Police Unlikely To Win Wider Access To Smartphones Despite FBI Success In San Bernardino Case

An anonymous reader quotes a report from Los Angeles Times: The successful hack of a phone linked to the San Bernardino terror attacks is unlikely to help police win greater access to encrypted data contained inside thousands of smartphones sitting in evidence lockers nationwide, legal experts and law enforcement officials said Tuesday. The process used to gain access to Syed Rizwan Farook's iPhone 5c might not work on other devices, according to an FBI official with knowledge of the investigation. Though the FBI might want to use the new tool to help solve outstanding criminal cases, doing so would also make the process subject to discovery during criminal trials and place the information in the public domain, according to the official, who was not authorized to discuss the case and spoke on the condition of anonymity. "From all the chiefs that I've talked to, we're hopeful this will give us some insight into how we're going to be able to get into some of the phones sitting in all of our evidence rooms," said Terry Cunningham, police chief in Wellesley, Mass., and president of the International Assn. of Chiefs of Police. "We're clearly anxious to learn what they did and how they did it and if it can be replicated."

FBI did not win

The media is overstating the case. The actual FBI court filing of two days ago did not say they had defeated the iPhone security; it merely alleged to have 'obtained the contents of the iPhone' in question. Maybe they found an iPhone backup for all we know.

The FBI has a significant reason to mislead or lie since they would want to avoid a negative precedent being set at the District Court level, especially after federal Magistrate Judge Orenstein of Brooklyn, NY ruling that Apple did not have to be subject to the All Writs Act. I believe that the FBI will wait for an even more sympathetic case.

http://www.nytimes.com/2016/03/01/technology/apple-wins-ruling-in-new-york-iphone-hacking-order.html

Even if they had "cracked the iPhone" there is no reason that the FBI would not pursue the case in District Court IF it thought it would prevail, since there is no reason to believe that Apple would not patch the bug and a favorable ruling wold apply to all hardware vendors.

No, it is clear that the FBI lost this one AND they are likely to be misleading or lying about about the obtaining the information.

Here is the relevant text from the very short FBI filing:
“...the FBI has now successfully retrieved the data stored on the San Bernardino terrorist’s iPhone and therefore no longer requires the assistance from Apple required by this Court Order,”

The technically naive would naturally think that this means they cracked the iPhone security. Bullshit.

Re:Claimed Success

As a one-time litigator in US district court, it is not perjury to lie to the court unless explicitly under oath. Though as an officer of the court it is unethical--possibly even contemptuous or an obstruction--to mislead or lie in a motion or other non-sworn court paper. In my experiences sanctions are few and far between for such behavior, however, despite my experience that the most prolific perjurers in court are the police and the attorneys.

In general parties ask for dismissal of their claims all the time before adjudication in order to avoid a bad result. For example, I made a motion for summary judgment in a trade secret case in San Jose. The Plaintiff moved for dismissal with prejudice. Since it was immediately granted, I did not gain a District Court precedent.

  In this case the smearing and vilification of Apple is in fully swing. I suppose that it is punishment for not simply rolling over for LE demands.

Re:What an insight!

[TheGratefulNet]

or, there WAS NO HACK and they simply are lying to cover their damned asses.

my guess is that they have no hack and they want us all to think they broke in, so they could abandon a LOSING COURT CASE before the proper precident (one that favors freedom instead of unwarranted authoritarian power-grabs) was set.

the simplest explanation is often the case: they were losing big-time in the court of public opinion and they could not force the richest company IN THE WORLD to do their petty bidding. they knew they'd lose and so they cower with tail between legs, making up a fake 'victory story' which is 100% opposite of the actual truth.

the good guys have switches places, it seems. I wonder if/when we'll get our real good guys back? will that happen in our lifetime?

Re:What an insight!

[shawn2772]

But make no mistake: the effectiveness of the security system that we're talking about, is decades behind what we're otherwise used to.

Completely false. Desktop encryption is, in general, far, far inferior to what we have on mobile devices today, because the systems are wide open, which means that the only line of defense is the user's password. Pull the hard drive out, make a copy, and go to town brute forcing it. Done. A small subset of machines these days have a TPM and use it in their encryption, which is better but not hard to fake out. You just have to feed the right sequence of hashes to the device, and it'll do your bidding.

No, mobile devices and mobile OSes are dramatically more secure than desktops and laptops. They use hardware-embedded keys in addition to the user password. When the hardware also enforces brute force rate limiting (as the newer Apple devices do), it's even better.

The one small advantage that machines with full-sized keyboards have is that users are slightly more likely to choose a better password. But only slightly, and hardware performance plus the availability of dirt cheap supercomputing (AWS or GCE) has largely erased that advantage.

Re:What an insight!

[Sloppy]

the simplest explanation is often the case

If you go by the simplest explanation (and we receive no further information to help us), then you're going to conclude that someone cracked it.

There is significant fraction-of-a-world of people who think Apple's hardware is generally pretty decent (at worst! a lot of people downright like it). But the hardware, for all its perceived virtues, has one big glaring problem: it tries to prevent people from running whatever software that they want to. So there are a fuckton of people who look for bugs, in order to be able to root their own phones and gain control of the machine that they bought. Some of them find the bugs. It has always been so, and that's how it is on this platform too, unless you are saying that you think Apple is the one company in the history of this industry, who has finally managed to produce bug-free consumer products.

You're not saying that, are you?

If not, then the simplest explanation is that someone with physical access to the device managed to gain control of it, since that sort of thing happens all the time anyway, with or without the FBI backing the effort.

they were losing big-time in the court of public opinion and they could not force the richest company IN THE WORLD to do their petty bidding. they knew they'd lose

Believe it or not, you're actually overstating how much the FBI was winning; they were far more doomed and already-defeated than you describe. They've probably won the battle for the iPhone 5c, and they might possibly (it's iffy, but possible) win on some newer handheld/toy PCs. But they have no chance, ever, when it comes to solving the general problem. If users actively try to protect their data then the data will be really encrypted, such that subverting the device doesn't get you the key (or 10k possible keys, where one is really it). And then attackers can go crying or threatening whatever manufacturers they want, and it won't help them a bit.

This time, they couldn't wave their $5 wrench at the user (dead men are hard to intimidate), so they waved it at someone else. (It was either a miracle or technological travesty (pick your PoV) that someone else could actually help them.) Next time, there is no "someone else" unless the user is just as incompetent (or more likely: apathetic) as Farook was.