Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)
from the putting-everyone-at-risk dept
This should hardly comes as a surprise but reports are surfacing saying that after hacking into Syed Farook’s work iPhone, that was subject to so much attention, the FBI has found absolutely nothing of interest:
Law enforcement source tells @CBSNews so far nothing of real significance has been found on San Bernardino terrorist iPhone unlocked by FBI.
— Charlie Kaye (@CharlieKayeCBS) April 13, 2016
And, in the end, it appears that (as everyone expected) there was nothing on it. At all.
This isn’t surprising. As the FBI freely admitted all along, Farook and his wife had destroyed their own personal iPhones, and the only remaining one was this one, which was Farook’s work phone. If there had been anything that sensitive on it, you’d have figured they would have destroyed it too. And, of course, others had noted that the FBI’s choice of words after getting in pretty clearly suggested there was nothing useful on the phone.
But… in the meantime, the FBI has now made it clear that at least certain iPhone models have a massive vulnerability in them that potentially puts millions of iPhone users at risk. And the FBI has shown no interest in telling Apple where this vulnerability exists.
In short, the FBI, who is supposed to keep us safe from crime, broke into an iPhone which helped it solve no crime, but almost certainly has put millions of people at risk for potential criminal attacks in the future. Why does anyone think this is a good result?
Filed Under: encryption, fbi, going dark, iphone, syed farook
Comments on “Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)”
Typical...
It is more important to take away everyone’s liberty just in case they need evidence to put some “one” away.
I think someone historically important once said.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
~Franklin
Re: Typical...
Credited to John Adams:
“It is more important that innocence should be protected, than it is, that guilt be punished; for guilt and crimes are so frequent in this world, that all of them cannot be punished…. when innocence itself, is brought to the bar and condemned, especially to die, the subject will exclaim, ‘it is immaterial to me whether I behave well or ill, for virtue itself is no security.’ And if such a sentiment as this were to take hold in the mind of the subject that would be the end of all security whatsoever”
Seems apt.
No Surprise
This was what they wanted all along. It’s a shame they don’t drop the pretense of being for safety and justice – everyone would see them for the bullies they are.
What, they didn’t find anything on the phone? I’m just shocked, shocked I tell you!
Conspiracy!
I strongly believe the phone actually contained the cure for cancer – and pharmaceutical companies have pressured the FBI into suppressing the information to protect their profits.
part of me still believes they never actually got into the phone and not finding anything is just a bullshit cover to make everyone believe they have this capability
i mean.. first fbi says they’ve broken into this phone and are now going to help local leos break into other phones.
today.. news comes out that the fbi doesn’t actually know how the crack worked and they have no way to do it again.
so… were they lying then or are they lying now?
Re: Re:
I have trouble believing they got into it.
I have no trouble believing they got nothing of value from it however. That is inevitable whether they got in or not.
Re: Re:
I just imagine the FBI forensics training
Gunnery Sergeant Hartman: MMM, good…
Recruits: MMM, good…
Gunnery Sergeant Hartman: Feels Good
Recruits: Feels Good
Gunnery Sergeant Hartman: Is Good
Recruits: Is Good
Gunnery Sergeant Hartman: Real Good
Recruits: Real good
Gunnery Sergeant Hartman: Tastes Good
Recruits: Tastes good
Gunnery Sergeant Hartman: Mighty Good
Recruits: Mighty good
Gunnery Sergeant Hartman: Good for you
Recruits: Good for you
Gunnery Sergeant Hartman:Good for me
Recruits: Good for me
“Remember, this was the same iPhone that the DOJ and the FBI said was critical in their investigation.”
I followed the author’s link and searched for the word “critical”. It was not there, leading me to believe that the author is not being altogether accurate in reporting what the FBI has been stating concerning this matter.
Re: Re:
Details, schmetails. Rageviews=$$$
Re: Re:
The author also didn’t have the word in quotes, meaning he was paraphrasing and not directly quoting.
Re: Re:
Odd that they’d go through the effort of a lawsuit against Apple, if they didn’t feel it was a critical matter that Apple be forced to unlock the phone for them…
Re: Re:
It would take an extraordinary amount of willful ignorance to believe that the FBI’s message has been anything other than “This is critical!” the whole way along.
Re: Re:
It’s not literally “critical”, although it can be implied after the FBI bitched and moaned and tried to sue Apple to force them to develop software to crack the phones.
Surprised they acknowledged finding nothing
Openly admitting that it was a waste of effort, while people still remember the story, is rather surprising to me. I strongly expected that, after claiming to get in, they would claim that they could not discuss what they found “because it pertains to an ongoing investigation.” They would continue stonewalling on that until everybody lost interest, then very quietly (probably on a Friday afternoon, maybe before a long weekend) put out an announcement acknowledging there was nothing of value.
Re: Surprised they acknowledged finding nothing
Maybe FBI isn’t as evil as everyone assumes
Re: Re: Surprised they acknowledged finding nothing
Or just not as competent.
Re: Re: Surprised they acknowledged finding nothing
creating fake terrorism plots to justify laws that remove citizens basic rights isn’t helping them
Too bad Geraldo Rivera wasn’t reporting on the unlocking at the time.
“This is so exciting, ladies and gentlemen! Any moment, the iPhone is going to be cracked and we’ll find the entire terrorist organizations’ plans, names, whereabouts and maybe, just maybe, Al Capone’s bank account numbers!”
“almost certainly has put millions of people at risk “
I’m eager to hear your reasoning on this one. Black/grey hat hackers and exploits exist. What does the FBI have to do with this?
Re: "almost certainly has put millions of people at risk "
If we assume that the FBI’s public statements are accurate, then that model device has a vulnerability which permits unauthorized access. The FBI is actively refusing to tell Apple how the vulnerability works, out of concern that Apple will patch it and prevent them from gaining unauthorized access to other devices of this model. In the meantime, blackhats now have confirmation that the device is vulnerable and, unless Apple stumbles across the fix on its own, the vulnerability will remain open for quite a while. The FBI could, and given their anti-crime mission, should, tell Apple how the vulnerability works, so that Apple can promptly fix it to protect innocent users. Instead, they are taking the petty approach that, since Apple built a system that dared to resist them at all, they will not help Apple protect its customers, even though they easily could.
Re: Re: "almost certainly has put millions of people at risk "
“blackhats now have confirmation that the device is vulnerable”
The idea that hackers are just waiting around for some public pronouncement of vulnerability is laughable. There are entire businesses legal and illegal, built around finding and selling vulnerabilities not to mention individuals and state actors.
>The FBI could, and given their anti-crime mission, should, tell Apple how the vulnerability works.
That argument has some merit. However these vulnerabilities have incredibly short lifespans and are generally limited in devices and software versions vulnerable. I’m sure the company that worked with the FBI has many more. I’m speculating, but it could even be a term of the contract that the company sells its services, not the details of the exploit making disclosure impossible.
Either way, the argument that this has significantly added to risk users face already doesn’t hold water. Millions of people are always at risk because software is not perfect and determined parties find and exploit vulnerabilities.
Re: Re: Re: "almost certainly has put millions of people at risk "
No one said that blackhats are just waiting around for confirmation of a vulnerability. But if they do hear about something like this that there is a vulnerability in something then some of them will absolutely go in search of it just to try and find it and use it if they can before it’s fixed. So this absolutely has added risk to users until this vulnerability has been fixed.
Re: Re: Re:2 "almost certainly has put millions of people at risk "
How is there added risk? Cellebrite knew about it already. Likely other organizations as well. FBI didn’t invent the vulnerability. You could argue FBI could reduce the risk by disclosing its knowledge (which it may or may not have), but failing that the baseline risk has not changed from before Cellebrite contacted them.
Re: Re: Re:3 "almost certainly has put millions of people at risk "
This is called the Parmenides Fallacy, or the cost of inaction.
Assumption 1: This exploit is known to various black hat hackers and is in use.
Assumption 2: Active exploitation of this vulnerability puts citizens at risk.
Assumption 3: The FBI is aware of this vulnerability.
Assumption 4: Given knowledge of this vulnerability, Apple could work to mitigate the damage.
With the given assumptions, there are two options.
Option A: FBI does not releasd information about the exploit, and it continues to be exploited, harming some number of individuals. Call this number X.
Option B: FBI releases information about the exploit, reducing the number of harmed individuals. Call this number X – Y.
The choice between these options is made by the FBI. Therefore, they can choose to harm a larger number of individuals, or a fewer number of individuals.
The cost of each option, in harmed individuals:
Option A: Y
Option B: 0
By not disclosing the vulnerability their inaction has put some number of individuals at risk of harm.
Re: Re: Re:4 "almost certainly has put millions of people at risk "
You’re only saying FBI has the opportunity to reduce risk, not that it has added to it which is argued in the piece.
Re: Re: Re:5 "almost certainly has put millions of people at risk "
You’re only saying FBI has the opportunity to reduce risk, not that it has added to it which is argued in the piece.
You’re playing semantic games. The FBI’s choice has led to more people being at risk than if they had made a different choice. The article doesn’t say it leads to more people being at risk than were at risk yesterday.
Re: Re: Re:2 "almost certainly has put millions of people at risk "
“if they do hear about something like this that there is a vulnerability in something then some of them will absolutely go in search of it”
They almost never have to, because the vast majority of the time it was already known to them. Particularly in this case. The Feds bought the exploit from gray-hat hackers, and if the gray hats know it, you can be pretty sure that the black hats do as well.
Re: Re: Re: "almost certainly has put millions of people at risk "
I don’t know where you’re getting the adjective “significant” from. Hell, the word Mike used was “potentially”, which is about as far from “significant” as you can get while still being a positive signifier of risk.
The fact of the matter here is that the FBI could help prevent crime by releasing details of this vulnerability. That they are not, purely out of spite, is appalling. Why is the FBI not doing their fucking job?
Re: Re: Re:2 "almost certainly has put millions of people at risk "
FBI’s job is not buying up vulnerabilities and disclosing them.
https://www.eff.org/deeplinks/2016/04/will-apple-ever-find-out-how-fbi-hacked-phone-faq
Re: Re: Re:3 "almost certainly has put millions of people at risk "
So that somehow makes it ok to buy up vulnerabilities and hoard them?
Did you even read that link you trotted out? It makes it abundantly clear that the FBI has a very poor track record when it comes to disclosing vulnerabilities. They barely pay lip service to the idea. (And the fact that there’s a procedure in place for it would indicate that releasing information about exploits they are aware of is very much part of their job).
There is no scenario where it is acceptable for a law enforcement agency to sit on an exploit like that. That’s like a cop going into a shop that’s being robbed and saying “Not my problem. I haven’t been dispatched here, and the paperwork would be a pain.”
The question was never the likelihood that useful material would be found, it was whether they had the authority. Articles like this are more of both sides talking past each other.
Re: Re:
The question was never the likelihood that useful material would be found, it was whether they had the authority.
Why would there only be one question?
Apple hire
Can’t apple hire the same firm to teach them how to hack the phone?
Re: Apple hire
The firm likely doesn’t want Apple to know the exploit so they can still sell it to other customers.
The goal was never his phone it was an excuse to shred the average citizens constitutional rights some more.
Schrödinger's Phone
I agree that the FBI went overboard. What they found has nothing to do with the fact that they needed to look. Until the phone is unlocked you don’t know if it is alive or dead.
>Why does anyone think this is a good result?
I don’t know why you think it’s a bad result. Law enforcement using hacking tools is standard practice. In this case it was narrowly focused to a single device. I’d be more worried about honeypots and other attacks on the larger internet.
Yes, the FBI’s legal arguments were troubling, but they were checked by the judicial system.
No new legal powers were gained compelling companies to compromise their software and nothing was made illegal.
This is is the best possible outcome we could have hoped for.
Re: Not the best outcome
I disagree. Apple securing a solid victory on the merits, and on any appeals the FBI/DOJ decided to pursue, would be a better outcome. As is, no new precedent was established. A solid victory for Apple could have included precedent that the DOJ cannot compel cooperation in this form, at least under current law. As is, there is nothing stopping DOJ from trying the exact same stunt the next time they find a device they want to open. They only abandoned this case because they were not making headway and were concerned the court might rule in Apple’s favour if pushed.
Re: Re: Not the best outcome
You got me there, speaking in absolutes was a bad idea. I’m hopeful that when a similar case is argued, justice will prevail. But for now, this is just another case of a hacked device. Vulnerabilies will always exist and since they do, i’d like to see them continue to be used by law enforcement in specific cases with a warrant and proper transparency. The alternative of mandating backdoors making systems less secure by design is unthinkable.
“The FBI has routinely contracted Cellebrite over the last five years. The company, which publicly boasts of its ability to hack into Apple devices, has received over $2 million in purchase orders from the agency since 2012.”
Mike, would you please explain how this instance is so much worse than every other time law enforcement hacked into a phone with a legally authorized warrant?
Re: Re:
Assuming you haven’t been following the story on TD, the TL:DR version is that this time they were ‘asking’ for Apple to create custom code specifically designed to remove a security feature, very different from cases before where they were just asking Apple to provide unencrypted data from the device, or they somehow got in themselves without ‘needing’ to ask the company that sold the phone to be an active participant.
Not everyone is less safe
I feel safer knowing that they got this cryptographic device away from this known terrorist!
Now he can’t plan any more secret crimes or communicate with other terrorists, great job FBI!
FBI is not evil
They are focused on their mission and goals. The issues arise when a few in leadership begin to believe that the ends justify all means.
Re: FBI is not evil
The issues arise when a few in leadership begin to believe that the ends justify all means.
Even evil means…
It should never have come as a surprise that nothing of real interest was on the remain phone after the Farooks had already destroyed computer hard drives and two other phones. Why would they have done that and left a last phone undamaged? Mainly because there would be nothing to be found on the last phone. It was never about what was on the phone or could be. That was just the excuse to force Apple to backdoor their encryption in some manner.
The FBI seriously underestimated the support for it’s actions from the public and tech sectors. When it found out it get far more attention than it had thought it would, it was rather quickly it backed out of the court case so as not to set a precedent.
That hasn’t stopped the other cases it has in the works to continue to attempt to force Apple to backdoor, just this one with all it’s negative public exposure.
When the government is involved...
Start with the assumption that they are lying and go from there.
You will be right more than 50% of the time.
Remember John Walker?
The FBI lies. It is what they do best. They are treasonous, frequently criminal, self-serving and seek to bypass any rule of law and establish themselves as dictators. Sure, there are a few good guys, but the leadership agenda has been corrupt since their beginning. A flawed endeavor.
Should be uncreated and replaced by honest, sincere SERVANTS of the citizens (makes one recall the motto of cops in the good old days – “To Serve And Protect”).
hey, c’mon now. if your goal is to make everyone less secure, ‘nothing’ was not what happened.
red letter day for everyone wanting to send us all down the river.
naive?
Why does everyone believe it WAS hacked? Because someone said so? Could it have been mere face-saving? Or the realization that actually doing so WOULD make everyone less safe but not knowing how to admit that? I’m a bit skeptical. Actually, a lot.
Re: naive?
I’d be more skeptical of companies selling you false promises of secure devices.
Re: naive?
The timing makes the idea that they lied to save face quite possible, but even taking them at their word they still come out looking bad, because after a huge fight over how important it was to access the phone it turns out that there’s absolutely nothing of import on it, just like pretty much anyone could have told them would be the case from the start.
I WANTED CYBER PATHOGENS GODDAMNIT!!
As soon as they pulled the plug on pressuring Apple, I knew there was nothing in the phone. It was clear all along they just wanted precedent, and when public opinion turned against them, all of a sudden they had some magical other way in. Everyone was reporting how Apple got off the hook, but it was really the FBI that got off the hook. They tried to bully their way into scary power, and then dropped everything with no punishment for what they tried to do. And of course this magical other way in didn’t reveal anything, cause it probably never existed other than as a get out of jail free card.
Where are you, Whatever?
Re: Re:
Fuck off, PaulT. You don’t deserve a response when I’m logged in, so now you can’t track my sheer disdain and loathing for you. The clock is ticking, and when the authorities throw your piratey ass in jail I’ll be far away, laughing.
The terrorists are winning: the government and its spy agencies.
right?
Yup, here’s the way I see it. There are two ways to open a phone. Legally, and illegally. One you can use in court. The other is called, integellence, and has to be proven in other ways. Everyone assumes Apple does it the right way. Therefore it is legal. And they have just said no. So now the FBI wants a way, to use the information legally. And I think they just got shot down. So far, something must be loaded on the phone. That breaks the evidence path,they cannot prove ownership of the information, since the loaded “whatever” . like they said, no useful information.
It’s easy (and tempting) to draw conclusions from this case and the “targets” laptop situation. However, it would be rather silly to take a definitive position based on a couple of cases.
I have little doubt that if the FBI had in fact found something on this IPhone, the techdirt story would be to dismiss it as an exceptional case, as clearly it has been shown that most terrorists don’t use encryption (except for those using Iphones, whatsapp, and so on… ).
It would be nice if things got explained in the same way – find something, it’s exception, find nothing and it’s some sort of overwhelming proof? Nice!
Re: Re:
I have little doubt that if the FBI had in fact found something on this IPhone, the techdirt story would be to dismiss it as an exceptional case…
It’s fun to make stuff up about what someone else would say in a counterfactual situation, isn’t it?
Re: Re: Re:
Well, it’s sort of the way it works around here. If there is nothing useful on the phone, then it was a total waste and a solid indication not to break encryption ever… if there was something on the phone, then they got insanely lucky and it’s no indication that breaking encryption would help.
Both stories would come from the same side of the hatchet.
Re: Re: Re: Re:
Well, it’s sort of the way it works around here.
Because they let people like you post here.
The Result: Time and Money wasted
I tell you, the only thing that really got traction on this case was the use of taxpayer money that the FBI used in getting this phone hacked.
Do they not have anything else to do?
The same results would have come from them sledge hammering the phone and opening it by that kind of brute force.
They wouldn’t have found anything there, either way.
I guess they must like being made to look like total fools-they do it so easily.
Wasted opportunity.
They should totally have (allegedly) found evidence leading to their next idiot-terrorist sting operation.
That way the next attempt to set a precedent would have more ammunition.