next time the FBI says it needs Apple, Google, or Samsung help with a phone, the companies should tell the FBI to try a little harder or ask Cellebrite to help. It is not like the FBI just started doing business with Cellebrite.
One theory: Apple and the FBI cut a deal. Apple would unlock the phone, but the FBI wouldn't tell. I'm not sure. I don't like to believe that Apple would do that, but it would make sense. Apple could do away with all the bad press and save their face, the FBI could get their phone unlocked... It would require a bold faced lie from the FBI, but I wouldn't put that past them considering how they've acted during the rest of this ordeal.
Some have suggested that this whole thing was a big show. True or not, both sides come out looking good.
While that's entirely debatable, there is now a very public perception that Apple's security has a backdoor in it, which can definitely affect Apple's reputation and stock.
Even if they were able to get in this iPhone, it did have an older version of IOS and took the FBI months and probably lots of time and money to be able to get in to this particular iPhone. So the way I see it Apple does have a very secure system. Everything can be broken in to, is just a matter of how easy or hard it is to break in to that matters. The way I see it the FBI proved that IOS was hard to break. Like always Apple will make improvements to its security and make it even harder to break into IOS. If I was Tim Cook, I would have every possible candidate trying to break in to iOS to fix any possible back door.
I'm with you. They lie about everything else why not this too?
Once upon a time we were told that there were WMD's in Iraq. Many military members died fighting on that bit of intel that was never proven. As Arnold said in "True Lies", "It's a hot water heater".
I want to know what's on the phone!!
While that's entirely debatable, there is now a very public perception that Apple's security has a backdoor in it, which can definitely affect Apple's reputation and stock.
Even if they were able to get in this iPhone, it did have an older version of IOS and took the FBI months and probably lots of time and money to be able to get in to this particular iPhone. So the way I see it Apple does have a very secure system. Everything can be broken in to, is just a matter of how easy or hard it is to break in to that matters. The way I see it the FBI proved that IOS was hard to break. Like always Apple will make improvements to its security and make it even harder to break into IOS. If I was Tim Cook, I would have every possible candidate trying to break in to iOS to fix any possible back door.
Exactly! There's no need for people to get so emo over this. I feel pretty good that it's taken months, even years for the FBI to figure this out. That's like batting .900, versus like .400 (which would pretty much guarantee you a batting title).
Part of me thinks this is BS and they never got into the iPhone and withdrew because of all the bad press they were getting.
I was thinking that too. I also believe Apple had an extremely strong case. Every time James Comey opened his mouth, that was more ammunition for Apple's case. The more Comey spoke, the more of his lies were being exposed.
Maybe. If it's false then that's a fraud on the Court. And Courts treat that very harshly. But there are many, many ways to "be economical with the truth".
The hard question now for the FBI is whether or not they proceed in the New York case. If they do not, then Judge Ornstein's Order stands so they do have some motivation to have that overturned. I do not think that Apple will let them just vacate that opinion and walk away.
Apple will move the delay between passcode attempts from iOS into the secure enclave of the chip. People who want an unhackable phone will have to buy a new iPhone.
But remember that this was a 5c and running iOS 8.
If you have a complex passcode and TouchID, the FBI will be waiting a long time to brute-force it, if that is indeed what they've done.
Hey, bud, it's the fracking FBI who crapped their big mouths in the media non stop for weeks AND initially fracked up the case by changing the Iphone cloud password.
Learn how to read.
The newer phones like the 5s have hardware limitations that the 5c didn't have and those POS morons at the FBI can go suck an egg.
"Go suck an egg" - Really??? How old are you?
yes, the FBI went to the media first but Apple decided to take any and all interviews about the subject with Mr Cook releasing an open letter. Apple went on the defense and then tried to go on the offensive...how did that work out?
You lied to make your point so you;re the child here, got that.
You lost the argument, just like the FBI, pack up and move on.
Apple could've worked with the FBI behind the scenes and no one would've been any wiser but, Apple decided not to in an effort to protecting privacy. In doing so they've actually crated a much larger and more dangerous threat to privacy.
The FBI owes Apple nothing with regards to sharing how the phone was hacked and why should they? Why would the FBI say "here's exactly how we did it, now go ahead a patch that so we can have this same fight in the future"
I hope everyone thanks Mr Cook for creating a much larger and unregulated threat to your privacy.
No. The threat to privacy comes from the FBI because what it has been trying to do is to get the courts to permit it to do what Congress told it it could not do (see CALEA, passed in 1994). In the alternative, the effort is to force Congress to rewrite CALEA.
This exploit will be tightened up - you can rest assured of that.
For anyone that thinks is "good news" for Apple, you have it completely backwards. First, the government has complete discretion to extract data from your phone and Apple is powerless to do anything about it. Second, now that the government has succeeded in extracting data, every government on the planet will seek to do the same.
It was done through NAND memory duplication.
Easy way to think about this is like this: Virtual machine, or in this case, vitrual phone. Once they were duplicate the memory, they were able to run a simple password hack algorithm until they got the correct password. When ever the it reach the limit where the content would be deleted. They would just reset the virtual phone and continue right where they left off untill they went through all combinations.
Note this was reported in the news a few days back.
You can't do that BUD, man I'm tired of this shit, there is a god damn hardware Key that can't be copied out that's needed to decrypt, plus the decryption key that comes from the passcode and is built from the hardware key + passcode combination in a programmatic way.
They'd have to decapp the chip to get the key, reverse engineer Apple's code and create the virtual machine and you think they someone did that in a few fracking days? No chance.
They can copy out the memory, but trying the pins has to occur on this phone unless they want to spend a lot of engineering dollars.
Read somewhere:
"The problem is that without the passcode, it is not even possible to update the software, even for Apple. The phone has to explicitly Trust a connection - and before you trust a connection, it needs to be unlocked.
Secondly, the decryption key is not in the Flash memory, it is in the Processor itself - similar to how Touch ID is stored. So even if you copy the NAND Flash, as a Johns Hopkins security research professor suggested (mirroring), you can't do anything with it.
Thirdly, the way whole disk encryption works in iOS, the Processor needs to allow you access - not the OS. That's the reason even for Apple this is a technical impossibility.
The only approach that will work - and the one that is being tried (sources), is to brute force the fingerprint recognition of TouchID. The only weakness in Apple's armor, is that there is no limit on wrong fingerprint attempts, nor is there is any delay after several unsuccessful attempts.
The FBI has a humongous database of fingerprints, and their Israeli consultants have figured out a way to quickly take a fingerprint image and trick TouchID into believing that it is a valid human finger. This is the reason the FBI doesn't need Apple, but they don't know if and when they can crack TouchID.
This is actually technically a much more complicated process - but there is a problem with TouchID because of why this becomes possible. TouchID cannot obviously be 100% precise - because human fingerprints also get damaged and worn out over time, people position their finger slightly differently each time, etc. Because of this, TouchID actually matches when there is even a somewhat reasonable match!"
For anyone that thinks is "good news" for Apple, you have it completely backwards. First, the government has complete discretion to extract data from your phone and Apple is powerless to do anything about it. Second, now that the government has succeeded in extracting data, every government on the planet will seek to do the same.
wait, this is a happy ending here. The Govt was able to "get" the data they were looking for in the phone and Apple did not supply a backdoor. This was likely a hardware hack. There was no backdoor, which means that your data and mine are secure. The Govt. can't leak this. Plus, I expect the FBI to be able to perform a search when warranted.
i am wondering if the israeli company helped them get in.
that's the question. Did they really unlock the phone or just let it go because of Apple's resistance. I don't think the Government was willing to push it as far as forcing Apple to do something it did not want to do. The Govt. typically drives it to the finish line if their coercion has a chance to succeed.
For anyone that thinks is "good news" for Apple, you have it completely backwards. First, the government has complete discretion to extract data from your phone and Apple is powerless to do anything about it. Second, now that the government has succeeded in extracting data, every government on the planet will seek to do the same.
Huh? Use a long alpha password (use accents if your paranoid_ and even on an older phone they got access to nothing no matter what they do. Getting encrypted data is useless if it takes a million year to decrypt. On things like the 5s, 6 and 6s it is even longer than a million year with a long alpha password.
For anyone that thinks is "good news" for Apple, you have it completely backwards. First, the government has complete discretion to extract data from your phone and Apple is powerless to do anything about it. Second, now that the government has succeeded in extracting data, every government on the planet will seek to do the same.
wait, this is a happy ending here. The Govt was able to "get" the data they were looking for in the phone and Apple did not supply a backdoor. This was likely a hardware hack. There was no backdoor, which means that your data and mine are secure. The Govt. can't leak this. Plus, I expect the FBI to be able to perform a search when warranted.
Exactly, this is indeed a happy outcome if true, and frankly I don’t mind this hardware approach by law enforcement as it requires possession, and must be by court order, of the device along with some disassembly required, most likely destructive. Good luck with the 64 bit secure enclave in the future with stronger techniques. This outcome is not unlike a house search under warrant looking for secret compartments and is very different than a backdoor software approach, unbeknownst to our clueless first commenters and other trolls. Nobody wants govtOS with unfettered remote sensing.
I also believe that terrorist IT people are aware of this technique and ordered the shooters to completely demolish their personal phones for good measure, even though they were most likely encrypted as well, which also furthers the point that there is nothing of value on the iPhone 5c and that indeed this whole thing is a sham.
Part of me thinks this is BS and they never got into the iPhone and withdrew because of all the bad press they were getting.
I suspect you could be right. From the FBI's perspective better to leave the issue unresolved than to go to court and have it resolved in a way the FBI didn't like. If Apple won it would reduce the FBI's options not just with Apple but also with other 'less principled' manufacturers.
On the other hand, the withdrawal also creates the impression Apple's encryption might have been broken. Apple will need to at least be seen to upgrade encryption in iOS9.4 that could deal with the exploit.
The gripping hand is the encryption war goes on forever.
Comments
The hard question now for the FBI is whether or not they proceed in the New York case. If they do not, then Judge Ornstein's Order stands so they do have some motivation to have that overturned. I do not think that Apple will let them just vacate that opinion and walk away.
But remember that this was a 5c and running iOS 8.
If you have a complex passcode and TouchID, the FBI will be waiting a long time to brute-force it, if that is indeed what they've done.
https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html
Being wrong doesn't stop your yapping proudly does it?
You lost the argument, just like the FBI, pack up and move on.
This exploit will be tightened up - you can rest assured of that.
"The problem is that without the passcode, it is not even possible to update the software, even for Apple. The phone has to explicitly Trust a connection - and before you trust a connection, it needs to be unlocked.
Secondly, the decryption key is not in the Flash memory, it is in the Processor itself - similar to how Touch ID is stored. So even if you copy the NAND Flash, as a Johns Hopkins security research professor suggested (mirroring), you can't do anything with it.
Thirdly, the way whole disk encryption works in iOS, the Processor needs to allow you access - not the OS. That's the reason even for Apple this is a technical impossibility.
The only approach that will work - and the one that is being tried (sources), is to brute force the fingerprint recognition of TouchID. The only weakness in Apple's armor, is that there is no limit on wrong fingerprint attempts, nor is there is any delay after several unsuccessful attempts.
The FBI has a humongous database of fingerprints, and their Israeli consultants have figured out a way to quickly take a fingerprint image and trick TouchID into believing that it is a valid human finger. This is the reason the FBI doesn't need Apple, but they don't know if and when they can crack TouchID.
This is actually technically a much more complicated process - but there is a problem with TouchID because of why this becomes possible. TouchID cannot obviously be 100% precise - because human fingerprints also get damaged and worn out over time, people position their finger slightly differently each time, etc. Because of this, TouchID actually matches when there is even a somewhat reasonable match!"
Getting encrypted data is useless if it takes a million year to decrypt.
On things like the 5s, 6 and 6s it is even longer than a million year with a long alpha password.
Exactly, this is indeed a happy outcome if true, and frankly I don’t mind this hardware approach by law enforcement as it requires possession, and must be by court order, of the device along with some disassembly required, most likely destructive. Good luck with the 64 bit secure enclave in the future with stronger techniques. This outcome is not unlike a house search under warrant looking for secret compartments and is very different than a backdoor software approach, unbeknownst to our clueless first commenters and other trolls. Nobody wants govtOS with unfettered remote sensing.
I also believe that terrorist IT people are aware of this technique and ordered the shooters to completely demolish their personal phones for good measure, even though they were most likely encrypted as well, which also furthers the point that there is nothing of value on the iPhone 5c and that indeed this whole thing is a sham.