Apple Resisting FBI Demand That the Crack the IPhone

Gaius46 · Feb 17, 2016

Tech giant Apple and the FBI appeared headed for a deepening confrontation Wednesday after the company’s chief pledged to fight federal demands to help mine data from an iPhone used by one of the shooters in December’s terrorist attacks in San Bernardino.

Entire Washington Post article:
https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html?hpid=hp_hp-top-table-main_encryption-835pm%3Ahomepage%2Fstory

Apple has a strong point. Crack one phone and you crack them all.

Casper · Feb 17, 2016

Gaius46 said:
Entire Washington Post article:
https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html?hpid=hp_hp-top-table-main_encryption-835pm%3Ahomepage%2Fstory

Apple has a strong point. Crack one phone and you crack them all.

Correct. I would require them to get a court order before opening up anything, otherwise it is down hill from there for all.

Gaius46 · Feb 17, 2016

Casper said:
Correct. I would require them to get a court order before opening up anything, otherwise it is down hill from there for all.

There is a court order signed by a California Magistrate Judge. The order is specific to this one phone. Apple's point is that you cannot restrict the order to one phone because once they write code to crack the phone there is no way to guarantee that it won't be used on other phones.

Ikari · Feb 17, 2016

Casper said:
Correct. I would require them to get a court order before opening up anything, otherwise it is down hill from there for all.

Yeah, that only lasts for so long before warrantless searches are approved.

FieldTheorist · Feb 17, 2016

Casper said:
Correct. I would require them to get a court order before opening up anything, otherwise it is down hill from there for all.

Agreed. The Fourth Amendment isn't invalid because it was written 250 years ago and it's an inconvenience.

Samhain · Feb 17, 2016

Gaius46 said:
There is a court order signed by a California Magistrate Judge. The order is specific to this one phone. Apple's point is that you cannot restrict the order to one phone because once they write code to crack the phone there is no way to guarantee that it won't be used on other phones.

That's a bogus point made by Apple. They are desperately trying to keep their market advantage over Android's optional FDE by advertising default phone encryption that "even Apple can't break".

PeteEU · Feb 17, 2016

Gaius46 said:
Entire Washington Post article:
https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html?hpid=hp_hp-top-table-main_encryption-835pm%3Ahomepage%2Fstory

Apple has a strong point. Crack one phone and you crack them all.

Its smoke and mirrors. Apple is a company that wants to control everything so of course they can access any iPhone/Pad or Mac out there.

Apple is not known for its security. Apple has been playing catch up since the celebrity hacking scandal exposed their piss poor security, and have been telling the world that their machines are the safest, so giving the FBI access via court order to one phone means that the accusations that have been in the industry against Apple for poor security will be validated and watch the law suits start up. I mean to this date, Apple says it was the celeberties "poor passwords" that made it possible for the hacking... horse****.

Lets give an example.. dead peoples iOS devices. If you have lost someone dear and want access to their iOS device, Apple will refuse to do so. If Apple gave the FBI access to this iPhone.. then oh boy there would be a lot of pissed off people who were told by Apple that they could not use their recently departed iOS device and needed to buy a new one.

It is basically Apple playing a defensive game by going on the offensive and using its massive media influence to change the narrative away from fighting terror to defending "privacy".. a privacy that Apple could in reality care less about. For them it is the bottom line, pure and simple and that bottom line is threatened if they are caught in another lie.

Casper · Feb 17, 2016

Gaius46 said:
There is a court order signed by a California Magistrate Judge. The order is specific to this one phone. Apple's point is that you cannot restrict the order to one phone because once they write code to crack the phone there is no way to guarantee that it won't be used on other phones.

Actually that is silly, they are not giving away the code just the contents of the phone, they themselves can already break the coding so that is their problem if they have no controls on it.

Casper · Feb 17, 2016

Ikari said:
Yeah, that only lasts for so long before warrantless searches are approved.

And by law you do not have to comply.

roughdraft274 · Feb 17, 2016

It just seems bonkers to me that the FBI can't crack an iphone. Apparently this is near impossible? I just can't imagine it.

Samhain · Feb 17, 2016

roughdraft274 said:
It just seems bonkers to me that the FBI can't crack an iphone. Apparently this is near impossible? I just can't imagine it.

Using the right certificates & methodologies you can get near impossible-to-break encryption w/o the original certs.

OrphanSlug · Feb 17, 2016

We should all be very concerned about conditions where the government is appealing to product makers to "crack" the products they make once in the hands of a consumer. That does not help this particular case, but we open up a window where no one is safe from government intrusion.

NonoBadDog · Feb 17, 2016

Gaius46 said:
Entire Washington Post article:
https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html?hpid=hp_hp-top-table-main_encryption-835pm%3Ahomepage%2Fstory

Apple has a strong point. Crack one phone and you crack them all.

I am not sure the FBI's demand is legal. This will be interesting.

Samhain · Feb 17, 2016

NonoBadDog said:
I am not sure the FBI's demand is legal. This will be interesting.

Why? It's seized property.

Zyphlin · Feb 17, 2016

Gaius46 said:
There is a court order signed by a California Magistrate Judge. The order is specific to this one phone. Apple's point is that you cannot restrict the order to one phone because once they write code to crack the phone there is no way to guarantee that it won't be used on other phones.

And even if it isn't their specific code, by creating the code and putting it to use it provides a blueprint for the potential reverse engineering by the FBI or others in trying to create their own backdoor for future use.

jimbo · Feb 17, 2016

Casper said:
Actually that is silly, they are not giving away the code just the contents of the phone, they themselves can already break the coding so that is their problem if they have no controls on it.

If the government wants to look at the phone contents, and apparently cannot crack the code, and Apple can crack the code and doesn't want to give up the code, then why can't Apple just give up the data without giving up the code?

I think the government wants more than the data. They want to be able to access anyone's data. Never mind those bothersome right to privacy and self incrimination issues.

poweRob · Feb 17, 2016

The FBI should tell apple, "you can hack it open for us, give us the content and you keep your hack code to yourself... or we outsource for hackers and they will find the code and lord knows what they will do with it. Your choice."

Nilly · Feb 17, 2016

Apple sent out a letter to customers. I'm on their side on this one.

Customer Letter - Apple

roughdraft274 said:
It just seems bonkers to me that the FBI can't crack an iphone. Apparently this is near impossible? I just can't imagine it.

Encryption these days is pretty crazy. The majority of hacks these days are done by social engineering rather than by brute force cracking. Use a password manager and don't use weak/reuse passwords.

Casper said:
Actually that is silly, they are not giving away the code just the contents of the phone, they themselves can already break the coding so that is their problem if they have no controls on it.

Right now even Apple can't break the encoding. What would be required would be for apple to design some new firmware (essentially a private version of iOS), build a backdoor into tne new firmware, load that firmware onto the phone and then use it to get the data.

Unfortunately the FBI would require the entire phone, so it can choose which data is relevant or not. That would give the FBI access to this firmware.

From Tim Cooks letter:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

What is strange is that based on understanding of apple's security features (by people outside apple), such a backdoor would only be possible on the iPhone 5c and below. All iPhones above the 5S (which is a couple of generations behind) would be immune due to their actual hardware (so a firmware patch wouldn't affect them). That is based on people external of apple, so I wouldn't take it as gospel.

Casper · Feb 17, 2016

jimbo said:
If the government wants to look at the phone contents, and apparently cannot crack the code, and Apple can crack the code and doesn't want to give up the code, then why can't Apple just give up the data without giving up the code?

I think the government wants more than the data. They want to be able to access anyone's data. Never mind those bothersome right to privacy and self incrimination issues.

They can just give up the data, they are not being asked for the code so far as I know.

Nilly · Feb 17, 2016

Casper said:
They can just give up the data, they are not being asked for the code so far as I know.

See my post above about the concerns regarding the code.

Furthermore, this sets a precedent whereby if apple can be asked to give up data/code for a shooter, could the be asked to give up data/code for a whistleblower, an activist, a journalist?

EDIT: Here are the FBI demands. Seem they want the codes, and I assume that would mean getting the FBI getting their hands on the device, which would give them the backdoor.

[Apple] will bypass or disable the auto-erase function whether or not it has been enabled;
[Apple] will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE; and
[Apple] will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

Samhain · Feb 17, 2016

Nilly said:
See my post above about the concerns regarding the code.

Furthermore, this sets a precedent whereby if apple can be asked to give up data/code for a shooter, could the be asked to give up data/code for a whistleblower, an activist, a journalist?

EDIT: Here are the FBI demands. Seem they want the codes, and I assume that would mean getting the FBI getting their hands on the device, which would give them the backdoor.

Those demands are not asking for decryption software. They want to just brute force it open by programatically sending all possible numeric unlock codes without the device auto-erasing or slowing down entry.

Casper · Feb 17, 2016

Nilly said:
See my post above about the concerns regarding the code.

Furthermore, this sets a precedent whereby if apple can be asked to give up data/code for a shooter, could the be asked to give up data/code for a whistleblower, an activist, a journalist?

EDIT: Here are the FBI demands. Seem they want the codes, and I assume that would mean getting the FBI getting their hands on the device, which would give them the backdoor.

I would say No, because they are not simply asking for the information and any backdoor entry access would open up all of the same devices something that is not warranted under any circumstances.

Nilly · Feb 17, 2016

Samhain said:
Those demands are not asking for decryption software. They want to just brute force it open by programatically sending all possible numeric unlock codes without the device auto-erasing or slowing down entry.

But they would get their hands on an iPhone with the backdoor'd iOS (FBiOS hehe) on it. Currently it's impossible to brute force iOS. This would put a version of the software out that it is possible to brute force. It's the very existence of the software and who has control of it that is the issue.

I have read that Apple can sign the software update to only work on a singular iPhone device (as the FBI would be unable to sign the software date to load it onto other phones). However at this point it's likely apple that know all the details and potential repercussions of such a back door right now. As a result I think they're in the best position to make this call.

JasperL · Feb 17, 2016

Casper said:
Actually that is silly, they are not giving away the code just the contents of the phone, they themselves can already break the coding so that is their problem if they have no controls on it.

I've read security experts say this isn't actually true. According to them, Apple cannot now break the coding of a phone that has been properly encrypted. I don't know what's true, but was wondering if you had evidence that it's currently possible on the latest IOS version.

Casper · Feb 17, 2016

JasperL said:
I've read security experts say this isn't actually true. According to them, Apple cannot now break the coding of a phone that has been properly encrypted. I don't know what's true, but was wondering if you had evidence that it's currently possible on the latest IOS version.

I have no evidence that they can, in fact companies such as ZTE had to remove their backdoor due to security concerns. Let's just say if a company can do it they would never admit to it. That said I find it amazing that if the government wanted in bad enough they probably could do so, nothing is 100% hack free, meaning all codes can be broken with the right expertise.

Apple Resisting FBI Demand That the Crack the IPhone

Gaius46

Casper

Gaius46

Ikari

FieldTheorist

Samhain

PeteEU

Casper

Casper

roughdraft274

ThunderCougarFalconBird

Samhain

OrphanSlug

A sinister place...

NonoBadDog

Hates Kittens

Samhain

Zyphlin

jimbo

poweRob

USMC 1988-1996

Nilly

stb

Casper

Nilly

stb

Samhain

Casper

Nilly

stb

JasperL

Casper