FBI's iPhone unlock technique could be kept secret by White House review group

AppleInsider

The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.

The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.

nemwan

The government would protect the most people's security by helping Apple make the iPhone more secure. There is no reason to prevent Apple from fixing this flaw. The knowledge that at least the iPhone 5c can be cracked will deter criminals from using it. If it is left vague that the flaw may affect more iPhones then criminals will avoid the iPhone altogether. iPhone 5c phones already in government custody will not be made inaccessible by Apple's fix.

holysmokes

I am skeptical of a 'special organization' set up by this White House. The FBI was just asking Apple to perform similar task until they found out a method of their own. The White House criticized Apple for keeping thier stance. Now Apple wants information and all of a sudden there's a 'special organization' to decline their requests. I smell a rat.

jmey267

Or maybe they didn't really get into the phone. It seemed like a very short amount of time between the announcement that they found a company to work with to its unlocked 2 days later. Also the day before the FBI was to go into court to argue their case they magically found someone to unlock the phone. I think we will never no the truth about this and just seems like a weird smear campaign against Apple.

chuckls

I know that private companies have been charged under the DMCA when hacking a third party's hardware. I am curious as to whether the FBI hack violates the DMCA.

ceek74

They probably took the the phone out of its case and saw the post-it note inside with the password written on it.

why-

if apple sues the FBI would that force them to reveal their method?

macbootx

It does not matter if the government keeps it a secret. 
 - It's old technology. An iPhone 5c, no Touch ID, totally different security architecture. 
 - The engineers at Apple probably knew how it could be hacked long before the FBI and whoever helped them figured it out. 

hydrogen

macbootx said:

It does not matter if the government keeps it a secret. 
 - It's old technology. An iPhone 5c, no Touch ID, totally different security architecture. 
 - The engineers at Apple probably knew how it could be hacked long before the FBI and whoever helped them figured it out. 

Sword and shield ....

mike1

sog35 said:

I'm 100% okay with this.

If the hacking method involves physical access to the phone.

If I lose my phone or it gets stolen I can easy do device lock.

What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.  Those type of hacks can be done on MILLIONS of phones at the same time.  Physical hacking does not bother me because I will KNOW my phone is open to attack and I can do something about it.

Agreed. And I'm possibly even more concerned that they were trying to compel Apple to create something (special software) that didn't exist.

ireland

sog35 said:

What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.

Or by NSA, FBI or CIA. All governments are corrupt. Don't be so naive. By suing Apple your government may as well be suing you.

http://www.ippnw.de/commonFiles/pdfs/Frieden/Body_Count_first_international_edition_2015_final.pdf

edited March 2016

cyphunk

The NAND Proxy (not Mirror) attack would likely effect older and current iphones in the same way. Apple appears to make preventing a wipe rather easy by storing the essential wipe key on NAND, whose deletion could be easily blocked. Finally it really isn't clear from their documentation if they protect one from conducting a timing attack to cause a passcode counter and delay from being reset while avoiding a while. I described this attack over here: http://deadhacker.com/2016/03/25/the-terrorists-phone/

edited March 2016

cma102dl

is it secret because?
1. The FBI did not unlock the phone, yet they did not want to lose a court case?
2. Phone got destroyed: someone broke it or bricked it during the extraction process
3. Phone got stolen
4. Did unlock it, but found nothing, no cyber pathogen, no dirty pics or relevant notes?

bandersson

AppleInsider said:

The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.

The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.

isrs

sog35 said:

I'm 100% okay with this.

If the hacking method involves physical access to the phone.

If I lose my phone or it gets stolen I can easy do device lock.

What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.  Those type of hacks can be done on MILLIONS of phones at the same time.  Physical hacking does not bother me because I will KNOW my phone is open to attack and I can do something about it.

100% on board with this. Apple should be informed if this is a method that is software only, but if it is hardware based, and needing physical access to a device, then Apple just needs to be told "physical access to the device is required" and be good with that.

mattsht

Why should the Feds give Apple what Apple wouldn't give the Feds? I doubt they got in the phone but if they did, good for them. Don't tell anyone how you did it.

bandersson

This morning google news outed an Israeli and Japanese company was named. They have a de-cription computer device that can extract data from any computer source or smart phone. I watched company web site video demo details of this machine. FBI knew all along and uses this machine in investigation. Google quickly remove this news this morning.

riderz

First you have to believe they really were successful.

They will never admit failure- but will brag about successes you have no access to the evidence of truth.

postman

The FBI has been demanding collaboration. But 'collaboration' is a two-way street.

QUESTION: After being lied to by the FBI, and bullied and threatened, and then lied to again all in a big public grandstand – how can the FBI expect Apple, or any tech company to ever trust them again?

ANSWER: By offering to 'collaborate' and share what they know – regarding how they can now break into their iPhones.

This "sharing" issue is less about technology and security, and more about the future relationship between law enforcement and tech companies, and getting the public's trust back.

edited March 2016

bandersson

AppleInsider said:

The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.

The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.

sfd77

You mean the IPHONE the FBI unlocked months ago? Americans are just plain STUPID not naive. The real reason the FBI went to court over the San Bernardino IPHONE http://theapplenarrative.simplesite.com/