Slashdot Mirror
FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net)
New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone.
"The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
Thanks FBI !!!!
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
FIFY.
I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.
Maybe. But they have little track record for credibility.
It was an old phone without the secure enclave, they can just say that they probably already closed that hole, particularly if it was the attack of rewriting the flash.
They will use it as an argument to sell a newer model.
Achille Talon
Hop!
There is no such thing as a 100% secure platform. Every time someone makes such a boast the system gets hacked - usually very publicly.
BeauHD. Worst editor since kdawson.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
Did anyone believe that the security of an iPhone (or Android Phone) would stand up to the resources available to a nation state - particularly one known to collect zero day exploits they keep to themselves?
And don't parrot back "the FBI said it wasn't another government agency" - you might be inclined to take them at their word, but it's been obvious to me for some time that they will lie to the public if they feel it suits their interests. So we don't know who did it.
#DeleteChrome
So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".
Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
It was an iPhone 5c. It doesn't have the "secure enclave" that later models have, and is nowhere near as secure as these recent models, and by "recent", I mean anything that's a 5s or above.
See https://www.apple.com/business... for the gory details, or https://www.mikeash.com/pyblog... for a more readable version, but basically the secure enclave is designed to prevent brute-force attacks like the FBI wanted to use.
I'm reasonably certain that Apple's security team will have a larger remit on the next phone, to the extent that the secure enclave is invulnerable even to Apple (the above link speculates that it currently is not, and would therefore be vulnerable to a court warrant akin to the recent furore).
Physicists get Hadrons!
The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
Without secure enclave, the phone is basically wide open for pretty simple attacks on the hardware. With secure enclave, things may be a lot different.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The incredibly funny part is coming... 3... 2... 1...
Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.
And then Apple releases an iOS update.
You'll note that this was NOT his personal communication device. This was his work phone, which he left behind whole. He destroyed his own personal phone, whose secrets he obviously cared about. Note also that the FBI had already gotten a backup of the data on this phone from a number of weeks prior to the attack. Given all that, it's highly probable that there's nothing incriminating on that phone at all.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Irony: Agile development has too much intertia to be abandoned now.
You still think this was just about getting access to that phone for intelligence reasons? Are you telling me the FBI didn't even know about this Israeli security firm that could unlock iPhones? Because they obviously didn't even bother asking them before going to the courts.
Please. They backed off because they saw the wind wasn't blowing in their direction. The *last* thing they wanted to do was to lose this case and set a negative precedent.
Wish I had mod points. The FBI back down because they were about to have their ass handed to them in Federal Court, setting exactly the opposite precedent that they wanted!
Public opinion and some big players were lined up against them. The FBI was expecting everyone to turn on Apple as being unpatriotic when the case came to light. That didn't happen. I think they realized that this would likely end up in the Supreme Court and not go the way they want, barring them from future action. If they weren't able to break into the phone, this at least let's them back out cleanly while neither appearing to back off and not going down the road to the Supreme Court.
It's also possible they found a way into the phone that doesn't generalize, but provides the same way to back out without changing their position.
Charles Stross has a bit about this on his blog. He suspects that Apple is moving into the electronic funds transfer sector a bit more than they already are and that if there was a publicly known backdoor that would screw over trust issues enough to mess up potential future business.
He phrases it as the FBI wanting a backdoor into what will effectively be an ATM machine network. Not a good look for the vendor of such a thing.
In around 2000 there were people buying fuel at the pump in one country via their phones but the banks got in the way of that being a viable payment method in general. Now Apple probably have the ability to do to the banks what they did to the music companies and actually implement the old electronic wallet idea. I'm not saying it's necessarily a good thing or a bad thing, just that it looks like Apple is heading in that direction and the FBI having a backdoor into it would be a danger to such a system.
They're not lying about that. What they were lying about was that they needed Apple to do this in the first place on a not-current phone that doesn't have the most up to date protections in place.
They wanted to use this sympathetic case to force the courts to ignore the law and the constitution to force Apple to invent something it didn't have--to do compulsory work against its still in other words. They were then going to do what they always do--use a case based on terrorism as a precedent to apply to regular non-terrorist crimes for which they'd never have got even that far.
Their technique requires physical possession of a phone, and that's going to mean getting a warrant. It also precludes using it for mass spying. If they got what they wanted from Apple it would mean they could spy remotely with no warrant (well, not legally, but they'd do it anyway)
When it became clear that there was a pretty good chance of the exact opposite happening they folded, just like they intended to do all along if this happened. They couldn't just drop it because even the American media isn't so desense and bought off as to let that go unquestioned, so they had to hack this phone, most likely using a technique they had or had lined up all along. (That would be the lie part)
This is also how the government kept gun control cases out of the Supreme Court for decades, by strategically folding when they knew they were going to lose, because they believed, correctly, that what they were doing was unconstitutional and they didn't want to get called on it. It's a slimy technique executed by slimy people. Such is the state of our 'justice system'.
The bold face lie by the FBI wouldn't be for no reason. The discussion around this case has largely been around privacy, encryption and what the government should have access to. But there's a much bigger issue in play that hasn't gotten a lot of coverage.
There's no law that says Apple must provide decryption of the phone. And since they're not in possession of the data (it's on the phone), they're not required to hand it over based on a warrant as they would be under the Telecommunications act. So what to do?
Enter the All Writs Act of 1789. Basically it says courts can issue writs (judicial orders) for anything necessary within their jurisdiction. This is what was being used to order Apple to develop a version of iOS that would not erase the phone no matter how many PINs were typed in, effectively allowing the bypassing of the encryption.
Now the All Wits Act hasn't been used that way historically. And there's a huge question as to whether you can order a company or a person to do work like that for free. Normally decrypting a phone would be a service the government would pay a contractor to do or have an in house capability for. Here there trying to compel an unwilling party to work for them for free.
It's a fair bet that's unconstitutional. (4th amendment). The government has used the All Writs Act a couple times this way in the past few years in relation to mobile devices. It's pretty clear they don't want that shaky legal ground tested in the Supreme Court with public opinion against them.
It was never about gaining access to a phone in their possession, it was about being able to hack phones via the cellular phone network, with out the knowledge of the owner of the phone and marketing that access to protect another corporate player M$ who is providing that access for a fee. It was all about forcing Apple away from selling security and privacy as a luxury feature worth paying for. There is a huge difference between being able to hack a phone in your possession and being able to hack it remotely. When push came to shove the US government and M$, lost to Apple and the internet and it won't be forgotten, talk about burning bridges.
Chaos - everything, everywhere, everywhen