Slashdot Mirror
FBI Should Try To Unlock iPhone Without Apple's Help, Lawmaker Says (csoonline.com)
itwbennett writes: Representative Darrell Issa, a California Republican and former car-alarm entrepreneur, has suggested that the FBI try unlocking mass shooter Syed Rizwan Farook by copying the hard drive and running password attempts until they find the correct password. Bruce Sewell, Apple's senior vice president and general counsel, said during a congressional hearing that, although the company doesn't know the condition of the shooter's iPhone, Issa's approach may work.
Someone is confusing the iPhone with the iPod Classic.
This guy's so far behind the times, he thinks an Iphone has a hard drive in it.
Have you ever fallen asleep at the keybhanusdiog?
Well duh the approach may work, which is one of the reasons the All Writs Act shouldn't apply (it is only supposed to be used when Apple's help is necessary, not 'necessary for how we feel like doing it'). But the goal of the FBI is not, and has never been, to actually get into the phone. The FBI's goal all along has been to use this as ammunition to press Congress for mandated backdoors and/or more funding for their 'cybercrime' division.
You can bet your ass the NSA already HAS a copy and is either actively brute forcing it, or has already done so. But they'll never publicly admit to it, because doing so will expose too much of their capability.
Also, in terms of the Cloud Backup approach, it should be a relatively simple matter to hook the phone up to a custom network which mimicks the iCloud server, and they would know immediately if the phone is even trying to backup to it or not. If it is, it's also relatively simple for the Cloud instance to just accept whatever password hash the phone sends.
“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property Section in the Department of Justice, said during his keynote address at the DFRWS computer forensics conference in Washington, D.C., last Monday. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted you have lost any chance of recovering that data.”
From: The iPhone Has Passed a Key Security Threshold
I'm sure a politician knows more about crypto than MIT or the DoJ.
I am not interested in articles about life extension advancements.
Have you even read the summary? How would the iPhone do that if they make binary image of the storage? Can it magically format other storage devices as well?
In this case, the suggestion is (perhaps accidentally) correct in that it is the FBI's job to discover evidence in their own possession, not Apple's. The burden of cracking the phone should be on the agency.
try unlocking mass shooter Syed Rizwan Farook
Good luck unlocking a dead man.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That isn't the problem, but the real problem is that the private key is kept in NAND memory, not the flash memory (what they're calling the "hard drive"). The FBI isn't already doing this because it's really hard... mathematically hard. As in, unless they have quantum computers we don't know about, they won't be able to figure out what's on that phone for eons. And without the private key, it would be hard to even know the difference between the encrypted gobbledygook and the unencrypted data if you crack it.
I maintain that they are pretty sure that there's nothing of value on that phone, and that this whole exercise was a ruse to gain government backdoors to encryption because, terrorism.
Gamingmuseum.com: Give your 3D accelerator a rest.
and watch the phone format itself after they fail.
Ladies and Gentlemen, the answer from a 6 digit Slashdot member. It manages an almost perfect balance between trollish and imbecilic, while leaving no doubt about the fact he didn't RTFA.
At 5 digits, his reply would be a dupe of a previous one, and you'd understand he doesn't even understand the concept of the article.
At 4, the comment would just be an anagram of both "first post" and a bodily fluid.
Reading a 3 digits comment would be akin to hearing the voice of God.
At 2 digits, the words shape the chaos into reality.
Not even Gods speak about single digit comments. And when they do it's in weakly whispers. For such power is better to leave asleep.
No, not on the iPhone 5C it isn't.
The 'Secure Enclave' is 5S, 6, 6+, 6S, and 6S+.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
7-digit ID talking shit about 6-digit IDs. Now I've seen it all.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
This is incorrect. The phone does not store the key anywhere. The key is made up of the phones unique identifier value, and your pin, combined to make the key. What they can do is use acid, high powered visual equipment and lasers to try to determine the unique identifier from the iPhones CPU, and then try to brute force that with various pin numbers.
I came, I conquered, I coredumped
The answer is easy. They are not interested in the contents of the terrorist's phone as much as they want a magic key that will unlock anyone's iPhone anywhere. The NSA already has all the metadata from this phone recorded anyway, so the whole alarmist search for the phone's contents is a front for the government's overweening desire to pry into everyone's life.
Low UIDs aren't that uncommon. There are 899 three digit UIDs. That would be a pantheon dwarfing even the Greek gods of old.
I read the internet for the articles.
It is not as easy, the iPhone have FIPS 140-2 crypto processor that stores the key, you can not copy that data, and you can not emulate it. Or force attack the secure crytpto processor... I think the aproach of copy the hard disk is not posible, take a look to Apple documentation. https://www.apple.com/business... I am not sure even if is posible to release a new iOs without the retry password and time limits, It shouldn't be possible if the design is well done as it seems.
Damia
My guess would be... you don't get a second chance.. if you fuckup.. it's dead. And acid is not exactly the most predictable thing to work with.
I came, I conquered, I coredumped
Comment removed based on user account deletion
What I fundamentally don't understand is this:
EITHER
a) if this is GENUINELY a mattter of national security, the FBI could actually hand the phone to the NSA and get the information in about 30 seconds but for some reason isn't doing so, or
b) the NSA's upteen-gajillion-dollar "black" budget has pretty much enabled them to record/analyze/store only the utterly banal unencrypted conversations that you could hear just sitting and listening to the guy next to you at the coffeeshop, ie almost entirely wasted on stupid crap.
I don't see really any other alternative.
I'd expect, for example, that Russian and Chinese government communications are ROUTINELY of a higher level of encryption than the bloody iPhone you can buy at the mall, and yet the NSA's *job* is to listen in on that stuff and they claim that they're pretty damned good at it?
-Styopa
Now you're just being pedantic.
The FBI should copy the contents of the storage medium to another storage medium and attempt to brute-force it. That's what the lawmaker is saying in a nutshell. This lawmaker is actually making our case, that it's not Apple or any other vendor's job to break their own security, that it's the investigating agency's job to essentially prove its case by doing that work itself. Stop attacking the person actually trying to help by nitpicking what they say.
Do not look into laser with remaining eye.
How many years have we been reading about security researchers mounting clever side channel attacks on things like smart cards? Has everyone here forgotten about Tempest already? So how likely is it that the NSA can't read a phone's hardware UID without acid-etching the CPU, either directly or by recovering the contents of memory? It could be simple as entering a PIN and observing what (wrong) encryption key the CPU generates.
But there are some really good reasons (from the FBI's standpoint) for compelling Apples' cooperation. First, they'd like the legal precedent that manufacturers have to provide them with a way in. Second, they won't have to go hat in hand to another agency to ask for help. Third, it'd be a lot more quick, convenient and cheap to install a compromised OS on a device than it would be to have to disassemble it. You could potentially do that while you had someone in short term custody (e.g. within 100 miles of the US border, which can be done without probable cause and where 2/3 of the American population lives).
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I could have had a 4-digit id, but I come from an era when long-term lurking before posting was considered virtuous.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Let there be...
nevermind.
So you make another copy and try again?
You can't make a copy. That's the whole design of the system.
You can work around that by trying to apply just enough acid to just the right places to get the data off the chip that you would need to copy, but if you fuck it up the chip is ruined and the data is lost forever.
The court has ordered Apple to write a piece of software that Apple claims does not exist. Apple claim they can write the software but are refusing to do so because they consider such a tool to be "digital cancer". The legal argument appears to boil down to the definition of "reasonable burden", ie: is it reasonable to burden Apple with writing a piece of software that they claim would significantly damage their commercial reputation?
The court seems to be in a position of weighing up which of two things are more 'valuable', the unknown future value of the information vs the unknown future loss to Apple.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
The key is derived from a) a chip on the motherboard, and b) your PIN. The chip is specifically designed so that it ain't gonna tell you it's bit unless the PIN is right. You could probably get the hardware bit of the key by destroying the relevant chip to read it, but if you fuck that up the key is gone forever, and you still don't have a PIN. And the whole shebang kills itself (including the hardware bit of the key that you actually need if you wever want to read the iPhone's data) if you enter the wrong PIN 10 times.
The "Chip" you're talking about is the security enclave which is not on the iPhone 5C. The filesystem key is not stored in the security enclave. If you make a copy of the encrypted memory that stores the filesystem key bit for bit, then you've defeated the erasing system. It's also possible the FBI is terribly incompetent given they have multi million dollar forensic labs that can't figure out how to copy this memory.
The 5c has a hardware-defined security code that works roughly how I described. Ars Technica has a fairly good article on how hard it would be to get the relevant info out of the iPhone without the PIN. Secure Enclave's new wrinkle is that most of the process got moved out of the OS into the firmware, not that the architecture of the security system changed.
I am far from an actual CompSci or EE person, so it's probable I'm missing more then a few little wrinkles in this system that are very important to the Slashdot audience, but I think I have abetter handle on the issue then fucking Issa.
I think I might have thought of a way in (or at least a different way to try) but I'm unsure of the technical details. At some point, there's the chip that sends a message to erase the data or to encrypt it with garbage. That has to travel over some sort of bus. Get a model of the same phone, observe the signal that is sent when that is intentionally done on the second phone, and the interrupt it. This does nothing for the time delay but I'd give even odds that such is overlooked and a simple reboot will start the cycle over again when the limit of 10 is reached.
The signal is sent, if I understand correctly, from a second chip. Interrupt it and don't let it get sent at all. This may not work, not necessarily, I can think of a few kludges in the way but they might not be there - and we've no real way of knowing as we're not Apple engineers. But... It does seem like it's worth trying. The signal may be encrypted itself (can that be found or is it turtles all the way down?), the phone may stop after 10 and a reboot may not reset that - it's hard to tell what it'll do in a failure - there might be a way to interrupt and replay directly at the bus line, and a few other things.
I'd go into more detail but I am soon off for the day. I'll be busy again today. Yay... Go me... Then, I may be off on one of two adventures. Or not... It really depends.
At any rate, someone with more skill than I can think about it further. If successful, I only ask that you not blame me. I don't have a problem with the FBI having the data, not at all. What I do have a problem with is the judge ordering the company to write software. What I do have issue with is the judicial overreach. In the end, I'm hoping the backlash from this results in an unemployed ex-judge but I suspect that's more than I will get.
Those liberties weren't going to erode themselves, it's a good thing we've got judges to help 'em out. :/
"So long and thanks for all the fish."