DoJ Says Apple's Posture on iPhone Unlocking Is Just Marketing

New submitter kruug writes: The U.S. Department of Justice filed a motion seeking to compel Apple Inc to comply with a judge's order for the company to unlock the iPhone belonging to one of the San Bernardino shooters, portraying the tech giant's refusal as a 'marketing strategy.' The filing escalated a showdown between the Obama administration and Silicon Valley over security and privacy that ignited earlier this week. The Federal Bureau of Investigation is seeking the tech giant's help to access the shooter's phone, which is encrypted. The company so far has pushed back, and on Thursday won three extra days to respond to the order. Reader Lauren Weinstein writes of this tack: "The level of DOJ disingenuousness in play is simply staggering."

Apple - standing alone

[Swampash]

Assume that every other hardware manufacturer that is NOT getting threatened by the Federal Government has already rolled over.

Tim Cook: thank you. All you other bitches: FOAD.

Re:Apple - standing alone

[imgod2u]

That's actually exactly what Apple is saying and it's true: they can't access the encrypted data because they don't have the key.

What the FBI wants is for Apple to develop a hacked version of iOS that can be loaded onto the phone and allow external inputs to try different user unlock PINs as well as get rid of both the 10-attempts limit as well as the time-between-tries limit.

Obviously the existence of such a hack -- as well as the ability to load a locked phone with it -- is a dangerous tool that can be used on any iPhone. Apple isn't just refusing to hand such a thing over, they're refusing to even develop (or at the very least, acknowledge the existence of) such a hack. Thus discouraging any hackers from going "shit, it can be done, let's find out how!".

Re:Apple - standing alone

[MikeMo]

That's not the deal at all. Apple can't decrypt it. The FBI wants them to remove the safety measure where the phone will discard the encryption key altogether after 10 failed attempts at guessing the passcode.

Re:Apple - standing alone

[ooloorie]

That's the FBI's position. Apple says it can't be done.

That simply isn't true. Apple is facing a specific order to decrypt a specific iPhone in a specific legal case. If this can't be done, there is nothing for Apple to fight, because the court order only applies to this phone. The fact that Apple is fighting this order and is saying that they are refusing to develop an unlock tool implies that they believe it can be done but are simply refusing to do it.

Re:Apple - standing alone

[ooloorie]

That's not the deal at all. Apple can't decrypt it. The FBI wants them to remove the safety measure where the phone will discard the encryption key altogether after 10 failed attempts at guessing the passcode.

Yes, that is likely what this is about (see my other posting). And if they can push a software update with this safety feature to an existing phone without the user unlocking it first, then Apple's software is not secure. That's exactly my point.

That is, Apple is right that such an update would make future iOS devices much less secure, but what this whole spat reveals is that the current system is already not secure precisely because governments can make demands like the US government is making. That is, the fact that we're even having this debate is due to a bad implementation of cryptography on Apple iOS.

Re:Apple - standing alone

[ooloorie]

What the FBI wants is for Apple to develop a hacked version of iOS that can be loaded onto the phone and allow external inputs to try different user unlock PINs as well as get rid of both the 10-attempts limit as well as the time-between-tries limit.

Yes, that is probably what the FBI wants. My point is that if Apple can push such a software update to an existing phone without the user unlocking the device first, then iOS cryptography is broken already. And that is likely the case, because if Apple couldn't push such an update to an existing phone without unlocking it first, then it would make no sense for the court to try to force them to develop such an update, since the court can only order Apple to develop such a tool for a specific case, not for future cases that aren't before the court yet.

Re:Apple - standing alone

[__aaclcg7560]

Apple is facing a specific order to decrypt a specific iPhone in a specific legal case.

Apple has previously cooperated with warrants to unlock iPhones for the authorities, but that was before they changed the encryption method to better protect user data hackers and spies. If Apple develops an unlock tool for this specific case, what prevents it from being used for every legal case in the future?

I like the idea that no one — not even the government — can browse through the encrypted data on my iPhone. The Founding Fathers used encryption to protect their own communications from the British government. In fact, under some bills being considered by various national governments today, they would have gone to prison for using encryption technology.

Re:Apple - standing alone

[cfalcon]

> My point is that if Apple can push such a software update to an existing phone without the user unlocking the device first, then iOS cryptography is broken already.

You should look a bit more into it.

First, if we are talking CRYPTO, lets be real: a 4 digit passcode is triival to brute force. I don't care WHAT you use- Twofish/AES/Serpent in Veracrypt, I will absolutely break your 4 digit passcode in moments. Because it's a fucking FOUR DIGIT PASSCODE.

So, how does Apple try to secure this? The only way it can- with hardware. The crypto is 128 bit AES, so they aren't trying to attack that. Later versions of the iphone have secure hardware implement this sort of logic. The version in question actually IS less secure- it has software that does the task of the wiping. Apple is refusing to build and cryptographically sign software that will do it.

There's no cryptographic way to secure a 4 digit passcode, or a 6 digit passcode. It's physically impossible. Hence the use of hardware. If you have a serious crypto passphrase on your iphone- and you absolutely can- then the only way in is through the crypto, either the AES or the PBKDF2. It's not as strong as AES 256 XTS (because it is AES 128 XTS), but it is still considered unbreakable.

So don't talk shit about their crypto if their crypto isn't even up for debate. This is about a software workaround possible on an older model to brute force requests into the hardware that is expected to defend a 4 digit passcode against repeated attempts. The crypto isn't even in the conversation.

Re:Apple - standing alone

[cfalcon]

Again, the current system is secure if you trust the math only by using a crypto secure passphrase. If you don't, you MUST be trusting the hardware or software to guard against the brute force- really the wimp force, because 10k trials is nothing.

You can set up an alphanumeric passphrase of massive length under settings. Then you are secure against brute force no matter what, same as if you used it as your Veracrypt passphrase.

Re:Apple - standing alone

[phantomfive]

It can be broken by trying every possible 4 digit passcode

Re:Apple - standing alone

[Aighearach]

You accuse me of "misinformation," I'm throwing down the gauntlet on that! You're a liar to accuse me of that. If you disagree, disagree, don't make a false accusation.

You accuse me of "misinformation," and then you verify my statement! As you said, "firmware is just a piece of software." Right. Is a piece of software tied to one computer, or can it also be run on other computers? Is that indeed part of the nature of software?

You're saying that you believe that adding an ID check to the software source code somehow locks it so that it can only be used with one device. I'm a software developer, and I say you're full of shit and don't even realize that software can be easily altered later to work with a different ID. There is no way to "lock" it so that can't happen. Even if it is a compiled binary file, it is easy to find and replace the ID because they already know the ID of the phone it would be written for.

Don't claim I'm "spreading misinformation" when you don't even understand the details. Yes, I am saying it is "technically impossible" for Apple to write firmware that is locked to one device, because of the very nature of what software is. The only way that a piece of software can be locked to one device is if that device has a custom CPU and there are no other devices that can run the code. But iPhones don't come with individually customized processors, all the phones of the same model have the same processor and can indeed run each other's firmware.

Re:Apple - standing alone

[thegarbz]

What this comes down to is that iOS cryptography is vulnerable because their key management appears to be vulnerable.

Key management isn't vulnerable at all. Only the user's choices make it vulnerable. Just like if I run an SSH server with all the best encryption but the login is "root" and the password is "password", the underlying process isn't weak at all, only the user inputs are.

If you're worried set your unlock key on your phone to a passphrase and use 256 random characters. That choice is yours. If you still think it's insecure, then your can come back and complain about Apple's handling of it. But the reality is you'll come back and complain about how hard it is to access your own phone.

By the way my unlock code is 000000. 6 digit passcodes were enforced by my company. I hate having to type a password in to access my phone. Does that make my phone crptographically insecure? No it just makes me a stupid user with no idea (or maybe no desire) to secure my data.

Re:Apple - standing alone

[thegarbz]

The implementation of crypto is broken if it can be easily bypassed.

Yes, the crypto they are using is great, but the implementation of it is pointless if it is trivial to get around it.

I don't think you know what it is they are doing, or exactly what Apple's solution would provide them. I can tell when you use the words "easily bypassed" and "trivial". The ability to bypass the encryption is entirely dependent on the way the user has set this up. This is something that EVERY SINGLE ENCRYPTION SCHEME HAS IN COMMON.

Here's an encrypted string using a standard AES128 algorithm eith ECB:
e2 2f bd 90 28 ed fe c0 75 b3 89 bf 59 4f 7a 2e
a8 36 d3 af 9e b7 b8 bb 0e dd a0 06 24 46 2e ab

Now is it insecure because you have the ability to brute force it? Of course not. What if I told you I was a silly user and only used a single digit as input to the encryption key? Yes it's insecure but again this has NOTHING TO DO WITH THE METHOD OF ENCRYPTION.

The crypto is not easily bypassed by giving someone the ability to brute force the key, and comments like that show a lack of understanding of cryptography.

It's like encrypting your harddrive to keep your data safe, while downloading every piece of malware that every banner ad offers you. Works great in theory, but useless in practice. It's an exercise in splitting hairs to talk about how great your crypto is when your system is compromised in short order.

It's nothing of the sort. The malware presumably runs at the same time as the data on the drive is unencrypted. I.e. the system is only compromised by the fact that the user has chosen to decrypt the data and made it available to the malware. In this case you can load as much firmware, malware, magic funny 1s and 0s onto the device as you want, it won't be any less encrypted as a result.

Re:Apple - standing alone

[thegarbz]

It's a 4 digit passcode to get past the lock screen.

Yes and my above encrypted code has a single character as the encryption key. I'm still waiting for you to tell me how that means the encryption is broken. Just because the USER OPTED to use a 4 digit pass code doesn't mean that Apple is creating a back door to its encryption by allowing the brute force of the login. If the USER OPTED to use a 256 character passphrase the FBI can brute force away until all people associated with the case have long passed off this mortal coil.

So I will say it yet again, this has nothing to do with backdooring the encryption.

Re:Apple - standing alone

[cfalcon]

Well, Apple has been trying to address this with every hardware rev. Later ones have enforcement in the secure enclave. This attack would absolutely not work on the 6 and 6s, but Apple has implied that there's still some way even there- I bet you see that patched in a later version.

LUKS doesn't force you to not use a 4 digit PIN. Does LUKS suck? Veracrypt will let you use a 1 digit passphrase too. Does Veracrypt suck?

You just implicitly shit on the best crypto engines in the world in the process of finding something about Apple to hate. Yuk yuk yuk, good joke.

it's sort of true

[phantomfive]

On the one hand, Apple tried to make a deal and keep the whole thing secret. So that makes it seem like Apple was willing to go along (for at least this one case) as long as it was kept quiet.

On the other hand, it doesn't really matter. If Apple is doing it as a publicity stunt, then it's doing it because the customers want it. Frankly that's better than a corporation trying to "do the right thing" that people don't want.

Re:it's sort of true

[phantomfive]

Here is the quote:

The FBI then made its tailored request, which Apple asked to be placed under seal, according to the New York Times. Instead, the FBI went public, setting off the high-profile drama

How did they try to keep that secret?

[SuperKendall]

Apple did nothing to keep this secret. It's already known they have assisted the FBI before.

Instead what happened is no-one cared, not even Apple, until the FBI demanded essentially that Apple break hardware security. That is where Apple drew the line; that is what brought all of the attention to bear.

Re:How did they try to keep that secret?

[j-turkey]

That turns it into a comedy - the FBI going public and then accusing Apple of doing it for publicity. Did they employ some clowns thrown out of the NSA after Snowden or something? It sounds like something the Star Trek Set guy would do.

Sort of...the FBI didn't do it for publicity. They did it to set precedent, and this case was chosen very carefully by the DoJ in order to achieve this (by tugging at heart strings and a sense of panic in the wake of terrorism). There are plenty of other investigations that they could have made similar demands under. If Apple cooperated with the FBI and it was done under seal, then it could not be used as precedent to use the courts to force Apple to do the same in future cases.

stating the obvious

[xfizik]

Give me a break. Who would be naive enough to think Apple would refuse to cooperate with the U.S. government in such a case? Yes, they'll "refuse" on public, get some headlines for "standing up for privacy" and then quietly do what they were told one way or another.

Can someone explain why the FBI needs Apple?

[sheetsda]

The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?

Re:Can someone explain why the FBI needs Apple?

[sheetsda]

Excuse the reply to my own comment...

After further thought I think I have my answer, barring some more plausible answer from the community: They don't want an Apple tool so they can crack this guy's phone, he's just politically convenient leverage to get the tool made.

Re:Can someone explain why the FBI needs Apple?

The data is encrypted using a key fused into the hardware processor. The key is in hardware and not readable. The key is not the 10 digit pin. The 10 digit pin and the encrypted contents are sent to the hardware chip and a decryption attempt is made. The results of that are sent back. If the user fails to decrypt the data within 10 attempts the encryption key in HARDWARE is wiped out making the user brute force AES 256 on the data instead of the 9999 possible pin combinations.

The hardware encryption chip would need to be copied as well as the data. Copying the data alone gives you nothing but random bits of AES 256 encrypted data. Putting that on a phone emulator or another phone will never work unless the unique key in hardware is known and that cannot be read.

Re:Can someone explain why the FBI needs Apple?

[penguinoid]

The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?

What you're missing is that Apple engineers aren't idiots, and spent more than the 5 seconds you did thinking of their security. Specifically, half the key is embedded in the hardware and would require some super expensive reverse-engineering to extract.

Meanwhile, the government is making a big fuss about this because what they really want is the ability to crack iPhones in general, preferably remotely, automatically, and without a warrant. They already know who the guy was talking to. But there likely won't be such a good opportunity to set precedent as with this case, not for a loooong time.

Re:Can someone explain why the FBI needs Apple?

[Cramer]

(a) It's evidence. They cannot "drill into it".
(b) Apple designed to the processor to resist such attempts. (it's actually codified in FIPS-140 standards) It's hardened against x-ray imaging.

Re:Can someone explain why the FBI needs Apple?

[Anubis+IV]

The device in question relies on the OS itself to handle the wiping and rate limiting. As such, a malicious OS update could be crafted that removes those safeguards, allowing the passcode to be brute forced. Later devices have dedicated hardware that manage those features, meaning that a simple OS update would be insufficient. You'd also need to update the firmware on the dedicated hardware (i.e. The Secure Enclave).

They're correct - because it's about survival

[FireballX301]

Apple knows that complying with this order will essentially destroy most, if not all of their overseas business. If they comply with this order, they will lose anyone who is even remotely suspicious of US govt motives; this includes literally billions of non-Americans around the world. The net result would simply be people moving to phones that are perceived as more secure, there's an easy market opportunity for a non US based company to put out 'secured' phones (for example, a phone that rejects all firmware updates in addition to the secure area tech) and gain all the business that Apple would lose.

The question is, of course, if the government knows this, and I'm pretty sure the law enforcement/'intelligence' personnel here are so scoped into their mindset that they're totally unaware of this, and would reflexively brush it off as hyperbole (hint it isnt).

Re:They're correct - because it's about survival

[FireballX301]

The average person might not give a fuck, but iPhone buyers outside US/EU are not average - they tend to be well off, or enterprise customers (who I can assure you will care very much so about this). More importantly, it'd be very easy for governments to spin this against the US and Apple - how easy would it be for the PRC to talk about how the US is spying on China, and mandate that all Chinese citizens/enterprise buy Xiaomi?

You minimize the impact at your own peril.

Re:They're correct - because it's about survival

[DutchUncle]

I suggest that the law enforcement personnel ARE aware of the issue. Even as NYC police had a press conference pointing out how many cases were blocked because of inaccessible information on smartphones, and the commissioner was blasting Apple's current policy, a subsequent speaker (a prosecutor?) was careful to point out that Apple had formerly cooperated in such cases, and that a narrow set of conditions including a properly-executed court order to work on a single phone at a time for a single case is VERY DIFFERENT from a generic backdoor. I'm betting that something along these lines will become the court-ordered compromise: isolated workspace, isolated cases, some kind of open oversight (like normal search warrants and court orders, not the NSA secret rubberstamp court). Practical side: DoJ doesn't want to be blamed for killing the biggest tech company or crashing the stock market.

They are probably right

[taustin]

Seems likely, anyway. On the other hand, the FBI's posture is just a constitutional overreach and attempt to institutionalize the ignoring of due process, so they're about even.

Re:Why is Apple acting like obstructionist...

[__aaclcg7560]

The keys on the new phones are only five digits. They should be able to find the key in a matter of seconds.

Except you have only ten attempts to enter the correct five digits before the data is automatically wiped. A security feature that prevents a brute force attack to unlock the iPhone.

Re:What Apple should do at this point

You can't clone the hardware chip with the encryption key. Isn't this supposed to be a tech site?

Re:If the security is done correcty

[koreanbabykilla]

They dont need a warrant, The phone in question was his work phone. He worked for the government.

Re:something fishy about iOS encryption

[AchilleTalon]

We are talking about a iPhone 5c. You should read this for more about the actual reason FBI is asking Apple to perform the decryption of the iPhone.

Re:something fishy about iOS encryption

[BitZtream]

No, Apple isn't saying they could get access to the encrypted data.

The FBI is asking for apple to give them a version of the software that doesn't have the delay between password attempts and doesn't wipe the device after a certain number of tries.

Neither of these things mean it 'isn't encrypted properly', they in fact are an example of it working as it should.

To go further into your comments:

The FBI request won't work however for one glaring reason: You can't update a locked device without unlocking it because THE DEVICE REJECTS THE UPDATE REQUEST.

Apple designed it that way, intentionally.

You can wipe the device clean and put new software on it, but you still won't get at the data cause the device itself deletes it first, THEN starts the update process.

So basically, what you're saying about 'how it should be' is really 'how it is' and the FBI request is bunk.

Re:Which part of Get A Warrant don't the Feds grok

[DutchUncle]

They HAVE a court order. Apple is arguing that the court order is like a military draft, forcing Apple to become an agent of the security agencies, and incidentally costing them something at the same time. I'm betting this will go all the way up to the Supreme Court, by which time some kind of "secure facility" compromise (and remuneration agreement) will have been prepared in the background.

Re:something fishy about iOS encryption

[ooloorie]

Yes, Schneier's article is essentially correct as far as it goes. He believes that the problem with the iPhone is a lack of code signing. But there is a more fundamental problem. Normally, Apple seems to require a password for updating the phone software. But it appears that Apple has ways of altering the phone software of a locked, encrypted phone even without unlocking it first, otherwise the FBI demand would make no sense in regards to the San Bernadino phone. That means that there must be an existing, gaping security hole in iOS. Code signing would fix this problem either, since the FBI could always order Apple to sign a software update.

Action vs No Action

[duckintheface]

It is not a crime to do nothing. If Apple already has a key, they can be compelled under discovery to turn it over. But they can't be compelled to create one if it does not exist. You can't require someone to act against their will. That is called slavery.

Re:Action vs No Action

[Aighearach]

The attempt to argue it that generally fails, because there is precedent for purely commercial action; for example, during WWII farmers were required to grow certain crops, or else turn their farmland over to somebody willing to grow it. It may also be true that there are additional elements of the thing called "slavery" than just being compelled to do a thing you didn't want to do. If somebody is kidnapped, and rescued an hour later, and during that hour they were forced to take money out of an ATM, is it fair to claim they they are now slaves, they are now property? Or are they merely a crime victim, and not actually slaves? Is a person who is sentenced to a work camp for a month now a slave?

It is more useful here to note that the compelled action would be the creation of a copyrighted product, and that means they are attempting to compel new speech that matches their goals, even though they admit the proposed speaker doesn't want to say those things. For that, the precedent goes very much in a different direction than the over-broad analysis. Further, the new product would actually harm their existing product, and the FBI admits that there would be harm accidentally by claiming that Apple's position is "PR" to try to get customers. Darn straight they want their speech to speech that gets them customers, and they may indeed have that right.

This is an inanity by a "magistrate" judge, somebody who job is supposed to be to rule over the routine paperwork stuff because there are too many cases for the real judges that preside over trails to stamp everything. There is no actual chance of this standing, because the appeals courts only contain real judges, and the higher things get, the more serious the analysis given is. The US legal system is constantly correcting these absurdities from the trenches, it is just part of the process of having an independent judiciary.

Re:brute brute

[larkost]

The data on the chips is encrypted with AES. No-one has the computational power to try all possible AES keys, or even a reasonable fraction of them. Unless there are unknown weaknesses in AES, then some have speculated that it is not possible to try all combinations using all computers on earth through the heat-death of the universe.

The key to that encryption is in hardware on the phone, is unique to that phone, unknown to Apple or any of its suppliers, and is not recoverable (try to get at it physically and you will certainly destroy it). That hardware will take a 6-digit code, and then spit out the correct encryption key. The FBI is attempting to force Apple to create new firmware that will de-fang both the key-entry delay, as well as the 10-tries and I erase the key code that protects this hardware from brute force attacks (since 999,999 entries are within the realm of brute force).

Re:Which part of Get A Warrant don't the Feds grok

[WillAffleckUW]

Because it's a 'give us everything we might feel like' court judiciary order, not a panel of federal judges limiting the search appropriately.

Let me put this simply for you. The Constitution allows me to only search your home. Or your car. Or your phone. Or your kid's backpack. But I have to specifically limit what I ask for, and for each thing, I need a legal reason to search and I can't just EMPTY YOUR HOUSE, YOUR CAR, YOUR PHONE, AND YOUR KIDS BACKPACKS and use all of it to find anything I feel like. I have LIMITS.

The problem is Apple is saying "where is the limited court order" and the Stasi is saying "we want to take everything and not tell you what it's for and why we need it" and then they burn your house and your car down and sell your kids' backpack contents on eBay in Japan.

Do you get it NOW?

Re:The phone belongs to the county, not the shoote

[Fallen+Kell]

For which San Bernadino is then looking stupid for not placing the phone under some kind of enterprise mobile device control allowing the true owners the ability to unlock the phone and read the contents.... This is why none of the news and 3 letter agencies are stating the real fact of ownership, because then they look inept for not doing basic device control.

Re:A Lose-Lose Proposition

[sexconker]

Life in prison, in solitary confinement in a basement if you don't reveal your passwords and encryption keys

That's just as wrong as what they're trying to do now.

Re:And DoJ has our best interests at heart

[FlyHelicopters]

As long as the DoJ request is to decrypt this *one* iPhone, and tools to do are not permanently given to the FBI, why would Apple fight against doing good.

1. Do you honestly think the FBI won't end up with their hands on that tool, sooner or later?

2. Do you honestly think the Chinese government, or the Russian government, won't insist on having it, if Apple wants to sell phones there?

Road to hell, good intentions, and all that...

DoJ Spinning

[blavallee]

The FBI made this issue public.
Trying to make Apple look like the bad guy, to generate public sympathy.

Have I said thanks?

[Impy+the+Impiuos+Imp]

> just marketing

Yes, much like your instructions to create a 1984-like warrantless panopticon is just political marketing by politicians preening in front of voters.