AP, USA Today, Vice Sue FBI Over Refusal To Release Information About Contractor Who Cracked iPhone For It

from the exemption-(b)ecause-shut-up dept

USA Today, the Associated Press, and Vice News have joined forces to sue the FBI over its refusal to release even the most minimal amount of information on the hack it purchased to crack open the iPhone seized during its San Bernardino shooting investigation.

The DOJ certainly seemed adamant that Apple disclose all sorts of inside info to the government during the heated litigation. It turned down offers of assistance from hackers and security researchers before finally shelling out an unknown amount of money to an Israeli firm to gain access to the phone's contents. It also ensured it would never have to discuss the technical details of the hacking by not demanding this information be included in the purchase price.

Now, it refuses to even discuss the purchase price. Educated guesses that put it north of $1 million are based on a James Comey comment in which he said it was several times his annual salary. Somehow, the actual amount paid -- if revealed -- would somehow prevent the FBI's investigation from reaching its conclusion.

This FOIA lawsuit [PDF] targets other innocuous information the FBI refuses to release: contractor info on the party used to open up the seized iPhone (and discover nothing of investigative use on it).

This action is brought pursuant to the Freedom of Information Act (“FOIA”), 5 U.S.C. §§ 552, et seq., for basic contracting information from the Federal Bureau of Investigation (“FBI”) regarding one of its most publicly-discussed and controversial acquisitions: a technological tool openly purchased from a third-party vendor that was used to circumvent the need for a court order to access the locked iPhone of Syed Rizwan Farook, one of the perpetrators of the mass killings in San Bernardino, California.

As the lawsuit cleverly points out by using FBI director James Comey's own words against him, the public's interest in this information should easily outweigh the FBI's stated reasons for withholding it.

[T]he News Organizations seek to compel the FBI to provide records of the publicly-acknowledged business transaction that resulted in the purchase this March of the so-called iPhone access tool. The public interest in receiving this information is significant. The FBI’s purchase of this tool allowed government access to Mr. Farook’s phone, providing new information about one of the deadliest attacks on American soil in recent years, but also apparently failing to reveal any evidence of links between Mr. Farook and foreign terrorists or terrorist organizations...

FBI Director James Comey has himself stressed the essential importance of a nationwide “adult conversation” about whether and when law enforcement should be able to access encrypted devices because, “‘We’ve got to get to a point where we can reach [wrongdoers] as easily as they can reach us and change behavior by that reach-out.’” Mr. Comey also noted the need for increased information sharing with the public, an acknowledgment particularly critical given the potential of future legislative action on this issue, noting, “‘We need to understand in the FBI, how is this exactly affecting our work, and then share that with folks.’”

Moreover, the FBI’s purchase of the technology – and its subsequent verification that it had successfully obtained the data it was seeking thanks to that technology – confirmed that a serious undisclosed security vulnerability existed (and likely still exists) in one of the most popular consumer products in the world. And in order to exploit that vulnerability, the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest.

The complaint points out the FBI has offered up zero information on this mysterious contractor, leaving several questions unanswered. The agency has refused to turn over anything on the vetting process used to select this vendor, raising the possibility that the FBI's chosen hacking entity may also be aiding blacklisted governments, terrorist groups, or criminals with accessing communications and data.

The news agencies participating in the lawsuit have been seeking this info since the All Writs Order was vacated back in March. Every request has been denied. The lawsuit seeks an order compelling the release of this information.

The DOJ will obviously fight this but it should be an interesting case to watch… if there's anything to be seen from the outside. Despite the hack being specific to one iPhone make running one specific version of iOS -- and there being nothing of interest found on the cracked phone -- the DOJ is sure to claim that any disclosure, however minimal, will do serious damage to national security and law enforcement means and methods.

Filed Under: cracked, doj, encryption, fbi, foia, going dark, iphone, san bernardino, transparency
Companies: ap, usa today, vice

Do Apple Trademarks Reveal What It's About To Launch?

from the foiled-by-trademarks dept

If you're a gadget watcher or an Apple fanatic, then you already know that tomorrow is Apple's big fall event when it announces new hardware products. Unlike basically every other tech blog in the world, we tend not to cover the announcements (or all of the rumors leading up to those announcements). Every so often something interesting will come out of them and we'll write up that, but for the most part, we recognize that other sites are going to cover the basic beats and we're not the kind of publication that wants to spend our time writing up promotional copy for tech companies. But, sometimes there's some overlap in our usual coverage and these kinds of events. Brian Conroy, a trademark lawyer in Ireland who has a fun blog of trademark-related issues realized that Apple may have leaked some details via its trademark applications.

For example, while there are rumors of three new iPhones, Conroy notes that Apple has only applied for two trademarks related to the iPhone 7: "iPhone 7" and "iPhone 7 Plus." That doesn't necessarily mean that there isn't a third option, but the trademark applications seem to suggest only two. Conroy has also dug deep into global trademark filings to basically prove that Apple is the company behind the trademark filing for "Airpods" which many expect to be the name of the new earbuds or something similar that Apple may announce. The trademark itself was noticed a long time ago, filed for a company named "Entertainment in Flight LLC," presumed to be a dummy corporation set up by Apple. But Conroy goes further and shows that Apple may have slipped up in hiding some of this, and that the same Airpods trademark filing in countries like Norway, Malaysia and India came directly from Apple -- and the one in Malaysia points back to the original Entertainment in Flight filing in the US -- more or less proving that Entertainment in Flight is really Apple. Here's Conroy's video explaining this: Trademark law: finally useful for something.

Filed Under: airpods, brian conroy, iphone, trademark
Companies: apple

Apple Updates iOS To Close Three Separate 0days That Were Being Exploited

from the throw-away-your-phone dept

As you may have heard, if you have an iOS device (iPhone, iPad, even iPod Touch) you should be updating your devices, like a few hours ago. Seriously, if you haven't done it yet, stop reading and go update. The story behind this update is quite incredible, and is detailed in a great article over at Motherboard by Lorenzo Franceschi-Bicchierai. Basically after someone (most likely a gov't) targeted Ahmed Mansoor, a human rights activist in the United Arab Emirates with a slightly questionable text (urging him to click on a link to get info about prison torture), a team of folks from Citizen Lab (who have exposed lots of questionable malware) and Lookout (anti-malware company) got to work on the text and figured out what it did. And, basically the short version is that the single click exploits three separate 0days vulnerabilities to effectively take over your phone in secret. All of it. It secretly jailbreaks the phone without you knowing it and then accesses basically everything.

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”

So that's great.

The researches believe they've tracked back the exploit to a secretive hacking company called NSO Group. The full Citizen Lab writeup on all of this is quite fascinating as well. They estimate that this exploit from NSO probably costs in the range of a million dollars on the market, though obviously it's closed now. That doesn't mean that NSO or others don't have other exploits up their sleeves.

The report also notes that this kind of exploit is probably just used by nation states right now, but there's nothing to say that it couldn't move down the stack before too long, letting all sorts of mischievous characters look to basically completely pwn your phone. Pretty scary stuff, and yet another reminder of why it's so dangerous that folks like the NSA are hoarding 0days, rather than revealing them, and that the FBI is trying to force tech companies to break encryption and other tools that are necessary to block these kinds of attacks.

Filed Under: 0days, exploits, hacking, human rights, ios, iphone, surveillance, vulnerabilities
Companies: citizen lab, lookout, nso

Why Apple Removing The Audio Jack From The iPhone Would Be A Very, Very, Very, Bad Move

from the but-it'll-still-happen dept

It's been rumored for months now that the next iPhone will be removing the standard analog headphone jack -- the same jack that's existed on portable audio devices for ages. It would immediately make a whole bunch of headphone and microphone products obsolete overnight for those who use iPhones. And while some have compared it to when Apple surprised everyone nearly two decades ago in removing the floppy drive from the iMac, this is quite different. The floppy drive really was pushing the end of its necessary existence, and with the internet and (not too long after) the rise of USB, the internal floppy drive seemed less and less important. But that's not the case with the standard audio jack.

Back in June, Nilay Patel at the Verge had an excellent take on why this move would be user hostile in very dangerous ways, starting with the fact that forcing audio through the iPhone Lightning connection would mean DRM:

Oh look, I won this argument in one shot. For years the entertainment industry has decried what they call the "analog loophole" of headphone jacks, and now we’re making their dreams come true by closing it.

Restricting audio output to a purely digital connection means that music publishers and streaming companies can start to insist on digital copyright enforcement mechanisms. We moved our video systems to HDMI and got HDCP, remember? Copyright enforcement technology never stops piracy and always hurts the people who most rely on legal fair use, but you can bet the music industry is going to start cracking down on "unauthorized" playback and recording devices anyway. We deal with DRM when it comes to video because we generally don’t rewatch and take TV shows and movies with us, but you will rue the day Apple decided to make the iPhone another 1mm thinner the instant you get a "playback device not supported" message. Winter is coming.

With the latest rumors insisting that Apple is definitely doing this, Cory Doctorow has also weighed in to make the same point and go in much greater detail about how troubling this is:

Once all the audio coming out of an Iphone is digital -- once there's no analog output -- Apple gets a lot more options about how it can relate to its competitors, and they're all good for Apple and bad for Apple's customers. Just by wrapping that audio in DRM, Apple gets a veto over which of your devices can connect to your phone. They can arbitrarily withhold permission to headphone manufacturers, insist that mixers be designed with no analog outputs, or even demand that any company that makes an Apple-compatible device must not make that device compatible with Apple's competitors, so home theater components that receive Apple signals could be pressured to lock out Samsung's signals, or Amazon's.

What's more, once Apple gets the ability to add DRM, the record industry gets the ability to insist that Apple use it ("A phaser on the mantelpiece in Act One must go off by Act 3" - Pavel Chekov, Star Trek: TOS). In 2007, Steve Jobs published his Thoughts on Music, in which he said, basically, that the record industry had forced Apple to put DRM in its ecosystem and he didn't like it. The record industry is still made up of the same companies, and they still love DRM. Right now, an insistence on DRM would simply invite the people who wanted to bypass it for legal reasons to use that 3.5mm headphone jack to get at it. Once that jack is gone, there's no legal way to get around the DRM.

Perhaps worst of all is the impact on security research: because the DMCA has been used to attack researchers who disclosed defects in DRM-restricted technologies, they are often unable or unwilling to come forward when they discover serious vulnerabilities in technologies that we rely on. The Iphone audio interface is two-way: it supports both input and output. A bug in that interface turns the phone to carry with you at all times, to all places, into a covert listening device. A DRM system on that interface makes that bug all-but-unreportable, guaranteeing that it will last longer and hurt more people before it finally becomes public.

As Cory notes, these are not hypothetical stories and fear-mongering, they're all examples from what we've seen happen before, over and over again, when things are pushed into a DRM-based world. Cory is hoping that if Apple really does drop the audio jack -- as many now expect -- then it should simultaneously declare that the digital audio output is not "an effective means of access control," which would then mean it's not covered by the anti-circumvention laws of the DMCA. But, of course, does anyone actually expect Apple to do that? It has almost no incentive to unless the public rejects this situation in massive numbers, which seems unlikely.

Hopefully, those who make Android and other phones will not follow down this same path.

Filed Under: analog, drm, headphone jack, iphone
Companies: apple

Beijing Regulators Block Sales Of iPhones, Claiming The Design Is Too Close To Chinese Company's Phone

from the live-by-rounded-corners,-die-by-rounded-corners dept

This one was so easy to predict. For the past couple of decades, completely clueless US politicians and bureaucrats (and tech company execs) have been screaming about how China "doesn't respect" our intellectual property. They demanded that China "get more serious" about patents and respecting IP. And for nearly a decade we've been warning those people to be careful what you wish for. Because, now China has massively ramped up its patent system, often by using odd incentives, but rather than helping American companies that demanded it, pretty much every patent lawsuit in China has been about a Chinese company punishing or blocking foreign competition. This is because the Chinese aren't stupid. It's a country that has thrived on protectionism, despite global efforts to "open up trade," and here it realized that the West was handing them the perfect trade barrier: one that let them say they were doing what the West wanted, while giving it the perfect excuse to block out foreign competition.

So, while clueless US and European IP bureaucrats celebrated China issuing so many patents, they totally missed that they'd actually given away everything.

And, now you get stories like this: Apple has been banned from selling the iPhone 6 or iPhone 6s in Beijing, because of patent infringement. Regulators found that the design was too similar to the design of a Chinese firm's phone.

Apple Inc. violated the design patents of a Chinese device maker and may have to halt sales of its latest iPhones in Beijing, the city’s intellectual property authority ruled, handing the U.S. company its latest setback in a pivotal market.

The iPhone 6 and iPhone 6 Plus infringe on Shenzhen Baili’s patent rights because of similarities to its 100C phone, the Beijing Intellectual Property Office wrote in its decision.

Live by rounded corner patents, die by rounded corner patents.

Many are speculating that Apple's recent $1 billion investment in the Chinese Uber clone Didi was in part to help deal with attacks like this. Basically every American company that wants to sell products in China ends up investing in Chinese companies for this kind of purpose. But, once again, just as we've been saying for years, the Chinese, unlike many in the West, absolutely recognize what patents are: a trade barrier, and they must love the fact that the US keeps asking them to build more trade barriers.

Until US patent officials finally understand that patents are not about innovation, but are really about restraints on trade, innovation and competition, we're only going to see more and more stories like this.

Filed Under: china, foreign competition, iphone, patents, protectionism, rounded corners
Companies: apple, shenzen baili

FBI Won't Tell Me How Much It Paid To Break Into Syed Farook's iPhone, Saying It Might Jeopardize Its Investigation

from the say-what-now? dept

As you probably recall, several months ago, after going to court to try to force Apple to write some software to allow the FBI to hack into Syed Farook's work iPhone, the DOJ and FBI abruptly called off the case, claiming that it had been able to get an exploit that let it into the phone. A few weeks later, FBI Director James Comey suggested that the government paid over $1.2 million to get that exploit from some "hackers." Some later news reports indicated that the FBI quietly tried to talk down those numbers, and suggested that perhaps Comey was just bad at math (rather than name a number, he said that the FBI had paid "more than I will make in the remainder of this job, which is seven years and four months....").

Either way, I sent a FOIA request into the FBI that day asking for either the invoice or any other documentation showing how much the FBI had paid to get into Farook's work iPhone. The FBI has now rejected my FOIA request, arguing that since this is an "ongoing investigation," responding to such a request might somehow "interfere" with the case. This is complete hogwash, for a variety of reasons. First, Farook is dead. Second, what investigation is there left to do? We know that Farook and his wife shot up Farook's office party and killed a bunch of people. We also know that the FBI was so unconcerned about further investigation that it allowed reporters to ransack Farook's townhouse soon after the shooting. Third, how the hell would revealing the price impact the investigation? The answer is that it will not. There is nothing in saying "it cost us $1 million" or "it cost us $653,000" or whatever, that in any way interferes with whatever investigation remains to be done.

This is nothing more than the FBI doing what the FBI frequently does with FOIA requests. Denying them because the FBI doesn't want to answer.

Filed Under: exploit, fbi, foia, iphone, james comey, syed farook, vulnerability

DOJ Drops Other Big Case Over iPhone Encryption After Defendant Suddenly Remembers His Passcode

from the wait,-what? dept

While so much of the attention had been focused on the case in San Bernardino, where the DOJ was looking to get into Syed Farook's iPhone, we've pointed out that perhaps the more interesting case was the parallel one in NY (which actually started last October), where the magistrate judge James Orenstein rejected the DOJ's use of the All Writs Act to try to force Apple to help unlock the iPhone of Jun Feng, a guy who had already pled guilty on drug charges, but who insisted he did not recall his passcode.

There were some oddities in the case. Feng had pled guilty and there was some issue over whether or not there was still a need to get into the iPhone. The DOJ insisted yes, because Feng's iPhone might provide necessary evidence to find others involved in the drug ring. The other oddity: Feng's iPhone was running iOS7. While the device itself was a newer model iPhone than the one in the Farook case, it still has an older operating system, where it was known that Apple (and others) could easily get in. So it made no sense that the FBI couldn't get into this phone. In fact, Apple's latest filing in the case, just over a week ago was basically along those lines, noting that the DOJ claimed Apple's assistance was "necessary," but that seemed unlikely.

And... late on Friday, the DOJ did the exact same "run away!" move it did in the Farook case, telling the judge that it had suddenly been given the passcode, so there was no need to move forward with the case at all.

The government respectfully submits this letter to update the Court and the parties. Yesterday evening, an individual provided the passcode to the iPhone at issue in this case. Late last night, the government used that passcode by hand and gained access to the iPhone. Accordingly, the government no longer needs Apple’s assistance to unlock the iPhone, and withdraws its application.

According to a (paywalled) WSJ article, Feng, who has been waiting for his sentencing, and thinking that his case was otherwise over, only just found out that there was this big fuss around his own case... and told the DOJ he miraculously remembered the passcode. Hallelujah. A miracle... and the DOJ was magically saved from a precedent it didn't want.

The Wall Street Journal reported last week that Mr. Feng only recently learned his phone had become an issue in a high-stakes legal fight between prosecutors and Apple. Mr. Feng, who has pleaded guilty and is due to be sentenced in the coming weeks, is the one who provided the passcode to investigators, according to people familiar with the matter.

Of course, it's worth noting, however that while this particular case may be effectively over, it's not that great for the DOJ, in that no one got to officially review magistrate judge James Orenstein's fairly epic smackdown of the DOJ earlier in the case. That, of course, has no value as a precedent, but that doesn't mean it won't be quoted or pointed to in other, similar cases.

On the flip side, of course, there's the argument that every time the case starts looking bad for the DOJ, they miraculously get into the phone in question. At the very least, this ought to raise questions about why the DOJ keeps insisting that it needs Apple's help... But the fact is these cases are going to keep coming.

Filed Under: all writs act, doj, encryption, going dark, iphone, jun feng, passcode
Companies: apple

FBI Allegedly Paid More Than $1 Million To Get Into Encrypted iPhone... And To Avoid Setting Legal Precedent It Didn't Like

from the just-saying dept

On Thursday, FBI Director James Comey suggested that the FBI paid over a million dollars to a group of hackers who helped it get into Syed Farook's encrypted work iPhone. Of course, just as pretty much everyone predicted, the FBI found nothing of value on the iPhone. This was hardly a surprise. It was a case where we already know who did it, and that they were already dead. We also know that they destroyed their two personal iPhones, leaving open the question why anyone would think there was anything valuable on the work iPhone.

Specifically, Comey said that buying the exploit from this group cost the FBI "more than I will make in the remainder of this job, which is seven years and four months, for sure." Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.

This has, understandably caused some to ask how it could possibly be worth it to pay so much money for an exploit that everyone must have known was worthless.

It would have been more responsible to give the FBI’s slush fund over to the victims’ families than to pursue such an obvious non-lead.

— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Things that would've better served the American public with $1.3M than Comey's goose chase: Mental health funding.

— Jonathan Zdziarski (@JZdziarski) April 21, 2016

Of course, that is taking a slightly narrow view on things, considering that many people believe, strongly, that the FBI's motive here was really to extricate itself from the legal dispute over the phone that had the very strong potential of ending with a bad precedent for the FBI and the DOJ. When looked at through that lens, $1.3 million or whatever seems like very little money to pay...

Filed Under: doj, fbi, hack, iphone, james comey, precedent, syed farook
Companies: apple

Apparently Hacking Syed Farook's iPhone Accomplished Nothing (Other Than Making Everyone Less Safe)

from the putting-everyone-at-risk dept

This should hardly comes as a surprise but reports are surfacing saying that after hacking into Syed Farook's work iPhone, that was subject to so much attention, the FBI has found absolutely nothing of interest:

Law enforcement source tells @CBSNews so far nothing of real significance has been found on San Bernardino terrorist iPhone unlocked by FBI.

— Charlie Kaye (@CharlieKayeCBS) April 13, 2016

Remember, this was the same iPhone that the DOJ and the FBI said was critical in their investigation. This is the same iPhone that the San Bernardino District Attorney, Michael Ramos, insisted could be hiding evidence of a "dormant cyber pathogen" destined to destroy San Bernardino County's computer network.

And, in the end, it appears that (as everyone expected) there was nothing on it. At all.

This isn't surprising. As the FBI freely admitted all along, Farook and his wife had destroyed their own personal iPhones, and the only remaining one was this one, which was Farook's work phone. If there had been anything that sensitive on it, you'd have figured they would have destroyed it too. And, of course, others had noted that the FBI's choice of words after getting in pretty clearly suggested there was nothing useful on the phone.

But... in the meantime, the FBI has now made it clear that at least certain iPhone models have a massive vulnerability in them that potentially puts millions of iPhone users at risk. And the FBI has shown no interest in telling Apple where this vulnerability exists.

In short, the FBI, who is supposed to keep us safe from crime, broke into an iPhone which helped it solve no crime, but almost certainly has put millions of people at risk for potential criminal attacks in the future. Why does anyone think this is a good result?

Filed Under: encryption, fbi, going dark, iphone, syed farook

FBI Plays It Coy Regarding Their iPhone Exploit

from the what-color-is-your-hat? dept

Every since the FBI announced that it had found its own way into Syed Farook's iPhone, people have been wondering exactly how it managed to do so, and how many people the exploit puts at risk. Unsurprisingly, the agency declined to share any details with Apple and tried to downplay the possibility that they'd be breaking into phones left and right — despite pretty quickly entertaining the idea of doing exactly that. Now, following a discussion with Director James Comey last night, we have some more... well... I don't think you can exactly call them "details", but:

"We're having discussions within the government about, okay, so should we tell Apple what the flaw is that was found?" Comey said. "That’s an interesting conversation because you tell Apple and they’re going to fix it and then we’re back where we started from."

Comey said that it is possible that authorities will tell Apple, but "we just haven’t decided yet."

That's an interesting way of putting it. It seems Comey has forgotten "where we started from", because not that long ago he was still insisting that this had nothing do with setting a precedent or getting into other phones in the future and was all about pursuing every lead in this one case. Well, that lead has now been pursued and the phone in question cracked, so Comey's "back where we started" comment only makes sense if (shocker) this really was about a lot more than one phone.

Comey went on to downplay the applicability of whatever exploit they are using:

While Comey did not disclose the outside group’s method in his remarks Wednesday, he said it would only be useful on a select type of devices — specifically, the iPhone 5C, an older model released more than two years ago.

"The world has moved on to [iPhone] 6’s," Comey said. "This doesn’t work in 6S, this doesn’t work in a 5S. So we have a tool that works on a narrow slice of phones. … I can never be completely confident, but I’m pretty confident about that."

Of course, the 5C still accounts for around 5% of iPhones, which may be a "narrow slice", but that's likely of little comfort to the many people using them who now know their device contains a potential security exploit which the FBI is refusing to protect them from. Because that's the point: if the 5C is hackable, that means a bunch of people are at risk and not just from law enforcement overreach. The right thing to do when you've discovered such a vulnerability is report it so it can be fixed — that's pretty much the dividing line between white hat and black hat hacking. By keeping mum on the details, the FBI is leaving a known security vulnerability in the wild. Oh, but Comey's not worried about that:

Comey did not seem concerned that the method for accessing Farook’s iPhone would be revealed by the outside group that helped them.

"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.

He only identified this group as "someone outside the government" and said "their motivations align with ours."

Firstly, this presupposes that the exploit will never be found by anyone else (and hasn't been already). Secondly, isn't his allusion to the FBI's mysterious assistants a bit unnerving? Yes, there are security researchers who focus on selling what they find to governments and law enforcement agencies when they need to hack something, instead of revealing the vulnerabilities they discover and helping to close them — which many would already see as a problem. But I guess we are supposed to be comforted that the FBI knows a "fair amount" about these non-governmental hackers, and that their "motivations" align (and don't include doing everything possible to help the public secure their devices and keep their data safe). To protect and serve indeed.

Filed Under: encryption, fbi, iphone
Companies: apple