The FBI Can Unlock Florida Terrorist's iPhones Without Apple (bloomberg.com) 121
The FBI is pressing Apple to help it break into a terrorist's iPhones, but the government can hack into the devices without the technology giant, according to experts in cybersecurity and digital forensics. From a report: Investigators can exploit a range of security vulnerabilities -- available directly or through providers such as Cellebrite and Grayshift -- to break into the phones, the security experts said. Mohammed Saeed Alshamrani, the perpetrator of a Dec. 6 terrorist attack at a Navy base in Florida, had an iPhone 5 and iPhone 7, models that were first released in 2012 and 2016, respectively. Alshamrani died and the handsets were locked, leaving the FBI looking for ways to hack into the devices. "A 5 and a 7? You can absolutely get into that," said Will Strafach, a well-known iPhone hacker who now runs the security company Guardian Firewall. "I wouldn't call it child's play, but it's not super difficult." That counters the U.S. government's stance. Attorney General William Barr slammed Apple on Monday, saying the company hasn't done enough to help the FBI break into the iPhones.
"We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," President Donald Trump wrote on Twitter Tuesday. The comments add to pressure on Apple to create special ways for the authorities to access iPhones. Apple has refused to build such backdoors, saying they would be used by bad actors, too. Indeed, Strafach and other security experts said Apple wouldn't need to create a backdoor for the FBI to access the iPhones that belonged to Alshamrani. Further reading: The FBI Got Data From A Locked iPhone 11 Pro Max -- So Why Is It Demanding Apple Unlock Older Phones?
"We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," President Donald Trump wrote on Twitter Tuesday. The comments add to pressure on Apple to create special ways for the authorities to access iPhones. Apple has refused to build such backdoors, saying they would be used by bad actors, too. Indeed, Strafach and other security experts said Apple wouldn't need to create a backdoor for the FBI to access the iPhones that belonged to Alshamrani. Further reading: The FBI Got Data From A Locked iPhone 11 Pro Max -- So Why Is It Demanding Apple Unlock Older Phones?
No (Score:2)
The phones have a bullet problem, not a password one.
iPhones and terrorists (Score:5, Funny)
I have noticed that terrorists always are caught with iPhones. I have concluded that all iPhone users are terrorists. Prove me wrong!
Re:iPhones and terrorists (Score:5, Funny)
Re: (Score:2)
Damn. Time to cancel me then. #cancelculture
Re: (Score:2)
Which therefore proves Google is not evil. Whew, close call!
100% of all terrorists drank water before an attac (Score:2)
PATRIOT act anyone to a black site who drinks water!
Also: Make water illegal! ;)
Re: (Score:1)
He drink water to attac
He use iphone cos fbi can't crac
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
> I find it amazing that the FBI can't unlock the phones of people who are NOT terrorists.
Right. They pretend they can't to engage in parallel construction.
Re: (Score:2)
100%
I fully suspect (can't know, I'm not a spook) that they have always had their access. as far back as the mid 80's I was working at a video 'picturephone' company and we wanted to use strong encryption for business to business use. we were 'told' to use breakable enc. or not use it at all.
nothing has changed.
the people are kept ignorant, played as fools (most are fools, of course).
the biggest lie apple has every told: we value your privacy.
big fucking lie. to do business in the US, you MUST play ball
Re: (Score:3)
I have noticed that terrorists always are caught with iPhones. I have concluded that all iPhone users are terrorists. Prove me wrong!
Dammit - now my cover is blown!
Re: (Score:2)
I know this is a troll post, but still;
You are arguing from a minor to a major premise. For example;
"90% of criminals are wearing jeans when they are arrested. Therefore 90% of people who wear jeans are criminals."
(Actual line of reasoning used by a private high-school principal when justifying their "no-jeans" dress code)
Reality doesn't work that way.
Re: (Score:2, Troll)
Christ. A "troll post". Lighten up. Autistic much?
Re: iPhones and terrorists (Score:2)
Re: (Score:1)
Smartphone in use
No smartphone looks odd.
Re: (Score:1)
With out the visual clues of your facial expressions my slightly autistic brain is struggling to understand if that is sarcasm or not!
Re:iPhones and terrorists (Score:5, Funny)
Re: (Score:2)
Think of the children with guns?
Re: (Score:2)
How dare you accuse that sweet. innocent. baby. girl. of mass shootings. You monster!
Re: (Score:2)
Re:iPhones and terrorists (Score:5, Funny)
Re: (Score:2)
No, they're not. [youtube.com]
Re: (Score:2)
Thank you.
Re: (Score:2)
Re: (Score:3)
Ok so you just ruined me.
Now I want to append " with guns!" onto every headline i see.
iPhones and terrorists with guns!
The FBI Can Unlock Florida Terrorist's iPhones Without Apple with guns!
Megan Markel broke up the royal family with guns!
James Wan is Producing an Aquaman Animated Series with guns!
Pundits blast Bernie Sanders with guns!
Host quits 'The Great British Bake Off' with guns!
This may be my new favorite pasttime!
Re: (Score:2)
Damn. That's as good as "in bed." Put them together for even more fun.
Re: (Score:1)
A leading cause of death of grandmothers is under 5 year olds getting their guns and accidentally(?) shooting grandma.
Look up the anecdotal evidence.
Re: (Score:2)
I thought that was just internet gun advocate mothers.
Re: iPhones and terrorists (Score:1)
You deplorable Russian Nazi DENIALIST!! How dare you deny the holy gospel of Jobs?!
Re: (Score:3)
Re: (Score:1)
Can't see it makes any difference... (Score:1)
The authorises are notoriously bad at stopping these things from happening and I can't see how unlock a phone that'll probably have nothing on it will make any difference!
Old trick. It was theater all along (Score:4, Interesting)
They need to vilify anybody that uses encryption to the public so that they will demand draconian law against it.
Increased Surveillance (Score:5, Insightful)
Re: (Score:1, Informative)
I doubt the Federal Reserve has anything to do with this. This is just Trump and his authoritarian goons attempting to gin up another campaign issue.
"We are helping Apple all of the time on TRADE" Oh? What exactly does that entail? Creating trade issues with trading partners and then claiming victory when they get "resolved"? Whining about taxes for companies that ought to be paying but are not? Last we checked, the U.S. had a nearly $1 Trillion deficit in 2019 and is on track to north of $1 Trillon for 202
Re: (Score:2)
Oh? What exactly does that entail?
Tariff exemptions: https://marketrealist.com/2019... [marketrealist.com]
No the resolution of the trade issue did not work in Apple's favour. They had exemptions which few other companies did which gave them a leg up over the competition (all of whom were subject to the same trade war).
Re: (Score:2)
I doubt the Federal Reserve has anything to do with this. This is just Trump and his authoritarian goons attempting to gin up another campaign issue.
"We are helping Apple all of the time on TRADE" Oh? What exactly does that entail? Creating trade issues with trading partners and then claiming victory when they get "resolved"? Whining about taxes for companies that ought to be paying but are not? Last we checked, the U.S. had more than a $1 Trillion deficit in 2019 and is on track to north of $1 Trillon for 2020 and 2021, yet giving companies a windfall in that last tax giveaway. Servicing the debt will soon cost every year more than the defense budget.
FTFY. Sources: https://www.cnn.com/2019/09/12... [cnn.com] https://www.nytimes.com/2020/0... [nytimes.com] https://www.bloomberg.com/news... [bloomberg.com]
Re: (Score:2, Interesting)
CitizenFour showed that Apple, M$, etc. were paid to grant access at least to the spooks.
Re: (Score:3)
No it didn't. It showed a list of "PRISM providers" which means both data provided under warrant and data exfiltrated from their networks. Not only do the PRISM documents make no distinction between the two but they point out it's the FBI's DITU unit that does a lot of the data collection. They go to ISPs and have them put taps on lines to suck up traffic.
So why are they asking Apple? (Score:2)
My guess: Because they other choice is illegal. And it doesnâ(TM)t look good when the cops themselves break the law. (Although then they must not have gotten the memo on how they are probably breaking [e.g. privacy-related] laws more regularly than any criminal gang in US history. ;)
Re:So why are they asking Apple? (Score:5, Insightful)
Because if they break into this suspect's phone using their own tools the defence attorney can ask how they got their evidence and they would have to reveal one of the weaknesses they used to break into the phone. Apple could close this loophole once it was revealed.
This way Apple gets a whole lot of bad publicity which helps with their 'No secrets except our secrets' agenda, and they don't have to reveal the tools they use to break into phones.
.
Re: (Score:2)
There's no suspect. The shooter is dead.
In Defense of Others (Score:5, Insightful)
The interest in these phones is to gain leads on possible accomplices or identify future attack candidates. A noble interest, for sure. As charges would be brought against these other individuals, their defense attorneys would question chain of custody and sourcing of the data implicating their clients. The deceased phone owners are unlikely to have defense attorneys.
It's important for Apple on an international level to stand firm on this issue. Blackberry did not, and I agree with Edward Snowden that they will be erased from the history books [betakit.com] because of this decision (in tandem with several other mistakes).
Re: (Score:2)
its very odd that blackberry caved in on privacy and security on their phones, and yet they also make and sell QNX which is one of the most bug-free and secure os's you can buy. auto makers (cars) are now using it for safety critical control systems, with good success.
so, blackberry is dead, but one of their products is top of class.
go figure!
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
This way Apple gets a whole lot of bad publicity...
I think this generates good publicity for Apple to anyone who thinks at all about privacy and security. Sadly, that is not most Americans.
Barr just wants to politicize it (Score:2)
The government is always trying to politicize issues as a bargaining tactic, to coerce not only the company but use the will of the people to condemn them if they don't play along.
FTFY (Score:1)
" and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. And some, I assume, are good people."
FTFY
Hax0rz (Score:2)
What is more convincing is that Apple tells world+dog that it will stand up to The Man and refuse to unlock the iThing while surreptitiously providing access for The Man to same said iThing.
For his part The Man will say it has some zer0-day hax and some mad-hax0r skilz that give him access anyway.
Re: (Score:2)
"while surreptitiously providing access for The Man to same said iThing", I give up, how did Apple do this?
Re: (Score:2)
Apple has root on your iThing.
Re: (Score:2)
Now I am not an iPhone user, but I would imagine pretty much every fucken thing on the phone is backed up to the iCloud, for your convenience of course.
The only thing left to do is to physically unlock the phone. Whats the point of that if you have all the data that is already on the phone?
This is just yet a
Re: (Score:3)
In that case, the government was given gigabytes of encrypted data, which is nevertheless "data".
Re: (Score:2)
Apple provided gigabytes of data to the FBI...
Now I am not an iPhone user, but I would imagine pretty much every fucken thing on the phone is backed up to the iCloud, for your convenience of course.
The only thing left to do is to physically unlock the phone. Whats the point of that if you have all the data that is already on the phone?
This is just yet another attempt to try set a legal precedent to make sure that ALL companies HAVE to build in backdoors to their own software / hardware.
So that if anyone actually does make a device that is unbreakable, then it would be illegal to own that device, hell it would be illegal to MAKE that device.
The fact that it would make it more insecure for everyone be damned.
iCloud integration is voluntary. I have never used it for anything.
Re: (Score:2)
And this is aided by "the man" making a big stink about it so everybody "knows" that Apple products are secure.
Continued Attempts (Score:5, Insightful)
The federal government has been trying to get companies to unlock phones, and using terrorism cases as a pretext for that.
Their wish is to get a backdoor that it can always use.
This time, it is the Saudi military trainee who shot others.
Last time, it was the San Bernardino attacks.
It always ends by them unlocking the device without Apple's help [slashdot.org].
That happened then, and it happened now.
Oh, and a quarter of a century ago, it was the Clipper Chip [wikipedia.org], developed by the NSA, and having a built-in backdoor.
Developers are the last person you ask for a flaw (Score:3)
I write a program, I try to do my job well, so I cover all the conditions I can think of that could create a flaw.
Why would someone ask me to point out the flaw in my code, if I tried to cover all the conditions that could create one.
Now a team of external hackers may find a flaw right away, even after months of me trying stop everything I could think of. Whay is that? Because They though of something I didn't think of.
Apple tries hard to make their products secure. For any workaround they know, they try to fix it. So why ask Apple to get into a product where they stopped everything they knew.
If I was the FBI, I would open up that Phone, take out the Flash Storage Chip. Plug it into a computer download the data onto a Server. And brute force decrypt the data. Depending on how they lock their phone. A pin level encryption is easy, Password is a bit more difficult. But doable.
Re: (Score:2)
Apple is not claiming they cannot unlock the terrorist phones they are saying that they advertise they are provided a secure system and if they did provide the FBI with the unlocked data it would hurt their business.
Re:Developers are the last person you ask for a fl (Score:4, Informative)
I thought Apple used their own hardware chip with it's own key and that your PIN just unlocks that key. I thought the chip only allows so many PIN attempts before it disables or chucks the private key.
This would make the Flash useless without the encryption chip because the PIN wasn't used to derive the actual encryption key at all. It also just seems like common sense! Why would you expand a tiny PIN key to use serious encryption with serious key lengths? If you allow tiny PINs you may as well just go to a Ceasar cipher or DES... You secure the hell out of that PIN as possible; such as a custom security chip, which stores the actual key.
Besides the next step obvious problem: if you use a PIN to encrypt all the flash and the user can easily CHANGE their PIN at any time then you have to decrypt and encrypt ALL the storage!
Does anybody's volume level encryption actually use the password directly? Even Apples decades old disk image format does not do that! In fact you can corrupt the key and the valid password will no longer reveal decryption key creating really fast way to secure wipe image files.
Re: (Score:3)
They do.
/. posted a lengthy (but very interesting) description of the entire security of the iPhone, without all the sales pitch crap you get from Apple themselve
You could just dump the data and attempt to brute force it, but unless you are using a quantum computer it would take too long to be useful, which is the whole point of strong encryption in the first place.
After the last such fiasco someone on
Re: (Score:2)
You could just dump the data and attempt to brute force it, but unless you are using a quantum computer it would take too long to be useful, which is the whole point of strong encryption in the first place.
Even with a normal computer, or something that fits on a desktop, the encryption could be broken in a "limited time" in the same sense that the USSC had ruled that any specific amount of time is "limited" for purposes of copyright duration.
Re: (Score:2)
Because they are so ignorant they know to keep their mouth shut.
This must be a joke answer?
Re: (Score:1)
Re: (Score:2)
I dunno about your phones, but mine don't just sit waiting f
Re: (Score:2)
which part of this process generates the proper decryption key from the passcode that the lock screen isn't getting?
Re: (Score:2)
In cases like this Apple does not need a flaw. They simply have to code an update - a new version - of iOS that has a severe lock screen bug and then push it to the phone. It will be a signed Apple update and it will install. They then use the lock screen bug to get into the phone and voila! They don't need a flaw from Apple and aren't asking Apple to disclose a flaw. Of course our Idiot in Chief with his ridiculous tweets doesn't understand that.
Sorry, they thought of that.
You can't update an iPhone without unlocking it, unless you want to erase the data first.
Re: (Score:2)
If you think that would work you clearly don't know how the iPhone and its secure element work (or how strong encryption works)
Re: (Score:2)
I write a program, I try to do my job well, so I cover all the conditions I can think of that could create a flaw.
Why would someone ask me to point out the flaw in my code, if I tried to cover all the conditions that could create one.
Now a team of external hackers may find a flaw right away, even after months of me trying stop everything I could think of. Whay is that? Because They though of something I didn't think of.
Apple tries hard to make their products secure. For any workaround they know, they try to fix it. So why ask Apple to get into a product where they stopped everything they knew.
If I was the FBI, I would open up that Phone, take out the Flash Storage Chip. Plug it into a computer download the data onto a Server. And brute force decrypt the data. Depending on how they lock their phone. A pin level encryption is easy, Password is a bit more difficult. But doable.
You can use up to a 53 character alphanumeric passphrase. Even with just using words that exist in the dictionary, that's a long-ass decryption. Add a few alpha non-words, and it's Game Over, man!
And keep in mind that iOS uses APFS, with the "per-file" encryption option. So really good luck with that!
Best of both worlds (Score:5, Insightful)
The government has solutions to break into those mobile devices. The difference is it can only be done with the mobile device physically in their hands.
That's a compromise I'll willing to live with.
LOL (Score:3)
The messaging here isn't what you think it is.
The US gov't getting all pissy at Apple about not unlocking their phones is telling people who want to do unsavory shit that "iPhones are unhackable, even by the US govt!"
Yeah, you keep thinking that.
Re: (Score:3)
The US gov't getting all pissy at Apple about not unlocking their phones is telling people who want to do unsavory shit that "iPhones are unhackable, even by the US govt!"
Yeah, you keep thinking that.
You might be overthinking things a bit. This administration thinks being Machiavellian means writing incriminating evidence on Vienna hotel stationary [the-sun.com]. 4D chess players they ain't.
Bloomberg? (Score:3)
Re: (Score:3)
Bloomberg isn't the only organization reporting on this and the FBI has a history of lying about what they can or can't unlock in order to try and push for backdoors in hardware. So even if I treat the source as suspicious and treat it with a high
Re: (Score:2)
I prefer not to waste my time with a news organization that requires this level of fact-checking.
political theater (Score:4, Interesting)
Other people have posted this: old conservatives remember when the movement was a lot more serious about defending against creeping government power. The GOP used to care about supporting privacy and personal rights. Times have changed. A lot.
Re: (Score:3)
when were the GOP ever for personal rights?
GOP is the party of big religion! big religion NEVER lets you decide on your own what you do with your own body. they always have ideas that they want to force on you. who you can marry, who gets to choose to have a kid or not have a kid - yeah, party of freedom alright!
pure bullshit.
party of CONTROL. always was and always will be. authoritarian bootlickers who are anti-intellectual, anti-progress and quite frankly, racist to the core.
nothing about GOP is abou
A Classic Maneuver (Score:5, Interesting)
When the Testors model company released a stealth fighter model in the 1980s (before the F-117 had been revealed), the government raided their offices and made a public show of demanding to know where and how they obtained the information to make it. The model looked nothing like the real thing, but no one knew that at the time... https://www.latimes.com/archiv... [latimes.com]
terrorist's ? Really ? And you're an editor ? (Score:1)
NPR 1A Broadcast today on this very issue... (Score:1)
Today, 1/16/2020, there was a good review about what the legal issues are. What the theatrical issues are. What the political issues are on this very subject. The techical issues... not so much. But it was good background on why the DOD is making such a public ruckus. It's got little to do with actually getting into the phones themselves. Watch for the podcast to be posted here shortly... https://www.npr.org/podcasts/510316/1a
Re: (Score:3)
Convicting them of what? Sending or receiving a text message? Is that an offense punishable by life imprisonment or death?
No reason needed. (Score:2)
The USA PATRIOT act says they don't need to tell anyone a reason. Let alone the victi...err, criminal!
Also, you get no phone calls and no lawyer.
Isn't America grussiat?
Re: (Score:1)
Convicting him of multiple murders. Murder is an offense punishable by life imprisonment or death (in the USA, at least)
Evidence on the phone could show premeditation and intent.
Re: Why they are asking Apple (Score:5, Funny)
Re: (Score:2)
It can also help them identify accomplices etc...
That being said if TFA is right and it's not super difficult to crack the phone then this could just be a show to make conspirators feel like they haven't been compromised. Though I doubt it, third parties that specialize in cracking phones and other devices are probably expensive but a court order to make the OEM help is free. If they believe there is nothing of value on the phone then the case is high profile enough to use to pressure apple and they are not
Re: (Score:1)
So they can have an expert witness testify in court that this data did, indeed, come from the suspects phone
Isn't the suspect dead in this case? He has no need for a defense lawyer.
Re: (Score:2)
We don't convict very many dead terrorists. That is why the phone contents are inaccessible.
Re: (Score:3)
Dead people get away with all sorts of crimes. Outlaw death!
Re: (Score:3)
Re: (Score:2)
Re:Alleged baby killer (Score:4, Informative)
LOL. A "war criminal". How stupid.
Re:Alleged baby killer (Score:5, Interesting)
If I was on the defence team for someone who has received this kind of coverage I think I'd be looking at whether it's still possible to get a fair trial when members of the government are calling my client a criminal and a terrorist. Finding an unbiased jury would be pretty much impossible, but who cares about that?
Judge: How do you know he's a terrorist ... and he's got a terrorist's haircut ... and everyone knows he's a criminal and a terrorist.. The President said so.
Prosecutor: He looks like a terrorist. He's wearing an orange jumpsuit.
Prisoner M. They made me wear this stupid orange suit
Prosecutor:
Prisoner M. They gave me this haircut in prison
Prosecutor
Judge: Do you have any evidence to present?
Prosecutor: No, it's all locked in his Apple phone
Judge: OK let's proceed straight to sentencing.
Re: Alleged baby killer (Score:3)
This is why they do the "perp walk" with lots of cameras. To make sure juries are biased against any defendant.
Re:Alleged baby killer (Score:4, Informative)
It is interesting that when POTUS pardons a war criminal who has pictures of his war crime it is an alleged war criminal but we are calling a man named Mohammed a criminal without be convicted.
That's your takeaway? Sadly I don't have mod points to downvote you, but then again when I have done that. Slashdot has seemingly punished me for doing so. He isn't convicted because ... wait for it.... he is dead . He was killed while committing murders to stop him from continuing to kill. Under US law, dead people can't be put on trial so he can't be convicted. But the terrorist label still seems appropriate here.
Re: (Score:3)
Exactly. Dancing around the label for someone who was taken out while killing innocent people is rather silly. He died due to his actions, behaving as a terrorist, murdering others. You'd have to be pretty dim to call him anything else under the circumstances.
Re: (Score:3)
You're mixing and matching. When the OP talks about a war criminal, they meant these people [politico.com]. They did not mean the Saudi who killed the people on base.
Re: (Score:2)
It is interesting that when POTUS pardons a war criminal who has pictures of his war crime it is an alleged war criminal but we are calling a man named Mohammed a criminal without be convicted.
That's your takeaway? Sadly I don't have mod points to downvote you, but then again when I have done that. Slashdot has seemingly punished me for doing so. He isn't convicted because ... wait for it.... he is dead . He was killed while committing murders to stop him from continuing to kill. Under US law, dead people can't be put on trial so he can't be convicted. But the terrorist label still seems appropriate here.
Well, legally Aaron Hernandez isn't considered convicted of murder either....
Re: (Score:3)
The US executes people all the time without any convictions, hell most of the time there is no evidence either, other than some person saying "we have evidence" but no one ever sees it, and it's never released. Or in the case of invading an entire country because of weapons of mass destruction 10 years down the line all we get is "Ooops", no war crimes against the people who started the war, no sanctions for illegally invading and occupying anot
Re: (Score:2)
The only reason that jerk wasn't taken down by the Navy jury was because no one personally saw him take the shot, although the shot came from his position and several service members swore to it. Trump brought him to Mar-a-Lago to capitalize on what he thinks is brilliant idea of pardoning that killer. Once again Trump destroys what he touches, military justice. He has the morals of the Christian right.