Slashdot Mirror

← Back to Stories (view on slashdot.org)

Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com)

Posted by whipslash on from the slippery-slope dept.

An anonymous reader writes: After a couple shot 14 people in San Bernardino, CA before being killed themselves on December 2nd, the authorities recovered a locked iPhone. Since then, the FBI has complained it is unable to break the device's encryption, in a case that it has implied supports its desire for tech companies to make sure it can always have a way in. Today the Associated Press reports that a US magistrate judge has directed Apple to help the FBI find a way in. According to NBC News, the model in question is an iPhone 5c, but Apple has said that at least as of iOS 8 it does not have a way to bypass the passcode on a locked phone.

36 of 610 comments (clear)

  1. I can see it now... by ZorinLynx · · Score: 5, Insightful

    "Judge orders arsonist to unburn-down house"

    Good luck with that.

    1. Re:I can see it now... by binarylarry · · Score: 4, Funny

      Its pretty trivial to use this technique with Visual Basic, once you've identified the iOS device's IP address, you're home free.

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:I can see it now... by Areyoukiddingme · · Score: 4, Interesting

      ...and, as I understand it, the IP Address is 512.276.128.17.

      I've noticed TV shows lately have started using the non-routeable class Cs, rather than completely invalid IP addresses. Which actually makes very good sense, since the 555 telephone exchange is the direct equivalent.

    3. Re:I can see it now... by hawguy · · Score: 4, Informative

      2. That really shouldn't be that difficult for the company that manufactured the thing.

      Would you expect a safe manufacturer to be able to easily crack open a random safe they manufactured? If so, why? If not, why do you think encryption for a mobile device should be any different?

      The company that installed our safe said they could open it when we asked what would happen if we lost the combination. They said "No problem, we'll just bring in a cutting torch and grinder and a few hours later we'll have it open. You'll need to sign a waiver first absolving us of any damage to the room."

    4. Re:I can see it now... by mattventura · · Score: 4, Insightful

      Presumably, the decryption key is stored somewhere on the device, but it in turn is encrypted with the phone's passcode. The security system deletes the key if you enter too many incorrect passcodes, but if they were able to extract the encrypted key from the phone, they could brute force it easily since there's only 10^n codes for a numeric passcode.

    5. Re:I can see it now... by TsuruchiBrian · · Score: 4, Insightful

      You can crack encryption the same way, except instead of taking a few hours with cutting torches, it takes hundreds of billions of years of computer computing clusters working well after the human race is extinct. Neither solution gives the inventor of the security mechanism much more of an advantage.

    6. Re: I can see it now... by Anonymous Coward · · Score: 5, Funny

      They want to make it somewhat realistic ...

    7. Re:I can see it now... by basecastula+ · · Score: 4, Insightful

      What more does the FBI want? The suspects are dead. Stop spending money on diminishing returns.

    8. Re:I can see it now... by zugmeister · · Score: 5, Informative

      Hardware key storage should wipe itself after so many failed attempts.

      /sigh, RTFA... This is exactly what happens after 10 bad entries. So the gov't wants Apple to write them software to let them bypass the wipe and continue brute forcing the unlock code.

    9. Re:I can see it now... by ShaunC · · Score: 5, Insightful

      Presumably they want info on who they where talking to. If the shooters had accomplices, the FBI wants to know who they are.

      If only we had an agency who is (lawfully or otherwise) intercepting every electronic signal known to mankind, who could be consulted when national security concerns arise...

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    10. Re:I can see it now... by meerling · · Score: 4, Informative

      I've done tech support for certain security products, and your probably right on the money there. You'd be amazed how many people are absolutely positive that you have a 'secret' backdoor to get past your security program. You wouldn't believe some of the arguments I've been subjected too over that. People just believe hollywood too much over reason. Any security program that has a backdoor access is NOT SECURE ! If the users neglected to make their emergency unlock disk, or lost it, they were totally screwed. Time to nuke & pave.
      As it happens, I don't support or have an iphone, so I have no idea what apple does, but I find it very plausible that there is absolutely nothing they can do, especially if they got pissed at their treatment early and removed any method they previously had to unlock it, even if it was for the cops when they have a proper warrant for the information. In which case, don't forget your key or it's toast.

    11. Re:I can see it now... by AaronW · · Score: 5, Interesting

      It should be possible to bypass the erase operation with physical access to the device. Most NAND devices have a write protect pin which when pulled low will disable program and erase operations.

      It may also be possible to add a socket and duplicate the encrypted flash chip so that the original is never in the phone. This could be complicated if the flash device supports a unique ID and the encryption platform makes use of it. I could think of several ways to bypass even that though. One way is to use an FPGA to create a flash emulator that can simulate the NAND device. One other advantage of this is that it could guarantee that the data is never erased. The encryption hardware itself must also store the number of authentication attempts in some non-volatile storage. Usually this would be on another chip or die since it's still not very common to mix flash and logic on the same chip.

      Unless the encryption and erase functionality is built into the Toshiba NAND device Apple uses it should be possible to pop the NAND device and use an FPGA and/or other hardware for forensic purposes since the iPhone is not built to FIPS standards (which usually pot the boards in epoxy and provide a number of methods to prevent physical intrusion).

      Even the secure keys that are not known by Apple should be accessible with physical access to the device. It's expensive, but it should be possible to read the blown fuses by digging through the layers if the exact location is known on a chip.

      https://media.blackhat.com/bh-...

      --
      This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
    12. Re:I can see it now... by TechyImmigrant · · Score: 4, Interesting

      You are describing some aspects of my day job. I know the statistics of these operations.

      Replacing a BGA is one thing. Pulling a BGA, depackaging it and FIBing it is likely to fail. This isn't a problem if you can just do 10 and pick the ones that work. But if it's a single chip from a single phone, the odds are not good.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    13. Re:I can see it now... by TechyImmigrant · · Score: 4, Insightful

      Isn't this the exact attack that physical anti-tamper is meant to defeat?

      It is one attack model that an anti tamper system might be designed to resist. However it is also an attack model that some systems choose not to defend against in a simple cost/benefit analysis. If the secret on the chip has a commercial cost less that the cost of the attack, then why defend against it? The gear to mount a FIBing attack is millions of dollars. Paying a reverse engineering company is less, but > $10E6. This is related to whether or not your system has BORE properties (Break One, Reuse Everwhere).

      This does not apply here. The perception of the worth of product like a smartphone can be very tied up with perceptions of how secure it is, and being required to pull the rabbit out of the hat by a court and then you actually unlock a phone you claimed you can't unlock, then that might well destroy those perceptions of security and cost a lot in lost sales. So designing it so you can't yourself defeat the security you put in is the only sane option.

      The court order presumes that the auto erase functionality can be bypassed with software to be provided by Apple. This is likely be unbypassable either because the key management system is enforcing the retry limit in hardware or protected firmware, away from the main application code, or the software that does it simply doesn't have a back door.

      The company I work for is in the same position. We can't and won't put in back doors because being found to have lied about the security of the devices would be an existential threat to the company. That doesn't stop people who don't know lying on the internet, claiming we put in back doors, but it's not a rational thing to do.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    14. Re:I can see it now... by v1 · · Score: 4, Informative

      They don't need to go that far. They just need to update the iPhone's operating system with an insecure version. The iPhone will update itself with whatever software Apple tells it to.

      I support the full line of Apple prodcuts at work so I have a slightly better understanding of how this process works.

      Unlike firmware updates on many devices, and older Apple iOS devies, the new ones require the firmware to be "signed", each time it is installed. This means the device will roll up its own salt, and will send a request to Apple's Firmware Signing Server. This server uses the salt and the checksum on the fimware to generate a verifiable cryptographic signature, using public key tech. iTunes sends this signature back to the phone during the restore. If it's invalid, the phone's hardware will refuse to install it. (iTunes normally will prevent it sooner, but this is assuming you have hacked iTunes, no easy task)

      Around 1-2 weeks after Apple releases a new iOS, they stop signing the old one. This prevents you from downgrading your phone's firmware. It doesn't matter if you've already downloaded and kept a copy of it. Apple won't sign it with the new salt the phone is going to generate during the installation process. So users cannot hack the firmware OR install an older version to take advantage of a patched bug.

      BUT... Apple has the secret part of the key for signing. They can roll their own custom firmware, sign it, and using a well-known public process, select the firmware and upload it. Their key servers will sign it, and the device will accept it. If Apple really wanted to fullly cooperate, it would be trivial to do. The new "security enclave" prevents them from simply ignoring the pin or displaying it on the screen, but it's possible that one or more of their requests could be accomodated. It really depends on how the SE is designed. If it's designed well, and I think we can assume it is, (they're not morons, and they have a functionally unlimited budget for such a minor thing) we should assume the SE does rate limiting in hardware. (usually via MANY hashes to dig down to the key) which is not bypassable unless you can rip the data from the hardware and feet it into a supercomputer. The USB/BT code entry is probably doable since its outside the scope of the SE. The master key should be stored inside the SE so software can't get around that.

      End game: to give them what they want will require physical hacking of the SE, to recover the encrypted key and the internal salt the SE has generated for it, and feeding that data into an emulator for the SE (or a physically redesigned/hacked SE) that can work the passcode. The hardware on the phone itself right now CANNOT be used to recover the passcode. The FBI doesn't want to break the chip trying to recover the data. They have the techniques but (A) there's a good chance they break it and they get just one try, and (B) this will go a lot faster with Apple cooperating on bypassing the SE. (they can probably still DO it, they may even have the process already developed, but it will probably be faster with Apple's cooperation)

      That leads us to another point... what if they already can access the data, or have accessed the data, and this is just a show? It's been said that the best form of deception is making your opponent believe you have fallen for his deception. Right now the terrorists are keeping a close eye on this case, trying to decide whether it's a "good idea" to use the iphone. If Apple gives them the finger, (and I hope they do) and the FBI shrugs and goes away moping, and suddenly has a breakthrough a few months from now from a "classified source", well, guess what. And that, sir, is where all my chips are placed.

      Remember, this is one case. You have to think BIG. You have to think long term. This is neither of those things. The FBI either already has this data, or will have it before th

      --
      I work for the Department of Redundancy Department.
  2. Where's my tinfoil hat? by ptaff · · Score: 4, Insightful

    I wouldn't be surprised if this was nothing more than a joint PR stunt to mislead people into assuming privacy on their cellphone so they wouldn't be afraid to use it for sensitive information. Government has nothing to win by disclosing they have a backdoor, neither does the cellphone manufacturer. Even thinking lo-fi decryption, how long must the passcode be before brute-forcing gets more inconvenient for the government than for the user?

    1. Re:Where's my tinfoil hat? by TsuruchiBrian · · Score: 5, Insightful

      Apple has nothing to gain (and everything to lose) by actually having a back door. Apple doesn't make money by spying on people.

  3. Let's also order the gun manufacturer by Anonymous Coward · · Score: 5, Funny

    to revive the dead people.

  4. The code is.... by ChadSmith4920 · · Score: 4, Funny

    Unlock code: 072 (Virgins)

  5. It's easy Mr Judge by penguinoid · · Score: 4, Insightful

    All you gotta do is put the password here and it opens right up. What's that? You don't know the password? Neither do we.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  6. What if Apple cannot access the info? by mark-t · · Score: 4, Interesting

    Is it contempt of court to refuse to try and do something that one already knows they cannot possibly do?

    --
    File under 'M' for 'Manic ranting'
    1. Re: What if Apple cannot access the info? by MachineShedFred · · Score: 4, Insightful

      This is why you pay a team of lawyers to show what extravagant actions were done in order to comply with the court order, and convince the judge.

      You act like a Federal Judge is a fucking moron or something. They may not understand technology, but they aren't stupid by any means.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
  7. Re:The deed is done by wickerprints · · Score: 4, Insightful

    It stands to reason that the purpose of trying to decrypt the phone after the event, and after the death of the perpetrators, is to see if there might be any information that might implicate other individuals as accomplices or sympathizers, so that those individuals can be investigated. But if it is not possible for Apple to decrypt the phone, then other avenues of investigation will need to be considered.

    Of course, mathematics being what it is, and lawyers and judges being who they are, it is not the least bit surprising that the latter should be ignorant of the former. It's a unique form of hubris to think that one can somehow circumvent a secure cryptographic system by the mere force of law, as if jurisprudence supersedes mathematical truth.

  8. Re:The deed is done by Lumpy · · Score: 4, Insightful

    Or you know the FBI can look through all the phone records and use their other sources of information. These people had twitter, they know that, they can also easily find their email accounts.

    It's the FBI being whiney.

    --
    Do not look at laser with remaining good eye.
  9. Re:Huh? by adamstew · · Score: 5, Informative

    You mistake an iPhone's unlock code with the iPhone's encryption key. the iPhones do typically use a 4-6 digit pin as an unlock code. The user also has the ability to create a full alphanumeric password for the unlock code as well. However, that is simply the code that's used to unlock the actual full encryption key that is stored within dedicated crypto hardware. Apple uses a dedicated chip to store and process the encryption. They call this the Secure Enclave. The secure enclave stores a full 256-bit AES encryption key.

    Within the secure enclave itself, you have the device's Unique ID (UID) . The only place this information is stored is within the secure enclave. It can't be queried or accessed from any other part of the device or OS. Within the phone's processor you also have the device's Group ID (GID). Both of these numbers combine to create 1/2 of the encryption key. These are numbers that are burned into the silicon, aren't accessible outside of the chips themselves, and aren't recorded anywhere once they are burned into the silicon. Apple doesn't keep records of these numbers. Since these two different pieces of hardware combine together to make 1/2 of the encryption key, you can't separate the secure enclave from it's paired processor.

    The second half of the encryption key is generated using a random number generator chip. It creates entropy using the various sensors on the iPhone itself during boot (microphone, accelerometer, camera, etc.) This part of the key is stored within the Secure Enclave as well, where it resides and doesn't leave. This storage is tamper resistant and can't be accessed outside of the encryption system. Even if the UID and GID components of the encryption key are compromised on Apple's end, it still wouldn't be possible to decrypt an iPhone since that's only 1/2 of the key.

    The secure enclave is part of an overall hardware based encryption system that completely encrypts all of the user storage. It will only decrypt content if provided with the unlock code. The unlock code itself is entangled with the device's UDID so that all attempts to decrypt the storage must be done on the device itself. You must have all 3 pieces present: The specific secure enclave, the specific processor of the iphone, and the flash memory that you are trying to decrypt. Basically, you can't pull the device apart to attack an individual piece of the encryption or get around parts of the encryption storage process. You can't run the decryption or brute forcing of the unlock code in an emulator. It requires that the actual hardware components are present and can only be done on the specific device itself.

    The secure enclave also has hardware enforced time-delays and key-destruction. You can set the phone to wipe the encryption key (and all the data contained on the phone) after 10 failed attempts. If you have the data-wipe turned on, then the secure enclave will nuke the key that it stores after 10 failed attempts, effectively erasing all the data on the device. Whether the device-wipe feature is turned on or not, the secure enclave still has a hardware-enforced delay between attempts at entering the code: Attempts 1-4 have no delay, Attempt 5 has a delay of 1 minute. Attempt 6 has a delay of 5 minutes. Attempts 7 and 8 have a delay of 15 minutes. And attempts 9 or more have a delay of 1 hour. This delay is enforced by the secure enclave and can not be bypassed, even if you completely replace the operating system of the phone itself. If you have a 6-digit pin code, it will take, on average, nearly 6 years to brute-force the code. 4-digit pin will take almost a year. if you have an alpha-numeric password the amount of time required could extend beyond the heat-death of the universe. Key destruction is turned on by default.

    Even if you pull the flash storage out of the device, image it, and attempt to get around key destruction that way it won't be successful. The key isn't stored in the flash itself, it's only stored within the secure enclave itself which you can't remove the stora

  10. Re:The deed is done by KitFox · · Score: 4, Insightful

    The problem is that cryptography is mathematics and doesn't know the difference between criminals and innocent people.

    It also doesn't know the difference between law enforcement requests to unlock the phone and criminal requests.

    If they can get into a criminal's phone, they can get into anybody's phone. If they can get into anybody's phone, any criminal who gets the key can get into anybody's phone. As to "how likely is it for the criminals to get the keys?"... well, pretty much every system (FBI, DHS, Apple, etc) that could theoretically hold the keys has been breached at some point. Holding that capability also makes a huge target. So "Very Likely", even to the point that when things were previously unlockable, hackers were doing so already.

    Thus it comes down to "Do you want to allow criminals to access your iPhone so that law enforcement can also access a criminal's iPhone?" at that level. And in the event that a smart criminal had an indication that Apple could defeat the encryption and lockout, they'd just store the important data in a place that no company controlled or had access to.

    --

    @Whee

  11. Re:4 Digit Pin? by Anonymous Coward · · Score: 5, Informative

    No problem. 0000. Nope. 0001. Nope. 0002. Nope...

    0009. Too many invalid password attempts. Full disk encryption key has been erased. Initiating factory reset of device...

  12. Re:The deed is done by jedidiah · · Score: 4, Insightful

    > Except for the Criminal Rights crowd

    You mean like the Son's of Liberty? THAT "criminal rights" crowd.

    You're such an ignorant moron.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  13. Re:Huh? by whipslash · · Score: 4, Informative

    Haha well... have you seen any APK spam lately?

  14. read the Ex Parte DOJ filing for the correct story by supernova87a · · Score: 4, Insightful

    Just so that the debate here is a little more well-informed:

    The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
    1) Disable the auto-erase feature
    2) Allow the FBI to brute force submit password guesses to the phone, and
    3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.

    I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.

    You can see why Apple wanted to get very far away from the business of being in a position to be asked constantly by law enforcement to help decrypt its phones, just for the sheer volume of requests that will be coming if they do....

  15. Re:The deed is done by spire3661 · · Score: 5, Interesting

    The right to encryption and by extension privacy is more important than any one crime. The State has to accept its limitations, not wail and moan about how its 'not fair' they cant have absolute control over humans. Some things are beyond government's reach, accept it.

    --
    Good-bye
  16. Re:On-device key useful for secure deletion by bill_mcgonigle · · Score: 4, Insightful

    Apple devices from the iPhone 5s and onward use a "Secure Enclave" which is basically tamper-proof hardware key management.

    This phone in question is the 5c, so Apple might actually be able to attack it. Unfortunately, this will make the judge think any iPhone can be attacked by Apple.

    Although, I'm really not clear under what authority the Judge believes he has the power to compel Apple to do all this work against their business interests. It used to be they'd have to threaten, in secret, to put the CEO in prison to get this kind of cooperation. Now a judge just commands it? #ussa

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  17. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  18. Re:Huh? by wickerprints · · Score: 5, Informative

    That isn't correct, according to the white paper:

    "The backup set is stored in the user’s iCloud account and consists of a copy of the user’s files, and the iCloud Backup keybag. The iCloud Backup keybag is protected by a random key, which is also stored with the backup set. (The user’s iCloud password is not utilized for encryption so that changing the iCloud password won’t invalidate existing backups.)

    While the user’s keychain database is backed up to iCloud, it remains protected by a UID-tangled key. This allows the keychain to be restored only to the same device from which it originated, and it means no one else, including Apple, can read the user’s keychain items.

    On restore, the backed-up files, iCloud Backup keybag, and the key for the keybag are retrieved from the user’s iCloud account. The iCloud Backup keybag is decrypted using its key, then the per-file keys in the keybag are used to decrypt the files in the backup set, which are written as new files to the file system, thus re-encrypting them as per their Data Protection class."

    The relevant sections begin at page 38, in which the paper discusses iCloud, Apple ID, and general Internet Services security. Your misunderstanding stems from the mistaken belief that you can just "restore" the iCloud backup of your phone to a new device. But to do this, you need access to the user's Apple ID password. If two-step verification is turned on, Apple definitely has no way to circumvent this.

  19. Re:read the Ex Parte DOJ filing for the correct st by wickerprints · · Score: 4, Informative

    After reading Apple's iOS Security Guide white paper, it is doubtful that Apple can write any kind of software to load onto the device to permit any of those options. This is because once the device is locked, it will not install any updates to the operating system. The boot firmware is already installed and automatically runs when the device is turned on. Updating the operating system requires the device password. These functions are cryptographically secured. See the section "Keybags," subsection "Escrow Keybag" in the paper. The auto-erase and time delay features are enforced by the Secure Enclave in hardware, and cannot be circumvented.

  20. This is why Touch ID is a problem by nbritton · · Score: 4, Informative

    If the iPhone 5c had Touch ID this wouldn't be a problem, they could just use the persons finger to unlock the device. This illustrates why Touch ID is a bad idea if you care about your privacy. Since we only have ten fingers and the auto erase doesn't activate until after 10 failed attempts, the only thing needed to get into a Touch ID phone is a court order. The Fifth Amendment protection against self incrimination only applies to the contents of your mind, it's established precedent that it doesn't apply to your body (i.g. blood, DNA, finger prints, etc.) or property.