back to article Feds look left and right for support – and see everyone backing Apple

Public opinion over the judicial demand that Apple create a version of its mobile operating system for the FBI – dubbed FBiOS – appears to have landed firmly against the Feds. The FBI has demanded Apple assist it in breaking into the mobile phone of San Bernardino shooter Syed Farook who, along with his wife, killed 14 people …

Page:

  1. Anonymous Coward
    Meh

    I have to say that I'm a bit on the fence about this.

    On the one hand, I see Apple's point about the slippery slope. I'm also rather wary of a court being in position to order an independent entity (who has nothing whatsoever to do with the case itself) to assist.

    However, the FBI do seem to have bent over backwards to figure out a way that they can get the data off this device without it at least being obvious that it would create a precedent. They are not asking for a generic solution. They are not asking for the encryptiong to be broken. They have also gone through the correct channels to do this kind of thing, i.e. a proper public court.

    1. PleebSmasher
      Black Helicopters

      "However, the FBI do seem to have bent over backwards to figure out a way that they can get the data off this device without it at least being obvious that it would create a precedent."

      Here's the precedent: Apple and Google update their devices to make it harder if not impossible to bypass PIN security restrictions by uploading new firmware. Apple already said last year that it would require 6 digit PINs rather than 4, expect to see more of that.

      1. JeffyPoooh
        Pint

        Have they tried 7-8-5-2 yet?

        Reportedly, on devices with swipe-the-digits unlock codes, about half of everyone uses the backwards 'L' shape 7-8-5-2.

    2. This post has been deleted by its author

    3. Fred Flintstone Gold badge

      Let's help you out then :)

      I have to say that I'm a bit on the fence about this.

      Fair enough, let me help you because there is quite an important game of "things we want but are careful to omit" in play here.

      Quite simply put, although the court order imposes restrictions on the specific request, the FBI (and supporters of this idea) are very careful to avoid mentioning that this order does NOT stand on its own and the apparently imposed limits disappear once accepted, because of the way the US legal system works.

      At one point, someone in the US legal profession came up with the idea that if a certain judgement is accepted, there would be no point in arguing about it again and again, so a decision establishes "precedent" - a kind of seal of approval that because it was OK at one point, it should be OK the next time around as well. This is, in my opinion, the real goal of this FBI request: setting precedent.

      You see, as soon as this precedent exists, there is nothing to stop the FBI and anyone else with even a vague connection to government of law enforcement to ask for this again, and again. In other words, that "one off" illusion they are trying to spin publicly is worth absolutely nothing, and rather reminiscent to the "give us lots of power, just to fight this crisis" scam after 9/11, powers that have largely remained intact since.

      The next thing you will get with such a precedent is scope creep. Now it would used to access data of evil people with suspected links to terror (note that that is very carefully already one step removed from "people suspected of being terrorists themselves"), but eventually it will be worn down, precedent after precedent to "anyone we feel like investigating because, well, hey, the sun is shining and we are bored".

      To accommodate for that inevitable avalanche of court demands, manufacturers would have no choice but to indeed install the backdoors that we have been fighting for what seems forever because Backdoors Are A Really Bad Idea.

      Just in case you think that I'm exaggerating when I claim scope creep will happen (which is fair enough, always ask questions), one of the first things that happened when powerful "we will never use if for anything else" anti-terror legislation was introduced in the UK was that a council famously used it almost immediately, but to investigate the seriously nefarious crime of allowing a dog to foul the pavement. QED.

      I am personally absolutely for law enforcement having the right tools, but what is being asked here is not right because there is no way to prevent the rather grave consequences, certainly now government transparency is but a vague memory, and I suspect that setting that precedent is the real game.

      This is not really about Apple, it's about governments that want our life to be transparent whereas their activities are increasingly not rather than the reverse it ought to be. I suspect that the FBI will now attempt to bulldozer weaker players, but they've woken up the whole of Silicon Vally to the threat now. Silicon Valley has a stake in stopping that from happening because it would be game over the day that happens, Privacy Shield agreement or not.

      Does that help a bit?

      1. AndyS

        Re: Let's help you out then :)

        >anti-terror legislation was introduced in the UK was that a council famously used it almost immediately, but to investigate the seriously nefarious crime of allowing a dog to foul the pavement. QED.

        You forgot the bit where they also used anti-terror legislation to investigate parents who were trying to get their children into the schools of neighbouring catchment areas. Because heaven forbid a parent should want the best education for their children! That's only one step from sending them to Syria to fight for ISIS!

        1. ukgnome

          Re: Let's help you out then :)

          If the government said it is now the law to keep a downstairs window open just in case they couldn't get into your house then I am sure you would jump down pretty quick off that fence.

          If all you stored on your phone was dick pics and mates numbers then fine, brute crack the life out of it, but it's probably harbouring more data than your laptop.

          Now as I understand things, this device was a work device, so maybe as a compromise all work phones should be crackable. What's that feds? you don't want anyone cracking your work phones? cake and eat it springs to mind, and no you can't have the cake.

          1. Anonymous Coward
            Anonymous Coward

            Re: Let's help you out then :) @ukgnome

            Sorry that is a daft comment, the police will knock and make entry through whatever space they can find, IF THEY HAVE A WARRANT. The desire for a silly analogy simply does not stack up. This is more like a landlord saying, sorry, the tenant used a combination lock and I cannot open the door. With a real door in a real building there is no problem but because the terrorist was ever so clever in using his EMPLOYER'S chosen device the 'enforcer' will not work. So scoff law outfits like apple can continue making a mint - but NOT from me. I would not touch them with a bargepole.

            1. Doctor Syntax Silver badge

              Re: Let's help you out then :) @ukgnome

              "scoff law"

              Until this goes to the highest possible court we don't know what the law is so it's impossible to know who is scoffing at it. "We" includes the FBI. "Who" could also turn out to be the FBI.

          2. CrazyOldCatMan Silver badge

            Re: Let's help you out then :)

            > Now as I understand things, this device was a work device

            And my first thought was "don't they have a MDM system"? Ours can unlock the phones registered to it.

            1. JetSetJim
              Paris Hilton

              Re: Let's help you out then :)

              According to a USAToday article, which does foam at the mouth a bit, I admit, the phone in question was owned by the county, and the county has given permission for the Fibbies to rummage in the digital innards of it. None of the other articles I've seen mention this, though (or I skimmed past them for TLDR reasons).

              So, unless there are flaws in the "reasonable use" clauses within the contract between the county and the deceased, doesn't this boil down to the county asking (via the Fibbies and a court order) Apple for access to their phone? This, Apple has done before, according to various sources that don't cite references.

      2. SW10
        Holmes

        Re: Let's help you out then :)

        Like your post - one quick comment:

        At one point, someone in the US legal profession came up with the idea that if a certain judgement is accepted, there would be no point in arguing about it again and again, so a decision establishes "precedent" - a kind of seal of approval that because it was OK at one point, it should be OK the next time around as well.

        It wasn't someone in the US legal profession.

        That's English Common Law, the roots of the US legal system. What it also means that English court cases prior to Independence are precedent in the US.

        (In very exceptional cases, it's even possible to argue judgments in other Common Law countries, so an English solicitor may point to a US or an Australian judgment.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Let's help you out then :)

          Like your post

          Thanks :).

          That's English Common Law, the roots of the US legal system. What it also means that English court cases prior to Independence are precedent in the US.

          Thanks for that. I deal with a lot of law and lawyers (but I'm not one) because I deal with the practical consequences of getting it wrong, but it does mean I sometimes don't have the history right - happy to learn something new :).

      3. Hargrove

        Re: Let's help you out then :)

        Modern information technology has inherently changed the nature of global society, including the diversity and capabilities of the diffuse threats to the members of that society. I've yammered on at some length in El Reg Fora about what I characterize as the breach of the social contract between those who govern and the governed. The essence of this contract is that the governed cede to those who govern certain rights and freedoms in return for a greater good.

        Now, I'll concede that given the radical technological and social changes of the past 50 years, changes to some of the terms and conditions of the social contract are doubtless in order. But it is critical that the result be a valid contract. That is, the parties must reach a meeting of the minds on the adequacy of the quid pro quo and there should be equity and balance regarding the consequences of violations of the terms and conditions. In the case of physical search and seizure those conducting the search had names and faces, and left physical evidence of their passing. There was, at least in theory, some possibility of holding them legal accountable for trampling a citizens rights.

        That is not the situation we face here. Over the last couple of decades, the federal government has systematically built a firewall around its activities. The terrorist threat has been used as an excuse to create a web of laws and draconian penalties pursuant to executive orders authorized by law. At the same time the government has drawn an impenetrable veil of classification around its information operations. Finally, in the US at least, the federal government, through the offices of the Justice Department have succeeded in marginalizing state and local law enforcement officers, constraining their actions, and making every act subject to intense monitoring and scrutiny.

        Before citizens cede any more authority to the federal government, the terms and conditions of the revised social contract must include some serious restraints and limits on the power of federal officials. Actions of federal officials must be closely monitored and those who overreach and abuse their authority must be held accountable and severely punished. The rights of a People are sacred. Abuses of authority should be criminal offenses, and the consequences should be dire. As an example, in addition to civil and criminal penalties, consequences should include a life-time ban on employment in any position funded in whole or in part, directly or indirectly by taxpayer money, and forfeiture of income exceeding some reasonable multiple of the established national minimum wage,

        It may be that the People will, at some point, decide to cede authority to those who govern. But first last and always that should be the People's call and not, as appear to be the current case, an extra-legal dictate of some unaccountable federal official.

        Never forget Miriam Carey. To the best of my knowledge her killers have never been identified by name. All we know is that they were federal officers and they were fully exonerated. This being an IT forum the following side note may be of interest. I just Googled Who shot Michael Brown. The query returned 259 million hits led by a photo of Officer Darren Wilson. The query Who shot Miriam Carey returned 401,000 hits, and no names. As the kiddies are wont to say: "Do the f---ing math!"

      4. partypop69

        Re: Let's help you out then :)

        Absolutely right.. 100%

    4. Mondo the Magnificent

      Collaboration?

      I worked extensively with the UK high tech crime and counter terrorism units when I was in the UK

      My position was nothing more than a consultant engineer who liaised in putting methodologies in place to speed up investigation time

      One thing I was aware of was the collaboration between the police, well know mail providers and Telcos All these companies were very cooperative when it came to the police needing info or access to a suspect's mail.

      I understand where Apple are coming from on this and reading Tim Cook's "Blog Entry" doesn't seem to match up with what the FBI are saying and visa versa..

      National security is what it is, it affects the nation, especially in relation to terrorism.

      Now this case seems to focus on a radical and his partner who are now both deceased, but playing the "BOFH's Advocate" here, I have ask what if the situation was more dire? Let's say a nuclear or chemical threat that jeopardised hundreds, thousands or even millions of lives and the Feds needed to access an encrypted iDevice, would Apple still hold the moral high ground?

      What if another event took place that could have been prevented through access to encrypted phone data, how would Tim Cook react to that? Would he wash his hands in apple juice and absolve himself and Apple from any responsibility through lack of co-operation?

      It's a nasty situation to be in, but then again, Apple don't want an "NSAKEY.DLL" situation within their OSes, they want and need to be impartial because it's good for consumers.

      Sadly this fracas which has now become a buzz of public debate doesn't resolve the issue of accessing the data of those who pose a threat to individuals or a nation. Sure the suspects may be deceased but phone records and mobile data are an absolute goldmine to investigators.

      Profits and product integrity are a goldmine to manufacturers who have shareholders and loyal customers to appease.

      To me this is a lose-lose situation irrespective of who wins the hearts and minds of the general public in this case.

      1. Stevie

        Re: Collaboration? (4 Mondo)

        Again, I cite the RICO statutes, possibly the most abused non-terrorism anti-crime measure on the books today.

        I used to have similar views to you, but over the last three decades I've seen just about every "one-off" legal tool become the go-to utility of least work for the forces of law and order. I'm with Apple when I wouldn't have been in 1985 because there's a predictable outcome far in excess of the innocent little request so carefully worded by the FBI's lawyers. You do know they have a fleet of them, right?

        Of course the FBI has a history of straight dealing and enforcement of the law ... Oh hang on. That's right. They have been a law unto themselves at whim for most of their existence, or so Leonardo de Caprio would have us believe.

        The fundamental question here is: should the law serve the intests of The People or should The People serve the interests of the law?

      2. John Sanders
        Holmes

        Re: Collaboration?

        "lawful intercept" That is why the telcos are so police friendly.

        "device lawful intercept" will happen to the Apples of the world sooner rather than later, it is inevitable, Apple and the likes will make a public disservice if they do not come up with a way to allow "lawful intercept" to happen on a device that can connect to a public network.

        Note that I'm not defending the FBI here, nor blaming Apple for anything, we live on an age where politicians poison everything we do.

        All I ask is that "device lawful intercept" when it happens has all the legal warranties expected, like a court order not made in secrecy.

      3. Anonymous Coward
        Anonymous Coward

        Re: Collaboration?

        I have ask what if the situation was more dire? Let's say a nuclear or chemical threat that jeopardised hundreds, thousands or even millions of lives and the Feds needed to access an encrypted iDevice, would Apple still hold the moral high ground?

        In that case there would have been more intelligent operatives in play who would (a) bloody well ensure the press didn't get wind of it because of the panic it would cause and who would (b) establish informal channels with Apple to get help instead of putting the only party on the planet who has the capability to assist in a position where this was no longer possible. Amazing as this may seem from what you see, there ARE actually intelligent people working in intelligence, but they usually only get to play when sh*t is about to hit the fan and the career bureaucrats become worried they may get the blame for it (in other words, when it's close to being too late to act).

        There are informal channels for this. Doing this via the court suggests that Apple has told them already to f*ck off which is not surprising because the FBI seems to hit the courts every. single. time. they come across an iPhone. They are now trying to bully Apple via the courts to get their way, but the feel I get from this is that this not even the FBI's play, it's a new play for hurting companies that don't want to bend over and present their backdoors, if you pardon the graphic image.

        Just say no.

      4. BitDr

        Re: Collaboration?

        There is a problem with this line of argument;

        "What if another event took place that could have been prevented through access to encrypted phone data, how would Tim Cook react to that?"

        The above makes the error of presuming that the encrypted data is helpful to the case. There is a thought experiment in physics that might help illustrate the dilemma, Shrodingers Cat.

        In our current situation what we "know" is that there is data in a phone (a cat in a box), but we don't know if the data is pertinent or not (cat alive or dead) and until we decrypt the phone (open the box) we have no way of knowing. The data is in two states at the same time, both helpful and non-helpful, and the box can not be opened. If someone does manage to open it , history shows that even worse acts than those carried out by the two (now dead) murderers are more likely to be perpetrated against the populace; all in the name of justice and public safety. The box , because once done it can not be undone (all that talk of precedent).

        Being able to open the box and look inside only introduces temptation into the equation, the temptation to falsify evidence, to "find the expected", to abuse the power and do wrong. Doing the wrong things for the right reasons is an all too frequent human failing and an easy path to follow. Doing the right things for the right reasons is a difficult path to follow, but it has the greater reward of citizens who will fight for those principals; so long as they are being upheld and respected. This kind of attitude can perhaps best be summed up in the following;

        "I disapprove of what you say, but I will defend to the death your right to say it" -- Evelyn Beatrice Hall

      5. Anonymous Coward
        Anonymous Coward

        Re: Collaboration?

        I worked extensively with the UK high tech crime and counter terrorism units when I was in the UK.

        My position was nothing more than a consultant engineer who liaised in putting methodologies in place to speed up investigation time

        Well, I actually built the infrastructure you must have been using, so I saw the play in the background.

        There are ways to play this without going public, yet remain firmly within ethic lines of action, but the FBI has been publicly whinging about iOS encryption for quite some time. I am not sure if the FBI is the main actor here or just a tool, but this could have been done differently that would have ensured a one-off with caveats applied as it concerns an older model iPhone.

        By going public, the FBI (or whoever is behind it) is seeking to set a precedent, which will then be used to harass Apple and others with so many orders (not requests, legally compelling orders) that the only economical choice for the victims of this attack will be to indeed establish those much wanted backdoors - that is in my opinion the real target.

    5. partypop69

      Companies that make stronger security being forced to dumb it down is counterintuitive. The public demands more privacy, tighter security and the Public outweights the Government.

      The solution for the Government to break into the iPhone is to go with a third party hacker, and they'll do some test runs on a test phone, and do the final job on the actual device.

      John Mcafee (owner of McAfee security) offered to hack it for free, with his team. FREE. No excuses now.

  2. Deltics

    "It also appears that people are taking the situation seriously enough to find out and understand the finer points of the situation: something that happens all too rarely."

    And then ignoring those finer points that don't re-inforce their own pre-formed opinion.

    If this were a case of documents in a filing cabinet, the court would have issued a warrant for the seizure of the cabinet and the FBI would have done whatever they needed to get into that cabinet including requiring the manufacturer of the cabinet to assist with opening it if the lock proved problematic or they risked destroying the contents in the process of opening it.

    In fact, although I don't have case references I would be surprised if this or an equivalent situation has NOT previously occurred already.

    But nobody would claim that this establishes a precedent for the FBI walking into everyone's home and opening their file cabinets willy nilly.

    A file cabinet is LESS unique than all other file cabinets of the same or even similar models than a phone is, with it's expressly unique identity. So why is everyone so convinced that a request to assist with accessing a specific device (faster than would otherwise be possible, NOT making the impossible possible) necessarily extends to ALL devices.

    If the FBI were to try to claim that this establishes a precedent, any court will immediately point out that the precedent is established for requiring assistance only with a specific device and that any assistance with accessing devices in general must be considered on it's own merit.

    There's a distinct lack of any application of intelligence on the part of otherwise intelligent people in this debate. To the extent that you have to question whether the most intelligent people involved are exploiting the lack of intelligence/awareness they assume in others for some proprietary gain.

    Actually, I don't think you need to question it at all.

    Either they aren't as intelligent as we thought or they are and they are deliberately misrepresenting things for their own ulterior reasons.

    1. Number6

      No, what we have here is a filing cabinet with a built-in self-destruct mechanism. The FBI know that trying to break in will burn the contents to a crisp so they're trying to find a way to disable the incendiary device.

      1. Kurt Meyer
        Thumb Down

        @Number6

        Deltics writes - "If this were a case of documents in a filing cabinet, the court would have issued a warrant for the seizure of the cabinet and the FBI would have done whatever they needed to get into that cabinet including requiring the manufacturer of the cabinet to assist with opening it if the lock proved problematic or they risked destroying the contents in the process of opening it."

        You write - "No, what we have here is a filing cabinet with a built-in self-destruct mechanism. The FBI know that trying to break in will burn the contents to a crisp so they're trying to find a way to disable the incendiary device.

        I write - You should learn how to read.

    2. Anonymous Coward
      Anonymous Coward

      Either they aren't as intelligent as we thought or they are and they are deliberately misrepresenting things for their own ulterior reasons.

      It's not very intelligent to try and declare people who disagree with you as less intelligent. That only works with, well, dumb people..

    3. Matthew 17

      Would amuse me that after all this fuss...

      There was an iCloud backup of the phone all along :)

      I think that even if Apple were given the phone, made a hack in secret to break into it, took a copy and handed the data over without the details of the hack, the software or whatever never leaves their lab then that might be a sufficient compromise. Assuming they can actually do that.

      But to hand over software to the Feds that would enable them to break into any iOS device without asking isn't really on.

      1. TRT Silver badge

        Re: Would amuse me that after all this fuss...

        This is a work phone, is it not? Owned by a government agency wasn't it? The county of wherever?

        So... it's technically not Farook's. Why wasn't it configured so that the county could access it? Is it more of a failure of their IT procurement and deployment policies? How can they tell that the setting was set to self-destruct from looking at the last backup if they can't read that backup and get most of what they want?

      2. John H Woods Silver badge

        Re: Would amuse me that after all this fuss...

        "never leaves the lab" is not possible. Even the NSA couldn't stop Snowden, the OPM couldn't stop the Chinese and remind me how long "how to build a nuke" stayed secret from the Soviets.

        The Chinese would have a copy of this tool within seconds of it compiling.

        1. Harry the Bastard

          Re: Would amuse me that after all this fuss...

          "The Chinese would have a copy of this tool within seconds of it compiling."

          the chinese do make the iphone, they probably have it already

        2. John Sanders
          Coat

          Re: Would amuse me that after all this fuss...

          """"how to build a nuke" stayed secret from the Soviets."""

          The Soviets had America infiltrated up to the arse, if you scratched your ear in these years one or two things happened, either you found several "useful idiots" (Marxists) or one or two Russian spies.

          As it was, the Manhattan project had several of both.

          Of course the left loves to distort these facts, http://www.wnd.com/2000/02/4020/ they will never let reality ruin a good narrative.

          It is the same with most serious issues to date.

          1. John H Woods Silver badge

            Re: Would amuse me that after all this fuss...

            You appear to be arguing that I'm wrong but: (1) your statement that nuke secrets leaked because of Soviet infiltration does not prove the Chinese or other non friendly states can (or have) not infiltrated Apple -- indeed it rather suggests the reverse; (2) an ad hominem about "the Left" doesn't advance your argument very much. Tell me again why you think the exploit kit won't leak.

      3. Anonymous Coward
        Anonymous Coward

        Re: Would amuse me that after all this fuss...

        Do you really believe that if Apple did as asked in their own labs that the information to do so would stay there.

        Basic spy-craft would get the information out of apple within hours.

        The act of creating the 'special' version would spell the end of any security for apple.

        The new version would be used to reverse engineer the methods and the changes made, even if the information could not be obtained from apple via spy-craft means.

        I am sure that the FBI could ask for some assistance from the NSA if the problem proved to be too difficult as the NSA would also find the security breaking methods of some use. :)

        I am not an Apple fan by any means (not owning any i-things or wanting to) but must support them in this case.

    4. Doctor Syntax Silver badge

      "But nobody would claim that this establishes a precedent for the FBI walking into everyone's home and opening their file cabinets willy nilly."

      "Would" is a big word. Can you really guarantee that neither the FBI nor some other agency of any state where Apple does business wouldn't claim a precedent? Really?

  3. Anonymous Coward
    Anonymous Coward

    "they are deliberately misrepresenting things for their own ulterior reasons."

    Bang on Sir, bang on.

    Both sides will be doing this, will have done before and will do again.

    Your comment is probably the only thing we will ever be sure of in this sorry saga.

    Have an upvote.

  4. wx666z

    FBI

    Having dealt with the FBI, decades ago, They are not particularly bright. They have history of persecuting some of our (US) best. I would not piss on an FBI agent if they were on fire.

    1. Anonymous Coward
      Joke

      Re: FBI

      Dear wx666z,

      Why not piss on one first *THEN* set him/her on fire.

      Maybe a bit harsh, but it's the only way they'll learn.

      1. Mark 85
        Devil

        @Keef -- Re: FBI

        But only if you piss petrol....

        1. jake Silver badge

          Re: @Keef -- FBI

          I kinda suspect that if you can piss petrol, and do so on a guy, and then try to set him on fire, you will have the same problem that the guy has. (Ever heard of back-splash"?)

          Logic. We've heard of it ...

        2. kmac499

          Re: @Keef -- FBI

          Pissing Petro l:- Gabriel Byrne as Satan in "End Of Days"

  5. CheesyTheClown

    FBI mishandled evidence again

    Here's the deal,

    1) Confiscate the telephone while it's still powered on and the pin code has been used at least once. When this happens, all data is able to be decrypted through the normal operating system read and write commands. Also, simply dropping or tossing the phone should leave the phone in a still stable state for reading this data.

    2) Attach an external charger to the phone immediately and leave it powered up the entire time until it has reached the forensics lab for data extraction.

    3) Open the phone carefully avoiding removing the power cable and battery cables at the same time.

    4) Ensure the power cord is securely inserted

    5) Remove the iPhone battery and the main screws supporting the system board. It is ok to remove the screen as well. This won't impact the phone operating.

    6) Reattach the battery (better yet, attach a battery that you're 100000% sure is charged). Hot glue the battery connector in place to make sure it doesn't come lose.

    7) Disconnect the power cord from the base of the phone

    8) Life the system board from the phone (gently of course)

    9) Depending on the model, there are a minimum of 5 individual exposed vias or test points for each of the 4 relevant JTAG pins on the Apple CPUs.

    10) Using the ARM ICE debuggers, connect to the CPU and switch to single step mode.

    11) Door is open... from here you can

    a) Extract the hash for the pin code to unlock the device properly. Run the has through John the Ripper to identify a 4 digit collision.

    b) Extract the finger print points used for user verification so they can be fed into the device electronically to unlock sensitive data including bank accounts.

    c) Image the flash after it's been decrypted by calling block access functions on the flash through the OS and therefore decoding the data in the process to get an unencrypted copy (will take as much as 3-4 days due to JTAG performance limitations)

    d) Upload a new program to perform the same copy but bypassing app restrictions and perform it over wireless... takes about an hour.

    e) Call system file i/o functions to read individual files... surprisingly difficult given the object oriented nature of the IOS file store.

    There are endless methods for extracting data from an iPhone.

    Alternative for powered off devices :

    1) Image the flash via flash JTAG pins (unfortunately slow but effective).

    2) Remove and copy all nvram (haven't done this yet... so would test on disposable test devices first)

    3) Solder an FPGA in place of the NVRAM devices and use Altera/Xilinx logic probe functions to capture and decode write operations to the NVRAM

    4) Follow similar steps to hijacking the kernel via ARM debugger, call the phone PIN code unlock functions and brute force, reset the phone after 3 tries.

    5) Recopy the flash and compare the input (original and changed) as well as the NVRAM changes. Change the modified blocks back to the original values.

    6) Repeat step 4 and reset only changed blocks after 3 tries. Brute force the 4 digit PIN.

    I can probably come up with 20 other ways if I needed to. The first crack on iPhone 6S Plus I did took 23 hours and 5 Red Bulls. I wasn't really even trying very hard... probably spent 2/3 of the time reading and watching TV shows.

    I really just can't see why this is such a big deal. If the phone can decrypt the data to begin with, it's going to be relatively simple to get it back. It doesn't even require someone particularly educated, I'm pretty sure more than half the guys I went to electronics class in high school with back in 1989 could do this.

    Maybe the FBI (and others) should spend less time screwing around with court orders, quit listening to idiots in suits and instead, swing by a local maker space and look for a guy with Aspergers who really likes puzzles.

    1. LaeMing

      Re: FBI mishandled evidence again

      I was wondering much the same - use memory-map comparisons to work out where the byte storing the number of password attempts is stored, then keep resetting it while walking the 10,000 possible PINs.

    2. JeffyPoooh
      Pint

      Re: FBI mishandled evidence again

      @CheesyTheClown

      Agree (at least in principle).

      Too many fall for the trivial red herring about how many billion years it would take to brute force the key. They've somehow avoided learning anything of the history of encryption, hacking and cracking. Even the clear cut lesson from WWII Enigma. It's extremely unlikely that we've *just* stepped over some magical historical boundary, and encryption implementations have just now become perfect.

      Having the device in your possession is equivalent to having a prisoner in a secret 'black ops' dungeon. He will eventually talk.

      Cheers.

    3. aaaa

      Re: FBI mishandled evidence again

      I asked this myself yesterday. And I see the same point raised on almost all articles about this. But not many responses (same here). Clearly those of us that know this, also know therefore the legal case is about the law, not about obtaining the data. i.e.: as written in the article, the FBI are trying to use the courts to bypass the legislature.

    4. Anonymous Coward
      Anonymous Coward

      That will only access certain data

      Read Apple's iOS security document. It is 60 pages long and goes into extraordinary detail about how everything related to iOS security is handled. There are different types of file protection classes. Only files protected with the "no protection" class could be read in this manner. The keys to read files in other protection classes are dropped when the phone is locked, and such files would be inaccessible using the above method.

      Text messages could be read with this method as they are in the 'no protection' class. They have to be since your phone receives them when locked, I guess to add them to whatever database format they're stored in. I would think they could add a bit more protection here by encrypting the text message store in a higher protection class and keeping newly received messages in a separate 'no protection' area - later adding them to the encrypted store when you unlock your phone. Then the above method could only access text messages received since the phone was locked but none of the older ones.

      Given that the FBI has openly requested Apple hack iOS I wouldn't be surprised if there isn't a team at Apple now looking for things like my above suggestion to further lock it down (well they probably were already doing that...but looking a lot harder now) I wouldn't be surprised if iOS 11 really tightened the screws to close up even really complex hacks like the above. I also wouldn't be surprised if iOS 11 isn't supported on phones earlier than the 5S - it may well rely on the secure element so extensively that it can't run on older phones.

      1. CheesyTheClown

        Re: That will only access certain data

        You're right, but that depends on using apps that properly implement security. Very few people read that document and as a result, most data they are looking for is in the wide open. The same code which allows e-mail messages to be received while the phone is locked is exploitable for mails store database access.

        What is possible and what generally actually happens are two different things. Unless the criminals really went all out to make sure they only used apps for storing this information that were super-secure and they also paid particularly close attention to following all security recommendations, most of the data is easily accessible.

        Also, as mentioned earlier, recovering enough information to obtain enough information to generate hash collisions should solve the rest of the problems. Fingerprint and pin codes are not a huge challenge.

      2. CheesyTheClown

        Re: That will only access certain data

        hmm... interesting. I went through the Apple security document as you mentioned. In addition, I read the system programmer's manual for the ARM TrustZone/SecureCore.

        First, as always, from my experience hacking on the platform, as always, including the core doesn't mean effectively using it. There's a huge amount that's out in the open since it was probably too difficult to have security and usability in the same device. It would kinda suck if every time you received a push message or e-mail, you'd have to type a password to let the software act on it. So to speak, while the lock is itself quite secure, they leave the keys in the door most of the time.

        I of course depended a great deal on unlocking a phone where the keypad was locked but the keys were already provided. Dealing with a phone that has been power cycled, I speculated a great deal on. I don't have any more spare phones right now, but I'm pretty sure I have some good plans for getting the phone open anyway.

        The keys used for encryption are too long to type and are fixed length so they have to be stored in a locker somewhere. The locker may be the secure core but that would suggest additional non-volatile memory for key storage as part of the secure core. I don't see this being part of the securecore. This means that the keys themselves have to be stored somewhere out in the open where anyone can play with them. I'm quite sure those keys are also encrypted, but using a 4 digit pin or 6 digit pin to release them shouldn't be overly challenging as the algorithm must be present in the OS code... single stepping that to identify the cipher generally isn't too bad. IDA pro would do most of the work for you anyway.

        If the phone is off and that doesn't work, there are more than a few other goodies in there.

        To begin with, it looks like the system is designed to use relatively run of the mill symmetric block ciphers. There should be a few hundred thousand blocks with known signatures a the block headings that can be used to identify the counters. If you're lucky enough to have a bunch of files with highly predictable and relatively long headers like JPEGs or PNGs, then factoring the encryption key should be pretty easy. AES for example can usually factor key length to 40 or 50 bits when using a large number of known headers from files. This is why things like PGP exist. Using key exchange asymmetric ciphers is always better, but even they get really weak when you have enough known/predictable data to decode on. This is why most secure protocols don't encrypt headers or if they do, they use something special for the headers.

        I've fallen asleep three times while writing this, so I'm hardly at the top of my game. But honestly, I'm tempted to go buy a bunch of iPhone 5s's today and see how many I'd have to fry before I could reliably recover the data. Too bad I have a business trip this week and can't spend evenings at the local maker space.

    5. Anonymous Coward
      Anonymous Coward

      Re: FBI mishandled evidence again

      This is a dead man's iPhone.

      The irony is, if it was using a fingerprint unlock then they could easily have applied the dead finger. Sometimes the older and simpler technology really is more secure.

      1. Dan 55 Silver badge

        Re: FBI mishandled evidence again

        If the phone has just been turned on then you have to use the PIN/password.

      2. Anonymous Coward
        Anonymous Coward

        Re: FBI mishandled evidence again

        They'd have to be quick about applying the dead finger (assuming that post mortem the finger doesn't change enough that it won't work anymore) because there's a timeout as well. If the phone hasn't been unlocked for 48 hours, it will require using the password/PIN instead of Touch ID.

        That 48 hour period is not configurable - personally I'd like to see an option to reduce that time. But you can always enforce the need for the password if you want by powering off the phone (and optionally powering it back on again)

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like