Slashdot Mirror
Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com)
An anonymous reader writes: After a couple shot 14 people in San Bernardino, CA before being killed themselves on December 2nd, the authorities recovered a locked iPhone. Since then, the FBI has complained it is unable to break the device's encryption, in a case that it has implied supports its desire for tech companies to make sure it can always have a way in. Today the Associated Press reports that a US magistrate judge has directed Apple to help the FBI find a way in. According to NBC News, the model in question is an iPhone 5c, but Apple has said that at least as of iOS 8 it does not have a way to bypass the passcode on a locked phone.
"Judge orders arsonist to unburn-down house"
Good luck with that.
I wouldn't be surprised if this was nothing more than a joint PR stunt to mislead people into assuming privacy on their cellphone so they wouldn't be afraid to use it for sensitive information. Government has nothing to win by disclosing they have a backdoor, neither does the cellphone manufacturer. Even thinking lo-fi decryption, how long must the passcode be before brute-forcing gets more inconvenient for the government than for the user?
All you gotta do is put the password here and it opens right up. What's that? You don't know the password? Neither do we.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
It stands to reason that the purpose of trying to decrypt the phone after the event, and after the death of the perpetrators, is to see if there might be any information that might implicate other individuals as accomplices or sympathizers, so that those individuals can be investigated. But if it is not possible for Apple to decrypt the phone, then other avenues of investigation will need to be considered.
Of course, mathematics being what it is, and lawyers and judges being who they are, it is not the least bit surprising that the latter should be ignorant of the former. It's a unique form of hubris to think that one can somehow circumvent a secure cryptographic system by the mere force of law, as if jurisprudence supersedes mathematical truth.
Or you know the FBI can look through all the phone records and use their other sources of information. These people had twitter, they know that, they can also easily find their email accounts.
It's the FBI being whiney.
Do not look at laser with remaining good eye.
The phone is encrypted so that it takes a key that is randomly generated and unguessable, however the password that encrypts the key is not unguessable. Running a password guessing program against the key would work, except that the hardware limits how many guesses can be tried over a period of time. What you could do is modify the hardware to allow guessing the password without the limits, but modifying the hardware is extremely difficult. I know that many years ago when I worked with machines intended to prevent tampering, they had light sensitive components that would wipe the key if exposed. There are doubtless other similar failsafes built into the hardware to prevent attempts to modify the components. For example, they might have a tiny drop of mercury enclosed in a thin plastic bubble surrounded by a mesh of wires that would cause a short which would wipe the keys if the equipment is crushed or sawed. So if those two things were known, working on the device without light while frozen might allow microscopic layers to be removed until the bubble and wire mesh can revealed. If I were trying to design a keystore, that's the sort of thing I'd do and I'd know it is theoretically possible, but practically impossible to modify the hardware without triggering a key wipe. I'm just theorizing about how Apple might approach the tech, but I'm confident that it's a fair analogy.
Apple can legitimately be compelled to provide documentation and expert consultants with the explanations on what can go wrong with each step with an encryption key recovery technique. It's likely that disassembling the hardware in the right ways and modifying it exactly right with just the right tools could give a modification allowing an attempt to brute force the password to retrieve the key. It is also likely that trying it could permanently destroy the key. If you have the steps and tools and information along with clear descriptions of what is likely to permanently destroy the keys and turn that over to the court, they'll likely screw it up, but Apple is off the hook.
I assume that physical access is sufficient to break into any system humans have the ability to use normally, particularly with a password. That doesn't mean I think it can be done with reasonable tools or normal methods. In fact, I expect it is very, very hard. Honestly though, it's all I really ask of any company I trust.
how do you show that you tried when it is something you cannot really show progress on until you succeed, and you do not have any ability to guarantee success?
The reason the fbi is blocked is because they don't know the passcode, and this would be equally true for Apple. Apple may be utterly unable to do anything that the fbi cannot do and may have even already tried
The judge may as well have told them to try and go faster than light. There are mathematical reasons why breaking encryption is hard, and being a big company with lots of money doesn't allow one to break the rules of mathematics
File under 'M' for 'Manic ranting'
The problem is that cryptography is mathematics and doesn't know the difference between criminals and innocent people.
It also doesn't know the difference between law enforcement requests to unlock the phone and criminal requests.
If they can get into a criminal's phone, they can get into anybody's phone. If they can get into anybody's phone, any criminal who gets the key can get into anybody's phone. As to "how likely is it for the criminals to get the keys?"... well, pretty much every system (FBI, DHS, Apple, etc) that could theoretically hold the keys has been breached at some point. Holding that capability also makes a huge target. So "Very Likely", even to the point that when things were previously unlockable, hackers were doing so already.
Thus it comes down to "Do you want to allow criminals to access your iPhone so that law enforcement can also access a criminal's iPhone?" at that level. And in the event that a smart criminal had an indication that Apple could defeat the encryption and lockout, they'd just store the important data in a place that no company controlled or had access to.
@Whee
> Except for the Criminal Rights crowd
You mean like the Son's of Liberty? THAT "criminal rights" crowd.
You're such an ignorant moron.
A Pirate and a Puritan look the same on a balance sheet.
Just so that the debate here is a little more well-informed:
The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
1) Disable the auto-erase feature
2) Allow the FBI to brute force submit password guesses to the phone, and
3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.
I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
You can see why Apple wanted to get very far away from the business of being in a position to be asked constantly by law enforcement to help decrypt its phones, just for the sheer volume of requests that will be coming if they do....
Apple devices from the iPhone 5s and onward use a "Secure Enclave" which is basically tamper-proof hardware key management.
This phone in question is the 5c, so Apple might actually be able to attack it. Unfortunately, this will make the judge think any iPhone can be attacked by Apple.
Although, I'm really not clear under what authority the Judge believes he has the power to compel Apple to do all this work against their business interests. It used to be they'd have to threaten, in secret, to put the CEO in prison to get this kind of cooperation. Now a judge just commands it? #ussa
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It will not. Even full fascism is not enough to screen people reliable in larger numbers. It can simply not be done. Trying to can cause an incredible amount of damage though, as the aftermath of 9/11 demonstrates very nicely.
The answer to crimes like these is resilience: Put them in context, see that they are not more tragic than if these people had been run over by cars (just as horrible, but accepted as an everyday risk), mourn them and move on. But do not panic and sacrifice a free society or give lying snake-oil vendors like the FBI or the NSA more power just because they claim they can do something. They cannot. But it is not required to do anything as these events are so exceptionally rare and society is not threatened by them at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is why you pay a team of lawyers to show what extravagant actions were done in order to comply with the court order, and convince the judge.
You act like a Federal Judge is a fucking moron or something. They may not understand technology, but they aren't stupid by any means.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.