Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Encryption Government

Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones (vice.com) 69

Joseph Cox, reporting for Motherboard: This week, Motherboard showed that law enforcement agencies across the country, including a part of the State Department, have bought GrayKey, a relatively cheap technology that can unlock fully up-to-date iPhones. That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products. Citing Motherboard's work, on Friday US lawmakers sent a letter to FBI Director Christopher Wray, doubting the FBI's narrative around 'going dark', where law enforcement officials say they are increasingly unable to obtain evidence related to crimes due to encryption. Politico was first to report the letter. "According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption," the letter, signed by 5 Democrat and 5 Republican n House lawmakers, reads. "However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable," it adds, referring to a recent report from the Justice Department's Office of the Inspector General. That report found the FBI barely explored its technical options for accessing the San Bernardino iPhone before trying to compel Apple to unlock the device. The lawmaker's letter points to Motherboard's report that the State Department spent around $15,000 on a GrayKey.

Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones

Comments Filter:
  • by Anonymous Coward

    Apple is too valuable of a brand, and if people realize Apple, FBI, NSA etc. are all up in your "private" shit, then people would stop buying.

    It's a simple case of "let's do and say we couldn't". There is no such thing as secure devices in the U.S., because that's the way government needs it to be, and neither Apple nor Google are above the law.

    • then people would stop buying

      The Feds could give two fucks about that; what matters to them is that dumb criminals would stop using their phones foolishly.

      • by ceoyoyo ( 59147 ) on Sunday April 15, 2018 @10:49AM (#56440925)

        All the hoo ha about backdoors does seem pretty suspicious. It's pretty trivial to write an app that stores things or communicates with unbreakable encryption and is pretty much immune to legislation. Surely smart criminals must do this already. So a backdoor would only be useful for catching dumb ones. Perhaps insisting that a backdoor is needed but does not exist is useful for catching dumb criminals AND not-so-smart ones.

        • Surely smart criminals must do this already.

          Met a lot of them, have you? ;)

        • by fafalone ( 633739 ) on Sunday April 15, 2018 @05:15PM (#56442673)
          99% of criminals fall into the 'dumb ones' category. They will use whatever is default and even if their interest in something more secure was piqued, they couldn't get the other dumb criminals they talk to about their crimes to go along with it. So whether encryption is unbreakable by default actually does have huge significance to law enforcement. It still should be since that's by far outweighed by the privacy benefit to non-criminals, but as out of touch /. is with normal people, it pales in comparison to how far removed from typical criminals it is, and there seems to be this mistaken belief that the percentage of criminals that will "just" set up a secure alternative to bad defaults is in some way significant.
          • by dgatwood ( 11270 )

            On the other hand, the dumb criminals typically leave myriad other clues that can be followed just as easily. The ones that you're going to have a hard time catching are the smart ones, and they're smart enough to use something more secure than the default. They're also the ones whose schemes are likely to cause the most damage.

    • Apple is too valuable of a brand, and if people realize Apple, FBI, NSA etc. are all up in your "private" shit, then people would stop buying.

      It's a simple case of "let's do and say we couldn't". There is no such thing as secure devices in the U.S., because that's the way government needs it to be, and neither Apple nor Google are above the law.

      They also may have been happy to instill false confidence, so some may be less careful as to what they do on their phone.

  • by Joe Branya ( 777172 ) on Sunday April 15, 2018 @10:30AM (#56440849)

    The article says Greylock can access "fully up-to-date IPhones".

    Can Greylock access Iphones that don't allow automatic updating? If Greylock can't, then Apple has given out an update that allows outsiders to access your IPhone. So much for the Apple claim to be a privacy good-guy. Even more interesting is the possibility that Apple has pushed an OS update to phones which have automatic update turned off, something we usually associate with Microsoft.

    Is there anyone out there capable of looking at the stream of bits coming-and-going and reading the flash memory that holds the updated code? And if Apple can push an update, what does that mean for the validity of the phone log when the IPhone shows up as a court exhibit? And do IPhones in Europe and China get the same treatment?

    • by Anonymous Coward

      No, all this means is that thereâ(TM)s a security vulnerability in iOS that the greykey guys are aware of, but Apple is not.

    • by Calydor ( 739835 )

      Would the sentence "can access EVEN fully up-to-date iPhones" have made better sense? The point is there's been no patch released to stop GreyLock from working.

  • There are suggestions that these hacking devices don't break the encryption, they just defeat the anti-brute-force tricks and allow the devices to be brute forced.

    If the devices don't actually defeat the encryption then a backdoor is the only way the FBI and other agencies can get into phones with passwords too strong to brute force.

  • There is an inferred belief set inside law enforcement that in order to accomplish the greater good, it is perfectly acceptable to occasionally stoop to the level of the dirty criminals. Hollywood and the entertainment industry have consistently reinforced this logical fallacy with hundreds (thousands?) of stories with protagonist rogue cops who do what needs to be done to catch the bad guy.

    The problem is, once you stoop to a despicable act, it is so much easier to stoop the next time. (K. Hepburn)

    The

    • It's not easy being the good guys

      Fortunately for the FBI, "being the good guys" has never been their mission statement.

      • FBI IS the bad guys (Score:1, Interesting)

        by Anonymous Coward

        It is their mission statement. They just seem to ignore it now.

        McCabe leaked classified information to WaPo (his lawyer says he was authorized to do so, but no one else is claiming that). He then lied 5 times at least when questioned by the FBI if he leaked that information or authorized the leak. He now claims he is the good guy and Trump is the bad guy.

        Comey used Russian propaganda to sign off for a FISA warrant to spy on Trump campaign. He failed to verify the information and lied to the FISA judge c

    • by Sebby ( 238625 )

      The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle... sometimes the good guys have to carry the enormous burden of a moral compass during the pursuit of the most immoral.

      You mean like the FBI knowingly hosting a child porn site [slashdot.org]?

    • by NormalVisual ( 565491 ) on Sunday April 15, 2018 @12:15PM (#56441313)

      The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle

      Which also means that we as a society have to deal with the fallout from such rights. For instance, the fact that it's legal to buy and sell alcohol means that people WILL die as a result of drunk driving, regardless of the laws against that particular act. You can't have one without the other, and if you truly stand for freedom, you accept that. We can take other steps to prevent those deaths, but they'll always be an inherent cost of preserving that right.

      • With alcohol, if you go back to Prohibition, it teaches that trying to take the right away by force of law will actually result in more death than just letting people have the right. This is a lesson we've sadly forgotten, as both right and left cheer for longer sentences, torturing pain patients and keeping them bedridden- sometimes ending in suicide, and the massive spike in overdose deaths from black market substitutes all so that we could "do something" about opiates being overprescribed in a medical se
        • by pnutjam ( 523990 )
          I certainly opiate rx's should be limited, however I also think addicts or long term users should have options to declare themselves as such and get what they need without black markets.

          I wish the pro life people would figure this out. You can't ban social problems, you can only manage the causes. If pregnancy wasn't a $10k condition that caused loss of life [womenshealthmag.com], evictions, long term economic uncertainty; abortions would decrease naturally.
    • The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle... sometimes the good guys have to carry the enormous burden of a moral compass during the pursuit of the most immoral.
      Must be cool to live in a country where the law enforcement can search your device without warrant and could put any evidence it needs onto it or can claim it found it on the device.
      That is indeed a precious freedom for a random police yahoo ...

  • You sure? Of course they never lie. How could you possibly believe such a thing...

  • by K. S. Kyosuke ( 729550 ) on Sunday April 15, 2018 @11:23AM (#56441063)

    However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable"

    FBI: "I wish to plead incompetence."

  • by david.emery ( 127135 ) on Sunday April 15, 2018 @12:01PM (#56441265)

    Anyone seen 'proof' this GrayKey thing actually works?

  • by markdavis ( 642305 ) on Sunday April 15, 2018 @01:01PM (#56441531)

    >"That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products."

    To me, it is completely irrelevant whether they can or can't unlock consumer devices. The PRINCIPLE remains the same- the government does not and should not have a "right" to ruin security in the name of "safety". I don't care how inconvenient it this makes it for them to do their job. The statements about not necessarily needing it due to hacking products shouldn't distract from the real thing at stake here- personal privacy and freedom.

    There simply is no way to have have it both ways. When you have "back doors" in encryption, there will be no security/privacy anymore.

  • A technique that has been used for years to break keyboard-based locks is to dust the keyboard and see where on the keyboard or screen where the user has been touching. In the case of iPhones, unless the user wipes their screen off after every use, it's likely their touches will still be present on the screen.

    If you know the passcode is 4 or 6 digits and have a good idea what the numbers are, it makes it a bit easier to brute force, Will they get in under the max count? Maybe.

    To combat this technique, se

    • In the movies, the keypads are numerical and single purpose. You're talking about a touch screen device. Now with fingerprint and face unlocks. Not saying you can't still find a picture unlock smudge or something, but it's not the same as the convenient movie cliché.
  • gone are the good old days when companies were controlled by the 'right ' people
    and were always compliant with the authorities.

If you want to put yourself on the map, publish your own map.

Working...