Slashdot Mirror
FBI Should Try To Unlock iPhone Without Apple's Help, Lawmaker Says (csoonline.com)
itwbennett writes: Representative Darrell Issa, a California Republican and former car-alarm entrepreneur, has suggested that the FBI try unlocking mass shooter Syed Rizwan Farook by copying the hard drive and running password attempts until they find the correct password. Bruce Sewell, Apple's senior vice president and general counsel, said during a congressional hearing that, although the company doesn't know the condition of the shooter's iPhone, Issa's approach may work.
Someone is confusing the iPhone with the iPod Classic.
They certainly use these to their advantage, I mean c'mon, big murder spree gotta get on that phone! KEEP U SAFE FROM NUTJOBS
Oh please, oh please, general public / corporate America, give us the keys to the castle, we promise to be very very careful with them
This guy's so far behind the times, he thinks an Iphone has a hard drive in it.
Have you ever fallen asleep at the keybhanusdiog?
At least someone is thinking out of the box. In the face of a recalcitrant Apple, disassemble the phone, analyze the parts. Identify the murder's accomplices.
Well duh the approach may work, which is one of the reasons the All Writs Act shouldn't apply (it is only supposed to be used when Apple's help is necessary, not 'necessary for how we feel like doing it'). But the goal of the FBI is not, and has never been, to actually get into the phone. The FBI's goal all along has been to use this as ammunition to press Congress for mandated backdoors and/or more funding for their 'cybercrime' division.
You can bet your ass the NSA already HAS a copy and is either actively brute forcing it, or has already done so. But they'll never publicly admit to it, because doing so will expose too much of their capability.
Also, in terms of the Cloud Backup approach, it should be a relatively simple matter to hook the phone up to a custom network which mimicks the iCloud server, and they would know immediately if the phone is even trying to backup to it or not. If it is, it's also relatively simple for the Cloud instance to just accept whatever password hash the phone sends.
“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.”
From: The iPhone Has Passed a Key Security Threshold
I'm sure a politician knows more about crypto than MIT or the DoJ.
I am not interested in articles about life extension advancements.
Have you even read the summary? How would the iPhone do that if they make binary image of the storage? Can it magically format other storage devices as well?
That's the whole point of the hard drive copy. Who cares if it deletes a copy. Make another try again.
This plus write-blocking, welcome to modern disk forensics.
try unlocking mass shooter Syed Rizwan Farook
Good luck unlocking a dead man.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That isn't the problem, but the real problem is that the private key is kept in NAND memory, not the flash memory (what they're calling the "hard drive"). The FBI isn't already doing this because it's really hard... mathematically hard. As in, unless they have quantum computers we don't know about, they won't be able to figure out what's on that phone for eons. And without the private key, it would be hard to even know the difference between the encrypted gobbledygook and the unencrypted data if you crack it.
I maintain that they are pretty sure that there's nothing of value on that phone, and that this whole exercise was a ruse to gain government backdoors to encryption because, terrorism.
Gamingmuseum.com: Give your 3D accelerator a rest.
and watch the phone format itself after they fail.
Ladies and Gentlemen, the answer from a 6 digit Slashdot member. It manages an almost perfect balance between trollish and imbecilic, while leaving no doubt about the fact he didn't RTFA.
At 5 digits, his reply would be a dupe of a previous one, and you'd understand he doesn't even understand the concept of the article.
At 4, the comment would just be an anagram of both "first post" and a bodily fluid.
Reading a 3 digits comment would be akin to hearing the voice of God.
At 2 digits, the words shape the chaos into reality.
Not even Gods speak about single digit comments. And when they do it's in weakly whispers. For such power is better to leave asleep.
because the password the user typed can't be long enough to be secure from brute force.
The phone is only "secure" if you can depend on the OS to wipe the phone after 5 bad attempts.
If you can get into the phone's internal flash, it's game over.
No, not on the iPhone 5C it isn't.
The 'Secure Enclave' is 5S, 6, 6+, 6S, and 6S+.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
What makes you think they would want to boot it? Reading it is supposed to be what they want to do.
It seems a strange thing to say but John McCafee's comment about the cost of the NSA's backdoor seems to have introduced some sanity into the discussion, who would have thunk it?
Mielipiteet omiani - Opinions personal, facts suspect.
7-digit ID talking shit about 6-digit IDs. Now I've seen it all.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
This is incorrect. The phone does not store the key anywhere. The key is made up of the phones unique identifier value, and your pin, combined to make the key. What they can do is use acid, high powered visual equipment and lasers to try to determine the unique identifier from the iPhones CPU, and then try to brute force that with various pin numbers.
I came, I conquered, I coredumped
The answer is easy. They are not interested in the contents of the terrorist's phone as much as they want a magic key that will unlock anyone's iPhone anywhere. The NSA already has all the metadata from this phone recorded anyway, so the whole alarmist search for the phone's contents is a front for the government's overweening desire to pry into everyone's life.
It's not that simple. The drive isn't protected by a passcode, the *decryption key* is protected by a passcode. The drive is protected by encryption. Without the key it's basically just a bunch of random gibberish.
Low UIDs aren't that uncommon. There are 899 three digit UIDs. That would be a pantheon dwarfing even the Greek gods of old.
I read the internet for the articles.
So figure out the passcode (shouldn't be that hard, since people typically use simple PINs or ones that are meaningful to them) to get the decryption key?
How many times have we been told, "all bets are off once you've got physical control of the h/w"? Well, they've got physical control of the h/w.
"I don't know, therefore Aliens" Wafflebox1
It is not as easy, the iPhone have FIPS 140-2 crypto processor that stores the key, you can not copy that data, and you can not emulate it. Or force attack the secure crytpto processor... I think the aproach of copy the hard disk is not posible, take a look to Apple documentation. https://www.apple.com/business... I am not sure even if is posible to release a new iOs without the retry password and time limits, It shouldn't be possible if the design is well done as it seems.
Damia
You do know that you actually can make laws, right? It's a citizen government, where you can run for office, or even go through the process of getting a ballot measure passed.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
From my understanding, even if they do have quantum computers, it may still take eons. Quantum computers don't solve things instantly, and while they're faster against AES, they reduce the bit strength by about half, leaving 256-bit AES the equivalent of about 128 bit, still likely strong enough to withstand any reasonable amount of brute forcing. Depending on the speed of the quantum computer, even if going up against AES-128, the 64-bit equivalent may still be unbreakable for years.
You can never go home again... but I guess you can shop there.
That isn't the problem, but the real problem is that the private key is kept in NAND memory, not the flash memory (what they're calling the "hard drive"). The FBI isn't already doing this because it's really hard... mathematically hard. As in, unless they have quantum computers we don't know about, they won't be able to figure out what's on that phone for eons.
Quantum computers if they did exist still wouldn't be able to do jack against a symmetric AES key.
Most of them left the site in disgust years ago though
My guess would be... you don't get a second chance.. if you fuckup.. it's dead. And acid is not exactly the most predictable thing to work with.
I came, I conquered, I coredumped
It is hard, but between the NSA and the FBI they should be working hard to develop new techniques. Maybe the military could even chip in, if it really is an issue of national defence, as is the case in the IS argument? Wasn't the NSA meant to be the brain that could crack anything?
One benefit of having techniques that only governments can afford and have access to, is that the methods would be hard for a 'script kiddie' to reproduce.
One thing is that the encryption is probably hard, but probably predictable in some form, since the phone needs to be able to access the stored data rapidly and without taxing the processor too hard, since otherwise performance and battery would take a noticeable hit.
Jumpstart the tartan drive.
it's a forum full of geeks.
A forum full of geeks knows it's not that hard to break into an iPhone and this is nothing but a political maneuver.
I've stated before John McAffee is calling out the obviousness of the situation, but just like all the other political stuff that creeps across the site the modern Slashdot feels the need to prop up the political agenda despite the obvious answers staring us right in the face.
The preceding post was not a Slashvertisement.
Comment removed based on user account deletion
Ha. I wish I had mod points.
...that the NSA or some other US intelligence agency cannot/has not cracked this phone. What I find more believable is that they have the information and they want to force Apple to crack the phone to protect their methods and knowledge of their access. If they win the get the bonus of sticking it to Apple and get a precedent they can use in other cases.
What I fundamentally don't understand is this:
EITHER
a) if this is GENUINELY a mattter of national security, the FBI could actually hand the phone to the NSA and get the information in about 30 seconds but for some reason isn't doing so, or
b) the NSA's upteen-gajillion-dollar "black" budget has pretty much enabled them to record/analyze/store only the utterly banal unencrypted conversations that you could hear just sitting and listening to the guy next to you at the coffeeshop, ie almost entirely wasted on stupid crap.
I don't see really any other alternative.
I'd expect, for example, that Russian and Chinese government communications are ROUTINELY of a higher level of encryption than the bloody iPhone you can buy at the mall, and yet the NSA's *job* is to listen in on that stuff and they claim that they're pretty damned good at it?
-Styopa
So, pretty much about as easy as decrypting an iPhone without the key.
Is it just my observation, or are there way too many stupid people in the world?
That's the whole point of the hard drive copy. Who cares if it deletes a copy. Make another try again.
Apparently, there are multiple parts to the key.
1. the pin number (probably just 4 digits)
2. the unique identifier burned into the silicon (impossible to recover without taking apart the chip with acid and stuff and looking at it with microscopes, and you may not get it right if you do that)
3. a long random number stored in NAND
All of that is combined and then used as a symmetric AES key to encrypt the data on the flash.
The "phone wipes the drive" is not accurate. When the phone wipes the drive, it actually just wipes #3 (and maybe some other stuff after that wipe is completed).
AFAIK, they can't (easily) copy the NAND nor #2.
They can copy the flash and try a bajillion keys, but that will take eons.
They can copy the flash, try via the phone, fail, and the phone will wipe #3, and then they're SOL - restoring the data to flash will not help at all.
There may be other techniques they can use, but it's not as simple as backup/restore the flash.
I bet it's the birth year of Mohammed, in reverse because arabic is RTL !
Its "Spooky Action at a Distance" for large objects!
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
How about just booting existing OS and reading/writing the RAM if you have hardware access?
It is assumed that Apple already has backdoor to disable unlock attempt counter, so it should be possible for everybody if you can skip Apple signature requirement for new code.
I must be missing something obvious. If it's a 4 digit PIN, and they can make a copy of the memory, can't they create a multiple virtual instances of the device and test the 10000 PINs somewhat in parallel? I guess the hard part is "make a copy of the memory". I know the spy movies make it simpler than it is in reality, but it would seem that there must be a way to do that. Even if it's expensive and time consuming to copy the memory, it's got to be cheaper and faster than taking Apple to court.
Monitor bandwidth usage on IIS6 in real-time: http://www.waetech.com/services/iisbm/
Frost spit since I'm from Minnesota you insensitive clod.
You do know that you actually can make laws, right? It's a citizen government, where you can run for office, or even go through the process of getting a ballot measure passed.
If you have a couple of million/billion dollars to spare and/or enough of the right friends. Preferably in one or the other major political parties.
Otherwise, good luck - you'll need it!
Here is how it works. You run for something local, like city council or school board. You show up at party functions to become a member of a party, and gain credibility within the party. You develop a name for yourself so that when you want to run for state office people have heard of you and you seem like a reasonable candidate.
Then you start thinking about running for a national office.
If you have millions of your own money or friends willing to fund you you can skip some of those steps, but if you go the usual route you don't need to be a millionaire.
And why should it be different? Do you hire somebody with no experience to be an architect or senior engineer, just because they have strong opinions on how things should be done? Why would I vote for your for Congress or President if you haven't shown me you can perform well at a lower level office? Why wouldn't I think that you are likely to be a single issue crank that has one hot button issue that has you all worked up, and zero interest in the rest of the mechanism of being a legislator?
"....NSA operates under the authority of the Department of Defense."
https://www.nsa.gov/about/faqs/oversight.shtml
You're missing that the mechanism which unlocks the actual encryption key based on the PIN is not software but a tamperproof chip.
"When information is power, privacy is freedom" - Jah-Wren Ryel
God? Is that you?
(yawn) you weren't part of the first half million....
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
Now you're just being pedantic.
The FBI should copy the contents of the storage medium to another storage medium and attempt to brute-force it. That's what the lawmaker is saying in a nutshell. This lawmaker is actually making our case, that it's not Apple or any other vendor's job to break their own security, that it's the investigating agency's job to essentially prove its case by doing that work itself. Stop attacking the person actually trying to help by nitpicking what they say.
Do not look into laser with remaining eye.
I missed that golden threshold, alas, but can I still have demigod status?
Obviously none of our laws apply to law enforcement, so sure, go right ahead - and while you're at it tell the government that the constitution is meaningless - they can trample any right they like at any time for anyone.
Just the opposite. If the laws didn't apply to law enforcement, then there wouldn't be a court case about this incident. It would already have been unlocked.
Here is a simple test if you think McAffee is being legit here. Take another iPhone and encrypt it and give it to him and see if he can get the data off of it. Otherwise, talk is cheap, particularly if you know you never will have to make good on it.
Low UIDs aren't that uncommon. There are 899 three digit UIDs.
That represents about 0.02% of the Slashdot user base, give or take, and they aren't all active.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
If I can, you probably can. And oh, do I ever.
Dewey, what part of this looks like authorities should be involved?
The attack makes sense. The filesystem key is not related to the UID, and the filesystem key is what is erased to prevent brute-forcing, not the encrypted file system on the SSD itself. If you get a copy of the eh, erasable memory (which may or may not be stored on the SSD), then you have the filesystem key. Be it that Apple is very mum about what actually talks to the devices, I don't know where that part of the memory is. Be it that the 5C doesn't even have a security enclave, I don't understand why you wouldn't be able to just find the key and plug in the algorithm. With the security enclave, the phones would be vulnerable to the same attack, but they'd be rate limited by the security enclave meaning a small alphanumeric code could make it impossibly long to get into - but the self destruct system is bypassable.
That's what I've been wondering - what's stopping them from pulling the hard drive (or whatever) and copying it? I think the FBI is just being lazy. Then there's the question of what they think they even need from the phone. After all, it's a network device, and most of what it does happens across the network. They have all that data already - phones calls, web activity, GPS, etc. Greedy and lazy.
-- sudon't
Air-ride Equipped
We should all be careful what we ask for. As it stands, right now, for the FBI to gain access to a phone in a criminal investigation, they need to get a court order to have Apple, or whomever unlock it. There is at least some check and balance to government intrusion, albeit small. If Apple succeeds in their appeal, then it is likely that the FBI will develop their own tools to access the data in the future, in which case, they will not need a court order any longer.
If Apple succeeds, this may be a case of winning the battle, but losing the war.
Just because something is encrypted, doesn't mean you can't copy it. What's your source on this unreadable uncopyable "NAND" memory? Even if the filesystem key is stored encrypted by the UID and pin, if you can make a single copy of that encrypted block (and then repeatedly copy from that) - the complexity becomes a matter of brute forcing the pin (not the stronger UID or filesystem key). So, what's the story on this?
How many years have we been reading about security researchers mounting clever side channel attacks on things like smart cards? Has everyone here forgotten about Tempest already? So how likely is it that the NSA can't read a phone's hardware UID without acid-etching the CPU, either directly or by recovering the contents of memory? It could be simple as entering a PIN and observing what (wrong) encryption key the CPU generates.
But there are some really good reasons (from the FBI's standpoint) for compelling Apples' cooperation. First, they'd like the legal precedent that manufacturers have to provide them with a way in. Second, they won't have to go hat in hand to another agency to ask for help. Third, it'd be a lot more quick, convenient and cheap to install a compromised OS on a device than it would be to have to disassemble it. You could potentially do that while you had someone in short term custody (e.g. within 100 miles of the US border, which can be done without probable cause and where 2/3 of the American population lives).
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
How many years have we been reading about security researchers mounting clever side channel attacks on things like smart cards? Has everyone here forgotten about Tempest [wikipedia.org] already?
Are you telling me that security researches get through clever side channel attacks first go without breaking hardware? That's the ticket here. Whatever they are going to do needs to be damn certain that it's going to work.
Representative Darrell Issa, a California Republican and former car-alarm entrepreneur...
I'm assuming there's a lot more to him. Because reading sentences like that makes me think California gets too many congressional seats if they give them to people who seem to have so little background in law or government.
They won't even consider letting you run for state office until the party has a _large_ pile of dirt on you.
Enough that you'd suicide before turning on them.
Think about what it takes to keep this kind of large conspiracy somewhat secret.
It's not by accident that we have no competent politicians. It's only partly explained by the fact that decent people don't want the job.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Does it make it's own clock internally and have a capacitor on Vcc.
Otherwise it's susceptible to voltage and clock glitching. Just like the last generation of sat receiver smart cards.
All you have to do is 16x it's processor clock for the cycle where it's trying to store the 'PIN try count exceeded' flag, or do the same when incrementing the fail count.
Or just burn up one low bit of memory at the address the fail count is stored at.
But all these approaches would ultimately be '1 try'. After you've burned up 100 other iPhones testing.
The FBI want's Apple to update the phone to disable the fail count. What kind of phone takes an update when in a locked state? Apple should fix that.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Find surveilance of the guy unlocking his phone in public. Problem solved!
-- Each tock of the Planck clock is a new world and here we are still life. --
Now you're just being pedantic.
On that note, my laptop has something which the vendor referred to its flash storage as "solid state disk". This term more accurately describes a rotating hard drive, which is both made from matter in its solid state and disk-shaped.
Language is a social contract in which Alice agrees to try to make herself understood and Bob tries to understand. In this case, the lossy communication channel did the job.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
I could have had a 4-digit id, but I come from an era when long-term lurking before posting was considered virtuous.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
No he's not. The iPhone does not contain a HARD DRIVE; it has a flash memory chip. The entire contents of which are encrypted. Removing that chip (which is not easy) would yield nothing but a bunch of random garbage. After 1.2million years of attempting keys, you might gain access to the filesystem, only to find EVERY file of value encrypted yet again (with various keys).
The thing that needs to be backed up -- the UID and key built from it -- cannot be accessed.
Think about what it takes to keep this kind of large conspiracy somewhat secret.
Which is precisely why I don't believe that there is a conspiracy.
Same here. That's why I only have a 4-digit ID.
Dewey, what part of this looks like authorities should be involved?
Let there be...
nevermind.
iPhones can get USB dongles to allow data to be copied to a memory card. Android smartphones have a socket for a removable SD card (any size from 8GB to 128GB). The memory is really that cheap (and small as a fingernail). Perfect for backing up data, even if the USB cable port won't accept data service.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Should be OK for Valhalla. Save me a chair & a flagon of mead.
So you make another copy and try again?
You can't make a copy. That's the whole design of the system.
You can work around that by trying to apply just enough acid to just the right places to get the data off the chip that you would need to copy, but if you fuck it up the chip is ruined and the data is lost forever.
The attack makes sense. The filesystem key is not related to the UID, and the filesystem key is what is erased to prevent brute-forcing, not the encrypted file system on the SSD itself. If you get a copy of the eh, erasable memory (which may or may not be stored on the SSD), then you have the filesystem key. Be it that Apple is very mum about what actually talks to the devices, I don't know where that part of the memory is. Be it that the 5C doesn't even have a security enclave, I don't understand why you wouldn't be able to just find the key and plug in the algorithm. With the security enclave, the phones would be vulnerable to the same attack, but they'd be rate limited by the security enclave meaning a small alphanumeric code could make it impossibly long to get into - but the self destruct system is bypassable.
But of course, if any of this is actually possible Apple's been lying about the security on their smartphones for literally years, and it's likely that almost every country could hack the system.
The whole design is that the drive can only be read with a key. Without the key it's encrypted gibberish. The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.
The iPhone 5c doesn't have the "tamperproof chip." That's only in the current generation.
Kriston
You could copy the Flash memory storage, but to actually decrypt that you need a copy of the key that's in chips on the motherboard. Those chips are not designed to tell the world what their key is without the right PIN, and without their key or a centuries+long decryption job the data is simply unreadable. And the chips erase themselves after 10 failed PINs.
So to make your 100-copies you'd have to destroy all the chips in question, because the only way to read it is acid, and acid does not leave chips in workable condition. Which is why Apple was able to seriously argue that the encryption on the 5c was virtually impossible to crack, even for the FBI/NSA/etc.
Basically if anything Issa were talking about was actually remotely possible a) we would not be talking about this because the Judge would never have issued the order, and b) there would be potential false advertisement issues for Apple.
first post, forced pissed, whatever.
...deserves an informative mod, unfortunately I have none to give.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Did I say conspiracy? I meant 'self serving group of crooks that understand they have to maintain the fiction'. There just isn't one word for that.
Of course eventually one that has enough dirt on others will be about to be indicted...Hillary's health might take a decline in the near future.
As to long term conspiracies. My example is all the boy rapers in the English parliament that covered for each other for decades. Also the alter boy rapers. In every case the key is mutual dirt. You don't think the Ratsinger would have covered for the rapists unless he was equally dirty, do you?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
This may have been covered already, but won't Apple have a record of the hardware ID, and be compelled by warrant to hand it over?
They sentenced me to twenty years of boredom
The defendant is dead. There won't be a trial.
Whatever evidence they find on the phone pointing to other potential terrorists would probably not be enough to prosecute them. It may be enough to warrant further investigation of them.
"hard drive"???
Brisbane to Darwin in the wet season.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
When you see Issa, think car thief gone bad...
My wife is a teacher. Other teachers were always calling the case/tower a modem. Even when the computer didn't have a modem in it I heard this again and again. I didn't understand why until one day I was in the "teacher store" with my wife getting supplies. There was an "educational" poster about computers and it had the tower labeled as a "modem" with an arrow pointing to where expansion cards would be in a case.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
I thought I read somewhere that this device has a JTAG connector somewhere inside it. Seems reasonable to me that they could read out the memory content with that and then send it off to the NSA to brute force it, it would probably succumb to a "rainbow table" type attack anyway.
Nullius in verba
Nice conspiracy theory, it neatly explains why a candidate often appears to represent the views of their party but how does it explain the fact that Trump is still breathing?
IMHO the majority of politicians enter politics with good intentions, but as they say, the road to hell is paved with good intentions.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
NAND memory is flash memory. Depending on which key you're talking about, either:
The OS erases the disk encryption key after a certain number of tries. However, in the hands of professional attackers, that isn't very valuable, because the key itself is still stored in the normal flash rather than inside a dedicated crypto coprocessor. As a result, you can interpose hardware between the CPU and the flash part to simulate writes using RAM so that the flash data is not actually modified and can be reset trivially to its original values. This is the most sane attack strategy. It involves unsoldering the flash part and adding hardware in the middle. This is slow, but I see no reason that it can't be done unless I'm missing something subtle about the hardware.
Check out my sci-fi/humor trilogy at PatriotsBooks.
The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.
The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.
But somehow you couldn't quite let go?
you have a citation for that?
Wikipedia: "SSDs have no moving (mechanical) components. This distinguishes them from traditional electromechanical magnetic disks such as hard disk drives (HDDs) or floppy disks, which contain spinning disks and movable read/write heads."
eBuyer Jargon Buster: "What is the difference between a Solid State Drive (SSD) and a Hard Disk Drive (HDD)? A traditional HDD is a device made up of moving parts that uses spinning platters to store data. An SSD on the other hand uses flash memory and has no moving parts."
market leader OCZ: http://ocz.com/consumer/ssd-gu... (with a nice infomercial at the bottom of the page)
.
Nope, I can't find anything in a cursory search that agrees with your assertion.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
they'd have to get Apple to rewrite the software to allow that (it introduces a random delay of between 80ms-5s purely to defeat bruteforce attempts), also so it doesn't fry the flash memory after the tenth unsuccessful attempt. THAT is what every freedom-loving human on the planet has a problem with: if Apple make that software, who are the FBI to be trusted not to pocket the thing and use it elsewhen (notwithstanding their promise not to, I wouldn't trust the FBI as far as I could spit them)?
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
quantum computers would be no good since quantum computers are DESIGNED for use on unknown data sets looking for familiar patterns, whereas a 256-bit AES key is a known data set with unknown patterns.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
What he's saying is that the term "Solid State Disc" is not accurate, since the term "disc" describes a specific shape, and there's nothing disc-shaped in a Solid State "Disc". He's responding to the pedantic comment about iPhones not having "hard drives" by pointing out that Solid State Discs aren't actually discs.
Hence his last sentence:
Language is a social contract in which Alice agrees to try to make herself understood and Bob tries to understand. In this case, the lossy communication channel did the job.
In other words, "You know what he means, and being nit-picky about the technical terms just makes one look like an ass."
Redundancy is good And also good.
ummm... think you'll find it is, it's equivalent ot the Secret Intelligence Service (also referred to as MI6), the Foreign Intelligence Service of Great Britain, directly answerable to the Ministry of Defence and with a speed dial to the Office of the Prime minister and one of the few agencies that can call the PM out of a tea party with the Queen for a COBRA meeting.
If proof were ever needed, look at who chairs the NSA: a serving Admiral in the United States Navy: Adm. Michael Rogers.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
Taking apart a phone, even desoldering the chips and putting them test jigs, isn't a high risk operation for a skilled technician.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
there's actually no consensus on the use of the term "disc" vs. "disk". Both describe form and function. In medical terminology, the preferred term is "disc", while in describing magnetic, optical or magneto-optical, or flash media, you can use either. I've never been pulled up anywhere for using the term "disk" to describe something that looks like a stick of gum and plugs into the side of a laptop.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.
The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.
The 5c has a hardware-defined security code that works roughly how I described. Ars Technica has a fairly good article on how hard it would be to get the relevant info out of the iPhone without the PIN. Secure Enclave's new wrinkle is that most of the process got moved out of the OS into the firmware, not that the architecture of the security system changed.
I am far from an actual CompSci or EE person, so it's probable I'm missing more then a few little wrinkles in this system that are very important to the Slashdot audience, but I think I have abetter handle on the issue then fucking Issa.
Why would they have that record? They probably could figure out which set of chips went into this particular batch of iPhones, but that isn't gonna help the FBI much.
And, since the number on the chip can be changed (the way the phone resets itself after 10 wrong PINs is wiping the number, which renders the data on the phone undecryptable garage), even if they could figure out the hardware bit of the decryption key it shipped with that may not be the one the phone was using.
I've never been pulled up anywhere for using the term "disk" to describe something that looks like a stick of gum and plugs into the side of a laptop.
Nor have I, and nor would I hyper-correct someone else who did it. But in this very thread, someone had a problem with the suggestion that the iPhone had a "hard drive" in it.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
The metadata of all files in the file system is encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user. The file system key is stored in Effaceable Storage. Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command from a mobile device management (MDM) server, Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.
So - if you copy that key - that one key that's, "not used to maintain the confidentiality of the data", then prevent the erasing system from working its magic.
Incidentally, people forget that the term "solid state" is to distinguish semiconductor technology from vacuum tubes.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Someone upthread posted that the hardware ID is actually burned (for want of a better word) into the chip during manufacture, and as the phone and the CPU will have their own serial numbers, then such records would be kept, e.g. Phone serial # abc123 has CPU serial # xzy789, with hardware ID abck4e5ur789. I can't imagine why they *wouldn't* keep such information - you'd need it to verify authenticity, warranty, or ownership for some examples. Someone brings an iphone into an Apple store to repair a cracked screen, do you think they're *not* going to check it against the serial numbers of known stolen phones? Or check that it's not a brumby, i.e. some dodgy repairer has substituted the guts of one phone into the enclosure of another, thus presenting a mismatch of serial numbers?
They sentenced me to twenty years of boredom
They MIGHT have had good intentions when they ran for student council in _middle school_. Beyond that; I don't believe it.
Trump is clearly an 'unauthorized' candidate. It happens, they are usually left to their 'purity', not knowing a thing that goes on around them.
Even when practiced by two groups of the worst people on the planet (Ds and Rs) politics remains the 'art of the possible'.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
"unlock the phone"
"no"
"sudo unlock the phone"
"Dammit. OK..."
I have two 4GB microdrives (to the IBM definition of "microdrive", which is 43mm36mmx5mm). Haven't plugged 'em in in years. Pretty sure they'd fit and run in any device that accepts CFII...
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
I've never heard anyone who even sounded vaguely like he knew what he was talking about say he could access "effaceable memory" and get that number out. Plenty who clearly don't (both Issa and John McCaffee come to mind) act like it's trivial, but it just doesn't work like that.
The whole point of the court order is that they can;t stop the erasing system without a signed re-write of iOS from Apple.
First off, why would they keep that particular number? Their entire marketing strategy is based on them not having that number, and numerous other identification codes that have nothing to do with security could be used to tell whether this mainboard was shipped with that display. Use an ID from some other chip on the main board, or ship with a random key, or damn near anything except have a key you can reconstruct yourself.
Secondly, we're don't seem to be talking about the same number.
The way the iPhone locks itself after 10 wrong PINs is it rewrites the number. The dude I'm talking to upthread (and let's see if this little trick actually works in giving you a reference) got this from Apple's site "The metadata of all files in the file system is encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user."
It's possible that Apple could figure out the key it shipped from the factory. But if the user, or the owner (in this case the County) has ever reinstalled the OS or wiped the phone it would be a totally new key.
I haven't had the need to try it before but doesn't the phone need to be unlocked for that to work?
I could not live with the thought of having as many as 5 digits, so I cut my thumb off.
The FBI Director should be jailed for attempting to conscript a private corporation into law enforcement. The sentence should be doubled for doing so before exhausting every potential avenue within the government.
I am fairly certain changing the operating system would make the evidence similarly dubious.
They need the hardware id of the device which is combined with the pin for the key. The only way to get the hardware device is through a fairly tricky process that could easily destroy the id instead of revealing it.
Wish I hadn't just used all mine :(
Was my post the perfect balance between imbecilic and trollish?
Ding! We have a winner several zillion posts down the page and buried.
If a software/firmware update can disable the key wipe, then the FBI should be able to bypass it through direct hardware access and copying. The new phones do this all within a secured chip, making it much harder, but the 5c doesn't have that extra hardware protection.
Let us live so that when we come to die, even the undertaker will be sorry -- Mark Twain
I think I might have thought of a way in (or at least a different way to try) but I'm unsure of the technical details. At some point, there's the chip that sends a message to erase the data or to encrypt it with garbage. That has to travel over some sort of bus. Get a model of the same phone, observe the signal that is sent when that is intentionally done on the second phone, and the interrupt it. This does nothing for the time delay but I'd give even odds that such is overlooked and a simple reboot will start the cycle over again when the limit of 10 is reached.
The signal is sent, if I understand correctly, from a second chip. Interrupt it and don't let it get sent at all. This may not work, not necessarily, I can think of a few kludges in the way but they might not be there - and we've no real way of knowing as we're not Apple engineers. But... It does seem like it's worth trying. The signal may be encrypted itself (can that be found or is it turtles all the way down?), the phone may stop after 10 and a reboot may not reset that - it's hard to tell what it'll do in a failure - there might be a way to interrupt and replay directly at the bus line, and a few other things.
I'd go into more detail but I am soon off for the day. I'll be busy again today. Yay... Go me... Then, I may be off on one of two adventures. Or not... It really depends.
At any rate, someone with more skill than I can think about it further. If successful, I only ask that you not blame me. I don't have a problem with the FBI having the data, not at all. What I do have a problem with is the judge ordering the company to write software. What I do have issue with is the judicial overreach. In the end, I'm hoping the backlash from this results in an unemployed ex-judge but I suspect that's more than I will get.
Those liberties weren't going to erode themselves, it's a good thing we've got judges to help 'em out. :/
"So long and thanks for all the fish."
disc and disk are used to describe a flat cylinder. That's where the terms originated.
Do not look into laser with remaining eye.
No. The iPhone 5c, the phone in this dispute, doesn't have the "tamperproof chip." That's only in the current generation.
Kriston
No doubt. An 8 digit would have explained the article without using personal pronouns in the third person and then thrown poo at the 7 digit poster....
Unicorn!! Uuuuuuuunicorn!!
Directory Comey made another misleading statement – twice – to Congress yesterday; namely that the FBI has attempted every possibility of unlocking the device on their own, and is even willing to accept input from any experts. Quite the contrary, at least three possibilities have come to light that the FBI has not yet explored:
No shit. Somebody associated with the security community swears up and down that some trivial-sounding idea only he has can actually do this for cheap. Nothing is stopping that guy from buying an iPhone 5c, and proving it. He does that shit on Youtube, and he'll the hero of a fucking generation for making this case go away.
As for "kiosks in China" why would you need 11 tries at the PIN to do that shit? It's your own phone, with the PIN you put on it. I have no doubt they have to do something to replace the Flash storage on a phone, but trying 11 PINs in a row is not one of them.
I don't have an EE, but it seems to me that "Effaceable memory on a FLASH chip" is "chips on the motherboard."
I'm not sure it really makes the case go away, it just makes the FBI look really stupid if it works. Be it that he's actually involved in the congressional questioning, I'd say his point is mainly the FBI did not in fact try. I'll throw it out there that the Chinese hardware was probably fabricated at an Apple factory... There's not much legal about copying that hardware... Nor is he really claiming it's something he's the only one coming up with it. While there's literally no nuance in this source article, you'd still have to buy yourself an extra iPhone or two and then plan a trip to China, for the primary purpose of pissing off the FBI... and Apple... There's no heroics involved.
The technology that they are describing as the "secure enclave" does not exist on the iPhone used by the shooter, which is a software-only solution that relies on an ID number embedded in the CPU.
Kriston
What have I said that isn't a description of the effaceable memory Apple has put on the 5c? It's in Flash. Flash is not a hard disk. It is not papyrus. It is a chip on the motherboard.
It's designed so that you don't get the decryption key for the hardware on a copy, and you can't just back it up to iCloud, restore the backup to 100 iPhone 5cs, and try 10 PINs on each.
Yes it makes the case go away.
Under the All Writs Act if someone, literally anyone in the entire universe, besides the company served the Writ can do the job then the Writ is invalid due to a lack of Proximity. Since everyone involved swears up and down that Apple's system is unhackable without a new version of iOS signed by Apple*, they're arguing the other half of the test (that it's an Undue Burden to force Apple to comply with the Writ), along with a lot of political bullshit the Judge is officially not supposed to care about (ie: that the investigation is of a horrendous crime, that the victim's relatives who have taken a side are siding with Apple, etc.).
So if this guy is not talking out of his ass because it sounds good, he can single-handedly make himself the most popular security guy in the Valley for the price of a plane ticket and a 5c.
Since he's not doing that, I suspect he's quite wrong about the number of PINs that get tried in these kiosks.
*Strictly speaking Apple does make an argument against proximity, but it's firmly in the tradition of "we've got lawyers, let's waste everyone's time just in case this stupid shit works," not in the tradition of arguing the actual law.
Assuming I understand the hardware correctly, you're conflating two unrelated keys:
When the disk is decrypted, your passcode is entangled with that permanent hardware key, and used to decrypt the disk encryption key. This means that having the data from the flash part is insufficient because you don't have that 256-bit hardware key. However, the 256-bit hardware key cannot change, because it consists of physical fuses. Therefore, if you externally copy the data from the flash parts and restore it, or otherwise mimic writes temporarily, then you're effectively preventing the device from being able to wipe the disk encryption key after n unsuccessful attempts, so the next time it boots after you restore the flash data, you'll have another n tries to guess the password.
That attack probably won't work with the 5s, of course, because of the coprocessor/secure enclave, but that doesn't apply when you're talking about the 5c.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If Representative Darrell Issa actually said that then it is even more proof that you cannot have a rational discussion of this subject without understanding the technology. Without that understanding almost anything you say makes you look like a buffoon.
Sure you could image the hardware and try to brute force the encryption key, it would take you Trillions of years but you could do it. Reason being that the encryption key used on the storage is derived by mixing the users unlock code AND a strong secret, held within the devices CPU, the UID (even on the 5c). Without getting a copy of that from the device as well a the encrypted storage you cannot reduce the brute force guessing to the level of the passcode, being as the UID has much of the entropy of the two.
Apple quite logically has created the hardware of the CPU so that the UID is not available to any interface only as the output from an atomic operation when it is cryptographically mixed with the passcode guess. Also NO pretty sure you cannot physically extract it by taking the CPU apart, Apple would have made decapping the CPU extremely likely to damage it a way that prevents access. Which by the way would also render the evidence suspect and open to challenge under cross examination.