FBI Plays It Coy Regarding Their iPhone Exploit
from the what-color-is-your-hat? dept
Every since the FBI announced that it had found its own way into Syed Farook's iPhone, people have been wondering exactly how it managed to do so, and how many people the exploit puts at risk. Unsurprisingly, the agency declined to share any details with Apple and tried to downplay the possibility that they'd be breaking into phones left and right — despite pretty quickly entertaining the idea of doing exactly that. Now, following a discussion with Director James Comey last night, we have some more... well... I don't think you can exactly call them "details", but:
"We're having discussions within the government about, okay, so should we tell Apple what the flaw is that was found?" Comey said. "That’s an interesting conversation because you tell Apple and they’re going to fix it and then we’re back where we started from."
Comey said that it is possible that authorities will tell Apple, but "we just haven’t decided yet."
That's an interesting way of putting it. It seems Comey has forgotten "where we started from", because not that long ago he was still insisting that this had nothing do with setting a precedent or getting into other phones in the future and was all about pursuing every lead in this one case. Well, that lead has now been pursued and the phone in question cracked, so Comey's "back where we started" comment only makes sense if (shocker) this really was about a lot more than one phone.
Comey went on to downplay the applicability of whatever exploit they are using:
While Comey did not disclose the outside group’s method in his remarks Wednesday, he said it would only be useful on a select type of devices — specifically, the iPhone 5C, an older model released more than two years ago.
"The world has moved on to [iPhone] 6’s," Comey said. "This doesn’t work in 6S, this doesn’t work in a 5S. So we have a tool that works on a narrow slice of phones. … I can never be completely confident, but I’m pretty confident about that."
Of course, the 5C still accounts for around 5% of iPhones, which may be a "narrow slice", but that's likely of little comfort to the many people using them who now know their device contains a potential security exploit which the FBI is refusing to protect them from. Because that's the point: if the 5C is hackable, that means a bunch of people are at risk and not just from law enforcement overreach. The right thing to do when you've discovered such a vulnerability is report it so it can be fixed — that's pretty much the dividing line between white hat and black hat hacking. By keeping mum on the details, the FBI is leaving a known security vulnerability in the wild. Oh, but Comey's not worried about that:
Comey did not seem concerned that the method for accessing Farook’s iPhone would be revealed by the outside group that helped them.
"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.
He only identified this group as "someone outside the government" and said "their motivations align with ours."
Firstly, this presupposes that the exploit will never be found by anyone else (and hasn't been already). Secondly, isn't his allusion to the FBI's mysterious assistants a bit unnerving? Yes, there are security researchers who focus on selling what they find to governments and law enforcement agencies when they need to hack something, instead of revealing the vulnerabilities they discover and helping to close them — which many would already see as a problem. But I guess we are supposed to be comforted that the FBI knows a "fair amount" about these non-governmental hackers, and that their "motivations" align (and don't include doing everything possible to help the public secure their devices and keep their data safe). To protect and serve indeed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, iphone
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
That could include extracting personal data without having to go to court to get a warrant, and as any use of such data is illegal, motivations would align.
[ link to this | view in thread ]
[ link to this | view in thread ]
Except from the KGB
I guess Comey forgot about this guy: Robert Hanssen - https://en.wikipedia.org/wiki/Robert_Hanssen
A top level agent with the FBI and for 22 years a double agent for the KGB.
And if the KGB has it, so does the Russian Mafia.
And if the Russian Mafia has it, so does anyone else.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Except from the KGB
[ link to this | view in thread ]
Two big problems
If the exploit is valuable to the FBI then it's valuable to other groups, and it only takes one person to decide that the money being offered from those other groups is enough to risk their job for the exploit to leak out.
Second, as far as the FBI being 'very good at keeping secrets', I imagine not too many years ago the NSA would probably have boasted the same, and we all know how well that worked out for them. Too many supposedly 'secure' government agencies have been hacked or had people flat out walk out the doors with sensitive documents for me to believe that the FBI can properly secure an exploit against someone who wants it badly enough, so the only way to keep the exploit from being used by those with less 'sterling' intentions is to make it known to Apple so that they can do everything in their power to patch it and remove it.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
and Carnegie Mellon???
I wonder how long before the FBI puts a muslim working for the researchers on the No-Fly list, and he gets severely pissed???
[ link to this | view in thread ]
a meta-comment on lying...
not only can, but absolutely SHOULD as our collective duty to have active redress to 'our' (sic) gummint...
the kongress is corrupt and broken; the media is corrupt and broken; the judiciary is corrupt and broken, and it is ONLY US'ns who can route around these broken systems...
here, i'll start:
Comey is a fucking liar.
LIES are essentially the coin of the realm, and he is paid to maintain necessary illusions (a la chomsky), NOT to expose the lies and lawlessness of Empire...
he is, in fact, a TRAITOR to the constitution of the united states of america; as are innumerable others acting contrary to every tenet and right guaranteed to us all, NO MATTER WHAT !
they traduce our rights with extreme prejudice, and NOT ONE OF THEM will stand up for morality, ethics, and respecting the natural law we people want, and not the kafka-esque, korporate-kontrolled law to keep us 'legally' powerless and afraid of OUR gummint...
THAT is the harm liars and traitors like Comey do. until the system is purged of power-elite toadies, it will act no differently...
[ link to this | view in thread ]
James Comey address at privacy conference
Director Comey's keynote address was livestreamed, and the archived webcast is available.
(Director Comey's address begins at about the 21 minute mark and his prepared remarks last for about 30 minutes, before he opens up for questions.)
[ link to this | view in thread ]
Re: James Comey address at privacy conference
[ link to this | view in thread ]
[ link to this | view in thread ]
Really?
[ link to this | view in thread ]
In all likelihood someone at the FBI listened to Ron Wyden's suggestion on how to brute force the phone, and did it in the background, just in case they needed an out (and boy did they need one)
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
That, of course, assumes that whatever system they use doesn't have any vulnerabilities that were deemed too useful to fix. Or any vulnerabilities at all. They are building a house of cards where any system is secure only so long as all systems are secure. But don't worry about that, just keep hiding exploits behind compromised security and hope that nobody blinks.
[ link to this | view in thread ]
Re:
I thought you said there was no way to do this without Apple's help?
Uhm, that's still true. This secret hacker company figured it out and only told us at the last minute. I can't tell you who they are and I won't tell you any details about the exploit because, you know, National Security.
Didn't you say it would only work on that one specific phone?
Yeah, sorry about the ambiguity. I meant that one type of phone.
Will you ever tell Apple any details about this exploit?
Since the exploit only applies to this one version, it affects only a small percentage of their phones and that percentage will be getting less and less over time. Anyway, Apple has already fixed it and the exploit is still useful to us because, you know, National Security. so I don't think I really should tell Apple the details.
Will you help other law enforcement agencies with their cases using this exploit?
Of course, I'll always help my law enforcement brethren when I can. That is, when the phone, hardware and software just matches this one, and the case involves, you know, National Security in some way. Cause I really don't want to have the details revealed in court.
I wonder if the FBI has hired some smart teenagers to be part of a Tailored Lie Operations Group. One thing that is a bit comforting is that their doesn't appear to be a known exploit to crack the data encryption itself. So, if the exploit is a way to bypass the limits on guessing the passcode, then the data can still be protected with a good choice of passcode. If you choose a random 7 character (alphanumeric using only lower case letter plus 10 digits) it will take 99 years on average to brute force the passcode.
[ link to this | view in thread ]
I see how this works
Gotta love the freedoms in the USA.
[ link to this | view in thread ]
The First Question(s)
[ link to this | view in thread ]
Re:
Welp, time to kill off the American Experiment, it clearly hasn't worked.
[ link to this | view in thread ]
[ link to this | view in thread ]
Well yes.... I bet they are "good at protecting them", in the same way a gun store is good at protecting their products. That says NOTHING about how willing they are to SELL IT again. We already know that who ever it was didn't do this out of some "civic duty" or something like that because he says the exploit was bought. So I'm supposed to believe this mystery individual won't pad his pocket some more by selling to other interested parties?
[ link to this | view in thread ]
Re:
These turds thought they could win in the court of public opinion by playing the, now over-played, terrorism card. Really, what are the odds they found a way in to the phone, at literally the absolute last moments before heading back in front of the magistrate?
[ link to this | view in thread ]
Re: Re:but
That said, the FBI has planted doubt, was it a hardware, or a software hack. But, you see, right now hacking a product as such is illegal, even thou there are videos on utube about doing the same sent in daily. And it is not court evidence. It's tainted. Apple could have complied, and said special keys were needed, and shut up, no one would have cared. But they made a stink of not helping, the only people they won't help are Americans, the rest of the world they jump right in to help! What's different here? Supposedly free speech? Right! I guess they need a law to protect them from hackers? From law enforcement? Or from child molesters? Porn pushers?
[ link to this | view in thread ]
How cute
[ link to this | view in thread ]
Re: How cute
[ link to this | view in thread ]
Re: Re: How cute
Decapping the A6 is certainly within the budget and expertise of a multinational corporation, let alone a major nation-state. Besides that particular, highly-invasive and relatively costly approach to obtain direct access to the hardware uid, several other feasible approaches to obtain plaintext access to iPhone stored data have been reported over the last month.
On the flip side, Apple engineered a “secure enclave” into the A7 and later processors. Now, perhaps it might be within the realm of remote possibility that Apple bean-counters approved that engineering change from the A6 despite a firm belief on Apple's part that the A6 was already ‘unhackable’. Maybe Apple bean-counters just throw money away on wasteful engineering efforts. But much more probably…
[ link to this | view in thread ]
'Were you lying then, or are you lying now?'
The FBI/DOJ claimed that they could not access the contents of the phone without Apple's assistance. If this was a lie, if they could access the phone before they made this statement, then they are probably telling the truth when it comes to saying that they accessed the phone when they did, because at that point they were looking at a decent probability of the wrong precedent being set by the court, and wanted to dump the case as quickly as possible.
On the other hand if they were telling the truth then, then I'd say odds are very good that they're lying when they claimed that they had gained access to the phone just in time to drop the case or put it on the burner until the attention died down.
Basically it's the timing of the matter that makes me believe that they're lying, the only real difference is when the lie occurred. That they 'discovered' the exploit just in time to drop a case that was going badly for them absolutely reeks of dishonesty and desperation, the odds that they weren't lying at some point is minuscule.
[ link to this | view in thread ]
Re: Re: Re: How cute
But, as That One Guy said, the feds have clearly lied their asses off one way or another on this matter.
I think the most remarkable accomplishment from the FBI is that they managed to take their already terrible reputation and make it even worse.
[ link to this | view in thread ]
Re: Re: Re: Re: How cute
While that document appears on its face to be undated, the accompanying report says: That seems to claim that the physical de-processing presentation document is from 2011. According to Wikipedia, the Apple A4 processor was “produced from April 3, 2010 to September 10, 2013.”
Also according to Wikipedia, the Apple A6 processor was “produced from September 21, 2012 to September 9, 2015.”
[ link to this | view in thread ]