I don't think that word means what you think it means.
Would it have pleased you more if, oh let's just for the sake of argument say: the government had to get some kind of a court order to get the information?
Sorry. Sarcasm doesn't come across well: there is a court order, but because Apple decided to not help, they were removed from the oversight chain, hence arguably weakening the oversight.
They would if the safe was purely digital, based on vendor-controlled platform DRM that granted the vendor and only the vendor additional access to the safe.
Note that the FBI got the court order in a hearing to which Apple was not invited. The court gave Apple an opportunity to respond, and it was in the middle of that process when the FBI found another way in.
It's not like the court told Apple "you need to immediately start working on this" and Apple said "no, we refuse".
Yes, as long as there was a public, adversarial argument about it, not some classified, logic-bending "memo" from a lawyer, or some one-sided star chamber FISA "court" order.
There is oversight and limitations. The government still needs a search warrant or legal ownership of a device in order to hack it. You're perfectly entitled to make your stuff harder to search, but once the government has a court order or warrant for the info, they're entitled to all the hacking they need to extract the data. Stop and think for a minute about what you're proposing, that the government need to now get a second search warrant for the removal of encryption. That's absolutely ridiculous. If they seize a safe from your home, they don't need special permission to crack it open.
'Corrupt' has a very specific meaning. It does not mean 'without morals', 'bad', or 'evil'. Whether or not the police or FBI will unlock this iPhone is most likely completely unrelated to whether or not they are corrupt.
No it does not. Govt never claimed this. What it does is show that, the FBI will do exactly what the Chinese are currently most likely doing if need be.
You are correct that they did not explicitly say this, however I do believe they - through Director James Comey's statements, strongly implied this:
The San Bernardino litigation isn't about trying to set a precedent or send any kind of message... We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land.
FBI Director James Comey claimed that unlocking this phone was really really about Terrorism: "So I hope folks will remember what terrorists did to innocent Americans at a San Bernardino office gathering and why the FBI simply must do all we can under the law to investigate that." (https://www.lawfareblog.com/we-could-not-look-survivors-eye-...)
It's possible, by some weird John Yoo-style contorted reading of the facts to say "FBI Director Comey said that, the US Government didn't say 'because terrorism'". That contorted reasoning would amount to lying by splitting hairs. Don't lie by splitting hairs.
I think you are confusing the arguments for granting a search warrant in this specific case (terrorism), with the overall argument behind granting the powers that a search warrant provides in general (not terrorism specific)
I'm sorry, I don't see how the above statements relate to John Comey's public explanations of why hacking the iPhone in question was so important. Maybe you can expand on the above to clarify that relationship?
Law is not made on a case by case basis. There is a general set of powers that gets granted for something like a search warrant. Just because a govt official argues that a specific case is terrorism related, does not mean that the general powers granted by a search warrant is "just cause terrorism". Instead, to have a coherent argument you have to argue against why the govt should have been given the search warrant in the first place.
If you're a programmer you'll understand - you can't argue generally about a class because of the properties of an instance of that class.
If I understand correctly, the FBI was attempting to set a precedent, using an instance that has lots of emotional appeal ("Terrorism!") and they were really working that emotional aspect ("Couldn't look the survivors in the eye") hard. Once that precedent is set, the USA's legal system would require some new laws to make the precedent go away (in a legal sense). The FBI could at the least operate under the legality of the precedent until the new law(s) take effect, if such new laws get made. They often don't, and the USA just rides on the precedent.
Law is not made on a case by case basis. There is a general set of powers that gets granted for something like a search warrant. Just because a govt official argues that a specific case is terrorism related, does not mean that the general powers granted by a search warrant is "just cause terrorism". Instead, to have a coherent argument you have to argue against why the govt should have been given the search warrant in the first place.
If you're a programmer you'll understand - you can't argue generally about a class because of the properties of an instance of that class.
Remember that the FBI said that if Apple provided a solution, it would not be used in other cases and that they were [Edit: not] going to use it as a precedent (IIRC the details).
>Remember that the FBI said that if Apple provided a solution, it would not be used in other cases and that they were going to use it as a precedent (IIRC the details).
That's not what they said. What they said is that each particular case is about unlocking each particular phone. And mind you, these are phones that the government has every right to access if they can find a way, either because they have search warrants or are the legal owners (or have the permission of the legal owners) of the phone.
There is nothing controversial about this. The government has used vulnerabilities to extract info from devices gathered during legal searches for a long time. If they seize a safe from your home, they don't need special permission to crack it open.
The government still needs a search warrant or legal ownership of a device in order to perform a search. You're perfectly entitled to make your stuff harder to search, and they're entitled to all the hacking they need to extract the data.
> What they said is that each particular case is about unlocking each particular phone.
The FBI may have said that, but it doesn't really address the issues substantively and I think they said much more: Remember Apple argued that a solution they provided for one phone would be used for others, and a court decision could be precedent for other cases. The FBI disagreed; I don't remember the details of what they said, however.
> these are phones that the government has every right to access if they can find a way
I agree, but that's not the issue here. The issue is the FBI's apparent attempt to deceive the public and the courts.
You're seriously distorting the truth here, not the FBI.
The FBI said Apple could maintain control over any tools they made. Apple said "oh noes, we can't ever make a master key [but don't look behind the curtain, where you'll find that we have a master key or three, which is why we can make one in the first place]"
Then the FBI found an alternative solution that doesn't require Apple's assistance, making the whole damn conversation moot -- including whether they'd use Apple's hypothetical "master key" on other phones.
I feel the matter isn't "moot". Not because of whether Apple did or didn't help the FBI, and not because of whether or not a precedent was created.
Apple did not make their product weaker (We don't know what hole the FBI found, but it might require physical possession of the device, and Apple could fix it tomorrow. Either way, regardless of what flaws exist now, that number wasn't increased). In addition, there was a national conversation (albeit ignored by most) about whether Apple should make their product less secure. A conversation that actually hit some details. John Oliver did a bit on it, I know several other outlets tried to convey something beyond "Terrorists Bad!/Govt Bad!".
That's something I am glad that happened, and something that wouldn't have happened without the discussion you consider "moot". The answer may no longer be important, but the debate was.
Yes, and? Should we believe him? He's the director of the FBI, he's almost certainly lying. It will come out in some leak or declassified document, or someones memoirs, or some such, in 30 years that the guy was lying through he teeth.
We can't seriously be expected to believe that over the next six decades it will come out that all these politicians and law enforcement folk were just, upright, moral citizens, acting in everyones best interests.
I have an inkling that they believe they are moral, normal and doing the right thing by saving us from ourselves. "The ends justify the means" is a pretty common though in american law enforcement.
Was he under oath at the time? Not that it matters, since no one (certainly not a high level government official) gets charged with lying under oath. To Congress. I guess even Congress doesn't value themselves that much to be worth not lying to.
> He's the director of the FBI, he's almost certainly lying.
If you mean that because he's FBI Director therefore he's lying, I strongly disagree. Certainly, just like everyone else, FBI Directors don't always tell the truth; the world is much more complicated than that. He is a human being, not a saint or angel, who has dedicated his life to public service and has an extremely high pressure, difficult job. I don't always like what he says but he deserves a little respect.
So we should respect accomplished liars? This seems totalitarian to say the least.
Lying to the public to accomplish a goal is not admirable in my view; it is contemptible.
It seems clear to me that he lied to Congress but parsed his testimony in a way to provide deniability / accountability. You may choose to admire this but the rest of us don't have to share your view.
My dad taught me "respect is earned, not given". I'm not exactly sure why this concept has fallen out of favor in society, but the idea we should respect someone purely because they made it to a high-ranking position/title is ludicrous. You should determine respect for people because of their behavior and actions, regardless of their wealth, influence, or job title. In fact, this is a hallmark of the way technical roles in much of the industry works that makes it so pleasant to me. I have garnered respect in my career because I get shit done, not because I've ever had a fancy title.
I don't, but I do know Apple exists, Apple is in the position to provide a crack, looks better if they they refuse to compile then patch the backdoor when it becomes known, etc...
Given Apple's declined to say what happened with China's "security" requests, but China's allowed them to continue doing business, the FBI's head met with them in China to talk about Apple, etc. -- I believe their enough known to merit Apple and the FBI going on the record regarding what, if anything, happened, and their position on the topic.
Fine, if my use of evidence upsets you, happy to change it to "known" - since everything I stated above in the comment you're taking issue with is public knowledge.
Second, are you aware of what I mentioned, or you just whipping around HN expressing your opinion without any effort; if so, that's bit above trolling in my opinion.
Lastly, given your username, if you have any affiliation with the government, law enforcement, etc. - in my opinion that should be disclosed in a comment on related topics.
Your entitled demands aside, it is not "known" that Apple secretly helped the FBI crack one of their phones despite claiming to resist the FBI publicly.
I do not recall any such statements regarding solutions developed in house or learned from organizations other than Apple. If anything the implied threat should have been, either help us or we will find a way and tell all other branches.
It really doesn't seem like we should be blaming Apple here. Apple did what we wanted it to do, stand up for privacy. The FBI is showing off and acting ridiculous. I think they are the ones who are at fault here and we should stop making it sound like Apple did something wrong and that this abuse of power is their fault.
Obviously, they're an easier target so that's why people are attacking them but, honestly, what did they do other than stand for their (AND OUR) values?
By not building a backdoor, or by not helping at all?
If the latter, I'm not sure I fully agree.
At the end of the day, I personally like our prosecutors having criminals' data, given that there is a court-ordered warrant for it. I'm definitely not for building backdoors, but I'm all for the FBI picking the lock or breaking down the doors if the courts deem it necessary.
First, the San Bernadino shooters destroyed a lot of other computers/phones/disks - yet they left that iPhone unscathed (http://abcnews.go.com/US/san-bernardino-shooters-destroy-pho...). It was also a phone provided by Farook's employer. Unless Farook was a big dope, he used it for work stuff only. Since nobody got wind of the crimes before they happened, Farook was evidently Not a Dope. Third, the FBI has had access to iCloud backups from that device (http://www.latimes.com/business/la-fi-tn-apple-fbi-call-2016...), apparently the iCloud password was changed as part of accessing the backup data. The changed iCloud password is what caused the FBI to not be able to access the phone directly.
So, I think we can be reasonably sure that no info of value will come off that phone. It's possible, but it seems unlikely.
Dude... you were the one that asked "How so?" in response to a statement that nothing of value would be recovered from the iPhone that the FBI was using as a means of creating a precedent. I gave you the "how so" reasons, I didn't say anything about not exploring reasonable sources of information. If FBI investigative time is a scarce resource, I would expect them to prioritize the sources of information, putting "less likely to yeild results" lower in the prioritized list. I would also expect them to stop investigating the material way down on the priority list if the material high on the priority list had yielded results.
Dude. Clearly you have insights into this investigation that neither I, any media outlet or even in fact the FBI even has. So in that case, congrats, you win.
Dude. Clearly you have insights into this investigation that neither I, any media outlet or even in fact the FBI even has. So in that case, congrats, you win.
LA Times is reporting that the phone is an iPhone 6
> The FBI has agreed to help prosecutors gain access to an iPhone 6 and an iPod that might hold evidence in an Arkansas murder trial, just days after the agency managed to hack an iPhone linked to the San Bernardino terror attacks, a local prosecutor said Wednesday.
IIRC, didn't the unlock in the San Bernardino case use an exploit(s) specific to the 5C or something? Also IIRC the iPhone 6 has some sort of hardware-level protection against this.
Anything you may have heard is almost certainly speculation. It seems pretty likely that a particular Israeli company supplied the FBI with an exploit, but no one has said anything about that exploit being specific to the 5c.
Even Apple does not seem to know what the exploit was, as they are pursuing legal options (or dropping hints to that effect) to compel the FBI to reveal it to them.
I'm glad I have an iPhone 6. Anything without touchID is now insecure thanks to the FBI. It sounds like Apple knew this would happen which is why they recently hired a Signal developer:
If you use your iPhone 6 WITH touch ID, that is, you actually use touch id to unlock it, it makes it all the more easy for them to unlock it. They can not compel you to provide a password, as of yet, but they can compel you to provide a finger print, and they would probably have a fingerprint of yours anyway, as that is a standard procedure during booking. If you (for some reason) are concerned about FBI having access to your phone, do not use touch ID.
This is why I use a jailbrake tweak that let's me draw a passcode after initial unlock, but requires a full alphanumeric password on reboot or after 5 ties. I have no clue why Apple has yet to incorporate that feature directly in the OS. Not sure if the fact that the phone being jailbroken is a further vulnerability, but to be honest, I don't really worry about FBI, as much as I am concerned about loosing my phone and having someone find it and open it.
There's no built-in feature that lets you use a simple passcode after the initial unlock.
Touch ID ends up working like this, where your fingerprint takes the place of that simple passcode. But for people who don't want to use a fingerprint, you're stuck using the same passcode or passphrase for each unlock.
Unless they already have a routine procedure for doing this, that's just not going to happen within 48 hours (the TouchID timeout) of seizing the device in a normal criminal case.
The suspect is alive. They can use his fingerprint for the 6. I think the case here is about the iPod touch, that has a similar security level as an iPhone 5c
They can use his fingerprint, if they did it within 48 hours of the last time he unlocked his phone with the passphrase, and if he didn't shut the phone off or make five failed fingerprint attempts in a row.
I'm guessing it's been well over 48 hours since the suspect last had access to this phone, so that would no longer apply.
Yup, Apple's only move at this point is to get a lot of 3rd party auditing going and hope they can find the exploit the feds are using...
This is a ridiculous game - the government is refusing to disclose exploits they found in our devices with our tax dollars. I can't see this ending well.
Serious question: how is this "unlocking iPhone case", any different from what fbi and other agencies used to do for a while when they seize computers for example, or a locked safe? They also "unlocked" those devices after they got a warrant, what makes this "iPhone case" any different? If they have a warrant - and a way to unlock the device - what is the reason of all this buzz around it?
That's really not a fair summary of the situation. Apple took a stand, rightly in my view, to dig their heels in under the request to make a permanent back door for FBI (and likely other groups) usage. There is a massive difference.
I respect that view. Here's where I disagree: I think Apple taking a similar stand for the illegal wiretapping makes sense (giant open door, no court oversight), but not for this case (could be clean roomed, court oversight)
Is a company that makes safes legally required to have a master key or to create a master key even when they don't want to? The question is whether or not a 3rd party can be compelled to create something which does not exist in order to aid in the execution of a search warrant. I think it's pretty clear based on prior All Writs Act precedent[1] that Apple should not be required to produce new software code for cases like this.
I think there's a strong case for first-amendment rights in code signing even in the case of a non-ephemeral signing key. In any case, look at the use of a search warrant with Lavabit—is it clear that the All Writs act was even their strongest legal suit?
> That's really not a fair summary of the situation. Apple took a stand, rightly in my view, to dig their heels in under the request to make a permanent back door for FBI (and likely other groups) usage. There is a massive difference
This is history rewriting, the request, in his least dangerous form, was to unlock a single phone from inside Apple labs by Apple people
yes, perhaps Apple is doing the right thing for the wrong reason. I also think so. However, it's still the right thing and therefore i support them. Even EFF supports them.
Why do you think they're doing it for the wrong reason? Apple has demonstrated many times their commitment to user privacy, it's not like this was a PR stunt.
It is interesting that they have a way to unlock the device, both because it means iPhones are less secure than we thought and because it contradicts their earlier position that they needed Apple to disable security features for them to access a locked device.
Computers are rarely found with full-disk encryption. When Ross Ulbricht was arrested he did have his laptop encrypted, but the FBI went to great lengths to arrest him at a cafe when he had it open, on, and unlocked. Normally computer forensics just consists of making an image of the unencrypted disk. Microsoft Bitlocker defaults to asking you to save a recovery key in the cloud where it can be subpoena'd. Apple is unique in offering high-security by default devices to the general public - although the security is part of their product strategy of keeping complete control of the platform.
Safes are drillable, and there may also be "password recovery" services available from the manufacturer.
On the other hand, it makes exploits very valuable to the FBI where they will likely be saved for high profile cases. I can't tell if this is a good or bad thing.
Errr, it's pretty much none of those things :)
(ie they have a valid search warrant, the fifth amendment does not protect you here under any current caselaw, etc)
> the fifth amendment does not protect you here under any current caselaw
I can't see even a speculative 5th amendment argument. If they can crack your phone without your cooperation, how could they possibly be forcing you to incriminate yourself?
Put down the pitchforks people. This is standard operating procedure and you're not gonna win any arguments opposing it. If the government gets a search warrant for the contents of a safe in your home, they're perfectly entitled to crack it open with whatever techniques they discover. The now-moot case against Apple was about whether they can compel the safe-maker's assistance, which is a very different issue.
This is the protection against search and seizure that you're entitled to within the US:
>The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
How does the prosecution prove the plaintext came from defendants' devices? When DNA is used as evidence not only is there chain of custody rules for biological material, but the details of DNA extraction and comparison are openly documented. You don't just have someone claim something is a match, there's proof.
They might just be planning to use the information learned from this to assist in the prosecution without providing it as evidence? For example they could subpoena those involved in the imessage conversations or find other criminal leads?
If the information is used to build a case against a particular person, my non-lawyer understanding is that it becomes evidence.
Or rather, if one of those leads ends up being complicit in the charges, you have to prove as the prosecution how you came to that conclusion. You can't just say "we started investigations, then magic, then we interviewed this guy and figured it out."
Historically, when the FBI or some other organization helps but doesn't want to be named as part of the process (to protect their secret methods of accessing or collecting information), prosecutors will do something called "parallel construction," in which they build an alternative timeline to how they could have come by the information that led to the new interviews.
It's interesting that in this case, with the FBI publicly acting in support, they're giving up the ghost on that and opening themselves to perhaps being called for testimony. I'm curious how they'd use state secrets protections to get around having to explain their process, and whether a local/appellate/superior court justice(s) would allow it.
You have to walk the entire path from the presumption of innocence. You need reasonable suspicion to accost someone in public. You need probable cause to arrest, and conduct searches or perform seizures. You need some credible evidence to go to trial. You need a preponderance of the evidence to win most civil disputes. You need clear and convincing evidence when the results of a civil dispute may impose a heavy burden or curtailment of rights on one of the parties. Criminal trials require evidence beyond reasonable doubt.
Failing to propose a believable narrative for each increase in magnitude in the burden of proof may cause the entire case to fail in the US.
If you collect evidence on someone that would ordinarily require probable cause when that person should be enjoying the presumption of innocence, that evidence is inadmissible, as is all investigation that depends on it to proceed.
Parallel construction is taking theatrical steps ex post facto to defraud the courts into believing that evidence is not only admissible at trial, but also a reasonable basis for further investigation. If the FBI performs mass suspicionless surveillance on presumed innocent victims, finds evidence of a crime, then notifies another agency to contrive reasonable suspicion, then probable cause, to uncover the same evidence via a legally plausible narrative, that is kicking civil rights square in the teeth. Furthermore, it encourages otherwise innocent activities to be considered as reasonable suspicion, and promotes aggressive police tactics to manufacture probable cause out of reasonable suspicion, or bully people into providing consent or confessions. You get "judge dog" approving search warrants whenever the K-9 cop signals him to provide probable cause. And it combines with forfeiture to become even worse.
When "accidental discovery" evidence is admissible, that is a significant weakening of the public's protections against government, as it provides additional avenues for parallel construction, such as dropping a smoke bomb through a window and pulling a fire alarm, such that responding fire department personnel can notice "drug paraphernalia" and tip the police, who get a warrant based on the tip and conduct a search for drugs. This encourages obstruction of services to promote public safety, such as disabling alarms or blocking emergency calls. When "clean hands" evidence is admissible, one "dirty hands" cop--or a paid informant--just needs to pretend to be an anonymous member of the public to tip off the "clean hands" cop. My own non-judge opinion is that poisonous fruit is when one law is broken in pursuit of enforcing another, not just when someone's rights are infringed.
The 5th and 14th amendments contain a due process clause. 49 states specify common law as the law of the land, which includes presumption of innocence. Louisiana specifies a civil code, which likewise includes presumption of innocence.
The SCotUS opinion in Coffin v US stated the following:
"The principle that there is a presumption of innocence in favor of the
accused is the undoubted law, axiomatic and elementary, and its enforcement
lies at the foundation of the administration of our criminal law.
...the exclusion of an important element of proof can be justified by
correctly instructing as to the proof admitted. The evolution of the
principle of the presumption of innocence, and its resultant, the doctrine
of reasonable doubt, make more apparent the correctness of these views, and
indicate the necessity of enforcing the one in order that the other may
continue to exist."
They can also get away with doing the exact opposite in their practice, only to be overturned at great personal expense to individuals with few resources.
Yes, that would be my take on it. The government can still make use of inadmissible or illegally obtained evidence. The evidence here was obtained legally, so it will likely be used to bolster the case against the defendants and anyone that may have assisted them.
Even in the case of illegally obtained evidence, there are techniques like parallel construction [1] that they can use to make their cases. They also have the so-called "clean hands" exception, which allows allows the government to introduce evidence into trial that was illegally obtained by a third party when the government did not play any role in obtaining that information [2].
The US legal system was designed to seem exceedingly fair on its surface, while allowing for unconscionable abuses by those skilled in maneuvering through its loopholes.
Parallel construction is not legal. It's goal is to disguise the origin of information, but just because you get away with breaking the law that does not mean what you did was legal.
You're probably thinking of "inevitable discovery", which says that illegally obtained information can be used anyway if the prosecution can show that they would have obtained it anyway. Parallel construction is something intelligence agencies do in order to hide how they obtained information in the first place (whether legal or otherwise).
FBI, local law enforcement, etc use parallel construction too; for examples, look into how the FBI works with local law enforcement using tech like Stringray.
Same way they 'prove' that the report about DNA is an accurate description of what the actual analysis showed, or that there even was an analysis at all: by trusting the technicians who did it, and the protocols surrounding that. There is no 'single legal way' to do DNA analysis: it's all about the judges and jury trusting the experts to be impartial. Manufacturers of DNA analysis devices don't have to show their firmware source code for the analysis to be admissible as evidence.
No there isn't a blind trust in an expert nor a requirement for source code. There is something in between this. Look at the PCR method of analyzing DNA and how the comparison is made. Look at the case law on this. One example, https://scholar.google.com/scholar_case?case=118569849176511...
Now square that with "saying things does not make them true" and "you're entitled to your own opinion, but not your own facts".
I don't see how the prosecution has met the burden of proof, beyond a reasonable doubt, unless they show their work. Otherwise this is way too easy to frame people.
(Wrong button, intended to up vote you, my apologies.)
Maybe DNA from blood is a different matter, but when it comes to hair samples I don't think we can trust the FBI.
"The Justice Department and FBI have formally acknowledged that nearly every examiner in an elite FBI forensic unit gave flawed testimony in almost all trials in which they offered evidence against criminal defendants over more than a two-decade period before 2000."[1]
> How does the prosecution prove the plaintext came from defendants' devices?
You show the recovered key and plaintext and demonstrate that they match the ciphertext.
The chance that several gigabytes of encrypted data accidentally happen to decrypt with wrong key to a different several gigabytes of perfectly valid data is rather slim, which means that any key which produces valid data is the key you are looking for.
Right, in some cases I've seen a party forced to deliver an encrypted version of evidence that in the future they maybe required to produce, since this in theory provides custody and non-repudiation if required. In fact, this maybe the future of evidence, all data is legally collected as encrypted, then accessible on demand.
You have someone from the FBI and/or the private contractor testify as to how the plaintext was obtained. Same thing as when you do a DNA match, you need to have the technician testify (unless the defense stipulates).
"how the plaintext was obtained" which means it sounds next to impossible FBI can keep their exploit secret indefinitely if anything on an encrypted device is going to be used as evidence in a criminal case.
Maybe, if the defense counsel specifically tries to get that level of detail out on cross. But in the ordinary course of events it probably wouldn't. The jury isn't going to understand or care about the details -- how is eliciting them on cross going to help the defense? Remember the defense lawyer is responsible to his client, he isn't a roving do-gooder.
I don't really have a too much of a problem with them unlocking individual phones. I have a problem with them asking for the master key to all phones, which is what they were doing in the San Bernardino case.
Are there any good articles on the difference between iPhone 5, 5c, 6, and 6c in terms of security? Also, has anyone covered why NAND Flash clone attack vector would not work? I had many people tell me that is definitely, for sure, certainly would not work, and yet no one I spoke with could explain exactly why that was the case.
See Page 12 on advantage of A7 or higher processor, but, in particular:
"On devices with an A7 or later A-series processor, the delays are enforced by the
Secure Enclave. If the device is restarted during a timed delay, the delay is still
enforced, with the timer starting over for the current period. "
The question still outstanding, is whether the Secure Enclave can be modified, and also, whether it can be modified without a passcode.
And where does Secure Enclave store the counter? Does it have flash inside the processor? Otherwise - just unplug and replug the battery
Edit: Any device that is nand cloned will not be using apple power anyway. And we have all kinds of low temperature, low voltage bit flip attacks anyway.
The Secure Enclave does have it's own flash, it apparently even has it's own OS. What do you mean by bit flip attack? I am actually really interested in how it would be possible.
A bit flipping attack is where a change to the cyphertext results in a predictable change to the (decrypted) plaintext [1]. Re venomsnake's comment, I'm not sure how this applies to the secure enclave though, or the relevance of low temperatures.
I know about the OS. But the key is fused, not in flash in the CPU. So they probably have cmos style persistence and not true one. Which is vulnerable to erasing.
Low voltage attacks:
A low-voltage fault attack is a fault attack where the fault is induced by feeding the hardware with a lower-than-normal voltage (in the "smart card" model, the card has its own CPU, RAM and ROM, but the current and clock signals are provided externally, i.e. are under the control of the attacker). For instance, if the card expect 3.3V, you give it only 2V. The real trick here is that the attacker can lower the voltage for only very short durations, a few clock cycles, so as to induce a fault in a specific part of the algorithm execution
However, its flash is supposedly not inside the processor but in the form of an external flash chip, and it's not really possible for Apple to move the flash onto the main processor because the manufacturing processes they use don't support it. That's why everyone uses one-time programmable eFuses instead.
There is no indication that the Secure Enclave has its own flash. I've looked everywhere, and while there are lots of hopeful people who think it should, there's no evidence that it does.
If you read through Apple's security document, you'll see that the Secure Enclave achieves separation from the rest of the system by encrypting everything with keys that can't be replicated on the outside, and by having its own secure boot verification. It's possible that there's some internal storage that they just don't mention, but it doesn't look like the way to bet.
This means that even devices with the Secure Enclave are still vulnerable to flash cloning. You can't understand the contents of the Secure Enclave's stuff, but you can still save and restore them once you desolder the flash.
The attack described in the comment you're replying to won't work, of course. The counter is stored in the flash, so cutting power won't do anything. There was a bug where the OS would report an unlock failure before updating the flash memory, so if you were quick to cut the power you could bypass the counter, but that's been fixed.
What does work (in theory) is to desolder the flash and hook it up so you can save and restore its contents. Then you turn on the phone, try a few passcodes, shut down, restore flash to original state, repeat until success.
Of course, this only works if the passcode is simple enough that a brute force is feasible. You can attack a four-digit passcode in a few days this way. A six-digit passcode would take maybe a year, and proper passphrase would still be completely infeasible.
That's a great read, still reading it now. I wish it was more specific about how the Secure Enclave times the period between passwords, however. There are 2 ways to do it, as I see it:
1. One way would be for the SE to have it's own clock function.
2. The other would be for the SE to send a message to the main CPU and ask the CPU to let it know when x number of seconds has passed.
I believe that second option is more likely because of the way the feature works. On full phone reset it restarts the timeout period rather than continue it from where it was. This could be a feature, of course. But I am guessing that the way it works is that the SE asks the System to tell it when x seconds / min has past and sets a timeoutExpired flag to false. Once it get's the notification that the time has passed, it resets the flag to true.
If above is how it works, than screwing around with the System clock could be effective. If the system relies on system time, then it might be possible to shift the clock by doing adjustment through a fake cell tower. Not sure how effective that would be.
Just some thoughts really. Would be interesting to see if they can unlock the iPhone 6 or not.
Apple SHOULD NOT demand to find out how the FBI did it because it would expose them to discovery requests in future court cases where they would have to tell other people (read China / Russia) how to do it. For now they have plausible deniability and they have plenty of talent to figure out how it was done, or if all else fails, they can pay that same security firm to tell them under cover of an NDA.
But the problem still remains, if it's well publicized that they were told about the hack, next time they are compelled by the court they will have to tell everyone what FBI told them.
'If all else fails' they would have to write the security firm a blank cheque. I know Apple have a lot of money but the fee would likely be astronomical. Unless, of course, Apple wanted an ongoing contract with the firm to dig out vulnerabilities (on top of whatever they already do). I wonder if that sort of relationship would be economical for both parties.
If it is discovered that Apple knows about the exploit, regardless of how they know about it, then they can be compelled to reveal it in court. An NDA does not give one a pass on testifying in a court of law.
It is in Apple's best interest to find out what the exploit is, how long it's been out there, and fix it instead of playing legal games. Such an exploit in the wild is a security concern for every person who owns that phone, not just criminals. There is no telling how many people are out there accessing privileged information in the private and government sectors with that phone. It is a concern covering criminal activity all the way to foreign government spying.
As a bonus, if it's an exploit that's been known from before the FBI's claim that only Apple can help them breach the phone, then we know the FBI was full of it. The FBI has been known to use questionable tactics before and backed out of cases that weren't going their way to avoid revealing those questionable tactics. This whole iPhone thing reeks of this.
>"Ok, now how to make these phones even more secure?"
Or more likely how to _market_ the next round of phones as being more secure and whether claiming the upgrade is essential for businesses ("our old phones are all broken now, you must upgrade") will lead to a gross increase in profits or not.
So if the FBI is just going to have the Israeli company Cellebrite unlock the phone, why couldn't Conway prosecutor's office do this directly? And given the number of public articles of opinion offered to the FBI on how trivial it was to unlock 5c and previous iPhones, and the number of companies offering unlocking them as a service, is the FBI just incredibly slow at setting a standard forensic process, or is there some other reason these phones aren't being unlocked?
Are there legal precedents which allow courts to employ international help for state cases?
Is that legal? Are there issues?
Maybe it's a financial thing? What's the cost of using one of these outside companies like Cellebrite?
I read that there was a chip replication process in play which meant even if the security mechanisms wiped the chip after X attempts you'd just have more chips ready with the same exact image to try, thus negating the issue. That sounds expensive. But I'm not sure. Can a state prosecutor afford that?
And in the end, I might be totally wrong on a ton of this.
I don't have a problem with law-enforcement getting a warrant for an individual's device and then using whatever means available to get information off of that device. It's the warrantless or use of general warrants to justify mass surveillance that I have an issue with.
165 comments
[ 2.4 ms ] story [ 222 ms ] threadThere is no oversight or limitations.
Complete and total lack of justification.
There's a word for this -- corruption.
Would it have pleased you more if, oh let's just for the sake of argument say: the government had to get some kind of a court order to get the information?
So, yeah. I believe it would please 'em more if there was a court order involved.
It's not like the court told Apple "you need to immediately start working on this" and Apple said "no, we refuse".
https://en.wikipedia.org/wiki/Parallel_construction
Once it is in their possession, for whatever cheap and loose justification, they will open it.
Your argument is under the assumption that they are not corrupt.
The San Bernardino litigation isn't about trying to set a precedent or send any kind of message... We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land.
https://www.lawfareblog.com/we-could-not-look-survivors-eye-...
It's possible, by some weird John Yoo-style contorted reading of the facts to say "FBI Director Comey said that, the US Government didn't say 'because terrorism'". That contorted reasoning would amount to lying by splitting hairs. Don't lie by splitting hairs.
If you're a programmer you'll understand - you can't argue generally about a class because of the properties of an instance of that class.
I see where you've gone astray: law is made on a case-by-case basis in the USA. The USA has a "common law" system (https://en.wikipedia.org/wiki/Common_law) where precedent (https://en.wikipedia.org/wiki/Precedent) is overwhelmingly important.
If I understand correctly, the FBI was attempting to set a precedent, using an instance that has lots of emotional appeal ("Terrorism!") and they were really working that emotional aspect ("Couldn't look the survivors in the eye") hard. Once that precedent is set, the USA's legal system would require some new laws to make the precedent go away (in a legal sense). The FBI could at the least operate under the legality of the precedent until the new law(s) take effect, if such new laws get made. They often don't, and the USA just rides on the precedent.
If you're a programmer you'll understand - you can't argue generally about a class because of the properties of an instance of that class.
That's not what they said. What they said is that each particular case is about unlocking each particular phone. And mind you, these are phones that the government has every right to access if they can find a way, either because they have search warrants or are the legal owners (or have the permission of the legal owners) of the phone.
There is nothing controversial about this. The government has used vulnerabilities to extract info from devices gathered during legal searches for a long time. If they seize a safe from your home, they don't need special permission to crack it open.
The government still needs a search warrant or legal ownership of a device in order to perform a search. You're perfectly entitled to make your stuff harder to search, and they're entitled to all the hacking they need to extract the data.
The FBI may have said that, but it doesn't really address the issues substantively and I think they said much more: Remember Apple argued that a solution they provided for one phone would be used for others, and a court decision could be precedent for other cases. The FBI disagreed; I don't remember the details of what they said, however.
> these are phones that the government has every right to access if they can find a way
I agree, but that's not the issue here. The issue is the FBI's apparent attempt to deceive the public and the courts.
The FBI said Apple could maintain control over any tools they made. Apple said "oh noes, we can't ever make a master key [but don't look behind the curtain, where you'll find that we have a master key or three, which is why we can make one in the first place]"
Then the FBI found an alternative solution that doesn't require Apple's assistance, making the whole damn conversation moot -- including whether they'd use Apple's hypothetical "master key" on other phones.
Apple did not make their product weaker (We don't know what hole the FBI found, but it might require physical possession of the device, and Apple could fix it tomorrow. Either way, regardless of what flaws exist now, that number wasn't increased). In addition, there was a national conversation (albeit ignored by most) about whether Apple should make their product less secure. A conversation that actually hit some details. John Oliver did a bit on it, I know several other outlets tried to convey something beyond "Terrorists Bad!/Govt Bad!".
That's something I am glad that happened, and something that wouldn't have happened without the discussion you consider "moot". The answer may no longer be important, but the debate was.
Directory Comey very explicitly said that "The San Bernardino litigation isn't about trying to set a precedent or send any kind of message"
https://www.lawfareblog.com/we-could-not-look-survivors-eye-...
We can't seriously be expected to believe that over the next six decades it will come out that all these politicians and law enforcement folk were just, upright, moral citizens, acting in everyones best interests.
What we all knew, and what's leaked in the recent years. The answer is nobody really.
If you mean that because he's FBI Director therefore he's lying, I strongly disagree. Certainly, just like everyone else, FBI Directors don't always tell the truth; the world is much more complicated than that. He is a human being, not a saint or angel, who has dedicated his life to public service and has an extremely high pressure, difficult job. I don't always like what he says but he deserves a little respect.
Lying to the public to accomplish a goal is not admirable in my view; it is contemptible.
It seems clear to me that he lied to Congress but parsed his testimony in a way to provide deniability / accountability. You may choose to admire this but the rest of us don't have to share your view.
I'll side with Socrates and condemn the Sophists.
Given Apple didn't provide a solution, that seems rather moot...
[1] https://en.m.wikipedia.org/wiki/Counterintelligence
Second, are you aware of what I mentioned, or you just whipping around HN expressing your opinion without any effort; if so, that's bit above trolling in my opinion.
Lastly, given your username, if you have any affiliation with the government, law enforcement, etc. - in my opinion that should be disclosed in a comment on related topics.
Obviously, they're an easier target so that's why people are attacking them but, honestly, what did they do other than stand for their (AND OUR) values?
By not building a backdoor, or by not helping at all?
If the latter, I'm not sure I fully agree.
At the end of the day, I personally like our prosecutors having criminals' data, given that there is a court-ordered warrant for it. I'm definitely not for building backdoors, but I'm all for the FBI picking the lock or breaking down the doors if the courts deem it necessary.
So, I think we can be reasonably sure that no info of value will come off that phone. It's possible, but it seems unlikely.
You know, just sample a few and then if nothing comes up, just infer that everything is kosher?
> The FBI has agreed to help prosecutors gain access to an iPhone 6 and an iPod that might hold evidence in an Arkansas murder trial, just days after the agency managed to hack an iPhone linked to the San Bernardino terror attacks, a local prosecutor said Wednesday.
http://www.latimes.com/local/lanow/la-me-ln-arkansas-fbi-pho...
Even Apple does not seem to know what the exploit was, as they are pursuing legal options (or dropping hints to that effect) to compel the FBI to reveal it to them.
Cellebrite describes [1] the solution as working for iOS 8.x on the following devices:
> Cellebrite's unlocking capability supports the following devices: iPhone 4S / 5 / 5C, iPad 2 / 3G / 4G,iPad mini 1G, and iPod touch 5G running iOS 8 ...
[1] http://www.cellebrite.com/Pages/cellebrite-solution-for-lock...
https://news.ycombinator.com/item?id=11387909
http://techcrunch.com/2016/02/25/apple-hires-developer-behin...
So yea, it's an iPhone 6.
http://www.latimes.com/local/lanow/la-me-ln-arkansas-fbi-pho...
Touch ID ends up working like this, where your fingerprint takes the place of that simple passcode. But for people who don't want to use a fingerprint, you're stuck using the same passcode or passphrase for each unlock.
I'm guessing it's been well over 48 hours since the suspect last had access to this phone, so that would no longer apply.
This is a ridiculous game - the government is refusing to disclose exploits they found in our devices with our tax dollars. I can't see this ending well.
[1] https://en.wikipedia.org/wiki/United_States_v._New_York_Tele...
This is history rewriting, the request, in his least dangerous form, was to unlock a single phone from inside Apple labs by Apple people
Source: http://www.zdziarski.com/blog/?p=5645
Safes are drillable, and there may also be "password recovery" services available from the manufacturer.
^^ True, which is why Apple's systems and related security measures will likely never be publicly auditable.
The proposed FBI exploit would unlock any and all iPhones.
I can't see even a speculative 5th amendment argument. If they can crack your phone without your cooperation, how could they possibly be forcing you to incriminate yourself?
This is the protection against search and seizure that you're entitled to within the US:
>The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Or rather, if one of those leads ends up being complicit in the charges, you have to prove as the prosecution how you came to that conclusion. You can't just say "we started investigations, then magic, then we interviewed this guy and figured it out."
Historically, when the FBI or some other organization helps but doesn't want to be named as part of the process (to protect their secret methods of accessing or collecting information), prosecutors will do something called "parallel construction," in which they build an alternative timeline to how they could have come by the information that led to the new interviews.
It's interesting that in this case, with the FBI publicly acting in support, they're giving up the ghost on that and opening themselves to perhaps being called for testimony. I'm curious how they'd use state secrets protections to get around having to explain their process, and whether a local/appellate/superior court justice(s) would allow it.
If you obtain information that is not reliable, you can act on it (and convince judge to give you warrants) just probably not use it in real trial.
I also think it depends if you want more information for the current suspect or you are on a fishing expedition
Failing to propose a believable narrative for each increase in magnitude in the burden of proof may cause the entire case to fail in the US.
If you collect evidence on someone that would ordinarily require probable cause when that person should be enjoying the presumption of innocence, that evidence is inadmissible, as is all investigation that depends on it to proceed.
Parallel construction is taking theatrical steps ex post facto to defraud the courts into believing that evidence is not only admissible at trial, but also a reasonable basis for further investigation. If the FBI performs mass suspicionless surveillance on presumed innocent victims, finds evidence of a crime, then notifies another agency to contrive reasonable suspicion, then probable cause, to uncover the same evidence via a legally plausible narrative, that is kicking civil rights square in the teeth. Furthermore, it encourages otherwise innocent activities to be considered as reasonable suspicion, and promotes aggressive police tactics to manufacture probable cause out of reasonable suspicion, or bully people into providing consent or confessions. You get "judge dog" approving search warrants whenever the K-9 cop signals him to provide probable cause. And it combines with forfeiture to become even worse.
When "accidental discovery" evidence is admissible, that is a significant weakening of the public's protections against government, as it provides additional avenues for parallel construction, such as dropping a smoke bomb through a window and pulling a fire alarm, such that responding fire department personnel can notice "drug paraphernalia" and tip the police, who get a warrant based on the tip and conduct a search for drugs. This encourages obstruction of services to promote public safety, such as disabling alarms or blocking emergency calls. When "clean hands" evidence is admissible, one "dirty hands" cop--or a paid informant--just needs to pretend to be an anonymous member of the public to tip off the "clean hands" cop. My own non-judge opinion is that poisonous fruit is when one law is broken in pursuit of enforcing another, not just when someone's rights are infringed.
Presumption of innocence isn't directly enshrined in the US constitution. Local prosecutors and governments can and do abrogate it.
The SCotUS opinion in Coffin v US stated the following:
Locals can and do get overturned by the federals.They can also get away with doing the exact opposite in their practice, only to be overturned at great personal expense to individuals with few resources.
Even in the case of illegally obtained evidence, there are techniques like parallel construction [1] that they can use to make their cases. They also have the so-called "clean hands" exception, which allows allows the government to introduce evidence into trial that was illegally obtained by a third party when the government did not play any role in obtaining that information [2].
The US legal system was designed to seem exceedingly fair on its surface, while allowing for unconscionable abuses by those skilled in maneuvering through its loopholes.
[1] https://en.wikipedia.org/wiki/Parallel_construction
[2] http://jipel.law.nyu.edu/ledger-vol-1-no-2-2-coffman/
Proving this is very hard though.
You're probably thinking of "inevitable discovery", which says that illegally obtained information can be used anyway if the prosecution can show that they would have obtained it anyway. Parallel construction is something intelligence agencies do in order to hide how they obtained information in the first place (whether legal or otherwise).
I don't see how the prosecution has met the burden of proof, beyond a reasonable doubt, unless they show their work. Otherwise this is way too easy to frame people.
Maybe DNA from blood is a different matter, but when it comes to hair samples I don't think we can trust the FBI.
"The Justice Department and FBI have formally acknowledged that nearly every examiner in an elite FBI forensic unit gave flawed testimony in almost all trials in which they offered evidence against criminal defendants over more than a two-decade period before 2000."[1]
1. https://www.washingtonpost.com/local/crime/fbi-overstated-fo...
You show the recovered key and plaintext and demonstrate that they match the ciphertext.
The chance that several gigabytes of encrypted data accidentally happen to decrypt with wrong key to a different several gigabytes of perfectly valid data is rather slim, which means that any key which produces valid data is the key you are looking for.
[1] https://en.m.wikipedia.org/wiki/Non-repudiation
"Deniable Encryption" is the term.
See Page 12 on advantage of A7 or higher processor, but, in particular:
"On devices with an A7 or later A-series processor, the delays are enforced by the Secure Enclave. If the device is restarted during a timed delay, the delay is still enforced, with the timer starting over for the current period. "
The question still outstanding, is whether the Secure Enclave can be modified, and also, whether it can be modified without a passcode.
Edit: Any device that is nand cloned will not be using apple power anyway. And we have all kinds of low temperature, low voltage bit flip attacks anyway.
https://en.wikipedia.org/wiki/Bit-flipping_attack
Low voltage attacks:
A low-voltage fault attack is a fault attack where the fault is induced by feeding the hardware with a lower-than-normal voltage (in the "smart card" model, the card has its own CPU, RAM and ROM, but the current and clock signals are provided externally, i.e. are under the control of the attacker). For instance, if the card expect 3.3V, you give it only 2V. The real trick here is that the attacker can lower the voltage for only very short durations, a few clock cycles, so as to induce a fault in a specific part of the algorithm execution
We try to get the hardware crazy.
http://security.stackexchange.com/questions/69279/what-actua...
If you read through Apple's security document, you'll see that the Secure Enclave achieves separation from the rest of the system by encrypting everything with keys that can't be replicated on the outside, and by having its own secure boot verification. It's possible that there's some internal storage that they just don't mention, but it doesn't look like the way to bet.
This means that even devices with the Secure Enclave are still vulnerable to flash cloning. You can't understand the contents of the Secure Enclave's stuff, but you can still save and restore them once you desolder the flash.
The attack described in the comment you're replying to won't work, of course. The counter is stored in the flash, so cutting power won't do anything. There was a bug where the OS would report an unlock failure before updating the flash memory, so if you were quick to cut the power you could bypass the counter, but that's been fixed.
What does work (in theory) is to desolder the flash and hook it up so you can save and restore its contents. Then you turn on the phone, try a few passcodes, shut down, restore flash to original state, repeat until success.
Of course, this only works if the passcode is simple enough that a brute force is feasible. You can attack a four-digit passcode in a few days this way. A six-digit passcode would take maybe a year, and proper passphrase would still be completely infeasible.
1. One way would be for the SE to have it's own clock function. 2. The other would be for the SE to send a message to the main CPU and ask the CPU to let it know when x number of seconds has passed.
I believe that second option is more likely because of the way the feature works. On full phone reset it restarts the timeout period rather than continue it from where it was. This could be a feature, of course. But I am guessing that the way it works is that the SE asks the System to tell it when x seconds / min has past and sets a timeoutExpired flag to false. Once it get's the notification that the time has passed, it resets the flag to true.
If above is how it works, than screwing around with the System clock could be effective. If the system relies on system time, then it might be possible to shift the clock by doing adjustment through a fake cell tower. Not sure how effective that would be.
Just some thoughts really. Would be interesting to see if they can unlock the iPhone 6 or not.
It is in Apple's best interest to find out what the exploit is, how long it's been out there, and fix it instead of playing legal games. Such an exploit in the wild is a security concern for every person who owns that phone, not just criminals. There is no telling how many people are out there accessing privileged information in the private and government sectors with that phone. It is a concern covering criminal activity all the way to foreign government spying.
As a bonus, if it's an exploit that's been known from before the FBI's claim that only Apple can help them breach the phone, then we know the FBI was full of it. The FBI has been known to use questionable tactics before and backed out of cases that weren't going their way to avoid revealing those questionable tactics. This whole iPhone thing reeks of this.
Or more likely how to _market_ the next round of phones as being more secure and whether claiming the upgrade is essential for businesses ("our old phones are all broken now, you must upgrade") will lead to a gross increase in profits or not.
* Officially, because presumably it's been going on for a long time but not publicly discussed to the degree that it is being discussed now.
Is it just acceptable at this point to publish AP content with typos?
Would you pay anything at all for online journalism?
Is that legal? Are there issues?
Maybe it's a financial thing? What's the cost of using one of these outside companies like Cellebrite?
I read that there was a chip replication process in play which meant even if the security mechanisms wiped the chip after X attempts you'd just have more chips ready with the same exact image to try, thus negating the issue. That sounds expensive. But I'm not sure. Can a state prosecutor afford that?
And in the end, I might be totally wrong on a ton of this.