DOJ To Court: We Got Into The iPhone, So Please Drop Our Demand To Force Apple To Help Us… This Time

from the moving-on dept

So it appears that the mainstage event over the DOJ’s ability to force Apple to help it get around the security features of an iPhone is ending with a whimper, rather than a bang. The DOJ has just filed an early status report saying basically that it got into Syed Farook’s work iPhone and it no longer needs the court to order Apple to help it comply by writing a modified version of iOS that disables security features.

The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016.

There’s also an associated one line proposed order that magistrate Judge Sheri Pym will almost certainly sign off on shortly.

And thus… the big showdown between the tech industry and the Justice Department goes nowhere. Just a little over a month after the DOJ swore to a court that it had exhausted all possibilities that didn’t involve co-opting Apple to hack its own phones, the DOJ is admitting that the FBI has found a way in. Still, this was just one fight in a war that is still ongoing. It seems fairly clear that the DOJ and FBI expected their side of things to get a lot more support, which is why they chose the Syed Farook case to make a big public stand, rather than one of the many other cases where similar issues are at stake.

However, the overall issue is not over. There are still plenty of questions: What method did the DOJ use to get into Farook’s iPhone? And what will happen in the other cases involving iPhones or involving other companies such as Whatsapp? And what will happen as Apple and other companies increasingly strengthen their encryption and security, making it more and more difficult for the FBI to get in?

In short, this is far from over. However, in the short term, the DOJ has learned that it isn’t easy to win over public opinion on this issue, which suggests that future battles may play out under the cover of a bit more darkness, as the DOJ seeks to seal various filings and orders off from the public. My guess is that perhaps the next big fight will be in revealing what kinds of orders come through under the cover of darkness.



Filed Under: , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ To Court: We Got Into The iPhone, So Please Drop Our Demand To Force Apple To Help Us… This Time”

Subscribe: RSS Leave a comment
78 Comments
David (profile) says:

Re: Nice security

Security is not a CS101 class. It takes a lot of work by a lot of people to get right. Now add to that there is an OS, applications, remote ownership (the county) and an unknown host of possible bugs where all these interconnect.
Note that the twits at the FBI have yet to reveal how it was done, if it was the suggested NAND copy that is a hardware attack. So even if the software was perfect, taking the hardware partially apart while not ruining it provides yet another attack vector.
So, yes their security is such the FBI went to court to try to get a free get out of doing their job card.

tp says:

Re: Re: Nice security

Security is not a CS101 class.

I thought the whole paperwork was based on premise that apple themselves can’t even open the phone since their nice security features prevent it. People were horrified that phones would have backdoors which allowed access to the punter’s email messages. Now someone broke their security in 2 weeks using whatever trick necessary. If it was hardware attack, it just means that the data in the storage space wasnt encrypted and you cannot talk about any security whatsoever. If it was software attack, it means they have necessary backdoors or even pin codes that always open the device. But either way, the security just sucks like hell. Maybe it wasn’t designed to protect people’s email messages?

Anonymous Coward says:

Re: Re: Re: Nice security

“If it was hardware attack, it just means that the data in the storage space wasnt encrypted and you cannot talk about any security whatsoever.”

Wrong. If I understand the attack correctly then they copied the encrypted data, brute-forced it on a 2nd chip/box and repeated once they got locked out. And you cant do much about that. You can’t disable the read function because the user kind of wants to read the messages too.

“If it was software attack, it means they have necessary backdoors or even pin codes that always open the device. But either way, the security just sucks like hell.”

Wrong again. Software attacks don’t need a backdoor or universal pin to succeed. There’s always a way to get into a system via software. Not because the security is bad but because those things are too complex to find all bugs or exploits. Why do you think there is a 0day market?

tp says:

Re: Re: Re:4 Nice security

Not sure where you get the 2-week number from?

The two weeks is coming from submission of first paperwork to the court forcing apple to open the phone. At that point, the phone was not yet opened. Then they managed to open it before submitting the current paperwork. We heard about this story about 2 weeks ago, and now it’s already resolved. Assumption is that internet is real-time.

JBDragon says:

Re: Re: Nice security

They haven’t even said they broke into the phone. Just that they supposedly found a way. They of course would need to test it to see if it really works on the iPhone they have and won’t wipe the Data in the process.

This is also a older iPhone 5C. There’s no TouchID. There’s no Secure Enclave. This is a older iPhone with iOS9 on it. The security is weaker on this phone then newer iPhones. Every generation Apple is improving the Security of their products. I’m sure after all this, Apple will lock down the phone even more so. Things like no Auto Update a OS without a passcode, even if it’s a valid signed OS update. Having Encryption keys still for things on iCloud I see going away also at some point. Keys for the OS went away with iOS8 and newer. Which is how Apple helped in the past but can’t now. I’m sure they were tired of breaking into all these phones for the Government and said screw it. We can’t do that any more.

DannyB (profile) says:

Re: Re: Nice security

Yes. That.

This is one of the outcomes I suggested would happen in an earlier post. The FBI wants this case to go away before it sets a precedent they don’t like. Nevermind them losing the public relations battle.

I suggested that the FBI would find another way to break into the phone. That it may or may not work. I also suggested that the phone would be destroyed in the process, maybe by ‘accident’. That didn’t seem to happen.

Next I would suggest that if the lying FBI really was just wanting to get into this one phone, they would then disclose this vulnerability to Apple. As per president Obama’s policy that they should help make the nation’s cyber security safer. I won’t hold my breath.

As an example of how secret technology gets abused, look no further than a tool like Stingray once it gets into the wrong hands like the FBI. Useful for catching bad guys, yes. But easily and widely abused, also yes. Lying to courts about what it is, how it is used, the scope of what it does, yes.

Anonymous Coward says:

Re: Re:

Odds are very good that, if Apple wanted a declaratory judgement, it would have to file a new action.

… and that said action would be dismissed for lack of “ripeness“.

Having said that, there’s a lot of lawyering on Apple’s side, and a lot of amicus briefs, that will get pulled into the next case. Will this get ignored? Not on your life.

Will Apple be able to get from the government a thin red cent of what they paid in court costs (let alone lawyer time)? Not on your life.

That One Guy (profile) says:

Re: Re: Re: Re:

Yeah, that was one of the FBI’s bigger blunders here, they tried to use public pressure to get Apple to fold only to have the plan backfire on them such that the longer the case went on the worse the FBI looked.

They tried to use a pile of bodies for their own ends and miscalculated the reaction to their doing so. You can be sure that they’ve learned their lesson from this and will make future attempt under cover of gag orders and sealed legal filings(with the justification being ‘National Security’ of course) so it doesn’t happen again.

Anonymous Anonymous Coward (profile) says:

It's evidence you know...

After so much effort, so much anxiety expressed about not being able to get into the phone and how terribly important that they get in expeditiously, I cannot wait to see them use the evidence gained in their pending court case…oh…wait!

I bet they even have a hard time convincing anyone that the information they ‘gather from the phone’ actually came from the phone.

They will claim this fishing expedition has saved how many lives and how soon will that claim be made?

JBDragon says:

Re: Open source, reproducible builds are the only antidote

If the U.S. Government forces U.S. Company’s to create back Doors into their devices, you can bet Apple would look into doing something like this. Get your own Security Software for your iPhone from out of the Country where the U.S. Government can’t make a company create a BackDoor. Apple is a Global Company. The U.S. Government having backdoor access would be bad for sales in other countries. China for example demanded access to look at the source code to make sure there was no U.S. Government Backdoors where they could spy on Chinese Citizens. Apple was there watching them look at the code in a locked room.

2/3’s of the encryption software made is out of the U.S. and U.S. control. It’s really pretty dumb and short sited to screw U.S. Citizens of their Security and privacy for a very tiny fraction of people!!! Especially when the end result would be weak security for most, expect any Criminal or Terrorist with half a brain to buy any old Android phone and install any number of 3rd party encryption software with no back doors. Talking about some dumb people in Government

We already had this battle with the FBI 20 years ago. Them using the same exact excuses. Wanting to install the Clipper Chip into all hardware to gain backdoor access. What country would want to buy that U.S. hardware???? In the end it was hacked anyway. Congress already passed a law and Apple is protected by that law. How the FBI tried to get around it and this court going along with it?!?!

Anonymous Anonymous Coward (profile) says:

Re: Speaking in secret of secret

You made me think about things secret. Since the government is so caught up with secret courts, and secret laws, and secret interpretations of laws, and secret surveillance, and secret prisons, and secret handling (torture) of persons who might become secret prisoners if not secretly killed, and secret secrets; they won’t mind if the revolution to replace them starts in secret…will they?

Anonymous Coward says:

Next Time, Insist on Affidavits

Perhaps I missed them, but I do not recall the FBI’s filings providing any evidence that they had tried to access the content on the device… other than statements from FBI employees. One would think that a higher standard of proof would be required, such as affidavits/sworn testimony from independent security experts as to whether or not the FBI has truly exhausted all possibilities.

Sharatan says:

Re: Next Time, Insist on Affidavits

I do not recall the FBI’s filings providing any evidence that they had tried to access the content on the device… other than statements from FBI employees.

Courts take statements from law enforcement as sacrosanct. The highest form of evidence. There are numerous cases of videos showing things different from what a cop testified to, and the court concluding that the video must be lying, not the cop.

Anonymous Coward says:

I see four possibilities
1. The FBI does not have a method to break the iPhone, and this is just a way to get out of an unpopular lawsuit
2. The FBI always had a way to break in, but lied so that they can set a precedent
3. The FBI didn’t care what was on the phone, and thus did not try to break in until now
4. The FBI has been completely honest and they really tried everything, not finding a method to break in until they discovered a brand new method just now
I do not know which one is true, but I believe that it is not number 4

Uriel-238 (profile) says:

Re: Re: Not number 4

I think that if the FBI wasn’t able to break into the Farook phone, it’s because they didn’t try very hard.

We had bunches of white-hats saying how they’d break into the phone, and the NSA offered. Even if they didn’t the whole point of the DHS is to create bridges by which the FBI could use NSA resources for just this sort of thing.

Now since none of the FBI’s efforts have been revealed we don’t know what they tried or didn’t try (and what they ruled out since it would risk blanking the trusted platform).

But it’s hard to believe that they tried or ruled out everything that was put on the table and still couldn’t get into the phone. That would be a technical miracle of probability.

Anonymous Coward says:

>If apple wasn’t the most popular company on the planet, we would call them incompetent with their security…

I’m not sure I could name any other hardware that would take that long to break, given that kind of access. Last time I tried to break a password on a MS-Windows box, it didn’t take all of fifteen seconds, or a soldering iron: just a 10-second reboot.

Granted, the FBI comes off as thicker than two bricks, technically speaking–but they’ve got a lot of money to hire independent contractors.

tp says:

Re: Re:

I’m not sure I could name any other hardware that would take that long to break, given that kind of access.

Yeah, but this company is adverticing their amazing security features. If they actually spent any time securing the system, the barrier to entry would be much higher to breaking the security. Would pretty much require brute-forcing the pin code, and simple exponential delay in the user interface would make that impossible.

Mark Wing (user link) says:

The problem with using FUD as a tool of statecraft is that it’s been overused, and people are desensitized to it. Just like a drug tolerance, the only way to make people afraid and uncertain is to keep ratcheting up the hyperbole. But at some point even FUD gives them diminishing returns.

Thankfully the government has played that “but, terrorism” hand to the point that the average person now sees right through it. The DOJ made a huge miscalculation in its public war against Apple. They didn’t account for the average person being FUD’d out.

Maybe now we can finally have a coherent discussion about encryption that’s based on truth and facts instead of “OMG TERRORIST PEDOPHILES SELLING YOUR CHILDREN CRACK BECAUSE OF ENCRYPTION.”

Encryption has been around since the dawn of man and it can’t be wished or legislated away. All fighting a technology does is drive innovation, so maybe history will show that this was the time we finally started taking our privacy seriously, and bringing the 4th amendment into the information age where it belongs.

aldestrawk (profile) says:

Apple security

If we take the FBI’s report as true and they were able to access the data on this iPhone, then the most likely method would have been finding the passcode through brute force.

“iOS supports four-digit and arbitrary-length alphanumeric passcode”.
from Apple’s iOS security white paper:
https://www.apple.com/la/iphone/business/docs/iOS_Security_May12.pdf

The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone. Each attempt requires 80 milliseconds to execute on the iPhone. Yes, it is intentionally slow. If he used just a six digit passcode there are 1 million possibilities which would take (1,000,000 x .08s) or 22 hours to crunch through all possibilities without taking into account extra time needed if the method wasn’t just a program supplying attempts directly to the iPhone without interruption. The average time to crack the passcode, given this scenario, is 11 hours. However, if a six character alphanumeric passcode was used, it would take more than two years on average to crack the passcode. So, the level of security seems to now lie with the user’s choice of passcode.

JMT says:

Re: Apple security

The whole driver of this issue is that Apple prevents brute-forcing by limiting the amount of attempts that can be made to ten before deleting the encryption key. That’s what the FBI was trying to force Apple to bypass. It’s almost like you haven’t read a single thing about this story until today…

tp says:

Re: Apple security

Someone might want to try what happens if apple owner happens to forget his pin code. I would expect apple vendor have some nice trick to open the device and change the passcode. But with proper security practises in place, you might need to buy completely new phone, which might be unacceptable answer for many apple users.

Anonymous Coward says:

Re: Apple security

The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone.

New Documents Solve a Few Mysteries in the Apple-FBI Saga”, by Kim Zetter, Wired, Mar 11, 2016

The iPhone’s Password Was Just Four Digits

Although iOS 9, the version of the Apple operating system installed on Farook’s phone, asks users by default to create a six-digit password, authorities say the phone’s password they are trying to crack is just four digits long.

Pluhar notes that when authorities powered on the phone, “it presented a numerical keypad with a prompt for four digits.” . . .

Zetter’s Wired article links to Supplemental Declaration of Christopher Pluhar (Mar 9, 2016). From p.2 of that declaration:

2. In paragraph 8 of my declaration dated February 16, 2016 (the “Initial Declaration”), I explained that the Subject Device was “locked” because it presented a numerical keypad with a prompt for four digits.

aldestrawk (profile) says:

Re: Re: Apple security

Thanks for pointing that out I hadn’t read that. However, is that really how the display works? It shows you how many digits, or characters, the password is before you enter it? If so, that is a security weakness in itself. At any rate, once the 10 guess limit is bypassed, it doesn’t really matter whether the passcode was four digits or six. Both are doable in a reasonable amount of time. If Farook’s passcode was four alphanumeric characters, then let’s calculate how long that would take to crack. ((36 ^ 4) * .08s) / 3600) = 37 hours max or 18.5 hours on average. Just one more character, 5 total, would take a month to crack on average. Still doable, but a pain.

Anonymous Coward says:

The FBI is also trying to claim that the way they got in only works on that one phone. LOL what utter bullshit!

After all the BS they’ve been shoveling it’s a shame they can just get away with dropping the case instead of Apple getting a ruling that the government can’t force a company to compromise their own security.

Uriel-238 (profile) says:

Re: The exploit works on one phone.

The way they got in only works for phones of that model and configuration (with some variance). I’m sure other phones in other cases will qualify.

But it probably doesn’t work for all iPhones.

It was pointed out during this debacle that a 2010 whitepaper demonstrated the hacking of a TPM chip, which is, I think, the sort that is used to protect even latest models.

So the FBI in 2016 should probably be able to crack even new models with long passwords. Though it’s expensive (takes a lot of time and resources).

Which is preferable to it being cheap: expensive cracks usually get warrants first. Cheap ones don’t.

Anonymous Coward says:

Re: Re: The exploit works on one phone.

No, what they are trying to claim is that it only works on that one phone, not one model or one OS, just that particular phone. Just like they were trying to claim that the backdoor they wanted Apple to make could only be for that one specific phone they wanted unlocked.

It’s BS and everyone knows it’s BS because it just doesn’t work that way. Like the magic golden keys to the front door they want lol.

That One Guy (profile) says:

Re: Re: Re:3 The exploit works on one phone.

Agent A: Oh dead guy, tell us the passcode to the phone.

Agent B: Look, it’s moving! C, write this down!

B: One.

C(writing): One.

A: Two.

C: Two.

A: Three.

C: Three.

B: I think he’s fighting it, doesn’t want to tell us the last digit. Give up dead guy, we’ll get it eventually, we splurged and got the Special Edition oija board, with extra ghost compelling power!

A: There, that did it, the last digit is coming clear now. And it looks like it’s… four.

C: Four.

B: So then, the passcode to the phone is… one, two, three four? What the- that’s the kind of password an idiot uses!

(Comey, walking past pokes his head into the room)

Comey: Any luck on the oiji boa- I mean the super classified technique?

A: …

B: …

C: … sorta?

Comey: Well, what is it?

B: One, two, three, four.

Comey: That’s amazing, that’s the same password I use for my phone! Quick, tell the boys down at the lab, I’ve got to tell the boys in legal to drop the case. Also should probably change my password just in case too while I’m at it.

That One Guy (profile) says:

Re: Re: Re: The exploit works on one phone.

Yeah, pretty sure the only device specific trick to get into a device, something that works on one device and one device only is the password, given those are device specific. Anything else can absolutely be used on similar devices, and you’d think by now they’d know better than to make such obvious lies; even if the larger news agencies have shown themselves to be too spineless to call them out on their lies there are still plenty of others that have no problem doing so.

nasch (profile) says:

Re: Re: Re:2 The exploit works on one phone.

Yeah, pretty sure the only device specific trick to get into a device, something that works on one device and one device only is the password, given those are device specific. Anything else can absolutely be used on similar devices, and you’d think by now they’d know better than to make such obvious lies;

It means they found a post-it note with the passcode.

Anonymous Coward says:

Security is always an economic trade-off. Anyone who wants to get data off your computer (Multex mainframe, Sun workstation, PC, Android, whatever) can get it.

But how much does it cost, and how much is it worth to them?

For an “average citizen”, private data is likely worth under $1000 to an identity thief, and under $50 to a totalitarian government secret-police organization. And a computer such as the iPad which costs over $1000 to break is probably safe, because nobody will pay the fee.

For a small-time pimp or drug pusher, the government would love to have a $100 key–much more, and they’d pass.

For a high-profile criminal case, the government will pay the $10,000 with glee.

Government officials are especially valuable, for either espionage or blackmail. (Hillary Clinton’s emails are probably being privately chortled over in half-a-dozen chancellories around the world. I’m sure they’ll start leaking if she’s elected.)

For a celebrity, paparazzi might pay $10,000.

For a robber-baron class MBA, competition might pay the money.

But phone theft and identity theft are what matter most to ordinary folk. Apple is plenty good enough today.

And could get better. (They design their own chips: what’s to prevent including that vulnerable ROM on the chip with the iPhone CPU, without any kind of external lead, so that you’d HAVE to go through the OS to access it?

Which is a good thing, because jailbreaking technologies, like all electronics except internet service, keep getting cheaper.

I don’t have an Apple phone, and can’t imagine ever buying one (I don’t like the lack of a visible file system). But the presence of strong security on iPhones makes security better for everyone else. Because it moves the cost/benefit ratio: thieves have to assume the more valuable computers have better security, so that the average Android phone is worth less to break.

JBDragon says:

Re: Re:

I think maybe you’re just to far stuck in the past with a Visible File system. Hell even Microsoft would hide files in Windows.

If you think outside the Box, use iCloud drive or Dropbox for example and think of them as a file system in a way. You can access those files from one program to another and even from your PC or Mac, or iPad, etc.

You know what you have with file systems you can see. People screwing software up. It can also be a big security issue.

Playing aorund with my cheap WinBook Windows 8.1, now Windows 10 7″ Tablet. Dealing with the file system really SUCKS!!! Windows 10 was a improvement over Windows 8.1 on the tablet, but I still like my iPad 3 much better for a number of reasons. I deal with the file system enough on my Custom Desktop and Laptop at work.

I haven’t used CD’s in a while on the PC other then to RIP Movies. SD cards or USB Memory sticks. Can’t remember the last time I used one. There new ways of doing things. I started out on a Commodore Vic-20 with a tape drive.

You like file systems, why not toss the GUI also. Hey, go back in time to just MS-DOS. You can get down to the nitty gritty.

I was ease of use these days. I want it to just work. I just spent about 3 days trying to get windows 7 working correctly on a Netbook for the Boss he wanted to take with him to Japan to use. Why?!?! It had a number of Windows issues. Same old crap with Windows and it’s issues over the years. Trying to figure out what the hell went wrong and how to fix it without having to re-Install Windows. Something I’m sure many would just end up doing.

If I didn’t need my PC for some things, I’d go Mac. Something my brother has tried to get me do for the last 20+ years.

Christenson says:

Perjury...undermines trust in *ENTIRE* FBI

What about the perjury??? Falsus in unum, falsus in omnes.

As a member of the public, I think this should carry serious LEGAL repercussions for the FBI. Defense lawyers, if they demonstrably perjured themselves here, what else did they fabricate from whole cloth????

FBI attorneys should be disbarred and sent to jail for this!

Not an Electronic Rodent (profile) says:

Re: Perjury...undermines trust in *ENTIRE* FBI

What about the perjury???

This was my question too… talk about double standards. IANAL, but surely you’ve got perjury, perhaps a contempt of court and would Apple not also have a cause of action to sue for having been dragged into court with all the associated costs under false pretences?

…or is breaking the law something that only happens to people who are not agents of the state?

That One Guy (profile) says:

Re: The next step

Well clearly the data was so insanely valuable that it will allow them to save billions of lives in the coming weeks/months/years, but releasing it to the public would allow the terrorists/criminals/communists to change their plans, nullifying the advantage, so they need to keep it all completely secret.

But trust them, it’s totally valuable, and totally worth it, honest. /s

Bamboo Harvester (profile) says:

Seriously?

C’mon, people. Only a couple of possibilities here.

1) Apple broke it for the FBI on the condition that the FBI swears Apple didn’t.

2) FBI did NOT get in, Apple didn’t help them, and they “announced” they broke the security to screw over Apple for not helping them.

What third party would take a 0Day exploit that cracks Apple security at this level and GIVE it to the FBI rather than soak the NSA for a couple of hundred grand instead?

jimc says:

he, he!

All you American government haters.
All they asked for was access to one phone. Apple said, even in their filling, they had done the same prior, so why stop now?
You Microsoft haters, win 10 given to the Chinese, is also called the Chinese version of win 10, it’s pictografic, remember Apple has a Chinese version also. But the Apple version is source code of their latest version. China is also friends with one of the biggest spying countries, in the middle East, and another in Europe. Not saying, look it up. Hand in hand.
So, some insfrinces, Android, win10, are as secure as Apple. Just they are consumer friendly. Apple, is the big hat security. Supposedly two weeks to break in? When the codes are known to a third party, is it secure? Not anymore.
My big take off this. If I was the American government, Apple losses it right to sell to the military, and security forces of America. Buy the BlackBerry company, set up as an American company, move it here and issue bb to all of the Americans in security, and replace all government phones with the bb. Apple thinks itself superior make them prove it. They cannot. Bb was mandated by the Saudis to put a backdoor in to be used there. That’s how they lost the trust. Apple was asked for a one time program, for one phone, not an OS, so we know there are backdoors, and who are they open to? Just not the US. But who?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...