assisted the FBI they could have maintained the perception of security. So their ethical stance had a price, which is a pretty normal thing. But its a short term price. As Apple moves more and more of its security from software to the hardware, it helps to make one's own chips, such breaches will be more a
Re: (Score:3)
Apple's selling point isn't that their phone is impossible to crack into - it's that they are not working with the US government to give secret back doors. It should surprise no one that technically sophisticated people can retrieve the information from a phone that they have physical possession of. If anything, it's kind of a feather in Apple's cap that it took so much work.
Re:Suggestions anyone? (Score:5, Insightful)
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
Re:Suggestions anyone? (Score:4, Funny)
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
Sounds like it's a lot cheaper to boast about your platform instead of paying bug bounties, doesn't it?
Re: (Score:3, Insightful)
That's kind of a Pyrrhic victory.
Yeah, Apple didn't have to help them.
But that's because Apple's phones were not secure.
Re:Suggestions anyone? (Score:5, Interesting)
No security is perfect. This was a large government organization with physical possession of the phone paying a software agency with experience in digital forensics (in other words - retrieving data thought to be lost). It's not impossible to protect against this, but it can be trickier. From what I've read, the newer iPhones have more baked in security and would have been orders of magnitude harder to crack.
The big victory here is that Apple wasn't forced by the courts to unlock this phone "just this one time." Had they been forced to do it, one time would have turned into two, three, five, a hundred, etc. There is no precedent for the next time when the FBI or other law enforcement agencies come to Apple (or other phone manufacturers) demanding that they weaken security because "terrorism."
Re: (Score:3)
That was never really the point. Nobody doubted the software only lock on the iPhone5 could be defeated. There was already lots of evidence out there to suggest that at least some agency had already done so. Apple's argument was that they want to be able to make a secure product and in fact do, the iPhone 6. It has a hardware authentication solution.
What they were trying to prevent was a legal precedent being set that would effectively prevent manufacturers from building secure products because complyin
Re: (Score:2, Troll)
What am I supposed to be skeptical of?
Their statement that they broke the phone and don't need the court order anymore? Why would they bother lying about that?
Re: Suggestions anyone? (Score:5, Informative)
It's also possible they found a way into the phone that doesn't generalize, but provides the same way to back out without changing their position.
Re: Suggestions anyone? (Score:5, Interesting)
The implication you're making is that:
(a) they never needed to get into the phone because it was already broken; or
(b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
Re: Suggestions anyone? (Score:5, Interesting)
"Bold faced lie" : yes
"For no reason" : not necessarily
Claiming to have unlocked the phone saves face, plus it spites Apple. Petty retribution for Apple's stubbornness.
Really, there's no reason for the FBI to tell the truth. The inverse of what you said. Admitting they couldn't hack it, and admitting they knew the court case was bound to fail ... what does any of that accomplish?
At this point, I'm assuming it's all lies, until the FBI either publishes the hack, or some info from within the phone that they now can access.
Re: Suggestions anyone? (Score:4, Insightful)
if its possible to have less than zero percent trust in our 'national security' agencies, this is what we are left with, at this point.
they can sing and dance about all they want. but what they say is not trustable and no one should base any conclusions at all on their 'info'. its all about what they want and they'll lie, cheat or steal to get it.
common criminals who think they are on the 'right' side but have lost their way big-time. that's what the fbi, nsa, cia and all the rest are, at this point.
way to get the trust of the american (and ROW) people, guys! good show. good job.
lol. bunch of idiots, in reality. they could not have ruined their own rep any more if they tried.
one good thing: the young people are seeing the country for what it is and they will grow up mistrusting their leaders. THAT'S A GOOD THING - it shows that we are finally starting to realize what the reality of the world is; and not the disney fairy stories that we are taught when we grow up. people in the LEO field are not afraid to lie or cheat or steal to get what they want. they are thugs with badges and inferiority complexes. and they do NOT have our best interests at heart!
so, its good that we as a people are seeing how rotton our leaders and top secret orgs are. its good that the laundry gets aired every now and then.
don't trust the man. it was true decades ago and its still true, today.
Re: (Score:3)
They don't want a warrant though. A warrant doesn't apply in this case as there's nothing to search. They needed a special court order to compel Apple to assist them because no precedent for it within normal legal channels.
Re: Suggestions anyone? (Score:4, Interesting)
They might well lie in order to avoid what they came to see as an inevitable loss in court. This was never about the one phone.
Re: Suggestions anyone? (Score:5, Informative)
There's no law that says Apple must provide decryption of the phone. And since they're not in possession of the data (it's on the phone), they're not required to hand it over based on a warrant as they would be under the Telecommunications act. So what to do?
Enter the All Writs Act of 1789. Basically it says courts can issue writs (judicial orders) for anything necessary within their jurisdiction. This is what was being used to order Apple to develop a version of iOS that would not erase the phone no matter how many PINs were typed in, effectively allowing the bypassing of the encryption.
Now the All Wits Act hasn't been used that way historically. And there's a huge question as to whether you can order a company or a person to do work like that for free. Normally decrypting a phone would be a service the government would pay a contractor to do or have an in house capability for. Here there trying to compel an unwilling party to work for them for free.
It's a fair bet that's unconstitutional. (4th amendment). The government has used the All Writs Act a couple times this way in the past few years in relation to mobile devices. It's pretty clear they don't want that shaky legal ground tested in the Supreme Court with public opinion against them.
Re: Suggestions anyone? (Score:4, Interesting)
Re: Suggestions anyone? (Score:5, Informative)
THE COURT: Look, your language doesn't invoke the All Writs Act, I get that, but in terms of the burden, first, you haven't challenged it and you still haven't explained why not. Second, you provided language for reasons I understand about consistency, but you also did not say anything about burdens beyond the immediate expense.
If you are saying we want to craft language that is going to say here's exactly what we have to do, you require, if I'm not mistaken -- I don't have the language in front of me. Do you require compensation?
MR. ZWILLINGER: No, we've never required compensation.
THE COURT: But you can, and you don't do anything about that.
I mean, the point is well taken that Apple is a pretty darn big company, maybe they don't care so much about the costs of these 70 things in the big picture. It just seems to me that there's a dog that didn't bark here.
MR. ZWILLINGER: I think the way to address this, Your Honor, is the following.
Right now, Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now. And, in fact, Apple built an operating system which is why we're only talking here about IOS 7 systems, operating systems IOS 8 and IOS 9, that puts Apple in a position where it cannot do this, that is, going forward with 390 percent of the devices involved, Apple cannot perform these services. So, Apple has taken itself out of the middle of being in a position where it can be used as an attack vector or in any way to compromise the security and privacy of customer devices.
So, when the court asks Apple today does the All Writs Act provide authority to force it to do this, Apple says no, it does not, because what we are being forced to do is expert forensic services, we're being forced to become an agent of law enforcement and we cannot be forced to do that with our old devices or with our new devices.
The 390 percent thing is weird, but that's what's in the transcript.
Full Transcript: http://www.scribd.com/doc/296323783/102615-Apple [scribd.com]
Re: (Score:3)
I could be wrong, but I thought that Apple would have been compensated for their efforts in complying with the AWA-order? I don't remember anything about them doing it for free.
They might compensate Apple for the time and materials to get the job done.
What they won't do, is compensate Apple for the loss of reputation and loss of future sales they suffer because they cooperated.
Re: Suggestions anyone? (Score:5, Interesting)
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
Re: Suggestions anyone? (Score:5, Insightful)
They're not lying about that. What they were lying about was that they needed Apple to do this in the first place on a not-current phone that doesn't have the most up to date protections in place.
They wanted to use this sympathetic case to force the courts to ignore the law and the constitution to force Apple to invent something it didn't have--to do compulsory work against its still in other words. They were then going to do what they always do--use a case based on terrorism as a precedent to apply to regular non-terrorist crimes for which they'd never have got even that far.
Their technique requires physical possession of a phone, and that's going to mean getting a warrant. It also precludes using it for mass spying. If they got what they wanted from Apple it would mean they could spy remotely with no warrant (well, not legally, but they'd do it anyway)
When it became clear that there was a pretty good chance of the exact opposite happening they folded, just like they intended to do all along if this happened. They couldn't just drop it because even the American media isn't so desense and bought off as to let that go unquestioned, so they had to hack this phone, most likely using a technique they had or had lined up all along. (That would be the lie part)
This is also how the government kept gun control cases out of the Supreme Court for decades, by strategically folding when they knew they were going to lose, because they believed, correctly, that what they were doing was unconstitutional and they didn't want to get called on it. It's a slimy technique executed by slimy people. Such is the state of our 'justice system'.
Re: Suggestions anyone? (Score:5, Interesting)
Passcode broken, not encryption broken (Score:2)
The weak link is the passcode on the phone. The passcode is the only thing that keeps the decryption key on the phone secure, and for many its a four digit passcode. It does not matter how strong your encryption is if you only need four numeric digits to get to the decryption key.
The fact that the phone has the decryption reduces its security. In more traditional security the decryption key
Re: (Score:3, Interesting)
Could anyone meaningfully comment on whether the FBI actually did this, and if so, how? Creating a clone for them to exhaustively attack maybe?
Yeah, they accessed the data on the phone by letting the San Bernardino County unlock the phone with the MDM software they had installed in it.
Re:Suggestions anyone? (Score:5, Insightful)
Which they had already done once, then LOST THE PASSWORD.
http://abcnews.go.com/US/san-b... [go.com]
At any rate, physical security is the most important part of security. If they have the device, they will eventually crack it.
Re:Suggestions anyone? (Score:4, Informative)
From my understanding the County had an MDM system, and it was managing some settings but that they had not yet started putting an "enterprise" password setting yet. The password change that is in the link you posted was on the iCloud account, not on the phone. They probably just used Apple's automated system and asked it to send the password reset verification to his (work) email, which they already had control of.
That did not solve anything, but rather meant that there was now no way that the phone could be induced to backup to iCloud, where a parent could have produced the data (Apple had already given them older backups that were there). To this point I have not heard anyone in the position to know comment on whether this was a hair-brained scheme by someone who didn't know what they were doing, or a more cynical attempt by the FBI to setup a situation where they could fish for new powers. Generally I would tend to the incompetence explanation (especially since this was very shortly after the event), but the FBI directors sliminess in this episode makes me eye the other possibility more.
Re: (Score:2)
Either you're wrong, or you're aware of a 0-day exploit against Loop-Amnesia, Tresor, TrueCrypt, dm-crypt, loop-AES, BitLocker, and FileVault. If you're aware of such a serious security hole, please report it. Kthxbye.
Re: (Score:2)
It cannot have been very difficult, it was far too fast for that. My guess was FLASH removal, replacement with emulator, and then try 10x, shut down phone, reset emulator, boot, try 10x,.... If I am right, this is something I and many others could do in our home-labs. It would also mean that the FBI directly lied when claiming to need Apple's help.
Re: (Score:2)
So you're saying encryption is worthless because you have to decrypt the data to use it?
Re: (Score:2)
I thought they still measured processing time in P90-hours?