DOJ To Court: We Got Into The iPhone, So Please Drop Our Demand To Force Apple To Help Us... This Time

from the moving-on dept

So it appears that the mainstage event over the DOJ's ability to force Apple to help it get around the security features of an iPhone is ending with a whimper, rather than a bang. The DOJ has just filed an early status report saying basically that it got into Syed Farook's work iPhone and it no longer needs the court to order Apple to help it comply by writing a modified version of iOS that disables security features.
The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016.
There's also an associated one line proposed order that magistrate Judge Sheri Pym will almost certainly sign off on shortly.

And thus... the big showdown between the tech industry and the Justice Department goes nowhere. Just a little over a month after the DOJ swore to a court that it had exhausted all possibilities that didn't involve co-opting Apple to hack its own phones, the DOJ is admitting that the FBI has found a way in. Still, this was just one fight in a war that is still ongoing. It seems fairly clear that the DOJ and FBI expected their side of things to get a lot more support, which is why they chose the Syed Farook case to make a big public stand, rather than one of the many other cases where similar issues are at stake.

However, the overall issue is not over. There are still plenty of questions: What method did the DOJ use to get into Farook's iPhone? And what will happen in the other cases involving iPhones or involving other companies such as Whatsapp? And what will happen as Apple and other companies increasingly strengthen their encryption and security, making it more and more difficult for the FBI to get in?

In short, this is far from over. However, in the short term, the DOJ has learned that it isn't easy to win over public opinion on this issue, which suggests that future battles may play out under the cover of a bit more darkness, as the DOJ seeks to seal various filings and orders off from the public. My guess is that perhaps the next big fight will be in revealing what kinds of orders come through under the cover of darkness.


Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, doj, encryption, fbi, going dark, iphone, syed farook
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Howard, 28 Mar 2016 @ 3:07pm

    Hmmm...

    All this in less than two weeks? That's quite an achievement.

    Of course, the DOJ might be bullshitting and this is just their 'out'.

    link to this | view in thread ]

  2. identicon
    tp, 28 Mar 2016 @ 3:13pm

    Nice security

    seems amazing security feature, given that someone broke it in two weeks. If apple wasn't the most popular company on the planet, we would call them incompetent with their security...

    link to this | view in thread ]

  3. icon
    BentFranklin (profile), 28 Mar 2016 @ 3:16pm

    Does Apple have the right to continue the case to get a declaratory judgement?

    link to this | view in thread ]

  4. icon
    That Anonymous Coward (profile), 28 Mar 2016 @ 3:16pm

    I'm still convinced that it was discharged & all they had were 30 pin cables, so they borrowed a lighting cable and boom...

    link to this | view in thread ]

  5. icon
    Anonymous Anonymous Coward (profile), 28 Mar 2016 @ 3:19pm

    It's evidence you know...

    After so much effort, so much anxiety expressed about not being able to get into the phone and how terribly important that they get in expeditiously, I cannot wait to see them use the evidence gained in their pending court case...oh...wait!

    I bet they even have a hard time convincing anyone that the information they 'gather from the phone' actually came from the phone.

    They will claim this fishing expedition has saved how many lives and how soon will that claim be made?

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:24pm

    'There are still plenty of questions'

    surely the first one has to be 'did the DoJ/FBI actually get into the phone or is this just another crock of shit dreamed up to try to keep the 2 agencies out of the shit and looking like total pricks?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:26pm

    Open source, reproducible builds are the only antidote

    If Apple truly cares about user security, it must let users compile their own software and sign it with their own keys. This is beyond the ability of most users, but there could be a strong corporate/gov't market.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:27pm

    s/wimper/whimper/g

    n/t

    link to this | view in thread ]

  9. icon
    Jeremy2020 (profile), 28 Mar 2016 @ 3:29pm

    The case wasn't going their way so they want it dropped so they can be sure to file with a judge that will rule in their favor.

    Probably a secret court so Apple can't talk about it.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:46pm

    Next Time, Insist on Affidavits

    Perhaps I missed them, but I do not recall the FBI's filings providing any evidence that they had tried to access the content on the device... other than statements from FBI employees. One would think that a higher standard of proof would be required, such as affidavits/sworn testimony from independent security experts as to whether or not the FBI has truly exhausted all possibilities.

    link to this | view in thread ]

  11. icon
    Uriel-238 (profile), 28 Mar 2016 @ 3:49pm

    Re: Nice security

    They have the advantage of newly found vulnerabilities on old tech. But considering how many systems had been vulnerable for super long via Heartbleed, this sort of thing happens all the time.

    Gödel's Incompleteness Theorem, my friend. You can't close all the gaps.

    link to this | view in thread ]

  12. icon
    Anonymous Anonymous Coward (profile), 28 Mar 2016 @ 3:50pm

    Speaking in secret of secret

    You made me think about things secret. Since the government is so caught up with secret courts, and secret laws, and secret interpretations of laws, and secret surveillance, and secret prisons, and secret handling (torture) of persons who might become secret prisoners if not secretly killed, and secret secrets; they won't mind if the revolution to replace them starts in secret...will they?

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:51pm

    I think you're absolutely right about the next step for the DOJ will come "under the cover of darkness." Does Apple have its warrant canaries in order?

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:55pm

    I see four possibilities
    1. The FBI does not have a method to break the iPhone, and this is just a way to get out of an unpopular lawsuit
    2. The FBI always had a way to break in, but lied so that they can set a precedent
    3. The FBI didn't care what was on the phone, and thus did not try to break in until now
    4. The FBI has been completely honest and they really tried everything, not finding a method to break in until they discovered a brand new method just now
    I do not know which one is true, but I believe that it is not number 4

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 28 Mar 2016 @ 3:57pm

    >If apple wasn't the most popular company on the planet, we would call them incompetent with their security...

    I'm not sure I could name any other hardware that would take that long to break, given that kind of access. Last time I tried to break a password on a MS-Windows box, it didn't take all of fifteen seconds, or a soldering iron: just a 10-second reboot.

    Granted, the FBI comes off as thicker than two bricks, technically speaking--but they've got a lot of money to hire independent contractors.

    link to this | view in thread ]

  16. identicon
    Mark Wing, 28 Mar 2016 @ 3:57pm

    The problem with using FUD as a tool of statecraft is that it's been overused, and people are desensitized to it. Just like a drug tolerance, the only way to make people afraid and uncertain is to keep ratcheting up the hyperbole. But at some point even FUD gives them diminishing returns.

    Thankfully the government has played that "but, terrorism" hand to the point that the average person now sees right through it. The DOJ made a huge miscalculation in its public war against Apple. They didn't account for the average person being FUD'd out.

    Maybe now we can finally have a coherent discussion about encryption that's based on truth and facts instead of "OMG TERRORIST PEDOPHILES SELLING YOUR CHILDREN CRACK BECAUSE OF ENCRYPTION."

    Encryption has been around since the dawn of man and it can't be wished or legislated away. All fighting a technology does is drive innovation, so maybe history will show that this was the time we finally started taking our privacy seriously, and bringing the 4th amendment into the information age where it belongs.

    link to this | view in thread ]

  17. identicon
    Quiet Lurcker, 28 Mar 2016 @ 3:59pm

    Re: Hmmm...

    Might be....??

    I would say, that's a foregone conclusion.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 28 Mar 2016 @ 4:00pm

    Re:

    "I do not know which one is true, but I believe that it is not number 4"

    Why not? Hanlon's Razor applies perfectly.

    link to this | view in thread ]

  19. icon
    David (profile), 28 Mar 2016 @ 4:11pm

    Re: Nice security

    Security is not a CS101 class. It takes a lot of work by a lot of people to get right. Now add to that there is an OS, applications, remote ownership (the county) and an unknown host of possible bugs where all these interconnect.
    Note that the twits at the FBI have yet to reveal how it was done, if it was the suggested NAND copy that is a hardware attack. So even if the software was perfect, taking the hardware partially apart while not ruining it provides yet another attack vector.
    So, yes their security is such the FBI went to court to try to get a free get out of doing their job card.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 28 Mar 2016 @ 4:19pm

    DOJ/FBI/NSA confirm they only wanted to set a precedent on encryption.

    link to this | view in thread ]

  21. identicon
    tp, 28 Mar 2016 @ 4:26pm

    Re: Re: Nice security

    > Security is not a CS101 class.

    I thought the whole paperwork was based on premise that apple themselves can't even open the phone since their nice security features prevent it. People were horrified that phones would have backdoors which allowed access to the punter's email messages. Now someone broke their security in 2 weeks using whatever trick necessary. If it was hardware attack, it just means that the data in the storage space wasnt encrypted and you cannot talk about any security whatsoever. If it was software attack, it means they have necessary backdoors or even pin codes that always open the device. But either way, the security just sucks like hell. Maybe it wasn't designed to protect people's email messages?

    link to this | view in thread ]

  22. icon
    madasahatter (profile), 28 Mar 2016 @ 4:28pm

    Re:

    What is the story about the boy who cried wolf too often? The moral is the first couple of times people will often believe you but if you are shown to be liar then they start to tune your cries out.

    link to this | view in thread ]

  23. icon
    Nigel Lew (profile), 28 Mar 2016 @ 4:30pm

    Curious

    Too bad they can't be charged for violating section 103 of the DMCA.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 28 Mar 2016 @ 4:36pm

    First off, to trust them I'd like to see the data, and whether it was even worth all of this.

    link to this | view in thread ]

  25. identicon
    STAND AND DELIVER, 28 Mar 2016 @ 4:38pm

    A lose for all geeks

    Like the release of Win 10 for china, I was looking foward to GoviOS I had assumed it would be more configurable with less built in tracking and the ability so side load whatever you wanted , this is a sever lose for people that love free and open platforms!

    link to this | view in thread ]

  26. icon
    aldestrawk (profile), 28 Mar 2016 @ 4:40pm

    Apple security

    If we take the FBI's report as true and they were able to access the data on this iPhone, then the most likely method would have been finding the passcode through brute force.

    "iOS supports four-digit and arbitrary-length alphanumeric passcode".
    from Apple's iOS security white paper:
    https://www.apple.com/la/iphone/business/docs/iOS_Security_May12.pdf

    The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone. Each attempt requires 80 milliseconds to execute on the iPhone. Yes, it is intentionally slow. If he used just a six digit passcode there are 1 million possibilities which would take (1,000,000 x .08s) or 22 hours to crunch through all possibilities without taking into account extra time needed if the method wasn't just a program supplying attempts directly to the iPhone without interruption. The average time to crack the passcode, given this scenario, is 11 hours. However, if a six character alphanumeric passcode was used, it would take more than two years on average to crack the passcode. So, the level of security seems to now lie with the user's choice of passcode.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 28 Mar 2016 @ 4:50pm

    The FBI is also trying to claim that the way they got in only works on that one phone. LOL what utter bullshit!

    After all the BS they've been shoveling it's a shame they can just get away with dropping the case instead of Apple getting a ruling that the government can't force a company to compromise their own security.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 28 Mar 2016 @ 5:09pm

    Security is always an economic trade-off. Anyone who wants to get data off your computer (Multex mainframe, Sun workstation, PC, Android, whatever) can get it.

    But how much does it cost, and how much is it worth to them?

    For an "average citizen", private data is likely worth under $1000 to an identity thief, and under $50 to a totalitarian government secret-police organization. And a computer such as the iPad which costs over $1000 to break is probably safe, because nobody will pay the fee.

    For a small-time pimp or drug pusher, the government would love to have a $100 key--much more, and they'd pass.

    For a high-profile criminal case, the government will pay the $10,000 with glee.

    Government officials are especially valuable, for either espionage or blackmail. (Hillary Clinton's emails are probably being privately chortled over in half-a-dozen chancellories around the world. I'm sure they'll start leaking if she's elected.)

    For a celebrity, paparazzi might pay $10,000.

    For a robber-baron class MBA, competition might pay the money.

    But phone theft and identity theft are what matter most to ordinary folk. Apple is plenty good enough today.

    And could get better. (They design their own chips: what's to prevent including that vulnerable ROM on the chip with the iPhone CPU, without any kind of external lead, so that you'd HAVE to go through the OS to access it?

    Which is a good thing, because jailbreaking technologies, like all electronics except internet service, keep getting cheaper.

    I don't have an Apple phone, and can't imagine ever buying one (I don't like the lack of a visible file system). But the presence of strong security on iPhones makes security better for everyone else. Because it moves the cost/benefit ratio: thieves have to assume the more valuable computers have better security, so that the average Android phone is worth less to break.

    link to this | view in thread ]

  29. icon
    JMT (profile), 28 Mar 2016 @ 5:15pm

    Re: Apple security

    The whole driver of this issue is that Apple prevents brute-forcing by limiting the amount of attempts that can be made to ten before deleting the encryption key. That's what the FBI was trying to force Apple to bypass. It's almost like you haven't read a single thing about this story until today...

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 28 Mar 2016 @ 5:19pm

    So file a FOIA to find out what was on the iPhone;

    the govt's already admitted that everyone (except the baby) is dead, so there aren't any privacy rights to worry about.

    The govt should immediately publish everything on this iPhone.

    link to this | view in thread ]

  31. identicon
    JBDragon, 28 Mar 2016 @ 5:22pm

    Re: Hmmm...

    I'm sure it's just more of their B.S. I'm waiting for them to announce that they found Nuclear launch codes on the phone!!!

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 28 Mar 2016 @ 5:24pm

    Re: Re: Re: Nice security

    "If it was hardware attack, it just means that the data in the storage space wasnt encrypted and you cannot talk about any security whatsoever."

    Wrong. If I understand the attack correctly then they copied the encrypted data, brute-forced it on a 2nd chip/box and repeated once they got locked out. And you cant do much about that. You can't disable the read function because the user kind of wants to read the messages too.

    "If it was software attack, it means they have necessary backdoors or even pin codes that always open the device. But either way, the security just sucks like hell."

    Wrong again. Software attacks don't need a backdoor or universal pin to succeed. There's always a way to get into a system via software. Not because the security is bad but because those things are too complex to find all bugs or exploits. Why do you think there is a 0day market?

    link to this | view in thread ]

  33. identicon
    JBDragon, 28 Mar 2016 @ 5:29pm

    Re: Re: Nice security

    They haven't even said they broke into the phone. Just that they supposedly found a way. They of course would need to test it to see if it really works on the iPhone they have and won't wipe the Data in the process.

    This is also a older iPhone 5C. There's no TouchID. There's no Secure Enclave. This is a older iPhone with iOS9 on it. The security is weaker on this phone then newer iPhones. Every generation Apple is improving the Security of their products. I'm sure after all this, Apple will lock down the phone even more so. Things like no Auto Update a OS without a passcode, even if it's a valid signed OS update. Having Encryption keys still for things on iCloud I see going away also at some point. Keys for the OS went away with iOS8 and newer. Which is how Apple helped in the past but can't now. I'm sure they were tired of breaking into all these phones for the Government and said screw it. We can't do that any more.

    link to this | view in thread ]

  34. identicon
    tp, 28 Mar 2016 @ 5:34pm

    Re: Re: Re: Re: Nice security

    > Wrong again. Software attacks don't need a backdoor or universal pin to succeed. Why do you think there is a 0day market?

    Yes, but they had like 2 weeks to do it. Noone is going to start looking for 0day stuff to open some phone with 2 weeks schedule.

    link to this | view in thread ]

  35. identicon
    JBDragon, 28 Mar 2016 @ 5:44pm

    Re: Open source, reproducible builds are the only antidote

    If the U.S. Government forces U.S. Company's to create back Doors into their devices, you can bet Apple would look into doing something like this. Get your own Security Software for your iPhone from out of the Country where the U.S. Government can't make a company create a BackDoor. Apple is a Global Company. The U.S. Government having backdoor access would be bad for sales in other countries. China for example demanded access to look at the source code to make sure there was no U.S. Government Backdoors where they could spy on Chinese Citizens. Apple was there watching them look at the code in a locked room.

    2/3's of the encryption software made is out of the U.S. and U.S. control. It's really pretty dumb and short sited to screw U.S. Citizens of their Security and privacy for a very tiny fraction of people!!! Especially when the end result would be weak security for most, expect any Criminal or Terrorist with half a brain to buy any old Android phone and install any number of 3rd party encryption software with no back doors. Talking about some dumb people in Government


    We already had this battle with the FBI 20 years ago. Them using the same exact excuses. Wanting to install the Clipper Chip into all hardware to gain backdoor access. What country would want to buy that U.S. hardware???? In the end it was hacked anyway. Congress already passed a law and Apple is protected by that law. How the FBI tried to get around it and this court going along with it?!?!

    link to this | view in thread ]

  36. identicon
    tp, 28 Mar 2016 @ 5:47pm

    Re: Apple security

    Someone might want to try what happens if apple owner happens to forget his pin code. I would expect apple vendor have some nice trick to open the device and change the passcode. But with proper security practises in place, you might need to buy completely new phone, which might be unacceptable answer for many apple users.

    link to this | view in thread ]

  37. identicon
    Capt ICE Enforcer, 28 Mar 2016 @ 5:57pm

    Backdoor

    I knew Apple had a back door. Government lapdogs...

    link to this | view in thread ]

  38. identicon
    JBDragon, 28 Mar 2016 @ 6:01pm

    Re:

    I think maybe you're just to far stuck in the past with a Visible File system. Hell even Microsoft would hide files in Windows.

    If you think outside the Box, use iCloud drive or Dropbox for example and think of them as a file system in a way. You can access those files from one program to another and even from your PC or Mac, or iPad, etc.

    You know what you have with file systems you can see. People screwing software up. It can also be a big security issue.

    Playing aorund with my cheap WinBook Windows 8.1, now Windows 10 7" Tablet. Dealing with the file system really SUCKS!!! Windows 10 was a improvement over Windows 8.1 on the tablet, but I still like my iPad 3 much better for a number of reasons. I deal with the file system enough on my Custom Desktop and Laptop at work.

    I haven't used CD's in a while on the PC other then to RIP Movies. SD cards or USB Memory sticks. Can't remember the last time I used one. There new ways of doing things. I started out on a Commodore Vic-20 with a tape drive.

    You like file systems, why not toss the GUI also. Hey, go back in time to just MS-DOS. You can get down to the nitty gritty.

    I was ease of use these days. I want it to just work. I just spent about 3 days trying to get windows 7 working correctly on a Netbook for the Boss he wanted to take with him to Japan to use. Why?!?! It had a number of Windows issues. Same old crap with Windows and it's issues over the years. Trying to figure out what the hell went wrong and how to fix it without having to re-Install Windows. Something I'm sure many would just end up doing.

    If I didn't need my PC for some things, I'd go Mac. Something my brother has tried to get me do for the last 20+ years.

    link to this | view in thread ]

  39. icon
    Uriel-238 (profile), 28 Mar 2016 @ 6:05pm

    Re: Speaking in secret of secret

    All revolutions do.

    But yes, all this secrecy is undermining the illusions that we had that the people had a participatory role in government.

    Feel free to strike at them in a way they cannot retaliate. That's what we need right now.

    link to this | view in thread ]

  40. identicon
    Christenson, 28 Mar 2016 @ 6:08pm

    Perjury...undermines trust in *ENTIRE* FBI

    What about the perjury??? Falsus in unum, falsus in omnes.

    As a member of the public, I think this should carry serious LEGAL repercussions for the FBI. Defense lawyers, if they demonstrably perjured themselves here, what else did they fabricate from whole cloth????

    FBI attorneys should be disbarred and sent to jail for this!

    link to this | view in thread ]

  41. identicon
    Josh, 28 Mar 2016 @ 6:11pm

    Re: Nice security

    There's no actual proof that they got in. They just say they did.

    link to this | view in thread ]

  42. icon
    Uriel-238 (profile), 28 Mar 2016 @ 6:13pm

    The exploit works on one phone.

    The way they got in only works for phones of that model and configuration (with some variance). I'm sure other phones in other cases will qualify.

    But it probably doesn't work for all iPhones.

    It was pointed out during this debacle that a 2010 whitepaper demonstrated the hacking of a TPM chip, which is, I think, the sort that is used to protect even latest models.

    So the FBI in 2016 should probably be able to crack even new models with long passwords. Though it's expensive (takes a lot of time and resources).

    Which is preferable to it being cheap: expensive cracks usually get warrants first. Cheap ones don't.

    link to this | view in thread ]

  43. identicon
    Sharatan, 28 Mar 2016 @ 6:15pm

    Re: Next Time, Insist on Affidavits

    I do not recall the FBI's filings providing any evidence that they had tried to access the content on the device... other than statements from FBI employees.

    Courts take statements from law enforcement as sacrosanct. The highest form of evidence. There are numerous cases of videos showing things different from what a cop testified to, and the court concluding that the video must be lying, not the cop.

    link to this | view in thread ]

  44. icon
    Uriel-238 (profile), 28 Mar 2016 @ 6:17pm

    Re: Perjury...undermines trust in *ENTIRE* FBI

    Welcome to the magic of prosecutory discretion.

    Prosecutors don't have to charge anyone they prefer not to, and the FBI and various attorneys departments have good reasons to be good friends, and better reasons not to be adversaries.

    So they can lie in court all they want.

    link to this | view in thread ]

  45. icon
    Uriel-238 (profile), 28 Mar 2016 @ 6:28pm

    Not number 4

    I think that if the FBI wasn't able to break into the Farook phone, it's because they didn't try very hard.

    We had bunches of white-hats saying how they'd break into the phone, and the NSA offered. Even if they didn't the whole point of the DHS is to create bridges by which the FBI could use NSA resources for just this sort of thing.

    Now since none of the FBI's efforts have been revealed we don't know what they tried or didn't try (and what they ruled out since it would risk blanking the trusted platform).

    But it's hard to believe that they tried or ruled out everything that was put on the table and still couldn't get into the phone. That would be a technical miracle of probability.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 28 Mar 2016 @ 6:32pm

    Re: The exploit works on one phone.

    No, what they are trying to claim is that it only works on that one phone, not one model or one OS, just that particular phone. Just like they were trying to claim that the backdoor they wanted Apple to make could only be for that one specific phone they wanted unlocked.

    It's BS and everyone knows it's BS because it just doesn't work that way. Like the magic golden keys to the front door they want lol.

    link to this | view in thread ]

  47. identicon
    tp, 28 Mar 2016 @ 6:41pm

    Re: Re: The exploit works on one phone.

    > No, what they are trying to claim is that it only works on that one phone, not one model or one OS, just that particular phone.

    Maybe they asked the pin code from the criminal?

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 28 Mar 2016 @ 7:00pm

    In other news: Dormant Cyber Pathogen Released

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 28 Mar 2016 @ 7:06pm

    Re:

    Odds are very good that, if Apple wanted a declaratory judgement, it would have to file a new action.

    ... and that said action would be dismissed for lack of "ripeness".

    Having said that, there's a lot of lawyering on Apple's side, and a lot of amicus briefs, that will get pulled into the next case. Will this get ignored? Not on your life.

    Will Apple be able to get from the government a thin red cent of what they paid in court costs (let alone lawyer time)? Not on your life.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 28 Mar 2016 @ 7:11pm

    Re: Apple security

    The minimum passcode length is four digits but the default is six digits and probably is the length Farook used on this iPhone.
    New Documents Solve a Few Mysteries in the Apple-FBI Saga”, by Kim Zetter, Wired, Mar 11, 2016
    The iPhone’s Password Was Just Four Digits

    Although iOS 9, the version of the Apple operating system installed on Farook’s phone, asks users by default to create a six-digit password, authorities say the phone’s password they are trying to crack is just four digits long.

    Pluhar notes that when authorities powered on the phone, “it presented a numerical keypad with a prompt for four digits.” . . .
    Zetter's Wired article links to Supplemental Declaration of Christopher Pluhar (Mar 9, 2016). From p.2 of that declaration:
    2. In paragraph 8 of my declaration dated February 16, 2016 (the “Initial Declaration”), I explained that the Subject Device was “locked” because it presented a numerical keypad with a prompt for four digits.

    link to this | view in thread ]

  51. icon
    aldestrawk (profile), 28 Mar 2016 @ 8:05pm

    Re: Re: Apple security

    I am assuming the FBI's new method of gaining access is just that, a way to bypass the 10 guess limit.

    link to this | view in thread ]

  52. icon
    aldestrawk (profile), 28 Mar 2016 @ 8:17pm

    Re: Re: Apple security

    Thanks for pointing that out I hadn't read that. However, is that really how the display works? It shows you how many digits, or characters, the password is before you enter it? If so, that is a security weakness in itself. At any rate, once the 10 guess limit is bypassed, it doesn't really matter whether the passcode was four digits or six. Both are doable in a reasonable amount of time. If Farook's passcode was four alphanumeric characters, then let's calculate how long that would take to crack. ((36 ^ 4) * .08s) / 3600) = 37 hours max or 18.5 hours on average. Just one more character, 5 total, would take a month to crack on average. Still doable, but a pain.

    link to this | view in thread ]

  53. icon
    aldestrawk (profile), 28 Mar 2016 @ 8:21pm

    Re: Re: Apple security

    I believe if you forget your passcode then you can reset the phone. This makes the phone still useful but all your encrypted data is lost.

    link to this | view in thread ]

  54. icon
    Blackfiredragon13 (profile), 28 Mar 2016 @ 8:55pm

    At least they didn't win.

    I don't want to think about what would've happened had they won the fight.

    Silicon Valley would've likely have seen a mass emigration. The effects from that on economy would've disastrous.

    link to this | view in thread ]

  55. icon
    Uriel-238 (profile), 28 Mar 2016 @ 9:06pm

    The next step

    If the FBI wants to prove their point, they need to reveal what they learned from Farook's phone, and how that was immensely valuable

    If they don't, then the next guys need to remember to point out that the last time the FBI freaked out over a phone it turned out to be nothing at all.

    link to this | view in thread ]

  56. icon
    That One Guy (profile), 28 Mar 2016 @ 9:50pm

    Re: The next step

    Well clearly the data was so insanely valuable that it will allow them to save billions of lives in the coming weeks/months/years, but releasing it to the public would allow the terrorists/criminals/communists to change their plans, nullifying the advantage, so they need to keep it all completely secret.

    But trust them, it's totally valuable, and totally worth it, honest. /s

    link to this | view in thread ]

  57. icon
    That One Guy (profile), 28 Mar 2016 @ 9:55pm

    Re: Re: The exploit works on one phone.

    Yeah, pretty sure the only device specific trick to get into a device, something that works on one device and one device only is the password, given those are device specific. Anything else can absolutely be used on similar devices, and you'd think by now they'd know better than to make such obvious lies; even if the larger news agencies have shown themselves to be too spineless to call them out on their lies there are still plenty of others that have no problem doing so.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 29 Mar 2016 @ 12:58am

    Re: Re: Re: Re: Re: Nice security

    '2 Weeks'

    Not sure where you get the 2-week number from? The attacks happened in December. That means the firmware will be at least that old so any 0days could have been around for at least 4 months by now.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 29 Mar 2016 @ 4:23am

    YouTube video showed how to do it?

    I heard on the radio this morning that a kid's YouTube video showed how to get into the iPhone. Not sure how accurate the report is, but wouldn't surprise me.

    link to this | view in thread ]

  60. icon
    Jeremy Lyman (profile), 29 Mar 2016 @ 4:26am

    Re: Re:

    Assuming this happens in a public court next time.

    link to this | view in thread ]

  61. icon
    That One Guy (profile), 29 Mar 2016 @ 5:09am

    Re: Re: Re:

    Yeah, that was one of the FBI's bigger blunders here, they tried to use public pressure to get Apple to fold only to have the plan backfire on them such that the longer the case went on the worse the FBI looked.

    They tried to use a pile of bodies for their own ends and miscalculated the reaction to their doing so. You can be sure that they've learned their lesson from this and will make future attempt under cover of gag orders and sealed legal filings(with the justification being 'National Security' of course) so it doesn't happen again.

    link to this | view in thread ]

  62. identicon
    Lisboeta, 29 Mar 2016 @ 5:18am

    Oh, no!

    What a let down. Any offers for 24 unopened packets of popcorn?

    link to this | view in thread ]

  63. icon
    Not an Electronic Rodent (profile), 29 Mar 2016 @ 5:33am

    Re: Perjury...undermines trust in *ENTIRE* FBI

    What about the perjury???
    This was my question too... talk about double standards. IANAL, but surely you've got perjury, perhaps a contempt of court and would Apple not also have a cause of action to sue for having been dragged into court with all the associated costs under false pretences?

    ...or is breaking the law something that only happens to people who are not agents of the state?

    link to this | view in thread ]

  64. icon
    DannyB (profile), 29 Mar 2016 @ 5:38am

    Re: Re: Nice security

    Yes. That.

    This is one of the outcomes I suggested would happen in an earlier post. The FBI wants this case to go away before it sets a precedent they don't like. Nevermind them losing the public relations battle.

    I suggested that the FBI would find another way to break into the phone. That it may or may not work. I also suggested that the phone would be destroyed in the process, maybe by 'accident'. That didn't seem to happen.

    Next I would suggest that if the lying FBI really was just wanting to get into this one phone, they would then disclose this vulnerability to Apple. As per president Obama's policy that they should help make the nation's cyber security safer. I won't hold my breath.

    As an example of how secret technology gets abused, look no further than a tool like Stingray once it gets into the wrong hands like the FBI. Useful for catching bad guys, yes. But easily and widely abused, also yes. Lying to courts about what it is, how it is used, the scope of what it does, yes.

    link to this | view in thread ]

  65. identicon
    tp, 29 Mar 2016 @ 6:13am

    Re: Re: Re: Re: Re: Re: Nice security

    > Not sure where you get the 2-week number from?

    The two weeks is coming from submission of first paperwork to the court forcing apple to open the phone. At that point, the phone was not yet opened. Then they managed to open it before submitting the current paperwork. We heard about this story about 2 weeks ago, and now it's already resolved. Assumption is that internet is real-time.

    link to this | view in thread ]

  66. identicon
    tp, 29 Mar 2016 @ 6:27am

    Re:

    > I'm not sure I could name any other hardware that would take that long to break, given that kind of access.

    Yeah, but this company is adverticing their amazing security features. If they actually spent _any_ time securing the system, the barrier to entry would be much higher to breaking the security. Would pretty much require brute-forcing the pin code, and simple exponential delay in the user interface would make that impossible.

    link to this | view in thread ]

  67. icon
    Bamboo Harvester (profile), 29 Mar 2016 @ 6:55am

    Seriously?

    C'mon, people. Only a couple of possibilities here.

    1) Apple broke it for the FBI on the condition that the FBI swears Apple didn't.

    2) FBI did NOT get in, Apple didn't help them, and they "announced" they broke the security to screw over Apple for not helping them.

    What third party would take a 0Day exploit that cracks Apple security at this level and GIVE it to the FBI rather than soak the NSA for a couple of hundred grand instead?

    link to this | view in thread ]

  68. identicon
    jimc, 29 Mar 2016 @ 6:59am

    he, he!

    All you American government haters.
    All they asked for was access to one phone. Apple said, even in their filling, they had done the same prior, so why stop now?
    You Microsoft haters, win 10 given to the Chinese, is also called the Chinese version of win 10, it's pictografic, remember Apple has a Chinese version also. But the Apple version is source code of their latest version. China is also friends with one of the biggest spying countries, in the middle East, and another in Europe. Not saying, look it up. Hand in hand.
    So, some insfrinces, Android, win10, are as secure as Apple. Just they are consumer friendly. Apple, is the big hat security. Supposedly two weeks to break in? When the codes are known to a third party, is it secure? Not anymore.
    My big take off this. If I was the American government, Apple losses it right to sell to the military, and security forces of America. Buy the BlackBerry company, set up as an American company, move it here and issue bb to all of the Americans in security, and replace all government phones with the bb. Apple thinks itself superior make them prove it. They cannot. Bb was mandated by the Saudis to put a backdoor in to be used there. That's how they lost the trust. Apple was asked for a one time program, for one phone, not an OS, so we know there are backdoors, and who are they open to? Just not the US. But who?

    link to this | view in thread ]

  69. icon
    John Fenderson (profile), 29 Mar 2016 @ 7:17am

    Re: Re: Re: Nice security

    "If it was hardware attack, it just means that the data in the storage space wasnt encrypted and you cannot talk about any security whatsoever."

    It's long been a fundamental truth in computer security that if someone has access to the hardware then all security bets are off.

    link to this | view in thread ]

  70. identicon
    tp, 29 Mar 2016 @ 7:35am

    Re: Re: Re: Re: Nice security

    > It's long been a fundamental truth in computer security that if someone has access to the hardware then all security bets are off.

    Even if that was true, you still don't need to give keys to the kingdom to anyone who asks for them.

    link to this | view in thread ]

  71. identicon
    I Call it Like I see it, 29 Mar 2016 @ 8:28am

    FBI already had that data

    I would be willing to bet the FBI had that data long ago, but wanted to seize the opportunity to press on for the precedence to compel these companies to design access into operating systems so they weren't always challenged to break the encryption case by case.

    link to this | view in thread ]

  72. icon
    John Fenderson (profile), 29 Mar 2016 @ 8:38am

    Re: Re: Re: Re: Re: Nice security

    Absolutely, and I wasn't arguing otherwise.

    Just because the lock on your front door can be bypassed using trivial methods (and it can) doesn't mean you should leave your key under the mat.

    link to this | view in thread ]

  73. identicon
    Anonymous Coward, 29 Mar 2016 @ 9:13am

    It was a budgetary decision.

    After careful consideration, we've decided to sand bag a company with smaller pockets in order to manufacture our precedent.

    Thanks everyone for your concern.
    The FBI.

    (sarc.)

    link to this | view in thread ]

  74. icon
    Mat (profile), 29 Mar 2016 @ 9:49am

    Re: Re: Re: Re: Re: Re: Re: Nice security

    The other assumption being made is that they didn't already have the data before making the filing to the court. At this point? I'm not saying they are lying bastards, but I wouldn't trust them with my bank PIN, much less my phone's.

    link to this | view in thread ]

  75. icon
    Mat (profile), 29 Mar 2016 @ 9:59am

    Re: Re: Re: The exploit works on one phone.

    With what, an ouija board?

    link to this | view in thread ]

  76. icon
    That One Guy (profile), 29 Mar 2016 @ 11:08pm

    Re: Re: Re: Re: The exploit works on one phone.

    Agent A: Oh dead guy, tell us the passcode to the phone.

    Agent B: Look, it's moving! C, write this down!

    B: One.

    C(writing): One.

    A: Two.

    C: Two.

    A: Three.

    C: Three.

    B: I think he's fighting it, doesn't want to tell us the last digit. Give up dead guy, we'll get it eventually, we splurged and got the Special Edition oija board, with extra ghost compelling power!

    A: There, that did it, the last digit is coming clear now. And it looks like it's... four.

    C: Four.

    B: So then, the passcode to the phone is... one, two, three four? What the- that's the kind of password an idiot uses!

    (Comey, walking past pokes his head into the room)

    Comey: Any luck on the oiji boa- I mean the super classified technique?

    A: ...

    B: ...

    C: ... sorta?

    Comey: Well, what is it?

    B: One, two, three, four.

    Comey: That's amazing, that's the same password I use for my phone! Quick, tell the boys down at the lab, I've got to tell the boys in legal to drop the case. Also should probably change my password just in case too while I'm at it.

    link to this | view in thread ]

  77. icon
    nasch (profile), 30 Mar 2016 @ 7:40pm

    Re: A lose for all geeks

    I had assumed it would be more configurable with less built in tracking and the ability so side load whatever you wanted , this is a sever lose for people that love free and open platforms!

    Surely those people don't use iOS anyway, do they?

    link to this | view in thread ]

  78. icon
    nasch (profile), 30 Mar 2016 @ 7:43pm

    Re: Re: Re: The exploit works on one phone.

    Yeah, pretty sure the only device specific trick to get into a device, something that works on one device and one device only is the password, given those are device specific. Anything else can absolutely be used on similar devices, and you'd think by now they'd know better than to make such obvious lies;

    It means they found a post-it note with the passcode.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.