Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
Could anyone meaningfully comment on whether the FBI actually did this, and if so, how? Creating a clone for them to exhaustively attack maybe?
...was there ever any doubt?
Is it fascism yet?
The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
the note mentioned PIN : 1234
eNjoy!
Thanks FBI !!!!
They did go to John McAfee for help!
Apple bling.
iPhone 8 will require fingerprint, retina scan, 57 digit passcode, DNA sample, and Tim Cook's voice passcode for access.
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
How long until Apple buys Cellebrite?
they decided they didn't want to win and they didn't want to lose. This way, they can say "yeah, we did it" and then in a few months "turns out nothing of value was on the phone". This was never about getting into this phone, it was just the most media friendly scenario for a test case to set precedent. This way they can back out of the case with honor maintained without losing and without winning.
There is an outside chance that someone helped them slice the ram off the top of the cpu (it is PoP mounted) and they put in fake RAM so they can poke about in it after signature verification, but my guess is that it is an exit strategy and they have nothing.
No proof? No data? Would be embarrassing eh?
It's very likely that Apple knew the FBI could break in, but they figured it would take some time and therefore chose the good PR route by saying they wouldn't help ...yada yada ... civil liberties... yada yada.
When they unlocked it and started looking through the files, and realised there was feck all of interest on it
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
The official declined to speculate whether the method will be used on other phones in other investigations, or if the method will be shared with law enforcement agencies at the state and local level, or if information about it will be shared with Apple.
It is a pretty safe bet the method will be used in other investigations, though I'd be shocked if the information is shared with one of those listed.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
So you're saying encryption is worthless because you have to decrypt the data to use it?
The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.
I don't know how necessary it would be detach the chip to read the memory. If the leads are accessible, they can build some leadframe to attach to the other side and try to read the chip without powering up the original phone, and try to restore memory, but sure it is possible.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I thought they still measured processing time in P90-hours?
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
with the new and improved encryption. the FBI just wrote Apple's Ad copy.
When will they release the ticking time bombs of viruses that were stored on that phone? You remember, the ones so terrible and dangerous that they were worth violating all of our 4th amendment rights for?
That in 2016, the Jews would be helping the Nazis... ...it's a strange world...
So rise up, all ye lost ones, as one, we'll claw the clouds.
Yes, I'm saying chip level encryption is worthless since the OS decrypts the data so all that is required is to gain access to the phone and that will always be the vulnerability. I've read that the older iPhone 5c wasn't even encrypted so it's never been an encryption issue anyway. The only protection the phone really had was the 10 passcode try phone wipe. But it appears even if it was encrypted then it would have offered no additional protection for the phone.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
It only took 1/4 as long as they spent bitching about Apple not helping with it!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
What was it, about a week since the FBI announced they outsourced the breaching? And now its successful. So how it plays is that Apple's phones are not that secure in the public perception.
If Apple had assisted the FBI they could have maintained the perception of security. So their ethical stance had a price, which is a pretty normal thing. But its a short term price. As Apple moves more and more of its security from software to the hardware, it helps to make one's own chips, such breaches will be more and more difficult. Old iPhones being breachable would be more of a benefit if and when we get to that point. So, market loss today, but maybe a major selling point for the iPhone 8 in a couple of years.
If the computer/iTunes backups are encrypted then like the data on the phone the FBI or anyone else can't do much.
The weak link is the passcode on the phone, the passcode is the only thing that keeps the decryption key on the phone secure. The fact that the phone has the decryption reduces its security. In more traditional security the decryption key is generated as need by entering a passphrase and erased after use, not stored somewhere.
I apologize for any confusion, I clicked on the wrong reply button. Doh!
If a computer or iTunes backup is encrypted then like the data on the phone the FBI or anyone else can't do much.
The weak link is the passcode on the phone. The passcode is the only thing that keeps the decryption key on the phone secure, and for many its a four digit passcode. It does not matter how strong your encryption is if you only need four numeric digits to get to the decryption key.
The fact that the phone has the decryption reduces its security. In more traditional security the decryption key is generated as need by entering a passphrase and erased after use, not stored somewhere.
Apple claimed that it wanted to defend the privacy of its customers. Great.
Then they extended that principle to defending the privacy of a known terrorist, who is dead, and who consented to having his activities monitored (because the phone was owned by his employer, the County of San Bernardino). In this case, the county government was Apple's customer, and Apple was going against the wishes of its customer by protecting the privacy of the county's most nightmare employee. That's a PR debacle.
And if the FBI is telling the truth about having cracked the phone, the vaunted privacy that Cook pledged to defend is rather diminished. (Most customers will never give any thought to technical details, like the 5C lacking the security chip that later models have.) That's the second PR debacle.
That that is is that that that that is not is not.
If you're going to build phones with weak security and backdoors, like the iPhone 5C, don't pretend publicly that they are secure and don't get into a pissing contest with the FBI over it.
Being that its the ONLY piece of electronics they didnt destroy tells me that it had fuck all on it.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
You're not well versed in computer security, obviously. So you apply the assumption that all slashdotters are as ill-informed as yourself. It *is* a lot better than ROT-13 (that comparison is absurdly silly) and if you care to actually read the technical documentation, you might begin to understand it. It's probably not 100% uncrackable, but it's pretty darn close.
Why are we permitting such secrecy? It's all bullshit.
“He’s not deformed, he’s just drunk!”
I think it's worth discussing exactly how the encryption works again.
When the phone boots up, the data is still encrypted. Having access to the data while still encrypted is what they had but couldn't use. Once the PIN is entered, the data key is decrypted, which is what allows the OS to access the previoulsy encrypted data.
The data that is necessary to present the unlock screen is stored on the chip and can be overwritten, but doing so erases the key needed for the OS to access the encrypted data.
If you can get the phone after the PIN has been entered and the phone hasn't been rebooted, then the OS has access to the data. The problem is simply that you have to get past the PIN screen first. (That's not how jailbreaking works, by the way.) Entering the wrong PIN ten times will erase the key, which renders the encrypted data worthless again.
On the phone the case was about, it is possible to push a software update for the PIN entry screen without entering the PIN. It doesn't give you access to the encrypted data, but it could disable the part of the system that erases the decryption key. That would allow someone to enter more than ten guesses, unlimited guesses, in order to get the data key decrypted which would allow access to the previously encypted data.
Yes, I'm saying chip level encryption is worthless since the OS decrypts the data
The chip level encryption isn't worthless since the OS decrypts the data only after the PIN has been entered, and only if it is entered correctly within the first ten tries. The newer phones don't allow modification of that PIN entry screen the same way as a phone this old does.
So basically if the result is the same but the motive is different(but still intentional) then the one with the "worse" motive is more dangerous? Yeah, that makes tons of sense(also if you are going to call someone a "loser", fucking spell it right)
Monstar L
All of the Google stuff runs on iOS also. Sometimes better...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I agree with everything you said, but you missed a huge motivation for the FBI to at least give the impression that they hacked the phone. FUD is a very powerful tool. Not only can they intimidate suspects with "we'll get it anyway", but they can intimidate companies the same way.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Where was the prior reference? Anyway...
The FBI might bother to lie about it if they realized they can achieve their real objective in a very practical way and without the legal bother. The FBI would prefer to simply outlaw encryption, but that is actually impossible, since you can never make ideas go away. In contrast, you may be able to FOOL people into believing that encryption doesn't exist, and in particular that Apple does not have it.
Two more bases for the FBI lying about it. (1) They decided it would be sufficient if they just scare potential terrorists away from using iPhones. (2) They closed the loop from the other side and don't want to admit it. Since they had all the metadata, perhaps they have found and dumped every data source this phone was in contact with. (Again, not a capability they would want to disclose.)
Prediction: Whatever the reality, the FBI will never reveal any useful information that could have come only from this iPhone.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
You spelled it wrong.
The law is not an ass. No really.
How do we know they didn't just make up the "success" just like they made up the fact they needed the "evidence" in the first place? All the information there was probably available as "metadata" anyway, right?
Since they couldn't force Apple's hand and set legal precedent to abuse, they had to save face and re-establish that "Our secret science labs can do anything!"
Took a few tries but after the phone got a text message the FBI finally figured out the pin was 'SHER'.
[Insert pithy quote here]
I think it looks like a case of Parallel Construction. They have had the capability all along but haven't had a legit reason to use it publicly. They probably had to rent out their own system to this security company to do the work for them to maintain deniability.
I see some people commenting "so I guess the iPhone wasn't secure after all." This is something of a misconception of how IT security works. The only way to permanently secure any computer is to destroy it. Modern systems are so complicated that, given enough competent hackers trying to pry their way in, somebody will eventually. That's why it's terribly important to apply security patches ASAP and move on from EOL'd products. The fact that the shooter died on 2 December and his phone was just unlocked in late March of the next year indicates that iPhone security is actually quite good, considering his phone didn't receive any updates for four months and just got cracked now. By contrast, Windows is so insecure that (generally speaking) one could hack any Windows device if it didn't get its updates on patch Tuesday.
Fantastic - they finally quit their bitching and did the damn work to get in... but what did they get out of it?
In all practical purposes you'd be correct.
In theory a system can be 100% secure. It's just incredibly hard to prove such that in all practicality it's unprofitable.. Particularly with the platform continually evolving and adding features and third party software.
Which is why I think there should be a law requiring security updates to phones for all major version numbers of it's software. Something like 15 years will do.
Which will probably then evolve into the hardware and software being sold separately.
If you think they're bluffing about breaking the security, why not get someone (with a budget for this kind of thing) to buy the same phone, put in a secret message, set it to erase after 10 failures, and hire the same company to tell you the message. Either they can do it or they can't.
(1) is this even true or are they merely saving face? If the latter, i cringe about the gummint even more than i did last week...
(2) if true, does the 'vendor' get to move this vulnerability through the usual channels / tell apple first / do the right thing as a tech company?
(3) if they cannot, due to national security grumbles, are they in lockdown over this?
(4) how long do you think that will remain the case?
(5) if true, they have now told every blackhat and knucklehead tat this is now possible - huge gain over "is it possible?"
(6) if cracking an iphone is a zebra an no longer a unicorn* doesn't apple get a chance to know the vulnerability/exploit and protect their business?
(7) is the gummint smart/good/interested enough to sit down with all parties and work this out like grownups?
---
*: yeah, i saw the articles about siberia, point stands.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
No, we do not know that. The contract was for software licensing renewal on a handful of servers. If you READ the contract, that's what it effing says. Just click the link for christ's sake.
I'm a 2000 man.
Proprietary software cannot be deemed secure by its users, those who use proprietary software can't be sure what data is collected, where it is sent, and have no legal way to edit the program to make it obey only the computer's owner. Apple is certainly not a trustworthy party in this. Also, all computer users deserve software freedom and the security that is available to free software, not just users of the latest iThings.
Digital Citizen
The FBI just happened to find an Israeli company ??, sounds more like they got NSA to bust it, using this cover, so as to not give away the jewels that they can break into this system. Details of the situation seem to be scarce.
Yes, assume it is lie and all your data is very secure and nobody can access it, even using heavy rusty wrench. Keep recording all your interesting activity in the phone. That is exactly what we need ;)
The dormant cyber pathogen is loose!! Run for your lives!!
MDSec has a video showing a brute force of an iPhone 5S unlock (yes, I know the FBI phone is a 5C). I think it uses about $200 in parts:
https://www.youtube.com/watch?...
You know it's a four digit PIN. Hashing it would I suppose prevent accidental compromise. But the time it takes to hash all 10k combinations is subseconds.
Your ad here. Ask me how!
Given the choices for Apple, I suspect that they passed-on the information (under the table) needed to crack the phone so that they wouldn't be forced to do it openly, so they pretend to be hanging onto the moral high ground, though seeming not as clever at protection as they claimed.
Password was 1234.
So can Apple now file suit under some provision (maybe under DMCA or iOS EULA?) and ask for the vulnerability to be disclosed to them, or something along those lines?
"That which does not kill us makes us stranger." -Trevor Goodchild