FBI's iPhone unlock technique could be kept secret by White House review group

Posted:
in General Discussion
The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.




The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.
«13

Comments

  • Reply 1 of 48
    NemWanNemWan Posts: 118member
    The government would protect the most people's security by helping Apple make the iPhone more secure. There is no reason to prevent Apple from fixing this flaw. The knowledge that at least the iPhone 5c can be cracked will deter criminals from using it. If it is left vague that the flaw may affect more iPhones then criminals will avoid the iPhone altogether. iPhone 5c phones already in government custody will not be made inaccessible by Apple's fix.
    redraider11
  • Reply 2 of 48
    I am skeptical of a 'special organization' set up by this White House. The FBI was just asking Apple to perform similar task until they found out a method of their own. The White House criticized Apple for keeping thier stance. Now Apple wants information and all of a sudden there's a 'special organization' to decline their requests. I smell a rat.
    JanNLredraider11jay-tdesignr
  • Reply 3 of 48
    jmey267jmey267 Posts: 57member
    Or maybe they didn't really get into the phone. It seemed like a very short amount of time between the announcement that they found a company to work with to its unlocked 2 days later. Also the day before the FBI was to go into court to argue their case they magically found someone to unlock the phone. I think we will never no the truth about this and just seems like a weird smear campaign against Apple.
    jahbladedesignr
  • Reply 4 of 48
    I know that private companies have been charged under the DMCA when hacking a third party's hardware. I am curious as to whether the FBI hack violates the DMCA.
    jmey267
  • Reply 5 of 48
    ceek74ceek74 Posts: 324member
    They probably took the the phone out of its case and saw the post-it note inside with the password written on it.
    rob53jay-tpscooter63Rayz2016buzdotsfastasleepbestkeptsecret[Deleted User]booboo
  • Reply 6 of 48
    why-why- Posts: 305member
    if apple sues the FBI would that force them to reveal their method?
  • Reply 7 of 48
    It does not matter if the government keeps it a secret. 
     - It's old technology. An iPhone 5c, no Touch ID, totally different security architecture. 
     - The engineers at Apple probably knew how it could be hacked long before the FBI and whoever helped them figured it out. 
  • Reply 8 of 48
    hydrogenhydrogen Posts: 263member
    macbootx said:
    It does not matter if the government keeps it a secret. 
     - It's old technology. An iPhone 5c, no Touch ID, totally different security architecture. 
     - The engineers at Apple probably knew how it could be hacked long before the FBI and whoever helped them figured it out. 
    Sword and shield ....
  • Reply 9 of 48
    mike1mike1 Posts: 2,682member
    sog35 said:
    I'm 100% okay with this.

    If the hacking method involves physical access to the phone.

    If I lose my phone or it gets stolen I can easy do device lock.

    What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.  Those type of hacks can be done on MILLIONS of phones at the same time.  Physical hacking does not bother me because I will KNOW my phone is open to attack and I can do something about it.
    Agreed. And I'm possibly even more concerned that they were trying to compel Apple to create something (special software) that didn't exist.
    ration al
  • Reply 10 of 48
    irelandireland Posts: 17,749member
    sog35 said:

    What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.
    Or by NSA, FBI or CIA. All governments are corrupt. Don't be so naive. By suing Apple your government may as well be suing you.

    http://www.ippnw.de/commonFiles/pdfs/Frieden/Body_Count_first_international_edition_2015_final.pdf


    edited March 2016 redraider11fastasleep
  • Reply 11 of 48
    The NAND Proxy (not Mirror) attack would likely effect older and current iphones in the same way. Apple appears to make preventing a wipe rather easy by storing the essential wipe key on NAND, whose deletion could be easily blocked. Finally it really isn't clear from their documentation if they protect one from conducting a timing attack to cause a passcode counter and delay from being reset while avoiding a while. I described this attack over here: http://deadhacker.com/2016/03/25/the-terrorists-phone/


    edited March 2016
  • Reply 12 of 48
    CMA102DLCMA102DL Posts: 121member
    is it secret because?
    1. The FBI did not unlock the phone, yet they did not want to lose a court case?
    2. Phone got destroyed: someone broke it or bricked it during the extraction process
    3. Phone got stolen
    4. Did unlock it, but found nothing, no cyber pathogen, no dirty pics or relevant notes?
  • Reply 13 of 48
    The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.




    The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

    The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

    Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

    Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.
  • Reply 14 of 48
    iSRSiSRS Posts: 37member
    sog35 said:
    I'm 100% okay with this.

    If the hacking method involves physical access to the phone.

    If I lose my phone or it gets stolen I can easy do device lock.

    What I'm TERRIFIED about is a hack that can be done remotely without me knowing.  Those type of hacks could be used by Russia and China or ISIS.  Those type of hacks can be done on MILLIONS of phones at the same time.  Physical hacking does not bother me because I will KNOW my phone is open to attack and I can do something about it.
    100% on board with this. Apple should be informed if this is a method that is software only, but if it is hardware based, and needing physical access to a device, then Apple just needs to be told "physical access to the device is required" and be good with that.
  • Reply 15 of 48
    Why should the Feds give Apple what Apple wouldn't give the Feds? I doubt they got in the phone but if they did, good for them. Don't tell anyone how you did it.
    singularity
  • Reply 16 of 48
    This morning google news outed an Israeli and Japanese company was named. They have a de-cription computer device that can extract data from any computer source or smart phone. I watched company web site video demo details of this machine. FBI knew all along and uses this machine in investigation. Google quickly remove this news this morning.
  • Reply 17 of 48
    RiderzRiderz Posts: 1member

    First you have to believe they really were successful.

    They will never admit failure- but will brag about successes you have no access to the evidence of truth.

    jfc1138
  • Reply 18 of 48
    postmanpostman Posts: 35member
    The FBI has been demanding collaboration. But 'collaboration' is a two-way street.

    QUESTION: After being lied to by the FBI, and bullied and threatened, and then lied to again all in a big public grandstand – how can the FBI expect Apple, or any tech company to ever trust them again?

    ANSWER: By offering to 'collaborate' and share what they know – regarding how they can now break into their iPhones.

    This "sharing" issue is less about technology and security, and more about the future relationship between law enforcement and tech companies, and getting the public's trust back.
    edited March 2016 pscooter63
  • Reply 19 of 48
    The FBI may be entitled to keep secret the technique it used to break into the iPhone of San Bernardino shooter Syed Farook, as a result of a special White House group designed to review digital security flaws uncovered by federal agencies.




    The group, set up under the Obama administration, is nominally supposed to disclose any vulnerabilities "unless there is a clear national security or law enforcement need," Reuters noted on Thursday, quoting the Office of the Director of National Security. That could allow the FBI's technique to be protected in a review, especially since it might conceivably be applied in other criminal/terrorist investigations. Making it public could let people devise a way of guarding against it.

    The method might also survive review if it demands physical access to a device. If NAND mirroring is being used, as speculated, it poses little threat to Internet security, which is normally the special group's focus.

    Although the FBI might be able to avoid a review entirely if it used a contractor's proprietary technology -- Israel's Cellebrite has been named as an assisting outside party -- the significance of the vulnerability is expected to make it subject to scrutiny.

    Apple repeated its view to Reuters that it would like the government to supply information about its unlock technique. The company might use that information to bolster security in future products, though the Secure Enclave used in devices like the iPhone 6 and 6s already makes Apple's hardware more difficult to hack than Farook's iPhone 5c.
  • Reply 20 of 48
    sfd77sfd77 Posts: 2member
    You mean the IPHONE the FBI unlocked months ago? Americans are just plain STUPID not naive. The real reason the FBI went to court over the San Bernardino IPHONE http://theapplenarrative.simplesite.com/
Sign In or Register to comment.