Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoJ Wants Apple To Decrypt 12 More iPhones (macrumors.com)

Posted by timothy on from the but-each-one-is-a-one-time-exception dept.

tlhIngan writes: The Wall Street Journal (paywalled) is reporting that the Department of Justice is seeking Apple's help in decrypting 12 other iPhones that may contain crime-related evidence. The cases are not identified, though a list of the 12 phones in question has come out, but it is not known what level of Apple assistance is required (i.e., how many of those cases are waiting on the FBI request for special firmware to be developed and to be used on "one more phone"). It appears Tim Cook's assertion that hundreds of requests are waiting on this software may not be a fabrication, and the goal is not about just one phone, but to set a precedent to unlock more phones. As TechDirt (which also lists those 12 cases, a list which certainly does not encompass all the phones the Feds would like to peer into) puts it, "[O]nce again, Director Comey was flat out lying when he claimed the FBI has no interest in setting a precedent."

5 of 285 comments (clear)

  1. Bruce Schneier says by Okian+Warrior · · Score: 5, Interesting

    My go-to person for security issues is Bruce Schneier. Here's what he says about the issue:

    The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.

    He elaborates on this in another section:

    This is an existing vulnerability in iPhone security that could be exploited by anyone.

    There's nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There's every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple's code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.

    The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked. IOW, the user is presented with an alert, and the user must type in the passcode before the update is applied.

    This would seem to solve the problem for future releases, Apple could legitimately say that there's no way to unlock the phone.

  2. Re:Hipster Terrorist? by clodney · · Score: 4, Interesting

    Where I think this is going to get interesting is what happens next.

    From my perspective, and I assume from Apple's, they have a security vulnerability in the current version of iOS: anyone with the Apple signing key can sign firmware, which can then be loaded onto the phone without unlocking the phone first. This custom firmware can then defeat the measures designed to prevent brute forcing of the users passcode.

    Regardless of whether they win or lose the current court battle, I expect Apple to fix the vulnerability in the next version of iOS. I think that is as simple as altering the operating system so that if new updates are applied without an unlock, the original OS/firmware wipes the phone *before* applying the update. That plugs the hole because before the brute force friendly firmware gets installed, the data is destroyed.

    Suppose Apple loses the case - I doubt this new version of firmware technically counts as contempt of court, but certainly after having had their cooperation be compelled by the government, said government will not be happy if Apple decides to make sure they can't get forced in that particular way again, and I would expect some level of retaliation by the courts/government.

  3. Hacking is irrelevant, only the precendent matters by taustin · · Score: 4, Interesting

    Once the precedent is set, the feds are only a national security letter away from telling Apple (and all other phone an IoT manufacturers) that "your next routine iOS (or whatever) update will have remote access to everything that we can activate without your involvement, and if anyone finds out it exists, you go to prison." That's not a hack, that's a built in back door, as part of the OS, and no security can possibly protect you from the manufacturer's deliberate intent.

    The precedent is the only thing that matters here.

  4. Re:Hipster Terrorist? by Tom · · Score: 3, Interesting

    and I would expect some level of retaliation by the courts/government.

    You are seing it already. Apple made things the way they are exactly because of previous requests. So this time, the angle is "you are on the side of terrorists". It's a warning shot. Next time it will be "you ARE the terrorists".

    The thing saving Apple is that thanks to two decades of NeoCon politics, multinational corporations are now more powerful than governments, and the crooks can't play hardball anymore.

    --
    Assorted stuff I do sometimes: Lemuria.org
  5. Re:The duck quacked by whipslash · · Score: 4, Interesting

    You're right on