Slashdot Mirror

← Back to Stories (view on slashdot.org)

LAPD Hacked An iPhone 5s Before The FBI Hacked San Bernardino Terrorist's iPhone 5c (latimes.com)

Posted by BeauHD on from the bypassed-security dept.

According to recently released court papers, Los Angeles police investigators found a way to break into a locked iPhone 5s belonging to April Jace, the slain wife of "The Shield" actor Michael Jace. The detectives were able to bypass the security at around the same time period the FBI was demanding Apple unlock the iPhone 5c belonging to San Bernardino terrorist Syed Rizwan Farook. LAPD detective Connie Zych wrote on March 18, the department found a "forensic cellphone expert" who could "override the locked iPhone function," according to the search warrant. There's no mention of how the LAPD broke into the iPhone or what OS the iPhone was running (Note: iOS 8, which features improved encryption and security features, came out months after the killing). The information stored on the iPhone should help in the criminal case against Jace's husband, who is charged with the May 19, 2014, killing.

2 of 47 comments (clear)

  1. Laos budget by Anonymous Coward · · Score: 2, Informative

    Lapd has enormous budget, saw a documentary which said they had people stationed internationally. Mission creep on overdrive.

  2. Re:Michael Jace was several years ago. by Wrath0fb0b · · Score: 2, Informative

    Yes, iOS 7 was vulnerable to a very simple hardware hack:

    (1) Hook up your own battery emulator to replace the battery
    (2) Try a passcode, if it fails, cut power before the phone has a chance to write down the failure attempt
    (3) Profit (seriously, these hack-boxes were like $50k each while they worked)

    The solution on the phone side is reordering the events -- first execute failedAttempts++ and make sure it's synced to persistent storage, then evaluate the passcode and, if it's good, write failedAttempts=0 and unlock the phone. Not too complicated but counterintuitive to declare each attempt a failure beforehand and the undo your work later.

    Oh, and syncing it one of those simple things that are notoriously difficult to nail down in practice. fsync is perennially misunderstood as ensuring data is written to persistent storage, it actually only means it's moved out to the device (cf F_FULLFSYNC). Linux spent a while on write barriers, but then settled on different IO ordering semantics.