Slashdot Mirror
Apple Deluged By Police Demands To Decrypt iPhones
New submitter ukemike points out an article at CNET reporting on a how there's a "waiting list" for Apple to decypt iPhones seized by various law enforcement agencies. This suggests two important issues: first, that Apple is apparently both capable of and willing to help with these requests, and second, that there are too many of them for the company to process as they come in. From the article:
"Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year.
An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, 'contacted Apple to obtain assistance in unlocking the device,' U.S. District Judge Karen Caldwell wrote in a recent opinion. But, she wrote, the ATF was 'placed on a waiting list by the company.' A search warrant affidavit prepared by ATF agent Rob Maynard says that, for nearly three months last summer, he "attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock' an iPhone 4S. But after each police agency responded by saying they 'did not have the forensic capability,' Maynard resorted to asking Cupertino. Because the waiting list had grown so long, there would be at least a 7-week delay, Maynard says he was told by Joann Chang, a legal specialist in Apple's litigation group. It's unclear how long the process took, but it appears to have been at least four months."
If they're going to expect Apple to spend time doing their work for them are they are least compensating them for the time and energy necessary for this?
IPhones are stolen. IPhones are used by criminals. And of course, everybody is a terrorist.
Not like they can ask the NSA for their secret keys though. Or the Machine.
iPhones are encrypted?? Since when?
Is this talking about getting past the 4-digit lock screen? Or decrypting encrypted data stored on the device?
I wonder if they just overwrite the password hash....
The summary talks about decrypting the data on the phones. The articles talk about getting past the lock screen on the phones. Those are two entirely different things. On my phone, I have to first enter the decryption code before I'm presented with the lock screen.
Most phones aren't encrypted and usually the company can bypass it. For example with Android phones tied to a Gmail account, Google can bypass the lock screen. So if you forget your password, that is a recovery mechanism. Also data can be accessed if you physically removed the flash chip from the phone and put it in another reader. Lock screens are protection against most kinds of attacks, not high level security. Most people don't need high level security though, so it works well.
You can also encrypt your phone. Well I presume you can encrypt iPhones, having not owned one I don't know. You can encrypt Blackberries and Androids. There you set a key and it does basically a full-disk encryption type of thing. You have to enter the key to access the device at all (whereas lock screen lockouts will allow some stuff to happen) and there is no recovery. If you forget the password, you're boned, flash the device and start over. Few people do that because it is not pushed and is inconvenient.
It is also more security that is generally useful. Most people are worried about someone running up a phone bill, or getting at your account information or something if they steal a phone. A lock screen stops that. Device encryption is needed only against more serious threats, hence most don't use it.
Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year... Because the waiting list had grown so long, there would be at least a 7-week delay...
As soon as they are able to get these phones decrypted, this war on drugs will be won!
Look where all this talking got us, baby.
Maybe I should buy a copy of PhoneView (http://www.ecamm.com/mac/phoneview/) and setup my own computer forensics firm.
Brought to you by Team SPAM! where we believe: "Information in the noise!"
Unless the iPhone has a backdoor - the effort required for either Apple or others should be the same. Does this mean that the iPhone has a backdoor?
Didn't an FBI agent just say that they US Govt was storing all digital communications?
i see this story as being a GOOD thing, generally speaking. the feds are stumped by my iphone. now the only people we need to cockblock are in cupertino
The question is, how ?
The Apple platform is a closed platform, and they closely guard against any attempt to change their products (even after we have purchased them with our own money)
Until now, there is no way to safeguard our secret stored in i-Device from the prying eyes of Apple Inc
Muchas Gracias, Señor Edward Snowden !
then there will be no need to decrypt iPhones in this case.
The article doesn't say Apple decrypts what's on the phone, only that they can copy the contents off of the phone. You need factory tools to do that, because the standard firmware on the phone won't do any data transfer if you don't have the key it wants.
Brute-forcing an iPhone's lock code is relatively trivial with freely available tools. This puts the device in DFU mode, so "Erase device on X unlock attempts" doesn't take effect. That version of the tools only bruteforces lockcodes, but there's no theoretical reason you couldn't try at least a dictionary attack on a password, too. Since it's also possible to dump the hardware key and a complete (encrypted) image, I imagine an offline attack on the image is possible, too. You wouldn't have to rely on the relatively slow hardware in the iPhone.
Using those tools I have successfully bruteforced the 4-digit lockcode to an iDevice running 6.0.2, and that's with no prior experience with or knowledge of iOS. I even used an emulated Mac to compile the necessary firmware patch. And that's just what I was able to do in with a few hours of fiddling. There are people who do this for a living, and tools dedicated specifically to extracting data from mobile devices. Are these PDs really saying they can't get into devices with simple lock codes?
End of lesson. You may press the button.
Yes - that's a backdoor.
Apple has been working with Blackbag for many years, but have recently been trying to take over the smaller company's business. I suspect the deluge of demands is because Apple simply isn't prepared to handle this amount of requests from forensic departments.
Wish I had my mod points today...
This is good right? I mean with the DMCA even trivial protections are illegal to circumvent, so you remove the people who would be capable and interested in reverse engineering from the market. Then don't be surprised then when nobody can decrypt smart phones.
Well I don't remember Apple ever promising "don't be evil" so there ya go.
IF you've put data on the system and encrypted it, then you can replace the OS or get it reset (which is the same thing, or should be).
If resetting the OS changes the encryption of the data you added, it's not encrypted, and if the key signing for the OS is also the key signing for the data you add, its not encryption.
Don't trust encryption on an iPhone. Can we trust android? ( serious question.. )
like pins for a jtag port somewhere on the phone. That means
disassemble, solder something on, and flip some bits in flash. If
they have a limited number of jtag pods, solder stations, and people
capable and cleared to do the job I can understand the backlog.
Cant Find my iPhone be put into effect remotely from a mac and then remotely set the device to erase and reload factory settings?
And I thought one of the big problems with blackberry was its solid encryption. I remember several years ago, on one of the demise of blackberry items, that their downfall was their super encryptioon, that governments had to regulate out of existance. Why do the same rules not apply to Apple?
If Apple is deluged with requests for what is, most likely, a free service they offer is there any doubt they won't.make it easier for law enforcement/Apple by either offering CSI labs 'DIY' kits OR training an AppleGenius at each store to do it on-demand?
Ken
If you design the product correctly, then it only takes a few seconds to tell law enforcement, "We lack the ability. Even the NSA lacks the ability. Give us a hundred billion dollars and we might be able to do one phone every hundred billion years." The fact that there's a backlog, shows that Apple screwed up big time, to the point of shocking negligence. Having them bear the expensive of the mistake might be the best incentive for them to fix the next version of the iPhone.
Not that that would really be fair -- it's not Law Enforcement's place to be providing incentive for Apple to do crypto competently. OTOH, if there were laws mandating people use best practices for mainstream consumer PCs... *laugh* Sorry, it's just one of those crazy ideas people sometimes get.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If Apple is deluged with requests for what is, most likely, a free service they offer is there any doubt they won't.make it easier for law enforcement/Apple by either offering CSI labs 'DIY' kits OR training an AppleGenius at each store to do it on-demand?
It seems that to be able to get close enough to the encrypted data to start brute forcing the key, you need to get into the device in ways that require Apple's private keys. That's something that Apple wouldn't hand out to anyone, not CSI or an AppleGenius. I don't know how Apple handles it exactly, but I've read Microsoft's documentation how that kind of key is supposed to be handled (software developer locked into a room and from time to time the manager pushes some sandwiches through the gap under the door), so there is no bloody way these keys would ever leave Apple.
God, this is worse than a comment that says "This."
For Apple to get into this I'd expect lawsuits against them--government entities might very well be able to get search warrants for this information but I doubt anyone involved can make a judge write up a warrant that allows Apple itself to have and reveal the data and not just the law enforcement entity involved.
There is no reasonable way to prove that there hasn't been tampering of evidence while the phone is in either nobody's or Apples control.
And if any party involved is shown to or can't prove they didn't hook this item up to an internet connected device to decrypt it there is no way to prove it hasn't been the target of malware that could plant erroneous data as well.
This is pretty creepy stuff.
If the fool was using a personal phone to conduct illegal business, the police and Apple can use whatever means they want. Last I heard, drug dealers use disposable,cheap phones to conduct deals and then toss in the water/incinerator/whatever. What should be the real story is this failed war on drugs that only seem to give the state greater police powers, bankers more money, and make drug lords ridiculously rich. Decriminalize drugs and make it a health issue. Our society has a tremendous problem with drugs including and especially the "legitimate" kinds. Read Charles Bowden's 'Murder City' and 'Down By The River'. Excellent journalism.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE