Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Could anyone meaningfully comment on whether the FBI actually did this, and if so, how? Creating a clone for them to exhaustively attack maybe?
Yeah, they accessed the data on the phone by letting the San Bernardino County unlock the phone with the MDM software they had installed in it.
Of course news about a fake are Fake News.
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
It was an iPhone 5c. It doesn't have the "secure enclave" that later models have, and is nowhere near as secure as these recent models, and by "recent", I mean anything that's a 5s or above.
See https://www.apple.com/business... for the gory details, or https://www.mikeash.com/pyblog... for a more readable version, but basically the secure enclave is designed to prevent brute-force attacks like the FBI wanted to use.
I'm reasonably certain that Apple's security team will have a larger remit on the next phone, to the extent that the secure enclave is invulnerable even to Apple (the above link speculates that it currently is not, and would therefore be vulnerable to a court warrant akin to the recent furore).
Physicists get Hadrons!
...was there ever any doubt?
There is still doubt.
The announcement is so vague that I am not convinced if they accessed the phone or are just saving face (since they didn't particularly need the contents in the first place).
Probably good for Apple, actually. The problem with using this case as a precedent for whether or not a phone manufacturer should be required to unlock a phone or not is that Apple could have assisted them with the unlocking by doing what the FBI requested (writing a custom OS to facilitate unlocking). But now, Apple has already plugged that hole in newer models, which means if the same case were to happen with a newer iPhone, it would be even more in Apple's favor. On top of that, it wouldn't surprise me if the reason the FBI has backed out of the case is because they didn't think they were going to win and so didn't want to set a precedent which would be unfavorable to them.
Assuming there isn't some similar hole on the newer phones, I'm pretty sure Apple (and privacy, for that matter) is the big winner here.
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
What I'm curious about is if now Apple can be preemptive and force this to go to court and have the order slapped down. I'm not entirely sure of the model with writs, however. They *might* be able to now claim standing and go for a suit against the FBI specifically but I'm not sure how much that'd do unless it was considered precedent setting.
"So long and thanks for all the fish."
The implication you're making is that:
(a) they never needed to get into the phone because it was already broken; or
(b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
No security is perfect. This was a large government organization with physical possession of the phone paying a software agency with experience in digital forensics (in other words - retrieving data thought to be lost). It's not impossible to protect against this, but it can be trickier. From what I've read, the newer iPhones have more baked in security and would have been orders of magnitude harder to crack.
The big victory here is that Apple wasn't forced by the courts to unlock this phone "just this one time." Had they been forced to do it, one time would have turned into two, three, five, a hundred, etc. There is no precedent for the next time when the FBI or other law enforcement agencies come to Apple (or other phone manufacturers) demanding that they weaken security because "terrorism."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
"Bold faced lie" : yes
"For no reason" : not necessarily
Claiming to have unlocked the phone saves face, plus it spites Apple. Petty retribution for Apple's stubbornness.
Really, there's no reason for the FBI to tell the truth. The inverse of what you said. Admitting they couldn't hack it, and admitting they knew the court case was bound to fail ... what does any of that accomplish?
At this point, I'm assuming it's all lies, until the FBI either publishes the hack, or some info from within the phone that they now can access.
This signature is false.
They might well lie in order to avoid what they came to see as an inevitable loss in court. This was never about the one phone.
That should say 5th amendment; not 4th. "Nor shall private property be taken for public use, without just compensation."
creating a circumvention only needed to be able to run code on the phone. because 5c. the amount of tries on 5c is sw controlled. the israeli company likely has abootloader hack and altered fw.
Without having the details, it's hard to gauge the true security of the phones. Perhaps the Israeli company used a scanning electron microscope and attacked the actual crypto chip, there are some risks associated with that approach but it's far from impossible and probably not something you would want to experiment with on a phone you've yelled about being 'OMG, national security' about. That makes the going to someone with experience a good thing. I have a hunch the Feds had this planned before any of this began. They hoped apple would cave but always had a backup plan, they just wanted the precedent before resorting to plan B. When it got to the point that the case was going to be heard and might go against them, they dropped it and went to the backup. At least that's what I would have done in their place.
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
world was created 5 seconds before this post as it is.
You're the idiot:
17 U.S. Code 1201 (e) only applies if they did not crack the device before they had the contract with the FBI.
Since they demonstrated the technique to the FBI prior to the FBI contracting with them, according to news reports and statements by the FBI, including statements to the court by FBI representatives requesting a stay, it's pretty clear that the technique existed before the FBI engaged them as contractors.
While they may in fact be protected on the specific instance of the iPhone from San Bernardino, they are still liable under the act for having developed the technique prior to the contract.
If they wish to roll this in under blanket protection from another contract for previous work, or an ongoing contract for existing work in progress, they can... assuming they are willing to disclose sufficient details of the contracts in question for the court to make a determination that the prior contract(s) do in fact apply to the current case.
As they offered the breaking of the San Bernardino iPhone as a service for hire for the FBI, it's pretty clear that they intended to profit from the act of breaking into an iPhone (or more than one iPhone), and therefore the safe harbor provisions od 17 U.S. Code 1201 (g) *also* do not apply.
Have fun in court, in any case, given that the discovery process will require disclosure of the techniques in front of Apple experts to ensure that the techniques did not in fact constitute new and unique DMCA violations prior to the contract being issues/engaged.
Gotta love a case where the DMCA hoists the government on their own petard, particularly since the EFF has been trying unsuccessfully to get the anti-reverse engineering provision of the DMCA struct down for *literally years*.
Perhaps the next time the EFF goes to try and get the DMCA anti-reverse engineering provision struck down, the FBI will be willing to file an Amicus Curie Brief on behalf of the EFF's position?