Part of me thinks this is BS and they never got into the iPhone and withdrew because of all the bad press they were getting.
I suspect you could be right. From the FBI's perspective better to leave the issue unresolved than to go to court and have it resolved in a way the FBI didn't like. If Apple won it would reduce the FBI's options not just with Apple but also with other 'less principled' manufacturers.
On the other hand, the withdrawal also creates the impression Apple's encryption might have been broken. Apple will need to at least be seen to upgrade encryption in iOS9.4 that could deal with the exploit.
The gripping hand is the encryption war goes on forever.
I think this is a real possibility. If the FBI did break the encryption I get them not saying how it was done. However, I will not accept them not saying if anything was found on the phone. They made this public and that is what this was all about "supposedly". All citizens have the right to know if they found anything of value after this whole charade.
Apple has the money to float an anonymous request out in the wild to hire hackers to unlock or extract data from an iPhone. In fact I would be surprised if Apple has not already done this. They could easily know if anyone has been successful in the wild. It would be in Apple's interest to know the state of the art in hacking there OS's. Apple could do it covertly. A dummy corporation which they happen to be very good at setting up. Apple could probably easily outbid the FBI.
"The problem is that without the passcode, it is not even possible to update the software, even for Apple. The phone has to explicitly Trust a connection - and before you trust a connection, it needs to be unlocked.
Secondly, the decryption key is not in the Flash memory, it is in the Processor itself - similar to how Touch ID is stored. So even if you copy the NAND Flash, as a Johns Hopkins security research professor suggested (mirroring), you can't do anything with it.
Thirdly, the way whole disk encryption works in iOS, the Processor needs to allow you access - not the OS. That's the reason even for Apple this is a technical impossibility.
The only approach that will work - and the one that is being tried (sources), is to brute force the fingerprint recognition of TouchID. The only weakness in Apple's armor, is that there is no limit on wrong fingerprint attempts, nor is there is any delay after several unsuccessful attempts.
The FBI has a humongous database of fingerprints, and their Israeli consultants have figured out a way to quickly take a fingerprint image and trick TouchID into believing that it is a valid human finger. This is the reason the FBI doesn't need Apple, but they don't know if and when they can crack TouchID.
This is actually technically a much more complicated process - but there is a problem with TouchID because of why this becomes possible. TouchID cannot obviously be 100% precise - because human fingerprints also get damaged and worn out over time, people position their finger slightly differently each time, etc. Because of this, TouchID actually matches when there is even a somewhat reasonable match!"
Except the 5C in question has neither the Secure Enclave nor the TouchID you're referring to...
There’s only one thing we know for sure about all of this. The FBI wants a backdoor to encryption and have demonstrated that they will use every sleazy trick in the book and then some to get what they want, including repeatedly lying and demonizing a fine upstanding corporation by even enlisting the unwitting help of the uninformed masses through disinformation, fear mongering and demagoguery. All the rest is speculation.
The lies started from the very beginning. We know some of the obvious ones and the documented admissions, that it was ‘just about this phone’ and ‘not asking for a backdoor’ and “need Apple’s help’. From there, we can only speculate that they may have had the information from the get-go through MDM and found what most of us here suspected all along, nothing. The password reset may have been a true incompetent mistake or deliberate sabotage to further their case. They’ve had a solution to this through long-time contractors, using the NAND mirroring technique well-known in security circles, or surprisingly found a fortuitous hack at the midnight hour. They actually hacked the phone or destroyed it in the process. They found nothing and/or will claim national security for not revealing anything.
It is therefore difficult to conclude by their past behaviour that this is the end of it, they’ll be back. We can only hope this will not embolden terrorists for another fiercer attack with the specific new goal this time of terrorizing the same uninformed masses to willingly yield their private security to the FBI and give them a backdoor to all the good peoples’ phone, all the while leaving the FBI to confront a different 3rd party encryption on top of the terrorist phones, ‘carelessly’ left behind at the scene.
The FBI are unscrupulously willing to sacrifice the national, corporate and private security of all of us just to make their job a little easier. I sympathize with them, I want them to have the best tools available under the law, but not at the expense of our security against cyber threats. I understand that policing is hard, but that’s the job. A policeman’s job is only easy in a police state — A line from Orson Welles’sTouch of Evil.
"The problem is that without the passcode, it is not even possible to update the software, even for Apple. The phone has to explicitly Trust a connection - and before you trust a connection, it needs to be unlocked.
Secondly, the decryption key is not in the Flash memory, it is in the Processor itself - similar to how Touch ID is stored. So even if you copy the NAND Flash, as a Johns Hopkins security research professor suggested (mirroring), you can't do anything with it.
Thirdly, the way whole disk encryption works in iOS, the Processor needs to allow you access - not the OS. That's the reason even for Apple this is a technical impossibility.
The only approach that will work - and the one that is being tried (sources), is to brute force the fingerprint recognition of TouchID. The only weakness in Apple's armor, is that there is no limit on wrong fingerprint attempts, nor is there is any delay after several unsuccessful attempts.
The FBI has a humongous database of fingerprints, and their Israeli consultants have figured out a way to quickly take a fingerprint image and trick TouchID into believing that it is a valid human finger. This is the reason the FBI doesn't need Apple, but they don't know if and when they can crack TouchID.
This is actually technically a much more complicated process - but there is a problem with TouchID because of why this becomes possible. TouchID cannot obviously be 100% precise - because human fingerprints also get damaged and worn out over time, people position their finger slightly differently each time, etc. Because of this, TouchID actually matches when there is even a somewhat reasonable match!"
Except the 5C in question has neither the Secure Enclave nor the TouchID you're referring to...
It still uses the phone hardware key as part of the decryption key, the problem in this device is that the retry mechanism, and I believe the filesystem key is not protected in the secure enclave, which means they can get access to the data and brute force the pin by swapping in/out a copy of the memory to try pins on the phone (its a slog but for a short pin it works).
Apple has the money to float an anonymous request out in the wild to hire hackers to unlock or extract data from an iPhone. In fact I would be surprised if Apple has not already done this. They could easily know if anyone has been successful in the wild. It would be in Apple's interest to know the state of the art in hacking there OS's. Apple could do it covertly. A dummy corporation which they happen to be very good at setting up. Apple could probably easily outbid the FBI.
The reason they switched to the secure enclave is likely they KNEW it was possible. The secure enclave makes this attack impossible since the retry count is protected in hardware.
The tactical approach chosen demonstrates that there is someone in the current administration whose has a personal vendetta against Apple that they view as being more important than solving the actual problem at hand.
The author of this article stated that Apple will need to recover from the inevitable PR debacle. I don't think that is going to be a problem. If access to the phone was gained, it likely involved some very sophisticated hardware hack using very sophisticated equipment.
For anyone that thinks is "good news" for Apple, you have it completely backwards. First, the government has complete discretion to extract data from your phone and Apple is powerless to do anything about it. Second, now that the government has succeeded in extracting data, every government on the planet will seek to do the same.
They all do that now. Hackers hack. Apple won't help them hack. People should use complex passcodes to make it take forever to break.
It was done through NAND memory duplication.
Easy way to think about this is like this: Virtual machine, or in this case, vitrual phone. Once they were duplicate the memory, they were able to run a simple password hack algorithm until they got the correct password. When ever the it reach the limit where the content would be deleted. They would just reset the virtual phone and continue right where they left off untill they went through all combinations.
Note this was reported in the news a few days back.
You can't do that BUD, man I'm tired of this shit, there is a god damn hardware Key that can't be copied out that's needed to decrypt, plus the decryption key that comes from the passcode and is built from the hardware key + passcode combination in a programmatic way.
They'd have to decapp the chip to get the key, reverse engineer Apple's code and create the virtual machine and you think they someone did that in a few fracking days? No chance.
They can copy out the memory, but trying the pins has to occur on this phone unless they want to spend a lot of engineering dollars.
If I remember right, the phone was an iPhone 5c which doesn't have the full set of secutiry features available on the newer iPhones. That said, I'm sure there are may viable ways the FBI could get their hands on the necessary information. For one thing, maybe they went to TSMC who produced the chips for apple A5&A6 chips. They could have also went to ChipWorks which already reverse-engineer A6. Why spend the engineering dollars when you can pay those that already do it?
As for de-capping, yes it's expensive but they have the funds and resources to do it (the national debt you see is really a by-product of being the world's currency but that's another conversation).
I don't believe for one second that something is un-crackable. NSA and CIA have been working on cracking every chip on the market for decades, Apple included. If it can be built, it can be de-constructed. In addition, it's not like the chip was built and produced in house, there are external sources involved. It's the very reason classified projects are spread out to so many vendors, so no one company can figure out what's going on. It's funny, people look always hear about the Chinese and Russians doing the hacking but the fact of the matter is, the are just following the US lead.
In this day and age, if it's connected, it is at risk. Only way to not be at risk is to not be connected, and well that ain't happening, unless you are 100% removed from all technology.
It was done through NAND memory duplication.
Easy way to think about this is like this: Virtual machine, or in this case, vitrual phone. Once they were duplicate the memory, they were able to run a simple password hack algorithm until they got the correct password. When ever the it reach the limit where the content would be deleted. They would just reset the virtual phone and continue right where they left off untill they went through all combinations.
Note this was reported in the news a few days back.
You can't do that BUD, man I'm tired of this shit, there is a god damn hardware Key that can't be copied out that's needed to decrypt, plus the decryption key that comes from the passcode and is built from the hardware key + passcode combination in a programmatic way.
They'd have to decapp the chip to get the key, reverse engineer Apple's code and create the virtual machine and you think they someone did that in a few fracking days? No chance.
They can copy out the memory, but trying the pins has to occur on this phone unless they want to spend a lot of engineering dollars.
I agree and on a side note the 15k seem almost suspiciously low even for a few hours of work considering the deal and the partners at hand. Maybe the real work in fact was the process you described and the real bill as well of different scale.
I don't know why but I just had the most curious image come to my head. I imagined I was sitting in an old armchair in a burnt-out shack in some dystopian wasteland watching the news on a rabbit-ear telly and this story came on. "BREAKING NEWS: The iPhone has been cracked by the government"
it is well past midnight, so that might have had something to do with it
I don't know why but I just had the most curious image come to my head. I imagined I was sitting in an old armchair in a burnt-out shack in some dystopian wasteland watching the news on a rabbit-ear telly and this story came on. "BREAKING NEWS: The iPhone has been cracked by the government"
it is well past midnight, so that might have had something to do with it
It is almost midnight here and I am getting sleepy waiting for news of the dormant cyber pathogen. Maybe 2morrow?
Not sure the FBI is being truthful here. If they had broken into the phone then it would make more sense to keep it quiet. Bragging about it will simply make Apple look into fixing it which will make the FBI's job much harder in the future.
Anyone with an itch of common sense would keep such a breakthrough a secret.
And did they inform Apple of the security vulnerability that was used? Probably not, but they should as it could be an issue of national security.
They don't have to tell Apple anything...they tried to work with Apple but, Apple decided to make this something nasty in the media...good luck getting the FBI to work with you after a very public bashing
Well that must be a relief for Apple. The tension this case was causing was palpable on the face of Tim Cook at the keynote for the introduction of the iPhone SE and iPad Pro 9.7".
Comments
There’s only one thing we know for sure about all of this. The FBI wants a backdoor to encryption and have demonstrated that they will use every sleazy trick in the book and then some to get what they want, including repeatedly lying and demonizing a fine upstanding corporation by even enlisting the unwitting help of the uninformed masses through disinformation, fear mongering and demagoguery. All the rest is speculation.
The lies started from the very beginning. We know some of the obvious ones and the documented admissions, that it was ‘just about this phone’ and ‘not asking for a backdoor’ and “need Apple’s help’. From there, we can only speculate that they may have had the information from the get-go through MDM and found what most of us here suspected all along, nothing. The password reset may have been a true incompetent mistake or deliberate sabotage to further their case. They’ve had a solution to this through long-time contractors, using the NAND mirroring technique well-known in security circles, or surprisingly found a fortuitous hack at the midnight hour. They actually hacked the phone or destroyed it in the process. They found nothing and/or will claim national security for not revealing anything.
It is therefore difficult to conclude by their past behaviour that this is the end of it, they’ll be back. We can only hope this will not embolden terrorists for another fiercer attack with the specific new goal this time of terrorizing the same uninformed masses to willingly yield their private security to the FBI and give them a backdoor to all the good peoples’ phone, all the while leaving the FBI to confront a different 3rd party encryption on top of the terrorist phones, ‘carelessly’ left behind at the scene.
The FBI are unscrupulously willing to sacrifice the national, corporate and private security of all of us just to make their job a little easier. I sympathize with them, I want them to have the best tools available under the law, but not at the expense of our security against cyber threats. I understand that policing is hard, but that’s the job. A policeman’s job is only easy in a police state — A line from Orson Welles’s Touch of Evil.
As for de-capping, yes it's expensive but they have the funds and resources to do it (the national debt you see is really a by-product of being the world's currency but that's another conversation).
I don't believe for one second that something is un-crackable. NSA and CIA have been working on cracking every chip on the market for decades, Apple included. If it can be built, it can be de-constructed. In addition, it's not like the chip was built and produced in house, there are external sources involved. It's the very reason classified projects are spread out to so many vendors, so no one company can figure out what's going on. It's funny, people look always hear about the Chinese and Russians doing the hacking but the fact of the matter is, the are just following the US lead.
In this day and age, if it's connected, it is at risk. Only way to not be at risk is to not be connected, and well that ain't happening, unless you are 100% removed from all technology.
it is well past midnight, so that might have had something to do with it
well I believe I'm already in your tomorrow so I can assure you nothing foul is going on here
Not sure the FBI is being truthful here. If they had broken into the phone then it would make more sense to keep it quiet. Bragging about it will simply make Apple look into fixing it which will make the FBI's job much harder in the future.
Anyone with an itch of common sense would keep such a breakthrough a secret.
James? James? Mr. Comey? Is that you?