Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Delays Case Against Apple; May Have Way To Break Phone (threatpost.com)

Posted by whipslash on from the on-second-thought dept.

msm1267 writes: The FBI has delayed its case against Apple less than a day before a scheduled court hearing and showdown over its demands that Apple help unlock a terrorist's iPhone. The government late Monday afternoon filed a motion to vacate its case, putting a halt to a saga that began in mid-February when a federal magistrate ordered Apple to help the FBI access a phone belonging to one of the shooters involved in last December's attack that killed 14 in San Bernardino, Calif.

The motion also indicates that the FBI may have found a way onto the phone without Apple's help. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [shooter Syed] Farook's iPhone," the motion says. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case." Update 3/22/16 at 01:05:00 GMT: The story was updated to reflect the correct information that the case was delayed, not dropped. A federal judge agreed to postpone the oral arguments between Apple and the U.S. government.

35 of 255 comments (clear)

  1. Last we will hear of that.... by Tehrasha · · Score: 3, Insightful

    " it should eliminate the need for the assistance from Apple Inc. "

    Until Apple fixes this exploit in the next release...

    1. Re:Last we will hear of that.... by brantondaveperson · · Score: 4, Informative

      You have your facts a bit wrong. Apple have stated it is possible to create software to break into its phones, but that doing so would a significant undertaking, and would compromise the security of their products. This is a perfectly fair position for them to take, and is backed up by all the facts that are available. At no point has anyone said that the iPhone 5C is "unbreakable". Never.

      What people have said, however, and this is correct as far as anyone knows - there's no reason to doubt it - is that a newer iPhone with a strong passphrase is unbreakable for all practical purposes. A new iPhone with a 4-digit pin is breakable only with a special software release that can only be signed by Apple, just like the 5C. But, an iPhone 5C does not have the security baked right into the silicon, and so if you can dump all of the flash, you can brute force the PIN.

      Also, the FBI has not yet broken into the phone without Apple's help. They still have to determine whether or not the method words, and rather importantly, whether or not doing so would compromise the admissibility of any evidence gathered.

    2. Re:Last we will hear of that.... by brantondaveperson · · Score: 3, Interesting

      Again, trying to be fair to Apple, their new hardware usually is better. The secure enclave, which is a buzzword I've tried to avoid using, does sound extremely secure. Per-device IDs, key doesn't leave the chip, on-chip AES-256-CTR encryption that operates on the DMA channel, PIN and/or passcode never stored anywhere. I mean, it's pretty damn secure. It's hard to imagine how to reliably attack it even with physical access. Especially if the data is important, and screwing up means you don't get a second chance, ever.

  2. FBI is a victim of the All Writs Act. by Anonymous Coward · · Score: 5, Funny

    Sounds like the FBI will be busy unlocking phones for hundreds of LE agencies now. Way to turn the burden around. In the meantime, the FBI posts "Now hiring for iPhone repair positions".

  3. Nice way to try and destroy Apple's image by JoeyRox · · Score: 4, Informative

    The US Government knows that Apple has made encryption a cornerstone of their product strategy in order to protect their international sales in our post-Snowden era (in other words, to protect the world from the US Government). What better way to hit back at Apple for their lack of cooperation than to strike at the heart of Apple's strategy.

    1. Re:Nice way to try and destroy Apple's image by alvinrod · · Score: 5, Interesting

      There was always a way for them to gain access to that particular phone because it was an older model that didn't have the security features of their more recent devices to prevent those kinds of attacks. Basically some hacker found that they could hook a device up the phones innards and just try brute forcing the 4-digit PIN and that if they cut all power to the device on a failed attempt quickly enough that the system wouldn't register the failed attempt and wipe the device.

      The FBI could always get into this phone, but they wanted Apple to give them the keys to get into any iPhone anytime that they wanted to. The only thing the FBI has probably done is drive Apple and other device makers to build security systems that they have no way of exploiting themselves, even if they have the ability to write a custom OS.

      The government needs to stop trying to illegally invade the privacy of its citizens. All it's really doing is to hurt US businesses because foreign countries don't want anything to do with a country that's going to spy on all of their information or communications.

    2. Re:Nice way to try and destroy Apple's image by bigwheel · · Score: 5, Funny

      Basically some hacker found that they could hook a device up the phones innards and just try brute forcing the 4-digit PIN and that if they cut all power to the device on a failed attempt quickly enough that the system wouldn't register the failed attempt and wipe the device.

      But that would void the warranty.

  4. Outside Party? by TechyImmigrant · · Score: 4, Insightful

    So who is this outside party? Who's going to be the first to file an FOIA request?

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:Outside Party? by somenickname · · Score: 5, Funny

      John McAfee, obviously.

    2. Re:Outside Party? by bughunter · · Score: 5, Interesting

      My money's on the NSA.

      But whoever it is, I believe they knew they had this option all along.

      They had the best experts in the world telling them that it could be broken, but they pursued the matter in the courts instead.

      --
      I can see the fnords!
  5. I'm not sure whether this is good news or bad... by JMZero · · Score: 5, Interesting

    I certainly don't think that any information about this phone (or some new approach to getting info off it) is what prompted the change here. Giving up at this stage means one of two things:

    1. They flinched. They thought they'd lose, either in court or in public opinion - so they kicked the can down the road.
    2. They've already won; they know that legislation is about to become more favorable for them, and they'll have the tools they want without needing a precedent here.
    3. They've already lost; they know that there will soon be enough robust/secure devices in the wild that having leverage over companies like Apple won't actually help them (because the Apple's of the world may not be able to break their own devices)

    We'll find out which it is over the next few years.

    --
    Let's not stir that bag of worms...
  6. Health by Major+Blud · · Score: 3, Interesting

    During Tim Cook's presentation today, I couldn't help thinking that they were pushing CareKit to make people start to consider how much information about their health would be on these devices, and who else could potentially have access to it. I could simply be overthinking it, but it very well could have been that he was trying to win over more people to Apple's side of the argument.

    --
    If you post as Anonymous Coward, don't expect a reply.
  7. Translation: Next Time...... by Anonymous Coward · · Score: 5, Insightful

    Translation: Next time the FBI sues someone to force them to break encryption it will be someone that can't fight back, and they will get their precedence then.

  8. DOJ did not want precedent from a loss in court by xeno · · Score: 5, Insightful

    The last salvo from Apple's lawyers was fairly devastating to the DOJ's case: It pointed out errors of law, errors of logic, technical mistakes and omissions, and general arrogance. The DOJ knew lat week that they were getting shot down, so they'd rather not have that happen in court where it could affect their future error-and-arrogance-filled filings.

    Last week someone pointed out that Apple has far better lawyers than the DOJ. True. Tragic, sad, demoralizing as an American, but obviously true.

    --
    I think not...(*poof*)
    1. Re:DOJ did not want precedent from a loss in court by Darinbob · · Score: 3, Interesting

      Don't think the lawyers are necessarily better or worse. Apple has the larger budget to spend on this one issue. The higher pay also does not mean that the government is stuck with the leftovers who couldn't find a better job; I have a friend who quit being a lawyer to join the FBI as an agent with much lower pay. Some people value public service.

  9. Something is not right here.... by erp_consultant · · Score: 4, Interesting

    So the government is dropping the case because some third party might have a way to break into the phone? Might have a way? So they haven't even verified that it works before dropping the case? Why not let the case proceed and if they come to find out later that the 3rd party method works then drop the case?

    Surely it can't be to save taxpayer money. That has never been a criteria for any branch of government when it comes to prosecution (errr...persecution). Maybe the FBI had a way to break into the phone all along and this was just a shakedown of Apple.

    Are we really to believe that some mysterious "3rd party" just suddenly appears a day before the case is to go to court? I call BS on this whole thing.

    1. Re: Something is not right here.... by maitai · · Score: 4, Informative

      They didn't drop it. They got a continuance until April 5th to see if they can actually get into the phone themselves. Article is really way off.

    2. Re:Something is not right here.... by whipslash · · Score: 3, Informative

      Yes you're right. Story updated.

  10. Tin foil by rocqua · · Score: 5, Insightful

    My guess: "shit we aren't winning in public. How do we retract this without saving face."

  11. Not dropped by maitai · · Score: 4, Informative

    The FBI didn't drop the case. They asked for and got a continuance until April 5th.

  12. Re:Comments by Anonymous Coward · · Score: 5, Insightful

    1. "The government actually had this capability all along; they just wanted the precedent."

    No...just, no. Facts not in evidence. Also makes no sense, because if "the government" had the capability, and was able to use it in secret, the whole discussion is moot.

    No, because having the precedent would make the FBI's access into secure devices much easier in the future.

    2. "But they need the precedent so they can force companies to weaken/break products that they really can't break in the future."

    Again, no. As I can't guarantee the sun won't explode tomorrow, I similarly can't "guarantee" anything with regard to precedent, but it does not follow at all that any government victory in this narrow case somehow translates into the government being able to "force" vendors to do any such thing.

    Why not? If the government can force Apple to write a whole new operating system so that it can break iPhone security, then what else could they force vendors to do?

    3. "The government was afraid it was going to lose, so it had to slink back into the corner with its tail between its legs."

    No. If the government did lose on this specific case, it would change nothing, because the phone would still be locked, and the questions still need to be answered.

    Uh, if the government lost, then there would be concrete case law on the books that the All Writs Act isn't a "give us whatever we want" card.

    4. Further, you couldn't really ask for a better case to use if all they were really going for was "precedent": an older, breakable phone made by a US company, used in an international terrorist attack on US soil, owned by a US county government agency, which has given full permission to search the device. So it's not like "the government" is now going to "wait for a better case".

    Quite possibly. This case was pretty strong, in that a lot of people were supporting Team FBI.

    5. If the government does drop the request, people get exactly what they wanted: the status quo.

    But all of these questions still need answers:

    Yep. I just hope the answer isn't going to be making National Security Letters the new standard MO.

  13. The Problem is Cracking the Times Code by Anonymous Coward · · Score: 3, Informative

    You don't have to break the encryption if you can subvert the code that counts the number of attempts, that could easily be done by altering one of the cpu instructions in the silicon or disabling it.. basically a brute force attack on the silicon. Another way would be to replace the CPU with a custom emulator of the CPU which could step around the sequence for destruction.. or simpler.. multiply the number of times by an arbitrarily chosen "factor".. or reset it to zero after each attempt.

  14. McAfee by dejitaru · · Score: 4, Funny

    Please oh please let there be a news release stating that the FBI went to John McAfee to unlock it...

  15. FBI Blinks on a "May be able to", very suspicious by Proudrooster · · Score: 3, Insightful

    This is not how good lawyers work, you throw as much as you possibly can at the wall and see what sticks.

    There is no reason for the FBI to vacate unless they are 100% sure they can get into this phone. I mean wasn't this case important?

    Here is what really happened. Apple's response to the FBI's "all writs" order posed a constitutional challenge to their BS. The FBI simply didn't want to get laughed out of court or worse have this make it all the way to the Supreme Court and be told that they were abusing the law.

    Is there a way Apple can continue this ex-parte and set a precedent to stop this from being abused in the future? It would be of great benefit to all-tech-kind.

    Oh wait, late breaking news. The case is not dropped, the FBI asked for a continuance until April so they can get some better lawyers and threaten Apple behind the scenes with National Security Letters.

    So now we have an interesting play going on.

    If the FBI hacks the phone, Apple loses the security high ground.
    If the Apple hacks the phone, Apple loses the security high ground.

    This is a lose/lose for Apple, because even if the FBI doesn't hack they phone they will say they did just to spite Tim Cook and his keynote speech today.

    I see what you did there FBI, nice move, but be careful, your next move is critically important to winning the game and you can still lose.

  16. Re:Told you so by Proudrooster · · Score: 4, Interesting

    Sure, anything is hackable, give the time. The point is that they are trying to make a secure box and they are standing up for our privacy. I don't think it is just marketing in this case. Apple's CEO is gay, and I think he, more than anyone realizes the implication of leaked private data. This is how governments own you, both foreign and domestic. These really nice guys swoop up all your breadcrumbs and look for anything that could be misconstrued or taken out of context, then threaten you with it.

    Let's take a look at EmoWindt's phone and see what we can find.

    That doesn't feel good does it?

    Knowing that your location data, texts, calls, browser history, apps, music collection, notes, could be made public.

    That is what Crapple is fighting against, and I hope they win. I don't want to live in Orwell's 1984.

  17. Re: lol by Anonymous Coward · · Score: 4, Insightful

    Translation: They figured out they have a non trivial chance of losing this case so they 'discovered' this new alleged hack that they doubtless had all along.

    The government used to do this in gun rights cases all the time--fold when they were gonna lose, which is why it took so long to finally get to the Supreme Court where, guess what? They lost. Just like they'll lose this one.

    Next step: have the FBI manufacture a 'terrorist' to arrest who used strong encryption (provided by the FBI) so as to have an even more sympathetic case.

  18. Re: DOJ did not want precedent from a loss in cour by mick129 · · Score: 4, Informative

    It is cancelled: https://twitter.com/BrendanSas...

    --
    Move along, no sig to see here.
  19. Re: DOJ did not want precedent from a loss in cour by Anonymous Coward · · Score: 3, Informative

    It's not cancelled. They got a continuance. Kind of different.

  20. Re:Comments by Dutch+Gun · · Score: 4, Interesting

    Actually, it was Apple who qualified the changes. They claim it would take a handful of engineers spending four to six weeks, or something thereabouts. So, I guess for Apple that's relatively "minor". For a one-programmer shop like mine, that's fairly significant. Depends on your perspective, I guess.

    My feeling is that the FBI saw that their chances in court were not looking great, so decided to accept the outside offers (NSA?) for cracking the phone that had in fact been available to them all this time. The excuse that they no longer need to crack the phone also allows them to back down without losing face.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  21. Re:I'm not sure whether this is good news or bad.. by rahvin112 · · Score: 4, Insightful

    I shouldn't need to point out the obvious answer that everyone seems to avoid. If the FBI succeeds in this action they have precedent that they can force private companies and people to develop devices/software/whatever under threat of imprisonment for contempt of court (absolutely no appeals and you can be imprisoned until you cooperate up to life in prison). This would make the all writs act a law of incredible power allowing the FBI to impress into service any person or company with the ability to do something it needs for the investigation. Apple in this action is at best a third party, they developed and had manufactured the phone but they are neither the owner nor do they have access or the software to do what the FBI asks. The FBI is asking for them to be compelled to do work for the FBI under threat of imprisonment or divulging their most precious assets (a public release of which could decimate their company revenue).

    With the precedent of this case, If you had the skill to do something the FBI needed for an investigation they could simply compel you to do so under the all writs act and if they refuse you could go to jail until you comply. This is ALL kinds of scary and 99% of the articles and comments I read about it focus on the insignificant details of this individual complaint and not the precedent it sets.

  22. Re:Comments by tripleevenfall · · Score: 4, Insightful

    My guess is that the DOJ wanted the precedent - this is the Alinsky way, "never let a crisis go to waste". They thought that if people had the specter of a new terrorist attack hanging over their head's they'd be more malleable. Then they could use it for all sorts of purposes like tax evasion - as Obama clearly stated he wanted to do.

    Turns out they were wrong, and the public and the industry didn't go along as easily as they'd hoped. Rather than suffer a judicial defeat which may be counterproductive to their aims, they just "find" an alternative at the 11th hour and move on.

  23. Re: lol by Joce640k · · Score: 3, Interesting

    NO, next step is to find a whole load of "evidence" on the phone that could have prevented something or other.

    "See, this is what Apple's delay has cost us!"

    --
    No sig today...
  24. More accurate headline... by MitchDev · · Score: 4, Insightful

    "FBI gonna get spanked in court, backs off temporarily..."

  25. Re: lol by bill_mcgonigle · · Score: 3, Insightful

    Which is why Apple should oppose a motion to dismiss. It's "go big" but the only other option is "go home".

    Apple can afford the fight but it cannot afford not to fight. Anything less than "dismissed with prejudice" is a loss, legall.

    At least their PR might have been bolstered. I hate to say it, but if the iPhone 7 rejects unapproved signed firmware, I might actually buy one of the damn things.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  26. Re: lol by quintus_horatius · · Score: 3, Insightful

    how long until they crack the phone and find "evidence' that he had used the phone to talk to the Brussels terrorists?

    From what I've read recently, many of the European terrorists don't bother with encryption and just use burner phones. It makes you much harder to trace when your phone is essentially one-use -- its like using a one-time pad for perfect encryption.

    I hardly think that someone would spend the money for an iPhone only to use it handful of times, and it seems like a poor idea to talk about illegal acts on a phone that you have a long-term relationship with. It's not just you taking chances with your own phone, either -- it's the chance that the people you're talking to get picked up, which leads the authorities back to you because they have your regular number. Better to use burners all around.

    I'm pretty sure that all the FBI will find on the phone are call logs of him calling home, and cat pictures. (though the conspiracy theorist inside me says that they may announce that they found much more, I really think that's all they will actually find.)