Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
the note mentioned PIN : 1234
eNjoy!
Thanks FBI !!!!
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
It was an old phone without the secure enclave, they can just say that they probably already closed that hole, particularly if it was the attack of rewriting the flash.
So, now the question becomes - What does Apple do?
Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)
Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?
Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?
Quite a few unanswered questions.
They will use it as an argument to sell a newer model.
Achille Talon
Hop!
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
BeauHD. Worst editor since kdawson.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Did anyone believe that the security of an iPhone (or Android Phone) would stand up to the resources available to a nation state - particularly one known to collect zero day exploits they keep to themselves?
And don't parrot back "the FBI said it wasn't another government agency" - you might be inclined to take them at their word, but it's been obvious to me for some time that they will lie to the public if they feel it suits their interests. So we don't know who did it.
#DeleteChrome
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
It was an iPhone 5c. It doesn't have the "secure enclave" that later models have, and is nowhere near as secure as these recent models, and by "recent", I mean anything that's a 5s or above.
See https://www.apple.com/business... for the gory details, or https://www.mikeash.com/pyblog... for a more readable version, but basically the secure enclave is designed to prevent brute-force attacks like the FBI wanted to use.
I'm reasonably certain that Apple's security team will have a larger remit on the next phone, to the extent that the secure enclave is invulnerable even to Apple (the above link speculates that it currently is not, and would therefore be vulnerable to a court warrant akin to the recent furore).
Physicists get Hadrons!
The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
...was there ever any doubt?
There is still doubt.
The announcement is so vague that I am not convinced if they accessed the phone or are just saving face (since they didn't particularly need the contents in the first place).
Which they had already done once, then LOST THE PASSWORD.
http://abcnews.go.com/US/san-b...
At any rate, physical security is the most important part of security. If they have the device, they will eventually crack it.
Never answer an anonymous letter. - Yogi Berra
The game does not need to be "upped". The only reason the encryption is so easily crackable is because it only had a 4 digit PIN. If the person had used a 16 character alphanumeric passcode, the encryption would be for all intents and purposes "uncrackable" as even with Apple's assistance, the FBI would never be able to brute-force the lock.
Probably good for Apple, actually. The problem with using this case as a precedent for whether or not a phone manufacturer should be required to unlock a phone or not is that Apple could have assisted them with the unlocking by doing what the FBI requested (writing a custom OS to facilitate unlocking). But now, Apple has already plugged that hole in newer models, which means if the same case were to happen with a newer iPhone, it would be even more in Apple's favor. On top of that, it wouldn't surprise me if the reason the FBI has backed out of the case is because they didn't think they were going to win and so didn't want to set a precedent which would be unfavorable to them.
Assuming there isn't some similar hole on the newer phones, I'm pretty sure Apple (and privacy, for that matter) is the big winner here.
Without secure enclave, the phone is basically wide open for pretty simple attacks on the hardware. With secure enclave, things may be a lot different.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
Let's look at the positives here:
1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.
2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.
I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.
You'll note that this was NOT his personal communication device. This was his work phone, which he left behind whole. He destroyed his own personal phone, whose secrets he obviously cared about. Note also that the FBI had already gotten a backup of the data on this phone from a number of weeks prior to the attack. Given all that, it's highly probable that there's nothing incriminating on that phone at all.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Irony: Agile development has too much intertia to be abandoned now.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Wish I had mod points. The FBI back down because they were about to have their ass handed to them in Federal Court, setting exactly the opposite precedent that they wanted!
Public opinion and some big players were lined up against them. The FBI was expecting everyone to turn on Apple as being unpatriotic when the case came to light. That didn't happen. I think they realized that this would likely end up in the Supreme Court and not go the way they want, barring them from future action. If they weren't able to break into the phone, this at least let's them back out cleanly while neither appearing to back off and not going down the road to the Supreme Court.
It's also possible they found a way into the phone that doesn't generalize, but provides the same way to back out without changing their position.
The history of cryptography has shown that almost any cyrptosystem can be broken with enough time and effort.
The FBI chose to use this case as a pretext to demand that Apple provide them which what is effectively a master key to break into any iphone with negligible time or effort.
Apple's contention was that the master key solution was not warranted and they have been proven correct.
The implication you're making is that:
(a) they never needed to get into the phone because it was already broken; or
(b) they lied that they broke into it and are now still unable to get into the phone, but won't admit it.
Which pretty much requires them to be handing us a bold faced lie for no reason. The FBI could withdraw its request at any time without having to go to these lengths if they felt they would lose at the Supreme Court. And I don't see how public opinion or other corporations would be able to affect the Court appeal process. The appeals court judges and the justices are not, after all, elected. Presumably, the FBI would have opened the request weighing the chances of a Supreme Court appearance from the beginning.
I'm no fan of the government, but lying in this manner, while colluding with a third party corporation, and a foreign one at that, seems like it would be a huge risk when a much smaller lie would have sufficed. The FBI could have simply backed off and worked to let the matter drop without setting a negative precedent. Seems too convoluted.
my voice is my passport
If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.
If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this that incorporates unreproducible physical defects unique to each NAND chip.
No security is perfect. This was a large government organization with physical possession of the phone paying a software agency with experience in digital forensics (in other words - retrieving data thought to be lost). It's not impossible to protect against this, but it can be trickier. From what I've read, the newer iPhones have more baked in security and would have been orders of magnitude harder to crack.
The big victory here is that Apple wasn't forced by the courts to unlock this phone "just this one time." Had they been forced to do it, one time would have turned into two, three, five, a hundred, etc. There is no precedent for the next time when the FBI or other law enforcement agencies come to Apple (or other phone manufacturers) demanding that they weaken security because "terrorism."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
"Bold faced lie" : yes
"For no reason" : not necessarily
Claiming to have unlocked the phone saves face, plus it spites Apple. Petty retribution for Apple's stubbornness.
Really, there's no reason for the FBI to tell the truth. The inverse of what you said. Admitting they couldn't hack it, and admitting they knew the court case was bound to fail ... what does any of that accomplish?
At this point, I'm assuming it's all lies, until the FBI either publishes the hack, or some info from within the phone that they now can access.
This signature is false.
They're not lying about that. What they were lying about was that they needed Apple to do this in the first place on a not-current phone that doesn't have the most up to date protections in place.
They wanted to use this sympathetic case to force the courts to ignore the law and the constitution to force Apple to invent something it didn't have--to do compulsory work against its still in other words. They were then going to do what they always do--use a case based on terrorism as a precedent to apply to regular non-terrorist crimes for which they'd never have got even that far.
Their technique requires physical possession of a phone, and that's going to mean getting a warrant. It also precludes using it for mass spying. If they got what they wanted from Apple it would mean they could spy remotely with no warrant (well, not legally, but they'd do it anyway)
When it became clear that there was a pretty good chance of the exact opposite happening they folded, just like they intended to do all along if this happened. They couldn't just drop it because even the American media isn't so desense and bought off as to let that go unquestioned, so they had to hack this phone, most likely using a technique they had or had lined up all along. (That would be the lie part)
This is also how the government kept gun control cases out of the Supreme Court for decades, by strategically folding when they knew they were going to lose, because they believed, correctly, that what they were doing was unconstitutional and they didn't want to get called on it. It's a slimy technique executed by slimy people. Such is the state of our 'justice system'.
The bold face lie by the FBI wouldn't be for no reason. The discussion around this case has largely been around privacy, encryption and what the government should have access to. But there's a much bigger issue in play that hasn't gotten a lot of coverage.
There's no law that says Apple must provide decryption of the phone. And since they're not in possession of the data (it's on the phone), they're not required to hand it over based on a warrant as they would be under the Telecommunications act. So what to do?
Enter the All Writs Act of 1789. Basically it says courts can issue writs (judicial orders) for anything necessary within their jurisdiction. This is what was being used to order Apple to develop a version of iOS that would not erase the phone no matter how many PINs were typed in, effectively allowing the bypassing of the encryption.
Now the All Wits Act hasn't been used that way historically. And there's a huge question as to whether you can order a company or a person to do work like that for free. Normally decrypting a phone would be a service the government would pay a contractor to do or have an in house capability for. Here there trying to compel an unwilling party to work for them for free.
It's a fair bet that's unconstitutional. (4th amendment). The government has used the All Writs Act a couple times this way in the past few years in relation to mobile devices. It's pretty clear they don't want that shaky legal ground tested in the Supreme Court with public opinion against them.
It was never about gaining access to a phone in their possession, it was about being able to hack phones via the cellular phone network, with out the knowledge of the owner of the phone and marketing that access to protect another corporate player M$ who is providing that access for a fee. It was all about forcing Apple away from selling security and privacy as a luxury feature worth paying for. There is a huge difference between being able to hack a phone in your possession and being able to hack it remotely. When push came to shove the US government and M$, lost to Apple and the internet and it won't be forgotten, talk about burning bridges.
Chaos - everything, everywhere, everywhen
Everyone knew. it is 5 c. no secure enclave. the wipe is in sw. if you have bootloader hacked or bl certs it is easy. why seemingly nobody on slashdot understands this i cannot nderstand.
world was created 5 seconds before this post as it is.
A way to unlock the phone was described in detail long before: basically, copy the flash memory that contains the "wipe key", and restore it every time the phone "wipes" itself during bruteforcing. Given that this method is known, why is it surprising that FBI unlocked the phone? The only surprising thing here is why it took them so long to actually do that, but it's only surprising if you assume that the goal of that whole kerfluffle was to unlock the phone, and not to set the precedent to force everyone to give them the skeleton key. If it's actually the latter, then it's only logical that they gave up and just unlocked it when they realized that courts won't rule in their favor.
Without having the details, it's hard to gauge the true security of the phones. Perhaps the Israeli company used a scanning electron microscope and attacked the actual crypto chip, there are some risks associated with that approach but it's far from impossible and probably not something you would want to experiment with on a phone you've yelled about being 'OMG, national security' about. That makes the going to someone with experience a good thing. I have a hunch the Feds had this planned before any of this began. They hoped apple would cave but always had a backup plan, they just wanted the precedent before resorting to plan B. When it got to the point that the case was going to be heard and might go against them, they dropped it and went to the backup. At least that's what I would have done in their place.
c: they found someone who had a bootloader hack that then makes it possible to alter the fw to have unlimited attempts because on 5c that is a sw check. the key comes from hw after giving the pin but the 10 attempts limit on 5c is in sw.
really that is the only thing that needed hacking to achieve this. it doesnt work for newer iphones.
both the fbi and apple have been full of bs talk in regards to this.
world was created 5 seconds before this post as it is.
Nope, they've not been compensated. At least according to the court transcripts:
THE COURT: Look, your language doesn't invoke the All Writs Act, I get that, but in terms of the burden, first, you haven't challenged it and you still haven't explained why not. Second, you provided language for reasons I understand about consistency, but you also did not say anything about burdens beyond the immediate expense.
If you are saying we want to craft language that is going to say here's exactly what we have to do, you require, if I'm not mistaken -- I don't have the language in front of me. Do you require compensation?
MR. ZWILLINGER: No, we've never required compensation.
THE COURT: But you can, and you don't do anything about that.
I mean, the point is well taken that Apple is a pretty darn big company, maybe they don't care so much about the costs of these 70 things in the big picture. It just seems to me that there's a dog that didn't bark here.
MR. ZWILLINGER: I think the way to address this, Your Honor, is the following.
Right now, Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now. And, in fact, Apple built an operating system which is why we're only talking here about IOS 7 systems, operating systems IOS 8 and IOS 9, that puts Apple in a position where it cannot do this, that is, going forward with 390 percent of the devices involved, Apple cannot perform these services. So, Apple has taken itself out of the middle of being in a position where it can be used as an attack vector or in any way to compromise the security and privacy of customer devices.
So, when the court asks Apple today does the All Writs Act provide authority to force it to do this, Apple says no, it does not, because what we are being forced to do is expert forensic services, we're being forced to become an agent of law enforcement and we cannot be forced to do that with our old devices or with our new devices.
The 390 percent thing is weird, but that's what's in the transcript.
Full Transcript: http://www.scribd.com/doc/296323783/102615-Apple