The Guardian is reporting that the hack on the San Bernardino shooter's iPhone 5C will not work on newer iPhones.
The FBI director confirmed that the hack works on the iPhone 5C and older Apple smartphones, but not newer models with a fingerprint sensor. This is probably because older phones lack the so-called secure enclave, which protects passcodes, security keys and handles the security of the phone's encryption system.
Comey confirmed that the FBI bought a tool from a third party, negating the need to continue its legal action against Apple. But the FBI has yet to disclose publicly how the hack that unlocked the iPhone 5C works, despite informing senators about it.
Comey said: "We're having discussions within government about it ... if we tell Apple they're going to fix it and we're back to where we started."
The FBI director ended by reassuring everyone...
Comey wouldn't comment on who the company or persons the hack was purchased from. He would only say that "their motivations align with ours" and that the FBI and the hack provider were "very good at keeping secrets".
Related Stories
James Comey has been asked by President Trump to stay on as Director of the Federal Bureau of Investigation. Comey is three years into a ten-year term.
News at NYT (which broke the story), USA Today, Washington Post, CNN, and The Hill.
Here's the bulk of our extensive past coverage of FBI Director Comey's career (oldest first):
2014:
FBI Director Concerned about Encryption on Smartphones
F.B.I. Director Calls "Dark" Devices a Hindrance to Crime Solving
To FBI Director Comey: You Reap What You Sow!
2015:
F.B.I. Has No Doubt that North Korea Attacked Sony, says Director
FBI Chief Links Video Scrutiny of Police to Rise in Violent Crime
2016:
Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone
FBI Unable to Decrypt California Terrorists' Cell Phone
FBI vs. Apple Encryption Fight Continues
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
Apple Lawyer and FBI Director Appear Before Congress
FBI Error Locked San Bernardino Attacker's iPhone
FBI's iPhone Hack Only Works on 5C and Older
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Director Blames 'Viral Video Effect' for Spike in Violent Crime
FBI Recommends No Prosecution for Clinton
FBI Chief Calls for National Talk Over Encryption vs. Safety
(Score: 2) by hemocyanin on Friday April 08 2016, @06:50PM
Protect us from harm asshole. Reveal the exploit.
(Score: 5, Informative) by edIII on Friday April 08 2016, @07:01PM
Exactly. This is why America is going down the fucking tubes at breakneck speed WRT technology, encryption, software, etc.
Our government openly admits that our technology being broken is more advantageous for them. It's a complete disconnect between the needs of security, our economic needs, and our Constitutional rights. How is this assclown allowed to remain in government, when he is so hostile towards the rest of us?
NOBODY is very good at keeping secrets anymore, and unless that exploit is secret forever, and cannot be rediscovered by anyone else, that exploit only hurts us while not being disclosed. At least being properly disclosed to Apple so they can attempt to fix it first.
It's hard enough trying to create a high state of security when the people that are supposed to be protecting you are actively seeking your lowered state of security.
Fuck Comey.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Gaaark on Friday April 08 2016, @08:58PM
The hack provider is very good at keeping secrets because 'dead men tell no tales'?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by SanityCheck on Friday April 08 2016, @07:24PM
If he did that then KGB... I mean FSB would stop selling them the exploits. Yes saying their interests align with ours was a dead give-away Comey! (His name didn't help).
(Score: 4, Insightful) by Anonymous Coward on Friday April 08 2016, @07:29PM
How to know when you live in an authoritarian society:
In a liberal society it is the job of the police to make the citizens' lives easier.
In an authoritarian society it is the job of the citizens to make the police's lives easier.
(Score: 2) by ticho on Friday April 08 2016, @07:46PM
I wonder whether some aide/advisor/flunkey already explained Comey how much of a PR disaster he made with that simple statement. He basically loudly confirmed all those years, decades of suspicions - once held only by the paranoid - that govt. organizations do not really care about safety of their citizens.
Not that any confirmation was needed, but still, I find the shameless statement pretty shocking.
(Score: 1) by Francis on Friday April 08 2016, @09:02PM
It doesn't sound like there's any point in them revealing the exploit. It sounds like Apple has already closed whatever loophole the exploit uses to access the data. So, unless you're running a phone that's vulnerable, you should be fine.
(Score: 0) by Anonymous Coward on Saturday April 09 2016, @01:11AM
Yeah apple is not going to fix it for older phones, so don't reveal it, so atleast scriptkiddies can't take advantage of it.
(Score: 2, Informative) by lando on Friday April 08 2016, @09:06PM
(Score: 2) by archfeld on Friday April 08 2016, @07:13PM
The referenced company is more likely the nation of China, Syria, or Israel, and they probably have a means to break into the other models but wouldn't offer a deal on multiple purchases, or honor the Dominoes coupons the FBI was offering.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 3, Insightful) by Gaaark on Friday April 08 2016, @09:00PM
Or the referenced company is Apple, and Apple has a VERY GOOD REASON to keep that a secret.
???
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 5, Informative) by Gravis on Friday April 08 2016, @07:14PM
Comey said: "We're having discussions within government about it ... if we tell Apple they're going to fix it and we're back to where we started."
what happened to "we just want to unlock this one iPhone"? it seems to me that someone needs to be put in jail for perjury.
(Score: 0) by Anonymous Coward on Friday April 08 2016, @09:12PM
How is this perjury? Besides the fact that they were expressing a desire, which isn't some legally binding commitment, their desire was unfulfilled. They asked Apple to unlock just this one phone and Apple said "no". Case closed. Now they purchase a tool to unlock many phones. They are two separate things.
I am very grateful that the real world legal system doesn't hold perjury to the levels that many around here do.
(Score: 0) by Anonymous Coward on Friday April 08 2016, @10:29PM
Yeah, because then authoritarian scumbags who abuse their powers and lie (like the NSA directory lied to congress) would actually be held accountable.
(Score: 0) by Anonymous Coward on Saturday April 09 2016, @01:17PM
How is this perjury?
The FBI's court filings, as well as Comey's Congressional testimony, repeated the "only this one phone" mantra and steadfastly denied this would be president setting. So that's in the perjury ballpark.
(Score: -1, Spam) by Anonymous Coward on Friday April 08 2016, @07:14PM
Lecter: What did Miggs say to you? Multiple Miggs in the next cell, he hissed at you, what did he say?
Clarice: He said, I can smell your cunt.
(Score: 1, Offtopic) by bitstream on Friday April 08 2016, @07:23PM
Reminder So copy storage, blast the CPU, repeat? [soylentnews.org] from 2016-03-29.
But don't forget who has access and money to arrange with a lab that can access chips directly bypassing any pins.
(Score: 2) by archfeld on Friday April 08 2016, @07:39PM
However this comes out it will be good for Apple. Everyone on the iPhone5's better rush out and upgrade to a new iPhone for the security and safety of their really important data. I am sure that the hackers are lined up by the thousands just waiting to get at your contact list so they can have Aunt Sally's address and email.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 3, Funny) by TheGratefulNet on Friday April 08 2016, @08:28PM
it may be good for apple's business but who really knows what's safe anymore?
even apple engineering probably has multiple levels of access to the source tree and I'm quite sure (as in, I would do this if it was me) I'd have fake trees and stubs and such just to keep the build working and to keep 'prying eyes' out. any secure section of a comms device likely has that architecture to it. OR SHOULD!
the e-staff would likely sign off on who can check out that file and who can do reviews on check-ins.
so, even if you talk to regular code-writing employees who think they have full tree checkout and build privs, its likely they don't. some may know they don't, while others think they do and don't know anything different (the very existence of 'shadow build trees' is not info they are allowed to even have).
given all that - and given the hardware is locked up and the software is, as well, you have no idea what's going on. there could be levels of alternating 'fools' to let various people at various levels think they know what's going on. again, I'd do that if I was a ceo and had a cisco or juniper or ciena or intel or amd apple or google under my control.
what we will never know is what the REAL build has in it. what deals were made and who got what build and what the REAL cli is, with the hidden commands and qualifiers and such.
the field is too complex, there are too many evil players and there are too many greedy-ass ceo's who will sell out their mother (or country) if it lines their pockets.
I find it entertaining that people think they have some handle on what is really going on. I clearly admit that I'll never get access at the real levels to KNOW. but I can say, after being in the field for over 35 years that I've seen enough to give me some hints as to how the businesses are really run.
and yes, I believe ALL comms and computer companies 'that matters' are fully infiltrated by spooks (on all sides, no less) and that when you look around at a company all-hands, you'll never know who's really working for you and who's a paid spy for some other org.
sleep well, kiddies.
"It is now safe to switch off your computer."
(Score: 2) by bitstream on Friday April 08 2016, @08:58PM
Exactly that, it's really hard to know what's really is safe anymore. At least for people that know how modern hardware and software is designed. And then every company with a lot of business or headquarters in USA can get those grey letters from the men with suits.
(Score: 0) by Anonymous Coward on Friday April 08 2016, @10:17PM
Whether you are talking about physical safety or electronic, "safe" is not a binary metric.
It will always be a trade off between cost to secure and to crack. Ultimately if your safety depends on being able to withstand attacks by an adversary with millions of dollars at their disposal, then it isn't a question of if, but of when your safety will be breached.
(Score: 3, Funny) by zeigerpuppy on Saturday April 09 2016, @12:58AM
Exactly, which was the whole point of the exercise anyway.
Apple exec says to FBI, "dude, your making us look bad, people know we rolled over on PRISM, they know we scoop up all their data and keep it loosely encrypted on iCloud, they know they're been pawned"; FBI guy, "yeah, I see your problem, if everyone know that your encryption is a farce, they won't trust Apple and then they may even use proper point-to-point", apple dude "exactly man, and that fucks us both, we don't get that juicy data to sell and analyze and you don't get it either."
FBI guy, " hey I know! Let's sue you and that way you can say its secure and fight the good fight an we can both keep the fantasy alive that you give a shit about your customers' privacy!" apple dude "yeah man, that's cool, pass the reefer an let's spool up the lawyers..."
(Score: 0) by Anonymous Coward on Friday April 08 2016, @07:59PM
N. S. A.
(Score: 2) by bitstream on Friday April 08 2016, @08:55PM
Actually I would argue against that because they would likely not spill their most important methods to objectives that are deemed less important. Just have a look at how decisions were made at Bletchley Park.
(Score: 0) by Anonymous Coward on Saturday April 09 2016, @12:06AM
Why not apple?
Soon after FBI announced that they nolonger needed Apple's help the iPhones started bricking themselves due to an update.
Does no one else think the timing of the "botched" update interesting?
Wouldn't it be just the thing to do if Apple and the FBI wanted to leave Apple's reputation untarnished while they cooperated?
The whole event seems to be spun up like pro-Apple propaganda: Trust us, we don't want to unlock your phones for the Feds. Oh noes! They got in even without our help! Better buy a newer iPhone! New ones are secure, and the FBI can't get into them, we swear!
(Score: 2) by CHK6 on Friday April 08 2016, @10:02PM
Right...
Seems legit, let's take them at their word.
(Score: 2) by c0lo on Friday April 08 2016, @10:53PM
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by cykros on Saturday April 09 2016, @07:05AM
Best not to conflate "having a fingerprint sensor" with "being configured so as to be unlocked with a fingerprint". While the summary and article sure come off sounding like the fingerprint is the part the FBI can't get past, it doesn't actually SAY that at all, probably because fingerprints are LESS secure than a halfway passphrase (as I know the Nexus 6P phone is good about pointing out to the user, not sure about other devices).
(Score: 0) by Anonymous Coward on Monday April 11 2016, @12:03PM
Perhaps crapple greased his palm to get m0ar lamers buy newest version.