FBI Plays It Coy Regarding Their iPhone Exploit

from the what-color-is-your-hat? dept

Thu, Apr 7th 2016 2:02pm — Leigh Beadon

Every since the FBI announced that it had found its own way into Syed Farook's iPhone, people have been wondering exactly how it managed to do so, and how many people the exploit puts at risk. Unsurprisingly, the agency declined to share any details with Apple and tried to downplay the possibility that they'd be breaking into phones left and right — despite pretty quickly entertaining the idea of doing exactly that. Now, following a discussion with Director James Comey last night, we have some more... well... I don't think you can exactly call them "details", but:

"We're having discussions within the government about, okay, so should we tell Apple what the flaw is that was found?" Comey said. "That’s an interesting conversation because you tell Apple and they’re going to fix it and then we’re back where we started from."

Comey said that it is possible that authorities will tell Apple, but "we just haven’t decided yet."

That's an interesting way of putting it. It seems Comey has forgotten "where we started from", because not that long ago he was still insisting that this had nothing do with setting a precedent or getting into other phones in the future and was all about pursuing every lead in this one case. Well, that lead has now been pursued and the phone in question cracked, so Comey's "back where we started" comment only makes sense if (shocker) this really was about a lot more than one phone.

Comey went on to downplay the applicability of whatever exploit they are using:

While Comey did not disclose the outside group’s method in his remarks Wednesday, he said it would only be useful on a select type of devices — specifically, the iPhone 5C, an older model released more than two years ago.

"The world has moved on to [iPhone] 6’s," Comey said. "This doesn’t work in 6S, this doesn’t work in a 5S. So we have a tool that works on a narrow slice of phones. … I can never be completely confident, but I’m pretty confident about that."

Of course, the 5C still accounts for around 5% of iPhones, which may be a "narrow slice", but that's likely of little comfort to the many people using them who now know their device contains a potential security exploit which the FBI is refusing to protect them from. Because that's the point: if the 5C is hackable, that means a bunch of people are at risk and not just from law enforcement overreach. The right thing to do when you've discovered such a vulnerability is report it so it can be fixed — that's pretty much the dividing line between white hat and black hat hacking. By keeping mum on the details, the FBI is leaving a known security vulnerability in the wild. Oh, but Comey's not worried about that:

Comey did not seem concerned that the method for accessing Farook’s iPhone would be revealed by the outside group that helped them.

"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.

He only identified this group as "someone outside the government" and said "their motivations align with ours."

Firstly, this presupposes that the exploit will never be found by anyone else (and hasn't been already). Secondly, isn't his allusion to the FBI's mysterious assistants a bit unnerving? Yes, there are security researchers who focus on selling what they find to governments and law enforcement agencies when they need to hack something, instead of revealing the vulnerabilities they discover and helping to close them — which many would already see as a problem. But I guess we are supposed to be comforted that the FBI knows a "fair amount" about these non-governmental hackers, and that their "motivations" align (and don't include doing everything possible to help the public secure their devices and keep their data safe). To protect and serve indeed.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, fbi, iphone
Companies: apple

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 7 Apr 2016 @ 2:13pm

Translation: We'll tell Apple how we got in a year or two after the very last iPhone this works on has been destroyed, if we feel like it.
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 2:14pm

i wouldn't be surprised if this wasn't a load of horse shit and they haven't found any exploit anywhere!
[ link to this | view in chronology ]
- aldestrawk (profile), 7 Apr 2016 @ 5:24pm
  
  Re:
  I am thinking more and more that the exploit was a lie and the FBI appears to be fine tuning that lie to use it for maximum advantage. When public opinion and, just as importantly, their legal case didn't seem to be going their way, suddenly they have an exploit and don't need Apple's help. The lie appears so perfect! I'm imagining a conversation a wily teenager is having with his skeptical dad.
  
  I thought you said there was no way to do this without Apple's help?
  
  Uhm, that's still true. This secret hacker company figured it out and only told us at the last minute. I can't tell you who they are and I won't tell you any details about the exploit because, you know, National Security.
  
  Didn't you say it would only work on that one specific phone?
  
  Yeah, sorry about the ambiguity. I meant that one type of phone.
  
  Will you ever tell Apple any details about this exploit?
  
  Since the exploit only applies to this one version, it affects only a small percentage of their phones and that percentage will be getting less and less over time. Anyway, Apple has already fixed it and the exploit is still useful to us because, you know, National Security. so I don't think I really should tell Apple the details.
  
  Will you help other law enforcement agencies with their cases using this exploit?
  
  Of course, I'll always help my law enforcement brethren when I can. That is, when the phone, hardware and software just matches this one, and the case involves, you know, National Security in some way. Cause I really don't want to have the details revealed in court.
  
  I wonder if the FBI has hired some smart teenagers to be part of a Tailored Lie Operations Group. One thing that is a bit comforting is that their doesn't appear to be a known exploit to crack the data encryption itself. So, if the exploit is a way to bypass the limits on guessing the passcode, then the data can still be protected with a good choice of passcode. If you choose a random 7 character (alphanumeric using only lower case letter plus 10 digits) it will take 99 years on average to brute force the passcode.
  [ link to this | view in chronology ]
- Anonymous Coward, 8 Apr 2016 @ 6:00am
  
  Re:
  Exactly! They haven't the exploit as it was just a political charade. Farook destroyed his personal phone, but didn't even bother to toss his work phone on the ground. Why? There wasn't anything of value on it re: the shooting.
  
  These turds thought they could win in the court of public opinion by playing the, now over-played, terrorism card. Really, what are the odds they found a way in to the phone, at literally the absolute last moments before heading back in front of the magistrate?
  [ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 2:25pm

He only identified this group as "someone outside the government" and said "their motivations align with ours."

That could include extracting personal data without having to go to court to get a warrant, and as any use of such data is illegal, motivations would align.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 2:57pm
  
  Re:
  I heard through the rumor mill that the "someone outside the government" was an Israeli government agency. If true, his statements do make sense.
  [ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 4:47pm
  
  Re:
  They have constantly done things wrong so of course they have everything to hide
  [ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 10:15pm
  
  Re:
  So, Russia, then.
  
  Welp, time to kill off the American Experiment, it clearly hasn't worked.
  [ link to this | view in chronology ]
Jessie (profile), 7 Apr 2016 @ 2:42pm

Here's the problem with exploits, once it is known one exists, it's only a matter of time before someone else goes looking for it and finds it. That's why it's important to apply security patches as quickly as possible, because the updates are reverse engineered to discover the flaw and new exploits created from that. Now that it is known that a 5c, at least, can be cracked, the clock is ticking.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 2:53pm
  
  Re:
  Indeed. And actually, they've given away quite a bit. Because this exploit only works against the 5c and no other model, from the sounds of it. So all you need to do is find the differences between the 5c and other models, already knowing that an unpatched exploit (that CAN be patched) exists, and you've found the exploit.
  [ link to this | view in chronology ]
  - jim, 8 Apr 2016 @ 6:11am
    
    Re: Re:but
    Are you sure? The Chinese have their own version. Of the latest software. Given to them. Software can be used to operate and plant.
    That said, the FBI has planted doubt, was it a hardware, or a software hack. But, you see, right now hacking a product as such is illegal, even thou there are videos on utube about doing the same sent in daily. And it is not court evidence. It's tainted. Apple could have complied, and said special keys were needed, and shut up, no one would have cared. But they made a stink of not helping, the only people they won't help are Americans, the rest of the world they jump right in to help! What's different here? Supposedly free speech? Right! I guess they need a law to protect them from hackers? From law enforcement? Or from child molesters? Porn pushers?
    [ link to this | view in chronology ]
JustShutUpAndObey, 7 Apr 2016 @ 2:45pm

Except from the KGB
"...The FBI is very good at keeping secrets..."

I guess Comey forgot about this guy: Robert Hanssen - https://en.wikipedia.org/wiki/Robert_Hanssen

A top level agent with the FBI and for 22 years a double agent for the KGB.
And if the KGB has it, so does the Russian Mafia.
And if the Russian Mafia has it, so does anyone else.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 2:54pm
  
  Re: Except from the KGB
  Oh, he didn't say who the FBI is very good at keeping secrets FROM. Not from other governments. The FBI is very good at keeping secrets from citizens and the court. Even if doing so may be illegal.
  [ link to this | view in chronology ]
That One Guy (profile), 7 Apr 2016 @ 2:56pm

Two big problems
"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.

If the exploit is valuable to the FBI then it's valuable to other groups, and it only takes one person to decide that the money being offered from those other groups is enough to risk their job for the exploit to leak out.

Second, as far as the FBI being 'very good at keeping secrets', I imagine not too many years ago the NSA would probably have boasted the same, and we all know how well that worked out for them. Too many supposedly 'secure' government agencies have been hacked or had people flat out walk out the doors with sensitive documents for me to believe that the FBI can properly secure an exploit against someone who wants it badly enough, so the only way to keep the exploit from being used by those with less 'sterling' intentions is to make it known to Apple so that they can do everything in their power to patch it and remove it.
[ link to this | view in chronology ]
Christenson, 7 Apr 2016 @ 3:00pm

and Carnegie Mellon???
Didn't we just find out about Carnegie-Mellon researchers helping our government to de-anonymize Tor users?

I wonder how long before the FBI puts a muslim working for the researchers on the No-Fly list, and he gets severely pissed???
[ link to this | view in chronology ]
art guerrilla (profile), 7 Apr 2016 @ 3:24pm

a meta-comment on lying...
ok, so it is unlikely the mainstream media will EVER call a liar a liar, who isn't otherwise a pariah (puppetmaster-approved, of course!); but WE can...
not only can, but absolutely SHOULD as our collective duty to have active redress to 'our' (sic) gummint...
the kongress is corrupt and broken; the media is corrupt and broken; the judiciary is corrupt and broken, and it is ONLY US'ns who can route around these broken systems...
here, i'll start:
Comey is a fucking liar.
LIES are essentially the coin of the realm, and he is paid to maintain necessary illusions (a la chomsky), NOT to expose the lies and lawlessness of Empire...
he is, in fact, a TRAITOR to the constitution of the united states of america; as are innumerable others acting contrary to every tenet and right guaranteed to us all, NO MATTER WHAT !
they traduce our rights with extreme prejudice, and NOT ONE OF THEM will stand up for morality, ethics, and respecting the natural law we people want, and not the kafka-esque, korporate-kontrolled law to keep us 'legally' powerless and afraid of OUR gummint...
THAT is the harm liars and traitors like Comey do. until the system is purged of power-elite toadies, it will act no differently...
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 3:29pm

James Comey address at privacy conference
Yesterday, April 6, 2016, FBI Director James Comey gave the keynote address at conference held at Kenyon College in Gambier, Ohio, sponsored by the Center for the Study of American Democracy, entitled, “The Expectation of Privacy”.
On April 6-8 the Center for the Study of American Democracy at Kenyon College in Gambier, Ohio, will hold its fourth biennial conference, this year oriented around The Expectation of Privacy. . . .

The theme involves everyone who owns a smart phone, uses the internet or is even present in modern society. Online identity, health records, economic data and daily habits are increasingly tracked and stored in private, commercial and government databases. . . .

Director Comey's keynote address was livestreamed, and the archived webcast is available.
Opening address: Encryption and Surveillance

Date: Wed, Apr 6 2016 4:30 PM PDT — Wed, Apr 6 2016 6:00 PM PDT

About: James B. Comey, director of the Federal Bureau of Investigation; introduction by Sean Decatur, president of Kenyon College.

(Director Comey's address begins at about the 21 minute mark and his prepared remarks last for about 30 minutes, before he opens up for questions.)
[ link to this | view in chronology ]
- Anonymous Coward, 7 Apr 2016 @ 3:47pm
  
  Re: James Comey address at privacy conference
  Now, following a discussion with Director James Comey last night, we have some more... well... I don't think you can exactly call them "details", but
  From that April 7 Washington Post article by Mark Berman
  … Comey said during a discussion Wednesday night at Kenyon College.
  ( Just in case anyone here was wondering how Director Comey's keynote address bears on the present topic. )
  [ link to this | view in chronology ]
TasMot (profile), 7 Apr 2016 @ 4:14pm

One of the reasons that Apple didn't want to build the backdoor that the FBI wanted was that it would have to submit the exploit to 3rd party validation before the evidence could be used in court. Is the FBI subject to the same rules or can they just say "well of course we got it off of his phone, you can trust us".
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 4:41pm

"Every since..."

Really?
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 4:43pm

I'm betting a dollar that they never found an "exploit" and just backed down because of the s**tshow that started. Just like Comey's "girlfriend", who works at another agency, and always just happens to be "out of town" whenever people want to meet her.

In all likelihood someone at the FBI listened to Ron Wyden's suggestion on how to brute force the phone, and did it in the background, just in case they needed an out (and boy did they need one)
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 4:46pm

If they broke a law(s) that would probably explain why they refuse to explain how they did it.
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 5:00pm

...I have a high degree of confidence that they are very good at protecting them.

That, of course, assumes that whatever system they use doesn't have any vulnerabilities that were deemed too useful to fix. Or any vulnerabilities at all. They are building a house of cards where any system is secure only so long as all systems are secure. But don't worry about that, just keep hiding exploits behind compromised security and hope that nobody blinks.
[ link to this | view in chronology ]
Anonymous Coward, 7 Apr 2016 @ 5:47pm

I see how this works
If I create and test a method for accessing a system without authorization, and the FBI is willing to buy it, then it is not illegal and charges will not be filed. If I create and test a method for accessing a system without authorization, and the FBI doesn't want to buy it, I will be charged under the Computer Abuse and Fraud Act, as well as other laws, and go to jail.

Gotta love the freedoms in the USA.
[ link to this | view in chronology ]
CanadianByChoice (profile), 7 Apr 2016 @ 7:45pm

The First Question(s)
The first question should be "did they actually crack the phone? They would have known from metadata whether or not there would be anything "of interest" on it.
[ link to this | view in chronology ]
Rekrul, 7 Apr 2016 @ 11:05pm

The real question is if they actually did get into the phone, what earthshatteringly important new information did they learn? They were so desperate to open up the phone, now they supposedly have, anyone want to bet that we'll never heard anything more about the evidence they were supposedly anxious to get their hands on?
[ link to this | view in chronology ]
Machin Shin (profile), 8 Apr 2016 @ 5:35am

"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.

Well yes.... I bet they are "good at protecting them", in the same way a gun store is good at protecting their products. That says NOTHING about how willing they are to SELL IT again. We already know that who ever it was didn't do this out of some "civic duty" or something like that because he says the exploit was bought. So I'm supposed to believe this mystery individual won't pad his pocket some more by selling to other interested parties?
[ link to this | view in chronology ]
Ragnarredbeard, 8 Apr 2016 @ 8:43am

How cute
Its cute that people still assume that the FBI really did hack into the phone, given that they have neither revealed what they found or how they did it. I think its very likely they're just liars.
[ link to this | view in chronology ]
- That One Guy (profile), 8 Apr 2016 @ 10:04am
  
  Re: How cute
  Oh it's almost certain that they're lying when they claim to have found a way into the phone, yes, but the idea is that even giving them the (completely undeserved) benefit of the doubt and assuming for the sake of argument that they are telling the truth, they're still wrong.
  [ link to this | view in chronology ]
  - Anonymous Coward, 8 Apr 2016 @ 11:16am
    
    Re: Re: How cute
    Oh it's almost certain that they're lying when they claim to have found a way into the phone
    According to a leaked document, the Cryptanalysis and Exploitation Services – Analysis of Target Systems project received $39.4 million in Fiscal Year 2011 funding, was allocated $35.1 million in FY 2012, and requested $34.3 million in FY 2013. This funding was reported in connection with a multiyear, sustained effort targeting Apple platorms, among other vendors' equipment. We have no reason to believe that funding was discontinued in FY'14, rather it seems likely that that multiyear effort continues with funding today.
    
    Decapping the A6 is certainly within the budget and expertise of a multinational corporation, let alone a major nation-state. Besides that particular, highly-invasive and relatively costly approach to obtain direct access to the hardware uid, several other feasible approaches to obtain plaintext access to iPhone stored data have been reported over the last month.
    
    On the flip side, Apple engineered a “secure enclave” into the A7 and later processors. Now, perhaps it might be within the realm of remote possibility that Apple bean-counters approved that engineering change from the A6 despite a firm belief on Apple's part that the A6 was already ‘unhackable’. Maybe Apple bean-counters just throw money away on wasteful engineering efforts. But much more probably…
    [ link to this | view in chronology ]
    - That One Guy (profile), 9 Apr 2016 @ 3:24am
      
      'Were you lying then, or are you lying now?'
      Let me see if I can rephrase my statement to be a bit more accurate to how I see it.
      
      The FBI/DOJ claimed that they could not access the contents of the phone without Apple's assistance. If this was a lie, if they could access the phone before they made this statement, then they are probably telling the truth when it comes to saying that they accessed the phone when they did, because at that point they were looking at a decent probability of the wrong precedent being set by the court, and wanted to dump the case as quickly as possible.
      
      On the other hand if they were telling the truth then, then I'd say odds are very good that they're lying when they claimed that they had gained access to the phone just in time to drop the case or put it on the burner until the attention died down.
      
      Basically it's the timing of the matter that makes me believe that they're lying, the only real difference is when the lie occurred. That they 'discovered' the exploit just in time to drop a case that was going badly for them absolutely reeks of dishonesty and desperation, the odds that they weren't lying at some point is minuscule.
      [ link to this | view in chronology ]
    - John Fenderson (profile), 9 Apr 2016 @ 6:27am
      
      Re: Re: Re: How cute
      Not only is decapping the processor within the budget of multinational corporations, it's also within the capabilities and budget of hobbyists. You can find several youtube videos of people doing this.
      
      But, as That One Guy said, the feds have clearly lied their asses off one way or another on this matter.
      
      I think the most remarkable accomplishment from the FBI is that they managed to take their already terrible reputation and make it even worse.
      [ link to this | view in chronology ]
      - Anonymous Coward, 9 Apr 2016 @ 9:30am
        
        Re: Re: Re: Re: How cute
        Not only is decapping the processor within the budget…
        I should call out another document from that same tranche— “Secure Key Extraction by Physical De-Processing of Apple’s A4 Processor”.
        
        While that document appears on its face to be undated, the accompanying report says:
        At the 2011 Jamboree conference, there were two separate presentations . . . The second focused on a “method to physically extract the GID key.”
        That seems to claim that the physical de-processing presentation document is from 2011. According to Wikipedia, the Apple A4 processor was “produced from April 3, 2010 to September 10, 2013.”
        
        Also according to Wikipedia, the Apple A6 processor was “produced from September 21, 2012 to September 9, 2015.”
        [ link to this | view in chronology ]