FBI Won't Tell Apple How It Got Into iPhone… But Is Apparently Eager To Help Others Break Into iPhones

from the just-one-phone! dept

Remember how the FBI insisted over and over again that the case in San Bernardino was not about setting a precedent and was totally about getting into “just that one phone?” Of course, no one believed it, but pay close attention to what’s happening now that the FBI was able to hack into Syed Farook’s work iPhone. The DOJ has also said that the crack was limited to just that type of phone and probably wasn’t widely applicable. However, at the same time, the Justice Department probably has no interest in sharing the details of the vulnerability with Apple:

The FBI may be allowed to withhold information about how it broke into an iPhone belonging to a gunman in the December San Bernardino shootings, despite a U.S. government policy of disclosing technology security flaws discovered by federal agencies.

Under the U.S. vulnerabilities equities process, the government is supposed to err in favor of disclosing security issues so companies can devise fixes to protect data. The policy has exceptions for law enforcement, and there are no hard rules about when and how it must be applied.

Apple Inc has said it would like the government to share how it cracked the iPhone security protections. But the Federal Bureau of Investigation, which has been frustrated by its inability to access data on encrypted phones belonging to criminal suspects, might prefer to keep secret the technique it used to gain access to gunman Syed Farook’s phone.

Or, as iPhone forensics guru Jonathan Zdziarski succinctly summarized:

FBI: You should do it, it’s just one phone
Apple: No it isn’t
FBI: We got in
Apple: You should say how, it’s just one phone
FBI: No it isn’t


Meanwhile, the DOJ may not be interested in helping Apple patch that hole, but it is apparently at least willing to look into other cases where it can help law enforcement break into locked iPhones. There are some (somewhat conflicting) reports saying that the FBI has agreed to help prosecutors in Arkansas try to get into a couple of iOS devices in a murder case there. Of course, it may not be the same technique or situation (and the FBI might not be able to get in, either).

However, this does show just how eager law enforcement is to get into lots of phones, and how important it is that Apple actually be able to protect its users from those who do not have legitimate reasons to hack into phones. It’s too bad that the FBI is apparently choosing to hold onto the info that helps it in a few cases while failing to protect the rest of the public who may use Apple devices.

Filed Under: , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Won't Tell Apple How It Got Into iPhone… But Is Apparently Eager To Help Others Break Into iPhones”

Subscribe: RSS Leave a comment
nasch (profile) says:

Re: Re: Re: Having been fans of past media...

Having been fans of past media…
…that put the FBI in positive light, such as The Silence of the Lambs and The X-Files, it’s hard not to look back on them and see them as propaganda films.

Try watching Continuum, about police vs. terrorists / freedom fighters, and try to figure out who to root for. I’m in season 2 and I’m still not sure.

Anonymous Coward says:

I hope someone will at least keep up with how they break into these phones. Because so far all they talked about is about “How dares Apple to go against a warrant request – a WARRANT!!!”, and about “warrant-proof” encryption and whatnot.

And yet now we may very well see them unlock all sorts of iPhones WITHOUT warrants, even though so far they’ve kept implying that if companies were to build a backdoor they’d ONLY use it with a warrant.

As usual, the government is showing you just can’t trust them with whatever they are saying, no matter at how many heart strings they are pulling to get you to agree when various crimes happen. They always seem to lie and always want to abuse the power that you’re willing to give them.

Anonymous Coward says:

Attacker sophistication

Should the government be able to read your encrypted messages?”, by S.P. Sullivan, NJ.com, Mar 19, 2016

“There’s no way to design a system or service that is secure against the most sophisticated foreign government hackers, while still allowing the least sophisticated local law enforcement to get access,” [ACLU technologist Christopher Soghoian] said.

(Via Twitter.)


“There’s no way to design a system or service that is secure against the most sophisticated foreign government hackers, while still allowing the least sophisticated local law enforcement to get access.”

            —– Christopher Soghoian

That One Guy (profile) says:

Re: Re: Re:

Yeah, that particular argument had to have been if not the dumbest move on their part during the case, then certainly right up near the top.

In one single move they make it so that no tech company that’s been paying attention will be willing to help them without a court order detailing exactly what they want done, and the ones who can fight back now have plenty of incentive to do so every single time since the FBI has made it clear that they will use willing cooperation in the past against a company if they balk at a request in the future.

Jeremy Lyman (profile) says:

Re: Re:

My mind went the other way, they’ll have to use these exploits like they did the stingrays with similar “just drop the case if someone might find out” NDA pacts. That’s the way 0-day exploits work; if you want to keep using them you can’t tell anyone about them. Unfortunately for them that’s not the way our judicial system works.

Anonymous Coward says:

Re: Re: Re:

aside from the slap on the wrist when it is discovered they are breaking numerous laws when they use them and refuse to tell those they accuse they have used them?

In a normal world they would be charged probably or at the very least suspended from their jobs for doing what they are not supposed to and ruining lives to get what they want.

Violynne (profile) says:

If Apple wants to know how the FBI cracked its phones, it’s not hard to figure out. Just follow the same trail the FBI did.

First, hit up the Chinese government and offer them buckets of cash to gain access to Chinese businesses.

Second, head over to Foxconn, with official documentation.

Third, watch closely as Foxconn details how it can manipulate the components it sends to the US in its phones (note: this applies to all Foxconn phones).

Fourth, lie to everyone about how it was done.

It’s no secret the Chinese have had backdoors to our electronic devices for decades. Several chip makers have pressured the US government to stop importing their (govt system) chips because it was impossible to determine how the backdoors were implemented.

Ignored, as usual.

Anonymous Coward says:

Measure, counter measure

This will kick off an encryption war where the tech companies will take measures to secure their devices and governments and hackers will try to find counter measures. Actually, this battle has been playing out since the dawn of time, though in the tech field much more recently.

Hopefully the tech firms will eventually make devices that are as close to impossible to break as possible.

Agent76 says:

Phone Hack

February 24, 2016 They Can Already Hack the iPhone — FBI’s Public Display is Propaganda to Sell You the Police State.

The apparent battle between Apple and the FBI at least tells us that the post-Snowden privacy debate is still alive. The subject of the controversy is an iPhone belonging to one of the San Bernardino shooters, and the FBI did not choose this case randomly.


Whatever (profile) says:

play ball

Apple refused to play ball, they should not be shocked when the FBI has no particular interest in playing nice with them either. More power to them, really.

What the FBI has done more than anything is create an amazing amount of doubt about the security of Iphones, and there is no benefit to the agency to change that any time soon. Apple reaps what it sows.

Anonymous Coward says:

Re: Re: Re: Even-handed administration

Unless you want to argue that the Bush administration was more even-handed than the Obama administration.

No. My intent was to point out that slogans like equal protection of the laws, equal justice under law, and justice for all… are ultimately a political choices.

Not really more permanent than any other campaign pledge, even ones carved in stone.

Ninja (profile) says:

Re: play ball

Considering how clueless you were during the whole debate I’m assuming you don’t know what you are talking about here as well.

Still, it is amusing to see you mocking Apple security considering almost all iphones are encrypted while very few Android phones are (for instance). So we are talking about security that may have weaknesses (Apple) and no security at all (Android). It’s hardly as bad as you’d love it to be to justify the insanity from the Government.

And I’m defending Apple again. Sadly.

Whatever (profile) says:

Re: Re: play ball

What I don’t really get here is that for most people, encryption isn’t anything one way or another. If you want to encrypt your android phone, it’s not really a problem – and since it would be a solution outside of the OS itself, it’s a whole bunch less likely to be hacked as part of a failing of the OS. Most Android users just don’t bother.

I go for the simple statistical thing. 700 Million Iphones sold, and law enforcement has (by the most paranoid count) a couple of hundred in their possession waiting to be accessed. That’s pretty much powerball winning odds. The chance that your personal phone is subject to any law enforcement access is, well… quite low unless you are a dick and break the law. More of your encryption needs are against hackers. Since Apple products are apparently totally immune to hackers (outside of social engineering) it would seem to be a fairly significant waste of effort. If someone steals your phone, your 6 digit pin code is probably more than enough to defeat them, and they are more likely to just try to wipe the phone or sell it on for a quick buck.

So, what is all the encryption really about? Not much apparently.

Uriel-238 (profile) says:

Re: Re: Re: There's your problem right there.

The chance that your personal phone is subject to any law enforcement access is, well… quite low unless you are a dick and break the law.

As has been illustrated time and again and again, you don’t need to be a dick to break the law. You just need a good lawyer to go through your stuff and find a law you’ve already broken.

And you don’t need to break the law to be subject to police arrest and search. You just need an officer who believes you have broken a law, even if it’s an imaginary law in his head.

You’ve been around here long enough to have seen countless examples, Whatever. Also examples enough to highlight that our law enforcement agencies see the people as adversarial. We are all suspects, and we are all guilty of something and we all belong in prison.

And if they could, they’d gulag each and every one of us down to the last dying grandmother and crawling infant.

We have every need to be protected against (our so-called) law enforcement, and not just for laws that work against the people.

nasch (profile) says:

Re: play ball

What the FBI has done more than anything is create an amazing amount of doubt about the security of Iphones, and there is no benefit to the agency to change that any time soon.

The FBI would benefit from everyone believing the opposite of whatever the truth is. If iPhones are actually secure, they would want people thinking they’re not so that they use something possibly less secure. If iPhones are not secure, the FBI would want everyone using them so that they could get at whatever data they wanted.

383bigblock (profile) says:

Be Careful what you ask for

I can only imagine right now what Apple engineers are cooking up in the back room for the next major IOS release. I am hoping they are huddled in a conference room with no outside access, 10 pots of coffee and 2 dozen donuts feverishly figuring out how to make an unbreakable OS and shove it up the FBI’s ass.

Maybe they can call it IOS 10.0 FTNSA (Fuck the NSA).

That One Guy (profile) says:

Re: Be Careful what you ask for

Exactly so.

If they’re going to have past assistance thrown in their face and used against them, and a major government agency claiming that they specifically designed their products to be ‘immune to warrants'(which is rubbish, the only warrants they’re ‘immune’ to is warrant presented to the wrong person), then I’d say it’s time to make it so that they cannot, under any circumstances, provide assistance or comply with a warrant.

If the police and/or government want a device unlocked to access the contents they have to go to the owner of the device, because the company who made it cannot unlock it. Let them deal with that for a bit, enjoy the consequences of their actions.

Anonymous Coward says:

Re: Re: Be Careful what you ask for

If they’re going to have past assistance thrown in their face…

Inside Apple CEO Tim Cook’s Fight With the FBI”, by Lev Grossman, Time, Mar 17, 2016

[Apple CEO Tim] Cook took deep, Alabaman umbrage at the manner in which he learned about the court order, which was in the press: “If I’m working with you for several months on things, if I have a relationship with you, and I decide one day I’m going to sue you, I’m a country boy at the end of the day: I’m going to pick up the phone and tell you I’m going to sue you.”

The Time interview with Tim Cook, a little over two weeks ago, may have been missed by many in the flurry of other press coverage. I don’t recall seeing it mentioned on Techdirt yet. But it is worth reading, even two weeks later.

And the accompanying article has savory phrases like, “Deep Alabaman umbrage.”

Uriel-238 (profile) says:

Re: Re: Without the end-user password, the data is LOST.

That’s the way it should have been constructed in the first place, so that nothing but the end user and a five-dollar wrench will break open a phone.

Because times change and even well-meaning agencies turn antagonistic towards the rights of the people, and programs that involve small rights violations for specific purposes become programs that involve big rights violations for general purposes.

Agena says:

Government "sharing"

Remember how the government was courting the tech sector, telling them how much they wanted to “share” information and ideas with them? Remember how a lot of people predicted that “sharing” would be rather one-way? Here’s an example.

I expect a lot of people in the tech sector are taking note of how “sharing” the government is.

Uriel-238 (profile) says:

Above the law.

As the recent compare / contrast to our nobility (Hillary Clinton) and our laity (Thomas Drake) has shown, yes. Our officials are above the law.

Our affluent public is at the law.

The rest of us shlubs are beneath the law, and are subject to extrajudicial detention, search and seizure with fabricated probable cause and countless transgressions in the name of national security.

We’re serfs to liege lords again. In America.

Anonymous Coward says:

Sounds like it's all going according to plan.

One of Apple’s main arguments was that FBI leaks like a sieve.
So if a tool were created to open this phone, and Apple requests it in court, is unable to get it through court of law, but can then uncover it in the net later anyway when they inevitably leak.
Won’t that just prove Apples point?
They don’t need DOJ to release th hack, they need just enough information about the hack in the public, that they can demonstrate exactly why they shouldn’t be asked to do this again in future.

Anonymous Coward says:

Interagency decision process

FBI weighs if it can share hacking tool with local law enforcement”, by Ellen Nakashima and Adam Goldman, Washington Post, Apr 1, 2016

“The FBI is very prudent when deploying the technologies,” [former FBI ASAC Austin] Berglas said. “The question is: Is it going to help the greater good by using this? Knowing that we may never have the ability to use this capability against the adversary again, are we willing to take that risk and use it?”

To referee the issue, the government has an interagency process headed by the attorney general to decide which capabilities should be classified. This is separate from the “vulnerabilities equities process” managed by the White House, which decides which software flaws should be disclosed to the software maker.

(  Always kinda hate citing stories dated April 1: People tend to think that they ought to apply heightened skepticism compared to the news they read at other times of the year. )

Anonymous Coward says:

FBI letter to local law enforcement

FBI Tells Local Law Enforcement It Will Help Unlock Phones”, by Salvador Hernandez, BuzzFeed, Apr 1, 2016

The full letter sent to local law enforcement follows:

Since recovering an iPhone from one of the San Bernardino shooters on December 3, 2015, the FBI sought methods to gain access to the data stored on it. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention generated by the litigation with Apple, others outside the U.S. government continued to contact the U.S. government offering avenues of possible research. In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone. That method for unlocking that specific iPhone proved successful.

We know that the absence of lawful, critical investigative tools due to the “Going Dark” problem is a substantial state and local law enforcement challenge that you face daily. As has been our longstanding policy, the FBI will of course consider any tool that might be helpful to our partners. Please know that we will continue to do everything we can to help you consistent with our legal and policy constraints. You have our commitment that we will maintain an open dialogue with you. We are in this together.

Kerry Sleeper
Assistant Director
Office of Partner Engagement

( H/T Cyrus Farivar at Ars Technica, “FBI offers crypto assistance to local cops: ‘We are in this together’ ”, Apr 2, 2016.

The letter was first reported Friday evening and published by BuzzFeed before being sent to Ars and presumably other media outlets.

( Also being reported by Engadget, attributing Reuters and BuzzFeed.

… according to the correspondence obtained by Reuters on Friday.

Note that Reuters does not indicate who or how they obtained the letter. It may not be from an independent source. )

( FBI: Office of Partner Engagement. Note Assistant Director Kerry Sleeper box at top right. )

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...