SoylentNews is people
SoylentNews
Judge Orders Apple to Unlock iPhone Belonging to San Bernardino Shooter
Apple has been ordered to assist in the unlocking of an iPhone belonging to one of the San Bernardino shooters. This may require updating the firmware to bypass restrictions on PIN unlock attempts:
Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino must supply software that prevents the phone from automatically annihilating its user data when too many password attempts have been made.
The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers on December 2. The couple died in a gun battle with police soon after. Cops have been unable to access Syed's iPhone 5C because they do not know the correct PIN, and will now gain the assistance of Apple, as ordered by Judge Pym [PDF] on Tuesday.
iOS 8 and above encrypts data on devices, requiring a four to six-digit PIN to unlock. After the first few wrong guesses, iOS waits a few minutes between accepting further PIN entry attempts, escalating to an hour's delay after the ninth failed login.
[...] Judge Pym wants Apple to come up with some magic software – perhaps a signed firmware update or something else loaded during boot-up – that will allow the FBI to safely brute-force the PIN entry without the device self-destructing. This code must only work on Farook's phone, identified by its serial numbers, and no other handset. The code must only be run on government or Apple property, and must not slow down the brute-forcing process.
Apple has five days to appeal or demonstrate that it cannot comply with the order. It is crucial to note that the central district court of California has not instructed Apple to crack its encryption – instead it wants Apple to provide a tool to effectively bypass the unlocking mechanism. "It's technically possible for Apple to hack a device's PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.
Apple Ordered to Aid FBI in Unlocking Shooter's iPhone
According to this Reuters article, "A U.S. judge on Tuesday ordered Apple Inc to help the FBI break into a phone recovered from one of the San Bernardino shooters, an order that heightens a long-running dispute between tech companies and law enforcement over the limits of encryption.
Apple must provide "reasonable technical assistance" to investigators seeking to unlock the data on an iPhone 5C that had been owned by Syed Rizwan Farook, Judge Sheri Pym of U.S. District Court in Los Angeles said in a ruling."
"...Forensics expert Jonathan Zdziarski said Tuesday Apple might have to write custom code to comply with the order, presenting a novel question to the court about whether the government could order a private company to hack its own device.
Zdziarski said that because the San Bernardino shooting was being investigated as a terrorism case, investigators would be able to work with the NSA and CIA on cracking the phone. Those U.S. intelligence agencies likely could break the iPhone's encryption without Apple's involvement, he said."
Update: EFF to file an amicus brief in support of Apple's position.
Update 2: mendax writes: The New York Times has some "breaking news" which says that Apple will not comply with the judge's order. It's a good way to get in trouble with the judge but it's the right decision on Apple's part.
Previously: FBI Unable to Decrypt California Terrorists' Cell Phone
(Score: 5, Informative) by khchung on Wednesday February 17 2016, @12:12PM
This same story is on the green site already, and someone had already posted a very detailed explanation with link to Apple's document.
http://yro.slashdot.org/comments.pl?sid=8756397&cid=51524693 [slashdot.org]
In short: "You must have all 3 pieces present: The specific secure enclave [a piece of security hardware on the phone], the specific processor of the iphone, and the flash memory that you are trying to decrypt."
And regarding restoring from backup:
http://yro.slashdot.org/comments.pl?sid=8756397&cid=51525365 [slashdot.org]
In short, can't be done.
(Score: 0) by Anonymous Coward on Wednesday February 17 2016, @01:24PM
Of course it can be done and there probably is an infinite supply of solutions too. The question is not if, it's how do we want to go about it.
(Score: 2, Touché) by Anonymous Coward on Wednesday February 17 2016, @01:54PM
Lawyers are not allowed on SN
(Score: 5, Funny) by Thexalon on Wednesday February 17 2016, @02:27PM
Yes there are, as clearly stated in section 47.A.5, subclause 17, on page 23 of your user agreement, which I'm sure you're familiar with. And if you don't believe me, I refer you to the defense response in Arkell v Pressdram, 1971.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Touché) by Runaway1956 on Wednesday February 17 2016, @03:04PM
Nonsense. Where did you think Soylent Brown came from? We lure the lawyers in, grind 'em up, and serve them up fresh. Don't scare the lawyers off, or you may be going hungry.
Abortion is the number one killed of children in the United States.
(Score: 2) by Bogsnoticus on Thursday February 18 2016, @03:58AM
I always thought that lawyers were made from Soylent Brown, which is created approximately 24 hours after eating any other form of Soylent.
Genius by birth. Evil by choice.
(Score: 1, Interesting) by Anonymous Coward on Wednesday February 17 2016, @02:25PM
Those are good links. But I disagree that it would cost millions to shave off the top of the secure enclave and read it with an electron microscope. That is a well known technique that has been used for well over a decade. Its the kind of thing that can be substantially automated so if you've done it once you are probably all set to do it again (and surely the NSA has done it and has all the necessary tools).
(Score: 1, Insightful) by Anonymous Coward on Wednesday February 17 2016, @07:24PM
if you've done it once you are probably all set to do it again (and surely the NSA has done it and has all the necessary tools).
AHA! And now you must ask yourself: Why doesn't the NSA just do it then? See? Apple probably could do it, but this ruling makes the public corps lapdogs beholden to the state. The NSA should do it, if it truly were a matter of "national security" they would have done so already. This is a political slug match. By the by, wasn't it interesting how all those reporters were allowed all over the crime scene just days after the incident to destroy any possible evidence? We're arguing technical capabilities in a propagandized lawsuit brought about by a false flag. It will never make sense if you attack the problem from a flawed position.