FBI May Be Opening A Security Hole To Federal Agencies

Lucas123 writes: In its rush to gather information, the FBI blew its chance to retrieve data from the iPhone of one of the San Bernardino terrorists when it ordered his iCloud passcode to be reset shortly after the attacks. Now in its fervor to force Apple to create software that can break its own encryption algorithm, the FBI may be opening a security hole to federal agencies. Over the past four years, the federal government has largely shifted its use of mobile devices from Blackberry to iPhones. One major reason for that is -- you guessed it -- the strong native security. If Apple creates an iPhone skeleton key, it not only threatens the public's privacy, but the security of the federal government as well.

Pandora's box

[turkeydance]

how's that Hope thing working out?

Re:Pandora's box

Pretty well. Those that were buying into Hope And Change are still hoping. They got eight years of hope out of it, that's pretty good and hoping feels so much better than changing/doing anyway.

Re:Pandora's box

Hope in one hand and shit in the other, and see which one fills up first.

Re:Pandora's box

[Xenx]

I think I'd still take the empty hand over the full one.

Re:Pandora's box

[donaldm]

Since this is an American issue, so far I think the saying "Hoisted with one's own petard" applies here. Unfortunately sometimes American issues become world wide problems.

Re:Pandora's box

[silentcoder]

Did we just see a conservative basically admitting that Romney as president would have been a shitty outcome ?

Well he was a supporter of trickle-down, which was formerly known as Horse-and-Sparrow economics. The metaphor being that "if you feed the horses well the sparrows can get by on the seeds in their droppings". So it kind of comes full circle -the term "horse-and-sparrow" fell out of favor after somebody pointed out the problem with it: the poor are *literally* expected to eat horseshit.

Re:Pandora's box

Nope you saw a reference to the promised "Hope and Change" of the current administration. Hope in one hand and Change in the other. Your demonstrating a lack of understanding of economics in a diatribe against the right notwithstanding. That was not a conservative admitting anything wrong, rather pointing out the continuing failure of Hope and Change.

Re:Pandora's box

[MitchDev]

Easy to enact change when the oppostion party says "We aren't going to do our jobs, we are just going to oppose EVERYTHING!"

Re:Pandora's box

Sorry about that. Money and Assholes often occupy the same space. The virus attacks the host.

Re:Pandora's box

[Coren22]

Hard to enact any of that change when one side fails to propose any of their changes beyond "We need immigration reform!"

You blame the republicans for failing to come up with bills for the president to veto, while the president completely fails to propose anything to them to pass or not.

You are also talking about the president that refused to negotiate when negotiation was the only way to get what he wanted.

Re:Pandora's box

[MitchDev]

Ah, you're a far-right republican, I see (just as bad as a far-left democrat)
No reason to bother trying to talk to you

Re:Pandora's box

[Dcnjoe60]

In the US, it takes Congress to pass legislation which is the part that creates change. The person at the top sets the vision, but Congress makes it happen or in this case keeps it from happening. So, regardless of Obama, if your complaint is lack of change, that would be the Congress, which is predominately the Republican Party. There is an election coming up, where you have not only the opportunity to change the person at the top, but those who stymied any change for the last eight years.

Re:Pandora's box

[Coren22]

Nice to see you dismiss other's opinions. No, I am not a republican.

Re:Pandora's box

No. That was you admitting the failure of Conservativism.

Re:Pandora's box

[eric_harris_76]

The Republicans didn't always control the Congress. What about before then?

Re:Pandora's box

[MitchDev]

Filibustered their asses off, and the still controlled key committees

Re:Pandora's box

[eric_harris_76]

Gosh, how'd they retain control of key committees if they weren't the majority party?

Golly. I bet the Democrats eliminated the ability to filibuster, first chance they got, right?

Re:Pandora's box

[MitchDev]

Yawn, go suck Trump's dick elsewhere child. The adults are talking here.

"skeleton key"

explain how allowing the FBI to brute force individual iPhones in a lab setting constitutes creating a "skeleton key" that poses a risk to iPhones in the wild? I still haven't heard a remotely plausible explanation of how this happens without some seriously high level industrial espionage of the type that could render iPhones vulnerable *anyway* without Apple ever doing a thing to assist law enforcement? -Love, Legal.Troll

Re: "skeleton key"

Apple should store the backdoor source code on a locked iPhone. Problem solved.

Re: "skeleton key"

[O('_')O_Bush]

The issue is confused. The system is designed to prevent brute forcing, which is what the FBI originally wanted to do, but their recent calls have been for legislation to require tech companies to put in a back door to circumvent the encryption and only accessible by the device creators (yea, good luck with that).

Re:"skeleton key"

[Nethemas+the+Great]

The security of the iPhone is hinged upon OS binaries signed by an Apple security certificate. The FBI wants Apple to sign and/or produce binaries with weakened security. Having achieved this, the FBI and all parties in possession of said binaries simply have to swap out the old secure binaries for their version since the phone trusts anything signed by Apple.

Re:"skeleton key"

[Archfeld]

Because the FBI doesn't want to brute force the phones, they want a backdoor into all iPhones at the OS or even better firmware level despite the mass amount of FUD https://en.wikipedia.org/wiki/... they are filling the airwaves with. If they get away with forcing Apple to provide such, then the other vendors will be a slam dunk. Beyond that we all know that if there is a door, hidden or not some Ukrainian teenager will figure it out in like a week, not to mention actual government sponsored professionals.

Re:"skeleton key"

The skeleton key applies to the court system. If the court forces Apple to open this phone, the FBI will start filing motions to open thousands of other phones. Sort of like FISA I imagine it being a rubber stamp process.

Re:"skeleton key"

[AHuxley]

The House Committee on the Judiciary Hearings, The Encryption Tightrope: Balancing Americans’ Security and Privacy (Streamed live on Mar 1, 2016)
https://www.youtube.com/watch?...
Try around the 4:05 point in. 200 phones are in line for the same skeleton key needs. As mentioned, that federally demanded, universal "skeleton key" will be ready as an overlap for State and Federal courts :)

Re: "skeleton key"

Except, of course, the court order specifically allows for Apple to NOT give the binaries to the FBI and the FBI requested it that way to address exactly that issue. But hey, I just read the writ, not the bullshit lies on the Internet.

Re: "skeleton key"

[Cramer]

Nope. Companies are creating things LEO's cannot defeat. (and in the case of iPhones, something even Apple cannot defeat. Unless they start recording the UIDs of every device.)

Re: "skeleton key"

[zieroh]

Except, of course, the court order specifically allows for Apple to NOT give the binaries to the FBI and the FBI requested it that way to address exactly that issue. But hey, I just read the writ, not the bullshit lies on the Internet.

Okay, I'll bite.

What happens the next time the FBI (or any other LEA) has an iPhone that they need information off of? The FBI has divulged that there already exist about a dozen phones that need breaking. They have also admitted -- in public testimony -- that this case would set a precedent.

So please tell me, specifically: how exactly is this just about a single phone, when the actual head of the actual FBI has admitted that it is categorically NOT about a single phone?

Re:"skeleton key"

[MobileTatsu-NJG]

Apple hasn't written the software they need to do it. It doesn't exist right now. Once they write it, it's written. Precedent is set and a floodgate of requests will begin and there won't be much Apple can do to make them stop.

Re: "skeleton key"

Sure, I was specifically addressing the lie that GP wrote, claiming "Having achieved this, the FBI and all parties in possession of said binaries simply have to swap out the old secure binaries for their version since the phone trusts anything signed by Apple." Which is also bullshit, as Apple can revoke the signing key they used for that binary if they really felt the need to.

Re:"skeleton key"

Allow San Bernandino killer's phone to be accessed, that bill dies quietly in committee.

Re: "skeleton key"

Companies are not refusing to cooperate with L/W or other government organizations. What you have here is two different groups of people with two separate goals, and their education and backgrounds are forcing them to think "in the box", rather than out of it.

Re: "skeleton key"

As well, it need only work on the Subject Device -- whose id is conveniently provided in the writ. If that check is coded into the binary and that binary is signed, one could not trivially run it on another device.

Re: "skeleton key"

[AHuxley]

AC the "revoke" issue wont work to try and keep it for "one" physical. The request is for code that is on a drive that is given to the US gov. The computer code can then be used to open product lines at a state and federal level.
The code as a method on a computer hard drive is been conscripted for a generation of phones, not one physical phone.
Again the House Committee on the Judiciary Hearings, The Encryption Tightrope: Balancing Americans’ Security and Privacy (Streamed live on Mar 1, 2016)
https://www.youtube.com/watch?...
4:44 and onto 4:45 has the details on the request made.
Tool was to be put on a hard drive.
Hard drive with the new tool was to be sent to US gov.
A gov computer would then perform the task. Portable, reusable.
More details at (March 2, 2016)
http://nypost.com/2016/03/02/f...
"“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,”"

Re:"skeleton key"

[aaarrrgggh]

Doesn't matter; with the legal precedent set and complied with Apple cannot refuse in the future. It is three branches of government conspiring together to force Apple (and everyone else) to be able to break their devices.

Re:"skeleton key"

It's a legal skeleton key. It allows the law into any phone given sufficient reason. Sufficient reason being open to many interpretations.

Re:"skeleton key"

[davester666]

Well, you can bet the FBI will do everything they can to copy the OS off the iPhone to try to use it on similar model phones. And the NSA just might happen to walk by and see what's up with the FBI's new toy. And then they will 'happen' to have one of each different model iPhone needing to be unlocked.

The NSA MIGHT be competent enough to be able to control it's use if they got it, the FBI is lucky if they can prevent the general population from poking around in their databases.

Re: "skeleton key"

He'll, right now all it takes is the judge to become tired of Cooks bullshit and toss him in Jail.

Well, since we're going to play politics with our Rights, I don't mind a judge sitting idly by, very nervous about tossing an icon of American Capitalism behind bars, knowing full well what kind of message that would send to the rest of the trillion dollar industry. You think CEOs would want to continue doing business in the US with that kind of shit being pulled? Not likely.

Seems politics is keeping a judge in line, and I love it when politics is used in defense. Fuck 'em if they don't like their own goddamn games. I don't like playing games with the Constitution either.

Re:"skeleton key"

It's a legal skeleton key. It allows the law into any phone given sufficient reason. Sufficient reason being open to many interpretations.

Terrorism

There. There's your "many" interpretations.

Nothing more has been necessary to define "sufficient reason" for well over a decade. In other words, it has created precedent.

Re: "skeleton key"

[meerling]

They didn't refuse to cooperate, they refused to engage in the process to develop a tool to defeat their own security system.
It's kind of the difference between giving a mugger your wallet when he demands it, and bringing him to the bank to cosign for his Small Crime Business Loan then babysit his kids for a few hours while he goes and mugs some other people.

Re: "skeleton key"

[meerling]

So, does anyone remember how when the bullshit stuff they kneejerk passed over 911 basically let the cops get away with a lot of bullshit, but they swore up and down that it would never be abused or used for anything other than terrorist related stuff, and that it could be even if they wanted to?
So anyhow the feds have been going around to the local cops for several years now teaching them how to use that 'anti-terrorist' stuff to apply to virtually anyone and get away with a ton of shit they aren't supposed to be doing in the first place.
What makes you think this will be any different.
Besides, this isn't a one time thing in Apples control if Apple gives in.
It will kill trust in Apples security, that'll hurt the company.
Since it will have been done once, it suddenly becomes easier to duplicate by someone else, even if they don't eventually get their hands on that 'restricted code' because no matter how careful people claim to be with digital files, they always seem to leak.
Don't forget as well that this will create a precedent, and then the government will just demand that the security cracker be used pretty much anytime the cops/feds/whatever can't figure it out, or would rather go have a second donut instead of doing the work.
No matter how you slice it, developing a way to bypass the security of that dead mans phone so they can root around and maybe find clues of some other criminal activity or person that may never have existed is a really bad idea, unless you jerk off to 1984 on an hourly basis.

Re: "skeleton key"

[silentcoder]

If what they were doing was not *exactly* in agreement with the will of the people (you know - those guys whose consent you're supposed to have for governing them) - then it would be a piss-poor marketing strategy, akin to an ad saying "Buy an apple, we rape children for cheap labour to make them". Of course they do, in fact, do that - but they would never put it in an ad - it's a bad marketing strategy to tell the public something they don't want to hear.

Clearly then the public DOES want to hear: "We refuse to make it easy for the government to read your texts".

And since the government is supposed to work FOR the taxpayers and voters, they may want to start listening to what the boss is telling them.

Re: "skeleton key"

[silentcoder]

I keep reading that analogy, but it makes no sense... there's no car in there anywhere !

Re:"skeleton key"

[silentcoder]

You, and the FBI, are assuming that apple is even capable of writing such software.

I'm not so convinced. Bruce Schneier has frequently said: "Anybody can create a security system he himself cannot break", his point is in favour of open security and encryption standards of course - the point of a security system is that somebody else shouldn't be able to break it, being unable yourself is no evidence of that. But it also has some legitimacy as a more direct claim.
Apple was responding to the market pressures that came post-Snowden in particular, and the best response was to make that thing as secure as their best engineers could figure out how to do - which, by definition, is a system MORE secure than their best engineers can figure out how to BREAK.

The odds are, in fact, quite strongly against apple actually having the skills to do what they are being asked - though I doubt they would readily say that in public, computer security engineers would understand it but the public may well fail to understand it. The last thing you want to do is make a public statement that sounds to customers like you're declaring yourself incompetent.
It would ,to experts, however mean the opposite - it would mean they had been sincere when trying to build the most secure system they could. The most secure system anybody can build is a system more secure than they themselves can break.

Re: "skeleton key"

[buck-yar]

Most people aren't tin foil hat people that through paranoia think the govt is spying on them.

And most are OK with govt monitoring communications for terrorist/criminal activity. Maybe you missed the NSA poll? https://www.washingtonpost.com...

Re: "skeleton key"

[silentcoder]

I've always been hugely in favour of jailing CEOs. If the company commits a crime for which *I* would go to jail, then their fucking CEO should be sharing a cell with me.

How ironic that the first time it may actually happen - it's because of refusing to do something which shouldn't be a crime and is actually GOOD for the public... where was this zealous law enforcement against the fraudulent banksters in 2008 ? Where was this for all the companies that dumped toxic shit in people's drinking water ? Where's this "jail the CEO" desire for the executives at VW ?

Hell apple has done a lot of shit I think Cook OUGHT to be in jail for - their use of child-labor in unsafe sweatshops is near the top of that list. But the first glimpse that Cook may actually serve time it's a possible contempt charge for a rare occasion of a corporation actually doing the RIGHT thing (for utterly selfish reasons of course).

Re: "skeleton key"

yes that was included under (2) "we have rendered ourselves unable to cooperate with you". Since that is what Apple is doing, that is what the law enforcement agencies have asked to be defeated via legislation. If it is, Apple doesn't get to decide not to cooperate. It has to build its new phones how the law says. They can avoid the threat of such legislation by not refusing to grant access to the phone of a terrorist mass murderer as a matter of marketing strategy.

And bamm, we are right back at the fucking point of the fucking article: The FBI wants to make all phones less secure for the government to use - because the government is also part of everyfuckingbody.. Not Apple, like you want to pretend, but the FBI.

Re: "skeleton key"

And what happens when the defense attorney's for someone charged based off information gathered from that device demands validation that the "unlock" process did not alter data creating an apparent connection to the deceased shooters that did not actually exist.

In fact for the unlock to work, the new binary has to remain on the device when it is turned over to the FBI forensic team for extraction and analysis of the data. What the writ said and what is required for actual chain of custody and correct forensic handling of the data and the extraction of the data are two different things. The FBI will get a copy of this binary if Apple is forced to create it.

Then there are the multiple other devices that the FBI now wants opened with this as yet non-existent tool.

Re: "skeleton key"

Most people aren't tin foil hat people that through paranoia think the govt is spying on them.

And most are OK with govt monitoring communications for terrorist/criminal activity. Maybe you missed the NSA poll? https://www.washingtonpost.com...

That is an interesting article. The poll says that 2/3 of Democrats are in favour of the government having the ability to invade privacy, compared to 1/2 of Republicans, with a Democrat in office. With a Republican in office, it was 1/3 of Democrats and 3/4 of Republicans. It is also all about invasion of privacy specifically to thwart terrorism, one of the least likely things to kill you. How would people respond to government monitoring of your drinking, smoking, eating or driving habits?

The only conclusion I came to from reading it are that people are idiots.

Re: "skeleton key"

[kilfarsnar]

That's only because companies are resolutely refusing to cooperate with lawful investigations. Law enforcement really has no other choice but to request legislation that prevents companies from saying either (1) "we refuse to cooperate with you", or (2) we have rendered ourselves unable to cooperate with you

Yes, they can request legislation. But that's not what they are doing. They are looking for a court to force Apple to comply, no legislation involved.

Re: "skeleton key"

The FBI has broken its trust repeatedly in the past, so much so that at one point America's own president was afraid of the FBI Director. Why should they be trusted now?

Re: "skeleton key"

[kilfarsnar]

yes that was included under (2) "we have rendered ourselves unable to cooperate with you". Since that is what Apple is doing, that is what the law enforcement agencies have asked to be defeated via legislation.

No, this is incorrect. Law enforcement agencies are asking a court to force Apple to create new software. They are not asking for new legislation.

If it is, Apple doesn't get to decide not to cooperate. It has to build its new phones how the law says. They can avoid the threat of such legislation by not refusing to grant access to the phone of a terrorist mass murderer as a matter of marketing strategy.

Where is the law that says a company must produce whatever software tools the government requires?

Re: "skeleton key"

[kilfarsnar]

Most people aren't tin foil hat people that through paranoia think the govt is spying on them.

However, the government is spying on them, regardless of their level of paranoia about it.

And most are OK with govt monitoring communications for terrorist/criminal activity. Maybe you missed the NSA poll? https://www.washingtonpost.com...

That's because they lack imagination. They probably think they have noting to hide and therefore nothing to fear. Anyone posting here should understand that reasoning to be fallacious.

Re:"skeleton key"

[Khyber]

"I'm not so convinced. Bruce Schneier has frequently said: "Anybody can create a security system he himself cannot break""

Which goes against the convention any ACTUAL engineer knows by heart: Man can make it, man can break it, there are no exceptions.

Re:"skeleton key"

Bruce Schneier has frequently said: "Anybody can create a security system he himself cannot break"

ObBruceSchneierFacts:

When Bruce Schneier creates a security system he himself cannot break, he can still break it :)

Re: "skeleton key"

There's no glimpse that Tim Cook will go to jail. Apple have never said that if the court allows the writ to stand they will refuse to comply, they're just appealing it through the legal system.

Re: "skeleton key"

[silentcoder]

And how many international standars hashing algorithms have you written ? This is like some guy who just built a barbeque pit calling the designer of the Golden Gate bridge "not an actual civil engineer"

Re: "skeleton key"

It's kind of the difference between giving a car thief your car when he demands it, and bringing him to the car store to cosign for his Small Crime Car Loan then babysit his kids for him a few hours while he goes and carjacks some other people.

Re: "skeleton key"

Law enforcement agencies are asking a court to force Apple to create new software. They are not asking for new legislation.

Actually, they are asking for both.

Re: "skeleton key"

[painandgreed]

I keep reading that analogy, but it makes no sense... there's no car in there anywhere !

Apple Cars has built a car that is sold via retailers. One person who bought such a car committed a crime then died. (Really, it was his company car, but anyway...). The cops think there are things in the trunk that might be evidence that somebody helped him commit the crime but the trunk is locked by a programmed code set by the owner of the car. A feature of the iCar, is that the trunk can only be opened with the code while the engine is running and if the trunk is broken into or the wrong code is entered into the trunk keypad too many times, the gas tank explodes, destroying everything in the trunk. The cops could try and remove the gas tank and then break in, but the chances are they'l set fire to the gas tank and trunk in doing so. So, what the FBI wants, is for Apple Cars to build a new engine that has its own internal gasoline supply so it can run as well as a special pump to empty the gas tank under the trunk. Apple Cars does not have such an engine, so to provide one, they would have to have professional automotive engineers design a new engine, make sure there were no bugs, build it in their engine factories, test it on other iCars, and then have their own mechanics do the engine swap, so all the FBI has to do is use their automated key pad button pushing machine till the trunk opens (and blame Apple Cars if anything goes wrong).

Re: "skeleton key"

[Khyber]

The same has been said for almost every encryption method since the beginning of time.

Almost every one has been broken.

One only needs to look at history to learn from it. Actual field experience is not required.

Re:"skeleton key"

Could God create an encryption algorithm even He would be unable to crack?

Re:"skeleton key"

[Hotawa+Hawk-eye]

One possibility that requires just a little sloppiness on the part of the FBI and a little sneakiness on the part of the attacker: The next time the FBI wants to access a phone like this, the owner of the phone implanted a sort of trojan horse that recorded the information about the vulnerability the FBI used to access the phone and either phones home immediately (is the FBI diligent about keeping the phone in a Faraday cage?) or waits until the phone has network access and then phones home.

Re: "skeleton key"

[Hotawa+Hawk-eye]

Do you expect the mugger to walk all the way to the bank???

Re: "skeleton key"

[Hotawa+Hawk-eye]

Then Apple will release a press release saying that due to the judge's decision (and they will include the name of the judge in the statement) they cannot, in good conscience, sell their products in the US any longer if they will be forced to compromise the security of those devices. If they really want to twist the knife, they will inform the relevant government agencies in California (including both US senators) that they're moving (or even just considering moving) their headquarters out of California and out of the United States.

The public starts screaming for the judge's head.

The senators and the governor start screaming at the judge about the loss of jobs and revenue if Apple does pull out of the state.

Canada and Mexico start salivating at the thought of Apple moving there (I think Mexico's closer but more dangerous.)

Re: "skeleton key"

[silentcoder]

You utterly misunderstood the quote. It is not suggesting that anybody can create an unbreakable cypher. In fact it means the exact opposite of what you are arguing against. It means being unable to break your own cypher doesnt mean its even a little hard to break. You need lots of people trying to hreak it in order to get a decent one .

Re: "skeleton key"

[Agripa]

What happens the next time the FBI (or any other LEA) has an iPhone that they need information off of? The FBI has divulged that there already exist about a dozen phones that need breaking. They have also admitted -- in public testimony -- that this case would set a precedent.

So please tell me, specifically: how exactly is this just about a single phone, when the actual head of the actual FBI has admitted that it is categorically NOT about a single phone?

Does anything in the court order prevent Apple from destroying the binaries and source after providing the contents of the iPhone to the FBI? If so when the next request comes in, the court can order them to produce the software again and Apple can start over with development. The way I understand it, the court order also requires the FBI to reimburse Apple for the effort so that could get expensive for law enforcement quickly.

As if it matters

[93+Escort+Wagon]

Given how thoroughly large government organizations keep getting hacked - such as we've recently seen with the OPM and IRS - it's not as if there's any information on government employees' phones which isn't already in the hands of the Chinese, Russians, and various criminal syndicates.

Re:As if it matters

[Thanshin]

it's not as if there's any information on government employees' phones which isn't already in the hands of the Chinese, Russians, and various criminal syndicates.

It has to be frustrating, from a Chinese hacker point of view. You do your job, hack the super important secret agency chief's phone... And everything you get is a dupe because the guy in the next cubicle already hacked the thing last week.

Hopefully, Slashdot has prepared him for years to deal with the frustration of reading the same "new data" over and over.

From the Department of Obvious

For god's sakes, this isn't news!

Of COURSE it will open a security hole to federal agencies. ALL iPhones would compromised by such a skeleton key. The idea that federal government iPhones wouldn't be compromised is just plain delusional.

Re:From the Department of Obvious

[dsmatthews9379]

As delusional as thinking the iPhone is currently secure from "state actors" (including foreign ones) if they physically get hold of it? Because that would be very delusional.

Re:From the Department of Obvious

[Plumpaquatsch]

As delusional as thinking the iPhone is currently secure from "state actors" (including foreign ones) if they physically get hold of it? Because that would be very delusional.

Well, at least a script kiddie with a Rubber Ducky can't get in.

No Skeleton Key

[seawall]

Apple rather slickly has each update of each recent iOS be specific to a phone. ONE physical phone. Probably to prevent the skeleton key scenario.

  Each "copy" (not really an appropriate word here) of the update is unique (I don't know the details) which makes it hard to just use the same binary to on every phone. Each "copy" only works on one phone.

Re:No Skeleton Key

The skeleton key is the update code just before Apple makes it phone-specific.

Re:No Skeleton Key

yes but once apples makes on key the FBI will just tell it to make more as needed. and will point to this case to say they are required to do it. Pretty soon apple will have a whole department processing requests for keys.

So I was watching the X-Files...

[ChunderDownunder]

I find it hard to take the FBI seriously on iPhones when their own IT department's security is so lax.

Agent Mulder's work issued computer didn't even have a password protected lockscreen when the machine was idle. Thank goodness it was only Scully/Miller/Einstein - anyone from a double agent to a passer-by such as a cleaner or a vending machine technician could have accessed sensitive, classified information.

Re:So I was watching the X-Files...

[silentcoder]

I think Mulder's computer security relied on nobody knowing there was a computer in that room... I'm pretty sure each department of janitorial staff thought the door to Mulder's office was actually a supply closet used by one of the other janitorial departments.

Re:So I was watching the X-Files...

[silentcoder]

Actually... to be serious... did any OS even *have* password protected lock-screens c.a. 1993 ? I don't recall any - and certainly none that had it by default.

Re:So I was watching the X-Files...

NeXTStep definitely had one in '93, but none of the more common home computer OSs did at the time.

Re:So I was watching the X-Files...

I remember seeing screensavers that had password protection emerging around then.

Re: So I was watching the X-Files...

[silentcoder]

Ok. Never used that.

Re:So I was watching the X-Files...

With the mention of Agents Miller/Einstein, I believe he's talking about the 2016 X-Files.

Re:So I was watching the X-Files...

[tlhIngan]

Actually... to be serious... did any OS even *have* password protected lock-screens c.a. 1993 ? I don't recall any - and certainly none that had it by default.

I'm certain at least TWO did. Unix (and Unix-like) and Windows NT. Unix with their X terminals often had a lock function implemented a part of xdmcp or something, and NT3.5 was already a multiuser OS. Granted though, NT 3.5 looked a lot like Windows 3.1, so there may have been apprehension since you expect it to crash...

There is already a back door.

[TsuruchiBrian]

If it is possible for Apple to "create a backdoor" after the fact, then that itself is a back door. The FBI wants apple to release a version of it's OS that can disable certain security features and push that update out to the terrorist's phone without any confirmation from the (now deceased) user. Apple seems to confirm that this is indeed possible and has said that it would be dangerous to even create this version of it's OS because it might fall into the wrong hands and be abused. I would argue that it is already in the wrong hands, because it is in the hands of Apple, and even if Apple fights the FBI, they may be forced by a court to cooperate.

What Apple *should* do (and should have already done), is to create a security system that they would not have the ability to help the FBI hack into. They have already indicated they are working on this.

The IOS security is already broken. The only thing keeping the FBI from cracking it, is their own incompetence, and Apple's limited will to challenge the government. I doubt many people at Apple are willing to go to jail over this (nor should they be).

My advice to Apple, is to help the FBI hack into this phone, and come out with a real security system that is actually secure.

Re:There is already a back door.

[Nethemas+the+Great]

They'd lose face with their global customers.

Re:There is already a back door.

[TsuruchiBrian]

They could do it in the opposite order (come out with a good security system, and then give the FBI the skeleton key that only works on phones that haven't yet been updated to the new system). I would be much happier with Apple if they did this than if they didn't.

Re:There is already a back door.

My advice to Apple, is to help the FBI hack into this phone, and come out with a real security system that is actually secure.

Remember Mr. Phelps, if you or any of your IMF team are caught or captured, the Secretary will disavow all knowledge of your activity.

Good luck, Jim.

This message will self-destruct in five seconds.

Re:There is already a back door.

[tkrotchko]

"What Apple *should* do (and should have already done), is to create a security system that they would not have the ability to help the FBI hack into. They have already indicated they are working on this."

Precisely. I can think of at least two ways to do this that would make the "skeleton key" scenario moot. One of those ways would make brute forcing impossible, but would require significantly greater processor power and memory.

Re:There is already a back door.

[TsuruchiBrian]

I think a simple solution would be to require the device to be unlocked and require user confirmation to perform an OS update.

Re:There is already a back door.

[BitterOak]

My advice to Apple, is to help the FBI hack into this phone, and come out with a real security system that is actually secure.

The problem with this is once Apple successfully helps the FBI crack this phone, it will set a pattern of sorts, establishing a certain type of relationship between Apple and Law Enforcement. If Apple later threatens to create an OS which can't be hacked in this way, it would give the FBI the ammunition they need to go to Congress and ask for legislation to ensure that Apple can continue to provide this help to them in the future. The FBI can just say "Apple has helped us in the past, and now they're deliberately taking steps to make it impossible for them to keep providing the help they've been giving us all along. Protect the status quo and pass this legislation now." If Apple or anyone else complains, the FBI can respond by saying, "But Apple has been helping us crack phones all along and the sky didn't fall on our heads. All we want is the ability to keep doing what we've been doing." It might be hard to argue with that.

Re:There is already a back door.

Apple needs to make it where they can only read off the phones storage when it is unlocked and so that any update pushed while it is locked would require the complete wipe of the current storage within the phone as part of the update and unlock procedure.

Where they can write to those section of the storage, but not read or decrypt them and if they update the phone to unlock it, they wipe it of all data in the process and there is no way around this.

That would effectively fix a great deal of this.

Re:There is already a back door.

[TsuruchiBrian]

On the contrary, I think Apple would be able to say "We are literally helping as much as we can" (whihc is not very much since the system is very secure). As opposed to "We are purposefully not helping because if we did, the FBI would actually get what they want and a lot more".

Not to mention the fact that lots of people in the government actually use these phones, and having them be secure (even from Apple), as probably a good thing. It means that the data belonging to government agencies is safe, even in the event that Apple is hacked.

Re:There is already a back door.

[Dog-Cow]

Have you thought that through. At all?

Re:There is already a back door.

[Plumpaquatsch]

On the contrary, I think Apple would be able to say "We are literally helping as much as we can" (whihc is not very much since the system is very secure). As opposed to "We are purposefully not helping because if we did, the FBI would actually get what they want and a lot more".

But they are already helping the FBI as much as they can and have to, and if the FBI hadn't destroyed an easy way to acquire evidence by forcing the San Bernardino County to reset the iCloud password for the phone, they'd already have the information.

Re:There is already a back door.

If it is possible for Apple to "create a backdoor" after the fact, then that itself is a back door.

No, it's a vulnerability. The term "backdoor" is used to denote deliberate measures put in place to allow an organisation to effect entry into a device after the fact. That clearly hasn't happened here. It certainly is a vulnerability - but that largely reflects creep in security requirements from the old days when the assumption is "if your adversary has physical access, you're toast", which was more or less okay for mainframes in locked server rooms, to "devices are mobile now so you have to assume an adversary can get physical access to your device, e.g. by theft or impounding by a government" and protect even against that. And as Apple have demonstrated, we're learning how to do that with encryption, secure enclaves etc.

I expect even today we're at a kind of "work in progress" level where the existing measures are okay against most petty opponents (thieves, commercial rivals etc.) but don't cut it in this kind of situation where a government-level opponent potentially has the clout to force a company to undermine its own best endeavours.

Re:There is already a back door.

[TsuruchiBrian]

Yes, have you?

Re:There is already a back door.

[TsuruchiBrian]

They are not helping the FBI as much as they can, because they are not creating the backdoor that the FBI wants. I want Apple to be able to help the FBI as much as they can. And if they remove the back door, Apple can try to help the FBI crack passwords as much as they can, and it won't compromise the security of other users.

Re:There is already a back door.

[Plumpaquatsch]

They are also not giving the FBI a blow job, and they do seem to need one. Wanna force Apple to do that too?

Re:There is already a back door.

[TsuruchiBrian]

I never suggested Apple be forced to do anything.

Yeah, it was security that motivated them...

[MikeRT]

As opposed to the fact that most of the federal employees who got an iPhone just wanted one a lot more than a BlackBerry 10 phone. Which is a shame, really, because my Z10 is the best phone I've ever owned including my previous two iPhones. BlackBerry has the only MDM with an ATO from the DoD. If security were the primary motivation, they'd have standardized on BB10 phones with BlackBerry BES.

Re:Yeah, it was security that motivated them...

Yeah, they've been pwned already, so they went for the one that plays Farmville.

Re:Yeah, it was security that motivated them...

[LostMyBeaver]

I'll address this in a few parts.

1) BB was a good platform for its time. It's near absolute inflexibility from a development perspective made it a good platform for security since it was hard enough to code, it was pretty hard to hack. Palm Pilot wasn't bad either in its time.
2) BB10 is not BB. It is based on QNX which (I have extremely extensive experience coding for at a system level in direct coordination with QNX themselves) and is otherwise an entirely new operating system consisting of millions of lines of code produced by hundreds of developers over a short span of a few years.
3) To suggest that much new and untested code (no it hasn't been) is sheer silliness and doesn't belong in a forum for people who claim to understand technology. It is mathematically impossible to develop that much code that fast with that many people and have a secure platform.

So, let's talk about this... an iPhone and a Blackberry compared side by side are equally insecure. Sure, the obvious routes probably aren't a problem, but hackers don't use obvious routes... well sometimes the do... depends on what you consider obvious :)

I have always hated people saying things like "I don't even run antivirus, I'm running a Mac. Unlike a PC, it's secure!". I would respond "Just because no one is openly hacking it currently doesn't mean it's secure".

BES is secure until the messages hit the phones. Once they reach the phone, all security is absolutely gone. Secure messages require secure keys. Secure keys are 3072 bits or longer (for now according to the NSA... this means they can crack 3072 but they believe others can't). Unless you are manually typing 768 hexadecimal characters into the phone every time you log in to use BES, the key used for decrypting your messages is stored on the phone somewhere.

The key to decrypt the keys is probably a pin code or possibly up to a 10 character password convenient to type on the BB keyboard without too many shifts, controls, etc...

If I can locate the store of the key, locate the code to decrypt the key, find the location of 2 or more messages which contain headers (all do), then with the proper computational power, I can obtain the key to decrypt all messages stored by BES on the phone. It's only a matter of CPU. While the number of possible passwords to decrypt the keys increases exponentially with each character in length, the fact a laptop can crack 6 characters in a few second, 8 characters in about 10 minutes, throw 65536 CPUs or a few FPGAs at the problem and it would do 10 characters in about 10 minutes.

I never have been figuring out why so many idiots think that BES is secure... to decrypt messages, the phone has to be storing the information required to decrypt them. At some level there must be a way to read the messages and the security isn't as strong as the door and the lock securing it. It's as strong as the box next to the door holding a spare key that is guarded by a simple code.

Re:Yeah, it was security that motivated them...

[ControlsGeek]

From Wikipedia "The product was originally developed in the early 1980s by Canadian company Quantum Software Systems, later renamed QNX Software Systems and ultimately acquired by BlackBerry in 2010.[1] QNX was one of the first commercially successful microkernel operating systems[citation needed] and is used in a variety of devices including cars[2] and mobile phones."
So ... not developed in a short span of a few years.

BB10 has FIPS 140-2 certification

"The company said its BlackBerry 10 platform has received the FIPS 140-2 certification that would allow government agencies to deploy the devices, along with the new enterprise management platform on which they run, as soon as the new smartphones are launched.

Waterloo, Ontario-based RIM said this is the first time BlackBerry products have been FIPS certified ahead of launch".

http://business.financialpost....

Re:Yeah, it was security that motivated them...

" Unless you are manually typing 768 hexadecimal characters into the phone every time you log in to use BES, the key used for decrypting your messages is stored on the phone somewhere."
      The encryption software module generates the keys you never have to type them in. The keys are changed every 24 hours so if you do manage to crack the encryption key you are only able to decrypt messages sent during that 24 hour period.

Re:Yeah, it was security that motivated them...

So ... not developed in a short span of a few years.

There is a small difference between a micro kernel meant to run on an electronic control unit in an isolated network ( see cars ) and a full blown OS with UI, constant internet connectivity and smart phone specific drivers and network stacks. For the first you could use Windows 3.11 for work groups since it does not require any security at all and most cars have no protection once the attacker has access to the internal network. Vulnerabilities in any of the smart phone specific code can also be exploited to a good extend.

BB10 has FIPS 140-2 certification

AFAIK OpenSSL is also certified, the LibreSSL fork explicitly removed everything required by the certification for being counter productive, if not actively harmful to security.

Re:Yeah, it was security that motivated them...

It's secure on a BlackBerry device because, unlike an iPhone, you only ever get ten tries. You won't brute force a BlackBerry. Nobody ever has. You also can't jailbreak it or root it. BES is secure if you're using BlackBerry devices as endpoints, not so much with Android or iOS.

Re:Yeah, it was security that motivated them...

Secure keys are 3072 bits or longer (for now according to the NSA... this means they can crack 3072 but they believe others can't).

You are a fucking idiot who doesn't know the difference between asymmetric key encryption and symmetric key encryption. Asymmetric encryption algorithms like RSA/3072 are way too slow for bulk encryption, they are instead used to protect a 112-256 bit symmetric cipher key (usually AES-128 or AES-256 these days).

Secondly, the time it takes to crash a password is based on the algorithm used to store that password as well as the number of rounds. Some hash algorithms (like MD5) can be cracked at a speed of a few billion attempts per second on $10k worth of hardware, others require 6-7 orders of magnitude more CPU power and/or memory making them resistant to brute-force attacks.

This is the goal of the Tepublicans

They want us to be less secure so they can justify their forever was.

It took long enough for someone to realize this

Did it take anyone longer than ten seconds to realize this?

Why hasn't the military spoken up about this?

The FBI is obviously watching too much TV---they assume they'll solve every crime before the last commercial break.

Ah,

[no-body]

here is the famous shoot in the foot again :-))

Nice to see...

Re:Ah,

[silentcoder]

Actually, this is more in the grand tradition of the circular firing squad.

Living in a fatasy wold

[Black+Parrot]

where we have strong security that nobody but the good guys can break.

Your government communications and data stores are secure, approved business communications and data stores are secure, but everything else can be decrypted on demand.

Wonder when non-IT businesses are going to realize they have a dog in this fight.

Maybe I'm crazy but

Can't apple just roll back the iCloud password hash in the database and continue with their original plan....

Re:Maybe I'm crazy but

[LostMyBeaver]

I don't remember if they have the feature, but don't they try to inform you when you've used a password before? If so, they probably keep the hash and wouldn't even need to use backups.

Not My Job

[PPH]

Protecting the U.S. government communications and information systems against penetration is part of the NSA's charter.

Wait, what?! You guys were breaking encryption as well? Who was supposed to be protecting this stuff?

Damned propaganda mill.

[pecosdave]

"Missed their chance" - yeah right. The mainstream news is spreading this bullshit bad enough - do we really want Slashdot treating us like a bunch of naval-gazing know-nothings?

Re: Damned propaganda mill.

Everybody knows that iphones are god's gift to mankind. I can't wait to rush to the phone store once my contract is up to swap my highly insecure droid for the latest and greatest iphone 6s. Then I can spend hours and hours straring at it so that I can finally encrypt all the useless information. Now if only I can remember that 11 digit passcode I can finally feel secure like james bond in spectre with the ability to save the world all held secretly on my phone. Yeaah

NSA-mandated requirements defeat FBI, essentially

[bsDaemon]

I wrote something similar on this topic a few weeks ago for a blog post at work, though I went into more technical detail than TFA did:

http://blog.acumensecurity.net...

The Age of Anti-American American Agencies.

[BrendaEM]

Our founding fathers would be pissed.

Re:The Age of Anti-American American Agencies.

[LostMyBeaver]

The founding fathers were just as big a bunch of dicks as the current lot. Often worse.

The "justice for all" bullshit was because they were pissed at what British Parliament did to the colonies by taxing them. King George III wasn't able to do much more than watch from the side lines. He was pissed at them too.

The truth is, more than half possibly 3/4 of the founding fathers probably would have hung Tim Cook and beat him until he cried like a girl and screamed "open it, open it".

I always wondered if those guys were so great and wise and pure and all that shit... why would they write a constitution which more or less would so easily let the country devolve into some religion where we have now existed for decades without a single amendment to improve the document by modernizing it for the times? Where's the review requirement? We treat the document as an absolute as if it is perfect in every way and to question that is borderline treason. Where is the part of the document which would protect civil liberties regarding electronic data protection? It's not there because the founding fathers didn't absolutely require that the constitution is reviewed and updated.

It was written by a bunch of pissy little bitches and a poet or two. They were all pissy at England and wrote a document to provide freedom from their oppressors for a million people or so and didn't give a shit whether it lasted 200 years in the future and certainly had no clue it would eventually be used to govern 400 million people from every country, race and religion as equals.

If you want to be true to yourself, with a few exceptions, these guys were mostly soulmates with Donald Trump. They weren't wise, they weren't great, they didn't shoot lightning bolts from their eyes and they didn't shit daffodils when they sat upon the bowl. They were men who :
  a) Wanted to secure power for themselves and their families
  b) Represented a group of truly fucked up people who believed righteousness was the Salem Witch Trials.
  c) Believed black people were less valuable than dogs since you could love a dog.
  d) Believed that religious freedom meant you should be free to believe in any form of Christianity you want.
  e) The one odd ball or two who felt it was a chance to do something wholesome and good.

Don't place politicians pedestals. They might make impressive art, but they sure as hell are nothing more than people and very rarely are they more than sales people.

Re:The Age of Anti-American American Agencies.

Hey but at least they were entrepreneurs and created jerbs via their gun running, slave trading , tax dodging , genocidal land grabbing schemes!

Re:The Age of Anti-American American Agencies.

[silentcoder]

Well, they *did* intend for it to be reviewed and updated continously. James Madison suggested it be reviewed by a major national congress based on referendums every 10 years.

Their big mistake was not mandating that in the words - so now it's used like holy writ and it's authors like prophets, exactly what they knew better than to want !

Re:The Age of Anti-American American Agencies.

[DNS-and-BIND]

...and yet the nation they created became the most successful the world has ever seen. Honestly, at this point, you have to really question whether the United States is for you. It sounds like you would be much better off in a country that agrees with your left-wing politics, such as Bolivia, Venezuela, or Cuba. It's a good thing we live in a borderless world where global citizens can go wherever they want. There will be a period of cultural adjustment, of course, where you learn to deal with things that are unthinkable in America, like waiting in food lines and electricity being off at random hours during the day, but you'll get used to it just like everyone else there does. We all wish you well in your new home! Bon voyage!

Re:The Age of Anti-American American Agencies.

"We treat the document as an absolute"

Well, duh. If you don't do that then it might as well not exist at all. If you treat it like it's just some flimsy list of "suggestions" then it becomes trivially easy to take away everybody's rights and you end up with a fucking totalitarian militarized nation.

Re:The Age of Anti-American American Agencies.

[Plumpaquatsch]

...and yet the nation they created became the most successful the world has ever seen.

Which wouldn't have happened without Adolf Hitler. So unless you count him as one of the founding fathers ...

Re:The Age of Anti-American American Agencies.

[Cro+Magnon]

Hitler made a wreck of Europe, but we were already a very successful country.

Re:The Age of Anti-American American Agencies.

[jittles]

why would they write a constitution which more or less would so easily let the country devolve into some religion where we have now existed for decades without a single amendment to improve the document by modernizing it for the times? ... Where is the part of the document which would protect civil liberties regarding electronic data protection? It's not there because the founding fathers didn't absolutely require that the constitution is reviewed and updated.

I believe that the part you're looking for is the 4th Amendment. That the current government does not honor the clause has nothing to do with the document itself, but the politicians and the voters who fail to hold them accountable for violating the constitution.

They were men who : c) Believed black people were less valuable than dogs since you could love a dog.

Not all of them. The reason slaves were treated as 3/5 of a person is the fact that the Northerners did not want the South to have undue influence from counting the population of people who could not vote and would, under the compromises they came to, would never be able to vote until a later amendment of the constitution. We would have never had the Mason/Dixon line or the eventual Emancipation Proclamation had the South had its way.

d) Believed that religious freedom meant you should be free to believe in any form of Christianity you want.

I don't recall the constitution mentioning Christianity. I think its the population that cares more than the government.

Re:The Age of Anti-American American Agencies.

[Plumpaquatsch]

Hitler made a wreck of Europe, but we were already a very successful country.

"A very successful country." is hardly the same as "the most successful the world has ever seen", Hitler destroyed several very successful countries and made the best scientists and artists flee to the US. The only country who has more to thank Hitler for is Israel.

not so strong

[ooloorie]

One major reason for that is -- you guessed it -- the strong native security

If Apple can reset the pin count on their phones with a software update, the "native security" isn't so strong. And what that really means is that the FBI's data is owned by Apple, hardly a good situation.

What encryption algorithm? WTF?

"Now in its fervor to force Apple to create software that can break its own encryption algorithm"

It's doing no such thing. Could people please stop writing about this until they have the first clue about the actual issues involved here?

They're not asking Apple to 'break its own encryption algorithm'. They're asking it to provide a customized operating system that disables the automatic lockout and delay while entering PIN numbers.

Just one question remaining for Apple

- Given an order to produce software, and that such a capability will demonstrably then exist.
- Given a duty to maximize shareholder value.
- Given a duty to comply with national laws.

The only satisfactory solution appears to be to create the software for the first government that asks, and then to sell it to the Chinese, Germans, British, India, Brazil and anyone else.

So the question is -- just how much should Apple charge the Chinese government for the back door, so they can at least establish a fair market value for subverting crypto? RSA took only 10M, and that was clearly undervalued. Should the back door be priced by per device, per nation, per policy agency? Unlocks per year? Are they cheaper in the bulk decryption package?

CAPTCHA: latrines

Mobile Device Management

[kenwd0elq]

I suppose it's asking too much of the Feds to have properly implemented Apple's mobile device management protocols, so that when the next Ed Snowden takes his government-issued iPhone to Moscow with him, the Feds can read his itinerary from it?

Re:Mobile Device Management

THIS.

The county had purchased a MDM solution. It was not installed on his phone. Apple created the "backdoor" or option to allow them to access it but the county/government failed to use it before the event happened. This falls on the county to properly implement their MDM solution or in this case TR (Tragedy Recovery). Apple gives the world the ability to do such actions but if you don't properly implement it or do it at all, don't expect Apple to come to your aid. The tool is there, use it next time. /endrant

FBI is screwing themselves because...

[LostMyBeaver]

As soon as they make it public that they can open any iPhone they can get a court order for, people with something to hide from them will move to using more secure applications which are written by companies or people the FBI can't so easily influence with the American legal system.

Better yet, they'll move to using programs that are written by people who added security and wouldn't know how to hack them themselves.

So, basically, all they're doing is educating the criminals to use technologies that are more secure written by companies outside of their jurisdiction.

If they open this phone, it basically will guarantee they will never be able to get to "terrorist data" ever again.

How come no one ever bitches about this? I bet you that 99% of all terrorists have moved to using something more secure by now.

For a good laugh/cry watch the hearing

http://www.c-span.org/video/?405442-1/hearing-encryption-federal-investigations

 

support Apple

[jack133]

Like Cook said, public safety is important,so is citizen private information !

BB vs iOS?

[therealkevinkretz]

"One major reason for that is -- you guessed it -- the strong native security."

Blackberries are more secure in many ways than iPhones. They certainly have more remotely manageable security, and can be more locked down, feature-wise.

FOR THE LAST GODDAMN TIME

This has nothing to do with terrorism, San Bernardino, or some drug dealer in New York. This is about the Federal Government wanting unfettered access to EVERYTHING without knowledge, consent, or warrant. The goal here is to outdo the UK in the surveillance society, where everything you say, do, and everywhere you go, is monitored, logged, and recorded for later use against you should the State decide you need to be handled. This is all about eroding civil rights.

Public buses in Maryland record video and audio of everything you say and do on the bus.

Billboards in New York track your cell phone as you travel nearby.

Cameras are EVERYWHERE.

Re: Gay niggers are owning butt holes GNAA

Rump before Trump.

Notice the FBI didn't ask for the phone contents.

The FBI demanded a tool that would let them plant evidence on every Apple device.

Ugh

[jon3k]

In its rush to gather information, the FBI blew its chance to retrieve data from the iPhone of one of the San Bernardino terrorists when it ordered his iCloud passcode to be reset shortly after the attacks.

This is very misleading. It would have only given them access to the data on the phone stored in iCloud.

Re:Ugh

[Plumpaquatsch]

In its rush to gather information, the FBI blew its chance to retrieve data from the iPhone of one of the San Bernardino terrorists when it ordered his iCloud passcode to be reset shortly after the attacks.

This is very misleading. It would have only given them access to the data on the phone stored in iCloud.

This is very misleading,They won't find any useful information on his work phone anyway, because he would have it destroyed it anyway if there were, like he did with his actual phone.

NSA likely already stole this capability.

I thought it was very telling the language that was used to deny that the NSA had the ability to hack this phone... that they asked other government agencies if they could crack the iphone 5 specifically "running iOS 9"...

Of course other government agencies couldn't crack the phone using the version of the iOS that they want to have Apple replace. They are asking Apple to replace iOS 9 with custom built software. So the question about US government capabilities to hack this phone without Apple stands unanswered.

Can the NSA crack this phone? Does the NSA have software or hardware which would allow them to get the data from the phone? The NSA non-answer seems to imply that they do have the capability to crack the phone, but are trying really really hard to answer some red herring questions to distract from their capabilities.

Understandably so, since they probably derived the ability to crack the iPhone by hacking Apple to steal Apple's encryption keys

iTunes app store after FBI/Apple settle

[rcharbon]

Hint: don't get the cheap/free apps: http://www.y42k.com/2016/02/29/when-apple-settles-with-the-fbi/

Doesn't matter to the FBI

They have switched their BlackBerry devices over to Android. Which, of course, has problems of it's own.

FIPS 140-2

Does that mean that BB10 uses the vaunted Dual_EC_DRBG guessable number generator?