FBI can't unlock anything newer than Apple's iPhone 5c, Comey reveals

Posted:
in iPhone edited April 2016
The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday.


The IP Box setup, via MDSec.


Comey told a group of students and educators at Kenyon College in Ohio that his department had "purchased a tool" from a third party to unlock the iPhone in question, according to CNN Money. Though he stopped short of revealing the exact process, he did note that it would not work on more modern handsets.

"This doesn't work on 6S, doesn't work on a 5S, and so we have a tool that works on a narrow slice of phones," Comey said.

Discussing Apple's request that the bureau unveil its method, Comey was noncommittal but said he was worried about losing what little access the bureau does have.

"We tell Apple, then they're going to fix it, then we're back where we started from," he said. "We may end up there, we just haven't decided yet."

Since the FBI revealed its success late last month, most speculation regarding their method has centered around the so-called "IP Box" that first appeared last spring. That tool -- which retails for less than $300 -- latches onto a susceptible iPhone's power circuitry and enters PINs over USB.

When a wrong guess is detected, the tool aggressively cuts power to the iPhone's logic board before the guess is recorded, defeating the 10-try limit.

Apple is believed to have patched this hole in older iPhones with iOS 8.1.1; as the iPhone 5c in question is thought to be running iOS 9, the FBI has either chosen a different method or has purchased the device from a company that has discovered an as-yet unreported flaw in later software.

Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
«1

Comments

  • Reply 1 of 37
    rob53rob53 Posts: 2,011member
    So the market value of 5c's just tanked. Can we trust Comey? Why should we. He's lied the entire time and continues to present the worst side of a secretive and potentially corrupt government organization. I watched Truth 2015 last night, the attack on CBS's 60 Minutes crew (Dan Rather, Mary Mapes), and it's similar to this witch attack on Apple except both Republicans and Democrats are attacking Apple using hearsay and a lack of understanding and fear mongering to get what they want while making Apple look real bad. The FBI will never help Apple or announce what was found (or wasn't) on the phone unless it serves their needs. The fact they haven't said they've found anything worth while tells me there wasn't anything but the FBI needs time to come up with a story to CTA's. I'd like to know if the Israeli company can actually crack anything newer than a 5s. Apple has a presence in Israel and should use pressure to get the Israeli government to force talks between Apple and that company so Apple knows of any vulnerabilities they can find. I'm sure the Israeli's want secure phones as much as US citizens want them.
    calimoreckjony0radarthekat
  • Reply 2 of 37
     ;)  Just mentioned this is the other thread.

    "We tell Apple, then they're going to fix it, then we're back where we started from,". Right back where you started from? You mean back to only being able to unlock older iPhones that don't use a Secure Enclave? Seems like Apple has ALREADY fixed it, starting with the 5S and A7 from several years ago.

    Basically, this is a useless hack.
    magman1979moreckjony0radarthekat
  • Reply 3 of 37
    waterrocketswaterrockets Posts: 1,231member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.
    theothergeoffnolamacguysingularitystevehradarthekat
  • Reply 4 of 37
    mike1mike1 Posts: 1,871member
    rob53 said:
    So the market value of 5c's just tanked. Can we trust Comey? Why should we. He's lied the entire time and continues to present the worst side of a secretive and potentially corrupt government organization. I watched Truth 2015 last night, the attack on CBS's 60 Minutes crew (Dan Rather, Mary Mapes), and it's similar to this witch attack on Apple except both Republicans and Democrats are attacking Apple using hearsay and a lack of understanding and fear mongering to get what they want while making Apple look real bad. The FBI will never help Apple or announce what was found (or wasn't) on the phone unless it serves their needs. The fact they haven't said they've found anything worth while tells me there wasn't anything but the FBI needs time to come up with a story to CTA's. I'd like to know if the Israeli company can actually crack anything newer than a 5s. Apple has a presence in Israel and should use pressure to get the Israeli government to force talks between Apple and that company so Apple knows of any vulnerabilities they can find. I'm sure the Israeli's want secure phones as much as US citizens want them.
    What market value of 5C? it hasn't been sold in almost a year and I doubt anybody thinking of buying a used 5C is going to care much.
    singularityzroger73baconstangyoyo2222stevehmoreckradarthekatjay-t
  • Reply 5 of 37
    dysamoriadysamoria Posts: 2,062member
    Didn't we already know this?
  • Reply 6 of 37
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.

    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    ai46magman1979
  • Reply 7 of 37
    fallenjtfallenjt Posts: 3,976member
    This will set another battle against Apple when the next case when newer iPhone needs to be unlocked. FBI never stops. The good news is White House just withheld  the support for legislature on forcing companies to crack encryptions. Thank you, Obama. Is this the reason why they don't want Obama to have iPhone because they can't monitor what's going on in his phone? LOL.
    edited April 2016 caliai46moreckjes42jay-t
  • Reply 8 of 37
    eideardeideard Posts: 385member
    While this is likely to be true, the FBI lies at least as much as any Confederate candidate for Congress.  If Comey said the sun rises in the East, I'd haul out my compass to check and make sure.
    singularitymoreck
  • Reply 9 of 37
    rob53rob53 Posts: 2,011member
    mike1 said:
    rob53 said:
    So the market value of 5c's just tanked. Can we trust Comey? Why should we. He's lied the entire time and continues to present the worst side of a secretive and potentially corrupt government organization. I watched Truth 2015 last night, the attack on CBS's 60 Minutes crew (Dan Rather, Mary Mapes), and it's similar to this witch attack on Apple except both Republicans and Democrats are attacking Apple using hearsay and a lack of understanding and fear mongering to get what they want while making Apple look real bad. The FBI will never help Apple or announce what was found (or wasn't) on the phone unless it serves their needs. The fact they haven't said they've found anything worth while tells me there wasn't anything but the FBI needs time to come up with a story to CTA's. I'd like to know if the Israeli company can actually crack anything newer than a 5s. Apple has a presence in Israel and should use pressure to get the Israeli government to force talks between Apple and that company so Apple knows of any vulnerabilities they can find. I'm sure the Israeli's want secure phones as much as US citizens want them.
    What market value of 5C? it hasn't been sold in almost a year and I doubt anybody thinking of buying a used 5C is going to care much.
    Used market, like for India.   ;)
  • Reply 10 of 37
    Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
    Unless of course someone discovers a bug in Apple's hardware implementation.  Hardware bugs are reasonably common, and are usually difficult or impossible to patch.  Take, for example DDR4 memory and the "rowhammer" attacks.  DDR3 was known to be vulnerable, and DDR4 was supposed to be "fixed".  Unfortunately, it turns out, not so much.

    If the government were to do a bunch of R&D on the subject, I suspect they would be able to find hardware weaknesses somewhere in newer iPhones.  It's just too complex to not have any.
    mdriftmeyerai46
  • Reply 11 of 37
    calicali Posts: 3,495member
    "We tell Apple, then they're going to fix it"

    Oh Fu** you  comey.
    magman1979
  • Reply 12 of 37
    lkrupplkrupp Posts: 6,957member
    Great marketing tool. Shitcan your 5c and get the SE! Be safe!
    edited April 2016 ai46magman1979radarthekat
  • Reply 13 of 37
    theothergeofftheothergeoff Posts: 2,081member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.
    agreed.   It's generally hypothesized you can rip the memory out of a7 or greater iphone and copy it, and then feed the copies back to the phone, and brute force passwords 8 or 9 times, then repeat the process until you get a working guess (note to self: 8 char alpha/num/special passwords roughly 95^8 passwords to check... conservatively about 800Million years generously assuming 1 minute to guess 8 passwords and then iterate... [if that's not enough add asian and diactritical characters).

    people using 4 char numerics... even 6 character... deserve no privacy;-).
  • Reply 14 of 37
    farmboyfarmboy Posts: 152member
    rob53 said:
    I'd like to know if the Israeli company can actually crack anything newer than a 5s. Apple has a presence in Israel and should use pressure to get the Israeli government to force talks between Apple and that company so Apple knows of any vulnerabilities they can find. I'm sure the Israeli's want secure phones as much as US citizens want them.
    It seems to me that Apple can get all the information they need by going to the same company, give them a 6S and write them a check for $15,000. They either can crack it or they can't, question is answered in a couple of weeks.
    radarthekat
  • Reply 15 of 37
    nolamacguynolamacguy Posts: 4,758member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.

    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    what's wrong about it? the fbi's inability to use their secret technique on anything newer than a 5C does not mean they cannot hack anything newer. it simply means not with *this* technique. that may seem like splitting hairs, but it isn't. it's the art of symantics. 
    redraider11ai46radarthekat
  • Reply 16 of 37
    foggyhillfoggyhill Posts: 4,767member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.
    agreed.   It's generally hypothesized you can rip the memory out of a7 or greater iphone and copy it, and then feed the copies back to the phone, and brute force passwords 8 or 9 times, then repeat the process until you get a working guess (note to self: 8 char alpha/num/special passwords roughly 95^8 passwords to check... conservatively about 800Million years generously assuming 1 minute to guess 8 passwords and then iterate... [if that's not enough add asian and diactritical characters).

    people using 4 char numerics... even 6 character... deserve no privacy;-).
    The counter for A7 and greater phone is in the secure enclave, so the copy in and out won't make a difference and  that wouldn't work. That was likely the way they got to the 5c phone though.
    magman1979
  • Reply 17 of 37
    freerangefreerange Posts: 1,586member
    That's great news! No access!
  • Reply 18 of 37
    mac_128mac_128 Posts: 3,414member
    mike1 said:.
    What market value of 5C? it hasn't been sold in almost a year and I doubt anybody thinking of buying a used 5C is going to care much.
    It was sold up until this past February in India. Who knows what other developing markets it was being sold as new or still is? What better than an entry level phone with the world's best encryption for a terrorist to buy?
    edited April 2016
  • Reply 19 of 37
    mike1mike1 Posts: 1,871member
    rob53 said:
    mike1 said:
    What market value of 5C? it hasn't been sold in almost a year and I doubt anybody thinking of buying a used 5C is going to care much.
    Used market, like for India.   ;)

     Probably will be harder to get used iPhones into India than it would be to bypass the passcode.
    radarthekat
  • Reply 20 of 37
    foggyhillfoggyhill Posts: 4,767member

    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    what's wrong about it? the fbi's inability to use their secret technique on anything newer than a 5C does not mean they cannot hack anything newer. it simply means not with *this* technique. that may seem like splitting hairs, but it isn't. it's the art of symantics. 
    Well, there are ways to hack later phones, but those would be hellish hardware hacks (decapping the enclave!) to get dubious results.

    Only hope is that really the secure enclave itself has a bug, pretty unlikely
     as this component has likely been tested to death (As it is so critical and failure would be very bad for Apple).
    It also has a very narrow precise functionality, which makes testing easier.

    Using even a 6 digit random alpha pin is probably sufficient to stop any FBI hack no matter what it has.
    Anyone caring about security, like a terrorist... Would use at least a 8 alphanum pass code.

    Best way to get the passcode would probably be to have some custom firmware to load before Apple's firmware so you can have people give you the passcode
    Or even just swap out their phone and put your own in and wait for them to enter their passcode into the fake phone! Then just unlike the phone.
    Or just put cameras everywhere and wait for them to not have it, enter into the phone and copy out everything and put it back

    If people are already known, getting info from the phone is easy.


    That's probably why Apple has bought the firmware security firm; it's a slim but existing vulnerability.



    edited April 2016
Sign In or Register to comment.