Apple Won't Create 'Backdoor' to Help FBI Access San Bernardino Shooter's iPhone

[Tombs]

So you believe there is a way to disable the security feature on that one phone that can't be used on other phones?

Also, sure a warrant to retrieve information off of that specific phone is fine, but why should a third party be compelled to assist in that retrieval? Maybe one or more of the lawyers in here could chime in.

I have a very good idea of how it's possible.

The problem becomes a matter of apple managing the program SOLELY and the government not forcing them to hand over the software or phones after they've removed the data.
The feds would probably be very unhappy with such a thing.

 

[jbombelli]

I have a very good idea of how it's possible.

The problem becomes a matter of apple managing the program SOLELY and the government not forcing them to hand over the software or phones after they've removed the data.
The feds would probably be very unhappy with such a thing.

If Apple even COULD do that, you can be absolutely sure that technology would *somehow* end up in the government's possession eventually, and then it would be abused. Count on it.

 

[JettaKnight]

I have a very good idea of how it's possible.

I really don't think you do. Embedded security a very complex problem with lots of people working all sides and angles. I deal with it on a limited scale in product I develop, including encryption. That said, I wouldn't even pretend that I even remotely understand the full details at play here.

There's nothing foolproof and uncrackable except for classic one time pads. Apart from that, everything can be cracked. The issue is how much does it cost? Does it cast more than obtaining the data in another method? The the work you spend cracking exceed the benefit?

Perhaps the NSA can crack it. I certainly can imagine one way that wouldn't be too difficult, but I don't no if it's feasible since I'm not familiar with the flash storage on these devices.

The question is what are they gaining from assisting the FBI? What are they losing? Letting the cat out of the bag? resources that could be spent elsewhere with better pay offs?

I just don't see a big payoff here. But then again, I don't work intelligence.

Wasn't this an event on American source with American actors? That alone should preclude NSA intervention.

 

[Tombs]

If Apple even COULD do that, you can be absolutely sure that technology would *somehow* end up in the government's possession eventually, and then it would be abused. Count on it.

It could make use of something that can be patched out or changed in an update, so if the feds got a hold of it, it could be made irrelevant over night.

I really don't think you do. Embedded security a very complex problem with lots of people working all sides and angles. I deal with it on a limited scale in product I develop, including encryption. That said, I wouldn't even pretend that I even remotely understand the full details at play here.

There's nothing foolproof and uncrackable except for classic one time pads. Apart from that, everything can be cracked. The issue is how much does it cost? Does it cast more than obtaining the data in another method? The the work you spend cracking exceed the benefit?

Perhaps the NSA can crack it. I certainly can imagine one way that wouldn't be too difficult, but I don't no if it's feasible since I'm not familiar with the flash storage on these devices.

The question is what are they gaining from assisting the FBI? What are they losing? Letting the cat out of the bag? resources that could be spent elsewhere with better pay offs?

I just don't see a big payoff here. But then again, I don't work intelligence.

Wasn't this an event on American source with American actors? That alone should preclude NSA intervention.

Would a firmware update be capable of bypassing or cracking such security?

 

[JettaKnight]

Would a firmware update be capable of bypassing or cracking such security?

In this case, yes, since their not asking for the actual encryption keys, which have to be stored on the device, since no user enters a 128 or 256 bit key.

The issue is getting the device to accept new firmware. Firmware from Apple might be encrypted, but most likely it's just signed with a cryptographic hash, like SHA256. Making your firmware have their signature is very, very hard.

Assuming you get past that, how do you make your own firmware with this hack? Apple is notorious from not releasing specs and when they do, it's on a limited need to know basis.*

And how do you get firmware on that one device? It's algorithm is to phone the mothership and look for new firmware. Well, there's probably not a good way for the mothership to issue firmware to this one device and not all.

That brings us back around to this: if you can do it for one, then you can do it for all.


Of course this is all thumb sucking on my part from my own experiences with development of embedded systems and learning about the craft.


* At one time I did have clearance to Apple's iPod specs - I hated that part of the project.

 

[Cameramonkey]

The victims are dead, the shooters are dead, it's over, and it's obvious what happened. What are they hoping to get from this 18 minutes of phone data? One more sentence to write in the eventual Wikipedia page for the shooting?

They already have the 18 minutes. What they dont have is contact info, and other data relevant to the investigation leading up to the event. They are looking for associates and those that might have helped. Even if that phone call was 2 years ago and not easy to find in the call logs. Not to mention the web surfing, and other data they want.

You people read too many headlines... He's simply baffled that apple won't help the FBI wouldn't unlock ONE phone that was possessed by a man who murdered 14 people in a terrorist attack.

For that matter, I am too.

Back doors are one thing, that's insane and unreasonable, refusing to open up a phone after a crime of such scale is not.

Do we need a jury trial for someone who decided to get into a shoot out with police and lost?

But here is the issue; There is a huge difference between "hey locksmith, open THAT lock" and "Hey lock company, make me a master key that will open ANY of your locks." Unfortunately, since for all practical purposes each lock (phone) is identical, so providing a solution for one lock (phone) grants you access to ALL locks (phones).

The only solution I can think of that makes any sense was proposed by a caller on the Garrison show today. If it were possible for a US Marshall to carry the phone into a room, hand it to engineers, have them work their magic in front of him and hand him back the phone and the extracted data in a way that proves chain of custody, it could be reasonable. The .gov doesnt need to know HOW they got it, just that it was retrieved with proof that the data came off the device. But the problem is the legal protections afforded the defense; How do you stifle the methods used by the defense to expose HOW it was retrieved so they can prove faults in the methods? (sooner than you think if the indict someone from this phone's data)

Herein lies the rub... If Apple does it via exploit, they may have to say HOW they did it for the evidence to stand up. That proof blows our protections off the face of the earth and everyone now knows how to get into the data. Its only a matter of time before the ransomware folks start taking over our devices and bricking them. Yes, there is no defense THIS time, but what about NEXT time when the defendant is on trial? I used to do magic and there is an important rule; No matter how much they beg, dont repeat the trick. If you do a magic trick enough times, SOMEBODY will figure out how its done.

The entire situation feels manufactured, probably relates to how evidence is obtained for potential prosecutions. Easier to say "Apple gave it to us publicly" rather than "Apple gave it to us via a backdoor in their software as part of Gov surveillance."

The "We won't help you" PR is just PR. Exploits exist, and no one actually needs Apple for this.

Apple pretty much lead in one statement with something to the effect of "if we use an exploit, it will expose that secret flaw to everyone and nobody will be safe." So I think they have some closely guarded flaws they are working to conceal for our safety.

Guy on the radio today say the exact same thing, the NSA doesn't want to tip their hand on what they can do with this being so public. It's not worth letting out that secret.

The problem is the self destruct mechanism apple offers. If enabled, 10 password guesses and it deletes everything. So brute force attacks where they guess every possible passcode until it works is out. The only way in is a back door or universal password that unlocks ALL devices.

It could make use of something that can be patched out or changed in an update, so if the feds got a hold of it, it could be made irrelevant over night.


Would a firmware update be capable of bypassing or cracking such security?

Thats funny. You assume everyone actually updates the firmware when prompted. I manage a 900+ device pool of iDevices and I cant control my users. I tell them to wait, they dont and upgrade anyway. I tell them to go do it, and they dont. There is no guarantee that we would be protected in that scenario of writing the backdoor out of the code.


Knowing intimately how encryption is useful, while sad that we cant get that info, I am glad they cant. While I want to catch more bad guys, I dont want to give up our fundamental rights to our privacy.

 

[jamil]

What, did the terrorist not have a later iphone with the finger print reader? I mean, they still got his thumb, right?

 

[Cameramonkey]

What, did the terrorist not have a later iphone with the finger print reader? I mean, they still got his thumb, right?

And for that matter, how do they know that the 10 try wipe is active? That is optional and I dont think you can tell until you hit the 10th wrong answer. Maybe they already wiped hers accidentally and are now nervous his has the same setting?

 

[BogWalker]

Is the "wipe" even irrecoverable? I know when Hillary "wiped" her servers they were still able to recover data no problem.

 

[Cameramonkey]

Is the "wipe" even irrecoverable? I know when Hillary "wiped" her servers they were still able to recover data no problem.

When done properly, it is. Hillary's team is either inept or didnt do it right on purpose.

And there is a world of difference between wiping platters of a traditional hard drive and flash memory. Wiping a hdd improperly is like painting over a wall of text with white paint. if you are able to strip off the paint, you can once again read the text.

Wiping a solid state device (like an iphone) is like removing all the pegs from a battleship game; there is no way to tell which holes had which pegs.

 

[Tombs]

The problem is the self destruct mechanism apple offers. If enabled, 10 password guesses and it deletes everything. So brute force attacks where they guess every possible passcode until it works is out. The only way in is a back door or universal password that unlocks ALL devices.

And how is this not already exploited to hell and back to destroy people's data, with iphones randomly wiping themselves everywhere?

I would think this would be a pretty major means of harassment.

 

[bigretic]

Luckily the standard isn't what you would do if it was your own son. Sober minds have to prevail over emotion in preserving liberty as the end goal. I'd venture to guess I'd be willing to throw out the entire Constitution if one of my loved ones was in danger, does not mean we should.

I have a very good idea of how it's possible.

The problem becomes a matter of apple managing the program SOLELY and the government not forcing them to hand over the software or phones after they've removed the data.
The feds would probably be very unhappy with such a thing.

And for that matter, how do they know that the 10 try wipe is active? That is optional and I dont think you can tell until you hit the 10th wrong answer. Maybe they already wiped hers accidentally and are now nervous his has the same setting?

This ^ made me laugh picturing the poor fbi tech's face when a message came up to the effect of "we're sorry, this phone is now a brick. please come again."


Interesting reading this thread since my wife was rambling about this last night.
I'll save my opinions of apple and king stevie's culture/corp model...
I'm a 20+ year coder. IMO- yes a door exists & and apple is not the only entity that has it.

 

[BogWalker]

And how is this not already exploited to hell and back to destroy people's data, with iphones randomly wiping themselves everywhere?

I would think this would be a pretty major means of harassment.

While I don't know if that feature has been criminally exploited or not I can tell you that I've known several people who others have wiped their phones either trying to guess their password or guessing incorrectly on purpose as a form of a "prank".

It's not a feature I would ever want.

 

[Rookie]

And for that matter, how do they know that the 10 try wipe is active? That is optional and I dont think you can tell until you hit the 10th wrong answer. Maybe they already wiped hers accidentally and are now nervous his has the same setting?

On my Android, after five wrong attempts, it tells you that you have five more before it resets.

 

[IndyDave1776]

While I don't know if that feature has been criminally exploited or not I can tell you that I've known several people who others have wiped their phones either trying to guess their password or guessing incorrectly on purpose as a form of a "prank".

It's not a feature I would ever want.

If you were to become a terrorist, your position might change!

 

[KittySlayer]

So this request is from the same Gov't that could not be bothered to check the woman's publicly available social media before allowing her into our country?

Do your job up front and stop being PC, then you don't need to investigate after the tragedy you could have prevented.

 

[ghuns]

Might I remind you of the quote from William Pitt the Younger: Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.

I've heard that quote before. Just can't put my finger on where.

 

[UglyAmerican]

And as I said before, if the Feds are granted a backdoor, ANYONE with the right resources can and will use that backdoor. The Feds are not the smartest on the planet in that regard.

 

[ghuns]

The Feds are not the smartest on the planet in that regard.

They know EXACTLY what they're doing. And they're not doing it out of stupidity.

 

[halfmileharry]

And as I said before, if the Feds are granted a backdoor, ANYONE with the right resources can and will use that backdoor. The Feds are not the smartest on the planet in that regard.

And sooner or later it will end up on a private server of some wannabe presidential candidate that will deny everything.