Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Encryption Government Iphone Privacy Security United States Your Rights Online Apple

FBI Delays Case Against Apple; May Have Way To Break Phone (threatpost.com) 255

msm1267 writes: The FBI has delayed its case against Apple less than a day before a scheduled court hearing and showdown over its demands that Apple help unlock a terrorist's iPhone. The government late Monday afternoon filed a motion to vacate its case, putting a halt to a saga that began in mid-February when a federal magistrate ordered Apple to help the FBI access a phone belonging to one of the shooters involved in last December's attack that killed 14 in San Bernardino, Calif.

The motion also indicates that the FBI may have found a way onto the phone without Apple's help. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [shooter Syed] Farook's iPhone," the motion says. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case."
Update 3/22/16 at 01:05:00 GMT: The story was updated to reflect the correct information that the case was delayed, not dropped. A federal judge agreed to postpone the oral arguments between Apple and the U.S. government.
This discussion has been archived. No new comments can be posted.

FBI Delays Case Against Apple; May Have Way To Break Phone

Comments Filter:
  • Um (Score:3, Insightful)

    by war4peace ( 1628283 ) on Monday March 21, 2016 @07:34PM (#51748907)

    See, life always finds a way :)
    I meant hacking! HACKING!

  • by Tehrasha ( 624164 ) on Monday March 21, 2016 @07:36PM (#51748915) Homepage

    " it should eliminate the need for the assistance from Apple Inc. "

    Until Apple fixes this exploit in the next release...

    • The next release of what? The iPhone 5c? Remember that part of the shortcoming here isn't in crypto or the OS, it was a combination of the newer iOS (8/9) with older hardware without the new security enclave (iPhone 5 and older).

      • This phone is running iOS 7, any newer version for be far harder and more destructive if you attempted to hack it.

        • No, the phone is running iOS 9 -- this is the San Bernardino phone. The phone running iOS 7 was the case in the Eastern District of New York -- which of course Apple's own law enforcement compliance statement says it will unlock when presented with a warrant, but I guess it didn't feel like it this time.

      • "The next release of what? "

        There was a new iOS point update just today. Wonder if that had anything to do with the FBI's assertion?

        • Nope. 9.3 has been in beta testing for weeks. And yesterday was Apple's spring announcements event, which included a couple of new features in 9.3. It's nothing to do with the FBI.

          Besides the FBI want a custom version of iOS to get around security on a particular phone. It does not require launching a new version to the public.

          The FBI's action today is because it was going to court today.

    • Until Apple fixes this exploit in the next release...

      The question you should be asking is why the exploit was there in the first place. The fact that the iPhone 5C had exploits was clear from the beginning, and any halfway competent Apple engineer must have known that.

      • You seems to rule out the possibility the exploit may be a hardware exploit and not a software exploit. In which case, it may not be possible to fix it unless they release another iPhone. In which case, this means as well physical access to the device is required to recover the encryption key and the data.
        • I'm assuming it is a hardware exploit. It certainly relies on the fact that the iPhone 5c hardware is not secure, and that isn't fixable. The question is: why was the iPhone 5c designed that way in the first place. Neither cost nor lack of technology account for it.
          • by delt0r ( 999393 )
            The phone is not made from tamper resistant hardware. It is not even in the threat model. It is not hard to gain the required access with sufficient application of a soldering iron.
      • Devices without exploits are the exception, not the rule.

    • The article says nothing about how they believe they can access they encryption key. It may be a hardware hack since they have physical access to the device.
    • It may not be the sort of "exploit" you imagine. Here is a big fat hint, digital logic on silicon chips is not a "black box" so you can't really hide your secrets on them if somebody can access the device physically while it is operating and checking the validity of the access code. This can be done without touching the chip.

      Meanwhile Apple now has to face the fact that a universal method has been found to compromise their technology, one that would not have been developed for the FBI if Apple had tried
    • by delt0r ( 999393 )
      The exploit is based on the fact that the pass code is too small, so its not really an exploit IMO. There is no way around offline attacks with small passwords or phrases. And if you have the hardware it is always a matter of time to do an offline attack. Hell it really isn't hard to do. Typically you can buy cracking kits off the internet, a new phone takes a little while to get kits common enough.
  • by Anonymous Coward on Monday March 21, 2016 @07:36PM (#51748921)

    Sounds like the FBI will be busy unlocking phones for hundreds of LE agencies now. Way to turn the burden around. In the meantime, the FBI posts "Now hiring for iPhone repair positions".

    • by shubus ( 1382007 )
      I still doubt they've cracked the iPhone....seems like a delaying tactic of the FBI since they're realized Apple's case is pretty strong and has a lot of support.
      • With physical access to the device, it is perfectly plausible they found a way to recover the encryption key.
  • by JoeyRox ( 2711699 ) on Monday March 21, 2016 @07:37PM (#51748929)
    The US Government knows that Apple has made encryption a cornerstone of their product strategy in order to protect their international sales in our post-Snowden era (in other words, to protect the world from the US Government). What better way to hit back at Apple for their lack of cooperation than to strike at the heart of Apple's strategy.
    • by alvinrod ( 889928 ) on Monday March 21, 2016 @07:51PM (#51749021)
      There was always a way for them to gain access to that particular phone because it was an older model that didn't have the security features of their more recent devices to prevent those kinds of attacks. Basically some hacker found that they could hook a device up the phones innards and just try brute forcing the 4-digit PIN and that if they cut all power to the device on a failed attempt quickly enough that the system wouldn't register the failed attempt and wipe the device.

      The FBI could always get into this phone, but they wanted Apple to give them the keys to get into any iPhone anytime that they wanted to. The only thing the FBI has probably done is drive Apple and other device makers to build security systems that they have no way of exploiting themselves, even if they have the ability to write a custom OS.

      The government needs to stop trying to illegally invade the privacy of its citizens. All it's really doing is to hurt US businesses because foreign countries don't want anything to do with a country that's going to spy on all of their information or communications.
      • by SeaFox ( 739806 )

        ...foreign countries don't want anything to do with a country that's going to spy on all of their information or communications.

        Really? So China gives foreign companies a free pass on communications?

        • Well, there are two possibilities:

          1) China has Apple, and every every other US tech company, compromised at the highest level, and we're all fucked.

          2) China's government is not so much comprised of shit-for-brains idiots who have to get on television to appease a bunch of even more shit-for-brains idiots by appearing to "get tough on terr'ism." as ours. And while they'd no doubt like to be able to monitor all electronic communication with more efficiency than they do; they understand that forcing tech co

      • by bigwheel ( 2238516 ) on Monday March 21, 2016 @09:42PM (#51749627)

        Basically some hacker found that they could hook a device up the phones innards and just try brute forcing the 4-digit PIN and that if they cut all power to the device on a failed attempt quickly enough that the system wouldn't register the failed attempt and wipe the device.

        But that would void the warranty.

      • Basically some hacker found that they could hook a device up the phones innards and just try brute forcing the 4-digit PIN and that if they cut all power to the device on a failed attempt quickly enough that the system wouldn't register the failed attempt and wipe the device.

        I thought iOS 8 vulnerability was fixed in iOS 9. I don't think that's the attack they're using.

        • by delt0r ( 999393 )
          It would not be that hard to simply power bits and pieces to copy an image. The test passwords till your hearts content. It is not like iPhones are tamper resistant.
  • Outside Party? (Score:5, Insightful)

    by TechyImmigrant ( 175943 ) on Monday March 21, 2016 @07:39PM (#51748943) Homepage Journal

    So who is this outside party? Who's going to be the first to file an FOIA request?

  • what he didn't already have.
  • by JMZero ( 449047 ) on Monday March 21, 2016 @07:41PM (#51748971) Homepage

    I certainly don't think that any information about this phone (or some new approach to getting info off it) is what prompted the change here. Giving up at this stage means one of two things:

    1. They flinched. They thought they'd lose, either in court or in public opinion - so they kicked the can down the road.
    2. They've already won; they know that legislation is about to become more favorable for them, and they'll have the tools they want without needing a precedent here.
    3. They've already lost; they know that there will soon be enough robust/secure devices in the wild that having leverage over companies like Apple won't actually help them (because the Apple's of the world may not be able to break their own devices)

    We'll find out which it is over the next few years.

    • by rahvin112 ( 446269 ) on Tuesday March 22, 2016 @02:01AM (#51750479)

      I shouldn't need to point out the obvious answer that everyone seems to avoid. If the FBI succeeds in this action they have precedent that they can force private companies and people to develop devices/software/whatever under threat of imprisonment for contempt of court (absolutely no appeals and you can be imprisoned until you cooperate up to life in prison). This would make the all writs act a law of incredible power allowing the FBI to impress into service any person or company with the ability to do something it needs for the investigation. Apple in this action is at best a third party, they developed and had manufactured the phone but they are neither the owner nor do they have access or the software to do what the FBI asks. The FBI is asking for them to be compelled to do work for the FBI under threat of imprisonment or divulging their most precious assets (a public release of which could decimate their company revenue).

      With the precedent of this case, If you had the skill to do something the FBI needed for an investigation they could simply compel you to do so under the all writs act and if they refuse you could go to jail until you comply. This is ALL kinds of scary and 99% of the articles and comments I read about it focus on the insignificant details of this individual complaint and not the precedent it sets.

      • With the precedent of this case, If you had the skill to do something the FBI needed for an investigation they could simply compel you to do so under the all writs act and if they refuse you could go to jail until you comply.

        Sounds like a modern version of the Quartering Acts:
        https://en.wikipedia.org/wiki/... [wikipedia.org]

  • Health (Score:4, Interesting)

    by Major Blud ( 789630 ) on Monday March 21, 2016 @07:42PM (#51748973) Homepage

    During Tim Cook's presentation today, I couldn't help thinking that they were pushing CareKit to make people start to consider how much information about their health would be on these devices, and who else could potentially have access to it. I could simply be overthinking it, but it very well could have been that he was trying to win over more people to Apple's side of the argument.

  • by Anonymous Coward on Monday March 21, 2016 @07:42PM (#51748975)

    Translation: Next time the FBI sues someone to force them to break encryption it will be someone that can't fight back, and they will get their precedence then.

  • by xeno ( 2667 ) on Monday March 21, 2016 @07:45PM (#51748995)

    The last salvo from Apple's lawyers was fairly devastating to the DOJ's case: It pointed out errors of law, errors of logic, technical mistakes and omissions, and general arrogance. The DOJ knew lat week that they were getting shot down, so they'd rather not have that happen in court where it could affect their future error-and-arrogance-filled filings.

    Last week someone pointed out that Apple has far better lawyers than the DOJ. True. Tragic, sad, demoralizing as an American, but obviously true.

    • The question is, will they be able to drop it, or not? Apple is facing over a dozen of these cases right now.

    • Re: (Score:2, Troll)

      by SvnLyrBrto ( 62138 )

      Don't forget that Tim Cook has also said very publicly that he is totally willing to go all the way to the Supreme Court over this, and said court just lost its most thuggish scumbag justice. By folding now, the FBI loses this particular round; but avoids setting a precedent and still gets to extort anyone who can't darken the sky with quite so many lawyers as an enraged Apple.

      (I'm not sure if you're referring to my post last week. But I pointed out then that, when the DoJ thought to take on IBM in the '7

      • I suspect Scalia would have backed Apple's arguments.

    • by Darinbob ( 1142669 ) on Monday March 21, 2016 @11:43PM (#51750087)

      Don't think the lawyers are necessarily better or worse. Apple has the larger budget to spend on this one issue. The higher pay also does not mean that the government is stuck with the leftovers who couldn't find a better job; I have a friend who quit being a lawyer to join the FBI as an agent with much lower pay. Some people value public service.

  • by erp_consultant ( 2614861 ) on Monday March 21, 2016 @07:45PM (#51748997)

    So the government is dropping the case because some third party might have a way to break into the phone? Might have a way? So they haven't even verified that it works before dropping the case? Why not let the case proceed and if they come to find out later that the 3rd party method works then drop the case?

    Surely it can't be to save taxpayer money. That has never been a criteria for any branch of government when it comes to prosecution (errr...persecution). Maybe the FBI had a way to break into the phone all along and this was just a shakedown of Apple.

    Are we really to believe that some mysterious "3rd party" just suddenly appears a day before the case is to go to court? I call BS on this whole thing.

  • Tin foil (Score:5, Insightful)

    by rocqua ( 4252459 ) on Monday March 21, 2016 @07:47PM (#51749003)
    My guess: "shit we aren't winning in public. How do we retract this without saving face."
    • The polls between when it all started in mid-February and last week were rather telling. The numbers shifted from something like 70-30 in favor of the FBI to a nearly even 50-50 split (and that was despite the fact that the polls incorrectly phrased it as merely "have Apple unlock the phone for the FBI"). It was clear what direction things were heading as the courtroom drama stayed in the news, people became more informed, and more and more civil rights groups, companies, politicians, chiefs of various gove

  • Not dropped (Score:5, Informative)

    by maitai ( 46370 ) on Monday March 21, 2016 @07:52PM (#51749025) Homepage

    The FBI didn't drop the case. They asked for and got a continuance until April 5th.

  • by Anonymous Coward on Monday March 21, 2016 @08:02PM (#51749063)

    You don't have to break the encryption if you can subvert the code that counts the number of attempts, that could easily be done by altering one of the cpu instructions in the silicon or disabling it.. basically a brute force attack on the silicon. Another way would be to replace the CPU with a custom emulator of the CPU which could step around the sequence for destruction.. or simpler.. multiply the number of times by an arbitrarily chosen "factor".. or reset it to zero after each attempt.

    • You don't have to break the encryption if you can subvert the code that counts the number of attempts, that could easily be done by altering one of the cpu instructions in the silicon or disabling it

      Nope. You're talking about very fundamental instructions like increment, compare, load, store, etc. If you alter or break how one of them functions (not that it's at all obvious how you could do that), you'd break the CPU completely, making it unable to execute simple code.

      Another way would be to replace the CPU with a custom emulator of the CPU which could step around the sequence for destruction

      Nope. The emulator wouldn't have access to the key burned into the CPU, so it couldn't compute the key to test.

      or simpler.. multiply the number of times by an arbitrarily chosen "factor".. or reset it to zero after each attempt.

      It may or may not be possible to restore the counter value. The value is almost certainly protected against simple updates (e.g

  • FBI drops its case on the same day that both OS X and IOS have updates rolled out...
  • McAfee (Score:5, Funny)

    by dejitaru ( 4258167 ) on Monday March 21, 2016 @08:07PM (#51749101)
    Please oh please let there be a news release stating that the FBI went to John McAfee to unlock it...
  • by Proudrooster ( 580120 ) on Monday March 21, 2016 @08:21PM (#51749177) Homepage

    This is not how good lawyers work, you throw as much as you possibly can at the wall and see what sticks.

    There is no reason for the FBI to vacate unless they are 100% sure they can get into this phone. I mean wasn't this case important?

    Here is what really happened. Apple's response to the FBI's "all writs" order posed a constitutional challenge to their BS. The FBI simply didn't want to get laughed out of court or worse have this make it all the way to the Supreme Court and be told that they were abusing the law.

    Is there a way Apple can continue this ex-parte and set a precedent to stop this from being abused in the future? It would be of great benefit to all-tech-kind.

    Oh wait, late breaking news. The case is not dropped, the FBI asked for a continuance until April so they can get some better lawyers and threaten Apple behind the scenes with National Security Letters.

    So now we have an interesting play going on.

    If the FBI hacks the phone, Apple loses the security high ground.
    If the Apple hacks the phone, Apple loses the security high ground.

    This is a lose/lose for Apple, because even if the FBI doesn't hack they phone they will say they did just to spite Tim Cook and his keynote speech today.

    I see what you did there FBI, nice move, but be careful, your next move is critically important to winning the game and you can still lose.

  • . . . some brilliant agent finally thought to try 123456 on the pass code screen.

  • by cirby ( 2599 ) on Monday March 21, 2016 @09:02PM (#51749403)

    ...the local law enforcement guy who accidentally turned on the passcode after they found the phone found the Post-It note with the new code.

  • They already have all the useful information. Or Apple Backups? Anything typed into a phone is replicated many times....
  • by MitchDev ( 2526834 ) on Tuesday March 22, 2016 @07:07AM (#51751321)
    "FBI gonna get spanked in court, backs off temporarily..."

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.

Working...