Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Tells US Judge It's 'Impossible' To Break Through Locks On New iPhones (reuters.com)

Posted by Soulskill on from the for-sufficiently-possible-values-of-impossible dept.

An anonymous reader writes: Apple told a U.S. judge that accessing data stored on a locked iPhone would be "impossible" with devices using its latest operating system, but the company has the "technical ability" to help law enforcement unlock older phones. Apple's position was laid out in a brief filed late Monday, after a federal magistrate judge in Brooklyn, New York, sought its input as he weighed a U.S. Justice Department request to force the company to help authorities access a seized iPhone during an investigation. In court papers, Apple said that for the 90 percent of its devices running iOS 8 or higher, granting the Justice Department's request "would be impossible to perform" after it strengthened encryption methods.

39 of 225 comments (clear)

  1. Sounds like by Chrisq · · Score: 5, Insightful

    Sounds like a challenge!

    1. Re:Sounds like by tripleevenfall · · Score: 4, Interesting

      I see this as a marked strengthening of Apple's platform. If truly not even Apple can unlock or decrypt the phones, then that's a huge benefit to using the platform.

      Of course this reminds one of TFA from last week, where it was claimed that the NSA had made some sort of computing breakthrough and could decrypt even standards that are thought to be secure today.

    2. Re:Sounds like by Immerman · · Score: 2

      Sure. Assuming they're doing it right then your phone is secure. At least so long as you don't install that new Upset Walruses game making the rounds that includes a discrete monitoring component that harvests everything you do on the phone, credentials included. Or contract any virus or worm with a similar payload.

      Still, a huge step forward from the historic state of affairs - at least if someone wants to spy on you they have to be proactive about it.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    3. Re:Sounds like by Ravaldy · · Score: 2

      Either that or they're just trying to sell you a new phone

      Among the list of items most users seek to get when upgrading their phone, I doubt being "NSA Proof" is in the top 10. After all, these are the same morons that wait for days in line hoping to be first to brag about getting the newest iPhone.

    4. Re:Sounds like by adamstew · · Score: 3, Insightful

      Every device that is capable of running iOS 8 is the iPhone 4S and greater...so pretty much 5 generations of devices. I doubt many people have a 5+ year old iPhone at this point. iPhone 4 and under account for 4% of the current iOS market share. (source: https://david-smith.org/iosver... )

      I doubt that they are now using this as a gimmick to try and force people to upgrade to a new handset at this time.

    5. Re:Sounds like by Noah+Haders · · Score: 2

      My phone locks out after 10 wrong attempts and needs to be restored. This is a setting in iOS.

    6. Re:Sounds like by WorBlux · · Score: 5, Informative

      Considering Apple includes a security co-processor it's not actually that easy. Touch ID wrapped keys are discarded after reboot, 48 hrs, or 5 failed attempts. This authentication method can also be disabled or never activated by the user.

      Additionaly the root keys are only held in the co-prossesor and co-mingled with a UID (which even apple doesn't know) as well as the password. You can't begin a dictionary or pin attack without pulling out that UID (and cosidering the co-proccessor is running L4, the only way I know to do it is use nano-meter scale probes to spy on the hardware as it operates. The root of the file-system is encrypted by a key held only in the security co-processor, and the comingled password is used in a sort of chain of trust with the hardware key to secure file-metadata and per-file encyprion keys.

      The firmware is designed to resist brute force, and apple fixes every known vulnerability to brute-force it discovers. The update mechanism requires the user password and cannot be rolled back to a prior vulnerable version, So apple can't provide a targeted device update to enable brute-forceing. At best the forensic team will have to sit on the device and hope a new vulnerability is discovered, and hope the data erase after 10 failed attempts was not enabled by the user.

      https://www.apple.com/business...

    7. Re:Sounds like by Midnight+Thunder · · Score: 2, Informative

      Doesn't matter if it's encrypted. There are only 10,000 four-digit PIN combinations, and iPhones don't self-destruct after a certain number of tries. Pretty easy to brute force it.

      Encryption is a necessary but not sufficient condition for security.

      Apple recently moved to six-digit codes minimum for all phones, by default. With the presence of finger reader this is not much of an issue.

      You can reduce or increase the security requirements of the passcode, but that is a personal choice.

      Ref: https://support.apple.com/en-g...

      --
      Jumpstart the tartan drive.
    8. Re: Sounds like by Anonymous Coward · · Score: 3, Informative

      Yes, the security processor handles the passwords, the flash is encrypted with a sufficiently long symmetric key, brute force will take longer theoretically than the heat death of the universe, though every few years it seems to halve. The better attack is against the keychain in the active device. Depending on whether the user updated to a longer pin, then only a few days. But if they did enable a passphrase, then no, back to very long time beyond usefulness to LEOs, assuming they didn't choose correct-horse-battery-staple. Or something equally guessable from their private info.
      And if they set wipe after ten wrong attempts, the security processor wipes the saved flash security key, and it's gone.

    9. Re:Sounds like by tlhIngan · · Score: 4, Informative

      Simple.

      1. Remove the flash.
      2. Mount it with a non Apple device.
      3. Run a dictionary attack on the password.

      With the right equipment, it would only take a few hours depending on the complexity of the user's password.

      Am I missing something?

      Yep. Starting with the iPhone 4, the flash media is encrypted with a key held in the device memory. That key is encrypted with the device UID key, the user's PIN (if enabled), and an instance key. The encryption key is changed when you select "Clear and Delete Everything" (it throws away the key and generates a new one, and re-encrypts it).

      Moving the flash chip to a new device means you lack the per-device key which makes the flash inaccessible.

      It's a fairly sophisticated system and short of implementation flaws, it's unbreakable.

    10. Re:Sounds like by gnasher719 · · Score: 2

      Even if it did self-destruct, that wouldn't help. You wouldn't bruteforce on a live device, you do it offline.

      You would, if you could. But the unlocking requires the presence of the particular processor on that phone, it doesn't work offline. Even with iOS7 devices, Apple could never unlock without the actual complete device.

    11. Re:Sounds like by Cramer · · Score: 2

      And you cannot "root" it either... because you don't know how, doesn't mean someone else hasn't figured it out.

    12. Re:Sounds like by Cramer · · Score: 2, Informative

      Everybody things biometric ("fingerprint") security is everything! A fingerprint is one of the easiest thing for an attacker to obtain -- we leave them on everything we touch. It's a trivial matter to reproduce to the degree required by those cheap sensors. (Mythbusters did this years ago with a simple thumb scanner door lock. I've done the same with the optical scanner on many laptops -- without having to lick the paper, even.)

    13. Re:Sounds like by niftymitch · · Score: 2

      Simple.

      1. Remove the flash.
      2. Mount it with a non Apple device.
      3. Run a dictionary attack on the password.

      With the right equipment, it would only take a few hours depending on the complexity of the user's password.

      Am I missing something?

      Yes you are missing a lot.
      https://www.apple.com/business...
      https://developer.apple.com/li...

      Apple has done a lot of work to improve their systems.
      So has Microsoft, FWIW.

      It was public knowledge even before the breach at Sony that system failures and
      the naive use of systems by customers would prove to be trouble. Those without
      their head up their exit port could read the writing on the wall.

      Another less discussed topic is IPv6 and the internet of things.
      Some minimum safety existed behind home NAT but with IPv6
      this little dirty sand box will get worse. The phones and tablets
      in my home all are lighting up IPv6 addresses.

      Who knows what the neighbors Nest is doing...

      --
      Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  2. That, Detective, is not the right question by rmdingler · · Score: 5, Insightful
    Impossible or not, is it a private company's (or individual's) duty to engage in the evidence-gathering duties of law enforcement?

    I'm not sure the judicial conviction of this one suspect is worth granting law enforcement the unfettered ability to deputize anyone, any time it's convenient.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:That, Detective, is not the right question by Anonymous Coward · · Score: 2, Informative

      It is their duty when the court orders it so as part of evidence gathering. Law 101, dude.

    2. Re:That, Detective, is not the right question by gstoddart · · Score: 4, Insightful

      Because, apparently, it is now "un-American", or straight up illegal, for private companies to NOT be part of the spy apparatus.

      So, either you accept the provisions of stuff like the PATRIOT Act which says every company is required to participate and keep it secret ... or you have to somehow get a court to overturn that (or have the lawmakers repeal it).

      But, make no mistake about it, in the present situation, spying is a given, the requirement for corporations to help is real, and the expectation that making something you can't help them break into is just helping terrorists.

      So, yes, this may not the be the right question. The problem is to whom are you supposed to ask the right question?

      Because apparently most Americans now accept this crap as perfectly normal, and have fully embraced that if you have nothing to hide you have nothing to fear.

      The cope creep of national security and terrorism to common day to day crimes was inevitable. And now law enforcement expects to bypass any legal controls, and get what they wish because they want it.

      Papers please, comrade. That particular cat has been out of the bag for a while.

      --
      Lost at C:>. Found at C.
    3. Re:That, Detective, is not the right question by Kjella · · Score: 3, Insightful

      you sucker. Do you have any evidence to support your position? Apple moves only to make money. The "apple ecosystem" and the efforts they make to prevent jailbreaking are proof positive that their only ethic is more profit. You've been trolled by dirty capitalists.

      Of course. But if they want to sell to non-US users having encryption that actually protects privacy might be a plus. We care just as much if not more than Americans, particularly since we got fuck all legal recourse if the NSA decides that all my data belongs to them. Nobody expects Apple to be doing it out of the goodness of their heart, they're doing it because it's good business. And now that the cat is out of the bag, if the US tries to push an official government backdoor that's fine with me because it won't sell in the rest of the world. It only worked as long as it was a secret and now it's not.

      --
      Live today, because you never know what tomorrow brings
  3. Bad guys by Anonymous Coward · · Score: 4, Insightful

    This is what encryption is for. Keeping data from the bad guys.

    1. Re:Bad guys by kilfarsnar · · Score: 2

      This is what encryption is for. Keeping data from the bad guys.

      So, it has come to this. Law Enforcement are now the bad guys. I'm not saying I disagree (at least not in all contexts), but it is a sad state of affairs in a once promising nation.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
  4. Re:Seized phone by NoBrakes58 · · Score: 2

    2) Why they want to avoid compelling the owner to unlock the phone is not stated.

    Because legally compelling someone doesn't mean that they will unlock it, just that they'll face further punishment if they don't unlock it.

  5. Re:Seized phone by Anonymous Coward · · Score: 2, Informative

    Oh, and because it could fall under 5th amendment right to not incriminate yourself.

    Unless you use the fingerprint lock... which courts have ruled isn't protected by the 5th.

  6. Re:Can Apple push extra software on the device? by jaseuk · · Score: 2

    Yes sure, you can enroll an iOS device in MDM and then send it an unlock command. The end-user has to agree and approve this first of all of course.

    Apple have built the system so that it is immune to a direct unlock. Apple and Microsoft have been giving clear signals that they no longer want to be stuck in the middle of international legal / court disputes requiring them to unlock under court order. So they've re-engineered their encryption and unlock protocols so that they no longer hold any master keys / unlocks etc. This also makes these devices useless when stolen.

    The only slightly questionable part is wether they can access any cloud backups. Although that might not be what the court asked.

    Jason.

  7. Re: Remember - Apple is a hardware company. by Feral+Nerd · · Score: 3, Interesting

    And for convenience sake it only affects OLDER devices. Seriously, Troll? OS is software, Apple could patch it to a similar level of encryption, or better for the stock price - advise you to upgrade the hardware.

    There is a military axiom about not defending indefensible positions. What would you have Apple do? Patch ancient 2nd and 3rd gen iPhones. Should Microsoft still be patching Windows 2000? Should Fedora still be patching FD12? And don't tell me that old phones being obsoleted because they are unable to run a new OS is some sinister plan by Apple to force users to buy new phones. I have a small pile of old Android phones and tablets that were orphaned (as in: Your device is incompatible with this version of Android) long before the end of their useful life because they could not handle the bloat of the new Android OS. Operating systems get upgraded, hardware becomes obsolete and some people do not bother to upgrade and that is a platform independent fact so if you want to rag on Apple try finding something better to complain about.

  8. "Impossible" for Apple by c · · Score: 4, Interesting

    It's a straight up application of Schneier's Law:

    Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.

    -- Bruce Schneier

    Someone might be able to break it, but if they can I doubt they'd talk about it.

    --
    Log in or piss off.
  9. Re: Remember - Apple is a hardware company. by bill_mcgonigle · · Score: 4, Informative

    > do your homework

    ha, at least read Apple's security whitepaper if you're going to tell other people to do so. Newer iPhones (5s and later) have trusted hardware - older ones don't, it's that simple. You need a certain OS level to use it effectively, obviously.

    I don't even own any iOS devices and I know this. It's no crime to not stay advised of the market, but if you're going to castigate others you really need to be well-informed.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  10. Marketing by TFlan91 · · Score: 2

    This sounds like a marketing scheme to get people to think:

    "Oh nos! DOJ can break into my 'older phones' running 'iOS [7 or lower]'! Better buy the newest one!"

  11. Re: Remember - Apple is a hardware company. by silentcoder · · Score: 2

    In most cases, if you root those devices there are third-party ROMS that can run much more recent versions of Android on them. No such pathway exists for apple users.

    --
    Unicode killed the ASCII-art *
  12. Re:Seized phone by peragrin · · Score: 2

    Also you need the passcode upon booting. Simply reboot the phone before handing it over to the police.

    --
    i thought once I was found, but it was only a dream.
  13. Re:Can Apple push extra software on the device? by swillden · · Score: 2

    On Android you can browse the Play Market on a desktop-browser and remotely install applications on your phone, with no confirmation or anything needed on the phone.

    That only helps if apps can unlock the device. They can't on Android, and I see no reason why they'd be able to on iOS, either.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  14. Re: Remember - Apple is a hardware company. by vux984 · · Score: 4, Informative

    OS 9 - the current version runs on devices as old as the 4S. I believe the 4S was introduced in 2011. That's a lot longer than 2 years.

    It doesn't matter when it was *introduced*, what matters is when it was *discontinued* -- because people were still buying them new up until that day.

    The iphone 4 was discontinued in September 2013. That means, yes, ios9 was released before some iphone 4 users had their phones for 2 years.

    And the iphone 4 wasn't eligible for ios8 either which was released a year ago.

    So anyone who bought an iphone 4 in mid-late 2013 had support for their phone dropped within a few months of buying it.

    Apple is pretty good about updates compared to most android vendors. But there is lots of room for improvement at Apple too.

  15. Re:Seized phone by NatasRevol · · Score: 2

    Really think of Carrier IQ, think of its ability to capture everything you do from key presses to app usage to files, to log everything. That is still present on every handset

    Except iPhones for the last ~4 years.

    http://allthingsd.com/20111201...

    --
    There are two types of people in the world: Those who crave closure
  16. Re: Remember - Apple is a hardware company. by corychristison · · Score: 2

    Which version of the Moto X? I've got a shiney new (released end of Aug. 2015) Moto X Play (not available in US)... I have been following an XDA Developers thread where they are putting together a CM12 build for it. Seems they were able to root and replace the bootloader quite easily.

  17. Re:Not impossible, just difficult. by flink · · Score: 2

    My understanding is that the key, encrypted by the user's unlock code and device ID, is stored on a secure hardware module that is unique to the processor on that specific phone. You can configure the phone to erase the key after 10 wrong attempts. This makes it pretty much impossible to brute force the passcode via the OS. What I don't know is if the 10 tries setting is enforced at the hardware level or the OS. If it's only the OS, I suppose you could rig up something to interface with the hardware security module directly. If it is enforced in hardware, you'd have to somehow extract the password-encrypted key from the hardware before you could start trying to brute force the password. I'm sure it's possible, but it's also probably beyond the resources of most law enforcement organizations.

  18. Re:Seized phone by dhaen · · Score: 4, Funny

    Made in USA = backdoored, Snowden showed us that.

    Lucky they're made in China then!

  19. Re: Remember - Apple is a hardware company. by Rosyna · · Score: 2

    Don’t have Trusted Hardware? Hmm? In what way don’t older iPhones have trusted hardware?

  20. Re: Remember - Apple is a hardware company. by UnknowingFool · · Score: 4, Informative

    Off the top of my head, is the boot ROM secured? Is there hardware encryption of the flash storage? Can the encryption be defeated by replacing hardware? For example can you simply remove the flash and put it on another phone to access it? Can you replace the boot ROM to trick the phone in thinking is being launched/loaded correctly?

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  21. Re: Remember - Apple is a hardware company. by Kjella · · Score: 2

    Long story short, PIN codes and such aren't long enough to be cryptologically secure so if you can copy the state you can brute force it easily. So what happens is you have a trusted chip that takes a PIN on one end, returns the AES key to decrypt on the other end. This chip has a countdown so if you enter the wrong PIN too many times, it'll wipe the key. It's also tamper-proof so if you try to open up the chip and alter the countdown or read the key directly it'll self-destruct. Essentially Apple is using the same kind of chip as "Trusted Computing"/"Secure Boot" uses to protect the private keys, nobody is supposed to be able to be extract them. Not me, not you, not Apple, not the courts, not the NSA. Or so we hope. What I guess this means is that older models don't have have that kind of purpose-designed hardware. If Apple wants, they can manage to read the PIN-encrypted key, which can then be brute forced, which can then be used to decrypt the rest of the device. There's not really any fix for that unless you have hardware support. Or you really want to type in >128 bits of entropy each time you unlock your phone.

    --
    Live today, because you never know what tomorrow brings
  22. Re: Remember - Apple is a hardware company. by thegarbz · · Score: 2

    Root what? Are you basing your view of an entire ecosystem on a single device from a single vendor? From what I've seen there hasn't been a single phone by Samsung, HTC, or from the official Nexus line that didn't have a root exploit (and in the case of some Nexus devices a written guide in Android's official docs of how to root).

    Save for a few carrier specific variants, but that is only something that happens in the USA.