Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption IOS Iphone Security Your Rights Online Apple Technology

Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) 610

An anonymous reader writes: After a couple shot 14 people in San Bernardino, CA before being killed themselves on December 2nd, the authorities recovered a locked iPhone. Since then, the FBI has complained it is unable to break the device's encryption, in a case that it has implied supports its desire for tech companies to make sure it can always have a way in. Today the Associated Press reports that a US magistrate judge has directed Apple to help the FBI find a way in. According to NBC News, the model in question is an iPhone 5c, but Apple has said that at least as of iOS 8 it does not have a way to bypass the passcode on a locked phone.
This discussion has been archived. No new comments can be posted.

Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone

Comments Filter:
  • by ZorinLynx ( 31751 ) on Tuesday February 16, 2016 @08:26PM (#51524235) Homepage

    "Judge orders arsonist to unburn-down house"

    Good luck with that.

    • Taking apart the chips layer by layer has worked elsewhere. Sounds expensive, did the judge authorize Apple to get paid for this?
      • Re: (Score:3, Funny)

        by Darinbob ( 1142669 )

        Taking apart the chip gets you what? They've already got the encrypted data. If they key was on the phone and did not rely on any external key then they could just turn on the phone and it'd be done. So there's an external key that they don't have and will never get off of any chip.

        What the FBI is really saying is that they don't believe Apple. They're so used to spying that they probably find it inconceivable (yes it means what I think it means) that a big corporation would not also have a backdoor for

        • by mattventura ( 1408229 ) on Tuesday February 16, 2016 @10:05PM (#51524895) Homepage
          Presumably, the decryption key is stored somewhere on the device, but it in turn is encrypted with the phone's passcode. The security system deletes the key if you enter too many incorrect passcodes, but if they were able to extract the encrypted key from the phone, they could brute force it easily since there's only 10^n codes for a numeric passcode.
        • by meerling ( 1487879 ) on Wednesday February 17, 2016 @12:04AM (#51525407)
          I've done tech support for certain security products, and your probably right on the money there. You'd be amazed how many people are absolutely positive that you have a 'secret' backdoor to get past your security program. You wouldn't believe some of the arguments I've been subjected too over that. People just believe hollywood too much over reason. Any security program that has a backdoor access is NOT SECURE ! If the users neglected to make their emergency unlock disk, or lost it, they were totally screwed. Time to nuke & pave.
          As it happens, I don't support or have an iphone, so I have no idea what apple does, but I find it very plausible that there is absolutely nothing they can do, especially if they got pissed at their treatment early and removed any method they previously had to unlock it, even if it was for the cops when they have a proper warrant for the information. In which case, don't forget your key or it's toast.
    • by PPH ( 736903 ) on Tuesday February 16, 2016 @09:52PM (#51524819)

      Good luck with that.

      Failure might be what the judge wants. And in a very public forum. Can't crack the password? Oh noes! Tragedy! Something must be done. The terrorists have gotten away with it.

      For all we know, there is nothing on the phone other than a bunch of duck-face terrorist selfies. But this is very much in the public's eye. So now is the time for the dog and pony show.

  • Huh? (Score:4, Informative)

    by Lunix Nutcase ( 1092239 ) on Tuesday February 16, 2016 @08:29PM (#51524259)

    There's no word on exactly which model of iPhone was recovered

    Huh? The article clearly states a model:

    According to NBC News, the model in question is an iPhone 5c

    • That must have just been updated. Updating story.
    • The 5c originally shipped with iOS 7, which apple can get into if they want. It will be interesting to see what happens. Maybe apples claims about being 'locked out' of iOS 8 is bunk. Maybe they didn't password protect their phone. Maybe apple can guess their iCloud password ('12345'?), or access their gmail and reset the password. Once they have the iCloud password, and if there's an online backup, they can restore the backup to another phone. There are plenty of options beside brute forcing that hardware.

  • by ptaff ( 165113 ) on Tuesday February 16, 2016 @08:34PM (#51524289) Homepage

    I wouldn't be surprised if this was nothing more than a joint PR stunt to mislead people into assuming privacy on their cellphone so they wouldn't be afraid to use it for sensitive information. Government has nothing to win by disclosing they have a backdoor, neither does the cellphone manufacturer. Even thinking lo-fi decryption, how long must the passcode be before brute-forcing gets more inconvenient for the government than for the user?

  • by Anonymous Coward on Tuesday February 16, 2016 @08:35PM (#51524305)

    to revive the dead people.

  • Apple to setup a cloud system to try to brute force PBKDF2???

    • by gweihir ( 88907 )

      Brute forcing BPKDF2 is easy in comparison to what he wants. This is about breaking a secure microcontroller. A few orders of magnitude harder and pure software-attacks will very likely not work.

    • Comment removed based on user account deletion
  • Once the phone bricks itself from the tampering, it won't be an issue.
  • by Chad Smith ( 3448823 ) on Tuesday February 16, 2016 @08:41PM (#51524341)
    Unlock code: 072 (Virgins)
  • It's easy Mr Judge (Score:5, Insightful)

    by penguinoid ( 724646 ) on Tuesday February 16, 2016 @08:42PM (#51524353) Homepage Journal

    All you gotta do is put the password here and it opens right up. What's that? You don't know the password? Neither do we.

    • I honestly think that the FBI doesn't believe this and think Apple is holding out. Well, the FBI workers probably believe it, but the FBI managers who don't understand technology don't believe it. They've got so much experience with data leaking out left and right from unsecure web sites that they suspect the same thing from Apple.

  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Tuesday February 16, 2016 @08:44PM (#51524363) Journal
    Is it contempt of court to refuse to try and do something that one already knows they cannot possibly do?
    • Re: (Score:3, Insightful)

      The phone is encrypted so that it takes a key that is randomly generated and unguessable, however the password that encrypts the key is not unguessable. Running a password guessing program against the key would work, except that the hardware limits how many guesses can be tried over a period of time. What you could do is modify the hardware to allow guessing the password without the limits, but modifying the hardware is extremely difficult. I know that many years ago when I worked with machines intended to

  • I am just in serious jeopardy of sounding like an Apple fanboi.

    fock it. Clap, clap, clap

  • by Lakitu ( 136170 ) on Tuesday February 16, 2016 @09:00PM (#51524471)

    Maybe they should ask one of the 5,000,000 various reporters, journalists, and random people eating popsicles if they saw what looked like an iPhone passcode written down somewhere in their house while it was being ransacked live on television a day or two after the attack.

  • by Greyfox ( 87712 )
    No problem. 0000. Nope. 0001. Nope. 0002. Nope...
    • Re:4 Digit Pin? (Score:5, Informative)

      by Anonymous Coward on Tuesday February 16, 2016 @09:35PM (#51524713)

      No problem. 0000. Nope. 0001. Nope. 0002. Nope...

      0009. Too many invalid password attempts. Full disk encryption key has been erased. Initiating factory reset of device...

  • But they do have an inflated sense of power and get all pissy when people don't do the impossible if they demand it.

  • You can't order someone to do the impossible. For practical purposes, breaking the end to end encryption on an iphone is impossible. Who better than the people who developed the software to know this??

    • by Jeremi ( 14640 )

      You can't order someone to do the impossible. For practical purposes, breaking the end to end encryption on an iphone is impossible. Who better than the people who developed the software to know this??

      I thought that once you had physical access to a device, it was just a matter of time and expertise before you could crack it. Does Apple know some secret techniques that nobody else does, such that an iPhone 5c is physically tamper-proof even by the people who built it and know everything about its design and manufacturing?

      That's possible I suppose, but I doubt it.

    • You can't order someone to do the impossible.

      The reality would belay that conclusion. There was a news article today about a guy that had a marshals swat team raid is house, arrest him and take him to jail then court where a bank lawyer acting as a prosecutor took him before a judge about an unpaid student loan from 30 year ago that they didn't even bother writing him a letter about. He was ordered to pay triple the amount in 2 weeks or they would arrest him again.

      Debtors prisons are apparently back.

  • If the OS was updated to IOS 9 then there's this fun hack... [ibtimes.com]

    Maybe Apple could try a web search to find other vulnerabilities.

    Just a thought.

  • That's 10,000 possibilities. It seems someone could put together a lego robot to try all 10,000. If they were forced to wait 60 minutes between attempts it would be 416 days at most.

  • The FBI is trying to find out whether Apple is telling the truth. If not, great, they have their data. If yes, they at least get Apple to reveal everything about their hardware, firmware and software to provide Big Brother with something to work on.

    My question is, will we ever know whether is phone is cracked?

  • Just so that the debate here is a little more well-informed:

    The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
    1) Disable the auto-erase feature
    2) Allow the FBI to brute force submit password guesses to the phone, and
    3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.

    I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.

    You can see why Apple wanted to get very far away from the business of being in a position to be asked constantly by law enforcement to help decrypt its phones, just for the sheer volume of requests that will be coming if they do....
    • by wickerprints ( 1094741 ) on Wednesday February 17, 2016 @12:19AM (#51525449)

      After reading Apple's iOS Security Guide white paper, it is doubtful that Apple can write any kind of software to load onto the device to permit any of those options. This is because once the device is locked, it will not install any updates to the operating system. The boot firmware is already installed and automatically runs when the device is turned on. Updating the operating system requires the device password. These functions are cryptographically secured. See the section "Keybags," subsection "Escrow Keybag" in the paper. The auto-erase and time delay features are enforced by the Secure Enclave in hardware, and cannot be circumvented.

  • by gweihir ( 88907 ) on Tuesday February 16, 2016 @11:41PM (#51525309)

    The perpetrators are contained. Finding out why they did it has time and can be done slowly and the old-fashioned way. The only thing they are doing here is to push (again) stupidly for a thing that makes everybody much less safe: backdoors. They must not be allowed to make the current global computing infrastructure even less secure as it is today, just to cater to their laziness. These people are more of a threat than any criminal could ever be.

  • by johncandale ( 1430587 ) on Wednesday February 17, 2016 @12:25AM (#51525473)
    why? guilt is not in question. It's just a precedent thing. fbi is overfunded and now they have something to do. Why don't they use these resources on future crimes unrealated? I'll tell you why. because it's easier and more fun to tinker with this. fuck the fbi, do something useful for us.
  • by nbritton ( 823086 ) on Wednesday February 17, 2016 @03:00AM (#51525909)

    If the iPhone 5c had Touch ID this wouldn't be a problem, they could just use the persons finger to unlock the device. This illustrates why Touch ID is a bad idea if you care about your privacy. Since we only have ten fingers and the auto erase doesn't activate until after 10 failed attempts, the only thing needed to get into a Touch ID phone is a court order. The Fifth Amendment protection against self incrimination only applies to the contents of your mind, it's established precedent that it doesn't apply to your body (i.g. blood, DNA, finger prints, etc.) or property.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...