FBI can't unlock anything newer than Apple's iPhone 5c, Comey reveals

2»

Comments

  • Reply 21 of 37
    512ke512ke Posts: 782member
    This report seems really fishy to me. If the FBI could hack only older iPhones, why would they be publicizing their inability to hack the 6 series? Wouldn't the FBI in that case be telling evil doers, in essence, go out and buy yourself a 6 series iPhone? Wouldn't it make more sense for the FBI to keep its limitations secret in the hopes that evil doers are using older iPhones (or at least, some of them)? 

    i would guess that the FBI also can hack a 6 but they just want to lull the "bad guys" into a false sense of complacency/security. No?
  • Reply 22 of 37
    icoco3icoco3 Posts: 1,473member
    rob53 said:
    ...
    I watched Truth 2015 last night, the attack on CBS's 60 Minutes crew (Dan Rather, Mary Mapes), and it's similar to this witch attack on Apple except both Republicans and Democrats are attacking Apple using hearsay and a lack of understanding and fear mongering to get what they want while making Apple look real bad.
    ...
    Not sure which way you are intending this comment.  It was proven that they relied on false documents for their reporting.  They cried they were attacked for using false documents all the while attacking someone using false documents.  The rewriting of history in a movie does not change those facts so without further explanation, that part of your comment is ambiguous.
    193
    edited April 2016
  • Reply 23 of 37
    SoliSoli Posts: 10,033member
    That explains their desire to get a backdoor built-in.
  • Reply 24 of 37
    dysamoria said:
    Didn't we already know this?
    This is my question. How did I know about the IP-Box but the head of the FBI did not? John Gruber reported on this over a year ago on Daring Fireball which is when I switched to an alpha-numeric passphrase.



    wonkothesane
  • Reply 25 of 37
    rhoninrhonin Posts: 60member
    fallenjt said:
    This will set another battle against Apple when the next case when newer iPhone needs to be unlocked. FBI never stops. The good news is White House just withheld  the support for legislature on forcing companies to crack encryptions. Thank you, Obama. Is this the reason why they don't want Obama to have iPhone because they can't monitor what's going on in his phone? LOL.

    It's not just the FBI.  They are the current player.  They and their partner the DOJ.  We have had local LEO, DEA, and others attempting the "Precedent" path. 
  • Reply 26 of 37
    moreckmoreck Posts: 187member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.

    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    You just like to ignore words, get upset when someone points out their meaning, then insult them, don't you?

    Waterrockets is right.
  • Reply 27 of 37
    roakeroake Posts: 790member
    A huge benefit from this kind of thing for Apple and the general public (but not the FBI) is that the endless speculation (and proof in some cases) from experts that see potential security holes is that Apple is busily plugging every leak.  The result is going to be a hardware and software platform that is dramatically *more* secure than the already highly secure iPhone.

    The FBI unwisely put all their chips on this move and lost spectacularly; at least they figured it out before a judge decided against them.  The FBI has come across like bumbling idiots; gone is the mystery and mystic of the all-powerful and secretive FBI that can accomplish anything.  Now, the only real hope moving forward for them is trying to get laws in place forcing backdoors by tech companies, and in the current political environment, that's not going to happen.  Even if it did happen in the USA, there are innumerable foreign app-makers that will still offer secure communications and show the FBI the middle finger.
  • Reply 28 of 37
    roakeroake Posts: 790member
    The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday.


    The IP Box setup, via MDSec.


    Comey told a group of students and educators at Kenyon College in Ohio that his department had "purchased a tool" from a third party to unlock the iPhone in question, according to CNN Money. Though he stopped short of revealing the exact process, he did note that it would not work on more modern handsets.

    "This doesn't work on 6S, doesn't work on a 5S, and so we have a tool that works on a narrow slice of phones," Comey said.

    Discussing Apple's request that the bureau unveil its method, Comey was noncommittal but said he was worried about losing what little access the bureau does have.

    "We tell Apple, then they're going to fix it, then we're back where we started from," he said. "We may end up there, we just haven't decided yet."

    Since the FBI revealed its success late last month, most speculation regarding their method has centered around the so-called "IP Box" that first appeared last spring. That tool -- which retails for less than $300 -- latches onto a susceptible iPhone's power circuitry and enters PINs over USB.

    When a wrong guess is detected, the tool aggressively cuts power to the iPhone's logic board before the guess is recorded, defeating the 10-try limit.

    Apple is believed to have patched this hole in older iPhones with iOS 8.1.1; as the iPhone 5c in question is thought to be running iOS 9, the FBI has either chosen a different method or has purchased the device from a company that has discovered an as-yet unreported flaw in later software.

    Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
    So, if we use an actual password instead of a 4-digit PIN, then we should be good, even on the older devices.  Bye, bye, PIN's.
  • Reply 29 of 37
    SoliSoli Posts: 10,033member
    roake said:
    The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday.


    The IP Box setup, via MDSec.


    Comey told a group of students and educators at Kenyon College in Ohio that his department had "purchased a tool" from a third party to unlock the iPhone in question, according to CNN Money. Though he stopped short of revealing the exact process, he did note that it would not work on more modern handsets.

    "This doesn't work on 6S, doesn't work on a 5S, and so we have a tool that works on a narrow slice of phones," Comey said.

    Discussing Apple's request that the bureau unveil its method, Comey was noncommittal but said he was worried about losing what little access the bureau does have.

    "We tell Apple, then they're going to fix it, then we're back where we started from," he said. "We may end up there, we just haven't decided yet."

    Since the FBI revealed its success late last month, most speculation regarding their method has centered around the so-called "IP Box" that first appeared last spring. That tool -- which retails for less than $300 -- latches onto a susceptible iPhone's power circuitry and enters PINs over USB.

    When a wrong guess is detected, the tool aggressively cuts power to the iPhone's logic board before the guess is recorded, defeating the 10-try limit.

    Apple is believed to have patched this hole in older iPhones with iOS 8.1.1; as the iPhone 5c in question is thought to be running iOS 9, the FBI has either chosen a different method or has purchased the device from a company that has discovered an as-yet unreported flaw in later software.

    Beginning with the iPhone 5S, PIN guesses are managed in the hardware Secure Enclave, rendering such an attack useless.
    So, if we use an actual password instead of a 4-digit PIN, then we should be good, even on the older devices.  Bye, bye, PIN's.
    I would recommend a passcode on all iPhones that have Touch ID, since you don't have to input it often. On older devices, the passcode can be a little too much, but I would recommend increasing it to at least 6-digits.


    PS: The iPhone's passcode is well over BASE-102. That's just 26 lowercase, 26 uppercase, 10 numbers, and the 40 special characters; but it doesn't include all the other text options for a long-press like Ç or ç or ¢ or £ and on and on. Even a 4-character passcode with BASE-102 is 108,243,216 possibilities.
    edited April 2016 jfc1138
  • Reply 30 of 37
    waterrocketswaterrockets Posts: 1,231member
    Comey says the this technique does not work on modern devices. 

    This is different than saying that the FBI cannot hack modern devices with different techniques.

    Headline fail.

    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    I didn't pull anything out of thin air. Re-read the article, and my post, and explain what I manufactured here.
  • Reply 31 of 37
    waterrocketswaterrockets Posts: 1,231member


    You just like to make stuff up out of thin air, don't you?

    Do you understand what a logical fallacy is?
    what's wrong about it? the fbi's inability to use their secret technique on anything newer than a 5C does not mean they cannot hack anything newer. it simply means not with *this* technique. that may seem like splitting hairs, but it isn't. it's the art of symantics. 
    Yeah, see? I'm an artist!  :P
  • Reply 32 of 37
    sflocalsflocal Posts: 6,006member
    I still think all this is moot.  Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.

    Am I missing something here?

  • Reply 33 of 37
    stevehsteveh Posts: 480member
    sflocal said:
    I still think all this is moot.  Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.

    Am I missing something here?

    TouchID doesn't work with dead digits?
    icoco3
  • Reply 34 of 37
    tallest skiltallest skil Posts: 43,399member
    sflocal said:
    Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
    TouchID needs live tissue for capacitance, I believe.

    I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
    edited April 2016
  • Reply 35 of 37
    quinneyquinney Posts: 2,528member
    sflocal said:
    Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
    TouchID needs live tissue for capacitance, I believe.

    I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
    That must work great when using ApplePay at the grocery store.
  • Reply 36 of 37
    SoliSoli Posts: 10,033member
    sflocal said:
    Eventually all iPhones in the wild will have TouchID and even if the terrorist blows himself up, take severed thumb, place on iPhone and viola... unlocked.
    TouchID needs live tissue for capacitance, I believe.

    I also believe that I heard once that someone had TouchID activated but only had his glans penis registered. Good security, I guess, since how likely is anyone to check it?
    1) It doesn't need "live tissue" so much as something that mimics that of living tissue. This is probably the easiest to trick on Touch ID.

    2) Penis, nose, nipple, cat and dog paw. Pretty much anything with some heat, natural electric field, and perhaps blood vessels. I'd bet your scrotum would work, too, but since that changes more often than Trump's positions on important political matters, you find it difficult to get a successful read over time.

    Remember, Touch ID, isn't looking for a 100% match like with any PIN or passcode, it's looking for certain number of points that result in a certain threshold of likelihood that the person that set up the Touch ID is, in fact, the same user. This is why the PIN/passcode is used when you restart it, then 48 hours has passed, when too many failed Touch ID attempt are made, and when trying to add a Touch ID access point or trying to dis/enable Find My iPhone.
Sign In or Register to comment.