Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Security Apple

The FBI Can Unlock Florida Terrorist's iPhones Without Apple (bloomberg.com) 121

The FBI is pressing Apple to help it break into a terrorist's iPhones, but the government can hack into the devices without the technology giant, according to experts in cybersecurity and digital forensics. From a report: Investigators can exploit a range of security vulnerabilities -- available directly or through providers such as Cellebrite and Grayshift -- to break into the phones, the security experts said. Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida, had an iPhone 5 and iPhone 7, models that were first released in 2012 and 2016, respectively. Alshamrani died and the handsets were locked, leaving the FBI looking for ways to hack into the devices. "A 5 and a 7? You can absolutely get into that," said Will Strafach, a well-known iPhone hacker who now runs the security company Guardian Firewall. "I wouldn't call it child's play, but it's not super difficult." That counters the U.S. government's stance. Attorney General William Barr slammed Apple on Monday, saying the company hasn't done enough to help the FBI break into the iPhones.

"We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," President Donald Trump wrote on Twitter Tuesday. The comments add to pressure on Apple to create special ways for the authorities to access iPhones. Apple has refused to build such backdoors, saying they would be used by bad actors, too. Indeed, Strafach and other security experts said Apple wouldn't need to create a backdoor for the FBI to access the iPhones that belonged to Alshamrani.
Further reading: The FBI Got Data From A Locked iPhone 11 Pro Max -- So Why Is It Demanding Apple Unlock Older Phones?
This discussion has been archived. No new comments can be posted.

The FBI Can Unlock Florida Terrorist's iPhones Without Apple

Comments Filter:
  • The phones have a bullet problem, not a password one.

  • by 110010001000 ( 697113 ) on Thursday January 16, 2020 @10:24AM (#59626438) Homepage Journal

    I have noticed that terrorists always are caught with iPhones. I have concluded that all iPhone users are terrorists. Prove me wrong!

  • The authorises are notoriously bad at stopping these things from happening and I can't see how unlock a phone that'll probably have nothing on it will make any difference!

  • by fustakrakich ( 1673220 ) on Thursday January 16, 2020 @10:37AM (#59626492) Journal

    They need to vilify anybody that uses encryption to the public so that they will demand draconian law against it.

  • by atrex ( 4811433 ) on Thursday January 16, 2020 @10:38AM (#59626502)
    The Fed is just pushing a narrative to try and get a backdoor they can use to monitor everyone with a smart phone without getting a judge's permission. Given the chance they'd outlaw any encryption to which they didn't have the keys.
    • Re: (Score:1, Informative)

      by gtall ( 79522 )

      I doubt the Federal Reserve has anything to do with this. This is just Trump and his authoritarian goons attempting to gin up another campaign issue.

      "We are helping Apple all of the time on TRADE" Oh? What exactly does that entail? Creating trade issues with trading partners and then claiming victory when they get "resolved"? Whining about taxes for companies that ought to be paying but are not? Last we checked, the U.S. had a nearly $1 Trillion deficit in 2019 and is on track to north of $1 Trillon for 202

      • Oh? What exactly does that entail?

        Tariff exemptions: https://marketrealist.com/2019... [marketrealist.com]

        No the resolution of the trade issue did not work in Apple's favour. They had exemptions which few other companies did which gave them a leg up over the competition (all of whom were subject to the same trade war).

      • by aitikin ( 909209 )

        I doubt the Federal Reserve has anything to do with this. This is just Trump and his authoritarian goons attempting to gin up another campaign issue.

        "We are helping Apple all of the time on TRADE" Oh? What exactly does that entail? Creating trade issues with trading partners and then claiming victory when they get "resolved"? Whining about taxes for companies that ought to be paying but are not? Last we checked, the U.S. had more than a $1 Trillion deficit in 2019 and is on track to north of $1 Trillon for 2020 and 2021, yet giving companies a windfall in that last tax giveaway. Servicing the debt will soon cost every year more than the defense budget.

        FTFY. Sources: https://www.cnn.com/2019/09/12... [cnn.com] https://www.nytimes.com/2020/0... [nytimes.com] https://www.bloomberg.com/news... [bloomberg.com]

    • Re: (Score:2, Interesting)

      CitizenFour showed that Apple, M$, etc. were paid to grant access at least to the spooks.

      • No it didn't. It showed a list of "PRISM providers" which means both data provided under warrant and data exfiltrated from their networks. Not only do the PRISM documents make no distinction between the two but they point out it's the FBI's DITU unit that does a lot of the data collection. They go to ISPs and have them put taps on lines to suck up traffic.

  • My guess: Because they other choice is illegal. And it doesnâ(TM)t look good when the cops themselves break the law. (Although then they must not have gotten the memo on how they are probably breaking [e.g. privacy-related] laws more regularly than any criminal gang in US history. ;)

    • by keithdowsett ( 260998 ) on Thursday January 16, 2020 @10:52AM (#59626584) Homepage

      Because if they break into this suspect's phone using their own tools the defence attorney can ask how they got their evidence and they would have to reveal one of the weaknesses they used to break into the phone. Apple could close this loophole once it was revealed.

      This way Apple gets a whole lot of bad publicity which helps with their 'No secrets except our secrets' agenda, and they don't have to reveal the tools they use to break into phones.

      .

      • by Dog-Cow ( 21281 )

        There's no suspect. The shooter is dead.

      • by SethJohnson ( 112166 ) on Thursday January 16, 2020 @01:08PM (#59627066) Homepage Journal
        The point is well-made here, but I'd like to add clarity on whose defense attorney would be in play...

        Because if they break into this suspect's phone using their own tools the defence attorney can ask how they got their evidence and they would have to reveal one of the weaknesses they used to break into the phone.

        The interest in these phones is to gain leads on possible accomplices or identify future attack candidates. A noble interest, for sure. As charges would be brought against these other individuals, their defense attorneys would question chain of custody and sourcing of the data implicating their clients. The deceased phone owners are unlikely to have defense attorneys.

        It's important for Apple on an international level to stand firm on this issue. Blackberry did not, and I agree with Edward Snowden that they will be erased from the history books [betakit.com] because of this decision (in tandem with several other mistakes).

        • its very odd that blackberry caved in on privacy and security on their phones, and yet they also make and sell QNX which is one of the most bug-free and secure os's you can buy. auto makers (cars) are now using it for safety critical control systems, with good success.

          so, blackberry is dead, but one of their products is top of class.

          go figure!

      • They can, and any good judge will see this reason, ask for the data with a permit, in an ongoing investigation.
      • Per TFS these are iPhone5 and iPhone7 devices with defects that Apple has certainly already closed in later models.
      • This way Apple gets a whole lot of bad publicity...

        I think this generates good publicity for Apple to anyone who thinks at all about privacy and security. Sadly, that is not most Americans.

  • The government is always trying to politicize issues as a bargaining tactic, to coerce not only the company but use the will of the people to condemn them if they don't play along.

  • by Anonymous Coward

    " and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. And some, I assume, are good people."

    FTFY

  • What is more convincing is that Apple tells world+dog that it will stand up to The Man and refuse to unlock the iThing while surreptitiously providing access for The Man to same said iThing.
    For his part The Man will say it has some zer0-day hax and some mad-hax0r skilz that give him access anyway.

    • by gtall ( 79522 )

      "while surreptitiously providing access for The Man to same said iThing", I give up, how did Apple do this?

      • Apple has root on your iThing.

      • Apple provided gigabytes of data to the FBI...

        Apple has disputed Barr's assertion that it hasn't helped, saying it has given authorities gigabytes of data like iCloud backups and payment information.

        Now I am not an iPhone user, but I would imagine pretty much every fucken thing on the phone is backed up to the iCloud, for your convenience of course.
        The only thing left to do is to physically unlock the phone. Whats the point of that if you have all the data that is already on the phone?
        This is just yet a

        • Isn't the cloud content encrypted? By encryption on the phone? I don't know either, but I would suspect so.

          In that case, the government was given gigabytes of encrypted data, which is nevertheless "data".
        • Apple provided gigabytes of data to the FBI...

          Apple has disputed Barr's assertion that it hasn't helped, saying it has given authorities gigabytes of data like iCloud backups and payment information.

          Now I am not an iPhone user, but I would imagine pretty much every fucken thing on the phone is backed up to the iCloud, for your convenience of course.

          The only thing left to do is to physically unlock the phone. Whats the point of that if you have all the data that is already on the phone?

          This is just yet another attempt to try set a legal precedent to make sure that ALL companies HAVE to build in backdoors to their own software / hardware.

          So that if anyone actually does make a device that is unbreakable, then it would be illegal to own that device, hell it would be illegal to MAKE that device.

          The fact that it would make it more insecure for everyone be damned.

          iCloud integration is voluntary. I have never used it for anything.

    • by Agripa ( 139780 )

      And this is aided by "the man" making a big stink about it so everybody "knows" that Apple products are secure.

  • Continued Attempts (Score:5, Insightful)

    by kbahey ( 102895 ) on Thursday January 16, 2020 @11:15AM (#59626700) Homepage

    The federal government has been trying to get companies to unlock phones, and using terrorism cases as a pretext for that.
    Their wish is to get a backdoor that it can always use.
    This time, it is the Saudi military trainee who shot others.
    Last time, it was the San Bernardino attacks.
    It always ends by them unlocking the device without Apple's help [slashdot.org].
    That happened then, and it happened now.

    Oh, and a quarter of a century ago, it was the Clipper Chip [wikipedia.org], developed by the NSA, and having a built-in backdoor.

  • by jellomizer ( 103300 ) on Thursday January 16, 2020 @11:22AM (#59626726)

    I write a program, I try to do my job well, so I cover all the conditions I can think of that could create a flaw.

    Why would someone ask me to point out the flaw in my code, if I tried to cover all the conditions that could create one.

    Now a team of external hackers may find a flaw right away, even after months of me trying stop everything I could think of. Whay is that? Because They though of something I didn't think of.

    Apple tries hard to make their products secure. For any workaround they know, they try to fix it. So why ask Apple to get into a product where they stopped everything they knew.

    If I was the FBI, I would open up that Phone, take out the Flash Storage Chip. Plug it into a computer download the data onto a Server. And brute force decrypt the data. Depending on how they lock their phone. A pin level encryption is easy, Password is a bit more difficult. But doable.

    • Because that is not what Apple is claiming.
      Apple is not claiming they cannot unlock the terrorist phones they are saying that they advertise they are provided a secure system and if they did provide the FBI with the unlocked data it would hurt their business.
    • by bussdriver ( 620565 ) on Thursday January 16, 2020 @12:19PM (#59626906)

      I thought Apple used their own hardware chip with it's own key and that your PIN just unlocks that key. I thought the chip only allows so many PIN attempts before it disables or chucks the private key.

      This would make the Flash useless without the encryption chip because the PIN wasn't used to derive the actual encryption key at all. It also just seems like common sense! Why would you expand a tiny PIN key to use serious encryption with serious key lengths? If you allow tiny PINs you may as well just go to a Ceasar cipher or DES... You secure the hell out of that PIN as possible; such as a custom security chip, which stores the actual key.

      Besides the next step obvious problem: if you use a PIN to encrypt all the flash and the user can easily CHANGE their PIN at any time then you have to decrypt and encrypt ALL the storage!

      Does anybody's volume level encryption actually use the password directly? Even Apples decades old disk image format does not do that! In fact you can corrupt the key and the valid password will no longer reveal decryption key creating really fast way to secure wipe image files.

      • I thought Apple used their own hardware chip with it's own key and that your PIN just unlocks that key

        They do.
        You could just dump the data and attempt to brute force it, but unless you are using a quantum computer it would take too long to be useful, which is the whole point of strong encryption in the first place.

        After the last such fiasco someone on /. posted a lengthy (but very interesting) description of the entire security of the iPhone, without all the sales pitch crap you get from Apple themselve

        • by Agripa ( 139780 )

          You could just dump the data and attempt to brute force it, but unless you are using a quantum computer it would take too long to be useful, which is the whole point of strong encryption in the first place.

          Even with a normal computer, or something that fits on a desktop, the encryption could be broken in a "limited time" in the same sense that the USSC had ruled that any specific amount of time is "limited" for purposes of copyright duration.

    • by Anonymous Coward
      In cases like this Apple does not need a flaw. They simply have to code an update - a new version - of iOS that has a severe lock screen bug and then push it to the phone. It will be a signed Apple update and it will install. They then use the lock screen bug to get into the phone and voila! They don't need a flaw from Apple and aren't asking Apple to disclose a flaw. Of course our Idiot in Chief with his ridiculous tweets doesn't understand that.
      • In cases like this Apple does not need a flaw. They simply have to code an update - a new version - of iOS that has a severe lock screen bug and then push it to the phone. It will be a signed Apple update and it will install. They then use the lock screen bug to get into the phone and voila! They don't need a flaw from Apple and aren't asking Apple to disclose a flaw. Of course our Idiot in Chief with his ridiculous tweets doesn't understand that.

        I dunno about your phones, but mine don't just sit waiting f

      • by suutar ( 1860506 )

        which part of this process generates the proper decryption key from the passcode that the lock screen isn't getting?

      • In cases like this Apple does not need a flaw. They simply have to code an update - a new version - of iOS that has a severe lock screen bug and then push it to the phone. It will be a signed Apple update and it will install. They then use the lock screen bug to get into the phone and voila! They don't need a flaw from Apple and aren't asking Apple to disclose a flaw. Of course our Idiot in Chief with his ridiculous tweets doesn't understand that.

        Sorry, they thought of that.

        You can't update an iPhone without unlocking it, unless you want to erase the data first.

    • by jonwil ( 467024 )

      If you think that would work you clearly don't know how the iPhone and its secure element work (or how strong encryption works)

    • I write a program, I try to do my job well, so I cover all the conditions I can think of that could create a flaw.

      Why would someone ask me to point out the flaw in my code, if I tried to cover all the conditions that could create one.

      Now a team of external hackers may find a flaw right away, even after months of me trying stop everything I could think of. Whay is that? Because They though of something I didn't think of.

      Apple tries hard to make their products secure. For any workaround they know, they try to fix it. So why ask Apple to get into a product where they stopped everything they knew.

      If I was the FBI, I would open up that Phone, take out the Flash Storage Chip. Plug it into a computer download the data onto a Server. And brute force decrypt the data. Depending on how they lock their phone. A pin level encryption is easy, Password is a bit more difficult. But doable.

      You can use up to a 53 character alphanumeric passphrase. Even with just using words that exist in the dictionary, that's a long-ass decryption. Add a few alpha non-words, and it's Game Over, man!

      And keep in mind that iOS uses APFS, with the "per-file" encryption option. So really good luck with that!

  • by AnalogDiehard ( 199128 ) on Thursday January 16, 2020 @11:43AM (#59626804)
    I agree with Apple refusing to provide a backdoor. They are refusing on the principle that a backdoor can allow any mobile device to be hacked remotely by ruthless people.

    The government has solutions to break into those mobile devices. The difference is it can only be done with the mobile device physically in their hands.

    That's a compromise I'll willing to live with.
  • by argStyopa ( 232550 ) on Thursday January 16, 2020 @12:51PM (#59627024) Journal

    The messaging here isn't what you think it is.
    The US gov't getting all pissy at Apple about not unlocking their phones is telling people who want to do unsavory shit that "iPhones are unhackable, even by the US govt!"

    Yeah, you keep thinking that.

  • by edibobb ( 113989 ) on Thursday January 16, 2020 @12:53PM (#59627030) Homepage
    That link goes to Bloomberg, the people who wrote and then refused to retract this bogus article [bloomberg.com]. Today's "news" is liable to have the same level of legitimacy.
    • Do you have any evidence that they're wrong on this particular story? If not, then claiming this story is wrong on the basis of what they did with some other story is fallacious; at most, the source being dubious is merely reason to be more skeptical than usual.

      Bloomberg isn't the only organization reporting on this and the FBI has a history of lying about what they can or can't unlock in order to try and push for backdoors in hardware. So even if I treat the source as suspicious and treat it with a high
      • by edibobb ( 113989 )
        I didn't say they were wrong. I said they're liable to have the same level of legitimacy. That's essentially what you said, treating it as suspicious and with skepticism.

        I prefer not to waste my time with a news organization that requires this level of fact-checking.
  • political theater (Score:4, Interesting)

    by hdyoung ( 5182939 ) on Thursday January 16, 2020 @01:06PM (#59627062)
    This is pure political theatre. I said this in a previous post and got quickly downvoted. This administration is bashing Apple because it makes for great 30 second soundbites on Fox. Pure and simple. Nothing more. "Look how all those liberal urban wine-drinking iPhone users love the terrorists and hate America. Vote us!"

    Other people have posted this: old conservatives remember when the movement was a lot more serious about defending against creeping government power. The GOP used to care about supporting privacy and personal rights. Times have changed. A lot.
    • when were the GOP ever for personal rights?

      GOP is the party of big religion! big religion NEVER lets you decide on your own what you do with your own body. they always have ideas that they want to force on you. who you can marry, who gets to choose to have a kid or not have a kid - yeah, party of freedom alright!

      pure bullshit.

      party of CONTROL. always was and always will be. authoritarian bootlickers who are anti-intellectual, anti-progress and quite frankly, racist to the core.

      nothing about GOP is abou

  • by Volatile_Memory ( 140227 ) on Thursday January 16, 2020 @01:50PM (#59627240)

    When the Testors model company released a stealth fighter model in the 1980s (before the F-117 had been revealed), the government raided their offices and made a public show of demanding to know where and how they obtained the information to make it. The model looked nothing like the real thing, but no one knew that at the time... https://www.latimes.com/archiv... [latimes.com]

  • Unless there is a single terrorist with more than one Iphone that the FBI wish to unlock, you have made an obvious mistake in the bloody headline. FIX IT, "EDITOR". Or, better, get a job more suited to your skillset.
  • Today, 1/16/2020, there was a good review about what the legal issues are. What the theatrical issues are. What the political issues are on this very subject. The techical issues... not so much. But it was good background on why the DOD is making such a public ruckus. It's got little to do with actually getting into the phones themselves. Watch for the podcast to be posted here shortly... https://www.npr.org/podcasts/510316/1a

Repel them. Repel them. Induce them to relinquish the spheroid. - Indiana University fans' chant for their perennially bad football team

Working...