Boston judge orders Apple help FBI access iPhone 6, falls short of forcing decryption
Recently unsealed court documents show Apple in February was ordered to assist the FBI in accessing an iPhone tied to a Boston court case, but the government has seemingly abandoned its pursuit as the ruling fell short of forcing Apple to bypass its own security.
In the Massachusetts case, the FBI pursued an All Writs Act motion to compel Apple to extract data from an iPhone 6 belonging to alleged Columbia Point Dawgz gang member Desmond Crawford, reports Motherboard. While Federal Magistrate Judge Marianne Bowler ordered the company to comply, the ruling's language precludes Apple from bypassing the phone's encryption, a decision that reportedly prompted government officials to put the case on hold, the report said.
"Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement, and/or providing the FBI with the suspect Personal Identification Number (P.I.N.) or Personal Unlock Code (P.U.K.) so that access can be gained to the Target Telephone 1 for this search," the order reads.
Bowler goes on to say that Apple must provide FBI agents with any data extracted data from Crawford's device. However, if said data is encrypted, which it most certainly is, Apple "is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data."
The case specifics were revealed on Friday after court documents were unsealed in response to an FOIA request from the American Civil Liberties Union.
As noted by Motherboard, Bowler's stipulation regarding encrypted data handling makes the order functionally useless for government officials attempting to thwart Apple's safeguards.
Apple's security system encrypts data with a secret key known only to the user, and without the appropriate passcode, device data cannot be decrypted. To prevent brute force attacks, Apple implemented a passcode counter which, if so configured, destroys the stored key after ten unsuccessful unlock attempts, leaving on-device data unsalvageable. Further complicating the process is a Secure Enclave that comes embedded into all Apple A-series processors. Debuted with the A7, which powered iPhone 5s, Secure Enclave technology offers an added hardware level layer of protection against hacks.
Despite of the order's favorable language -- Apple is not being forced to decrypt Crawford's data -- the company filed in opposition in February. The government has not responded to Apple's filing.
Whereas federal prosecutors in the recent San Bernardino iPhone case were backed by an order to compel Apple's assistance in creating a software workaround to its own encryption technology, the government appears to have hit a dead end in the Boston case. If it proceeds, however, the case might shed light on the FBI's working iPhone 5c-and-older exploit, presented by an outside party to extract data from a device used by San Bernardino terror suspect Syed Rizwan Farook.
Perhaps more importantly, the Boston case involved an iPhone 6, a smartphone model Apple still sells today. The device is thought to be running iOS 9.1 that, while not Apple's latest version, is a thoroughly modern operating system. One of Apple's main contentions against being forced to create an iPhone workaround is that the exploit's mere existence weakens platform security, putting other users at risk. The Boston action, therefore, specifically targeted a device much more applicable to Apple's core user base than the relatively niche iPhone 5c targeted in San Bernardino.
In the Massachusetts case, the FBI pursued an All Writs Act motion to compel Apple to extract data from an iPhone 6 belonging to alleged Columbia Point Dawgz gang member Desmond Crawford, reports Motherboard. While Federal Magistrate Judge Marianne Bowler ordered the company to comply, the ruling's language precludes Apple from bypassing the phone's encryption, a decision that reportedly prompted government officials to put the case on hold, the report said.
"Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement, and/or providing the FBI with the suspect Personal Identification Number (P.I.N.) or Personal Unlock Code (P.U.K.) so that access can be gained to the Target Telephone 1 for this search," the order reads.
Bowler goes on to say that Apple must provide FBI agents with any data extracted data from Crawford's device. However, if said data is encrypted, which it most certainly is, Apple "is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data."
The case specifics were revealed on Friday after court documents were unsealed in response to an FOIA request from the American Civil Liberties Union.
As noted by Motherboard, Bowler's stipulation regarding encrypted data handling makes the order functionally useless for government officials attempting to thwart Apple's safeguards.
Apple's security system encrypts data with a secret key known only to the user, and without the appropriate passcode, device data cannot be decrypted. To prevent brute force attacks, Apple implemented a passcode counter which, if so configured, destroys the stored key after ten unsuccessful unlock attempts, leaving on-device data unsalvageable. Further complicating the process is a Secure Enclave that comes embedded into all Apple A-series processors. Debuted with the A7, which powered iPhone 5s, Secure Enclave technology offers an added hardware level layer of protection against hacks.
Despite of the order's favorable language -- Apple is not being forced to decrypt Crawford's data -- the company filed in opposition in February. The government has not responded to Apple's filing.
Whereas federal prosecutors in the recent San Bernardino iPhone case were backed by an order to compel Apple's assistance in creating a software workaround to its own encryption technology, the government appears to have hit a dead end in the Boston case. If it proceeds, however, the case might shed light on the FBI's working iPhone 5c-and-older exploit, presented by an outside party to extract data from a device used by San Bernardino terror suspect Syed Rizwan Farook.
Perhaps more importantly, the Boston case involved an iPhone 6, a smartphone model Apple still sells today. The device is thought to be running iOS 9.1 that, while not Apple's latest version, is a thoroughly modern operating system. One of Apple's main contentions against being forced to create an iPhone workaround is that the exploit's mere existence weakens platform security, putting other users at risk. The Boston action, therefore, specifically targeted a device much more applicable to Apple's core user base than the relatively niche iPhone 5c targeted in San Bernardino.
Comments
Can they do miracles?
If they want the enclave decapped and the hardware enforced counter blocked in some weird ass way that may destroy the key , they can go to Israel and pay 1M dollars to do so and take their chances.
The FBI is run by dangerous clowns.
That is the easy part.
The hard part is actually decrypting the data. This may take 200 years.
Obviously, the FBI did not bother to ask the NSA for help. You bet the NSA has computers that can decrypt the data in 50 years.
I'm not going to do it, I just want to know whether Apple can even help and if they can't, then they need to tell the judge to go fly a kite or something along those lines.
edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it.
+1 to the kite part.
The FBI has access to the data that the iPhone will use to restore the data after a Restore. I believe it's the last back up stored in the iCloud and is un-encrypted while in Apple's server. Apple will turn that over to the FBI with a proper search warrant. Providing the back up feature was activated in the iPhone, before the Restore. As for a back up file in your computer with iTunes, that file can also be encrypted when the file is created and would need a password before being restored to an iPhone. That plus the whole HD in the computer can also be encrypted. In fact, the iTunes library used to back up an iPhone can exist in a thumb drive, that is also encrypted. Thus easy to hide from the FBI or easily destroyed. (I'm assuming that the back up file of an iPhone is stored within the iTunes library and not somewhere else on the computer.)
The FBI had to go great lengths to open up an OLD device. Now a federal judge has restarted the battle once more because the technique doesn’t work on newer iOS devices. So tell me what that says about the so-called tech gods who post on forums like this one? And I’m betting it isn’t that easy to get into Android devices either.
And the bullshit continues full swing in this thread.
Does anyone know how to get data off of a locked iPhone. I don't care if it's encrypted or how long it will take. Can it be done? Have you seen it done? This is what the judge is demanding and I don't believe Apple can do it, which is fine with me.
and well, rife with unpatched exploit. Also, since it has run on general hardware, unless Google works with OEM, there can't be the equivalent to the enclave and if there was, it would only apply to the top end devices anyway.
So, yep, Android is a mess from a security standpoint and quite easy to get in unless you have 2015-2016 encrypted Nexus on the latest software.
Myself, I think that if you throw enough money at it, you can probably get in (even with the enclave) IF THE PASSCODE IS SHORT AND NOT ALPHANUMERIC.
If either of these things are true, you can't get in (and getting the encrypted data won't help you unless you have a million year to kill), no matter what the FBI wants.
With touch ID the probability of people using the long passcodes increases, which makes the whole discussion mute anyway.
Only forcing Apple to cripple its hardware or software (with a law) can do anything to allow the government to ever again have unfettered access.
The consequences of that, and what Apple would do to counter that, is what the whole hubub was all about.
So, they can't even get to the original data protected by the passcode + hw device key, without breaching the enclave to get the file system key back).
The FBI is truly starting to be more and more in the dark.
http://www.npr.org/sections/alltechconsidered/2016/03/23/470573608/the-apple-fbi-whodunit-whos-helping-the-feds-crack-the-locked-iphone
The Touch ID sensor talks directly to the Secure Enclave. The Secure Enclave is a separate processor inside the phone, that does not run iOS, it runs a different operating system using the L3 Kernel. The L3 kernel was developed at University of New South Wales in Australia, and is one of a very few kernels to have undergone verification to a level where it has been mathematically proven to be bug-free. This is extremely unusual and very rare. Because of this it is a very simple kernel, and whilst its not powerful enough to run the entire phone, it is complex enough to do a few important things - encrypt data, generate (very) random numbers and manage cryptographic keys.
The Secure Enclave is cryptographically paired with the TouchID sensor in the device at time of manufacture, and Apple does not know what this 256 bit key is. This prevents an attacker from swapping out the TouchID sensor for a bogus one that presents to be the real finger.
The Secure Enclave also does not trust the A-series Application Processor that actually runs iOS, until the user has entered the device passcode. Why ? Because it is the Secure Enclave basically acts as a bouncer at the door , to the club where all the cryptographic keys are partying, and it never lets iOS in. I guess Jony Ive didn't make its UI cool enough. However, it WILL pass notes to the cryptographic keys on behalf of iOS.
So when a user types a passcode, iOS doesn't work out if its valid or not, it has to ask Secure Enclave if its valid or not, the SE just says "yes" or "no", or in some cases iOS passes it what it thinks are the keys, and if the keys are valid, the SE hands back the decrypted object.
Amongst other things, what that means is that the Secure Enclave can make up its own rules as to when it trusts iOS and TouchID or not.
- 48 hours elapses without unlocking the phone ? Stop trusting Touch ID and iOS, and require the passcode to be re-entered
- Reboot the Phone ? Stop trusting TouchID and iOS and require the passcode to be re-entered
- 3 incorrect Fingerprint reads ? Stop trusting TouchID and require the passcode to be re-entered
All of this is explained here: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
What Apple has done is not perfect, but it sets a very high standard compared to the industry as a whole.
So if you arrest someone with a TouchID capable device, and you want to unlock it, if they reboot the phone, then the passcode is the only way to unlock it. If they don't reboot the phone, you have less than 48 hours to use their fingerprint to unlock it, after which the passcode is the only way to unlock it.
Or you can be smart, and understand human behaviour, like the British police, and side step the whole issue that US law enforcement has run into with its heavy handed approach, and seize the phone while its unlocked :
http://www.businessinsider.com.au/cops-seized-terror-suspect-junead-khan-iphone-going-undercover-encryption-britain-2016-4?r=UK&IR=T
What you are missing is that all that talk about how easy it is to defeat TouchID with fancy printers and lifted finger prints is total bullshit. The current battle between Apple and the FBI has laid bare all the crap being put out there by posers claiming to have ways into any device. Where the rubber hits the road they fail. It’s all talk and no substance.
99.999% of ‘jailbreakers’ are clueless posers who talk the talk but can’t walk the walk.