Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)
from the putting-everyone-at-risk dept
This should hardly comes as a surprise but reports are surfacing saying that after hacking into Syed Farook's work iPhone, that was subject to so much attention, the FBI has found absolutely nothing of interest:Law enforcement source tells @CBSNews so far nothing of real significance has been found on San Bernardino terrorist iPhone unlocked by FBI.
— Charlie Kaye (@CharlieKayeCBS) April 13, 2016
And, in the end, it appears that (as everyone expected) there was nothing on it. At all.
This isn't surprising. As the FBI freely admitted all along, Farook and his wife had destroyed their own personal iPhones, and the only remaining one was this one, which was Farook's work phone. If there had been anything that sensitive on it, you'd have figured they would have destroyed it too. And, of course, others had noted that the FBI's choice of words after getting in pretty clearly suggested there was nothing useful on the phone.
But... in the meantime, the FBI has now made it clear that at least certain iPhone models have a massive vulnerability in them that potentially puts millions of iPhone users at risk. And the FBI has shown no interest in telling Apple where this vulnerability exists.
In short, the FBI, who is supposed to keep us safe from crime, broke into an iPhone which helped it solve no crime, but almost certainly has put millions of people at risk for potential criminal attacks in the future. Why does anyone think this is a good result?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, going dark, iphone, syed farook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Typical...
I think someone historically important once said.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
~Franklin
[ link to this | view in thread ]
No Surprise
[ link to this | view in thread ]
[ link to this | view in thread ]
Conspiracy!
[ link to this | view in thread ]
i mean.. first fbi says they've broken into this phone and are now going to help local leos break into other phones.
today.. news comes out that the fbi doesn't actually know how the crack worked and they have no way to do it again.
so... were they lying then or are they lying now?
[ link to this | view in thread ]
I just imagine the FBI forensics training
Recruits: MMM, good...
Gunnery Sergeant Hartman: Feels Good
Recruits: Feels Good
Gunnery Sergeant Hartman: Is Good
Recruits: Is Good
Gunnery Sergeant Hartman: Real Good
Recruits: Real good
Gunnery Sergeant Hartman: Tastes Good
Recruits: Tastes good
Gunnery Sergeant Hartman: Mighty Good
Recruits: Mighty good
Gunnery Sergeant Hartman: Good for you
Recruits: Good for you
Gunnery Sergeant Hartman:Good for me
Recruits: Good for me
[ link to this | view in thread ]
I followed the author's link and searched for the word "critical". It was not there, leading me to believe that the author is not being altogether accurate in reporting what the FBI has been stating concerning this matter.
[ link to this | view in thread ]
Surprised they acknowledged finding nothing
[ link to this | view in thread ]
"This is so exciting, ladies and gentlemen! Any moment, the iPhone is going to be cracked and we'll find the entire terrorist organizations' plans, names, whereabouts and maybe, just maybe, Al Capone's bank account numbers!"
[ link to this | view in thread ]
I'm eager to hear your reasoning on this one. Black/grey hat hackers and exploits exist. What does the FBI have to do with this?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Apple hire
[ link to this | view in thread ]
Re:
I have no trouble believing they got nothing of value from it however. That is inevitable whether they got in or not.
[ link to this | view in thread ]
Re: "almost certainly has put millions of people at risk "
[ link to this | view in thread ]
[ link to this | view in thread ]
Schrödinger's Phone
[ link to this | view in thread ]
Re: Re: "almost certainly has put millions of people at risk "
The idea that hackers are just waiting around for some public pronouncement of vulnerability is laughable. There are entire businesses legal and illegal, built around finding and selling vulnerabilities not to mention individuals and state actors.
>The FBI could, and given their anti-crime mission, should, tell Apple how the vulnerability works.
That argument has some merit. However these vulnerabilities have incredibly short lifespans and are generally limited in devices and software versions vulnerable. I'm sure the company that worked with the FBI has many more. I'm speculating, but it could even be a term of the contract that the company sells its services, not the details of the exploit making disclosure impossible.
Either way, the argument that this has significantly added to risk users face already doesn't hold water. Millions of people are always at risk because software is not perfect and determined parties find and exploit vulnerabilities.
[ link to this | view in thread ]
I don't know why you think it's a bad result. Law enforcement using hacking tools is standard practice. In this case it was narrowly focused to a single device. I'd be more worried about honeypots and other attacks on the larger internet.
Yes, the FBI's legal arguments were troubling, but they were checked by the judicial system.
No new legal powers were gained compelling companies to compromise their software and nothing was made illegal.
This is is the best possible outcome we could have hoped for.
[ link to this | view in thread ]
Mike, would you please explain how this instance is so much worse than every other time law enforcement hacked into a phone with a legally authorized warrant?
[ link to this | view in thread ]
Re: Not the best outcome
[ link to this | view in thread ]
Not everyone is less safe
Now he can't plan any more secret crimes or communicate with other terrorists, great job FBI!
[ link to this | view in thread ]
Re: Re: Not the best outcome
[ link to this | view in thread ]
Re: Surprised they acknowledged finding nothing
[ link to this | view in thread ]
FBI is not evil
[ link to this | view in thread ]
Re: Re: Re: "almost certainly has put millions of people at risk "
[ link to this | view in thread ]
The FBI seriously underestimated the support for it's actions from the public and tech sectors. When it found out it get far more attention than it had thought it would, it was rather quickly it backed out of the court case so as not to set a precedent.
That hasn't stopped the other cases it has in the works to continue to attempt to force Apple to backdoor, just this one with all it's negative public exposure.
[ link to this | view in thread ]
Re: Re: Re: Re: "almost certainly has put millions of people at risk "
[ link to this | view in thread ]
When the government is involved...
You will be right more than 50% of the time.
[ link to this | view in thread ]
Re: Re: Re: Re: "almost certainly has put millions of people at risk "
They almost never have to, because the vast majority of the time it was already known to them. Particularly in this case. The Feds bought the exploit from gray-hat hackers, and if the gray hats know it, you can be pretty sure that the black hats do as well.
[ link to this | view in thread ]
Remember John Walker?
Should be uncreated and replaced by honest, sincere SERVANTS of the citizens (makes one recall the motto of cops in the good old days - "To Serve And Protect").
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Surprised they acknowledged finding nothing
[ link to this | view in thread ]
red letter day for everyone wanting to send us all down the river.
[ link to this | view in thread ]
Re: Re: Re: "almost certainly has put millions of people at risk "
The fact of the matter here is that the FBI could help prevent crime by releasing details of this vulnerability. That they are not, purely out of spite, is appalling. Why is the FBI not doing their fucking job?
[ link to this | view in thread ]
naive?
[ link to this | view in thread ]
Re: Re: Re: Re: "almost certainly has put millions of people at risk "
https://www.eff.org/deeplinks/2016/04/will-apple-ever-find-out-how-fbi-hacked-phone-faq
[ link to this | view in thread ]
Re: naive?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
I would say, they were lying both then and now.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Surprised they acknowledged finding nothing
[ link to this | view in thread ]
Re: Re: Re: Re: Re: "almost certainly has put millions of people at risk "
Did you even read that link you trotted out? It makes it abundantly clear that the FBI has a very poor track record when it comes to disclosing vulnerabilities. They barely pay lip service to the idea. (And the fact that there's a procedure in place for it would indicate that releasing information about exploits they are aware of is very much part of their job).
There is no scenario where it is acceptable for a law enforcement agency to sit on an exploit like that. That's like a cop going into a shop that's being robbed and saying "Not my problem. I haven't been dispatched here, and the paperwork would be a pain."
[ link to this | view in thread ]
Re: Re: Re: Re: Re: "almost certainly has put millions of people at risk "
Assumption 1: This exploit is known to various black hat hackers and is in use.
Assumption 2: Active exploitation of this vulnerability puts citizens at risk.
Assumption 3: The FBI is aware of this vulnerability.
Assumption 4: Given knowledge of this vulnerability, Apple could work to mitigate the damage.
With the given assumptions, there are two options.
Option A: FBI does not releasd information about the exploit, and it continues to be exploited, harming some number of individuals. Call this number X.
Option B: FBI releases information about the exploit, reducing the number of harmed individuals. Call this number X - Y.
The choice between these options is made by the FBI. Therefore, they can choose to harm a larger number of individuals, or a fewer number of individuals.
The cost of each option, in harmed individuals:
Option A: Y
Option B: 0
By not disclosing the vulnerability their inaction has put some number of individuals at risk of harm.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: "almost certainly has put millions of people at risk "
[ link to this | view in thread ]
Re: Apple hire
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
right?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: naive?
[ link to this | view in thread ]
I have little doubt that if the FBI had in fact found something on this IPhone, the techdirt story would be to dismiss it as an exceptional case, as clearly it has been shown that most terrorists don't use encryption (except for those using Iphones, whatsapp, and so on... ).
It would be nice if things got explained in the same way - find something, it's exception, find nothing and it's some sort of overwhelming proof? Nice!
[ link to this | view in thread ]
Re: Typical...
"It is more important that innocence should be protected, than it is, that guilt be punished; for guilt and crimes are so frequent in this world, that all of them cannot be punished.... when innocence itself, is brought to the bar and condemned, especially to die, the subject will exclaim, 'it is immaterial to me whether I behave well or ill, for virtue itself is no security.' And if such a sentiment as this were to take hold in the mind of the subject that would be the end of all security whatsoever"
Seems apt.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: "almost certainly has put millions of people at risk "
You're playing semantic games. The FBI's choice has led to more people being at risk than if they had made a different choice. The article doesn't say it leads to more people being at risk than were at risk yesterday.
[ link to this | view in thread ]
Re:
Why would there only be one question?
[ link to this | view in thread ]
Re: FBI is not evil
Even evil means...
[ link to this | view in thread ]
Re:
It's fun to make stuff up about what someone else would say in a counterfactual situation, isn't it?
[ link to this | view in thread ]
Re: Re:
Both stories would come from the same side of the hatchet.
[ link to this | view in thread ]
Re: Re: Re:
Because they let people like you post here.
[ link to this | view in thread ]
The Result: Time and Money wasted
Do they not have anything else to do?
The same results would have come from them sledge hammering the phone and opening it by that kind of brute force.
They wouldn't have found anything there, either way.
I guess they must like being made to look like total fools-they do it so easily.
[ link to this | view in thread ]
Wasted opportunity.
That way the next attempt to set a precedent would have more ammunition.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]