Cellebrite (company in Netherlands and Israel) has the expertise and past successes worldwide in unlocking cell phones -- ANY AND ALL CELL PHONES. It is their specialty.
They will charge the FBI €1500 for cracking the Apple phone. It is my understanding they have worked together in the past. Apple knows this company has done so in the past, Apple can most certainly unlock their own products, Apple is simply playing games.
Anyone with half-a-brain has to know a company is not going to manufacture a cell phone they cannot unlock themselves. This entire grandstanding by the FBI and Apple was/is simply a 'pissing match'.
I will add the fact that Cellabrite is the ONLY company in the world who can unlock the Apple product (as well as Apple itself).
Twitter reports that the the FBI spent 220KusD on Cellebrite.
Kevin L said: This entire grandstanding by the FBI and Apple was/is simply a 'pissing match'.
I will add the fact that Cellabrite is the ONLY company in the world who can unlock the Apple product (as well as Apple itself).
If you bothered to read the contributions of noted security experts worldwide, and even those of Edward Snowden who has been away from the current scene for many years now, you would be careful about making this boastful assertion about Cellebrite being the sole "font of wisdom" regarding smartphone access.
Snowden and many, many other security experts immediately called B$ on the Bureau's claimed inability to unlock the phone, claiming that powerful forensic tools exist in the private and government sectors capable of the exploit. This raises three possible scenarios, all bad for US national security, privacy and civil liberty:
1⃣ Inter-departmental rivalry and cooperation breakdown: Quantico getting fed up of having to say "Uncle", "Pretty please" and roll over and have their tummy tickled by the boffins at Fort Meade to spare their blushes after the blunder of the reset iCloud password locked them out of the iPhone 5C; so they decided they could instead bulldoze their way with a "JUDELEX" (Judicial/Legislative/Executive) coup to force the issue onto Apple. As Tim Cook eloquently explained, this presented a nightmare scenario of the keys to the iPhone kingdom being handed over to everybody...
2⃣ The government itself deciding to attempt to reduce costs by "fobbing off" the onus, responsibility and expense of decrypting smartphones on to the manufacturers themselves, whom the govt perceives as affluent enough to bear the cost. Once achieved it is not an inconceivable leap to suggest that lay-offs and redundancies will follow in the FBI and related security departments, endangering the realm even further.
3⃣ Outsourcing the decryption of security-sensitive devices to a PRIVATE company in a FOREIGN country... No-one seems to bat an eyelid at this alarming development, but just wait until the strategic interests of one country begin to diverge from the other and re-evaluate the situation.
"Things are hard all over..." as Master Sergeant Jonas Blaine of TV's "The Unit" would tersely call it.
At the end of the day, we have no proof that the FBI succeeded at anything ... we're put in the rather awkward position of having to take the FBI's word that they did so.
I'm willing to bet that someone at Justice realized (a) the court case would be lost and (b) some PR damage control was necessary. Viola! They invented the story of the hacked iPhone as cover. And of course, most of us buy it because we still believe whatever the government says is true.
===== I totally agree. Google FBI Whistleblowers and you'll see how much credibility the FBI and the government have. Zilch.
So now the shoe's on the other foot. Apple requesting the FBI to explain how they did it.
Sorry, Apple, that's proprietary!
Now get to work patching your OS to protect terrorist private data.
Remember this is the iPhone 5C with no TouchID or Secure Enclave. The FBI said this hack only works with the 5C. How they did it?!?! Does it matter? Not everything can be encrypted otherwise you're phone wouldn't start up. So you're going to find ways through the weak parts of the phone or whatever device to find a way around the security and Encryption. With longer passcodes and Alphanumeric passcodes, Brute Force attacks is pretty pointless as it would take way to long. As in you'll be dead long before it stumbles on the code.
I'd rather Apple wasn't told where the weak part of it's security was and how they got into the phone. This means instead of Apple just Zeroing right to the issue at hand and patching it, Apple has to work much harder going through everything and maybe fixing more security holes and end up fixing the one the FBI used anyway besides others.
Just another reason why forced Back Doors is just dumb. It's already hard enough to get perfect security.
Best way to fix hardware exploits is use bigger SoCs so all relevant components are in the package, and then put some nice black resin over the pins to prevent desoldering.
if they want to go further they can have tripwires in the SoC case making sure decapping attempts result in data destruction.
I think people neglect to take the long view on this issue, this isn't about a rather minor terrorist act, it's about what personal computing devices have become: a support organ. Frankly it's time to see personal computing devices as brain extension, after all it's just a matter of time until they will become like implants. Just as "truth serum" isn't legal in criminal investigations, so forced data extraction out of personal devices should be illegal.
And when Congress passes a law making that illegal (or prohibiting it's sale) that would be for naught.
In this recent case, the FBI did not want a software backdoor. They wanted the 10 time erase option disabled.
Read the case again.
The FBI wanted code to erase the 10 guess options AND the ability to access the phone remotely. Those are backdoors. If you can access a phone remotely and have unlimited tries at the 4 digit passcode you will be able to hack into TENS OF MILLIONS of iPhones from Russia or China.
I don't recall seeing the FBI requiring remote access. Any link?
And defeating a security option is not a backdoor. Common usage of that term is a backdoor into the encryption used.
IMHO, I am OK with the FBI keeping their techniques secret as long as the hack is not related to a security issue that could be exploited by hackers or governments to access and steal information out of millions of iPhones or survey people without them knowing it. The FBI should be able to perform hardware hacks of individual phones if their search is warranted. Having said that, I expect the FBI, NSA or CIA inform the private sector whenever they discover software vulnerabilities that could be exploited for crime. We are now not talking about hardware hacks or hacks that involve 100 devices, but software vulnerabilities that affect millions of computers or devices. And I expect the private sector to never build software backdoors intentionally that could compromise the security of customers. And expect companies (i.e., Apple) to develop more ways (hardware/software) to keep our data secure and stay one step ahead of hackers and shady government spies.
While there may have been a compelling concern about the data on the phone, it would be nice to know if the government indeed extracted value from what they found once unlocked. The public deserved to know if this exercise was valuable in this scenario.
IMHO, I am OK with the FBI keeping their techniques secret as long as the hack is not related to a security issue that could be exploited by hackers or governments to access and steal information out of millions of iPhones or survey people without them knowing it. The FBI should be able to perform hardware hacks of individual phones if their search is warranted. Having said that, I expect the FBI, NSA or CIA inform the private sector whenever they discover software vulnerabilities that could be exploited for crime. We are now not talking about hardware hacks or hacks that involve 100 devices, but software vulnerabilities that affect millions of computers or devices. And I expect the private sector to never build software backdoors intentionally that could compromise the security of customers. And expect companies (i.e., Apple) to develop more ways (hardware/software) to keep our data secure and stay one step ahead of hackers and shady government spies.
I expect Congress to write a law requiring device manufacturers a method to allow law enforcement access to the decrypted internal data of the device (encrypted by the device manufacturer whose decryption keys are stored on the device) when served with a valid court order and the physical device.
I expect Congress to write a law requiring device manufacturers a method to allow law enforcement access to the decrypted internal data of the device (encrypted by the device manufacturer whose decryption keys are stored on the device) when served with a valid court order and the physical device.
Who cares. If someone has possesion of a phone I would just do activation lock.
what the FBI wanted was a software backdoor. With a software backdoor you could hacks into a phone thousands of miles away. Russian hackers could hack your phone. I'm 100% fine with hacks that require physical access to the phone.
In this recent case, the FBI did not want a software backdoor. They wanted the 10 time erase option disabled.
Which is a FIRMWARE backdoor, so to speak. they wanted Apple to create special firmware (software that modifies hardware and is beyond the normal operating system) to bypass the 10x function and the time limiter that causes huge delays between attempts. FBI also asked the court to demand apple create a firmware patch that would allow 'electronic keyboard' (auto-type) access instead of having to input via the touchscreen. With these three firmware functions disabled the FBI could brute force the passcode.
HOWEVER, Apple incorporates firmware updates into its iOS updates, thus they actually have to create a new (gov't) iOS to integrate the firmware patches created AND being that firmware actually IS software from a programmer's perspective (it is not hardware) the court did, in essence, order Apple to create new software (because firmware IS software) thus ordering speech against Apple's desires.
I am confused. Did the FBI actually come out and say that this third party was successful in getting into the phone? I know they said that a third party approached them with a viable method. But did they actually do it?
My gut tells me the FBI is bluffing and they are trying to save face. I don't think they ever cared about this phone. They wanted to set a legal precedent, and when it looked like that would not happen, they tried to bail without setting a precedent that would go against them and save some dignity if possible.
Not to dwell on hypotheticals but I think Apple might want to know the hack so that they can harden the million or so iPhones currently in use by government employees. This would be motivated by the corporate self interest of avoiding the exquisite irony of a major security incident worsened by the unwillingness of the most prominent law and order branch of the federal government to assist in protecting the security of the other 99% of their fellow government employees.
Not to dwell on hypotheticals but I think Apple might want to know the hack so that they can harden the million or so iPhones currently in use by government employees. This would be motivated by the corporate self interest of avoiding the exquisite irony of a major security incident worsened by the unwillingness of the most prominent law and order branch of the federal government to assist in protecting the security of the other 99% of their fellow government employees.
The government has every right to snoop on those phones and to access any information in those phones, anytime. These are work phones owned by the government, not the employees.
Comments
and 'unlock' is different than 'hack.'
Snowden and many, many other security experts immediately called B$ on the Bureau's claimed inability to unlock the phone, claiming that powerful forensic tools exist in the private and government sectors capable of the exploit. This raises three possible scenarios, all bad for US national security, privacy and civil liberty:
1⃣ Inter-departmental rivalry and cooperation breakdown: Quantico getting fed up of having to say "Uncle", "Pretty please" and roll over and have their tummy tickled by the boffins at Fort Meade to spare their blushes after the blunder of the reset iCloud password locked them out of the iPhone 5C; so they decided they could instead bulldoze their way with a "JUDELEX" (Judicial/Legislative/Executive) coup to force the issue onto Apple. As Tim Cook eloquently explained, this presented a nightmare scenario of the keys to the iPhone kingdom being handed over to everybody...
2⃣ The government itself deciding to attempt to reduce costs by "fobbing off" the onus, responsibility and expense of decrypting smartphones on to the manufacturers themselves, whom the govt perceives as affluent enough to bear the cost. Once achieved it is not an inconceivable leap to suggest that lay-offs and redundancies will follow in the FBI and related security departments, endangering the realm even further.
3⃣ Outsourcing the decryption of security-sensitive devices to a PRIVATE company in a FOREIGN country... No-one seems to bat an eyelid at this alarming development, but just wait until the strategic interests of one country begin to diverge from the other and re-evaluate the situation.
"Things are hard all over..." as Master Sergeant Jonas Blaine of TV's "The Unit" would tersely call it.
We no share.
And defeating a security option is not a backdoor. Common usage of that term is a backdoor into the encryption used.
But Congress tilts pro-encryption because of warnings from the intelligence community dealing with cyber threats.
HOWEVER, Apple incorporates firmware updates into its iOS updates, thus they actually have to create a new (gov't) iOS to integrate the firmware patches created AND being that firmware actually IS software from a programmer's perspective (it is not hardware) the court did, in essence, order Apple to create new software (because firmware IS software) thus ordering speech against Apple's desires.
My gut tells me the FBI is bluffing and they are trying to save face. I don't think they ever cared about this phone. They wanted to set a legal precedent, and when it looked like that would not happen, they tried to bail without setting a precedent that would go against them and save some dignity if possible.