Boston judge orders Apple help FBI access iPhone 6, falls short of forcing decryption

Posted:
in General Discussion edited April 2016
Recently unsealed court documents show Apple in February was ordered to assist the FBI in accessing an iPhone tied to a Boston court case, but the government has seemingly abandoned its pursuit as the ruling fell short of forcing Apple to bypass its own security.




In the Massachusetts case, the FBI pursued an All Writs Act motion to compel Apple to extract data from an iPhone 6 belonging to alleged Columbia Point Dawgz gang member Desmond Crawford, reports Motherboard. While Federal Magistrate Judge Marianne Bowler ordered the company to comply, the ruling's language precludes Apple from bypassing the phone's encryption, a decision that reportedly prompted government officials to put the case on hold, the report said.

"Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement, and/or providing the FBI with the suspect Personal Identification Number (P.I.N.) or Personal Unlock Code (P.U.K.) so that access can be gained to the Target Telephone 1 for this search," the order reads.

Bowler goes on to say that Apple must provide FBI agents with any data extracted data from Crawford's device. However, if said data is encrypted, which it most certainly is, Apple "is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data."

The case specifics were revealed on Friday after court documents were unsealed in response to an FOIA request from the American Civil Liberties Union.

As noted by Motherboard, Bowler's stipulation regarding encrypted data handling makes the order functionally useless for government officials attempting to thwart Apple's safeguards.

Apple's security system encrypts data with a secret key known only to the user, and without the appropriate passcode, device data cannot be decrypted. To prevent brute force attacks, Apple implemented a passcode counter which, if so configured, destroys the stored key after ten unsuccessful unlock attempts, leaving on-device data unsalvageable. Further complicating the process is a Secure Enclave that comes embedded into all Apple A-series processors. Debuted with the A7, which powered iPhone 5s, Secure Enclave technology offers an added hardware level layer of protection against hacks.

Despite of the order's favorable language -- Apple is not being forced to decrypt Crawford's data -- the company filed in opposition in February. The government has not responded to Apple's filing.

Whereas federal prosecutors in the recent San Bernardino iPhone case were backed by an order to compel Apple's assistance in creating a software workaround to its own encryption technology, the government appears to have hit a dead end in the Boston case. If it proceeds, however, the case might shed light on the FBI's working iPhone 5c-and-older exploit, presented by an outside party to extract data from a device used by San Bernardino terror suspect Syed Rizwan Farook.

Perhaps more importantly, the Boston case involved an iPhone 6, a smartphone model Apple still sells today. The device is thought to be running iOS 9.1 that, while not Apple's latest version, is a thoroughly modern operating system. One of Apple's main contentions against being forced to create an iPhone workaround is that the exploit's mere existence weakens platform security, putting other users at risk. The Boston action, therefore, specifically targeted a device much more applicable to Apple's core user base than the relatively niche iPhone 5c targeted in San Bernardino.
«1

Comments

  • Reply 1 of 22
    tallest skiltallest skil Posts: 43,399member
    Such reasonable technical assistance consists of, to the extent possible...
    Since he didn’t say they have to break the encryption, Apple just has to offer them coffee and doughnuts.
    designrredraider11hodarmagman1979palomine
  • Reply 2 of 22
    foggyhillfoggyhill Posts: 4,767member
    What on earth does that even mean, help the FBI..
    Can they do miracles?
    If they want the enclave decapped and the hardware enforced counter blocked in some weird ass way that may destroy the key , they can go to Israel and pay 1M dollars to do so and take their chances.

    The FBI is run by dangerous clowns.

    designrradarthekatpropodnolamacguy
  • Reply 3 of 22
    rob53rob53 Posts: 2,007member
    The judge wants Apple to get data out of the phone. All you jailbreakers out there, is this even possible without wiping the iPhone? Is there any way to plug an iPhone into a computer and make an image of the complete flash drive? I'm asking because I don't think so but I'm not sure if the jailbreakers can do this.
  • Reply 4 of 22
    designrdesignr Posts: 464member
    Such reasonable technical assistance consists of, to the extent possible...
    Since he didn’t say they have to break the encryption, Apple just has to offer them coffee and doughnuts.
     :D 
  • Reply 5 of 22
    tallest skiltallest skil Posts: 43,399member
    rob53 said:
    The judge wants Apple to get data out of the phone. All you jailbreakers out there, is this even possible without wiping the iPhone?
    Haven’t there been soft jailbreaks that don’t even require reboots? Those you can’t reboot because it wipes them... Been forever since I paid attention to that scene.
  • Reply 6 of 22
    rob53 said:
    The judge wants Apple to get data out of the phone. All you jailbreakers out there, is this even possible without wiping the iPhone? Is there any way to plug an iPhone into a computer and make an image of the complete flash drive? I'm asking because I don't think so but I'm not sure if the jailbreakers can do this.
    Sure you can get a copy of the encrypted data onto an external hard drive.

    That is the easy part.

    The hard part is actually decrypting the data.  This may take 200 years.

    Obviously, the FBI did not bother to ask the NSA for help.  You bet the NSA has computers that can decrypt the data in 50 years. 
    palomine
  • Reply 7 of 22
    CMA102DLCMA102DL Posts: 121member
    What is the FBI looking for exactly? leprechauns, unicorns, cyber pathogens and dick pics? Stingrays and phone metadata ain't enough? Humm. Apparently for the NSA phone metadata was more than enough. Is the FBI seriously willing to go through another fight with Apple just to get encrypted data that they can't decrypt? Fkn FBI. This is what your taxes are paying for.

    edited April 2016
  • Reply 8 of 22
    decrypting the hard disk via brute force will take more then 200 years. try a 6.22 thousand trillion trillion trillion centuries!! that is why they want access to the passcodes. the key has 115,792,089,237 ,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 possible combinations.
    edited April 2016 mac_dogjbdragonrevenant
  • Reply 9 of 22
    rob53rob53 Posts: 2,007member
    rob53 said:
    The judge wants Apple to get data out of the phone. All you jailbreakers out there, is this even possible without wiping the iPhone? Is there any way to plug an iPhone into a computer and make an image of the complete flash drive? I'm asking because I don't think so but I'm not sure if the jailbreakers can do this.
    Sure you can get a copy of the encrypted data onto an external hard drive.

    That is the easy part.

    The hard part is actually decrypting the data.  This may take 200 years.

    Obviously, the FBI did not bother to ask the NSA for help.  You bet the NSA has computers that can decrypt the data in 50 years. 
    How do you copy the data onto an external drive? The judge isn't worried about the decrypting part, only getting the data to the FBI. I want to know if that's even possible. I'd like specifics, not hearsay. 

    I'm not going to do it, I just want to know whether Apple can even help and if they can't, then they need to tell the judge to go fly a kite or something along those lines.

    edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process  causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it. 
    edited April 2016
  • Reply 10 of 22
    CMA102DLCMA102DL Posts: 121member
    rob53 said:
    edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process  causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it. 
    the FBI is just lazy. They want everything handed down to them on a silver platter. The FBI admits that they were forced to unlock the San Bernardino without Apple's help because of public opinion and all the bad publicity. Otherwise, they would have arm twisted Apple. Apparently the FBI cares about public opinion.
    edited April 2016
  • Reply 11 of 22
    wonkothesanewonkothesane Posts: 1,344member
    rob53 said:
    Sure you can get a copy of the encrypted data onto an external hard drive.

    That is the easy part.

    The hard part is actually decrypting the data.  This may take 200 years.

    Obviously, the FBI did not bother to ask the NSA for help.  You bet the NSA has computers that can decrypt the data in 50 years. 
    How do you copy the data onto an external drive? The judge isn't worried about the decrypting part, only getting the data to the FBI. I want to know if that's even possible. I'd like specifics, not hearsay. 

    I'm not going to do it, I just want to know whether Apple can even help and if they can't, then they need to tell the judge to go fly a kite or something along those lines.

    edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process  causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it. 
    Interesting. I haven't tried this and before your post did not know about this. At first glance I'd call bs. Fifty bucks getting you afull workaround to Apple's security measures? Sounds fishy to me. 

    +1 to the kite part. 
  • Reply 12 of 22
    davidwdavidw Posts: 950member
    rob53 said:
    Sure you can get a copy of the encrypted data onto an external hard drive.

    That is the easy part.

    The hard part is actually decrypting the data.  This may take 200 years.

    Obviously, the FBI did not bother to ask the NSA for help.  You bet the NSA has computers that can decrypt the data in 50 years. 
    How do you copy the data onto an external drive? The judge isn't worried about the decrypting part, only getting the data to the FBI. I want to know if that's even possible. I'd like specifics, not hearsay. 

    I'm not going to do it, I just want to know whether Apple can even help and if they can't, then they need to tell the judge to go fly a kite or something along those lines.

    edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process  causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it. 
    From what I understand, from people posting here that are more informed than me, the data can not be un-encrypted outside the iPhone by just using the passcode because part of the encryption key is created by using the serial number inside the secured enclave of the CPU. A serial number that Apple has no record of and can not be read if the iPhone is locked. It is read when the proper passcode is entered or on boot up.  And from what I gathered, if the secure enclave is tampered with, like in an attempt to access this serial number, the data is loss. So the data in an external HD would not have access to this part of the key, even if the correct passcode was entered, the data would remain encrypted.   


    The FBI has access to the data that the iPhone will use to restore the data after a Restore. I believe it's the last back up stored in the iCloud and is un-encrypted while in Apple's server. Apple will turn that over to the FBI with a proper search warrant.  Providing the back up feature was activated in the iPhone, before the Restore. As for a back up file in your computer with iTunes, that file can also be encrypted when the file is created and would need a password before being restored to an iPhone. That plus the whole HD in the computer can also be encrypted. In fact, the iTunes library used to back up an iPhone can exist in a thumb drive, that is also encrypted. Thus easy to hide from the FBI or easily destroyed. (I'm assuming that the back up file of an iPhone is stored within the iTunes library and not somewhere else on the computer.) 

  • Reply 13 of 22
    lkrupplkrupp Posts: 6,789member
    All of those videos on YouTube ‘proving’ how easy it is to unlock an iPhone with a few magical button pushes and finger swipes. All of the faux techies spewing advice on how to extract and read chips, bypass locks and the secure enclave. Remember all the pontificating about how ‘easy’ it is to defeat TouchID? Turns out they are all poser fools, no nothings whose egos outstrip their abilities by a mile. You’ve all been exposed for what you are, techie wannabes. 

    The FBI had to go great lengths to open up an OLD device. Now a federal judge has restarted the battle once more because the technique doesn’t work on newer iOS devices. So tell me what that says about the so-called tech gods who post on forums like this one? And I’m betting it isn’t that easy to get into Android devices either.

    And the bullshit continues full swing in this thread.
    edited April 2016 loquiturjbdragonmagman1979
  • Reply 14 of 22
    rob53rob53 Posts: 2,007member
    davidw said:
    rob53 said:
    How do you copy the data onto an external drive? The judge isn't worried about the decrypting part, only getting the data to the FBI. I want to know if that's even possible. I'd like specifics, not hearsay. 

    I'm not going to do it, I just want to know whether Apple can even help and if they can't, then they need to tell the judge to go fly a kite or something along those lines.

    edited: found this website, http://www.any-data-recovery.com/tips/iphone/iphone-is-locked.html, which says you can/might be able to get into a locked iPhone 6. The process  causes total data loss but then you use an iPhone data recovery app to get everything back. Has anyone tried this? If it's that easy, then the FBI should have been able to find this technique and try it. 
    From what I understand, from people posting here that are more informed than me, the data can not be un-encrypted outside the iPhone by just using the passcode because part of the encryption key is created by using the serial number inside the secured enclave of the CPU. A serial number that Apple has no record of and can not be read if the iPhone is locked. It is read when the proper passcode is entered or on boot up.  And from what I gathered, if the secure enclave is tampered with, like in an attempt to access this serial number, the data is loss. So the data in an external HD would not have access to this part of the key, even if the correct passcode was entered, the data would remain encrypted.   


    The FBI has access to the data that the iPhone will use to restore the data after a Restore. I believe it's the last back up stored in the iCloud and is un-encrypted while in Apple's server. Apple will turn that over to the FBI with a proper search warrant.  Providing the back up feature was activated in the iPhone, before the Restore. As for a back up file in your computer with iTunes, that file can also be encrypted when the file is created and would need a password before being restored to an iPhone. That plus the whole HD in the computer can also be encrypted. In fact, the iTunes library used to back up an iPhone can exist in a thumb drive, that is also encrypted. Thus easy to hide from the FBI or easily destroyed. (I'm assuming that the back up file of an iPhone is stored within the iTunes library and not somewhere else on the computer.) 

    I understand all of this but that's not my question. I'll ask it again.

    Does anyone know how to get data off of a locked iPhone. I don't care if it's encrypted or how long it will take. Can it be done? Have you seen it done? This is what the judge is demanding and I don't believe Apple can do it, which is fine with me.
  • Reply 15 of 22
    foggyhillfoggyhill Posts: 4,767member
    lkrupp said:
    All of those videos on YouTube ‘proving’ how easy it is to unlock an iPhone with a few magical button pushes and finger swipes. All of the faux techies spewing advice on how to extract and read chips, bypass locks and the secure enclave. Remember all the pontificating about how ‘easy’ it is to defeat TouchID? Turns out they are all poser fools, no nothings whose egos outstrip their abilities by a mile. You’ve all been exposed for what you are, techie wannabes. 

    The FBI had to go great lengths to open up an OLD device. Now a federal judge has restarted the battle once more because the technique doesn’t work on newer iOS devices. So tell me what that says about the so-called tech gods who post on forums like this one? And I’m betting it isn’t that easy to get into Android devices either.

    And the bullshit continues full swing in this thread.
    Most Android are not encrypted, because of device limitations and the way Android was handling it, 
    and well, rife with unpatched exploit. Also, since it has run on general hardware, unless Google works with OEM, there can't be the equivalent to the enclave and if there was, it would only apply to the top end devices anyway.

    So, yep, Android is a mess from a security standpoint and quite easy to get in unless you have 2015-2016 encrypted Nexus on the latest software.

    Myself, I think that if you throw enough money at it, you can probably get in (even with the enclave) IF THE PASSCODE IS SHORT AND NOT ALPHANUMERIC.
    If either of these things are true, you can't get in (and getting the encrypted data won't help you unless you have a million year to kill), no matter what the FBI wants.

    With touch ID the probability of people using the long passcodes increases, which makes the whole discussion mute anyway.

    Only forcing Apple to cripple its hardware or software (with a law) can do anything to allow the government to ever again have unfettered access.

    The consequences of that, and what Apple would do to counter that, is what the whole hubub was all about.
    edited April 2016
  • Reply 16 of 22
    foggyhillfoggyhill Posts: 4,767member
    rob53 said:
    davidw said:
    From what I understand, from people posting here that are more informed than me, the data can not be un-encrypted outside the iPhone by just using the passcode because part of the encryption key is created by using the serial number inside the secured enclave of the CPU. A serial number that Apple has no record of and can not be read if the iPhone is locked. It is read when the proper passcode is entered or on boot up.  And from what I gathered, if the secure enclave is tampered with, like in an attempt to access this serial number, the data is loss. So the data in an external HD would not have access to this part of the key, even if the correct passcode was entered, the data would remain encrypted.   


    The FBI has access to the data that the iPhone will use to restore the data after a Restore. I believe it's the last back up stored in the iCloud and is un-encrypted while in Apple's server. Apple will turn that over to the FBI with a proper search warrant.  Providing the back up feature was activated in the iPhone, before the Restore. As for a back up file in your computer with iTunes, that file can also be encrypted when the file is created and would need a password before being restored to an iPhone. That plus the whole HD in the computer can also be encrypted. In fact, the iTunes library used to back up an iPhone can exist in a thumb drive, that is also encrypted. Thus easy to hide from the FBI or easily destroyed. (I'm assuming that the back up file of an iPhone is stored within the iTunes library and not somewhere else on the computer.) 

    I understand all of this but that's not my question. I'll ask it again.

    Does anyone know how to get data off of a locked iPhone. I don't care if it's encrypted or how long it will take. Can it be done? Have you seen it done? This is what the judge is demanding and I don't believe Apple can do it, which is fine with me.
    Supposedly flash mirroring is the way it can be done (there was an article on Arstechnica on that a few weeks ago), and seemingly that's how it was done for the 5c (it then allowed to bypass the code by essentially having a itatic mage of the retry counter to go back to repeatedly). On the 5s, even you did that, you wouldn't have this counter or even the file system key (both in the enclave).

    So, they can't even get to the original data protected by the passcode + hw device key, without breaching the enclave to get the file system key back).

    The FBI is truly starting to be more and more in the dark.


    edited April 2016
  • Reply 17 of 22
    davidwdavidw Posts: 950member
    rob53 said:
    davidw said:
    From what I understand, from people posting here that are more informed than me, the data can not be un-encrypted outside the iPhone by just using the passcode because part of the encryption key is created by using the serial number inside the secured enclave of the CPU. A serial number that Apple has no record of and can not be read if the iPhone is locked. It is read when the proper passcode is entered or on boot up.  And from what I gathered, if the secure enclave is tampered with, like in an attempt to access this serial number, the data is loss. So the data in an external HD would not have access to this part of the key, even if the correct passcode was entered, the data would remain encrypted.   


    The FBI has access to the data that the iPhone will use to restore the data after a Restore. I believe it's the last back up stored in the iCloud and is un-encrypted while in Apple's server. Apple will turn that over to the FBI with a proper search warrant.  Providing the back up feature was activated in the iPhone, before the Restore. As for a back up file in your computer with iTunes, that file can also be encrypted when the file is created and would need a password before being restored to an iPhone. That plus the whole HD in the computer can also be encrypted. In fact, the iTunes library used to back up an iPhone can exist in a thumb drive, that is also encrypted. Thus easy to hide from the FBI or easily destroyed. (I'm assuming that the back up file of an iPhone is stored within the iTunes library and not somewhere else on the computer.) 

    I understand all of this but that's not my question. I'll ask it again.

    Does anyone know how to get data off of a locked iPhone. I don't care if it's encrypted or how long it will take. Can it be done? Have you seen it done? This is what the judge is demanding and I don't believe Apple can do it, which is fine with me.
    My guess is yes. The most common method cited would be to remove the memory chip that stores the data and clone it. It involves the unsoldering of the chip and it's not something that can be done by the average jail breaker. But Apple would probably not be the best entity to perform this. There are better equipped and experienced computer forensic labs that can do this and most likely have already done this. That's why Apple incorporated part of the encryption key into the hardware of the iPhone. It prevents someone from making thousands of copies of the encrypted data and then using thousands of computers to try to break the encryption.  


    http://www.npr.org/sections/alltechconsidered/2016/03/23/470573608/the-apple-fbi-whodunit-whos-helping-the-feds-crack-the-locked-iphone
    edited April 2016
  • Reply 18 of 22
    sflocalsflocal Posts: 4,495member
    They have an iP6 with TouchID.  I presume they have the owner's fingerprints on file as well, or worst case... put his thumb on the darn sensor and be done with it.  What am I missing here?
  • Reply 19 of 22
    sflocal said:
    They have an iP6 with TouchID.  I presume they have the owner's fingerprints on file as well, or worst case... put his thumb on the darn sensor and be done with it.  What am I missing here?
    All Devices with TouchID (and a couple without ), have an A7 or later processor. Such devices ship with an additional processor inside called either "Secure Enclave" or "Secure Enclave Processor" depending on which version of Apple's documentation you read.

    The Touch ID sensor talks directly to the Secure Enclave. The Secure Enclave is a separate processor inside the phone, that does not run iOS, it runs a different operating system using the L3 Kernel. The L3 kernel was developed at University of New South Wales in Australia, and is one of a very few kernels to have undergone verification to a level where it has been mathematically proven to be bug-free. This is extremely unusual and very rare. Because of this it is a very simple kernel, and whilst its not powerful enough to run the entire phone, it is complex enough to do a few important things - encrypt data, generate (very) random numbers and manage cryptographic keys.

    The Secure Enclave is cryptographically paired with the TouchID sensor in the device at time of manufacture, and Apple does not know what this 256 bit key is. This prevents an attacker from swapping out the TouchID sensor for a bogus one that presents to be the real finger.

    The Secure Enclave also does not trust the A-series Application Processor that actually runs iOS, until the user has entered the device passcode. Why ? Because it is the Secure Enclave basically acts as a bouncer at the door , to the club where all the cryptographic keys are partying, and it never lets iOS in. I guess Jony Ive didn't make its UI cool enough. However, it WILL pass notes to the cryptographic keys on behalf of iOS.

    So when a user types a passcode, iOS doesn't work out if its valid or not, it has to ask Secure Enclave if its valid or not, the SE just says "yes" or "no", or in some cases iOS passes it what it thinks are the keys, and if the keys are valid, the SE hands back the decrypted object.

    Amongst other things, what that means is that the Secure Enclave can make up its own rules as to when it trusts iOS and TouchID or not.

    - 48 hours elapses without unlocking the phone ? Stop trusting Touch ID and iOS, and require the passcode to be re-entered
    - Reboot the Phone ? Stop trusting TouchID and iOS and require the passcode to be re-entered
    - 3 incorrect Fingerprint reads ? Stop trusting TouchID and require the passcode to be re-entered

    All of this is explained here: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

    What Apple has done is not perfect, but it sets a very high standard compared to the industry as a whole.

    So if you arrest someone with a TouchID capable device, and you want to unlock it, if they reboot the phone, then the passcode is the only way to unlock it. If they don't reboot the phone, you have less than 48 hours to use their fingerprint to unlock it, after which the passcode is the only way to unlock it.

    Or you can be smart, and understand human behaviour, like the British police, and side step the whole issue that US law enforcement has run into with its heavy handed approach, and seize the phone while its unlocked :

     http://www.businessinsider.com.au/cops-seized-terror-suspect-junead-khan-iphone-going-undercover-encryption-britain-2016-4?r=UK&IR=T

     
    jbdragonbaconstang
  • Reply 20 of 22
    lkrupplkrupp Posts: 6,789member
    sflocal said:
    They have an iP6 with TouchID.  I presume they have the owner's fingerprints on file as well, or worst case... put his thumb on the darn sensor and be done with it.  What am I missing here?

    What you are missing is that all that talk about how easy it is to defeat TouchID with fancy printers and lifted finger prints is total bullshit. The current battle between Apple and the FBI has laid bare all the crap being put out there by posers claiming to have ways into any device. Where the rubber hits the road they fail. It’s all talk and no substance.
Sign In or Register to comment.