Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
They will use it as an argument to sell a newer model.
Achille Talon
Hop!
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
BeauHD. Worst editor since kdawson.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Did anyone believe that the security of an iPhone (or Android Phone) would stand up to the resources available to a nation state - particularly one known to collect zero day exploits they keep to themselves?
And don't parrot back "the FBI said it wasn't another government agency" - you might be inclined to take them at their word, but it's been obvious to me for some time that they will lie to the public if they feel it suits their interests. So we don't know who did it.
#DeleteChrome
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
I would be very surprised if they were surprised at the lack of useful data on it.
Which they had already done once, then LOST THE PASSWORD.
http://abcnews.go.com/US/san-b...
At any rate, physical security is the most important part of security. If they have the device, they will eventually crack it.
Never answer an anonymous letter. - Yogi Berra
That's kind of a Pyrrhic victory.
Yeah, Apple didn't have to help them.
But that's because Apple's phones were not secure.
Without secure enclave, the phone is basically wide open for pretty simple attacks on the hardware. With secure enclave, things may be a lot different.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You'll note that this was NOT his personal communication device. This was his work phone, which he left behind whole. He destroyed his own personal phone, whose secrets he obviously cared about. Note also that the FBI had already gotten a backup of the data on this phone from a number of weeks prior to the attack. Given all that, it's highly probable that there's nothing incriminating on that phone at all.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Irony: Agile development has too much intertia to be abandoned now.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Wish I had mod points. The FBI back down because they were about to have their ass handed to them in Federal Court, setting exactly the opposite precedent that they wanted!
But the 5s and newer still have the problem where the firmware can be reflashed without wiping the encryption keys. So, yes, when the most recent Apple phones are still vulnerable.
They're not lying about that. What they were lying about was that they needed Apple to do this in the first place on a not-current phone that doesn't have the most up to date protections in place.
They wanted to use this sympathetic case to force the courts to ignore the law and the constitution to force Apple to invent something it didn't have--to do compulsory work against its still in other words. They were then going to do what they always do--use a case based on terrorism as a precedent to apply to regular non-terrorist crimes for which they'd never have got even that far.
Their technique requires physical possession of a phone, and that's going to mean getting a warrant. It also precludes using it for mass spying. If they got what they wanted from Apple it would mean they could spy remotely with no warrant (well, not legally, but they'd do it anyway)
When it became clear that there was a pretty good chance of the exact opposite happening they folded, just like they intended to do all along if this happened. They couldn't just drop it because even the American media isn't so desense and bought off as to let that go unquestioned, so they had to hack this phone, most likely using a technique they had or had lined up all along. (That would be the lie part)
This is also how the government kept gun control cases out of the Supreme Court for decades, by strategically folding when they knew they were going to lose, because they believed, correctly, that what they were doing was unconstitutional and they didn't want to get called on it. It's a slimy technique executed by slimy people. Such is the state of our 'justice system'.
It was never about gaining access to a phone in their possession, it was about being able to hack phones via the cellular phone network, with out the knowledge of the owner of the phone and marketing that access to protect another corporate player M$ who is providing that access for a fee. It was all about forcing Apple away from selling security and privacy as a luxury feature worth paying for. There is a huge difference between being able to hack a phone in your possession and being able to hack it remotely. When push came to shove the US government and M$, lost to Apple and the internet and it won't be forgotten, talk about burning bridges.
Chaos - everything, everywhere, everywhen
A way to unlock the phone was described in detail long before: basically, copy the flash memory that contains the "wipe key", and restore it every time the phone "wipes" itself during bruteforcing. Given that this method is known, why is it surprising that FBI unlocked the phone? The only surprising thing here is why it took them so long to actually do that, but it's only surprising if you assume that the goal of that whole kerfluffle was to unlock the phone, and not to set the precedent to force everyone to give them the skeleton key. If it's actually the latter, then it's only logical that they gave up and just unlocked it when they realized that courts won't rule in their favor.
if its possible to have less than zero percent trust in our 'national security' agencies, this is what we are left with, at this point.
they can sing and dance about all they want. but what they say is not trustable and no one should base any conclusions at all on their 'info'. its all about what they want and they'll lie, cheat or steal to get it.
common criminals who think they are on the 'right' side but have lost their way big-time. that's what the fbi, nsa, cia and all the rest are, at this point.
way to get the trust of the american (and ROW) people, guys! good show. good job.
lol. bunch of idiots, in reality. they could not have ruined their own rep any more if they tried.
one good thing: the young people are seeing the country for what it is and they will grow up mistrusting their leaders. THAT'S A GOOD THING - it shows that we are finally starting to realize what the reality of the world is; and not the disney fairy stories that we are taught when we grow up. people in the LEO field are not afraid to lie or cheat or steal to get what they want. they are thugs with badges and inferiority complexes. and they do NOT have our best interests at heart!
so, its good that we as a people are seeing how rotton our leaders and top secret orgs are. its good that the laundry gets aired every now and then.
don't trust the man. it was true decades ago and its still true, today.
--
"It is now safe to switch off your computer."