Legal Issues

by Mike Masnick


Filed Under:
all writs act, doj, encryption, fbi, forensics, iphone

Companies:
apple


Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie This Week?

from the gallantly-the-DOJ-chickened-out dept

Support our crowdfunding campaign to help us keep making content like this!

So now that there's been a little time to process the Justice Department's last minute decision to bail out on the hearing in the San Bernardino case, claiming it was because some mysterious third party had demonstrated a way to hack into Syed Farook's iPhone, it's becoming increasingly clear that (1) the DOJ almost certainly lied at some point in this case and (2) this move was almost entirely about running away from a public relations battle that it was almost certainly losing (while also recognizing that it had a half-decent chance of also losing the court case). Just replace "Sir Robin" with "the DOJ" in the following video.
That said, there are still some things to clear up. First, did the DOJ lie? It seems pretty obvious that it must have. After all, it insisted earlier in the case, multiple times, that it had "exhausted" all other possibilities and "the only" way to get into the phone was with Apple's help. That's certainly raised some eyebrows:
The DOJ and its supporters, of course, will argue that "new shit has come to light, man," but that seems... doubtful. My first thought was that when the FBI said that it had been alerted to a way in over the weekend, it potentially was using the announcement from researchers at Johns Hopkins about a flaw in iMessage encryption. If so, that would be particularly bogus, since everyone admits that the vulnerability found would not apply to this case.

However, there's now a ton of speculation going around about the likely method (and the likely third party) that the FBI is probably using, involving copying the storage off the chip and then copying it back to brute force the passcode without setting off the security features or deleting the data. But, again, this possible solution isn't really new. Just a few weeks ago, during a Congressional hearing, Rep. Darrell Issa quizzed FBI Director James Comey about this very technique (which was so deep in the technical weeds, that many reporters and other policy folks were left scratching their heads):
That video is worth watching, because Director Comey insists, pretty clearly, that there is no way to get into the phone:
Comey: We wouldn't be litigating it if we could [get in ourselves]. We've engaged all parts of the US government to see 'does anyone have a way -- short of asking Apple to do it -- with a 5c running iOS 9 to do this?' and we do not.
At that point Issa starts asking really technical questions about can't the FBI remove the data from the phone to make copies of the storage, putting it with the encryption chip, trying passcodes, and then reflashing the memory before the 10 chance are used up -- thus brute forcing the passcode without setting off the security features. As Issa notes:
If you haven't asked that question, how can you come before this committee and before a federal judge and demand that somebody else invent something if you can't answer the question that your people have tried this? ... I'm asking who did you go to? Have you asked these questions? Because you're expecting to get an order and have somebody obey something they don't want to do and you haven't even figured out if you can do it yourself.
Comey is clearly befuddled by the questions and basically says that he's sure that his people must have thought about this, but he assumes that they're watching and if they haven't thought of this then they'll test it out. But, really, a few people had suggested similar things early on, so if that is the solution then it only adds weight to the idea that the FBI didn't do everything it could possibly do before running to the judge.

Others have questioned the "two week" timeframe for the DOJ to issue a status report to the court, noting that a brand new solution would almost certainly take much longer to test thoroughly before using it on the iPhone in question.

And then there's the other question: if the FBI really has tracked down a new "vulnerability" in Apple's encryption... will it tell Apple about it so that Apple can patch it? Remember, the White House has told the various parts of the federal government that they should have a "bias" towards revealing the flaws so they can be patched... but leaving a "broad exception for 'a clear national security or law enforcement need.'" It's pretty clear from how the DOJ has acted that it believes this kind of hole is a "law enforcement need."

So, if the FBI really did figure out a vulnerability in Apple's encryption, it probably won't actually reveal it -- but I'd imagine that Apple's security engineers are scrambling just the same to see if they can patch whatever flaws there may be here, because that's their job. And, again, that gets back to the point here: there are always some vulnerabilities in encryption schemes, and part of the job of security folks is to keep patching them. And one of the worries with the demand for backdoors is that the introduce a whole bunch of vulnerabilities that they're then not allowed to patch.

Either way, the DOJ's actions here are highly questionable, and it seems pretty clearly an attempt to save face in this round. But the overall fight is far from over.

Support our crowdfunding campaign to help us keep making content like this!


Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Quiet Lurcker, Mar 23rd, 2016 @ 8:40am

    When did FBI Lie?

    I think the better question is, Has the FBI ever said anything truthful at all about this matter?

    reply to this | link to this | view in thread ]

  2. icon
    Groaker (profile), Mar 23rd, 2016 @ 8:43am

    Wonder what all the shouting is about when it must be assumed that all encryption, with the exception of selected one time pads, is breakable.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 8:52am

    Latest rumors

    However, there's now a ton of speculation going around about the likely method (and the likely third party) that the FBI is probably using…
    • “Israeli firm helping FBI to open encrypted iPhone: report”, Reuters, Mar 23, 2016
    Israel's Cellebrite, a provider of mobile forensic software, is helping the U.S. Federal Bureau of Investigation's attempt to unlock an iPhone used by one of the San Bernardino, California shooters, the Yedioth Ahronoth newspaper reported on Wednesday.

    • “Report: Israeli company helping FBI crack iPhone security”, by Sagi Cohen, Ynetnews, Mar 23, 2016

       — About Ynetnews:
    Ynetnews is the English-language edition of Ynet, Israel's largest and most popular news and content website.

    Founded in 2005, Ynetnews is part of the prominent Yedioth Media Group, which publishes Yedioth Ahronoth – Israel's most widely-read daily newspaper – as well as several popular magazines and dozens of local publications. . . .

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 8:57am

    Re:

    In theory, all encryption except a one time pad is breakable by trying all possible keys. In practice the best modern encryption is effectively immune to that attack, but there may be some other exploitable weakness in the system, like a short pin to enable use of a strong key without needing to know the key. That is protecting the keys can be a weak point in any strong encryption system

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 8:59am

    "Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie This Week?"

    In direct conflict with Betteridge's law of headlines, the answer to this question is actually "yes."

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:09am

    Re: Latest rumors

    … speculation going around about the likely method…
    Government keeping its method to crack San Bernardino iPhone 'classified' ”, by Danny Yadron, The Guardian, Mar 22, 2016
    A new method to crack open locked iPhones is so promising that US government officials have classified it, the Guardian has learned. . . 

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:09am

    Again...

    If you're the FBI, you lie. It's what you do.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:20am

    Re: Re:

    Yes, this shows the difference between theory and practice.

    In practice, many one time pads are breakable because the pad was not randomly generated. Often a OTP has its own predictable characteristics that, if you've got data at rest, can be tested for infinite iterations until a theory proves true. This is especially true if you are able to run some of your own input through the OTP to test for predictable elements.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:32am

    Re: Latest rumors

    Ynetnews is the English-language edition of Ynet
    Israeli Firm Reportedly Helping FBI Crack San Bernardino Phone (Updated)”, by Dawn Chmielewski, re/code, Mar 23, 2016
    An Israeli mobile forensics firm that touts its “breakthrough ability to unlock Apple devices” is helping the FBI crack into the San Bernardino phone, according to a report in an Israeli newspaper that cites anonymous sources. . . .

    Google Translate (for link embedded in blockquote): "An Israeli company helped the FBI crack the iPhone", by Sagi Cohen, Ynet, Mar 23, 2016
    The FBI uses the services of the company Slbriit Petah Tikvah an attempt to break the terrorist's locked iPhone San Bernardino. Industry sources estimate familiar with the matter.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:42am

    Re: When did FBI Lie?

    Oh, the truth slips out on occasion, accidentally, and the persons responsible are fired and possibly prosecuted.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:44am

    Honestly, I think people are over-thinking how to hack the phone. This link shows that it very well might have been possible without even taking the phone apart.

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 9:56am

    They should have just asked the Chinese to begin with.
    Also, as a criminal defense attorney, I have learned that if you have to ask "did you lie then, or are you lying now?" You are asking the wrong question. The correct is which lies did we catch you in the, and which of the lies you tell now will we eventually catch.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 10:00am

    Or BOTH times?!

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 10:01am

    Why not both instead of one or the other

    reply to this | link to this | view in thread ]

  15. icon
    That One Guy (profile), Mar 23rd, 2016 @ 10:01am

    Re: Re: Latest rumors

    A new method to crack open locked iPhones is so promising that US government officials have classified it, the Guardian has learned. . .

    Which certainly answers the following:

    And then there's the other question: if the FBI really has tracked down a new "vulnerability" in Apple's encryption... will it tell Apple about it so that Apple can patch it? Remember, the White House has told the various parts of the federal government that they should have a "bias" towards revealing the flaws so they can be patched... but leaving a "broad exception for 'a clear national security or law enforcement need.'" It's pretty clear from how the DOJ has acted that it believes this kind of hole is a "law enforcement need."

    If they really believe that the security hole is that valuable, valuable enough to classify, there is no chance whatsoever that they will tell Apple about it so that it can be fixed. Once again you get a situation where a government agency is acting contrary to the best interests of everyone else so that they can continue to benefit.

    And they wonder why the tech industry doesn't trust them...

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 10:13am

    Re: Again...

    They originally got the letterhead wrong and just went with it. It was supposed to be FIB.

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 10:31am

    Re: Latest rumors

    Via David Kravets at Ars Technica (“Israeli mobile forensics firm helping FBI unlock seized iPhone, report says”, Mar 23, 2016), who credits a Jonathan Zdziarski email to Ars

    San Bernardino iPhone Data Recovery Statement”, DriveSavers, March 22, 2016
    … We feel very positive about one method in particular…

    • The first tool allows us to remove and read chips from the iPhone 5c.

    • The second tool, which we’ve customized, allows us to alter the password count and continue to reset it to zero . . .
    For those skimming, note well that DriveSavers is not Cellebrite.

    reply to this | link to this | view in thread ]

  18. icon
    DannyB (profile), Mar 23rd, 2016 @ 10:33am

    Re: When did FBI Lie?

    The question Mike asks suggests the answers are mutually exclusive. Which of the two is a lie? But both could be a lie.

    1. The FBI did NOT exhaust all possible avenues. FBI might really have tried noting at all. They never really wanted to get into this particular phone. What FBI really wanted was unhindered access to any phone, any time, any where, and unsupervised. It thought if it just asked, it could get what it wanted. Relatively quietly.

    2. The FBI does NOT presently have any actual plan for how it might recover secret information from the phone. This lie is merely a ploy to get this case closed and the public relations battle over.

    What I would suggest a judge do to verify number 2 is have a court appointed observer witness whatever steps the FBI does. Do they make a genuine attempt? Is the theory of how the attack would work real? This would help prevent the FBI from destroying this phone, which would be another way they could manage to wiggle out of their lies.

    Why do you think they are called the FIB?

    reply to this | link to this | view in thread ]

  19. icon
    DannyB (profile), Mar 23rd, 2016 @ 10:38am

    Re:

    Fun with One Time Pads.

    The FBI could produce a pad that makes encrypted data say whatever it wants it to say.

    Then plant that manufactured pad onto the party you wish to prosecute.

    Of course, I'm probably giving them ideas for their next manufactured "look we stopped a terrorist plot!" PR booster.

    But is that previous sentence any more offensive than the suggestion that Apple chooses to build secure systems strictly for marketing reasons while innocent people get killed?

    reply to this | link to this | view in thread ]

  20. icon
    DannyB (profile), Mar 23rd, 2016 @ 10:41am

    Re: Re: Latest rumors

    What? So the FBI's classified method of breaking the iPhone is to ask Israel to do it for them?

    Ooops. I probably shouldn't have revealed that secret.

    reply to this | link to this | view in thread ]

  21. icon
    vdev (profile), Mar 23rd, 2016 @ 11:13am

    Re: all crypto is breakable

    Quite true. All it takes is time. Lots of it.

    reply to this | link to this | view in thread ]

  22. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 11:24am

    Re: Re: all crypto is breakable

    All it takes is time.
    Complexity Zoo.

    reply to this | link to this | view in thread ]

  23. icon
    SteveMB (profile), Mar 23rd, 2016 @ 11:29am

    My first thought was that when the FBI said that it had been alerted to a way in over the weekend, it potentially was using the announcement from researchers at Johns Hopkins about a flaw in iMessage encryption. If so, that would be particularly bogus, since everyone admits that the vulnerability found would not apply to this case.


    It still provides them with a smokescreen to cover their retreat -- most people are only going to remember "somebody found a flaw in iPhone security and then the FBI said they don't need Apple to unlock the phone".

    reply to this | link to this | view in thread ]

  24. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 11:31am

    The goal was never to hack the iPhone but rather hack the legal system.

    reply to this | link to this | view in thread ]

  25. identicon
    David, Mar 23rd, 2016 @ 11:49am

    Re: When did FBI Lie?

    I suspect the FBI not to know. It would probably be far too burdensome for them to crosscheck their narrative with the facts whenever they make a statement. Steady jobs depend on steady funding due to a steady narrative.

    You can't let the criminals determine their operations.

    reply to this | link to this | view in thread ]

  26. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 11:54am

    TFTFY

    Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie This Week?

    Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie every time it opened it's mouth?

    reply to this | link to this | view in thread ]

  27. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 12:17pm

    Re: Latest rumors

    It Might Cost The FBI Just $1,500 To Get Into Terrorist's iPhone”, by Thomas Fox-Brewster, Forbes, Mar 23, 2016
    [I]t can cost as little as $1,500 to have Cellebrite acquire passcodes for Apple phones, FORBES understands.


    Israel's Cellebrite linked to FBI's iPhone hack attempt”, by Leo Kelion, BBC, Mar 23, 2016
    Cellebrite has taken numerous calls from the media asking if it is indeed the unidentified helper.

    A Twitter user noted the firm signed a fresh $15,000 (£10,600) contract with the FBI two days ago - albeit in Chicago rather than California.

    A spokesman for Cellebrite said it might have more to say at a later point.

    reply to this | link to this | view in thread ]

  28. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 1:00pm

    Re: Re: Re: Latest rumors

    … there is no chance whatsoever that they will tell Apple about it…
    Meet Cellebrite, the Israeli Company Reportedly Cracking iPhones for the FBI”, by Joseph Cox (Contributor), Motherboard, Mar 23, 2016
    “Apple has a weird relationship with this company, because there are Cellebrite devices in every Apple store,” [ACLU technologist Christopher] Soghoian added. This is because devices are used to take data from customers Androids phones, and easily transfer contacts and other info over to newly purchased iOS ones.
    (Embedded link omitted.)

    And a story from last month: “Cellebrite: What You Need to Know About Cell Phone Forensics”, by Jason Hernandez, North Star Post, Feb 23, 2016
    Cellebrite has a key edge in attacking the security of smartphones--its relationships as the "exclusive provider of mobile synchronization systems for Verizon Wireless, AT&T, Sprint/Nextel, T-Mobile" and others that allow them to obtain "pre-production handsets and source codes from the cell phone manufacturers six months prior to retail launch which is a major advantage for research and development." See here, courtesy of Lucy Parsons Labs.
       — Direct link to referenced PDF: See p.14 in that PDF, para. 4 of document on CelleBrite letterhead, dated Dec 9, 2011, “Attention: Maurice Cernik”, signed “Jason Rogers, VP of Sales”.

    reply to this | link to this | view in thread ]

  29. icon
    MadAsASnake (profile), Mar 23rd, 2016 @ 1:01pm

    Of course it has been classified top secret. That is the standard classification for lies.

    reply to this | link to this | view in thread ]

  30. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 2:17pm

    Re: Re: Latest rumors

    "the firm signed a fresh $15,000 (£10,600) contract with the FBI two days ago"

    Apple: NOW you tell me! I just spent $150k on my legal brief!
    ---

    This whole episode is payback for the hours that Comey spent with Apple tech support in India once upon a time...

    reply to this | link to this | view in thread ]

  31. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 2:28pm

    Re: Re: Re: Latest rumors

    Marcy Wheeler thinks this contract is unrelated to the San Bernardino iPhone 5c. She wrote earlier today:
    Update: FBI signed a contract with Cellebrite on the same day it announced it had found a solution, though I think it’s for license renewals for 7 machines in Cook County.

    reply to this | link to this | view in thread ]

  32. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 2:50pm

    Disclosure policy [was Re: Re: Re: Latest rumors]

    … there is no chance whatsoever that they will tell Apple about it so that it can be fixed
    Discovering and disclosing the FBI's newfound iPhone hack”, by Greg Otto, FedScoop, Mar 23, 2016
    Rep. Ted Lieu, D-Calif., one of only a handful of lawmakers with a background in computer science, told FedScoop the government shouldn’t be compelled to reveal the vulnerabilities any more than “the FBI should be able to compel private citizens and private sector companies to create new software and do things that don’t exist.”

    “I would like the FBI to do that [tell Apple], but I don’t think we would be able to compel them to do that,” Lieu told FedScoop.

     . . .

    Sen. Ron Wyden, D-Ore., told FedScoop he considers a vulnerability stockpile “particularly important,” but only for use in national security situations.

    “The administration has said that knowledge about computer vulnerabilities will sometimes be temporarily kept secret under a process that is biased toward responsibly disclosing the vulnerability,” Wyden told FedScoop.

    “Furthermore, it is important for the executive branch to share information about these decisions not only with members of Congress but also with specialized staff who possess appropriate legal and technical expertise so that Congress can ensure that this policy is being adhered to," Wyden said.

    reply to this | link to this | view in thread ]

  33. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 3:14pm

    Director Comey's response to WSJ editorial

    Yesterday, March 22, the Wall Street Journal published an opinion piece, “The Encryption Meltdown”.

    Today, in letters, the Wall Street Journal published FBI Director James Comey's response, “The FBI Is Trying to Crack the San Bernardino Case, Not Set a Precedent”:
    You are simply wrong to assert that the FBI and the Justice Department lied about our ability to access the San Bernardino killer’s phone.

    Regarding your editorial “The Encryption Meltdown; The FBI now says its Apple assault might not even be necessary” (March 22): You are simply wrong to assert that the FBI and the Justice Department lied about our ability to access the San Bernardino killer’s phone. I would have thought that you, as advocates of market forces, would realize the impact of the San Bernardino litigation. It stimulated creative people around the world to see what they might be able to do. And I’m not embarrassed to admit that all technical creativity does not reside in government. Lots of folks came to us with ideas. It looks like one of those ideas may work and that is a very good thing, because the San Bernardino case was not about trying to send a message or set a precedent; it was and is about fully investigating a terrorist attack.

    James B. Comey
    Director
    Federal Bureau of Investigation
    Washington


    [ Note: I'm reproducing Director Comey's letter here in full. 17 USC § 101: A “work of the United States Government” is a work prepared by an officer or employee of the United States Government as part of that person’s official duties. Further, even if Director Comey's inclusion of his official title was intended purely for identification purposes, due to the public controversy and other factors, I would nevertheless assert fair use in copying this short letter here in full. ]

    reply to this | link to this | view in thread ]

  34. icon
    madasahatter (profile), Mar 23rd, 2016 @ 4:38pm

    Re: Re: Re:

    OTP is considered the most secure method with a couple of caveats. There is a maximum length for each message. Each pad must generated in a way that does provide clues into it or others. The pads can never be reused.

    reply to this | link to this | view in thread ]

  35. icon
    Mike Masnick (profile), Mar 23rd, 2016 @ 4:43pm

    Re: Re: Re: Re: Latest rumors

    While I appreciate all these stories about Cellebrite, it's worth noting that some are reporting this rumor is false:

    https://twitter.com/dannyyadron/status/712753764164194308

    reply to this | link to this | view in thread ]

  36. icon
    JMT (profile), Mar 23rd, 2016 @ 4:57pm

    Re: Director Comey's response to WSJ editorial

    Offers up a believable explanation ("It stimulated creative people around the world to see what they might be able to do.") and follows up straight away with an outright lie ("...the San Bernardino case was not about trying to send a message or set a precedent; it was and is about fully investigating a terrorist attack.") that basically everyone but the FBI admits is false.

    reply to this | link to this | view in thread ]

  37. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 6:21pm

    Yes. Yes, it did.

    reply to this | link to this | view in thread ]

  38. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 10:06pm

    It will be interesting to see if apple black-balls Cellebrite out of existance. most likely they will buy them take the talent and fire all the executives making political decisions like this one. apple has a history of valuing secrecy i bet it just got a lot harder to get any info out of apple if you are an oem making things for apple products.

    reply to this | link to this | view in thread ]

  39. identicon
    Anonymous Coward, Mar 23rd, 2016 @ 11:27pm

    Re: Re: Re: Re: Latest rumors

    receiving… source codes from the cell phone manufacturers…
    Apple SrVPSwEng Craig Federighi Mar 15, 2016 declaration, at paragraph 6 (p.2: ln.25-6):
    Apple has also not provided any government with its proprietary iOS source code.

    reply to this | link to this | view in thread ]

  40. icon
    That One Guy (profile), Mar 24th, 2016 @ 1:10am

    Re: Director Comey's response to WSJ editorial

    It stimulated creative people around the world to see what they might be able to do. And I’m not embarrassed to admit that all technical creativity does not reside in government. Lots of folks came to us with ideas.

    Funny how he only pays attention to that 'technical creativity' now that it allows him to duck out of a case that backfired, instead of when numerous 'creative people' told him that what he was 'asking' for would create a notable risk to security.

    reply to this | link to this | view in thread ]

  41. identicon
    Anonymous Coward, Mar 24th, 2016 @ 10:13am

    AG and FBI Dir News Conference [was Re: Director Comey's response to WSJ editorial]

    Today, Mar 24, 2016, Attorney General Loretta Lynch, FBI Director James Comey, and others held a news conference, carried on C-SPAN. While the main topic of this news conference concerned another cybersecurity incident, during questions, AG Lynch and Director Comey provided responses to regarding the San Bernardino iPhone 5c, and the litigation with Apple.

    Approximate timemarks:
      • 24:05 – 27:05
      • 28:10 – 29:15
      • 32:30 – 33:50

    Director Comey, among other statements, repeated the substance of yesterday's letter to the Wall Street Journal, and during the 32:30 – 33:50 segment spoke directly about his letter.

    reply to this | link to this | view in thread ]

  42. identicon
    Anonymous Coward, Mar 24th, 2016 @ 10:44am

    DriveSavers method [was Re: Re: Latest rumors]

    We feel very positive about one method in particular
    During today's news conference, Director Comey appears to discuss this general approach during the 28:10 – 29:15 segment. At about 28:44, Director Comey says, “It doesn't work”. He then evades the question whether the FBI tried it? “I don't want to say beyond that, but… ”

    reply to this | link to this | view in thread ]

  43. identicon
    Anonymous Coward, Mar 24th, 2016 @ 11:31am

    Re: Re: Re: Re: Re: Latest rumors

    … about Cellebrite, it's worth noting that some are reporting this rumor is false
    FBI's Comey, officials discount two iPhone hack theories”, by Elizabeth Weise and Kevin Johnson, USA TODAY, Mar 24, 2016
    [L]aw enforcement officials speaking on background debunked another report that had named Israeli forensics firm Cellibrate as the mystery firm helping it break into the phone.
    Hmmm… when proofreading after excerpting noticed the ‘i’. Presumably “Cellibrate” is a mere typo?

    reply to this | link to this | view in thread ]

  44. identicon
    Anonymous Coward, Mar 24th, 2016 @ 5:36pm

    Re: Re: Re: Re: Re: Re: Latest rumors

    Presumably “Cellibrate” is a mere typo?
    Just rechecked the USA Today story and it looks like they fixed the typo. The story, now marked “7:06 p.m. EDT March 24, 2016”, currently reads:
    Law enforcement officials speaking on background debunked another report that had named Israeli forensics firm Cellebrite as the mystery firm helping it break into the phone.

    reply to this | link to this | view in thread ]

  45. identicon
    Anonymous Coward, Mar 25th, 2016 @ 9:16am

    Re: Director Comey's response to WSJ editorial

    Yesterday, March 22, the Wall Street Journal published an opinion piece, “The Encryption Meltdown”.
    This ten-paragraph Wall Street Journal opinion piece also seems to have been syndicated by Associated Press, in “Editorial Roundup: Excerpts from recent editorials” (Mar 23, 2016).

    In that roundup, scroll down to, or search for, the item marked:
    March 22
    The Wall Street Journal on the FBI and Apple encryption
    Aside from inconsequential differences, the AP copy appears to be the same as the WSJ editorial.

    reply to this | link to this | view in thread ]

  46. identicon
    Anonymous Coward, Mar 25th, 2016 @ 11:42am

    Arguments

    Jonathan Zdziarski tweet (8:42 AM - 25 Mar 2016):
    There is apparently a boot-arg to enable/disable effaceable storage wipe in iOS. Not sure if exploitable.

    [Image 1] [Image 2]

    reply to this | link to this | view in thread ]

  47. identicon
    Anonymous Coward, Mar 25th, 2016 @ 1:59pm

    Re: DriveSavers method [was Re: Re: Latest rumors]

    The FBI is cautiously testing a way to get into the San Bernardino iPhone”, by Ellen Nakashima and Elizabeth Dwoskin, Washington Post Mar 24, 2016 (marked 7:55 PM)
    One idea being passed around the security community was a technique that requires removing the phone’s chip . . .

    The bureau was aware of this method early on and concluded that it wouldn’t work, for technical reasons, said an official familiar with the process. Technicians were concerned, for instance, that removing the memory chip, which is glued to the circuit board, would be difficult to do without damaging the data.


    (    Note Kim Zetter tweet (12:44 PM - 25 Mar 2016):
    WaPo altered its Apple/FBI story and removed mention that method FBI is using to hack phone is a "code-based" attack
    )

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Super-Early Holiday Gear Sale

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.