FBI says it might be able to break into seized iPhone, wants hearing vacated

"if the method is viable, it should eliminate the need for the assistance of Apple."

Read the whole story

 

[CraigJ ✅]

NordlertLungstrom[/url]":32h5goyw]Is it a bluff or is it so they can say they have exhausted all possible methods to crack the phone and need Apple's help?

They already said that. To Congress. Personally I think Comey lied his ass off, but regardless, they won't be making that particular argument.

 

[will_ssi]

uhuznaa[/url]":2q6wvikv]

will_ssi[/url]":2q6wvikv]Right, they're going to use the technology that they could have used from the beginning. A focused ion beam (FIB) to penetrate the chip housing for the memory containing the PIN, and microelectromechanical contacts to read the contents inside the individual NAND cells. This is all technology that the scientific community has used for years, just applied to electron microscopy, analytical chemistry, MEMS etc. Ars even had an article about it, but couched it too much as an "unproven" method.

edit: http://meincmagazine.com/security/2016/02 ... ed-iphone/

Yes, of course this is possible. But I think very few people would have a problem with the FBI blowing a few million on delicate hardware surgery on every single iPhone they want to crack. Because this would be hard enough and expensive enough to be used only very sparingly which is the exactly opposite of mass surveillance or general privacy invasion.

The true danger is them having a way to break this security routinely and cheaply or even remotely (with nothing but software).

Except it wouldn't cost millions per phone. There is a sunk cost for the equipment, but in all likelihood they would just use a university facility. This isn't insane futurist technology, this is standard tier 1 research university user facilities that graduate students can operate. Expect $500/hr for a staff scientist (read: not a gradstudent) to operate the equipment for you. I'm not sure of FIB rates or chip sizes, but you're looking at tens of thousands of dollars for the PIN extraction (days).

 

[noanoxan]

digi99[/url]":fu8jg2f5]

Incunabulum[/url]":fu8jg2f5]

digi99[/url]":fu8jg2f5]ITT: People mad when they were forcing Apple to do it yet mad when they did it themselves and didn't need Apple to do it. Your anti-government lunatic nonsense is showing....

Forcing Apple to do anything was the least of the issues here. That was just the tip of the anger iceberg. Getting rid of that still leaves 9/10th of the anger causing shit untouched.

Uh, no that was the entire argument.

Uh, no, it wasn't. Someone hasn't been paying attention the last few weeks and needs to reread some articles in order to keep their ignorance from showing.

Edit because stupid iphone

 

[Uxorious]

cfarivar[/url]":1gq2r20p]We got this news literally as I walked into my hotel in Riverside.

Since the hearing was just delayed, do you get to turn around and go home or are you stuck in Riverside until the FBI completes their lobbying effort to get Judge Pym to rule in their favor alternative access testing?

 

[skyywise]

Part of me thinks this is a strategic retreat. With this case being effectively rendered moot, any further advocacy and privacy rhetoric by Apple can be construed by the DOJ/FBI as "marketing and PR" like they were alleging earlier.

Until the next time, and the DOJ/FBI probably hope you don't recall this case the next time.

 

[fxds]

SixDegrees[/url]":2wa6srnv]I think the claim that the FBI found another route into the phone is bogus, and we'll never hear another word about it from them. They're trying to save face, and more importantly they're trying to avoid a court precedent that rules against them.

I agree with the suspicion that the government is making a strategic move to avoid the likelihood of an adverse precedent, but I actually believe the claim that they have another way into the phone. I believe they've had another way in all along, courtesy of the NSA. But the intelligence/national security portion of the government has long been very reticent (to put it mildly) to use their capabilities for domestic law enforcement purposes because doing so might reveal the extent of those capabilities to our foreign enemies. Just look at the lengths they went to with "parallel construction" in order to conceal the involvement of surveillance capabilities. They outright lied to the courts for years, and would still be doing so today and as far as they could into the future if the Snowden leaks hadn't blow the whole thing open.

So yes, given the way the case seems to be going I'm sure the FBI is under tremendous pressure from lots of other portions of the government, both inside and outside the DoJ, to avoid an adverse precedent regarding the All Writs Act. And they may end up abandoning the phone and whatever data it may contain, either because the NSA might just flat out refuse to help given that the terrorists in this case are already dead and there's sharply limited odds that the six weeks' worth of unexamined data on the phone contains any leads or information that couldn't be obtained elsewhere, or because the process to gain access to the data is simply too costly given the low likelihood of producing valuable information. But I think it's equally likely that either a third party really has found a flaw or that they're in the process of setting up the equivalent of parallel construction, so the NSA can crack the phone and the DoJ can then lie about how they got the data if it turns out there actually is information they want to use in other court proceedings.

 

[PrecedentPowers]

Onyx Spartan II[/url]"juj36ua]

will_ssi[/url]"juj36ua]Right, they're going to use the technology that they could have used from the beginning. A focused ion beam (FIB) to penetrate the chip housing holding the PIN, and microelectromechanical contacts to read the contents inside the individual NAND cells. This is all technology that the scientific community has used for years, just applied to electron microscopy, analytical chemistry, MEMS etc. Ars even had an article about it, but couched it too much as an "unproven" method.

Except no, that's not what the FBI is citing as a recent development. They're referencing the Sunday disclosure of an iMessage vulnerability that really isn't actually relevant to unlocking the phone.

Do you have a source for that? I assumed this whole case was just legal posturing since at least one company is advertising the ability to break IOS8 on an iPhone 5c:
http://www.cellebrite.com/Pages/cellebr ... ing-ios-8x

EDIT: Sorry, it appears that the phone is running IOS9. Not sure if the same ability still applies.

 

[ZeroHour]

I wonder what would happen if that 3rd party ever refused to unlock an iPhone again, All-writs to the rescue!

 

[jimoase]

Is the big issue whether a judge can nationalize a business in the United States?

Can a judge force a company and its employees to do the judge's will?

 

[Commander_Keen]

I think it is far more possible they are realizing they are going to loose and set a precedent, and they want to try again when they think they have better odds (I don't think this was ever about that specific iPhone but more the issue itself of access).

 

[NordlertLungstrom]

calderon0311[/url]":1y40en4a]

uhuznaa[/url]":1y40en4a]It would of course be somewhat hilarious if someone found a way, the FBI uses it and then nobody disclosing the exploit to Apple so they can't fix it. Talk about the worst case...

+1 since this is basically the problem with Apple's "Security through Obscurity" in a nutshell. Either you make the tools to available and have a tight control on them, or someone else will make those tools in due time and let it go rampant with no control.

The 90's called - they want their catchphrase back.

 

[dfjdejulio]

uhuznaa[/url]":3vw3c0y8]

Synthetic Frost[/url]":3vw3c0y8]Wouldn't it be illegal for the FBI to force their way in without Apple's consent then?

Don't think so. They have a warrant, they have the iPhone, so it's theirs to crack it if they can.

They also have the consent of the actual owner of the device. Remember, it was a device owned and provided by the employer, not a personal device.

 

[vassago]

THEY'RE GOING TO UNLEASH THE DORMANT CYBER PATHOGEN!!!!!

 

[Deleted member 1]

Spiderman10[/url]":1dbsnpop]

skizzerz[/url]":1dbsnpop]

NSA or CIA?

McAfee. Ars should get their shoes ready.

/s

Some part of me wants this to be true.

McAfee took one look at it and realized Apple was using ROT13 encryption.

 

[CraigJ ✅]

Ruled:

Judge grants DOJ's request to cancel tomorrow's Apple hearing

 

[wesgro2]

Looks like GeoHot just had all of his legal fees paid for.

 

[vassago]

calderon0311[/url]":1dy7am1z]

uhuznaa[/url]":1dy7am1z]It would of course be somewhat hilarious if someone found a way, the FBI uses it and then nobody disclosing the exploit to Apple so they can't fix it. Talk about the worst case...

+1 since this is basically the problem with Apple's "Security through Obscurity" in a nutshell. Either you make the tools to available and have a tight control on them, or someone else will make those tools in due time and let it go rampant with no control.

What security through obscurity?

 

[k0t06724]

Isn't there a new law/proposal announced which would give the FBI all they want? If so, why risk any negative jurisprudence, drop it.

 

[NordlertLungstrom]

calderon0311[/url]":1o9tw7tj]

NordlertLungstrom[/url]":1o9tw7tj]

calderon0311[/url]":1o9tw7tj]

uhuznaa[/url]":1o9tw7tj]It would of course be somewhat hilarious if someone found a way, the FBI uses it and then nobody disclosing the exploit to Apple so they can't fix it. Talk about the worst case...

+1 since this is basically the problem with Apple's "Security through Obscurity" in a nutshell. Either you make the tools to available and have a tight control on them, or someone else will make those tools in due time and let it go rampant with no control.

The 90's called - they want their catchphrase back.

Doesn't make it any less true, especially with iOS.

Are you saying iOS is never updated? That's an odd assertion.

 

[CraigJ ✅]

Awwww. The poor wuttle FBI is having a tantrum, taking their ball and going home.

 

[deanrozz]

Paging psd. psd we need you to come and clarify these events for us laypeople who know nothing about this case.

 

[HeadlessRoland]

This just in: FBI read the report about the Paris Terrorists use of burner phones and realized "I was wondering why Sayeed needed 37 Trac-Phones..."

 

[uhuznaa]

will_ssi[/url]":xwz2tpv7]

uhuznaa[/url]":xwz2tpv7]

will_ssi[/url]":xwz2tpv7]Right, they're going to use the technology that they could have used from the beginning. A focused ion beam (FIB) to penetrate the chip housing for the memory containing the PIN, and microelectromechanical contacts to read the contents inside the individual NAND cells. This is all technology that the scientific community has used for years, just applied to electron microscopy, analytical chemistry, MEMS etc. Ars even had an article about it, but couched it too much as an "unproven" method.

edit: http://meincmagazine.com/security/2016/02 ... ed-iphone/

Yes, of course this is possible. But I think very few people would have a problem with the FBI blowing a few million on delicate hardware surgery on every single iPhone they want to crack. Because this would be hard enough and expensive enough to be used only very sparingly which is the exactly opposite of mass surveillance or general privacy invasion.

The true danger is them having a way to break this security routinely and cheaply or even remotely (with nothing but software).

Except it wouldn't cost millions per phone. There is a sunk cost for the equipment, but in all likelihood they would just use a university facility. This isn't insane futurist technology, this is standard tier 1 research university user facilities that graduate students can operate. Expect $500/hr for a staff scientist (read: not a gradstudent) to operate the equipment for you. I'm not sure of FIB rates or chip sizes, but you're looking at tens of thousands of dollars for the PIN extraction (days).

Would still be a very hard limit on the number of iPhones you could crack this way. If THIS would be what the FBI is after they could do it any time and nobody would really complain. In fact it would almost be a perfect market-based approach to balance privacy and law enforcement. If they had to block a facility for a few days and blow tens of thousands of dollars and destroy the phone while doing it with every single phone they would not do that on a whim or routinely. Money talks pretty convincingly here.

I would have no problem with giving law enforcement a way to break into iPhones if this would not entail giving them a way to do that with lots and lots of iPhones. The trouble with any software way to do it is that if can do it with one iPhone you can do it potentially with millions of them just as well. Software scales effortlessly, but an expensive, risky, time-consuming hardware way doesn't scale very well.

 

[EBone]

This is not a defeat for the FBI or a win for Apple - this is only a postponement from tomorrow's ruling for another two weeks. Who knows what the FBI has up their sleeve that they want to accomplish over the next few weeks.

 

[Argyris]

I feel like this "new methodology" most likely existed all along, but that rather than investigating whether or not it could work the FBI instead wanted to strong arm Apple into letting them set a precedent that would make it much easier to get into any phone they wanted.

This would give them both the advantage of not having to reveal that they had such a methodology, assuming it works (in which case Apple would almost certainly attempt to work out how they'd done it and fix it, since it's a security hole); and also give them the leverage they need to further push the government's current anti-encryption stance.

This last one may have backfired on them given the backlash from tech companies, especially Apple, which has a big megaphone.

 

[will_ssi]

uhuznaa[/url]":1agtb7id]

will_ssi[/url]":1agtb7id]

uhuznaa[/url]":1agtb7id]

will_ssi[/url]":1agtb7id]Right, they're going to use the technology that they could have used from the beginning. A focused ion beam (FIB) to penetrate the chip housing for the memory containing the PIN, and microelectromechanical contacts to read the contents inside the individual NAND cells. This is all technology that the scientific community has used for years, just applied to electron microscopy, analytical chemistry, MEMS etc. Ars even had an article about it, but couched it too much as an "unproven" method.

edit: http://meincmagazine.com/security/2016/02 ... ed-iphone/

Yes, of course this is possible. But I think very few people would have a problem with the FBI blowing a few million on delicate hardware surgery on every single iPhone they want to crack. Because this would be hard enough and expensive enough to be used only very sparingly which is the exactly opposite of mass surveillance or general privacy invasion.

The true danger is them having a way to break this security routinely and cheaply or even remotely (with nothing but software).

Except it wouldn't cost millions per phone. There is a sunk cost for the equipment, but in all likelihood they would just use a university facility. This isn't insane futurist technology, this is standard tier 1 research university user facilities that graduate students can operate. Expect $500/hr for a staff scientist (read: not a gradstudent) to operate the equipment for you. I'm not sure of FIB rates or chip sizes, but you're looking at tens of thousands of dollars for the PIN extraction (days).

Would still be a very hard limit on the number of iPhones you could crack this way. If THIS would be what the FBI is after they could do it any time and nobody would really complain. In fact it would almost be a perfect market-based approach to balance privacy and law enforcement. If they had to block a facility for a few days and blow tens of thousands of dollars and destroy the phone while doing it with every single phone they would not do that on a whim or routinely. Money talks pretty convincingly here.

I would have no problem with giving law enforcement a way to break into iPhones if this would not entail giving them a way to do that with lots and lots of iPhones. The trouble with any software way to do it is that if can do it with one iPhone you can do it potentially with millions of them just as well. Software scales effortlessly, but an expensive, risky, time-consuming hardware way doesn't scale very well.

Yep! Since the technology already exits, but it requires specialists, I'm hopeful that this is what they've settled on since public sentiment has turned against them. Even everyone's favorite lesbian grandma, Sen. Lindsey Graham, has backpedaled and is now suspicious regarding the FBI's request of Apple.

 

[microlith]

So it looks like the FBI is going to back down until they can choose a smaller victim that can't afford to fight back.

 

[daveis]

cfarivar[/url]":2dtmsfp3]We got this news literally as I walked into my hotel in Riverside.

I see some drinks at the hotel bar in your future!

 

[NordlertLungstrom]

microlith[/url]":2hffoir4]So it looks like the FBI is going to back down until they can choose a smaller victim that can't afford to fight back.

Or until there's a terrorist attack of 9/11 magnitude that they can link to an uncrackable phone - then congress will rubber stamp anything.

 

[ethd]

ETbyrne[/url]":3su9ym64]Whether they have a legit solution yet or not, it is only a matter of time before someone figures out a way around Apple's self-destruct. Honestly it's kind of amusing how everyone is acting like this is some unattainable hack. They have the physical device. It's going to happen.

There's nothing wrong with the government finding that hack. They have a warrant, after all. They should use anything THEY have to open this iPhone.
The big problem here was trying to make Apple create a custom OS to be flashed via DFU mode, which would have much further reaching effects than a single phone.

 

[daveis]

will_ssi[/url]":tpmckfpa]Even everyone's favorite lesbian grandma, Sen. Lindsey Graham, has backpedaled...

Well played. That line gave me a good chuckle.

 

[herozero]

Can ... Kicked.

 

[cathedral]

NordlertLungstrom[/url]":5u76it5o]

calderon0311[/url]":5u76it5o]

uhuznaa[/url]":5u76it5o]It would of course be somewhat hilarious if someone found a way, the FBI uses it and then nobody disclosing the exploit to Apple so they can't fix it. Talk about the worst case...

+1 since this is basically the problem with Apple's "Security through Obscurity" in a nutshell. Either you make the tools to available and have a tight control on them, or someone else will make those tools in due time and let it go rampant with no control.

The 90's called - they want their catchphrase back.

That's a bit unfair - I work in the cybersecurity industry, and I can tell you first hand how prevalent this is - to this day. Closed source methods are, infact, a form of security through obscurity. The poster has a point. This very concept led to the development of the Defense in Depth model we use today.

I will probably get downvoted, but lets at least be honest with each other.

 

[Cloudgazer]

fxds[/url]":2k1ec77a]

SixDegrees[/url]":2k1ec77a]I think the claim that the FBI found another route into the phone is bogus, and we'll never hear another word about it from them. They're trying to save face, and more importantly they're trying to avoid a court precedent that rules against them.

I agree with the suspicion that the government is making a strategic move to avoid the likelihood of an adverse precedent, but I actually believe the claim that they have another way into the phone. I believe they've had another way in all along, courtesy of the NSA. But the intelligence/national security portion of the government has long been very reticent (to put it mildly) to use their capabilities for domestic law enforcement purposes because doing so might reveal the extent of those capabilities to our foreign enemies.

Think about that for a moment, you think the NSA don't want to crack iPhones for the FBI because then foreign iPhone users will know how easy it is for the NSA to crack iPhones and stop using them? So instead it's better for the NSA if the FBI has an open court battle with Apple in which they (hypothetically) win the power to crack iPhones at will, and indeed potentially force Apple to change the software in other ways. Which would result in an even greater exodus of targets away from the iPhone than the NSA just cracking it in the first place.

Not really very sensible is it?

 

[uhuznaa]

microlith[/url]":1c4st2j6]So it looks like the FBI is going to back down until they can choose a smaller victim that can't afford to fight back.

They might find even the smaller victims having grown up a bit now.

 

[Skelator123]

HiMyNameIsLeo[/url]":3hz58m1y]
Maybe they realized they might set a precedence in the opposite direction than what they wanted

That's exactly what is happening. This new method is either total B.S. or they've had it as an option the entire time.
Or maybe the President's new inter-agency information sharing policy allows the NSA to help out.

 

[vassago]

cathedral[/url]":kg9g1g0g]

vassago[/url]":kg9g1g0g]

calderon0311[/url]":kg9g1g0g]

uhuznaa[/url]":kg9g1g0g]It would of course be somewhat hilarious if someone found a way, the FBI uses it and then nobody disclosing the exploit to Apple so they can't fix it. Talk about the worst case...

+1 since this is basically the problem with Apple's "Security through Obscurity" in a nutshell. Either you make the tools to available and have a tight control on them, or someone else will make those tools in due time and let it go rampant with no control.

What security through obscurity?

That's all well and good, but I believe the source code is closed source, is it not?
We understand the method, but can't actually see the implementation.

So you're claiming everything that isn't open source is 'security through obscurity'? That's kind of absurd... and not what 'security through obscurity' refers to. The closed source nature of iOS isn't an element of their security model.