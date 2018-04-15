Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones (vice.com) 67
Joseph Cox, reporting for Motherboard: This week, Motherboard showed that law enforcement agencies across the country, including a part of the State Department, have bought GrayKey, a relatively cheap technology that can unlock fully up-to-date iPhones. That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products. Citing Motherboard's work, on Friday US lawmakers sent a letter to FBI Director Christopher Wray, doubting the FBI's narrative around 'going dark', where law enforcement officials say they are increasingly unable to obtain evidence related to crimes due to encryption. Politico was first to report the letter. "According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption," the letter, signed by 5 Democrat and 5 Republican n House lawmakers, reads. "However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable," it adds, referring to a recent report from the Justice Department's Office of the Inspector General. That report found the FBI barely explored its technical options for accessing the San Bernardino iPhone before trying to compel Apple to unlock the device. The lawmaker's letter points to Motherboard's report that the State Department spent around $15,000 on a GrayKey.
Apple is too valuable of a brand, and if people realize Apple, FBI, NSA etc. are all up in your "private" shit, then people would stop buying.
It's a simple case of "let's do and say we couldn't". There is no such thing as secure devices in the U.S., because that's the way government needs it to be, and neither Apple nor Google are above the law.
then people would stop buying
The Feds could give two fucks about that; what matters to them is that dumb criminals would stop using their phones foolishly.
All the hoo ha about backdoors does seem pretty suspicious. It's pretty trivial to write an app that stores things or communicates with unbreakable encryption and is pretty much immune to legislation. Surely smart criminals must do this already. So a backdoor would only be useful for catching dumb ones. Perhaps insisting that a backdoor is needed but does not exist is useful for catching dumb criminals AND not-so-smart ones.
Surely smart criminals must do this already.
On the other hand, the dumb criminals typically leave myriad other clues that can be followed just as easily. The ones that you're going to have a hard time catching are the smart ones, and they're smart enough to use something more secure than the default. They're also the ones whose schemes are likely to cause the most damage.
Apple is too valuable of a brand, and if people realize Apple, FBI, NSA etc. are all up in your "private" shit, then people would stop buying.
It's a simple case of "let's do and say we couldn't". There is no such thing as secure devices in the U.S., because that's the way government needs it to be, and neither Apple nor Google are above the law.
They also may have been happy to instill false confidence, so some may be less careful as to what they do on their phone.
I'd call them more incompetent than anything else. They received tips about the Florida school shooter including his name and what he was going to do and they did nothing. Typical big government.
I'd call them more incompetent than anything else. They received tips about the Florida school shooter including his name and what he was going to do and they did nothing. Typical big government.
After the "Fast & Furious" fiasco where the ATF were attempting to illegally allow straw-purchasers from Mexican drug cartels to buy and smuggle US weapons into Mexico to "give ammo" to the gun-control lobby, it would not surprise me at all to learn of covert 'stand-down' orders regarding the Parkland shooter (especially considering the bizarre behavior/non-action of LEOs at the scene on top of a plethora of ignored warnings beforehand), and authorities at high levels in government responsible for delib
That particular technological terror has a logistics chain that stretches halfway to Mars. That is where privately owned firearms will come into play.
Read a book on asymmetrical warfare sometime. It will change your mind.
And another big fat [citation needed] on Fast & Furious being motivated by helping gun control (a program, by the way, started under George W. Bush in 2006).
That this isn't modded down or at least Funny makes me more disappointed in the direction the comments section here is heading more than anything else, and there's heavy competition, even though I do agree that violence is way down and our government is becoming a hostile occupying force, not to mention fully support the 2nd.
As soon as a case where the phone was unlocked with this 'tool' comes to court, the defence will challenge the evidence and independant 3rd parties will examine the device. It does not take a genius to realise that the 'magic sauce' that makes this work will soon become public.
If Apple does not already know about this and not already patched it then they are slipping and slipping badly.
The game of cat and mouse is about to go to another round.
Is Apple coooperating with the authorities? (Score:4, Interesting)
The article says Greylock can access "fully up-to-date IPhones".
Can Greylock access Iphones that don't allow automatic updating? If Greylock can't, then Apple has given out an update that allows outsiders to access your IPhone. So much for the Apple claim to be a privacy good-guy. Even more interesting is the possibility that Apple has pushed an OS update to phones which have automatic update turned off, something we usually associate with Microsoft.
Is there anyone out there capable of looking at the stream of bits coming-and-going and reading the flash memory that holds the updated code? And if Apple can push an update, what does that mean for the validity of the phone log when the IPhone shows up as a court exhibit? And do IPhones in Europe and China get the same treatment?
No, all this means is that thereâ(TM)s a security vulnerability in iOS that the greykey guys are aware of, but Apple is not.
Re: (Score:2)
Would the sentence "can access EVEN fully up-to-date iPhones" have made better sense? The point is there's been no patch released to stop GreyLock from working.
Could be about stronger passwords (Score:2)
There are suggestions that these hacking devices don't break the encryption, they just defeat the anti-brute-force tricks and allow the devices to be brute forced.
If the devices don't actually defeat the encryption then a backdoor is the only way the FBI and other agencies can get into phones with passwords too strong to brute force.
It's not easy being the good guys (Score:2, Insightful)
There is an inferred belief set inside law enforcement that in order to accomplish the greater good, it is perfectly acceptable to occasionally stoop to the level of the dirty criminals. Hollywood and the entertainment industry have consistently reinforced this logical fallacy with hundreds (thousands?) of stories with protagonist rogue cops who do what needs to be done to catch the bad guy.
The problem is, once you stoop to a despicable act, it is so much easier to stoop the next time. (K. Hepburn)
It's not easy being the good guys
Fortunately for the FBI, "being the good guys" has never been their mission statement.
Re: (Score:2)
The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle... sometimes the good guys have to carry the enormous burden of a moral compass during the pursuit of the most immoral.
You mean like the FBI knowingly hosting a child porn site [slashdot.org]?
The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle
Which also means that we as a society have to deal with the fallout from such rights. For instance, the fact that it's legal to buy and sell alcohol means that people WILL die as a result of drunk driving, regardless of the laws against that particular act. You can't have one without the other, and if you truly stand for freedom, you accept that. We can take other steps to prevent those deaths, but they'll always be an inherent cost of preserving that right.
Re: (Score:2)
Re: (Score:2)
The freedoms we enjoy are quite precious, and the sacrifices made to preserve them do not all occur on the field of battle... sometimes the good guys have to carry the enormous burden of a moral compass during the pursuit of the most immoral.
Must be cool to live in a country where the law enforcement can search your device without warrant and could put any evidence it needs onto it or can claim it found it on the device.
That is indeed a precious freedom for a random police yahoo
Law enforcement officers lying? Never?! (Score:2)
You sure? Of course they never lie. How could you possibly believe such a thing...
Economical with the truth (Score:2)
A British Civil servant's contribution in bringing the phrase to public awareness
https://en.wikipedia.org/wiki/... [wikipedia.org]
Quoting Monty Python... (Score:4, Insightful)
However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable"
FBI: "I wish to plead incompetence."
Independent verification Greykey works? (Score:3)
Anyone seen 'proof' this GrayKey thing actually works?
PRINCIPLE (Score:3)
>"That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products."
To me, it is completely irrelevant whether they can or can't unlock consumer devices. The PRINCIPLE remains the same- the government does not and should not have a "right" to ruin security in the name of "safety". I don't care how inconvenient it this makes it for them to do their job. The statements about not necessarily needing it due to hacking products shouldn't distract from the real thing at stake here- personal privacy and freedom.
There simply is no way to have have it both ways. When you have "back doors" in encryption, there will be no security/privacy anymore.
One way to break passcodes (Score:2)
A technique that has been used for years to break keyboard-based locks is to dust the keyboard and see where on the keyboard or screen where the user has been touching. In the case of iPhones, unless the user wipes their screen off after every use, it's likely their touches will still be present on the screen.
If you know the passcode is 4 or 6 digits and have a good idea what the numbers are, it makes it a bit easier to brute force, Will they get in under the max count? Maybe.
good old days (Score:2)
gone are the good old days when companies were controlled by the 'right ' people
and were always compliant with the authorities.