Slashdot Asks: Should FBI Reveal to Apple How to Unlock Terrorist's iPhone?

After reports that the FBI managed to unlock an iPhone 5c belonging to one of the San Bernardino shooters without the help of Apple, Apple is now the one that needs the FBI's assistance. "The responsible thing for the government to do is privately disclose the vulnerability to Apple so they can continue hardening security on their devices," said Justin Olsson, product counsel at security software maker AVG Technologies. However, many experts in the field believe that the government isn't legally obligated to provide the information to Apple. As mentioned in Los Angeles Times, this creates a new ethical dilemma: Should tech companies be made aware of flaws in their products, or should law enforcement be able to deploy those bugs as crime-fighting tools?

Re:Better idea:

[meadow]

The *reality* of who the FBI actually are - the people in your community - who you don't know about - who work there - is that they are basically a secret mafia, usually very connected to your local law enforcement and oligarchy that runs your city - and they have super powers that you cannot even imagine to be able to raid and invade anyone's life at will. They are a separate class and truly a branch of the oligarchy, and in ways far more frightening than the mafia/thug class associated historically with other regimes because their powers and secrecy go way beyond - whereas with the former historical ones they tended to be more overtly violent thugs.

The very existence of FBI - and in fact also police in the United States - is a violation of the pact between people and government, and a clear sign that this is a de facto oligarchy, and that just because its an *oligarchy* and not some other type of fascist regime, is no less human-rights violating and dictatorial than any other.

That said, the conduct of the NSA and other federal agencies is totally reprehensible. From the viewpoint of basic human decency, if you happen to notice a problem with your neighbor - perhaps something unusual or wrong with their house or any of their possessions - it is universally understood that you should tell them about it.

The analogy with our federal government is that they are like the most shitty, disgusting neighbor who knows all these things are wrong with their neighbor's house and they are actually glad for it and refuse to tell the neighbor about it because they view those vulnerabilities as an advantage or asset to be potentially exploited. That is the EXACT OPPOSITE of how they should be acting and is more than justification for their complete and immediate disbandment and a major reform of our federal, state, and local governments from the ground up.

Wake up people.

The level of delusion, apathy, and disregard one sees in Silicon Valley is truly appalling given the seriousness of our situation in America. Our elections are a complete joke. Our entire system is becoming more and more a farce based not on the basic concept of rule of law but rather groups of thugs - usually identified as liberal - who see their jobs as entailing the constant breaking and bending of rules for one selected class or another.

Re:Didn't

[marcansoft]

Of course they hacked the phone.

There is a very easy, very reasonable trick that is guaranteed to work to get the data out of that phone with minimal risk (assuming it has a 4-digit PIN). It's not a mistake, it's not a bug, it's not something anyone has to "discover". It's simply an attack outside the threat model that Apple used when designing that particular iPhone (and, with minor differences, all currently released iPhones). I have no doubt Apple knows full well it will work and knew it would work when they designed the phone (it's blatantly obvious, and Apple's security engineers aren't idiots) - protecting against it is just not trivial (it cannot be solved by software, it requires support hardware) so, to this date, they've chosen not to. In fact, they added a minor roadblock against it on newer phones (but only a minor one that can also be bypassed - because doing better is Hard(TM) and costs money), which demonstrates they are fully aware of it. I explained how it works here (search for "replay attack"). I'm not the first one to mention this approach.

Making iPhone secure against all physical attacks is impossible. If your PIN is bruteforceable (as is the case here), then security relies on the PIN attempt counter. An attacker with physical possession of the phone can always find a way in. Apple just has to decide how much effort (and money) they want to put into making that harder. The current bar is at approximately the "a couple experienced hardware/software hackers and a couple thousand dollars in R&D costs" level. With some more money/effort they could raise it to the "a crazy dude like Chris Tarnovsky and a medium-budget silicon hacking lab" level. It's not going to get to the "noone will practically be able to do it" level without making the iPhone into a tamper-resistant hardware security module with physical defenses (i.e. not something likely to fit in your pocket).

It still baffles me why everyone is so concerned about how the FBI got in, when we know an easy way in already.