Apple has requested a court in New York to rule finally whether it can be compelled to assist investigators to break the passcode of an iPhone 5s belonging to a defendant in a criminal case.
The Department of Justice, citing a statute called the All Writs Act, tried to get help from Apple to bypass the security of the phone in government possession.
Apple's lawyer said in a letter to U.S. Magistrate Judge James Orenstein of the U.S. District Court for the Eastern District of New York that the company would like an order as it has received additional requests similar to the one underlying the case before the court.
The company "has also been advised that the government intends to continue to invoke the All Writs Act in this and other districts in an attempt to require Apple to assist in bypassing the security of other Apple devices in the government's possession," wrote Apple's counsel Marc J. Zwillinger in a letter Friday.
[...]
Apple now also argues that the matter is not moot because "it is capable of repetition, yet evading review." The question of whether a third party like Apple can be compelled to assist law enforcement in its investigative efforts by bypassing the security mechanisms on its device has been fully briefed and argued, according to the letter. "The Court is thus already in a position to render a decision on that question," Apple said.
[Continues...]
[...]
Judge Orenstein had earlier expressed doubt whether the government could use the All Writs Act to force an electronics device provider to assist law enforcement in its investigations and had asked Apple for comments on whether executing the order would be unduly burdensome.
The All Writs Act gives federal courts the authority to issue orders that are "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." But as the Electronic Frontier Foundation pointed out, the Act is "not a backdoor to bypass other laws" and the Supreme Court has set out limits to the Act, including requiring that a court cannot use it to bypass other laws or the Constitution, or require third parties to assist in ways that would be "unreasonably burdensome."
Apple said it was possible to access certain types of unencrypted user data from the iPhone 5s phone running iOS 7, though it would not have been possible if it was a device running iOS 8 or higher.
[...]
The DOJ said that Apple had previously assisted investigators in federal criminal cases to extract data from password-locked iPhones under court orders. Apple said its previous acquiescence to judicial orders does not mean it consents to the process.
Related Stories
Russia Today reports
The US public doesn't need a Digital Security Commission; they need the FBI to stop deceiving everyone and tell the truth that it wants to spy on Americans, John McAfee, developer of the first commercial anti-virus program told RT's Ed Schultz.
[...] "The FBI wants Apple to change their software so that it removes the check for security, so that we don't check for security anymore. Once it has that software, they can use that software on any phone. But they say they only need it for one phone."
[...] "You need a hardware engineer and a [software] engineer. The hardware engineer takes the phone apart and copies the instruction set, which are the iOS and applications, and your memory. And then you run a program called a disassembler, which takes all the ones and zeros and gives you readable instructions. Then the coder sits down and he reads through. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your pad. It'll take half an hour. When you see that, then he reads the instructions for where in memory this secret code is stored. It is that trivial--a half an hour.
...The FBI knows this, Apple knows this."[...] "In either case, if they (the FBI) don't know, that is tragic; if they do know it, then they are deceiving the American public and Apple and everyone else by asking for a universal key."
Video
Do you see any flaws in McAffee's explanation?
Previous: Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones
Seems Like Everyone has an Opinion About Apple vs. the FBI
Update: TPP-Exposing Journalist Ed Schultz Lands on His Feet at RT
John McAfee Announces He Will Run For President of the United States
(Score: 4, Insightful) by Tork on Tuesday February 16 2016, @05:41PM
The DOJ said that Apple had previously assisted investigators in federal criminal cases to extract data from password-locked iPhones under court orders. Apple said its previous acquiescence to judicial orders does not mean it consents to the process.
Yep. As proof they recently re-engineered their phone's OS so they can no longer serve that process.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 3, Disagree) by Runaway1956 on Tuesday February 16 2016, @06:19PM
If gubbermint wants to appropriate a company's services, then gubbermint needs to pay for those services. Apple needs to submit a bill every time they are ordered to unlock something, with astronomical charges. Of course, the fact that Apple has no means to unlock thier customer's phones makes that idea even better. Hire out techs to the government at $1000/hr, knowing full well that the techs can't deliver the goods. Pop some popcorn, sit back, and wait for gubbermint to get a clue.
(Score: 4, Insightful) by archfeld on Tuesday February 16 2016, @06:33PM
Whom do you think foots the $1,000/hour bill to pay Apple ??? That is not a very good use of my tax dollars I think. Maybe they could just bill YOU!!!
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 16 2016, @06:48PM
Heh, like any of your tax money is being spent well. You want to complain about wasted tax dollars look at those new multirole jets.
(Score: 2) by archfeld on Tuesday February 16 2016, @08:04PM
While I can't disagree with the F35 waste issues, does one massive waste justify another ?? Following that logic certainly helped get us in the hole we are now looking up from.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 4, Insightful) by frojack on Tuesday February 16 2016, @07:56PM
The issue is not who pays for the work.
The issue is Forced Servitude and privacy.
Go read about the All Writs act. It makes you a slave of the government.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday February 16 2016, @10:52PM
Thank you, frojack and thank you, Apple.
--13th Amendment to the US Constitution [wikipedia.org]
The work demanded of Apple has nothing to do with a conviction for a crime.
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @01:18AM
Easy... make Apple a criminal under a(n un)related law and there you have it.
(Score: 2) by Runaway1956 on Wednesday February 17 2016, @02:20AM
That is the debate, though. Power hungry office holders insist that the all writs gives them the authority to enslave whoever they like. Apple, and others, argue that the all writs was never intended to be used in the manner it is being used.
(Score: 3, Interesting) by jmorris on Tuesday February 16 2016, @07:35PM
Pretty obvious that any competent judge will rule the Government has a legal right to seize a phone and a legal right to read the contents. If Apple has the technical ability to unlock it they will be ordered to comply with a valid warrant since they will be ruled as in 'possession' for legal purposes. Maintaining a walled garden has downsides, the gardener can't claim they aren't in control. If the device is still capable of receiving an over the air update, and it almost certainly is, they can indeed unlock it. Never believe they can't send an update without user consent. They might surrender that control eventually if it is the only way to avoid these legal problems, but that probably isn't the way to bet.
(Score: 3, Insightful) by isostatic on Tuesday February 16 2016, @07:39PM
Can a locksmith be compelled to pick a lock?
(Score: 2) by KilroySmith on Tuesday February 16 2016, @07:57PM
Can a locksmith who is paid for their time be compelled to pick a lock?
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @03:18AM
If the locksmith accepted payment in advance for picking a lock, then refused to pick it, then yes. That's not what's happening here.
The 13th Amendment has been copy-pasted elsewhere in this thread. It prohibits "involuntary servitude" except as a punishment. "Forced labor" has, I believe, an identical meaning. Can we agree that unpaid labor and forced labor are not always synonymous, and that someone might be unwilling to work even for what you or I might consider a handsome payment? You've heard the expression "you couldn't pay me enough to do that".
Last month, Apple Inc. reported $18.4 billion in net income.1 The government is offering it $1000 per hour to break into this phone.2 The company is not in the habit of breaking into its customers' phones. A likely result of complying would be bad publicity for the company, harming its sales substantially. The payment is a pittance in comparison to the potential losses. It's possible to break into a locked iPhone but it may be that the government's prosecutor doesn't want to talk to a forensics technician or just wants to make a splash with this legal tactic.
1. https://www.apple.com/pr/library/2016/01/26Apple-Reports-Record-First-Quarter-Results.html [apple.com]
2. c.f. https://www.youtube.com/watch?v=UBcPx8RvHR8 [youtube.com]
(Score: 1, Troll) by kurenai.tsubasa on Tuesday February 16 2016, @08:03PM
I'm pretty sure he can. On the other hand, he also has the tools to do so. Failing that, I'm sure the right kind of equipment (knowing next to nothing about metal cutting) would make short work of an Enforcer Lock [transportsecurity.com] assuming there still exist no known methods to pick one.
Frankly, this debacle with Apple is becoming tiresome. It's nothing but a dog and pony show. If the government is really saying they can't get an HDD image off an iPhone, which seems to be the implication with this “device” they have that tries 7 pins per hour, they completely fucking fail. As I've said before, once the HDD image has been dumped, all that's necessary is to throw it at a John the Ripper cluster equipped with the correct key derivation function to guess the password that has to be entered at least once after booting, which would “crack” the encryption a lot fucking faster, even though we're now talking about an alphanumeric password, than this limp-dick 7 pin/hr approach.
The bad joke is that the public buys this bullshit. One would almost conclude that this is all just a PR campaign by Apple. Buy our iThingies! They're INVINCIBLE!
(Score: 3, Insightful) by jmorris on Tuesday February 16 2016, @08:47PM
Please don't pontificate on things you obviously don't know jack about. K?
Modern phones encrypt the on flash image based on a key stored inside the SoC and randonly selected at each phone's birth. Imaging the device would therefore be entirely pointless. What would work is convincing Apple to target a mandatory over the air update to that one particular phone which would wipe the display lock code out. Assuming Apple still retains the capability of sending an over the air update marked such that it automatically downloads and installs vs asking the user for permission first.
Police started routinely grabbing phones at every opportunity and imaging them, so the device makers responded with full disk encryption and making sure they didn't retain, and in many cases even ensuring the user can't even get it from a running phone, the device key. It is a battery killer though so some people don't really like it and some devices can switch the feature off.
(Score: 2) by kurenai.tsubasa on Tuesday February 16 2016, @09:32PM
Oh screw off. The only thing I don't know about crypto is how to implement the algorithms if I had to do so from scratch and memory. There. Traded insults and finally got somebody to verify that this thing is using a hardware held (likely symmetric) key.
So right. Yes, in that case simply imaging the HDD wouldn't be good enough. However, that invalidates Apple's claim that it's impossible to retrieve the data. The OTA update approach you'd mentioned is the best idea. Create a base station with an OTA update that obviates both the password and pin checks or else just simply exposes the entire encrypted filesystem as a USB mass storage device or similar. Hell, an OTA update that simply turned the phone into a device that booted to a USB mass storage gadget exposing the filesystem would be enough. Create the image from here. *boom* Decrypted.
Big HOWEVER. What's stopping the government from sending a subpoena to get the correct things they would need to create such a base station? All the government is doing is going “Hurr durr decrypt it liek u did b4!” If Apple has no way of decryption, that would imply a key derivation function, thus implying my original solution of John the Ripper against the encrypted HDD image. If Apple has a way (because the damned OS needs to boot and update somehow, which implies access to the hidden key on the SoC and that somebody has the magic signing key required for an OTA update) but is holding out, throw the book at 'em I guess.
(Score: 2) by frojack on Wednesday February 17 2016, @01:07AM
a mandatory over the air update to that one particular phone which would wipe the display lock code out.
So that would leave the phone permanently encrypted, because that is its normal state.
It is a battery killer though so some people don't really like it
Its not a battery killer. You will never notice the difference.
Encrypted storage adds almost nothing to battery usage. (And this is also true of your laptop).
Some tasks are slower on some phones, (but not all) but it takes a benchmark to see it, and it doesn't affect over all battery usage.
No, you are mistaken. I've always had this sig.
(Score: 2) by hemocyanin on Wednesday February 17 2016, @06:29AM
I'm very interested in understanding this, but I don't understand why imaging would be pointless. Is there some double encryption going on -- once with the phone's key and once with the user's key? I could see how that would throw in a monkey wrench because you'd end up decrypting to encrypted content, which would look like failure even successful. But anyway -- honest question -- please explain more.
(Score: 3, Interesting) by jmorris on Wednesday February 17 2016, @08:35AM
Ok, lets break things down in detail. If there are detailed docs on the Apple SoC in the wild I don't have it but I do have docs on the Tegra line and the theory is going to be similar.
So inside the SoC we are interested in a few parts. The CPU itself of course but also the fact it has a small ROM, a small amount of SRAM and a hardware crypto engine inside along with some one time programmable 'fuses.' All this means is when power hits or a RESET occurs it begins entirely inside the one chip so no peeking at the external pins during the first critical steps.
Step one is examine one of the fuses for 'Production Mode' and if it isn't set skip all this and just get on with it, developer mode. We will assume this is set. So next we get the Secure Boot Key (per product key so all bootloaders for a product are keyed the same) and Device Key (randomly picked, typically by the bootloader, when the device is first booted up without a key set. i.e. at the factory.). These are loaded into the crypto engine and a one way gate set so they can't be read back out or overwritten until the RESET signal occurs, transferring control back into internal ram/rom. Another one way gate is flipped preventing anyone else from reading the fuses with the keys. Another set of fuses with a public key for RSA crypto is left visible. Public key so it doesn't matter.
Ok now we program the flash controller for the most pessimistic access timing and read a table from a known location. This gets decrypted (Tegra uses the SBK, Apple? Could be either, if they need this step at all) before use. This gets us the parameters to reprogram the flash for the chips we actually have for performance and more important to get the external SDRAM chips running.
Now we can read the partition table, find the bootloader and transfer it into SDRAM and decrypt it. Tegra uses the SBK for this and can also verify an RSA signature on later chips. We still haven't executed a single byte from outside the SoC to this point btw. But now we make the leap of faith that the signature is good, or the decryption at least got the right 'magic' so we believe we have a trusted bootloader sitting in memory. Enable the WatchDog Timer and Jump.
The bootloader (beyond a lot of other stuff like rescue modes) loads the OS and at least checks an RSA signature and in Apple's case probably decrypts it first. A big question is which key they use. They are implying they use the Device Key.
Once the OS loads it also uses the crypto engine to read/write all user data using the Device Key. Remember that while it can encrypt and decrypt there is no way for the OS to read back the actual key. Even root is prevented because it is a one way hardware level lock.
All phones have some sort of rescue mode. The big questions are what sort protections did they put into their rescue mode? Also, is the device key in fuses or can it be changed after the first burn at time of birth? Both have important security implications. Rescue mode is the final way that it could be unlocked, but only by Apple since only they could RSA sign a new bootloader image that could open up a hole. For example they could write a bootloader that looked up the publicly visible serial number or IMEI and if it matched the one in the warrant make an unencrypted view of the flash appear as USB Mass Storage.
Note that truly determined and well funded foes have options. They could watch the bus and just as it was about to transfer control to the external ram, write to it from an external device clamped to the chip and write some evil bits directly into RAM. Or take advantage of the fact it spends most of the time with the SoC powered down and the RAM in self refresh. Clamp on and corrupt the running in memory OS image to compromise the system and then return the RAM to self refresh and remove the clip on probe. Then tap the power button and no lock.
(Score: 2) by kazzie on Wednesday February 17 2016, @06:41AM
I'm not very familiar with Apple devices, but wouldn't the current OS require you to (unlock the phone and) accept the update before it's installed?
(Score: 1, Offtopic) by kurenai.tsubasa on Tuesday February 16 2016, @11:32PM
I've obviously pissed somebody off today.
CISGENDER CISGENDER CISGENDER CISGENDER CISGENDER CISGENDER
There you go. Hope you're nice and triggered.
(Score: 1) by nitehawk214 on Tuesday February 16 2016, @08:11PM
A lock that is specifically designed so that only one locksmith can open it... probably.
Whether or not this is right, iduno.
Whether this analogy is breaking down, almost certainly.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 1, Informative) by Anonymous Coward on Tuesday February 16 2016, @09:07PM
But in this case the lock is specifically designed so no locksmith can open it. I think the issue is whether the government can tell apple to redesign the lock.
(Score: 3, Insightful) by DannyB on Tuesday February 16 2016, @08:11PM
Just because a device can receive an over the air update does not mean that Apple can magically break encryption.
Now Apple could develop (at whose expense?) an OTA update that collects the password the next time the user unlocks the encryption.
But should Apple have to develop this? Even if the government pays, it cannot pay Apple for the lost opportunity cost of diverting resources from developing new products. Money cannot make up for time-to-market.
In this situation, Apple could selectively deploy such an OTA update to a single target. But then this is just the camel's nose under the tent, or the foot in the door.
The real question you're dancing around by suggesting that Apple COULD defeat encryption by expending tremendous resources is really this:
Should Apple (and everyone else) be LEGALLY BARRED from building a secure product?
Even though there may be no such law in writing. The effect becomes just the same. If you can, through tremendous cost and effort, manage to defeat encryption, then you should be required to do so at the government's mere whim and slightest wish.
The lower I set my standards the more accomplishments I have.
(Score: 4, Interesting) by jmorris on Tuesday February 16 2016, @09:09PM
Another who doesn't actually understand the issues involved. Since this seems common lets break it down into easily digested bits.
When a modern phone boots a per device key stored inside the SoC is loaded into the hardware crypto engine in such a way that it can't be read back out but can encrypt/decrypt blocks.
The phone boots. The screen lock is a hashed copy of the PIN stored somewhere in the filesystem. The phone in question is in the state of being bootable and so long as the carrier has kept being paid it is on the cell network. It may or may not have WiFi enabled and automatically attach to known APs. It is capable of receiving OtA updates. It could probably receive a call but that won't help since that doesn't get past the screen lock.
The big question is whether Apple is lying about being unable to send a mandatory OtA update. If they really can't update the phone without the user's permission the argument is essentially over. The only thing that could be done to the phone is a wipe to factory state which would make the phone usable again but end any hope of recovering data from it.
If they can update it remotely they can push an update to it that sets the screen lock to disabled. They can do this because they phone is booted and running so the unbreakable full disk encryption is not an issue, only the screen lock code which isn't much of a problem if you can get code to run at root level on the device.
Apple is based on control. The safe money is on their being able to remotely patch if they really want to. They really do not want to admit this for reasons which should be entirely obvious but since this post is about laying out what should have been obvious.... They do not want their users to know they are living in a walled garden with a paranoid control freak gardener.
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @12:42AM
I don't have an iPhone to check on, but can you disable airplane mode from the lock screen? If not, seems to me that airplane mode would essentially brick the phone for anyone without the pin.
(Score: 1) by DannyB on Wednesday February 17 2016, @02:05PM
You are right about something I missed. Can Apple send a mandatory OTA update.
If so, then they can compromise your device so that the next time YOU unlock it, the bad guys can then get into it.
But if Apple cannot force an OTA update, then you can be fairly sure that your device has not been compromised once the bad guys return the seized device to you.
The lower I set my standards the more accomplishments I have.
(Score: 4, Insightful) by stormreaver on Tuesday February 16 2016, @09:23PM
Pretty obvious that any competent judge will rule the Government has a legal right to seize a phone and a legal right to read the contents.
So far, so good (assuming that all due process requirements have been met).
If Apple has the technical ability to unlock it they will be ordered to comply with a valid warrant....
Not so fast. This has nothing to do with a warrant, but rather with Government's creative interpretation of a law that does not appear to give the Government the power it looks to exert. Apple is right to challenge the use of the law, and should carry any loss (in the event that it happens) as high in the appeals chain as possible. Use of this law for this purpose needs to be stopped cold, and the people trying to use it should not ever be allowed in law enforcement.
(Score: 4, Informative) by frojack on Tuesday February 16 2016, @09:49PM
If Apple has the technical ability to unlock it they will be ordered to comply with a valid warrant since they will be ruled as in 'possession' for legal purposes.
Totally wrong.
Because apple removed its own ability to unlock the phone, and can not be "ruled to be in possession" of either the phone or the key to the phone.
A competent judge rules that such a stretching of the All Writs wording is not in keeping with the text of the law:
(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
This wording was slipped in in 1948 and was intended to handle administrative functions of the court. There are only a few writs that are issued by courts, and this wording was never intended to create a new form of slavery, but only to state which courts could issue the then existing writs.
No, you are mistaken. I've always had this sig.
(Score: 2) by jmorris on Wednesday February 17 2016, @02:11AM
Because apple removed its own ability to unlock the phone...
That is what this dispute is over. Nobody believes they actually did do it. It would run counter to every instinct Apple operates on to surrender control over the hardware to the customer. It would mean somebody could jailbreak it and Apple would never have the option to drop the hammer. Would not shock me to learn they can break in over the air through the modem during boot.
Another thought that just occurred is that there might be another way in. It is a certainty that you can put the phone into rescue mode, send it a new signed OS image and have it encrypt and flash it. Just as an anti-bricking measure to eliminate support problems. The big unknown is whether that would also rescramble the device key and wipe the user data area.
Been reading the Tegra manuals and reading online fora but I'm only trying to crack a Tegra3 platform. It only has a product key that remains constant over the whole line (LG P880 in my case) and a per device key is optional but unused on the one I'm going after. Tegra4 and later add the option for RSA signing of OS images. The phone I'm hacking on does not wipe the user data if you flash a new OS image. But Tegra3 or later can do the unreadable key in the engine trick but LG didn't implement it for their Android and the bootloader doesn't seem to do it entirely by the book.... but is doing something well enough that I still haven't torn the product key from it yet. Yet.
I think it safe to assume that Apple's hardware security is at least as competent as Nvidia. If is it and it was also implemented correctly up the software stack then it ain't yielding to an attack by anything less than a nation state actor or possibly Apple itself.
(Score: 2) by frojack on Wednesday February 17 2016, @02:39AM
Nobody believes they actually did do it. It would run counter to every instinct Apple operates on to surrender control over the hardware to the customer. It would mean somebody could jailbreak it and Apple would never have the option to drop the hammer. Would not shock me to learn they can break in over the air through the modem during boot.
Who is this Nobody you speak for?
Apple doesn't care a wit if you jailbreak your phone. Everyone who does so relieves them of a warranty burden. Its a cost saving to Apple.
There are a lot of people who believe that apple has in fact encrypted your phone with a key that they can not recover. The only way to continue using the phone is to factory reset it, losing all your data, and start from scratch.
Older models were encrypted with apple's key, Newer models are only encrypted with the user's key.
That was how they left the factory. However upgrading to iOS9 changed all of that.
By the way, here is a better/later article on the whole thing as it relates to the California terrorists phone Showing HOW the court expects compliance [techdirt.com]. They don't expect apple do decrypt the phone. They expect apple to provide software to allow the FBI to brute force the phone, by eliminating the ten strike and your phone is wiped trap.
The terrorists had relatively up to date software on their Iphones.
No, you are mistaken. I've always had this sig.