Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
Could anyone meaningfully comment on whether the FBI actually did this, and if so, how? Creating a clone for them to exhaustively attack maybe?
...was there ever any doubt?
Is it fascism yet?
The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
the note mentioned PIN : 1234
eNjoy!
Thanks FBI !!!!
They did go to John McAfee for help!
Apple bling.
iPhone 8 will require fingerprint, retina scan, 57 digit passcode, DNA sample, and Tim Cook's voice passcode for access.
They found nothing since it was a work phone. In addition the local government that he worked for paid for the software to access the phone but never properly installed it. So this whole venture by the FBI was a total waste. Mission accomplished.
How many Edward Scissorhands of time did it take to unlock?
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
How long until Apple buys Cellebrite?
They probably went to Farook's bank, asked them for his account's PIN, and then tried that on the phone.
#DeleteChrome
they decided they didn't want to win and they didn't want to lose. This way, they can say "yeah, we did it" and then in a few months "turns out nothing of value was on the phone". This was never about getting into this phone, it was just the most media friendly scenario for a test case to set precedent. This way they can back out of the case with honor maintained without losing and without winning.
There is an outside chance that someone helped them slice the ram off the top of the cpu (it is PoP mounted) and they put in fake RAM so they can poke about in it after signature verification, but my guess is that it is an exit strategy and they have nothing.
No proof? No data? Would be embarrassing eh?
It's very likely that Apple knew the FBI could break in, but they figured it would take some time and therefore chose the good PR route by saying they wouldn't help ...yada yada ... civil liberties... yada yada.
We don't know all of the exact particulars in the case - although I read that the technique involved cloning the phone chip contents and could continue brute force retries of the passcode without worrying about the phone being wiped. But one thing we do know that this case was NEVER about encryption technology and Apple's continual portrayal of it as such was simply a marketing lie. I don't think people realize that encryption of all of the contents of your phone is almost worthless since it has to be continually decrypted by the phone OS so all you have to do is to get access to the phone's home screen to access the full contents of the phone.
When they unlocked it and started looking through the files, and realised there was feck all of interest on it
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
The official declined to speculate whether the method will be used on other phones in other investigations, or if the method will be shared with law enforcement agencies at the state and local level, or if information about it will be shared with Apple.
It is a pretty safe bet the method will be used in other investigations, though I'd be shocked if the information is shared with one of those listed.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
Lies!
The FBI had access to the data long time ago, this case was all about getting apple to make a handy tool they could use whenever they wanted. No, this is a quiet back peddle to distract the public in hopes that they will forget that the FBI's outcry for the victims didn't sway public opinion.
The FBI will try again, but next time it won't be in the court of public opinion. I for one hope that companies are aware of this and make products that not even they can break into.
They got an image off the phone but its likely still encrypted. Now they can try brute forcing without fear of the device wiping itself.
Whether they can decrypt it or not is the question, but we'll likely never hear of the phone again.
May take a while but would be interested in knowing if anyone will be filing an FOIA request for information on this incident....the result may just be all blacked out text but it would be good to try.
http://goatse.cx
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
I don't know how necessary it would be detach the chip to read the memory. If the leads are accessible, they can build some leadframe to attach to the other side and try to read the chip without powering up the original phone, and try to restore memory, but sure it is possible.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I thought they still measured processing time in P90-hours?
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
So who's filed a FOIA request to find out how they did it?
with the new and improved encryption. the FBI just wrote Apple's Ad copy.
When will they release the ticking time bombs of viruses that were stored on that phone? You remember, the ones so terrible and dangerous that they were worth violating all of our 4th amendment rights for?
That in 2016, the Jews would be helping the Nazis... ...it's a strange world...
So rise up, all ye lost ones, as one, we'll claw the clouds.
Sure they did. Pics or it didn't happen. Lying liars.
...that the mysterious "third party" is... Apple. They get to acquiesce while saving face. Next step is to publicly feign outraged and vow to create an unbreakable phone for reals this time.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
It only took 1/4 as long as they spent bitching about Apple not helping with it!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
What was it, about a week since the FBI announced they outsourced the breaching? And now its successful. So how it plays is that Apple's phones are not that secure in the public perception.
If Apple had assisted the FBI they could have maintained the perception of security. So their ethical stance had a price, which is a pretty normal thing. But its a short term price. As Apple moves more and more of its security from software to the hardware, it helps to make one's own chips, such breaches will be more and more difficult. Old iPhones being breachable would be more of a benefit if and when we get to that point. So, market loss today, but maybe a major selling point for the iPhone 8 in a couple of years.
I'm surprised Slashdot readers aren't more well-versed in computer security. The comments seem to indicate the readership believes that this "secure enclave" makes the iPhone secure, and without it the phone is insecure. In reality, the "secure enclave" is no better than mere security through obscurity and having physical access to a device is typically considered to mean the attacker has already won.
This meme that "secure enclave" means something needs to just die. It's not much, if any, better than ROT-13'ing your plaintext before encrypting with AES.
And you know good & well, that within 3-4 months some government somewhere will pay someone to leak it to them, causing it to be leaked onto the web.
If the computer/iTunes backups are encrypted then like the data on the phone the FBI or anyone else can't do much.
The weak link is the passcode on the phone, the passcode is the only thing that keeps the decryption key on the phone secure. The fact that the phone has the decryption reduces its security. In more traditional security the decryption key is generated as need by entering a passphrase and erased after use, not stored somewhere.
I bet they just sent them an identical unlocked phone back with fake data ;)
I apologize for any confusion, I clicked on the wrong reply button. Doh!
If a computer or iTunes backup is encrypted then like the data on the phone the FBI or anyone else can't do much.
The weak link is the passcode on the phone. The passcode is the only thing that keeps the decryption key on the phone secure, and for many its a four digit passcode. It does not matter how strong your encryption is if you only need four numeric digits to get to the decryption key.
The fact that the phone has the decryption reduces its security. In more traditional security the decryption key is generated as need by entering a passphrase and erased after use, not stored somewhere.
Apple claimed that it wanted to defend the privacy of its customers. Great.
Then they extended that principle to defending the privacy of a known terrorist, who is dead, and who consented to having his activities monitored (because the phone was owned by his employer, the County of San Bernardino). In this case, the county government was Apple's customer, and Apple was going against the wishes of its customer by protecting the privacy of the county's most nightmare employee. That's a PR debacle.
And if the FBI is telling the truth about having cracked the phone, the vaunted privacy that Cook pledged to defend is rather diminished. (Most customers will never give any thought to technical details, like the 5C lacking the security chip that later models have.) That's the second PR debacle.
That that is is that that that that is not is not.
Cellebrite sell a number of bits of kit that are plausibly in the price range of the quote that people are basing this assertion on e.g. UFED Touch which can't access a modern iPhone without knowing the passcode in advance.
It might be nothing more than a co-incidence that they bought a Cellebrite box & support contract at around the same time.
You'd expect virtually every digital forensics lab in every law enforcement to have Cellebrite hardware, and update it periodically.
Its a longish bow to draw that a Cellebrite bill paid at the same time means they are the ones helping the FBI in this specific case.
so.
it appears the Fascists can't follow the Laws they themselves promulgate.
such a disgrace has been wrought upon The People that they're sworn to "Serve" and "Protect"
may the World shed a tear -- for what was once America, is now become (even more deeply) Amerika
shame.
Shame!
If you're going to build phones with weak security and backdoors, like the iPhone 5C, don't pretend publicly that they are secure and don't get into a pissing contest with the FBI over it.
So next will the FBI be investigating the Kansas workplace shooter's phone? Or does the FBI only give 2 shits about workplace shootings when it involves teh Muzlimz.
Ordinary (Christian) Americans shooting up their workplace? Why that's just plain patriotism and 2nd amendment celebrations!
Monstar L
Being that its the ONLY piece of electronics they didnt destroy tells me that it had fuck all on it.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
"ATM machine network" should be read as "Automatic Teller Machine network".
I wish I'd be able to do something like that some day — with Slashdot cheering for and supporting me.
In Soviet Washington the swamp drains you.
Why are we permitting such secrecy? It's all bullshit.
“He’s not deformed, he’s just drunk!”
All of the Google stuff runs on iOS also. Sometimes better...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Oh no, iphones are unsecure...
I agree with everything you said, but you missed a huge motivation for the FBI to at least give the impression that they hacked the phone. FUD is a very powerful tool. Not only can they intimidate suspects with "we'll get it anyway", but they can intimidate companies the same way.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Where was the prior reference? Anyway...
The FBI might bother to lie about it if they realized they can achieve their real objective in a very practical way and without the legal bother. The FBI would prefer to simply outlaw encryption, but that is actually impossible, since you can never make ideas go away. In contrast, you may be able to FOOL people into believing that encryption doesn't exist, and in particular that Apple does not have it.
Two more bases for the FBI lying about it. (1) They decided it would be sufficient if they just scare potential terrorists away from using iPhones. (2) They closed the loop from the other side and don't want to admit it. Since they had all the metadata, perhaps they have found and dumped every data source this phone was in contact with. (Again, not a capability they would want to disclose.)
Prediction: Whatever the reality, the FBI will never reveal any useful information that could have come only from this iPhone.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
The CEO Queer Fucker' ass is wide open for abuse!
YEEEEHAAAA!
Ha ha
Apple Fuckers
You spelled it wrong.
The law is not an ass. No really.
"Apple, if you won't break this quietly for us, we'll take it to court. If it looks like you're going to prevail, we'll withdraw and tell everyone we got in without your help. On the open market."
How do we know they didn't just make up the "success" just like they made up the fact they needed the "evidence" in the first place? All the information there was probably available as "metadata" anyway, right?
Since they couldn't force Apple's hand and set legal precedent to abuse, they had to save face and re-establish that "Our secret science labs can do anything!"
FBI admits perjury in claiming Apple's assistance was necessary to unlock the phone.
I'm fine with it. At least it showed that Apple give a shit about your privacy, unlike semen-caked Microsoft and their Windows 10 dildo.
Just one more reason not to own or trust "spy phones".
once the 3rd arty stepped up t took what a few days so the level s really NOTHING
and now you can say ts the iHACKEDPhone
Took a few tries but after the phone got a text message the FBI finally figured out the pin was 'SHER'.
[Insert pithy quote here]
Wherever the news goes on this story, I'd look in the opposite direction. So, given that Apple's source code isn't open source, how do we know that they didn't put the back door in there for the Federal government? I'll take my Nexus phone that is running Omnirom (without GAPPS) and using nothing but F-Droid for its software repository any day of the week over iOS.
That this is a previous-generation iPhone (a 5C). The same crack is unlikely to work on newer iPhones which have the Secure Enclave hardware.
I think it looks like a case of Parallel Construction. They have had the capability all along but haven't had a legit reason to use it publicly. They probably had to rent out their own system to this security company to do the work for them to maintain deniability.
That's Bernardino, not Bernadio! Not only is it mispronounced, but now misspelled!
I see some people commenting "so I guess the iPhone wasn't secure after all." This is something of a misconception of how IT security works. The only way to permanently secure any computer is to destroy it. Modern systems are so complicated that, given enough competent hackers trying to pry their way in, somebody will eventually. That's why it's terribly important to apply security patches ASAP and move on from EOL'd products. The fact that the shooter died on 2 December and his phone was just unlocked in late March of the next year indicates that iPhone security is actually quite good, considering his phone didn't receive any updates for four months and just got cracked now. By contrast, Windows is so insecure that (generally speaking) one could hack any Windows device if it didn't get its updates on patch Tuesday.
Fantastic - they finally quit their bitching and did the damn work to get in... but what did they get out of it?
Anyone else think that the NSA/FBI already cracked the phone but brought in a 3rd party so they didn't have to admit that they cracked the phone?
In all practical purposes you'd be correct.
In theory a system can be 100% secure. It's just incredibly hard to prove such that in all practicality it's unprofitable.. Particularly with the platform continually evolving and adding features and third party software.
Which is why I think there should be a law requiring security updates to phones for all major version numbers of it's software. Something like 15 years will do.
Which will probably then evolve into the hardware and software being sold separately.
If you think they're bluffing about breaking the security, why not get someone (with a budget for this kind of thing) to buy the same phone, put in a secret message, set it to erase after 10 failures, and hire the same company to tell you the message. Either they can do it or they can't.
I highly doubt they did.
Who will go to prison for crying wolf inside the FBI?
Since nobody is expecting any valuable (or even moderately interesting) data to be on the phone (the whole premise of the case rests on a lie), there isn't ever going to be anything in court. You're probably not going to find out anything.
So: Suppose you never find out any solid information. What's your default guess? You need to evaluate an untestable hypothesis. What is most likely? Which side's claim is the most absurd? What more closely matches your experiences and knowledge?
It got unlocked it unless someone finds out information to the contrary.
Disagree? The good news is that you might be correct. The bad news is that you're definitely a religious nutcase, no "might" about it.
(1) is this even true or are they merely saving face? If the latter, i cringe about the gummint even more than i did last week...
(2) if true, does the 'vendor' get to move this vulnerability through the usual channels / tell apple first / do the right thing as a tech company?
(3) if they cannot, due to national security grumbles, are they in lockdown over this?
(4) how long do you think that will remain the case?
(5) if true, they have now told every blackhat and knucklehead tat this is now possible - huge gain over "is it possible?"
(6) if cracking an iphone is a zebra an no longer a unicorn* doesn't apple get a chance to know the vulnerability/exploit and protect their business?
(7) is the gummint smart/good/interested enough to sit down with all parties and work this out like grownups?
---
*: yeah, i saw the articles about siberia, point stands.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Now do your job and arrest your Director for violating the DMCA. Rules are rules, amirite?
...the FBI was attempting to perpetrate indentured servitude.
The director traded in that iPhone 5c for credit on a new iPhone 6s Plus months ago. Some tween in Bangladesh owns that 5c now.
No, we do not know that. The contract was for software licensing renewal on a handful of servers. If you READ the contract, that's what it effing says. Just click the link for christ's sake.
I'm a 2000 man.
Comey should be arrested, charged, convicted and sentenced to the maximum for attempting to violate the DMCA under color of law.
Proprietary software cannot be deemed secure by its users, those who use proprietary software can't be sure what data is collected, where it is sent, and have no legal way to edit the program to make it obey only the computer's owner. Apple is certainly not a trustworthy party in this. Also, all computer users deserve software freedom and the security that is available to free software, not just users of the latest iThings.
Digital Citizen
The FBI just happened to find an Israeli company ??, sounds more like they got NSA to bust it, using this cover, so as to not give away the jewels that they can break into this system. Details of the situation seem to be scarce.
do you think they want the data??? or do you think they want others to not have the data?? are they covering their tracks, or trying to track back and find leadership? Also what would still be useful? How long have the been telling the whole world the want the data? What would still be viable data, some messages or calls to foreign burner phones? Whats the chance they didn't just waste money time and make fools of themselves?
He did not want his olde lady to know he was looking at porn
Was it worth the effort? Anything at all? Without that, there is no proof - they're just saying hey there is a doomsday device, but you can't see it. It's a simple deterrent.
Yes, assume it is lie and all your data is very secure and nobody can access it, even using heavy rusty wrench. Keep recording all your interesting activity in the phone. That is exactly what we need ;)
The dormant cyber pathogen is loose!! Run for your lives!!
MDSec has a video showing a brute force of an iPhone 5S unlock (yes, I know the FBI phone is a 5C). I think it uses about $200 in parts:
https://www.youtube.com/watch?...
Call the bluff,,
What was gleaned from this adventure?
what was/is the return on the investment here?
was it really worth, the $, time and effort??
pathetic
Given the choices for Apple, I suspect that they passed-on the information (under the table) needed to crack the phone so that they wouldn't be forced to do it openly, so they pretend to be hanging onto the moral high ground, though seeming not as clever at protection as they claimed.
Password was 1234.
So can Apple now file suit under some provision (maybe under DMCA or iOS EULA?) and ask for the vulnerability to be disclosed to them, or something along those lines?
"That which does not kill us makes us stranger." -Trevor Goodchild