As FBI's iPhone exploit remains secret, Apple's security operation in transition

Posted:
in General Discussion edited March 2016
Apple got more than it bargained for in its stand against government snooping. With the FBI keeping mum on methods used to extract data from an iPhone tied to last year's San Bernardino terror attack, Apple must patch a security hole it knows nothing about, a task one report suggests is made more difficult by a recent reorganization of its security team.




Citing current and former Apple employees, The New York Times reports the company's security operation has been in a state of transition since late last year. Directly applicable to the Department of Justice case, Dallas DeAtley, one of a handful of managers with experience in handling government requests for iPhone data, changed positions last year.

The report notes Apple previously staffed two security outfits in Core OS Security Engineering and a general product security team, the latter of which was divided into smaller groups responsible for encryption, anonymity and other privacy issues. In addition, the product security team included a reactive force that responded to threats discovered internally and by outside sources, while the so-called "RedTeam" worked proactively to ferret out potential device weaknesses.

According to former employees, the product security arm was divided sometime last year. The personal privacy team was assigned to a new manager, while other units, including the "RedTeam," moved under the Core OS Security Engineering umbrella and its former manager DeAtley.

How the transitionary period affected Apple's ability to discover exploits, issue patches and maintain product security is unknown, though a high rate of turnover is to be expected in high technology. As noted by The Times, security engineers are hot commodities, meaning Apple management likely anticipated a certain rate of attrition.

Apple, like many tech firms, is always on the lookout for fresh blood. The company has in the past poached engineers from rival corporations and is no stranger to making key acquisitions in efforts to stay ahead of the curve. For example, Apple last November hired two firmware security experts who ran "deep system security" startup LegbaCore, who helped develop a proof-of-concept Thunderbolt vulnerability dubbed Thunderstrike 2.

The government on Monday withdrew a California court order compelling Apple's assistance in unlocking an iPhone 5c used by San Bernardino terror suspect Syed Rizwan Farook. Apple resisted DOJ pressure, maintaining throughout that creating a software workaround put millions of iOS devices at risk of intrusion.

Federal prosecutors yesterday said an outside party approached the FBI with a viable data extraction method just days prior to a scheduled evidentiary hearing, rendering the case against Apple moot. An ABC News report on Tuesday cited one law enforcement source as saying the iPhone exploit came to light not despite the very public court case, but because of it.

It is unclear whether or not FBI officials will hand the working vulnerability over to Apple now that target data has been successfully extracted from Farook's iPhone, but chances are slim. A workable exploit -- especially one inaccessible to Apple -- is an invaluable digital forensics tool that might find use in multiple pending cases around the country. Apple a similar request for access in New York, for example.

For security researchers, privacy advocates and Apple, however, the mere existence of a workaround to built-in iOS device protections is a security disaster waiting to happen.
«1

Comments

  • Reply 1 of 37
    misamisa Posts: 827member
    Given how fast this came about, I'm going to say the security company is going to keep it close to their chest because otherwise all the LEO (Law Enforcement Officers) around the world are going to want to know it.
    jbdragon
  • Reply 2 of 37
    eideardeideard Posts: 428member
    After encryption, the best security guarantee is guaranteed self-destruction.

    I believe the Feds - like the NSA/CIA have for years - used hardware intervention to crack the San Bernadino iPhone.  Seems possible to embed command[s] in the cpu, graphics processor, that will detect any attempt to hardwire to internals and generate a commend that destroys significant links that enable further snooping.
    baconstang
  • Reply 3 of 37
    foggyhillfoggyhill Posts: 4,767member
    They probably "patched" it already in the 5s and later phones, since fooling the retry count was the easiest way to get in.

    That's the thing; if it was  5s, Apple could not have done a thing except maybe decap the secure enclave and do some deep shit there.
     If they're willing to do that and spend half million dollar to do it, then it is probably national security and hey let them do it.

    In this case, the 5c, the hack was easier and "only" 15K.

    Any attempt to access the secure enclave should wipe the keys in there; the problem is that this kind of protection would normally make the chip much bigger. Could that fit in 5mm. This thing also has to be robust to not be triggered by accident.


    Mindlos icoco3
  • Reply 4 of 37
    9secondkox29secondkox2 Posts: 2,666member
    I'd read they cloned the memory and basically "built" a new phone. 

    Not sure how anybody can get around that loophole. Unless the data has markets that tie it to chip identifiers. 

    And THAT would be serious biz. 
    gtr
  • Reply 5 of 37
    calicali Posts: 3,494member
    This is GOOD for Apple. No Blackfoot and The fbi needs the physical iPhone to extract your data and this "exploit" only encourages Apple to make iOS even more secure.
    baconstangradster360argonautsteveh
  • Reply 6 of 37
    They lost the phone! There was no phone to "unlock" they did not want to look like idiots again!
    radster360
  • Reply 7 of 37
    baconstangbaconstang Posts: 1,104member
    If the FBI in fact actually got in, what's to keep Apple from hiring Cellebrite, or whomever, to crack one for them?  Or just buy Cellebrite.
    hammerd2
  • Reply 8 of 37
    I just read a headline from the LA Times that said something like, "Apple wants FBI to tell them how they got into the phone." Has Apple gone nuts?
  • Reply 9 of 37
    I just read a headline from the LA Times that said something like, "Apple wants FBI to tell them how they got into the phone." Has Apple gone nuts?
    Don't you just love how media is so good at crafting headlines?
    argonauticoco3lostkiwi
  • Reply 10 of 37
    There is a very real possibility that the FBI did not want this to go to court for fear of a precedent being established that forbade them from forcing companies or persons to what they wanted to force Apple to do. Clearly the political winds and public opinion were against the FBI. So they simply lied, saying they no longer needed Apple's help. That leaves the door open for other court cases.

    If the FBI never is able to use any of the information that they 'retrieved' from the iPhone, then there will be one more reason the doubt the FBI's claims.
    ration al
  • Reply 11 of 37
    Cellebrite (company in Netherlands and Israel) has the expertise and past successes worldwide in unlocking cell phones -- ANY AND ALL CELL PHONES. It is their specialty. They will charge the FBI €1500 for cracking the Apple phone. It is my understanding they have worked together in the past. Apple knows this company has done so in the past, Apple can most certainly unlock their own products, Apple is simply playing games. Anyone with half-a-brain has to know a company is not going to manufacture a cell phone they cannot unlock themselves. This entire grandstanding by the FBI and Apple was/is simply a 'pissing match'. I will add the fact that Cellabrite is the ONLY company in the world who can unlock the Apple product (as well as Apple itself).
    edited March 2016 spacekid
  • Reply 12 of 37
    sog35 said:
     I'm 100% fine with hacks that require physical access to the phone.  
    Same here, especially if the hack also involves expensive hardware. I just didn't want to see them force Apple to create something that put all iPhone users at risk if it were stolen.
    mwhitestevehicoco3baconstangration al
  • Reply 13 of 37
    spacekidspacekid Posts: 183member
    sog35 said:
    Who cares. If someone has possesion of a phone I would just do activation lock.

    what the FBI wanted was a software backdoor.  With a software backdoor you could hacks into a phone thousands of miles away. Russian hackers could hack your phone.  I'm 100% fine with hacks that require physical access to the phone.  
    In this recent case, the FBI did not want a software backdoor. They wanted the 10 time erase option disabled.
    gatorguy
  • Reply 14 of 37
    spacekidspacekid Posts: 183member
    There is a very real possibility that the FBI did not want this to go to court for fear of a precedent being established that forbade them from forcing companies or persons to what they wanted to force Apple to do. Clearly the political winds and public opinion were against the FBI. So they simply lied, saying they no longer needed Apple's help. That leaves the door open for other court cases.

    If the FBI never is able to use any of the information that they 'retrieved' from the iPhone, then there will be one more reason the doubt the FBI's claims.
    There is the more likely possibility that this third party the FBI contracted actually was able to defeat the pass-code delete mechanism.
  • Reply 15 of 37
    Since we're all speculating here, I'll add my speculation: The FBI gave up and invented the "success" story to cover their butts. This wouldn't be the first time. Until I see exactly what they "uncovered", I won't be convinced they succeeded.
    mike1jmoore5196designrpalomineicoco3
  • Reply 16 of 37
    rcfarcfa Posts: 1,124member
    Best way to fix hardware exploits is use bigger SoCs so all relevant components are in the package, and then put some nice black resin over the pins to prevent desoldering.

    if they want to go further they can have tripwires in the SoC case making sure decapping attempts result in data destruction.

    I think people neglect to take the long view on this issue, this isn't about a rather minor terrorist act, it's about what personal computing devices have become: a support organ.
    Frankly it's time to see personal computing devices as brain extension, after all it's just a matter of time until they will become like implants.
    Just as "truth serum" isn't legal in criminal investigations, so forced data extraction out of personal devices should be illegal.
    palomineicoco3
  • Reply 17 of 37
    msuberlymsuberly Posts: 234member
    misa said:
    Given how fast this came about, I'm going to say the security company is going to keep it close to their chest because otherwise all the LEO (Law Enforcement Officers) around the world are going to want to know it.
    Or the security company can sell it to other governments, Apple, or Apple's competitors for a nice profit. 
    steveh
  • Reply 18 of 37
    bobroobobroo Posts: 96member
    Why is it imperative Tim and Jony's Apple patch the code?

    So that they are always at odds with the FBI? So there is always controversy?

    So what if there is a way to unlock an out of date iPhone with more than 10 attempts.
  • Reply 19 of 37
    At the end of the day, we have no proof that the FBI succeeded at anything ... we're put in the rather awkward position of having to take the FBI's word that they did so.

    I'm willing to bet that someone at Justice realized (a) the court case would be lost and (b) some PR damage control was necessary.  Viola!  They invented the story of the hacked iPhone as cover.  And of course, most of us buy it because we still believe whatever the government says is true.
    toysandmepalomineration al
  • Reply 20 of 37
    macarenamacarena Posts: 365member
    It is one thing to hack the 5c. And a totally different problem to hack the 5s and later.

    If you remember the announcement of TouchID, Apple clearly mentioned in the Keynote - that the Fingerprint was stored in a special place in the A7 processor. Not just the Fingerprint, even the decryption keys are stored in the processor.

    Forget Cellebrite, forget the FBI - even Apple cannot unlock a phone that is protected with the approach Apple uses. Even if entire OS is cloned and replaced, even if the entire flash memory is cloned, still the phone cannot be unlocked. If you try 10 times, the processor simply deletes the key from its internal store - and that's it. All data is lost forever.

    So this exploit that the FBI used, is only going to work for 5c and older phones - not for anything that was sold in the last couple of years.
    baconstangration al
Sign In or Register to comment.