Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)

from the putting-everyone-at-risk dept

This should hardly comes as a surprise but reports are surfacing saying that after hacking into Syed Farook’s work iPhone, that was subject to so much attention, the FBI has found absolutely nothing of interest:

Remember, this was the same iPhone that the DOJ and the FBI said was critical in their investigation. This is the same iPhone that the San Bernardino District Attorney, Michael Ramos, insisted could be hiding evidence of a “dormant cyber pathogen” destined to destroy San Bernardino County’s computer network.

And, in the end, it appears that (as everyone expected) there was nothing on it. At all.

This isn’t surprising. As the FBI freely admitted all along, Farook and his wife had destroyed their own personal iPhones, and the only remaining one was this one, which was Farook’s work phone. If there had been anything that sensitive on it, you’d have figured they would have destroyed it too. And, of course, others had noted that the FBI’s choice of words after getting in pretty clearly suggested there was nothing useful on the phone.

But… in the meantime, the FBI has now made it clear that at least certain iPhone models have a massive vulnerability in them that potentially puts millions of iPhone users at risk. And the FBI has shown no interest in telling Apple where this vulnerability exists.

In short, the FBI, who is supposed to keep us safe from crime, broke into an iPhone which helped it solve no crime, but almost certainly has put millions of people at risk for potential criminal attacks in the future. Why does anyone think this is a good result?

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)”

Subscribe: RSS Leave a comment
65 Comments
hobo says:

Re: Typical...

Credited to John Adams:
“It is more important that innocence should be protected, than it is, that guilt be punished; for guilt and crimes are so frequent in this world, that all of them cannot be punished…. when innocence itself, is brought to the bar and condemned, especially to die, the subject will exclaim, ‘it is immaterial to me whether I behave well or ill, for virtue itself is no security.’ And if such a sentiment as this were to take hold in the mind of the subject that would be the end of all security whatsoever”

Seems apt.

Anonymous Coward says:

part of me still believes they never actually got into the phone and not finding anything is just a bullshit cover to make everyone believe they have this capability

i mean.. first fbi says they’ve broken into this phone and are now going to help local leos break into other phones.

today.. news comes out that the fbi doesn’t actually know how the crack worked and they have no way to do it again.

so… were they lying then or are they lying now?

Anonymous Coward says:

I just imagine the FBI forensics training

Gunnery Sergeant Hartman: MMM, good…
Recruits: MMM, good…
Gunnery Sergeant Hartman: Feels Good
Recruits: Feels Good
Gunnery Sergeant Hartman: Is Good
Recruits: Is Good
Gunnery Sergeant Hartman: Real Good
Recruits: Real good
Gunnery Sergeant Hartman: Tastes Good
Recruits: Tastes good
Gunnery Sergeant Hartman: Mighty Good
Recruits: Mighty good
Gunnery Sergeant Hartman: Good for you
Recruits: Good for you
Gunnery Sergeant Hartman:Good for me
Recruits: Good for me

Anonymous Coward says:

“Remember, this was the same iPhone that the DOJ and the FBI said was critical in their investigation.”

I followed the author’s link and searched for the word “critical”. It was not there, leading me to believe that the author is not being altogether accurate in reporting what the FBI has been stating concerning this matter.

Anonymous Coward says:

Surprised they acknowledged finding nothing

Openly admitting that it was a waste of effort, while people still remember the story, is rather surprising to me. I strongly expected that, after claiming to get in, they would claim that they could not discuss what they found “because it pertains to an ongoing investigation.” They would continue stonewalling on that until everybody lost interest, then very quietly (probably on a Friday afternoon, maybe before a long weekend) put out an announcement acknowledging there was nothing of value.

Anonymous Coward says:

Re: "almost certainly has put millions of people at risk "

If we assume that the FBI’s public statements are accurate, then that model device has a vulnerability which permits unauthorized access. The FBI is actively refusing to tell Apple how the vulnerability works, out of concern that Apple will patch it and prevent them from gaining unauthorized access to other devices of this model. In the meantime, blackhats now have confirmation that the device is vulnerable and, unless Apple stumbles across the fix on its own, the vulnerability will remain open for quite a while. The FBI could, and given their anti-crime mission, should, tell Apple how the vulnerability works, so that Apple can promptly fix it to protect innocent users. Instead, they are taking the petty approach that, since Apple built a system that dared to resist them at all, they will not help Apple protect its customers, even though they easily could.

Anonymous Coward says:

Re: Re: "almost certainly has put millions of people at risk "

“blackhats now have confirmation that the device is vulnerable”

The idea that hackers are just waiting around for some public pronouncement of vulnerability is laughable. There are entire businesses legal and illegal, built around finding and selling vulnerabilities not to mention individuals and state actors.

>The FBI could, and given their anti-crime mission, should, tell Apple how the vulnerability works.

That argument has some merit. However these vulnerabilities have incredibly short lifespans and are generally limited in devices and software versions vulnerable. I’m sure the company that worked with the FBI has many more. I’m speculating, but it could even be a term of the contract that the company sells its services, not the details of the exploit making disclosure impossible.

Either way, the argument that this has significantly added to risk users face already doesn’t hold water. Millions of people are always at risk because software is not perfect and determined parties find and exploit vulnerabilities.

Anonymous Coward says:

Re: Re: Re: "almost certainly has put millions of people at risk "

No one said that blackhats are just waiting around for confirmation of a vulnerability. But if they do hear about something like this that there is a vulnerability in something then some of them will absolutely go in search of it just to try and find it and use it if they can before it’s fixed. So this absolutely has added risk to users until this vulnerability has been fixed.

Anonymous Coward says:

Re: Re: Re:2 "almost certainly has put millions of people at risk "

How is there added risk? Cellebrite knew about it already. Likely other organizations as well. FBI didn’t invent the vulnerability. You could argue FBI could reduce the risk by disclosing its knowledge (which it may or may not have), but failing that the baseline risk has not changed from before Cellebrite contacted them.

Kal Zekdor (profile) says:

Re: Re: Re:3 "almost certainly has put millions of people at risk "

This is called the Parmenides Fallacy, or the cost of inaction.

Assumption 1: This exploit is known to various black hat hackers and is in use.
Assumption 2: Active exploitation of this vulnerability puts citizens at risk.
Assumption 3: The FBI is aware of this vulnerability.
Assumption 4: Given knowledge of this vulnerability, Apple could work to mitigate the damage.

With the given assumptions, there are two options.

Option A: FBI does not releasd information about the exploit, and it continues to be exploited, harming some number of individuals. Call this number X.
Option B: FBI releases information about the exploit, reducing the number of harmed individuals. Call this number X – Y.

The choice between these options is made by the FBI. Therefore, they can choose to harm a larger number of individuals, or a fewer number of individuals.

The cost of each option, in harmed individuals:

Option A: Y
Option B: 0

By not disclosing the vulnerability their inaction has put some number of individuals at risk of harm.

nasch (profile) says:

Re: Re: Re:5 "almost certainly has put millions of people at risk "

You’re only saying FBI has the opportunity to reduce risk, not that it has added to it which is argued in the piece.

You’re playing semantic games. The FBI’s choice has led to more people being at risk than if they had made a different choice. The article doesn’t say it leads to more people being at risk than were at risk yesterday.

John Fenderson (profile) says:

Re: Re: Re:2 "almost certainly has put millions of people at risk "

“if they do hear about something like this that there is a vulnerability in something then some of them will absolutely go in search of it”

They almost never have to, because the vast majority of the time it was already known to them. Particularly in this case. The Feds bought the exploit from gray-hat hackers, and if the gray hats know it, you can be pretty sure that the black hats do as well.

Kal Zekdor (profile) says:

Re: Re: Re: "almost certainly has put millions of people at risk "

I don’t know where you’re getting the adjective “significant” from. Hell, the word Mike used was “potentially”, which is about as far from “significant” as you can get while still being a positive signifier of risk.

The fact of the matter here is that the FBI could help prevent crime by releasing details of this vulnerability. That they are not, purely out of spite, is appalling. Why is the FBI not doing their fucking job?

Kal Zekdor (profile) says:

Re: Re: Re:3 "almost certainly has put millions of people at risk "

So that somehow makes it ok to buy up vulnerabilities and hoard them?

Did you even read that link you trotted out? It makes it abundantly clear that the FBI has a very poor track record when it comes to disclosing vulnerabilities. They barely pay lip service to the idea. (And the fact that there’s a procedure in place for it would indicate that releasing information about exploits they are aware of is very much part of their job).

There is no scenario where it is acceptable for a law enforcement agency to sit on an exploit like that. That’s like a cop going into a shop that’s being robbed and saying “Not my problem. I haven’t been dispatched here, and the paperwork would be a pain.”

Anonymous Coward says:

>Why does anyone think this is a good result?

I don’t know why you think it’s a bad result. Law enforcement using hacking tools is standard practice. In this case it was narrowly focused to a single device. I’d be more worried about honeypots and other attacks on the larger internet.

Yes, the FBI’s legal arguments were troubling, but they were checked by the judicial system.

No new legal powers were gained compelling companies to compromise their software and nothing was made illegal.

This is is the best possible outcome we could have hoped for.

Anonymous Coward says:

Re: Not the best outcome

This is is the best possible outcome we could have hoped for.

I disagree. Apple securing a solid victory on the merits, and on any appeals the FBI/DOJ decided to pursue, would be a better outcome. As is, no new precedent was established. A solid victory for Apple could have included precedent that the DOJ cannot compel cooperation in this form, at least under current law. As is, there is nothing stopping DOJ from trying the exact same stunt the next time they find a device they want to open. They only abandoned this case because they were not making headway and were concerned the court might rule in Apple’s favour if pushed.

Anonymous Coward says:

Re: Re: Not the best outcome

You got me there, speaking in absolutes was a bad idea. I’m hopeful that when a similar case is argued, justice will prevail. But for now, this is just another case of a hacked device. Vulnerabilies will always exist and since they do, i’d like to see them continue to be used by law enforcement in specific cases with a warrant and proper transparency. The alternative of mandating backdoors making systems less secure by design is unthinkable.

Anonymous Coward (user link) says:

“The FBI has routinely contracted Cellebrite over the last five years. The company, which publicly boasts of its ability to hack into Apple devices, has received over $2 million in purchase orders from the agency since 2012.”

Mike, would you please explain how this instance is so much worse than every other time law enforcement hacked into a phone with a legally authorized warrant?

That One Guy (profile) says:

Re: Re:

Assuming you haven’t been following the story on TD, the TL:DR version is that this time they were ‘asking’ for Apple to create custom code specifically designed to remove a security feature, very different from cases before where they were just asking Apple to provide unencrypted data from the device, or they somehow got in themselves without ‘needing’ to ask the company that sold the phone to be an active participant.

Anonymous Coward says:

It should never have come as a surprise that nothing of real interest was on the remain phone after the Farooks had already destroyed computer hard drives and two other phones. Why would they have done that and left a last phone undamaged? Mainly because there would be nothing to be found on the last phone. It was never about what was on the phone or could be. That was just the excuse to force Apple to backdoor their encryption in some manner.

The FBI seriously underestimated the support for it’s actions from the public and tech sectors. When it found out it get far more attention than it had thought it would, it was rather quickly it backed out of the court case so as not to set a precedent.

That hasn’t stopped the other cases it has in the works to continue to attempt to force Apple to backdoor, just this one with all it’s negative public exposure.

Hoover Sux says:

Remember John Walker?

The FBI lies. It is what they do best. They are treasonous, frequently criminal, self-serving and seek to bypass any rule of law and establish themselves as dictators. Sure, there are a few good guys, but the leadership agenda has been corrupt since their beginning. A flawed endeavor.

Should be uncreated and replaced by honest, sincere SERVANTS of the citizens (makes one recall the motto of cops in the good old days – “To Serve And Protect”).

That One Guy (profile) says:

Re: naive?

The timing makes the idea that they lied to save face quite possible, but even taking them at their word they still come out looking bad, because after a huge fight over how important it was to access the phone it turns out that there’s absolutely nothing of import on it, just like pretty much anyone could have told them would be the case from the start.

Anonymous Coward says:

As soon as they pulled the plug on pressuring Apple, I knew there was nothing in the phone. It was clear all along they just wanted precedent, and when public opinion turned against them, all of a sudden they had some magical other way in. Everyone was reporting how Apple got off the hook, but it was really the FBI that got off the hook. They tried to bully their way into scary power, and then dropped everything with no punishment for what they tried to do. And of course this magical other way in didn’t reveal anything, cause it probably never existed other than as a get out of jail free card.

jim says:

right?

Yup, here’s the way I see it. There are two ways to open a phone. Legally, and illegally. One you can use in court. The other is called, integellence, and has to be proven in other ways. Everyone assumes Apple does it the right way. Therefore it is legal. And they have just said no. So now the FBI wants a way, to use the information legally. And I think they just got shot down. So far, something must be loaded on the phone. That breaks the evidence path,they cannot prove ownership of the information, since the loaded “whatever” . like they said, no useful information.

Whatever (profile) says:

It’s easy (and tempting) to draw conclusions from this case and the “targets” laptop situation. However, it would be rather silly to take a definitive position based on a couple of cases.

I have little doubt that if the FBI had in fact found something on this IPhone, the techdirt story would be to dismiss it as an exceptional case, as clearly it has been shown that most terrorists don’t use encryption (except for those using Iphones, whatsapp, and so on… ).

It would be nice if things got explained in the same way – find something, it’s exception, find nothing and it’s some sort of overwhelming proof? Nice!

Whatever (profile) says:

Re: Re: Re:

Well, it’s sort of the way it works around here. If there is nothing useful on the phone, then it was a total waste and a solid indication not to break encryption ever… if there was something on the phone, then they got insanely lucky and it’s no indication that breaking encryption would help.

Both stories would come from the same side of the hatchet.

FM Hilton (profile) says:

The Result: Time and Money wasted

I tell you, the only thing that really got traction on this case was the use of taxpayer money that the FBI used in getting this phone hacked.

Do they not have anything else to do?

The same results would have come from them sledge hammering the phone and opening it by that kind of brute force.

They wouldn’t have found anything there, either way.

I guess they must like being made to look like total fools-they do it so easily.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...