Slashdot Mirror
FBI Should Try To Unlock iPhone Without Apple's Help, Lawmaker Says (csoonline.com)
itwbennett writes: Representative Darrell Issa, a California Republican and former car-alarm entrepreneur, has suggested that the FBI try unlocking mass shooter Syed Rizwan Farook by copying the hard drive and running password attempts until they find the correct password. Bruce Sewell, Apple's senior vice president and general counsel, said during a congressional hearing that, although the company doesn't know the condition of the shooter's iPhone, Issa's approach may work.
and watch the phone format itself after they fail.
Someone is confusing the iPhone with the iPod Classic.
They certainly use these to their advantage, I mean c'mon, big murder spree gotta get on that phone! KEEP U SAFE FROM NUTJOBS
Oh please, oh please, general public / corporate America, give us the keys to the castle, we promise to be very very careful with them
This guy's so far behind the times, he thinks an Iphone has a hard drive in it.
Have you ever fallen asleep at the keybhanusdiog?
"hard drive"???
At least someone is thinking out of the box. In the face of a recalcitrant Apple, disassemble the phone, analyze the parts. Identify the murder's accomplices.
Well duh the approach may work, which is one of the reasons the All Writs Act shouldn't apply (it is only supposed to be used when Apple's help is necessary, not 'necessary for how we feel like doing it'). But the goal of the FBI is not, and has never been, to actually get into the phone. The FBI's goal all along has been to use this as ammunition to press Congress for mandated backdoors and/or more funding for their 'cybercrime' division.
You can bet your ass the NSA already HAS a copy and is either actively brute forcing it, or has already done so. But they'll never publicly admit to it, because doing so will expose too much of their capability.
Also, in terms of the Cloud Backup approach, it should be a relatively simple matter to hook the phone up to a custom network which mimicks the iCloud server, and they would know immediately if the phone is even trying to backup to it or not. If it is, it's also relatively simple for the Cloud instance to just accept whatever password hash the phone sends.
“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.”
From: The iPhone Has Passed a Key Security Threshold
I'm sure a politician knows more about crypto than MIT or the DoJ.
I am not interested in articles about life extension advancements.
try unlocking mass shooter Syed Rizwan Farook
Good luck unlocking a dead man.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...and now it is coming to light that the reason the FBI needs Apple's help is because they screwed it up in the first place trying to reset the password...Apple should be "recalcitrant" and be very stubborn about letting the government into the house.
I don't get it. Why don't they just ask the NSA for the key to the backdoor?
Oh. They probably did, but the NSA is never such a thing exists, and especially not to the FBI.
So until further notice, only Chinese and Russian hackers will have access to those back doors.
They certainly should try that.
Now, Rep. Issa, can I make some laws? It can't be too hard to do. You certainly sound like you feel qualified to sound off about forensic technology issues, so I should have the privilege of feeling qualified to sound off about lawmaking.
cracking an image of the "hard" drive (both via social engineering and brute force)? What kind of incompetent dunderheads are they???
Or is the Conspiracy Theory that this is really a trojan horse for greater federal power not actually a Conspiracy Theory?
"I don't know, therefore Aliens" Wafflebox1
Are they suggesting that the agencies involved try to dump the phone's flash memory to an image file and then try to run many instances of that image in an iPhone simulator (like the one devs use as part of the iPhone devolopment SDK?). If the phone's flash drive is encrypted though I'm not sure if what they dump will even be 'bootable' as a virtual instance.
Any experts care to chime in?
Darrell Issa is an idiot, an asshole, a partisan hack, and a bought (through donations) turd.
because the password the user typed can't be long enough to be secure from brute force.
The phone is only "secure" if you can depend on the OS to wipe the phone after 5 bad attempts.
If you can get into the phone's internal flash, it's game over.
The answer is easy. They are not interested in the contents of the terrorist's phone as much as they want a magic key that will unlock anyone's iPhone anywhere. The NSA already has all the metadata from this phone recorded anyway, so the whole alarmist search for the phone's contents is a front for the government's overweening desire to pry into everyone's life.
The entire purpose of the FBI even discussing anything is to establish legal precedent. They already know there is something on the phone they want to be allowed to use in court. They already know what is on the phone, and Apple "standing up to the FBI" is just marketing so you will buy more backdoored devices from Apple.
it's a forum full of geeks.
A forum full of geeks knows it's not that hard to break into an iPhone and this is nothing but a political maneuver.
I've stated before John McAffee is calling out the obviousness of the situation, but just like all the other political stuff that creeps across the site the modern Slashdot feels the need to prop up the political agenda despite the obvious answers staring us right in the face.
The preceding post was not a Slashvertisement.
Comment removed based on user account deletion
...that the NSA or some other US intelligence agency cannot/has not cracked this phone. What I find more believable is that they have the information and they want to force Apple to crack the phone to protect their methods and knowledge of their access. If they win the get the bonus of sticking it to Apple and get a precedent they can use in other cases.
What I fundamentally don't understand is this:
EITHER
a) if this is GENUINELY a mattter of national security, the FBI could actually hand the phone to the NSA and get the information in about 30 seconds but for some reason isn't doing so, or
b) the NSA's upteen-gajillion-dollar "black" budget has pretty much enabled them to record/analyze/store only the utterly banal unencrypted conversations that you could hear just sitting and listening to the guy next to you at the coffeeshop, ie almost entirely wasted on stupid crap.
I don't see really any other alternative.
I'd expect, for example, that Russian and Chinese government communications are ROUTINELY of a higher level of encryption than the bloody iPhone you can buy at the mall, and yet the NSA's *job* is to listen in on that stuff and they claim that they're pretty damned good at it?
-Styopa
The Government has been demanding access to safes from various companies for a long time.
If Apple designed their phone so that you would need a new version of the OS instead of a simple key to access the safe, well, that was Apple's decision and their problem.
The Government can, and should, have court ordered access to these digital safes as well.
The FBI is attempting to portray this as a crisis and the overriding rule of any security agency is, "Never fail to leverage a crisis."
Because it's terr'ists. Never mind that the terr'ists are dead and the crisis is long over. Never mind that they already have the metadata from the phone calls to Africa. Never mind that the FBI's ability to extradite any presumed terr'ists from Africa is likely zero. Never mind that there's a decent chance there is nothing criminal or relevant on that phone whatsoever.
Thus, the FBI is leveraging a dead crisis. In so doing they get Apple to create a magical phone unlocking tool and the FBI gets it for free. Never mind that in so doing, the FBI measurably and indisputably reduces security for all of the rest of us. Never mind that the FBI cannot lawfully coerce a company to perform the work that the FBI itself is supposed to be doing. Never mind that endless expansion of the phone cracking capability is inevitable.
Because terr'ists. Oh, and get ready for yet another expanded budget request from the FBI. They need it to hire the fleets of lawyers they need on their quixotic quest to save the nation by making all it's citizens vulnerable. You know, to criminals, fraud artists, that fake Nigerian prince with the $10 million dollars they just need to park in your bank account for a day, the Russian and Chinese hackers, Anonymous, etc. And the terr'ists!
The FBI needs to understand that security is a fundamental need. Our security systems get compromised every day, so what the nation needs is attention paid to security. Not yet another mechanism by which security can be trivially bypassed by every L33T Haxor with a grudge, a dubious mission, or a need to fill their own bank account with the contents of yours.
Oh wait, this is the FBI. They already understand that. They just don't care. Because terr'ists.
Obviously none of our laws apply to law enforcement, so sure, go right ahead - and while you're at it tell the government that the constitution is meaningless - they can trample any right they like at any time for anyone.
Here is a simple test if you think McAffee is being legit here. Take another iPhone and encrypt it and give it to him and see if he can get the data off of it. Otherwise, talk is cheap, particularly if you know you never will have to make good on it.
We should all be careful what we ask for. As it stands, right now, for the FBI to gain access to a phone in a criminal investigation, they need to get a court order to have Apple, or whomever unlock it. There is at least some check and balance to government intrusion, albeit small. If Apple succeeds in their appeal, then it is likely that the FBI will develop their own tools to access the data in the future, in which case, they will not need a court order any longer.
If Apple succeeds, this may be a case of winning the battle, but losing the war.
Representative Darrell Issa, a California Republican and former car-alarm entrepreneur...
I'm assuming there's a lot more to him. Because reading sentences like that makes me think California gets too many congressional seats if they give them to people who seem to have so little background in law or government.
Find surveilance of the guy unlocking his phone in public. Problem solved!
-- Each tock of the Planck clock is a new world and here we are still life. --
The FBI would then be violating the DMCA, and Apple could sue them.
...deserves an informative mod, unfortunately I have none to give.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
When you see Issa, think car thief gone bad...
My wife is a teacher. Other teachers were always calling the case/tower a modem. Even when the computer didn't have a modem in it I heard this again and again. I didn't understand why until one day I was in the "teacher store" with my wife getting supplies. There was an "educational" poster about computers and it had the tower labeled as a "modem" with an arrow pointing to where expansion cards would be in a case.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
I thought I read somewhere that this device has a JTAG connector somewhere inside it. Seems reasonable to me that they could read out the memory content with that and then send it off to the NSA to brute force it, it would probably succumb to a "rainbow table" type attack anyway.
Nullius in verba
I wonder why they didn't look at the smudges and fingerprints on the screen of the iPhone so that they could deduce what the pinched was and then use the fingerprint of the dead guy to unlock the phone (Maybe 3d print a copy of his fingerprint? because USA! USA!)
"unlock the phone"
"no"
"sudo unlock the phone"
"Dammit. OK..."
ok if th eFBI cant break a 10 digit pin how can they break a military grade encryption like AES256 , seriously , this is more about having to tell a judge and therefore the public that they can and do day in day out , that new NSA intecept and decode center in utah has been designed to crack 57 petabytes of hard encrypted traffic a year , and they cant break an iphone pin ? they just wnt average joe to believe thir shit are safe on a iphone , but as like ANY computing device based on binary and a fixed word lenght , it's just a question of ressource and time , each being invertly proportional , and with the milliosn of CPU availlable to inteligence agency i wouldn't bet on a delta T of more then 10 minutes , seriously , whatever calculation a measely little A9 chip can do a few thousand xeon chips in parallel can undo in seconds . really Tim Cook is OSCAR material in best support role in a fiction
I'm so sick of hearing about this. It's all over the major news networks on Sat Radio. It's on TV. And what are they going to find? A few numbers that might lead to the arrest of some terrorists?
Let's break it down by comparison. Texas guy sells his work truck to a dealership. Texas guy gets calls from angery people about supporting ISIS. Texas guy sees video of his truck in a desert with a .50cal on the back, loaded up with terrorists spraying ammo, name on truck shows up in video. They couldn't trace that truck to anyone past the dealer. Tell me how they are going to track a number? Oooooo they might get names. Come on. More important shit please.
If Representative Darrell Issa actually said that then it is even more proof that you cannot have a rational discussion of this subject without understanding the technology. Without that understanding almost anything you say makes you look like a buffoon.
Sure you could image the hardware and try to brute force the encryption key, it would take you Trillions of years but you could do it. Reason being that the encryption key used on the storage is derived by mixing the users unlock code AND a strong secret, held within the devices CPU, the UID (even on the 5c). Without getting a copy of that from the device as well a the encrypted storage you cannot reduce the brute force guessing to the level of the passcode, being as the UID has much of the entropy of the two.
Apple quite logically has created the hardware of the CPU so that the UID is not available to any interface only as the output from an atomic operation when it is cryptographically mixed with the passcode guess. Also NO pretty sure you cannot physically extract it by taking the CPU apart, Apple would have made decapping the CPU extremely likely to damage it a way that prevents access. Which by the way would also render the evidence suspect and open to challenge under cross examination.