FBI Won't Tell Apple How It Got Into iPhone… But Is Apparently Eager To Help Others Break Into iPhones
from the just-one-phone! dept
Remember how the FBI insisted over and over again that the case in San Bernardino was not about setting a precedent and was totally about getting into “just that one phone?” Of course, no one believed it, but pay close attention to what’s happening now that the FBI was able to hack into Syed Farook’s work iPhone. The DOJ has also said that the crack was limited to just that type of phone and probably wasn’t widely applicable. However, at the same time, the Justice Department probably has no interest in sharing the details of the vulnerability with Apple:
The FBI may be allowed to withhold information about how it broke into an iPhone belonging to a gunman in the December San Bernardino shootings, despite a U.S. government policy of disclosing technology security flaws discovered by federal agencies.
Under the U.S. vulnerabilities equities process, the government is supposed to err in favor of disclosing security issues so companies can devise fixes to protect data. The policy has exceptions for law enforcement, and there are no hard rules about when and how it must be applied.
Apple Inc has said it would like the government to share how it cracked the iPhone security protections. But the Federal Bureau of Investigation, which has been frustrated by its inability to access data on encrypted phones belonging to criminal suspects, might prefer to keep secret the technique it used to gain access to gunman Syed Farook’s phone.
Or, as iPhone forensics guru Jonathan Zdziarski succinctly summarized:
FBI: You should do it, it’s just one phone
Apple: No it isn’t
FBI: We got in
Apple: You should say how, it’s just one phone
FBI: No it isn’t
Yeah.
Meanwhile, the DOJ may not be interested in helping Apple patch that hole, but it is apparently at least willing to look into other cases where it can help law enforcement break into locked iPhones. There are some (somewhat conflicting) reports saying that the FBI has agreed to help prosecutors in Arkansas try to get into a couple of iOS devices in a murder case there. Of course, it may not be the same technique or situation (and the FBI might not be able to get in, either).
However, this does show just how eager law enforcement is to get into lots of phones, and how important it is that Apple actually be able to protect its users from those who do not have legitimate reasons to hack into phones. It’s too bad that the FBI is apparently choosing to hold onto the info that helps it in a few cases while failing to protect the rest of the public who may use Apple devices.
Filed Under: arkansas, disclosure, doj, encryption, fbi, going dark, iphone
Companies: apple
Comments on “FBI Won't Tell Apple How It Got Into iPhone… But Is Apparently Eager To Help Others Break Into iPhones”
It really is sad how the fbi can have so many great people working there who are influenced by a few corrupt ones.
Re: Re:
you have the ratio reversed…
Re: Re: quite right
LEOs like to say its only a few rotten apples in a barrel.
But we all know that it only takes one rotten apple to spoil a barrel.
Re: Re: Re: quite right
It may only start with ‘a few’, but when the rest of the ‘barrel’ does everything in it’s power to ensure that the rotten ‘few’ stays, then they all become rotten, even if the majority continue to look good on the surface.
Re: Re: Having been fans of past media...
…that put the FBI in positive light, such as The Silence of the Lambs and The X-Files, it’s hard not to look back on them and see them as propaganda films.
Re: Re: Re: Having been fans of past media...
Having been fans of past media…
…that put the FBI in positive light, such as The Silence of the Lambs and The X-Files, it’s hard not to look back on them and see them as propaganda films.
Try watching Continuum, about police vs. terrorists / freedom fighters, and try to figure out who to root for. I’m in season 2 and I’m still not sure.
Re: Re:
It only takes one turd in the punch bowl to ruin all the punch.
I hope someone will at least keep up with how they break into these phones. Because so far all they talked about is about “How dares Apple to go against a warrant request – a WARRANT!!!”, and about “warrant-proof” encryption and whatnot.
And yet now we may very well see them unlock all sorts of iPhones WITHOUT warrants, even though so far they’ve kept implying that if companies were to build a backdoor they’d ONLY use it with a warrant.
As usual, the government is showing you just can’t trust them with whatever they are saying, no matter at how many heart strings they are pulling to get you to agree when various crimes happen. They always seem to lie and always want to abuse the power that you’re willing to give them.
Attacker sophistication
“Should the government be able to read your encrypted messages?”, by S.P. Sullivan, NJ.com, Mar 19, 2016
(Via Twitter.)
“There’s no way to design a system or service that is secure against the most sophisticated foreign government hackers, while still allowing the least sophisticated local law enforcement to get access.”
—– Christopher Soghoian
Foreign Investors Should File A Dispute
The foreign investors in Apple should file a claim under a trade deal. The fact that the apple phone has an unreported bug it in will lower sales and hurt the value of their investment.
If I were Apple, the FBI would wouldn’t get shit without a warrant from now on, and even then I would contest every single one. What a bunch of assholes. No wonder no one trusts them.
Re: Re:
If I were Apple, the FBI would wouldn’t get shit without a warrant from now on, and even then I would contest every single one.
It only makes sense, because if they ever cooperate, that will be held against them any time they don’t roll over.
Re: Re: Re:
Yeah, that particular argument had to have been if not the dumbest move on their part during the case, then certainly right up near the top.
In one single move they make it so that no tech company that’s been paying attention will be willing to help them without a court order detailing exactly what they want done, and the ones who can fight back now have plenty of incentive to do so every single time since the FBI has made it clear that they will use willing cooperation in the past against a company if they balk at a request in the future.
If they explained how they broke into the phone it might end up with criminal charges against the prosecution when other agencies use that to construct a parallel case against “supposed” criminals.
Much like the stingrays being used illegally.
Re: Re:
My mind went the other way, they’ll have to use these exploits like they did the stingrays with similar “just drop the case if someone might find out” NDA pacts. That’s the way 0-day exploits work; if you want to keep using them you can’t tell anyone about them. Unfortunately for them that’s not the way our judicial system works.
Re: Re: Re:
aside from the slap on the wrist when it is discovered they are breaking numerous laws when they use them and refuse to tell those they accuse they have used them?
In a normal world they would be charged probably or at the very least suspended from their jobs for doing what they are not supposed to and ruining lives to get what they want.
If Apple wants to know how the FBI cracked its phones, it’s not hard to figure out. Just follow the same trail the FBI did.
First, hit up the Chinese government and offer them buckets of cash to gain access to Chinese businesses.
Second, head over to Foxconn, with official documentation.
Third, watch closely as Foxconn details how it can manipulate the components it sends to the US in its phones (note: this applies to all Foxconn phones).
Fourth, lie to everyone about how it was done.
It’s no secret the Chinese have had backdoors to our electronic devices for decades. Several chip makers have pressured the US government to stop importing their (govt system) chips because it was impossible to determine how the backdoors were implemented.
Ignored, as usual.
Closet criminals
Isn’t it just like criminals to not tell you how they broke into something?
Measure, counter measure
This will kick off an encryption war where the tech companies will take measures to secure their devices and governments and hackers will try to find counter measures. Actually, this battle has been playing out since the dawn of time, though in the tech field much more recently.
Hopefully the tech firms will eventually make devices that are as close to impossible to break as possible.
I feel that Jonathan Zdziarski should win most insightful comment this week. He’d get my vote.
Re: Behold the nomination post then
FBI: You should do it, it’s just one phone
Apple: No it isn’t
FBI: We got in
Apple: You should say how, it’s just one phone
FBI: No it isn’t
-Jonathan Zdziarski
Pity that his blog is offline
A later tweet hints that there are further problems with Secure Enclave devices, but his blog seems to be broken. It just raises a CloudFlare error page whining about Javascript and then goes nowhere.
Re: Works for me [was Pity that his blog is offline]
With clear browser state I’m seeing a slight delay, but otherwise no problem in accessing Zdziarski’s Blog of Things. Once cookies for zdiarski.com are set ( __cfduid and cf_clearance cookies), then I’m not even seeing a delay.
Re: Re: Works for me [was Pity that his blog is offline]
Still broken here. Looks like a buggy Cloudflare frontend. Clearing cookies doesn’t help, nor does a forced reload. I had one cookie (__cfduid) before clearing. Not sure why they are not setting the other one.
F APPLE. Over hyped, Over charging, pieces of junk. I just wish the American public was smart enough to realize what Apple actually is. But NOPE, they are all just Drones to the Name brand.
Re: Re:
So your are telling me which ui and phone design I like now? Cause Ive used both, and prefer apple by a mile.
Re: Re: Re:
So your are telling me which ui and phone design I like now? Cause Ive used both, and prefer apple by a mile.
Hooray for competition! None of the offerings would be as good without the others in the market.
PS there are more than two
Phone Hack
February 24, 2016 They Can Already Hack the iPhone — FBI’s Public Display is Propaganda to Sell You the Police State.
The apparent battle between Apple and the FBI at least tells us that the post-Snowden privacy debate is still alive. The subject of the controversy is an iPhone belonging to one of the San Bernardino shooters, and the FBI did not choose this case randomly.
http://thefreethoughtproject.com/fbi-hack-iphone-already-making-fight-apple-tactic-surveillance-state/#gdSMxoogTxv0xOeD.99
play ball
Apple refused to play ball, they should not be shocked when the FBI has no particular interest in playing nice with them either. More power to them, really.
What the FBI has done more than anything is create an amazing amount of doubt about the security of Iphones, and there is no benefit to the agency to change that any time soon. Apple reaps what it sows.
Re: play ball
Well, it’s pretty natural to expect retaliation from the FBI and DoJ.
Even-handed administration is not something the Obama government does.
Re: Re: Even-handed administration
Even-handed administration is not something the US government does.
Fixed it for you.
Unless you want to argue that the Bush administration was more even-handed than the Obama administration.
I mean, you might. It is April first.
Re: Re: Re: Even-handed administration
No. My intent was to point out that slogans like equal protection of the laws, equal justice under law, and justice for all… are ultimately a political choices.
Not really more permanent than any other campaign pledge, even ones carved in stone.
Re: play ball
Considering how clueless you were during the whole debate I’m assuming you don’t know what you are talking about here as well.
Still, it is amusing to see you mocking Apple security considering almost all iphones are encrypted while very few Android phones are (for instance). So we are talking about security that may have weaknesses (Apple) and no security at all (Android). It’s hardly as bad as you’d love it to be to justify the insanity from the Government.
And I’m defending Apple again. Sadly.
Re: Re: play ball
What I don’t really get here is that for most people, encryption isn’t anything one way or another. If you want to encrypt your android phone, it’s not really a problem – and since it would be a solution outside of the OS itself, it’s a whole bunch less likely to be hacked as part of a failing of the OS. Most Android users just don’t bother.
I go for the simple statistical thing. 700 Million Iphones sold, and law enforcement has (by the most paranoid count) a couple of hundred in their possession waiting to be accessed. That’s pretty much powerball winning odds. The chance that your personal phone is subject to any law enforcement access is, well… quite low unless you are a dick and break the law. More of your encryption needs are against hackers. Since Apple products are apparently totally immune to hackers (outside of social engineering) it would seem to be a fairly significant waste of effort. If someone steals your phone, your 6 digit pin code is probably more than enough to defeat them, and they are more likely to just try to wipe the phone or sell it on for a quick buck.
So, what is all the encryption really about? Not much apparently.
Re: Re: Re: There's your problem right there.
The chance that your personal phone is subject to any law enforcement access is, well… quite low unless you are a dick and break the law.
As has been illustrated time and again and again, you don’t need to be a dick to break the law. You just need a good lawyer to go through your stuff and find a law you’ve already broken.
And you don’t need to break the law to be subject to police arrest and search. You just need an officer who believes you have broken a law, even if it’s an imaginary law in his head.
You’ve been around here long enough to have seen countless examples, Whatever. Also examples enough to highlight that our law enforcement agencies see the people as adversarial. We are all suspects, and we are all guilty of something and we all belong in prison.
And if they could, they’d gulag each and every one of us down to the last dying grandmother and crawling infant.
We have every need to be protected against (our so-called) law enforcement, and not just for laws that work against the people.
Re: When we give the FBI a bat...
…we can expect them to bash any skull they can reach.
Feel free to cite a time that the feds were restrained with their force.
I’m sure you could dig one up. It’s the internet.
Re: play ball
The FBI should cooperate with Apple to help protect the public because that’s their damn job.
It’ll be interesting too recall all your anti-Apple bleating when something similar inevitably happens to an Android phone.
Re: Re: play ball
these days their job seems to be more creating terrorism plots then shoting from the rooftops how they foiled the latest terrorist act, while “forgetting” to mention they set said plot up to begin with.
Re: play ball
“If you refuse to give me your lunch money you shouldn’t be allowed to react negatively when I give you a black eye in response.”
Stay classy, Whatever.
Re: play ball
What the FBI has done more than anything is create an amazing amount of doubt about the security of Iphones, and there is no benefit to the agency to change that any time soon.
The FBI would benefit from everyone believing the opposite of whatever the truth is. If iPhones are actually secure, they would want people thinking they’re not so that they use something possibly less secure. If iPhones are not secure, the FBI would want everyone using them so that they could get at whatever data they wanted.
FBI is admitting to be criminal.
Be Careful what you ask for
I can only imagine right now what Apple engineers are cooking up in the back room for the next major IOS release. I am hoping they are huddled in a conference room with no outside access, 10 pots of coffee and 2 dozen donuts feverishly figuring out how to make an unbreakable OS and shove it up the FBI’s ass.
Maybe they can call it IOS 10.0 FTNSA (Fuck the NSA).
Re: Be Careful what you ask for
Exactly so.
If they’re going to have past assistance thrown in their face and used against them, and a major government agency claiming that they specifically designed their products to be ‘immune to warrants'(which is rubbish, the only warrants they’re ‘immune’ to is warrant presented to the wrong person), then I’d say it’s time to make it so that they cannot, under any circumstances, provide assistance or comply with a warrant.
If the police and/or government want a device unlocked to access the contents they have to go to the owner of the device, because the company who made it cannot unlock it. Let them deal with that for a bit, enjoy the consequences of their actions.
Re: Re: Be Careful what you ask for
“Inside Apple CEO Tim Cook’s Fight With the FBI”, by Lev Grossman, Time, Mar 17, 2016
The Time interview with Tim Cook, a little over two weeks ago, may have been missed by many in the flurry of other press coverage. I don’t recall seeing it mentioned on Techdirt yet. But it is worth reading, even two weeks later.
And the accompanying article has savory phrases like, “Deep Alabaman umbrage.”
Re: Re: Without the end-user password, the data is LOST.
That’s the way it should have been constructed in the first place, so that nothing but the end user and a five-dollar wrench will break open a phone.
Because times change and even well-meaning agencies turn antagonistic towards the rights of the people, and programs that involve small rights violations for specific purposes become programs that involve big rights violations for general purposes.
April Fools!
You guys do realize this is an April fools joke right? lol
Also, did you guys realize that the Merriam-Webster Dictionary decided to remove the word ‘gullible’ from the English language? crazy huh?
Re: April Fools!
Nah, they just took it down from their website for 24 hours.
The link should start working again tomorrow:
http://www.merriam-webster.com/dictionary/gullible
Government "sharing"
Remember how the government was courting the tech sector, telling them how much they wanted to “share” information and ideas with them? Remember how a lot of people predicted that “sharing” would be rather one-way? Here’s an example.
I expect a lot of people in the tech sector are taking note of how “sharing” the government is.
So, like 80s action movie villains
Our FBI officials drop all airs of integrity once they think they have the upper hand.
So in the future we’ll know not to trust them, right? We can refer to the San Bernadino iPhone incident, right?
Right?
I thought
Isnt there a law, about circumventing, hardware and software..
OR is the Gov. ABOVE THE LAW..
Above the law.
As the recent compare / contrast to our nobility (Hillary Clinton) and our laity (Thomas Drake) has shown, yes. Our officials are above the law.
Our affluent public is at the law.
The rest of us shlubs are beneath the law, and are subject to extrajudicial detention, search and seizure with fabricated probable cause and countless transgressions in the name of national security.
We’re serfs to liege lords again. In America.
Don’t kid yourself, they have had access all along.
Just how long?
And just how long will it be before this hack is in the “wild”? I don’t think I need to hold my breath…
Sounds like it's all going according to plan.
One of Apple’s main arguments was that FBI leaks like a sieve.
So if a tool were created to open this phone, and Apple requests it in court, is unable to get it through court of law, but can then uncover it in the net later anyway when they inevitably leak.
Won’t that just prove Apples point?
They don’t need DOJ to release th hack, they need just enough information about the hack in the public, that they can demonstrate exactly why they shouldn’t be asked to do this again in future.
FBI helping others
Yep, they’ll be helping NYPD and CPD and BPD and SFPD and LAPD and … (much later) … and the Wahoo Junction, FL, patrol officer and ….
Interagency decision process
“FBI weighs if it can share hacking tool with local law enforcement”, by Ellen Nakashima and Adam Goldman, Washington Post, Apr 1, 2016
( Always kinda hate citing stories dated April 1: People tend to think that they ought to apply heightened skepticism compared to the news they read at other times of the year. )
Re: Interagency decision process
My skepticism doesn’t come the date of the article. My skepticism comes from the plenty of incidents we’ve caught the FBI and government Attorneys inflgrante delicto.
It’s like saying the NSA is well overseen by the FISA Court.
Kids..
The world and how the rest of the world deals with what the world dishes out is like a bunch of imbecilic school children who didn’t get want they wanted for Christmas fighting amongst themselves with no one to step in.
FBI letter to local law enforcement
“FBI Tells Local Law Enforcement It Will Help Unlock Phones”, by Salvador Hernandez, BuzzFeed, Apr 1, 2016
( H/T Cyrus Farivar at Ars Technica, “FBI offers crypto assistance to local cops: ‘We are in this together’ ”, Apr 2, 2016.
)
( Also being reported by Engadget, attributing Reuters and BuzzFeed.
Note that Reuters does not indicate who or how they obtained the letter. It may not be from an independent source. )
( FBI: Office of Partner Engagement. Note Assistant Director Kerry Sleeper box at top right. )
Re: FBI letter to local law enforcement
CBS News also reports that they have a copy of the letter.
Why isn’t this letter, or a link to it, just posted on the FBI News blog? Tell me that.
Re: FBI letter to local law enforcement
“FBI offers iPhone aid to local law enforcement”, by Sean Sposito, SFGate, Apr 4, 2016