Apple wants the FBI to reveal how it hacked the San Bernardino killer's iPhone
Source: LA Times
Apple Inc. refused to give the FBI software the agency desperately wanted. Now Apple is the one that needs the FBI's assistance.
The FBI announced Monday that it managed to unlock an iPhone 5c belonging to one of the San Bernardino shooters without the help of Apple. And the agency has shown no interest in telling Apple how it skirted the phone's security features, leaving the tech giant guessing about a vulnerability that could compromise millions of devices.
"One way or another, Apple needs to figure out the details," said Justin Olsson, product counsel at security software maker AVG Technologies. "The responsible thing for the government to do is privately disclose the vulnerability to Apple so they can continue hardening security on their devices."
But that's not how it's playing out so far. The situation illuminates a process that usually takes place in secret: Governments regularly develop or purchase hacking techniques for law enforcement and counterterrorism efforts, and put them to use without telling affected companies.
Read more: http://www.latimes.com/business/technology/la-fi-tn-apple-next-steps-20160330-story.html
msanthrope
(37,549 posts)24601
(3,962 posts)Like Apple didn't know. Good to start the day with a laugh.
Indydem
(2,642 posts)The microchip dies are designed by Apple and created to their tolerances. There is no possibility of this happening.
So concerned are they about security that they are having their own servers built for data centers, because they do not trust off the shelf systems to be free from such shenanigans.
tomm2thumbs
(13,297 posts)or they realized the weren't going to win, so they figured the least they could do is annoy the f*ck out of Apple, claiming to have defeated their security. LOLz
My guess is they cloned the phone's exact memory & set-up and simply ran a bunch of computer inputs of passwords on each cloned version, perhaps even inspecting areas of the glass with more scratches as likely potential repeated password-entry pushes just to make it easier.
NCjack
(10,279 posts)principal investigator's office.
DetlefK
(16,423 posts)There is a method that works by finding the microchip that is responsible for keeping track of passwords and login-processes. Identify that microchip, put the motherboard in a laboratory-setup with micro-manipulators and rewire the pins to a microchip YOU control.
That way you can get infinite attempts to break the password by brute-force, for example.
William Seger
(10,779 posts)... they have a way to completely clone the phone's memory into another phone, so they get 10 passcode attempts on each clone.
Xithras
(16,191 posts)Any piece of hardware that can be built can be emulated and virtualized. Emulate the hardware properly, and you can execute the software on it without cracking the software itself.
And once you can emulate it, you can duplicate it. Imagine a supercomputer simultaneously attempting 10 different passcodes on 1000 copies of the same phone simultaneously. Didn't get it on the first try? Dump those thousand and try another thousand. Properly written, the process will only take a few seconds.
The other possibility is that they've found the location where the failed attempts iterator is storing its data. If you know the byte pattern when the counter is at zero, you simply need to overwrite that spot in memory between attempts with the "clean" pattern to get an infinite number of attempts. While possible, this solution is a little less likely simply because it would damage the phone in the process.
ChairmanAgnostic
(28,017 posts)Why? They lie routinely, in fact the Supreme Robes permit authorities to lie.
I predict that they will eventually state that they found no useful information.
But they will never release what they allegedly extracted. Because it is possible that they did not succeed.
islandmkl
(5,275 posts)RATM435
(392 posts)Sam_Fields
(305 posts)TBF
(32,068 posts)Adrahil
(13,340 posts)FailureToCommunicate
(14,014 posts)Apple would have had to create one, thereby putting everyone's iPhone at risk, not just 'the bad guys'
Plus LOTS of other players, not just Apple, were steadfast against giving the government ways to hack their devices.
Apple, and this terrorist case, just was chosen by the FBI because they it knew would garner the most support based on a false premise: that Apple already had a way in, and that how could big bad Apple dare to refuse to cooperate with such a high profile case?
This was always about a fishing expedition by the FBI.
William Seger
(10,779 posts)There's been a LOT of sloppy reporting about this, but this article is more accurate than most. Apple has been very disingenuous about deliberately confusing the issues in this case with the "back door" issue.
Do you think the FBI had the right to require the building owner to unlock Farook's apartment door, or was that just a "fishing expedition" too?
FailureToCommunicate
(14,014 posts)with allowing the FBI the right to unlock Farook's actual apartment back door, well then, I think you may not be serious and are just playing devil's advocate.
I see from your other posts here that that may be the case.
The first line of the article is false, so the rest of it holds little prospect of being on target:
"Apple Inc. refused to give the FBI software the agency desperately wanted."
William Seger
(10,779 posts)> I think you may not be serious and are just playing devil's advocate.
You're entitled to your opinion, whether or not you choose to base it on facts.
Chan790
(20,176 posts)Apple, as a compromise to get this out of court and avoid losing a lawsuit that could endanger the security of every iPhone, offered to do just that and crack this specific phone.
The FBI refused and demanded to be given custom software that they claimed they would only use on Farook's phone, claiming they could not surrender the phone to Apple for Apple's solution.
The gap between the two proposed solutions is immense.
William Seger
(10,779 posts)Chan790
(20,176 posts)and disproves your argument.
Okay.
William Seger
(10,779 posts)Section 3 says in part: "The SIF (software image file) will be coded by Apple with a unique identifier of the phone so that it would only load and execute on the SUBJECT DEVICE." The SUBJECT DEVICE, defined in section 1 by its unique ID, is Farook's phone.
angrychair
(8,702 posts)In no way, at all, is unlocking this person's phone the same as unlocking a door. Not to mention, this not really about a single phone. This is about request the FBI has for almost a dozen. It's about several law enforcement agencies and AG offices that have hundreds of phones they want to unlock. If they did it for the FBI, they would be compelled to do it for everyone. Then they have a hack method out in the wild and their devices are vulnerable.
William Seger
(10,779 posts)That's the real reason for their objection. Well, now they don't have to, and the result is that the FBI now actually does have a way to hack ANY 5c -- the very thing Apple disingenuously said was the basis of their objection.
angrychair
(8,702 posts)The point, as was clearly stated by Apple, was a hack out in the wild that leaves all Apple devices vulnerable. That is what this about. So you are ok with that?
William Seger
(10,779 posts)The FBI wanted a version of iOS that would only run on Farook's phone (by checking its unique ID), and would disable the code that wiped memory after 10 unsuccessful passcode attempts. That version would not be "out in the wild" any more than iOS already is, i.e. if anyone could modify that version to run on a different phone and somehow get the phone to install that modified version without it being signed by Apple's private security key, then they wouldn't need Apple to do anything in the first place: They would just go ahead and modify iOS any way they wanted to.
Indydem
(2,642 posts)There is no backdoor around the device encryption on Apple phones - not one built by Apple at least (we shall eventually see what this hack was all about).
Your door anology is ridiculous. But I'll use the analogy to help you understand what was actually being requested.
The door has a Schlage lock on it. All of the keys have been lost. The door and door frame are so strong that attempting to breach the door will cause the entire apartment to collapse. Traditional methods of picking the lock will not work.
Therefore, the government forces Schlage to, at their own expense, sequester their engineers for 4-6 months working on creating a skeleton key for all of these Schlage locks that were created to keep criminals out. The government "promises" that they will only use the skeleton key this one time, and will never allow the skeleton key to get out of their hands. Schlage doesn't want to make the key. The engineers at Schlage don't want to make the key. The government has no legal footing to force Schlage to make the key. So they take them to court using dubious legal precedent from 200 years ago to force them to make this key.
And you come down on the side of the government?
William Seger
(10,779 posts)... I suggest you start with "what was actually being requested."
Indydem
(2,642 posts)What do you think was being requested?
But first: Do you understand that the government wanted Apple to write a new version of iOS?
William Seger
(10,779 posts)Either you haven't or you didn't understand it, but don't let that stop you from expressing your opinions.
Indydem
(2,642 posts)Answer that question please.
William Seger
(10,779 posts)Did they ask Apple to build a custom iOS that would only run on Farook's phone?
Answer that question please.
Indydem
(2,642 posts)They did not.
The custom version of iOS could have been installed on any device.
William Seger
(10,779 posts)Indydem
(2,642 posts)I don't know where you heard that, but it is patently false.
William Seger
(10,779 posts)Section 1 defines the unique ID of the SUBJECT DEVICE (Farook's phone), Section 2 says precisely what the FBI is requesting, and Section 3 says in part: "The SIF (software image file) will be coded by Apple with a unique identifier of the phone so that it would only load and execute on the SUBJECT DEVICE."
You really should have checked before doubling down.
Xithras
(16,191 posts)The FBI had a right to enter the apartment. That right doesn't compel the landlord to open it for them. The landlord simply had a choice: Unlock the door, or foot the bill for repairing the damage afterward when the FBI opens it themselves. A smart landlord unlocks the door, but it's important to understand that it's his choice to do so.
The government cannot compel you to perform uncompensated labor, even when it is in support of criminal investigations or anti-terrorism efforts.
William Seger
(10,779 posts)... unless he could explain why it was "unreasonable" for him to unlock the door. That's what Apple and the FBI would have been fighting over in court.
geek tragedy
(68,868 posts)randome
(34,845 posts)They deliberately chose to go the marketing route and now they're going to suffer for that from a PR perspective. Tim Cook handled this badly from the very start.
[hr][font color="blue"][center]If you're not committed to anything, you're just taking up space.
Gregory Peck, Mirage (1965)[/center][/font][hr]
joshcryer
(62,276 posts)Free Speech denies the government the right to force Apple (even if it's a corporation, its employees would be writing the code) to rewrite code to make it hackable.
Now, given that, I don't see the FBI or its third party hacker actually revealing how they did it.
Apple already knows how it was done, because they effectively admitted it could be done.
This is just them turning the tables.
It'll be thrown out as state secrets.
But Time Cook, and this is where I completely disagree, handled it admirably. It is insane, completely insane, to force people to do the bidding of the government. It goes against the constitution in every way conceivable.
MadDAsHell
(2,067 posts)It happens everyday; they're called laws.
And many of them (ACA, mandating union dues from employees who don't want to be in the union, mandating private businesses serve all customers regardless of religious preference, etc.), we're pretty big fans of.
randome
(34,845 posts)Last edited Wed Mar 30, 2016, 02:39 PM - Edit history (1)
I like William Seger's point about the government 'forcing' the landlord to unlock the apartment so they could search it.
You may be making the assumption that some grand effort is involved when it could be relatively easy to do. Besides, Apple has an entire department of attorneys and engineers devoted to dealing with issues of this sort. With a legal warrant, the government wouldn't be forcing anyone to do anything. A judge would be doing that.
[hr][font color="blue"][center]If you're not committed to anything, you're just taking up space.
Gregory Peck, Mirage (1965)[/center][/font][hr]
TipTok
(2,474 posts)Cook handled it perfectly if only for advancement of his brand.
randome
(34,845 posts)Sure, maybe the newer phones are harder to crack but now there is the suggestion that Apple's products may not be as secure as Apple says.
And the only reason they went down this marketing route in the first place is for sales. I find it difficult to accept that some want to defend a corporation that is trying to increase its bottom line.
When the only question that should ever have been considered is: does Apple need to comply with a legal warrant? If not, well, that leads us down another road entirely.
I guess it remains to be seen if there is any fallout for Cook.
[hr][font color="blue"][center]If you're not committed to anything, you're just taking up space.
Gregory Peck, Mirage (1965)[/center][/font][hr]
TipTok
(2,474 posts)... Time, money and effort to create something that would weaken their general security.
Anyone who thinks about it will realize that there is no perfect security but a brand that at least appears to take it seriously will get a lot of business.
William Seger
(10,779 posts)... if Apple had complied with the FBI request, the FBI would have had a piece of software that would only run on Farook's phone. Now, they have a way to crack any 5c.
joshcryer
(62,276 posts)They knew it could be done, and probably already were working on doing it in case they lost the case. They're a corporation, after all. This is more PR from them than anything.
Blue_Tires
(55,445 posts)Baitball Blogger
(46,741 posts)It was just a bluff because they already have the technology to tap into these phones?
LiberalArkie
(15,719 posts)of the IC to get to the chip inside. They can then duplicate the contents and solve their problems.
The NSA and CIA were opposed to the FBI's lawsuit and methods. But I don't think that the FBI wanted any other agency to see what was there.
The Second Stone
(2,900 posts)I wonder if more recent models are hackable the same way. Assuming that it isn't just disinformation.
BeyondGeography
(39,375 posts)Binkie The Clown
(7,911 posts)Revealing that would destroy the illusion they want to promote that they are smarter than they really are.
LiberalArkie
(15,719 posts)against the DMCA then this sure is.
alcibiades_mystery
(36,437 posts)LiberalLovinLug
(14,174 posts)not
To see all the NSA authoritarian fluffers (if you aren't doing anything wrong you shouldn't have anything to worry about) all on the side of the government's ongoing attempt to have their own key to everyones smart phone.
WhoWoodaKnew
(847 posts)AngryAmish
(25,704 posts)It is not their phone. The feds nonsuited the case against them. How does the court have jurisdiction?