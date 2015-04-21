from the brute-force-can-be-an-option dept.
Here's how the FBI managed to get into the San Bernardino shooter's iPhone
The FBI partnered with an Australian security firm called Azimuth Security to gain access to an iPhone linked to the 2015 San Bernardino shooting, a new report from The Washington Post reveals. Before now, the methods the FBI used to get into the iPhone were kept secret. It was only clear that Apple wasn't involved, as the company had refused to build a backdoor into the phone, kicking off a legal battle that only ended after the FBI successfully hacked the phone.
[...] After the FBI announced that it had gained access to the phone, there were concerns that Apple's security could have been deeply compromised. But according to The Washington Post, the exploit was simple: Azimuth basically found a way to guess the passcode as many times as it wanted without erasing the phone, allowing the bureau to get into the phone in a matter of hours.
Azimuth Security was sold to U.S.-based defense contractor L3 Technologies Inc. in 2018 (now L3Harris Technologies).
Azimuth Security was mentioned in this 2017 SN article: Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware
Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
PC World reports:
The U.S. Federal Bureau of Investigation is concerned about moves by Apple and Google to include encryption on smartphones, the agency’s director said Thursday.
Quick law enforcement access to the contents of smartphones could save lives in some kidnapping and terrorism cases, FBI Director James Comey said in a briefing with some reporters. Comey said he’s concerned that smartphone companies are marketing “something expressly to allow people to place themselves beyond the law,” according to news reports.
An FBI spokesman confirmed the general direction of Comey’s remarks. The FBI has contacted Apple and Google about their encryption plans, Comey told a group of reporters who regularly cover his agency.
[Additional Coverage]:
http://www.theregister.co.uk/2014/09/25/fbi_boss_slams_google_apple_for_encryption_that_puts_users_above_law/
http://www.huffingtonpost.com/2014/09/25/james-comey-apple-encryption_n_5882874.html
The New York Times published an interesting story about the fears of the current FBI director:
The director of the F.B.I., James B. Comey, said Thursday that federal laws should be changed to require telecommunications companies to give law enforcement agencies access to the encrypted communications of individuals suspected of crimes.
... Mr. Comey warned that crimes could go unsolved if law enforcement officers cannot gain access to information that technology companies like Apple and Google are protecting using increasingly sophisticated encryption technology.
“Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem,” he said.
Mr. Comey said that he was hoping to spur Congress to update the 20-year-old Communications Assistance for Law Enforcement Act, which does not require companies to give law enforcement direct access to individuals’ communications.
The F.B.I. has long had concerns about devices “going dark” — when technology becomes so sophisticated that the authorities cannot gain access to them. But now, Mr. Comey is warning that the new encryption technology has evolved to the point that it could adversely affect crime solving.
The kicker is this line:
“Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority."
Of course, it should be no surprise to the FBI why so many people are going "dark" and using things like Tails. For decades, the government has proven time and again that it can't be trusted to act lawfully and constitutionally. The FBI is responsible for more than its share of that. So naturally those who can are going to take steps to protect their privacy and Apple and Google, among others, are simply responding to that demand.
That's what Congressman Darrell Issa tweeted as it became clear that Congress would have no part of the FBI's plan to require backdoors (or frontdoors) into encrypted phones.
The Register is reporting that the FBI's request had publicly failed after senators said the proposal would be rejected. Congresswoman Zoe Lofgren said:
"I think the public would not support it, certainly industry would not support it, civil liberties groups would not support it."
"I think [Comey is] a sincere guy, but there's just no way this is going to happen."
The bipartisan opposition signaled the end of the line (at least until after the next election) of any chance for the FBI's proposal according to an article in The Hill.
Earlier this year, in another bipartisan move, Lofgren, and Rep. Thomas Massie introduced a measure to the defense spending bill banning the National Security Agency from using “backdoor” searches to spy on Americans through a legal provision targeting foreigners. That measure overwhelmingly passed the House 293-123.
The suits working for the federal three-letter agencies are at it again according to this article published in Ars, citing a pay-walled Wall Street Journal article.
The No. 2 official at the Justice Department recently warned top Apple executives that stronger encryption protections added to iPhones would lead to a horrific tragedy, such as a child dying, because police couldn't access a suspect's device, The Wall Street Journal reported Wednesday.
The beefed up protections, Apple recently disclosed, mean that even when company officials are served with a court order, they will be unable to retrieve potentially crucial evidence such as photos, messages, or contacts stored on iPhones and iPads. Instead, the data can be accessed only by people who know the passcode that serves as the encryption key.
Justice Department officials wasted no time objecting to the changes and used the scenario of a child being kidnapped and murdered to drive home their claim that Apple was "marketing to criminals." According to the WSJ, Justice Department officials including Deputy Attorney General James Cole met with Apple General Counsel Bruce Sewell and two other company employees on October 1.
The article goes on to quote the WSJ article's description of that meeting:
Mr. Cole offered the Apple team a gruesome prediction: At some future date, a child will die, and police will say they would have been able to rescue the child, or capture the killer, if only they could have looked inside a certain phone. His statements reflected concern within the FBI that a careful criminal can shield much activity from police surveillance by minimizing use of cellphone towers and not backing up data.
The Apple representatives viewed Mr. Cole’s suggestion as inflammatory and inaccurate. Police have other ways to get information, they said, including call logs and location information from cellphone carriers. In addition, many users store copies of a phone’s data elsewhere.
How long will these "Think of the children!" arguments actually be made before the government realizes this situation came about because it cannot be trusted?
El Reg has published an article Feds dig up law from 1789 to demand Apple, Google decrypt smartphones, slabs:
The FBI has made it no secret that it hates Apple and Google's efforts to encrypt files in your smartphones and tablets. Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act — which was enacted in 1789 as part of the Judiciary Act — to force companies to decrypt information on gadgets.
The Act, which was signed into law by none other than George Washington and later revised in the 20th century, gives the courts the right to...
issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
That's a pretty broad remit, but the Feds think it's just the thing to force Apple and others to break down privacy protections.
Perhaps someone forgot to tell the Feds that the latest encryption used in these slabs doesn't let Apple or Google decrypt them. But the article does point out:
The court filing [by the government to seek a court order against Apple] states investigators were unwilling to try and open the iPhone for fear of damaging a crucial piece of evidence. They asked the courts to force Apple to give them a hand in safely extracting data from the passcode-protected phone.
Ars Technica has coverage as well: Feds want Apple’s help to defeat encrypted phones, new legal case shows.
The Intercept reports on an email obtained by The Washington Post: Top [Intelligence] Lawyer Says Terror Attack Would Help Push for Anti-Encryption Legislation:
The intelligence community's top lawyer, Robert S. Litt, told colleagues in an August email obtained by the Washington Post that Congressional support for anti-encryption legislation "could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement." So he advised "keeping our options open for such a situation."
[...] A senior official granted anonymity by the Post acknowledged that the law enforcement argument is "just not carrying the day." He told the Post reporters: "People are still not persuaded this is a problem. People think we have not made the case. We do not have the perfect example where you have the dead child or a terrorist act to point to, and that's what people seem to claim you have to have."
On Tuesday, Amy Hess, a top FBI official, told reporters that the bureau has "done a really bad job collecting empirical data" on the encryption problem. FBI Director James Comey has attempted to provide examples of how law enforcement is "going dark," but none have checked out. Only Manhattan District Attorney Cyrus Vance has been able to provide an example of encrypted technology maybe blocking one possible lead in a murder investigation.
Litt was commenting on a draft options paper from the National Security Council that includes three proposals for the Obama Administration: oppose compulsory backdoor legislation and come out in favor of encryption, defer any decisions until after an open consultation, or do nothing. No option calling for backdoors was included.
In other news, the EFF has issued its first certificate as part of the Let's Encrypt initiative. Microsoft researchers have published a paper and code (MIT license) for FourQ, a new and faster elliptic curve cryptography implementation. Cryptome's John Young has announced that some of his public PGP keys have been compromised.
Judge Orders Apple to Unlock iPhone Belonging to San Bernardino Shooter
Apple has been ordered to assist in the unlocking of an iPhone belonging to one of the San Bernardino shooters. This may require updating the firmware to bypass restrictions on PIN unlock attempts:
Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino must supply software that prevents the phone from automatically annihilating its user data when too many password attempts have been made.
The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers on December 2. The couple died in a gun battle with police soon after. Cops have been unable to access Syed's iPhone 5C because they do not know the correct PIN, and will now gain the assistance of Apple, as ordered by Judge Pym [PDF] on Tuesday.
iOS 8 and above encrypts data on devices, requiring a four to six-digit PIN to unlock. After the first few wrong guesses, iOS waits a few minutes between accepting further PIN entry attempts, escalating to an hour's delay after the ninth failed login.
[...] Judge Pym wants Apple to come up with some magic software – perhaps a signed firmware update or something else loaded during boot-up – that will allow the FBI to safely brute-force the PIN entry without the device self-destructing. This code must only work on Farook's phone, identified by its serial numbers, and no other handset. The code must only be run on government or Apple property, and must not slow down the brute-forcing process.
Apple has five days to appeal or demonstrate that it cannot comply with the order. It is crucial to note that the central district court of California has not instructed Apple to crack its encryption – instead it wants Apple to provide a tool to effectively bypass the unlocking mechanism. "It's technically possible for Apple to hack a device's PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.
Previously on SoylentNews: Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone
Former NSA Director Claims Many Top Gov't Officials Side With Apple
Choice quotes from an interview with Gen. Michael Hayden (archive.is) on Wednesday:
"The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?" he told the Wall Street Journal editor John Bussey. "You've got [FBI director] Jim Comey on one side saying, I am really going to suffer if I can't read Tony Soprano's email. Or, if I've got to ask Tony for the PIN number before I get to read Tony's emails. Jim Comey makes that complaint, and I get it. That is right. There is an unarguable downside to unbreakable encryption."
"I think Jim Comey is wrong...Jim's logic is based on the belief that he remains the main body. That you should accommodate your movements to him, which is the main body. And I'm telling you, with regard to the cyber domain, he's not. You are."
And by the way? If I were in Jim Comey's job, I'd have Jim Comey's point of view. I understand. But I've never been in Jim Comey's job...my view on encryption is the same as [former Secretary of Homeland Security] Mike Chertoff's, it's the same as [former Deputy Secretary of Defense] Bill Lynn's, and it's the same as [former NSA director] Mike McConnell, who is one of my predecessors."
It's interesting for this opinion to be coming from this source.
[Continues.]
The Washington Times reports that Carole Adams, the mother of Robert Adams — a 40-year-old environmental health specialist who was shot dead in the San Bernardino, Calif., massacre by Syed Rizwan Farook and his wife in December, is siding with Apple in its battle to protect consumer's privacy rights. Adams says she stands by Apple's decision to fight a federal court order to create software that would allow federal authorities to access the shooter's password-blocked iPhone. Adams says she understands the FBI's need to search Farook's phone, but it has to be done without putting others at risk.
"This is what separates us from communism, isn't it? The fact we have the right to privacy," says Adams. "I think Apple is definitely within their rights to protect the privacy of all Americans. This is what makes America great to begin with, that we abide by a Constitution that gives us the right of privacy, the right to bear arms, and the right to vote."
John McAfee offers to unlock killer's iPhone
McAfee says that he and his team can break into the phone within three weeks. McAfee states his motive for the offer is because "he didn't want Apple to be forced to implement a 'back door'".
Bill Gates Takes Middle Road in FBI iPhone Unlock Dispute
Bill Gates has apparently sided with the FBI in the dispute over the unlocking of a "specific" iPhone, breaking with other technology industry leaders:
Apple should comply with the FBI's request to unlock an iPhone as part of a terrorism case, Microsoft founder Bill Gates says, staking out a position that's markedly different from many of his peers in the tech industry, including Facebook founder Mark Zuckerberg. The two titans aired their views on what's become a public debate over whether Apple should be compelled to unlock an iPhone used by San Bernardino shooter Syed Rizwan Farook. "This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case," Gates told the Financial Times.
However, in a follow-up interview with Bloomberg, Gates said he was disappointed by reports (such as my original submission #2 below) that he had sided with the FBI in its legal dispute with Apple:
In an interview with Bloomberg, Bill Gates says he was "disappointed" by reports that he supported the FBI in its legal battle with Apple, saying "that doesn't state my view on this." Still, Gates took a more moderate stance than some of his counterparts in the tech industry, not fully backing either the FBI or Apple but calling for a broader "discussion" on the issues. "I do believe that with the right safeguards, there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable." But he called for "striking [a] balance" between safeguards against government power and security.
[Continues.]
NPR's Mary Louise Kelly recently interviewed CIA Director John Brennan. Here are some highlights:
On the FBI/Apple dispute over the San Bernardino iPhone:
BRENNAN: What would people say if a bank had a safe-deposit box, or a storage company had a storage bin, that individuals could use and access and store things, but the government was not going to be able to have any access to those environments? And so criminals, terrorists, whatever, could use it. So what is it about electronic communications that makes it unique in terms of it not being allowed to be accessed by the government when, again, the law, the courts, say that the government should have access to it? So these are things that need to be worked through.
[...] On whether the CIA is arming and training opposition forces in Syria:
BRENNAN: I'm not going to talk about anything that the CIA might be doing in that area. But the U.S. government has made it very clear that it supports the opposition, moderate opposition inside of Syria. ... There are a lot of various means of providing support to the opposition. And given that the opposition is a patchwork of moderates, as well as extremists, as well as terrorists, there is a need to make sure that any type of support that comes from the outside, whether it be from the United States or other countries, is going to support those moderate elements within the opposition, and not the extremists and terrorists.
On Russian President Vladimir Putin's ambitions:
BRENNAN: I think he has found that he's in a bit of a quandary now inside of Ukraine, in terms of realizing his objectives. Now in Syria, he's had a relationship with the — Russia has had a relationship with the government in Damascus for the past 50 years, has invested a lot of money, and a lot of military support. ... Mr. Putin is very assertive, very aggressive. He pursues Moscow's agenda in a variety of means. He does it with his intelligence and security services when he wants to hide his hands, but also, he's doing it rather overtly right now, obviously, with the introduction of thousands of Russian military personnel and sophisticated weaponry inside of Syria.
Related:
C.I.A. Admits Penetrating Senate Intelligence Computers
CIA Chief: Terrorists Harder to Find, Because of Leaks, Reforms
Two Alleged Teen Hackers Cuffed: CIA Director Brennan Email Hacker, and French XMPP Server Operator
Apple Asks Court to Vacate Order to Unlock iPhone
The New York Times is reporting that:
Apple on Thursday filed its formal opposition to the federal court order requiring it to help law enforcement officials break into an iPhone, setting the stage for more legal wrangling in a case that has pitted the world's most valuable company against the United States government.
No surprise there. But what's interesting about its filing is the reasoning used:
Apple added that the order had broad implications that would "inflict significant harm — to civil liberties, society and national security — and would preempt decisions that should be left to the will of the people through laws passed by Congress and signed by the president." The company said the court order not only was at odds with existing law, but also violated the company's First and Fifth Amendment rights. [emphasis added]
National security? I wonder what their argument is...
Here is Apple's Motion to Vacate (pdf) (alt source (pdf)).
[Continues.]
Apple has achieved a legal victory in a Brooklyn case that attempted to use the All Writs Act, similar to the case of a San Bernardino shooter's locked iPhone:
A magistrate judge in the U.S. District Court in New York has handed Apple a legal victory in a Brooklyn drug case where federal investigators asked for help getting into a locked iPhone.
Though the ruling isn't precedent-setting or binding on other courts, it hits on a similar overarching theme of government access to encrypted data, as The Washington Post reports:
"The two cases involve different versions of iPhone's operating system and vastly different requests for technical help, but they both turn on whether a law from 1789 known as the All Writs Act can be applied to cases in which the government cannot get at encrypted data stored on suspects' devices."
NPR's Joel Rose previously outlined the premise of this Brooklyn case, which predated the legal clash over an iPhone used by one of the San Bernardino shooters:
"Jun Feng pleaded guilty to selling methamphetamine last year. As part of its investigation, the government obtained a search warrant for Feng's iPhone. But the phone was locked by a passcode, so prosecutors asked a judge for an order compelling Apple to bypass it."
That order was based on the same law as the San Bernardino court order compelling Apple's help in unlocking the iPhone used by Syed Rizwan Farook before the Dec. 2 attack, in which he and his wife killed 14 people.
The Justice Department will appeal the case. FBI Director James Comey and Apple General Counsel Bruce Sewell will appear at a House Judiciary Committee hearing on Tuesday to testify on encryption.
Apple's general counsel Bruce Sewell and FBI Director James Comey appeared before the U.S. House of Representatives Judiciary Committee on Tuesday to explain their positions on a court order that would force Apple to unlock the iPhone belonging to one of the San Bernardino shooters. Comey sang a different tune before Congress:
Federal Bureau of Investigation Director James Comey told a congressional panel on Tuesday that a court order forcing Apple Inc to give the FBI data from an iPhone belonging to one of the San Bernardino shooters would be "potentially precedential" in other cases where the agency might request similar cooperation from technology companies. The remarks are a slight change to Comey's statement last week that forcing Apple to unlock the phone was "unlikely to be a trailblazer" for setting a precedent for other cases. [...] Comey acknowledged on Tuesday that the FBI would seek to use the same statute it is trying to apply in the San Bernardino case to compel Apple to unlock other phones, "if (the statute) is available to us."
Members of the U.S. House of Representatives Judiciary Committee seized on Comey's statement that the case could set a legal precedent allowing the agency access to any encrypted device. "Given... that Congress has explicitly denied you that authority so far, can you appreciate our frustration that this case appears to be little more than an end run around this committee?" asked the committee's ranking minority member, Michigan Representative John Conyers. Comey responded that the FBI was not asking to expand the government's surveillance authority, but rather to maintain its ability to obtain electronic information under legal authorities that Congress has already provided.
Sewell argued that unlocking the iPhone would weaken the security of all of them, and that the issue should be settled by Congress:
"We can all agree this is not about access to just one iPhone," Sewell, Apple's general counsel, said in his prepared opening remarks. "The FBI is asking Apple to weaken the security of our products." Sewell also argued that the debate should be had by Congress and elected leaders, rather than a warrant requested under the All Writs Act, a 1789 law that is central to the cases in California and New York.
Sewell also said that Apple is capable of creating new software that removes some security functionality, that being forced to write code is a First Amendment issue, and that Apple hasn't gotten similar demands from China or any other country, but expects to if Apple is forced to comply with the court order.
Previously: New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
Cyrus Farivar reports at ArsTechnica that Congressman David Jolly has introduced the "No Taxpayer Support for Apple Act," a bill that would forbid federal agencies from purchasing Apple products until the company cooperates with the federal court order to assist the unlocking of a seized iPhone 5C associated with the San Bernardino terrorist attack. "Taxpayers should not be subsidizing a company that refuses to cooperate in a terror investigation that left 14 Americans dead on American soil," said Jolly, who announced in 2015 that he's running for Senate, joining the crowded GOP primary field to replace Sen. Marco Rubio. "Following the horrific events of September 11, 2001, every citizen and every company was willing to do whatever it took to side with law enforcement and defeat terror. It's time Apple shows that same conviction to further protect our nation today." Jolly's bill echoes a call from Donald Trump last month to boycott Apple until it agrees to assist the FBI. Not to fear. GovTrack gives Jolly's bill a 1 percent chance of passage.
Russia Today reports
The US public doesn't need a Digital Security Commission; they need the FBI to stop deceiving everyone and tell the truth that it wants to spy on Americans, John McAfee, developer of the first commercial anti-virus program told RT's Ed Schultz.
[...] "The FBI wants Apple to change their software so that it removes the check for security, so that we don't check for security anymore. Once it has that software, they can use that software on any phone. But they say they only need it for one phone."
[...] "You need a hardware engineer and a [software] engineer. The hardware engineer takes the phone apart and copies the instruction set, which are the iOS and applications, and your memory. And then you run a program called a disassembler, which takes all the ones and zeros and gives you readable instructions. Then the coder sits down and he reads through. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your pad. It'll take half an hour. When you see that, then he reads the instructions for where in memory this secret code is stored. It is that trivial--a half an hour.
...The FBI knows this, Apple knows this."
[...] "In either case, if they (the FBI) don't know, that is tragic; if they do know it, then they are deceiving the American public and Apple and everyone else by asking for a universal key."
Video
Do you see any flaws in McAffee's explanation?
Previous: Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones
Seems Like Everyone has an Opinion About Apple vs. the FBI
Update: TPP-Exposing Journalist Ed Schultz Lands on His Feet at RT
John McAfee Announces He Will Run For President of the United States
The FBI has moved to vacate a Tuesday hearing while it explores an option that may allow it to access the contents of a San Bernardino shooter's iPhone without cooperation from Apple. The FBI wants time to test the method so that it can be sure that it is viable and won't destroy the data:
The FBI says it may have found a way to crack into the San Bernardino terrorist's iPhone without Apple's help. While it explores this option, the government has filed a motion to vacate a hearing set for Tuesday that would be the next step toward settling the battle between Apple and the FBI. The FBI says that on Sunday, an "outside party" demonstrated to the FBI a "possible method for unlocking" Syed Rizwan Farook's iPhone.
Who is the "outside party"? Is there any such agency that could help?
At Apple's latest launch event, CEO Time Cook reiterated his commitment to privacy and security:
Like the iPhone 5C, the new iPhone SE includes Apple's encryption technology, which jumbles up information stored in the phone so that it can only be viewed with a passcode. The phone's powered by Apple's iOS 9 software, which includes a feature that automatically wipes out data stored on the phone if someone incorrectly enters the wrong passcode 10 times.
This software, which Apple said is running on more than 80 percent of all the active iPhones and iPads in the world, is at the heart of Cook's battle with the government. And since this new phone uses some of Apple's latest and most powerful processors, customers will be able to upgrade and run new versions of iOS for the next several years. That means any new security precautions Apple puts in place can be added to this model.
"Many, many customers have asked for this, and I think they're going to love it," Cook, said during a media event announcing the device at Apple's Cupertino, California, headquarters. He kicked off the event to applause by saying Apple never planned to face off with the government over its security, but that it isn't going to back down. "This is an issue that impacts all of us, and we will not shrink from this responsibility."
The Justice Department is abandoning its bid to force Apple to help it unlock the iPhone used by one of the shooters in the San Bernardino terrorist attack because investigators have found a way in without the tech giant's assistance, prosecutors wrote in a court filing Monday.
In a three-sentence filing, prosecutors wrote that they had "now successfully accessed the data" stored on Syed Rizwan Farook's iPhone and that they consequently no longer needed Apple's court-ordered help getting in. The stunning move averts a courtroom showdown pitting Apple against the government — and privacy interests against security concerns — that many in the tech community had warned might set dangerous precedents.
[Read the government's court filing]
It is unclear how, precisely, investigators got into the phone, or what FBI agents learned about the plot from the materials they were able to review. On the eve of a hearing in the case last week, the FBI had signaled that it may have found a way into Farook's device, writing in a court filing that "an outside party demonstrated to the FBI a possible method." But government officials said they wanted to test that method further before employing it in Farook's case, and they did not offer details about who proposed it or how it would work.
The Justice Department declined to comment on Monday. Apple said it was still formulating a response to the news and had no immediate comment.
Also covered at:
TechCrunch,
The Sydney Morning Herald ,
CNET,
BBC,
El Reg , and many others.
[Continues...]
The Guardian is reporting that the hack on the San Bernardino shooter's iPhone 5C will not work on newer iPhones.
The FBI director confirmed that the hack works on the iPhone 5C and older Apple smartphones, but not newer models with a fingerprint sensor. This is probably because older phones lack the so-called secure enclave, which protects passcodes, security keys and handles the security of the phone's encryption system.
Comey confirmed that the FBI bought a tool from a third party, negating the need to continue its legal action against Apple. But the FBI has yet to disclose publicly how the hack that unlocked the iPhone 5C works, despite informing senators about it.
Comey said: "We're having discussions within government about it ... if we tell Apple they're going to fix it and we're back to where we started."
The FBI director ended by reassuring everyone...
Comey wouldn't comment on who the company or persons the hack was purchased from. He would only say that "their motivations align with ours" and that the FBI and the hack provider were "very good at keeping secrets".
The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):
The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.
The Guardian is reporting that...
On Wednesday, the FBI confirmed it wouldn't tell Apple about the security flaw it exploited to break inside the iPhone 5C of San Bernardino gunman Syed Farook in part, because the bureau says it didn't buy the rights to the technical details of the hacking tool.
"Currently we do not have enough technical information about any vulnerability that would permit any meaningful review," said Amy Hess, the FBI's executive assistant director for science and technology.
$1.3m and no source code?
Security researcher Sergei Skorobogatov has bypassed the iPhone 5c's firmware using NAND mirroring. The achievement comes too late for the FBI to save some money:
The FBI told Congress it couldn't hack the San Bernardino shooter's phone without Apple's aid, but a researcher has proved that claim was inaccurate. "The process does not require any expensive and sophisticated equipment," wrote University of Cambridge researcher Sergei Skorobogatov. "All needed parts are low cost and were obtained from local electronics distributors."
Security firm Trail of Bits argued earlier this year that it would be possible to replace the iPhone firmware with a chip that doesn't block multiple password attempts. You could then try every single one until you're in, a process that would take less than a day with a four-digit code, and a few weeks with a six-digit one.
[...] "Despite government comments about feasibility of the NAND mirroring for iPhone 5c it was now proved to be fully working," the paper says. That again lends credence to FBI critics who said that the FBI was only pushing for Apple's assistance to create a precedent in court. A magistrate judge ruled against Apple, so law enforcement could use that decision to make other companies cooperate in encryption cases.
Update: The Associated Press, Vice Media and Gannett, the parent company of USA Today, have sued the FBI for information about how the agency accessed the locked iPhone 5c.
Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":
Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.
The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.
California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.
Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring
The security coprocessor was introduced alongside the iPhone 5s and Touch ID. It performs secure services for the rest of the SOC and prevents the main processor from getting direct access to sensitive data. It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications.
The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption
Today, xerub announced the decryption key 'is fully grown'. You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process.
Decryption of the SEP Firmware will make it easier for hackers and security researchers to comb through the SEP for vulnerabilities.
Source: iClarified
Also at ThreatPost which notes that this does not mean it is open season on SEP:
Yesterday’s news set off another flurry of angst as to the ongoing security of iOS and what would happen now that the firmware had been unlocked.
“I wouldn’t say there is any immediate threat to users at this point,” Azimuth Security’s Mandt said. “Although the key disclosure allows anyone to analyze the software that is running on the SEP processor, it still requires an attacker to find and exploit a vulnerability in order to compromise SEP.”
The FBI will not have to disclose the name of the vendor that it paid to hack into an iPhone used by one of the San Bernardino terrorists:
A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone SE of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.
The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone's security system. Three news organizations — the Associated Press, Vice News, and USA Today — filed a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.
Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Related: FBI Resists Revealing its Tor User Identification Methods in Court
At a press conference, an FBI spokesman blamed industry standard encryption for preventing the agency from accessing the recent Texas mass shooter's locked iPhone. Reuters later reported that the FBI did not try to contact Apple during a 48-hour window in which the shooter's fingerprint may have been able to unlock the phone. Apple said in a statement that after seeing the press conference, the company contacted the FBI itself to offer assistance. Finally, the Washington Post reports (archive) that an FBI official acknowledged Apple's offer but said it did not need the company's assistance:
After the FBI said it was dealing with a phone it couldn't open, Apple reached out to the bureau to learn whether the phone was an iPhone and whether the FBI was seeking assistance. An FBI official responded late Tuesday, saying that it was an iPhone but that the agency was not asking anything of the company at this point. That's because experts at the FBI's lab in Quantico, Va., are trying to determine if there are other methods, such as cloud storage or a linked laptop, that would provide access to the phone's data, these people said. They said that process could take weeks.
If the FBI and Apple had talked to each other in the first two days after the attack, it's possible the device might already be open. That time frame may have been critical because Apple's iPhone "Touch ID" — which uses a fingerprint to unlock the device — stops working after 48 hours. It wasn't immediately clear whether the gunman had activated Touch ID on his phone, but more than 80 percent of iPhone owners do use that feature. If the bureau had consulted the company, Apple engineers would likely have told the bureau to take steps such as putting the dead gunman's finger to the phone to see if doing so would unlock it. It was unclear whether the FBI tried to use the dead man's finger to open the device in the first two days.
In a statement, Apple said: "Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us."
Also at Engadget.
Related: Apple Lawyer and FBI Director Appear Before Congress
Apple Engineers Discussing Civil Disobedience If Ordered to Unlock IPhone
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Submitted via IRC for SoyCow1984
"We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he [Rod Rosenstein] told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption."
[...] In the interview, Rosenstein also said he "favors strong encryption."
"I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption."
[...] He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable."
[...] Rosenstein closed his interview by noting that he understands re-engineering encryption to accommodate government may make it weaker.
"And I think that's a legitimate issue that we can debate—how much risk are we willing to take in return for the reward?" he said.
Source: https://arstechnica.com/tech-policy/2017/11/doj-strong-encryption-that-we-dont-have-access-to-is-unreasonable/
The Texas Rangers have served Apple a warrant for iPhone and iCloud data connected to the recent mass shooter Devin Patrick Kelley. However, it is unknown whether Kelley actually used iCloud to store data, and unlikely that Apple will be able or willing to help unlock the iPhone:
Texas Rangers investigating the mass shooting in Sutherland Springs have served a search warrant on Silicon Valley giant Apple Inc. and are seeking digital photos, messages, documents and other types of data that might have been stored by gunman Devin Patrick Kelley, who was found with an iPhone after he killed himself.
Court records obtained by the San Antonio Express-News show Texas Ranger Kevin Wright obtained search warrants on Nov. 9 for files stored on Kelley's iPhone, a second mobile phone found near his body and for files stored in Kelley's iCloud account — Apple's digital archive that can sync iPhone files.
The iCloud feature is an optional service. Obtaining such records, if they exist, directly from Apple could aid authorities investigating the worst mass shooting in modern Texas history. Apple's policy regarding iCloud content states that material may be provided to law enforcement agencies if they obtain search warrants.
In addition, the FBI may have already screwed it up.
Also at Engadget, BGR, and Fast Company.
The Washington Post has a story which says:
FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a "major public safety issue."
Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge.
"Being unable to access nearly 7,800 devices in a single year is a major public safety issue," he said, taking up a theme that was a signature issue of his predecessor, James B. Comey.
Wray was then quoted as saying:
"We're not interested in the millions of devices of everyday citizens," he said in New York at Fordham University's International Conference on Cyber Security. "We're interested in those devices that have been used to plan or execute terrorist or criminal activities."
He then went on to promote the long-disparaged idea of key escrow:
As an example of a possible compromise, Wray cited a case from New York several years ago. Four major banks, he said, were using a chat messaging platform called Symphony, which was marketed as offering "guaranteed data deletion." State financial regulators became concerned that the chat platform would hamper investigations of Wall Street.
"In response," Wray said, "the four banks reached an agreement with the regulators to ensure responsible use" of Symphony. They agreed to keep a copy of their communications sent through the app for seven years and to store duplicate copies of their encryption keys with independent custodians not controlled by the banks, he said.
To me this is more of the utter nonsense the government has spouted. When will they understand that key escrow only works when one trusts the government and the keeper of the keys?
Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors
The [San Bernardino] attack stoked fears of Islamic extremism within the United States but the shooting has become renowned for a different reason: a showdown between the FBI and Apple over access to Farook's mobile phone. Now a new report [PDF] by the US Department of Justice's internal inspector general, published Tuesday, has blown open the case and indicates the FBI might have been trying to play Apple for a patsy.
The report title is remarkable in itself: "A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation." Which could perhaps be more accurately titled: "Did the FBI lie about not being able to break into a terrorist's phone in an effort to win a legal precedent granting it access to everyone else's digital devices?" And the answer is, remarkably, yes and no.
[...] In the end, the issue was resolved the day before a crunch court hearing when the FBI said it had found a third-party solution to cracking the phone and no longer needed to force Apple to break its own encryption. The timing of that last-minute back down raised suspicions that the FBI had engineered the showdown to create a legal precedent that would force US companies to give it backdoor access to everyone's digital devices now and in the future.
[...] [The] report does flag some very disturbing conversations and inconsistencies that appear to point quite clearly to the fact that the FBI made the most out of the situation and may have done its best not to find out if some parts of the FBI were able to crack the phone in order to pursue its legal case.
Also at Ars Technica
Former FBI General Counsel Jim Baker, who was known for prosecuting the legal case against Apple to get them to unlock the San Bernardino shooter's iPhone, has published an extraordinary essay on Lawfare where he surprisingly argues rather for strong encryption without government back doors.
From Schneier on Security:
In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities -- including law enforcement -- to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China. This is true even though encryption will impose costs on society, especially victims of other types of crime.
[...] I am unaware of a technical solution that will effectively and simultaneously reconcile all of the societal interests at stake in the encryption debate, such as public safety, cybersecurity and privacy as well as simultaneously fostering innovation and the economic competitiveness of American companies in a global marketplace.
[...] All public safety officials should think of protecting the cybersecurity of the United States as an essential part of their core mission to protect the American people and uphold the Constitution. And they should be doing so even if there will be real and painful costs associated with such a cybersecurity-forward orientation. The stakes are too high and our current cybersecurity situation too grave to adopt a different approach.
Baker joins the growing list of former US law enforcement and national security senior officials who have come out in favor of strong encryption over backdoors, such as former NSA directors Gen. Michael Hayden and V. Adm. Mike McConnell, former DHS secretary Michael Chertoff, Counter-Terrorism adviser Richard Clarke, former Secretary of Defense Ash Carter, and former deputy Secretary of Defense William Lynn.
Apple Denies FBI Request to Unlock Shooter's iPhone:
Apple once again is drawing the line at breaking into a password-protected iPhone for a criminal investigation, refusing a request by the Federal Bureau of Investigation (FBI) to help unlock the iPhones of a shooter responsible for an attack in Florida.
The company late Monday said it won't help the FBI crack two iPhones belonging to Mohammed Saeed Alshamrani, a Saudi-born Air Force cadet and suspect in a shooting that killed three people in December at the Naval Air Station in Pensacola, Fla.
The decision is reminiscent of a scenario that happened during the investigation of a 2015 California shooting, and could pit federal law enforcement against Apple in court once again to argue over data privacy in the case of criminal investigations.
While Apple said it's helping in the FBI's investigation of the Pensacola shooting—refuting criticism to the contrary—the company said it won't help the FBI unlock two phones the agency said belonged to Alshamrani.
"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement emailed to Threatpost. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."
[...] The FBI sent a letter to Apple's general counsel last week asking the company to help the agency crack the iPhones, as their attempts until that point to guess the "relevant passcodes" had been unsuccessful, according to the letter, which was obtained by NBC News.
The FBI Successfully Broke into a Gunman's iPhone, but Still Angry at Apple:
After months of trying, the FBI successfully broke into iPhones belonging to the gunman responsible for a deadly shooting at Pensacola Naval Air Station in December 2019, and it now claims he had associations with terrorist organization al-Qaeda. Investigators managed to do so without Apple's help, but Attorney General William Barr and FBI director Christopher Wray both voiced strong frustration with the iPhone maker at a press conference on Monday morning.
Both officials say that encryption on the gunman's devices severely hampered the investigation. "Thanks to the great work of the FBI — and no thanks to Apple — we were able to unlock Alshamrani's phones," said Barr, who lamented the months and "large sums of tax-payer dollars" it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th.
Apple has said it provided investigators with iCloud data it had available for Alshamrani's account and other technical assistance, though it wasn't enough to bypass the encryption of Alshamrani's iPhones. So authorities spent many weeks trying to break in on their own.
