Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Iphone Communications Encryption IOS Privacy Security Software The Internet United States News Your Rights Online Apple Technology

FBI Telling Congress How It Hacked iPhone (theverge.com) 346

An anonymous reader quotes a report from The Verge: According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple's recent legal fight. Senator Richard Burr (R-NC) is also scheduled to be briefed on the topic in the days to come. [Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.] The disclosures come amid widespread calls for the attack to be made public, particularly from privacy and technology groups. However the FBI's new method works, the ability to unlock an iPhone without knowing its passcode represents a significant break in Apple's security measures, one Apple would surely like to protect against if it hasn't already. Just days after the FBI broke into the terrorist's iPhone, the FBI told law enforcement agencies it would assist them with unlocking phones and other electronic devices. We still do not know how the iPhone was hacked, nor do we know how many iPhones may be able to be unlocked from the hack. The FBI did tell USA Today the hack has not been used in any other case beyond San Bernardino.
This discussion has been archived. No new comments can be posted.

FBI Telling Congress How It Hacked iPhone

Comments Filter:
  • Diane Feinstein (Score:5, Insightful)

    by Anonymous Coward on Wednesday April 06, 2016 @08:16PM (#51857375)

    The queen of "laws for thee, but not for me."

    Guns? Why, those should be illegal! But I'm going to need some armed guards for myself, of course.

    Encryption? Consumers can't be allowed to have that! Now how do I configure my secure Senate email account?

    What a hypocritical cunt.

    • by Taco Cowboy ( 5327 ) on Wednesday April 06, 2016 @08:24PM (#51857417) Journal

      Diane Fienstein was born in the wrong country

      She fits much more snugly in a fascist state

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Wednesday April 06, 2016 @08:42PM (#51857531)
      Comment removed based on user account deletion
    • Re:Diane Feinstein (Score:4, Interesting)

      by MobileTatsu-NJG ( 946591 ) on Wednesday April 06, 2016 @10:04PM (#51857861)

      A politician who is against the ownership of guns that relies on armed protection (assuming that is even a choice they can make...) is not a hypocrite. The fact that they need those guards supports their message.

      • Re:Diane Feinstein (Score:5, Insightful)

        by LynnwoodRooster ( 966895 ) on Wednesday April 06, 2016 @10:27PM (#51857917) Journal

        I want to just give you a personal anecdote about terrorism, because less than 20 years ago, I was the target of a terrorist group. It was the New World Liberation Front. They blew up power stations and put a bomb at my home when my husband was dying of cancer. And the bomb was set to detonate at two o'clock in the morning, but it was a construction explosive that doesn't detonate when it drops below freezing. It doesn't usually freeze in San Francisco, but on this night, it dropped below freezing, and the bomb didn't detonate. I was very lucky. But, I thought of what might have happened. Later the same group shot out all the windows of my home. And, I know the sense of helplessness that people feel. I know the urge to arm yourself, because that's what I did. I was trained in firearms. I'd walk to the hospital when my husband was sick. I carried a concealed weapon. I made the determination that if somebody was going to try to take me out, I was going to take them with me.

        - Diane Feinstein, Concealed Weapons Permit holder. Concealed permits and firearm ownership was all fine and welcome and useful for Diane when she felt threatened, but we can't have the general public enjoying such luxury to protection...

        • I don't know who this person is, so I'm taking your post at face value and.. yes, that's clearly hypocrisy. What the AC wrote, which echos criticisms of other politicians I have heard (without taking the context into account...) ,is not a contradiction.

        • Re:Diane Feinstein (Score:4, Insightful)

          by AmiMoJo ( 196126 ) on Thursday April 07, 2016 @07:02AM (#51859099) Homepage Journal

          I don't know much about this women so won't defend her, but as a gender point can't politicians change their minds? Maybe she decided that carrying a gun was mostly ineffective or even made things worse overall. Not saying she did, but I know there is stuff I did 20 years ago that I wouldn't do today.

          • Re:Diane Feinstein (Score:4, Interesting)

            by anegg ( 1390659 ) on Thursday April 07, 2016 @10:23AM (#51860247)

            To me the point is the fact that she availed herself of the opportunity (to arm herself for self defense) at some point in the past when she felt she needed to, but she would now deny to others the ability to make that same choice to protect themselves. She *may* believe that it is overall for the better, but her current context under which she is reaching that conclusion is nothing like her context previously, and that (to me) makes her conclusion suspect. Strip her of her wealth and power, and all protections not available to the average citizen, place her in a more dangerous home environment, then see how whether she quickly changes her mind again.

  • by TheGratefulNet ( 143330 ) on Wednesday April 06, 2016 @08:16PM (#51857377)

    so we can't even talk about anything further.

    who is going to tell us the honest truth? all we get is the dishonest truth from every 'official' that speaks up about this.

    disinformation and even more disinformation. you'd be nuts to take anything on face value, given what's at stake.

    • by rch7 ( 4086979 ) on Wednesday April 06, 2016 @09:44PM (#51857789)

      The honest truth is that nothing on Internet or phone or computer is private. You must be nuts to believe in some overhyped security illusion on inherently insecure interconnected devices.

      Ironically, what Apple has achieved is that it will not be able to fix its security issues. The exploits are going to be sold to law enforcement agencies, or just anybody ready to pay around the world, for big money and kept secret. Maybe the times when such bugs were send to vendor for free for fixing are long gone anyway, but such cases make it even worse.

      • You are right about the days of vulnerabilities being reported to developers for 'free' being gone. This is largely due to the fact that bugs are no longer easily found by accident. It takes a lot of work to find exploitable vulnerabilities in devices and applications and exploits are in high demand. Just one zero-day for IOS can sell for hundreds of thousands $$$. (http://news.softpedia.com/news/exploit-vendor-publishes-price-list-ios-valued-above-android-496449.shtml)

        But Apple can certainly take measures

        • by tlhIngan ( 30335 )

          But Apple can certainly take measures to 'fix its security issues' Their main problem is their lack of ANY bug bounty program. Apple should give researchers some incentive to disclose vulnerabilities... No they aren't going to be able to compete price-wise with the bad guys. Zero-Days will still be sold on the black market. But by offering bounties they show the community at-large that they at least appreciate the effort involved in finding, reproducing, documenting and disclosing exploits. A well-planned b

      • by AmiMoJo ( 196126 )

        The honest truth is that nothing on Internet or phone or computer is private.

        That's a daft assertion. If you create a VeraCrypt container with a strong key and upload it to a public server, the contents are still private. Okay, maybe theoretically there might be unknown vulnerabilities or the NSA might have a quantum computer that can crack it, but it's still harder to get in to than a safe in your home or pretty much any other kind of private storage system.

        You have to be pragmatic about privacy. Otherwise you end up covering your walls in tinfoil and never going outside. Take Snow

      • by macs4all ( 973270 ) on Thursday April 07, 2016 @09:31AM (#51859865)

        Ironically, what Apple has achieved is that it will not be able to fix its security issues.

        Wanna bet? Watch them.

        Remember, the San 'Berdino iPhone was an iPhone 5C, which did NOT have the Secure Enclave chip.

        The FBI is too stupid to know the difference; but there IS a difference. A BIG difference!

        And I ASSURE you that Apple is burning the midnight oil searching for, and closing, any security holes in iOS after this FBI debacle; and is likely pushing more security into hardware; where it is MUCH harder to circumvent by anyone, even Apple.

        They are QUITE serious about this.

    • by exomondo ( 1725132 ) on Wednesday April 06, 2016 @10:41PM (#51857959)

      so we can't even talk about anything further.

      It's pretty silly to assume that in this day and age with complex systems and the device physically in the hands of those wanting to break into it that it still remains unbreakable. Yes it may have needed a bespoke solution for that particular software version but it's pretty naive and stupid to try and sweep this discussion under the rug because you believe Apple's product is completely secure.

    • by somenickname ( 1270442 ) on Wednesday April 06, 2016 @10:56PM (#51857993)

      We also don't know if the device *needed* to be hacked by a third party. To me it looked like the FBI wanted a precedent, realized it might not get the one it wanted and then decided to back down with a, "Oh, wait, we found another way" story.

      You know it's scary times when the guy wearing the tinfoil hat is starting to seem like the most sane person in the room.

    • So, no cyber pathogen then?
    • Pretty sure they can do it:

      http://blog.trailofbits.com/20... [trailofbits.com]

  • by TigerPlish ( 174064 ) on Wednesday April 06, 2016 @08:23PM (#51857415)

    More alarming than the hack is the following bit in TFS:

    [Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.]

    The "hack", as I understand, was on an 5C, which is weak by comparison to the 5S and beyond. Non-event.

    But the bit I quoted? Really? Limit what encryption consumers can have? I find that more alarming than "old-ass insecure phone got cracked."

    I hope this dies a flaming painful death before it goes anywhere.

    • by Dunbal ( 464142 ) * on Wednesday April 06, 2016 @08:44PM (#51857543)
      Let the US shoot itself in the foot. The rest of the world will encrypt.
      • Let the US shoot itself in the foot. The rest of the world will encrypt.

        Already been there, thought common sense was starting to break through, apparently not.

      • by Anonymous Coward on Wednesday April 06, 2016 @09:17PM (#51857665)

        Yeah, Apple, Google, Microsoft, Blackberry, etc should all come out publicly and say
        "We will produce secure encryption for the rest of the world, however the US government has mandated that US citizens are only entitled to 2nd best, now here is a list of YOUR representatives who voted for the bill"

        If the representative were Named, Shamed and Blamed they might just loose their cushy jobs.

      • Let the US shoot itself in the foot. The rest of the world will encrypt.

        The problem for me is that while I do not live in the US, I wind up subject to US laws, because if my Government looks like it might step out of line with what the US wants, our Prime Minister gets a round of golf with the President. I imagine he is told in private what the US wants, and the great photo ops are his payment.

      • by cdrudge ( 68377 ) on Thursday April 07, 2016 @06:26AM (#51859035) Homepage

        I remember a time when the US had all the good encryption and wasn't allowed to export it. Now the rest of the world will have good encryption and the US won't be allowed to import it.

      • Let the US shoot itself in the foot. The rest of the world will encrypt.

        If that becomes true, then phones sold in the US will have to conform or they will be considered contraband.

    • by JoeMerchant ( 803320 ) on Wednesday April 06, 2016 @09:08PM (#51857633)

      I studied cryptography in college in the 1980s - and all the same old methods still work, maybe the keys need to be a little longer today, but symmetric, asymmetric, time locks, etc, all still apply.

      So, are we going to stop teaching encryption methods in school? How about burning the textbooks, making it illegal to post on the internet, flagging people who talk about it or search for it? Every semester institutions of higher learning are training our youth in the dangerous art of secure communication, when will it stop?

      • by swb ( 14022 ) on Wednesday April 06, 2016 @09:26PM (#51857709)

        Be careful, or they will outlaw mathematics.

        • They'll get my math when they pry it out of my cold, dead cerebral cortex.

        • Be careful, or they will outlaw mathematics.

          I am seriously thinking about writing them a satirical letter thanking them for their courageous and valiant fight against mathematics but that their constituents and future constituents will not be happy until they've replaced high school algebra with a less dangerous subject like household chemistry

    • That's what it all comes down to.

    • Limit what encryption consumers can have?

      They've done it once before, when encryption was classed as a munition, so could not be exported from the US without Government authorization.

      • by blindseer ( 891256 ) <blindseer@noSPAm.earthlink.net> on Wednesday April 06, 2016 @10:53PM (#51857987)

        If encryption is a "munition" then this is not just a First Amendment issue, the Second Amendment also applies.

        Along that same train of thought, anyone besides me remember those Apple commercials touting that the then new PowerMac was considered a weapon? That same law that considers encryption a weapon also controls what kind of computers we can export. That's because computers are weapons too, I guess.

        They want to ban "undetectable" plastic guns, and the 3D printers that can create them. Then they tell us we can't even share the design files for the 3D printed guns. Can't have encryption that they cannot break, which I assume is so we can't share these gun designs without them knowing. Or even order a pizza without them knowing.

        What are these people so afraid of?

        Perhaps they fear us "peasants" might revolt.

        • by KGIII ( 973947 )

          > Perhaps they fear us "peasants" might revolt.

          If that were the case, they'd stop. Unfortunately, we're afraid of our government. It should be the other way around.

          If they thought we'd revolt, they'd stop trying to take our liberties away. A good government has a healthy respect, which is fear, the citizenry. I want my government to know they have limits and that bad things will happen if they cross the line. I want my government to remember that we're armed and how hard it is to deal with an insurgency.

      • by AmiMoJo ( 196126 )

        I don't think they'll try that again. Back then they mistakenly thought that only the US had good encryption, so export controls would prevent other countries from keeping stuff secret.

        A more likely strategy will be to simply mandate weak security on consumer devices sold in the US. The goal here is not to screw other countries, it's to screw yourselves.

    • by MrDoh! ( 71235 )
      Simple. When you setup your new iPhone, there'll be an options page;
      "Are you currently living in an oppressive fascist regime that wants to spy on everything you do?"
      And if you click that, then all the encryption is disabled. If you don't click it, then your phone is protected.
    • But the bit I quoted? Really? Limit what encryption consumers can have? I find that more alarming than "old-ass insecure phone got cracked."

      They can attempt to pass whatever laws they want. There's no putting the encryption genie back into the bottle, sorry. And ultimately, any such laws passing would be an economic blow to our nation and therefore, hasn't a snowballs chance in hell of actually becoming law.

      And just like with attempts to pass guns laws, such laws would not stop criminals from employing strong encryption, just like they won't be taking any guns away from criminals. Just silly nonsense that makes zero sense.

    • Limiting the encryption people can have will be extremely difficult when there are multiple open-source encryption libraries available in the wild. Even without access to sources, there are also many papers describing the principles behind popular ciphers which people can use as a starting point for a design of their own.

      Sounds like an unwinnable war to me. Even if the USA declares strong consumer encryption illegal and gets it removed from Google Play, iTunes, Amazon apps, etc., people who still want to us

  • by turkeydance ( 1266624 ) on Wednesday April 06, 2016 @08:33PM (#51857473)
    or are we just believing the FBI said it was?
    • by tom229 ( 1640685 )
      Right. They are presenting a non-existent technology to congress and instructing every member to not make their political career by exposing the facade. Makes sense.
    • by AHuxley ( 892839 )
      Depends on how a person now or later a legal team with real experts requesting case details understands the term "help", "everything", "requests" Hundreds of requests to unlock phones flood FBI (April 6, 2016)
      http://www.usatoday.com/story/... [usatoday.com]
      "... the agency was being inundated with requests from state and local law enforcement seeking help accessing the contents of hundreds of encrypted or damaged cellphones linked to unrelated criminal investigations scattered across the country."
      "Requests involving
  • am I misrememberinfg (Score:5, Interesting)

    by Swampash ( 1131503 ) on Wednesday April 06, 2016 @08:35PM (#51857483)

    or wasn't there some law about circumventing security measures on a computer device?

    • The DMCA only applies to circumventing encryption for the purpose of violating copyright. The phone is widely misreported in the media as belonging to the shooter. It actually belongs to the San Bernardino County government - it was assigned to the shooter as his work phone. Consequently, the county holds the copyright to everything on the phone (or more precisely since the government cannot hold a copyright, it is not copyrighted). Hence the DMCA doesn't apply.

      When they tell you not to use your work
  • I don't understand why the passphrase even matters when they've had complete physical access to the phone all along. The lawsuit was certainly an attempt to coerce apple into providing a backdoor--the FBI knew damn well it didn't ultimately need one.
    • by AHuxley ( 892839 )
      It depends on what the US gov finally got.
      What is public is the request was for a computer related solution that would fit on any gov hard drive and open any branded phone.
      Portable to take to any city, state, county, other nation and fully access any waiting phone.
      http://nypost.com/2016/03/02/f... [nypost.com] (March 2, 2016)
      "“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,
  • More importantly ... (Score:5, Interesting)

    by mattyj ( 18900 ) on Wednesday April 06, 2016 @08:38PM (#51857507)

    What info did the FBI get off the phone? I think it's generally considered that time was a crucial element in getting any meaningful info from the phone, and perhaps days or hours after the event, anything in there would be useless.

    I'm not sure anyone has yet to convince me that more encryption = more terrorism.

    • Given the crap storm they put us through, they owe us at least a rough idea of what was found. My guess is nothing. Given the diligence to use and then destroy a burner phone, he likely had nothing of note on a work phone that I'm sure they expected was not private from his employer.

  • by __aaclcg7560 ( 824291 ) on Wednesday April 06, 2016 @08:43PM (#51857539)
    How many cat videos were found on the terrorist's iPhone?
  • The whole issue (Score:3, Insightful)

    by ChrisMaple ( 607946 ) on Wednesday April 06, 2016 @08:54PM (#51857591)
    That this episode of the FBI vs Apple has come to public attention proves that the FBI is grossly incompetent. When the public (and therefor terrorists) no longer believes that phone information is absolutely safe, other means of communication will be used: government loses a powerful tool against its enemies. This is a hideous strategic blunder.
    • It's little wonder the Boston Bombers managed to do what they did. All that data and all it demonstrates is that the security services are populated by complete morons.

    • by AHuxley ( 892839 )
      The NSA and GCHQ warned against this for decades. Let people around the world think they had anonymity and privacy. Trust and enjoy the fax, phone, cell phone, computer networks for decades. The policy of collect it all ensured a constant flow of information back to the security services.

      A limitation on crypto and going to open court with a log from a phone just gets interesting people very interested in not talking on any phone.
      All this was predicted decades ago via the GCHQ that ensured it never wen
  • by JustAnotherOldGuy ( 4145623 ) on Wednesday April 06, 2016 @09:18PM (#51857671) Journal

    "Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come."

    Not only is this extremely stupid and utterly unworkable, but fuck these two maggots who think that it's their right to weaken our privacy.

  • Will the government be retroactively censoring all of the public details of encryption algorithms and wiping all of our memories? Diffie, Hellman and Merkle better watch their backs!
  • by ZipK ( 1051658 ) on Wednesday April 06, 2016 @09:42PM (#51857777)

    Feinstein and Burr are both working on a new bill to limit the use of encryption in consumer technology, expected to be made public in the weeks to come.

    When math is outlawed, only mathematicians and those who can read their papers will have math.

  • It's called man in the middle. They remove the memory chip from the iphone. The contents of the chip are read and saved with a chip reader. A device emulates that chip and hooks into the screen and touch screen input. It then brute forces all possible passcodes. It only requires someone with decent desoldering skills with a hot air wand.

  • A large agency, such as the NSA, has the necessary resources to get into the phone that was behind all this noise. This is yet another attempt to use fear and misinformation to persuade Americans to sacrifice liberty in the name of 'security.'
  • So we only have the FBI's word that they have hacked the iPhone, they may have found the password via other means for all we know. This may be an attempt by the FBI/NSA/CIA to scare people away from using iPhones as a secure communications medium. Also US laws on restricting encryption mean nothing to criminals because they will just buy a stock android phone of ebay and install a secure locked down firmware package that has encryption built in.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...