SoylentNews is people
SoylentNews
The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):
The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.
(Score: 0) by Anonymous Coward on Wednesday April 13 2016, @07:49PM
Because they're the police, not the IA department. Why are the FBI the bad guys here, or, why are they the only bad guys here? Not disclosing the info isn't making the iPhones any more vulnerable. It isn't like they know about this technique that is in the wild and suddenly all these phones are at risk. And if you need to build special hardware to implement it, what's Apple going to do about that? Recall all the phones?
Why do the grey hats get a pass? They make a living finding vulnerabilities and selling them. Why aren't we shitting on them for not finding vulnerabilities and giving them away out of the goodness of their hearts?
Why does Apple get a pass as the aggrieved victim? Why don't they purchase all the secrets the grey hats have found and fix them all?
(Score: 3, Interesting) by takyon on Wednesday April 13 2016, @07:52PM
Maybe they don't want to set an industry precedent where companies are extorted or else the vulns are sold to the highest bidder.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Gaaark on Wednesday April 13 2016, @07:59PM
Yes, they want to be able to say 'We don't bargain with terrorists, we only pay people, who may, for all we know, be terrorists, a one time fee.'
BRING MR. ROBOT TO LIFE: BRING DOWN WALL STREET!
OCCUPY MY COMPUTER CHAIR SO I CAN LINUX, AND PLAY CIV5!!! :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 2) by Gravis on Wednesday April 13 2016, @08:17PM
ha! we're way past that point.
(Score: 5, Insightful) by edIII on Wednesday April 13 2016, @08:32PM
The FBI are the bad guys, and have been now for over two decades. They've consistently refused to be bound by due process and slowed down by magistrates blocking warrants. I could go on and on about their history with Ma Bell, Congress, the Clipper Chip, Carnivore 1, Carnivore 2, DSCNet, etc.
Yes, they are truly bad people that think of themselves before the rest of us. You're entirely correct though, they're not the only bad guy here.
The sun coming up doesn't heat up the desert, either.
It isn't like this technique may already be in the wild.... or possessed by China, Russia, or shared with the other 4 participants in the Five Eyes. From that point, it is one corrupt official away and one Mosseck Fonseca shell company from being revealed to people that would use it against us.
I agree with you. They should be shot, or at the very least, have every one of their fingers broken permanently. Gray hats are far worse than black hats. At least black hats are honest about their motivations and what they do. A black hat wants to be paid, or use the information to their advantage. A black hat is a criminal.
A gray hat is somebody flirting with the idea that they actually have a little bit of white in there somewhere because they betray the rest of us to government. As if that is any better than betraying us to organized crime syndicates.
Damn right. Those two should be hiding from the rest of us right now, and for good reason.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Wednesday April 13 2016, @09:50PM
What about Apple? You giving them a pass, then?
(Score: 2) by butthurt on Thursday April 14 2016, @01:19AM
A pass for what? Creating a platform that has at least one security hole, or failing to assist the government in an investigation?
(Score: 1, Interesting) by Anonymous Coward on Thursday April 14 2016, @03:43PM
He seems to imply that the FBI is under a moral obligation to report the exploit to Apple. He also implies that grey hats are under moral obligations to either stop doing what they're doing, or to reveal every exploit they find. It would seem consistent with his views that Apple would be under a moral obligation to purchase all the known exploits for sale by grey hats so that they could fix them (regardless of their cost, I would suspect).
Shouldn't Apple be compelled to do this? And if not, why hold the other two up to such high standards?
(Score: 2) by butthurt on Thursday April 14 2016, @11:02PM
He takes [soylentnews.org] the extreme view that grey hat security researchers "should be shot." Assuming the meaning is shot to death, that would forestall the possibility of them selling, or revealing, their discoveries.
Apple have found it profitable to not offer a bug bounty. [nytimes.com] Perhaps they'll reconsider. Compelling them to pay for security research isn't in the cards.
(Score: 2, Interesting) by Arik on Wednesday April 13 2016, @10:42PM
If we designed stuff for security this would be a very different situation. We don't, Apple actually does a better job than most, and they are HORRIBLE at it.
And not just Apple but all their competitors as well *should* be expected to secure their devices at their own expense. Designing it in from the start is expensive, but patching an insecure design later much worse. They go with the latter simply because our legal system, combined with customer ignorance, allows them to externalize the costs of their crappy designs.
If laughter is the best medicine, who are the best doctors?
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 13 2016, @11:23PM
(Score: 2) by edIII on Thursday April 14 2016, @12:24AM
You're entirely correct. The FBI was born bad. Hoover was a true piece of shit in the same mold as McCarthy.
I was limiting my comments specifically to more advanced telecommunication systems that started in the late 80's.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @01:24AM
In those days they were at least trying protect us from the communists and the blacks. What they're doing now is inexcusable.
(Score: 5, Insightful) by stormwyrm on Wednesday April 13 2016, @11:39PM
They have been the bad guys for way, way more than two decades... As long ago as 1945 President Truman already had this to say about the FBI: "We want no Gestapo or secret police. The FBI is tending in that direction. They are dabbling in sex-life scandals and plain blackmail. J. Edgar Hoover would give his right eye to take over, and all congressmen and senators are afraid of him." Have you all forgotten what they did under a program called COINTELPRO [wikipedia.org]? Under that program, among other things, they did surveillance on Martin Luther King and after digging up some sordid details of his private life they actually urged him to commit suicide [wikipedia.org]. I think it's pretty hard to find a time in its history when the FBI were actually the good guys.
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Interesting) by edIII on Thursday April 14 2016, @12:27AM
You are entirely correct, and I was just trying to limit it to the telecoms bullshit that really got going in the late 80's when Ma Bell was standing up to them for it. They were responsible for getting Congress to disband them, for no other reason than to disband the security department in Ma Bell. They were so fucking unreasonable in Ma Bell. Each, and every warrant was inspected and those assholes protected our rights! Yeah, no wonder Ma Bell had to be broken up as a monopoly right?
I was being too gracious.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Informative) by bitstream on Thursday April 14 2016, @01:41PM
Apple has already done the next step that may protect against this. And that is "secure domain" which in essence is a separate microcontroller that communicates only via one communication channel. To defeat that one would need to decap and interface directly with the chip die.
Apple 5 and lower phones have flaws that a determined opponent may exploit without decap.
(Score: 0) by Anonymous Coward on Thursday April 14 2016, @04:19PM
wow, you're some sort of super moron!