SoylentNews is people
SoylentNews
Apple has requested a court in New York to rule finally whether it can be compelled to assist investigators to break the passcode of an iPhone 5s belonging to a defendant in a criminal case.
The Department of Justice, citing a statute called the All Writs Act, tried to get help from Apple to bypass the security of the phone in government possession.
Apple's lawyer said in a letter to U.S. Magistrate Judge James Orenstein of the U.S. District Court for the Eastern District of New York that the company would like an order as it has received additional requests similar to the one underlying the case before the court.
The company "has also been advised that the government intends to continue to invoke the All Writs Act in this and other districts in an attempt to require Apple to assist in bypassing the security of other Apple devices in the government's possession," wrote Apple's counsel Marc J. Zwillinger in a letter Friday.
[...]
Apple now also argues that the matter is not moot because "it is capable of repetition, yet evading review." The question of whether a third party like Apple can be compelled to assist law enforcement in its investigative efforts by bypassing the security mechanisms on its device has been fully briefed and argued, according to the letter. "The Court is thus already in a position to render a decision on that question," Apple said.
[Continues...]
[...]
Judge Orenstein had earlier expressed doubt whether the government could use the All Writs Act to force an electronics device provider to assist law enforcement in its investigations and had asked Apple for comments on whether executing the order would be unduly burdensome.
The All Writs Act gives federal courts the authority to issue orders that are "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." But as the Electronic Frontier Foundation pointed out, the Act is "not a backdoor to bypass other laws" and the Supreme Court has set out limits to the Act, including requiring that a court cannot use it to bypass other laws or the Constitution, or require third parties to assist in ways that would be "unreasonably burdensome."
Apple said it was possible to access certain types of unencrypted user data from the iPhone 5s phone running iOS 7, though it would not have been possible if it was a device running iOS 8 or higher.
[...]
The DOJ said that Apple had previously assisted investigators in federal criminal cases to extract data from password-locked iPhones under court orders. Apple said its previous acquiescence to judicial orders does not mean it consents to the process.
(Score: 3, Insightful) by isostatic on Tuesday February 16 2016, @07:39PM
Can a locksmith be compelled to pick a lock?
(Score: 2) by KilroySmith on Tuesday February 16 2016, @07:57PM
Can a locksmith who is paid for their time be compelled to pick a lock?
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @03:18AM
If the locksmith accepted payment in advance for picking a lock, then refused to pick it, then yes. That's not what's happening here.
The 13th Amendment has been copy-pasted elsewhere in this thread. It prohibits "involuntary servitude" except as a punishment. "Forced labor" has, I believe, an identical meaning. Can we agree that unpaid labor and forced labor are not always synonymous, and that someone might be unwilling to work even for what you or I might consider a handsome payment? You've heard the expression "you couldn't pay me enough to do that".
Last month, Apple Inc. reported $18.4 billion in net income.1 The government is offering it $1000 per hour to break into this phone.2 The company is not in the habit of breaking into its customers' phones. A likely result of complying would be bad publicity for the company, harming its sales substantially. The payment is a pittance in comparison to the potential losses. It's possible to break into a locked iPhone but it may be that the government's prosecutor doesn't want to talk to a forensics technician or just wants to make a splash with this legal tactic.
1. https://www.apple.com/pr/library/2016/01/26Apple-Reports-Record-First-Quarter-Results.html [apple.com]
2. c.f. https://www.youtube.com/watch?v=UBcPx8RvHR8 [youtube.com]
(Score: 1, Troll) by kurenai.tsubasa on Tuesday February 16 2016, @08:03PM
I'm pretty sure he can. On the other hand, he also has the tools to do so. Failing that, I'm sure the right kind of equipment (knowing next to nothing about metal cutting) would make short work of an Enforcer Lock [transportsecurity.com] assuming there still exist no known methods to pick one.
Frankly, this debacle with Apple is becoming tiresome. It's nothing but a dog and pony show. If the government is really saying they can't get an HDD image off an iPhone, which seems to be the implication with this “device” they have that tries 7 pins per hour, they completely fucking fail. As I've said before, once the HDD image has been dumped, all that's necessary is to throw it at a John the Ripper cluster equipped with the correct key derivation function to guess the password that has to be entered at least once after booting, which would “crack” the encryption a lot fucking faster, even though we're now talking about an alphanumeric password, than this limp-dick 7 pin/hr approach.
The bad joke is that the public buys this bullshit. One would almost conclude that this is all just a PR campaign by Apple. Buy our iThingies! They're INVINCIBLE!
(Score: 3, Insightful) by jmorris on Tuesday February 16 2016, @08:47PM
Please don't pontificate on things you obviously don't know jack about. K?
Modern phones encrypt the on flash image based on a key stored inside the SoC and randonly selected at each phone's birth. Imaging the device would therefore be entirely pointless. What would work is convincing Apple to target a mandatory over the air update to that one particular phone which would wipe the display lock code out. Assuming Apple still retains the capability of sending an over the air update marked such that it automatically downloads and installs vs asking the user for permission first.
Police started routinely grabbing phones at every opportunity and imaging them, so the device makers responded with full disk encryption and making sure they didn't retain, and in many cases even ensuring the user can't even get it from a running phone, the device key. It is a battery killer though so some people don't really like it and some devices can switch the feature off.
(Score: 2) by kurenai.tsubasa on Tuesday February 16 2016, @09:32PM
Oh screw off. The only thing I don't know about crypto is how to implement the algorithms if I had to do so from scratch and memory. There. Traded insults and finally got somebody to verify that this thing is using a hardware held (likely symmetric) key.
So right. Yes, in that case simply imaging the HDD wouldn't be good enough. However, that invalidates Apple's claim that it's impossible to retrieve the data. The OTA update approach you'd mentioned is the best idea. Create a base station with an OTA update that obviates both the password and pin checks or else just simply exposes the entire encrypted filesystem as a USB mass storage device or similar. Hell, an OTA update that simply turned the phone into a device that booted to a USB mass storage gadget exposing the filesystem would be enough. Create the image from here. *boom* Decrypted.
Big HOWEVER. What's stopping the government from sending a subpoena to get the correct things they would need to create such a base station? All the government is doing is going “Hurr durr decrypt it liek u did b4!” If Apple has no way of decryption, that would imply a key derivation function, thus implying my original solution of John the Ripper against the encrypted HDD image. If Apple has a way (because the damned OS needs to boot and update somehow, which implies access to the hidden key on the SoC and that somebody has the magic signing key required for an OTA update) but is holding out, throw the book at 'em I guess.
(Score: 2) by frojack on Wednesday February 17 2016, @01:07AM
a mandatory over the air update to that one particular phone which would wipe the display lock code out.
So that would leave the phone permanently encrypted, because that is its normal state.
It is a battery killer though so some people don't really like it
Its not a battery killer. You will never notice the difference.
Encrypted storage adds almost nothing to battery usage. (And this is also true of your laptop).
Some tasks are slower on some phones, (but not all) but it takes a benchmark to see it, and it doesn't affect over all battery usage.
No, you are mistaken. I've always had this sig.
(Score: 2) by hemocyanin on Wednesday February 17 2016, @06:29AM
I'm very interested in understanding this, but I don't understand why imaging would be pointless. Is there some double encryption going on -- once with the phone's key and once with the user's key? I could see how that would throw in a monkey wrench because you'd end up decrypting to encrypted content, which would look like failure even successful. But anyway -- honest question -- please explain more.
(Score: 3, Interesting) by jmorris on Wednesday February 17 2016, @08:35AM
Ok, lets break things down in detail. If there are detailed docs on the Apple SoC in the wild I don't have it but I do have docs on the Tegra line and the theory is going to be similar.
So inside the SoC we are interested in a few parts. The CPU itself of course but also the fact it has a small ROM, a small amount of SRAM and a hardware crypto engine inside along with some one time programmable 'fuses.' All this means is when power hits or a RESET occurs it begins entirely inside the one chip so no peeking at the external pins during the first critical steps.
Step one is examine one of the fuses for 'Production Mode' and if it isn't set skip all this and just get on with it, developer mode. We will assume this is set. So next we get the Secure Boot Key (per product key so all bootloaders for a product are keyed the same) and Device Key (randomly picked, typically by the bootloader, when the device is first booted up without a key set. i.e. at the factory.). These are loaded into the crypto engine and a one way gate set so they can't be read back out or overwritten until the RESET signal occurs, transferring control back into internal ram/rom. Another one way gate is flipped preventing anyone else from reading the fuses with the keys. Another set of fuses with a public key for RSA crypto is left visible. Public key so it doesn't matter.
Ok now we program the flash controller for the most pessimistic access timing and read a table from a known location. This gets decrypted (Tegra uses the SBK, Apple? Could be either, if they need this step at all) before use. This gets us the parameters to reprogram the flash for the chips we actually have for performance and more important to get the external SDRAM chips running.
Now we can read the partition table, find the bootloader and transfer it into SDRAM and decrypt it. Tegra uses the SBK for this and can also verify an RSA signature on later chips. We still haven't executed a single byte from outside the SoC to this point btw. But now we make the leap of faith that the signature is good, or the decryption at least got the right 'magic' so we believe we have a trusted bootloader sitting in memory. Enable the WatchDog Timer and Jump.
The bootloader (beyond a lot of other stuff like rescue modes) loads the OS and at least checks an RSA signature and in Apple's case probably decrypts it first. A big question is which key they use. They are implying they use the Device Key.
Once the OS loads it also uses the crypto engine to read/write all user data using the Device Key. Remember that while it can encrypt and decrypt there is no way for the OS to read back the actual key. Even root is prevented because it is a one way hardware level lock.
All phones have some sort of rescue mode. The big questions are what sort protections did they put into their rescue mode? Also, is the device key in fuses or can it be changed after the first burn at time of birth? Both have important security implications. Rescue mode is the final way that it could be unlocked, but only by Apple since only they could RSA sign a new bootloader image that could open up a hole. For example they could write a bootloader that looked up the publicly visible serial number or IMEI and if it matched the one in the warrant make an unencrypted view of the flash appear as USB Mass Storage.
Note that truly determined and well funded foes have options. They could watch the bus and just as it was about to transfer control to the external ram, write to it from an external device clamped to the chip and write some evil bits directly into RAM. Or take advantage of the fact it spends most of the time with the SoC powered down and the RAM in self refresh. Clamp on and corrupt the running in memory OS image to compromise the system and then return the RAM to self refresh and remove the clip on probe. Then tap the power button and no lock.
(Score: 2) by kazzie on Wednesday February 17 2016, @06:41AM
I'm not very familiar with Apple devices, but wouldn't the current OS require you to (unlock the phone and) accept the update before it's installed?
(Score: 1, Offtopic) by kurenai.tsubasa on Tuesday February 16 2016, @11:32PM
I've obviously pissed somebody off today.
CISGENDER CISGENDER CISGENDER CISGENDER CISGENDER CISGENDER
There you go. Hope you're nice and triggered.
(Score: 1) by nitehawk214 on Tuesday February 16 2016, @08:11PM
A lock that is specifically designed so that only one locksmith can open it... probably.
Whether or not this is right, iduno.
Whether this analogy is breaking down, almost certainly.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 1, Informative) by Anonymous Coward on Tuesday February 16 2016, @09:07PM
But in this case the lock is specifically designed so no locksmith can open it. I think the issue is whether the government can tell apple to redesign the lock.