Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
...was there ever any doubt?
Is it fascism yet?
The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
the note mentioned PIN : 1234
eNjoy!
Thanks FBI !!!!
iPhone 8 will require fingerprint, retina scan, 57 digit passcode, DNA sample, and Tim Cook's voice passcode for access.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
Could anyone meaningfully comment on whether the FBI actually did this, and if so, how? Creating a clone for them to exhaustively attack maybe?
Yeah, they accessed the data on the phone by letting the San Bernardino County unlock the phone with the MDM software they had installed in it.
Of course news about a fake are Fake News.
How long until Apple buys Cellebrite?
It was an old phone without the secure enclave, they can just say that they probably already closed that hole, particularly if it was the attack of rewriting the flash.
It's very likely that Apple knew the FBI could break in, but they figured it would take some time and therefore chose the good PR route by saying they wouldn't help ...yada yada ... civil liberties... yada yada.
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
They will use it as an argument to sell a newer model.
Achille Talon
Hop!
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
BeauHD. Worst editor since kdawson.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Did anyone believe that the security of an iPhone (or Android Phone) would stand up to the resources available to a nation state - particularly one known to collect zero day exploits they keep to themselves?
And don't parrot back "the FBI said it wasn't another government agency" - you might be inclined to take them at their word, but it's been obvious to me for some time that they will lie to the public if they feel it suits their interests. So we don't know who did it.
#DeleteChrome
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
It was an iPhone 5c. It doesn't have the "secure enclave" that later models have, and is nowhere near as secure as these recent models, and by "recent", I mean anything that's a 5s or above.
See https://www.apple.com/business... for the gory details, or https://www.mikeash.com/pyblog... for a more readable version, but basically the secure enclave is designed to prevent brute-force attacks like the FBI wanted to use.
I'm reasonably certain that Apple's security team will have a larger remit on the next phone, to the extent that the secure enclave is invulnerable even to Apple (the above link speculates that it currently is not, and would therefore be vulnerable to a court warrant akin to the recent furore).
Physicists get Hadrons!
Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
I would be very surprised if they were surprised at the lack of useful data on it.
Which they had already done once, then LOST THE PASSWORD.
http://abcnews.go.com/US/san-b...
At any rate, physical security is the most important part of security. If they have the device, they will eventually crack it.
Never answer an anonymous letter. - Yogi Berra
Probably good for Apple, actually. The problem with using this case as a precedent for whether or not a phone manufacturer should be required to unlock a phone or not is that Apple could have assisted them with the unlocking by doing what the FBI requested (writing a custom OS to facilitate unlocking). But now, Apple has already plugged that hole in newer models, which means if the same case were to happen with a newer iPhone, it would be even more in Apple's favor. On top of that, it wouldn't surprise me if the reason the FBI has backed out of the case is because they didn't think they were going to win and so didn't want to set a precedent which would be unfavorable to them.
Assuming there isn't some similar hole on the newer phones, I'm pretty sure Apple (and privacy, for that matter) is the big winner here.
From my understanding the County had an MDM system, and it was managing some settings but that they had not yet started putting an "enterprise" password setting yet. The password change that is in the link you posted was on the iCloud account, not on the phone. They probably just used Apple's automated system and asked it to send the password reset verification to his (work) email, which they already had control of.
That did not solve anything, but rather meant that there was now no way that the phone could be induced to backup to iCloud, where a parent could have produced the data (Apple had already given them older backups that were there). To this point I have not heard anyone in the position to know comment on whether this was a hair-brained scheme by someone who didn't know what they were doing, or a more cynical attempt by the FBI to setup a situation where they could fish for new powers. Generally I would tend to the incompetence explanation (especially since this was very shortly after the event), but the FBI directors sliminess in this episode makes me eye the other possibility more.
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
Sounds like it's a lot cheaper to boast about your platform instead of paying bug bounties, doesn't it?
That in 2016, the Jews would be helping the Nazis... ...it's a strange world...
So rise up, all ye lost ones, as one, we'll claw the clouds.
Given unlimited resources I imagine they can probably crack any consumer level device eventually. They just wanted to save the trouble and expense and force Apple to open it for them. When they realized that Apple wouldn't and that they could not force them to they did what they should have done to start with. The fuckers are lazy.
That's kind of a Pyrrhic victory.
Yeah, Apple didn't have to help them.
But that's because Apple's phones were not secure.
No, But given the firm named previously was a Israeli firm, there is a good chance they are dual citizens working on this for the military. Also the US has many other agreements/charges that could be pressed with/without the corporation of Israel. Most likely with.
Without secure enclave, the phone is basically wide open for pretty simple attacks on the hardware. With secure enclave, things may be a lot different.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Bullshit. Apple will have an excellent idea of what they did.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
It only took 1/4 as long as they spent bitching about Apple not helping with it!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
You'll note that this was NOT his personal communication device. This was his work phone, which he left behind whole. He destroyed his own personal phone, whose secrets he obviously cared about. Note also that the FBI had already gotten a backup of the data on this phone from a number of weeks prior to the attack. Given all that, it's highly probable that there's nothing incriminating on that phone at all.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Irony: Agile development has too much intertia to be abandoned now.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Wish I had mod points. The FBI back down because they were about to have their ass handed to them in Federal Court, setting exactly the opposite precedent that they wanted!
What I'm curious about is if now Apple can be preemptive and force this to go to court and have the order slapped down. I'm not entirely sure of the model with writs, however. They *might* be able to now claim standing and go for a suit against the FBI specifically but I'm not sure how much that'd do unless it was considered precedent setting.
"So long and thanks for all the fish."
Public opinion and some big players were lined up against them. The FBI was expecting everyone to turn on Apple as being unpatriotic when the case came to light. That didn't happen. I think they realized that this would likely end up in the Supreme Court and not go the way they want, barring them from future action. If they weren't able to break into the phone, this at least let's them back out cleanly while neither appearing to back off and not going down the road to the Supreme Court.
It's also possible they found a way into the phone that doesn't generalize, but provides the same way to back out without changing their position.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
They still need to close the loophole where Apple can until update iOS on the phone without the user's explicit permission.
The FBI's whole case was that Apple could crate a new, less secure, iOS and upload it to the phone without unlocking it or disturbing the contents in the process.
The history of cryptography has shown that almost any cyrptosystem can be broken with enough time and effort.
The FBI chose to use this case as a pretext to demand that Apple provide them which what is effectively a master key to break into any iphone with negligible time or effort.
Apple's contention was that the master key solution was not warranted and they have been proven correct.
The implication you're making is that:
(a) they never needed to get into the phone because it was already broken; or
(b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
But the 5s and newer still have the problem where the firmware can be reflashed without wiping the encryption keys. So, yes, when the most recent Apple phones are still vulnerable.
No security is perfect. This was a large government organization with physical possession of the phone paying a software agency with experience in digital forensics (in other words - retrieving data thought to be lost). It's not impossible to protect against this, but it can be trickier. From what I've read, the newer iPhones have more baked in security and would have been orders of magnitude harder to crack.
The big victory here is that Apple wasn't forced by the courts to unlock this phone "just this one time." Had they been forced to do it, one time would have turned into two, three, five, a hundred, etc. There is no precedent for the next time when the FBI or other law enforcement agencies come to Apple (or other phone manufacturers) demanding that they weaken security because "terrorism."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
"Bold faced lie" : yes
"For no reason" : not necessarily
Claiming to have unlocked the phone saves face, plus it spites Apple. Petty retribution for Apple's stubbornness.
Really, there's no reason for the FBI to tell the truth. The inverse of what you said. Admitting they couldn't hack it, and admitting they knew the court case was bound to fail ... what does any of that accomplish?
At this point, I'm assuming it's all lies, until the FBI either publishes the hack, or some info from within the phone that they now can access.
This signature is false.
Apple's selling point isn't that their phone is impossible to crack into - it's that they are not working with the US government to give secret back doors. It should surprise no one that technically sophisticated people can retrieve the information from a phone that they have physical possession of. If anything, it's kind of a feather in Apple's cap that it took so much work.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
They might well lie in order to avoid what they came to see as an inevitable loss in court. This was never about the one phone.
Do you believe everything the government tells you?
Do you believe everything Apple tells you?
They're not lying about that. What they were lying about was that they needed Apple to do this in the first place on a not-current phone that doesn't have the most up to date protections in place.
They wanted to use this sympathetic case to force the courts to ignore the law and the constitution to force Apple to invent something it didn't have--to do compulsory work against its still in other words. They were then going to do what they always do--use a case based on terrorism as a precedent to apply to regular non-terrorist crimes for which they'd never have got even that far.
Their technique requires physical possession of a phone, and that's going to mean getting a warrant. It also precludes using it for mass spying. If they got what they wanted from Apple it would mean they could spy remotely with no warrant (well, not legally, but they'd do it anyway)
When it became clear that there was a pretty good chance of the exact opposite happening they folded, just like they intended to do all along if this happened. They couldn't just drop it because even the American media isn't so desense and bought off as to let that go unquestioned, so they had to hack this phone, most likely using a technique they had or had lined up all along. (That would be the lie part)
This is also how the government kept gun control cases out of the Supreme Court for decades, by strategically folding when they knew they were going to lose, because they believed, correctly, that what they were doing was unconstitutional and they didn't want to get called on it. It's a slimy technique executed by slimy people. Such is the state of our 'justice system'.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down.
Frankly I'm a little worried that they did find something on the phone. In a few days they may go: "See, we did find something, but because Apple resisted us the bad guys got away!"
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
The bold face lie by the FBI wouldn't be for no reason. The discussion around this case has largely been around privacy, encryption and what the government should have access to. But there's a much bigger issue in play that hasn't gotten a lot of coverage.
There's no law that says Apple must provide decryption of the phone. And since they're not in possession of the data (it's on the phone), they're not required to hand it over based on a warrant as they would be under the Telecommunications act. So what to do?
Enter the All Writs Act of 1789. Basically it says courts can issue writs (judicial orders) for anything necessary within their jurisdiction. This is what was being used to order Apple to develop a version of iOS that would not erase the phone no matter how many PINs were typed in, effectively allowing the bypassing of the encryption.
Now the All Wits Act hasn't been used that way historically. And there's a huge question as to whether you can order a company or a person to do work like that for free. Normally decrypting a phone would be a service the government would pay a contractor to do or have an in house capability for. Here there trying to compel an unwilling party to work for them for free.
It's a fair bet that's unconstitutional. (4th amendment). The government has used the All Writs Act a couple times this way in the past few years in relation to mobile devices. It's pretty clear they don't want that shaky legal ground tested in the Supreme Court with public opinion against them.
That should say 5th amendment; not 4th. "Nor shall private property be taken for public use, without just compensation."
They don't want a warrant though. A warrant doesn't apply in this case as there's nothing to search. They needed a special court order to compel Apple to assist them because no precedent for it within normal legal channels.
It was never about gaining access to a phone in their possession, it was about being able to hack phones via the cellular phone network, with out the knowledge of the owner of the phone and marketing that access to protect another corporate player M$ who is providing that access for a fee. It was all about forcing Apple away from selling security and privacy as a luxury feature worth paying for. There is a huge difference between being able to hack a phone in your possession and being able to hack it remotely. When push came to shove the US government and M$, lost to Apple and the internet and it won't be forgotten, talk about burning bridges.
Chaos - everything, everywhere, everywhen
creating a circumvention only needed to be able to run code on the phone. because 5c. the amount of tries on 5c is sw controlled. the israeli company likely has abootloader hack and altered fw.
Everyone knew. it is 5 c. no secure enclave. the wipe is in sw. if you have bootloader hacked or bl certs it is easy. why seemingly nobody on slashdot understands this i cannot nderstand.
world was created 5 seconds before this post as it is.
Without having the details, it's hard to gauge the true security of the phones. Perhaps the Israeli company used a scanning electron microscope and attacked the actual crypto chip, there are some risks associated with that approach but it's far from impossible and probably not something you would want to experiment with on a phone you've yelled about being 'OMG, national security' about. That makes the going to someone with experience a good thing. I have a hunch the Feds had this planned before any of this began. They hoped apple would cave but always had a backup plan, they just wanted the precedent before resorting to plan B. When it got to the point that the case was going to be heard and might go against them, they dropped it and went to the backup. At least that's what I would have done in their place.
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
world was created 5 seconds before this post as it is.
Nope, they've not been compensated. At least according to the court transcripts:
THE COURT: Look, your language doesn't invoke the All Writs Act, I get that, but in terms of the burden, first, you haven't challenged it and you still haven't explained why not. Second, you provided language for reasons I understand about consistency, but you also did not say anything about burdens beyond the immediate expense.
If you are saying we want to craft language that is going to say here's exactly what we have to do, you require, if I'm not mistaken -- I don't have the language in front of me. Do you require compensation?
MR. ZWILLINGER: No, we've never required compensation.
THE COURT: But you can, and you don't do anything about that.
I mean, the point is well taken that Apple is a pretty darn big company, maybe they don't care so much about the costs of these 70 things in the big picture. It just seems to me that there's a dog that didn't bark here.
MR. ZWILLINGER: I think the way to address this, Your Honor, is the following.
Right now, Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now. And, in fact, Apple built an operating system which is why we're only talking here about IOS 7 systems, operating systems IOS 8 and IOS 9, that puts Apple in a position where it cannot do this, that is, going forward with 390 percent of the devices involved, Apple cannot perform these services. So, Apple has taken itself out of the middle of being in a position where it can be used as an attack vector or in any way to compromise the security and privacy of customer devices.
So, when the court asks Apple today does the All Writs Act provide authority to force it to do this, Apple says no, it does not, because what we are being forced to do is expert forensic services, we're being forced to become an agent of law enforcement and we cannot be forced to do that with our old devices or with our new devices.
The 390 percent thing is weird, but that's what's in the transcript.
Full Transcript: http://www.scribd.com/doc/296323783/102615-Apple
That was never really the point. Nobody doubted the software only lock on the iPhone5 could be defeated. There was already lots of evidence out there to suggest that at least some agency had already done so. Apple's argument was that they want to be able to make a secure product and in fact do, the iPhone 6. It has a hardware authentication solution.
What they were trying to prevent was a legal precedent being set that would effectively prevent manufacturers from building secure products because complying with court orders would necessitate they have a purpose built back door that at least they have access / knowledge of. Apple and all of us know some organization with the capabilities of Cellebrite or maybe some unknown guy can potentially discover a backdoor or a deliberately introduced security flaw.
The iPhone 5 has no such deliberate flaw, it simply isn't and sufficiently robust solution or it has vulnerabilities that were actually mistakes or oversights, that hardware based system in the 6 may make it almost impossible to access a locked phone with a strong password without destroying the data. Apple wants to keep it that way, and the way this played out so far lets them do that.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I could be wrong, but I thought that Apple would have been compensated for their efforts in complying with the AWA-order? I don't remember anything about them doing it for free.
They might compensate Apple for the time and materials to get the job done.
What they won't do, is compensate Apple for the loss of reputation and loss of future sales they suffer because they cooperated.
if its possible to have less than zero percent trust in our 'national security' agencies, this is what we are left with, at this point.
they can sing and dance about all they want. but what they say is not trustable and no one should base any conclusions at all on their 'info'. its all about what they want and they'll lie, cheat or steal to get it.
common criminals who think they are on the 'right' side but have lost their way big-time. that's what the fbi, nsa, cia and all the rest are, at this point.
way to get the trust of the american (and ROW) people, guys! good show. good job.
lol. bunch of idiots, in reality. they could not have ruined their own rep any more if they tried.
one good thing: the young people are seeing the country for what it is and they will grow up mistrusting their leaders. THAT'S A GOOD THING - it shows that we are finally starting to realize what the reality of the world is; and not the disney fairy stories that we are taught when we grow up. people in the LEO field are not afraid to lie or cheat or steal to get what they want. they are thugs with badges and inferiority complexes. and they do NOT have our best interests at heart!
so, its good that we as a people are seeing how rotton our leaders and top secret orgs are. its good that the laundry gets aired every now and then.
don't trust the man. it was true decades ago and its still true, today.
--
"It is now safe to switch off your computer."
If you think they're bluffing about breaking the security, why not get someone (with a budget for this kind of thing) to buy the same phone, put in a secret message, set it to erase after 10 failures, and hire the same company to tell you the message. Either they can do it or they can't.