Apple Wants To Know How The FBI Will Hack Its Phone

[athenian200]

I really don't see how this case is different from a bank refusing to let the police have access to a lockbox in spite of a warrant. When someone is under investigation for a crime, they give up their right to privacy. That's always been the case. People keep talking about a precedent for unlocking the phones, and it doesn't make sense to me. They act as if the only two options here are either the terrorist's phone stays locked up forever, or the FBI gets to monitor everyone's phones 24/7, with nothing in-between. It seems to me that we need a way for the government get into a device when they have a warrant, but also a law protecting people from unreasonable electronic searches and seizures. Apple's stance, to me, was like a bank complaining that the only key they have is a specially-made skeleton key that fits all the locks, and that if they give it out, someone might be able to copy it and unlock everyone's box. And now they're upset and demanding to know how a locksmith managed to crack their "impenetrable" design.

I don't think this issue should be decided by the courts and stupid precedent rules, honestly. I think we need actual legislation that says government can't just hack into a random person's phone because they're suspected of something, but that they have to obtain a warrant of some kind first. Just like how they can't search your house or your car without cause, the same standard should apply on digital devices. There needs to be some kind of well-reasoned compromise between total encryption-based anarchy, and 1984-style monitoring.

In my mind, at least, there's a difference between monitoring everyone constantly, and simply having a way to break into someone's electronic devices to see the data when you already have legal cause to search their house or their car. People seem convinced that this will somehow evolve into the former, and that there's no way to have any kind of balance or logic, and that we just have to accept the encryption-based tech anarchy where anyone with expensive iPhone style tech is safe even if guilty, while people with "lesser" phones aren't entitled to any privacy at all even if they're innocent. It's like saying that people who can afford to hire bodyguards are above the law and always safe, while people who can't afford that somehow deserve to be robbed and treated badly. That line of thinking pretty barbaric, if you think about it. We wouldn't stand for it if it weren't for the Internet's culture being so anti-authoritarian.

 

[Semantics]

Yes this makes sense. But understand that they were strong-arming the FBI to begin with so why the hell would the FBI willingly give the information to Apple (assuming their claim is legit)?

If it is true that the FBI can unlock the phone, you can bet your ass they will try as hard as they might to keep it to themselves at least until the next version of iOS.

I'm sure they had to pay off some hacker so they're going to try to get their money's worth out of it and tell people shit.

 

[lcpiper]

You have not been following the case have you?

The FBI wanted Apple to write a work around for them that they would KEEP, allowing them access to any Apple phone they so wished.

Still insisting this when it's proven not to be true.

Full Explanation of Court Order to Apple to Unlock San Bernardino Shooters' iPhone and Apple Refusal (Full text of court order and Tim Cook's letter included)


I call your attention to the 3rd Paragraph of the order and specifically the underlined text.

3. Apple's reasonable technical assistance may include, but is.
not limited to: providing the FBI with a signed iPhone Software
file, recovery bundle, or other Software Image File ("SIF") that can
be loaded onto the SUBJECT DEVICE. The SIF will load and run from
Random Access Memory ("RAM") and will not modify the iOS on the
actual phone, the user data partition or system partition on the
device's flash memory. The SIF will be coded by Apple with a unique
identifier of the phone so that the SIF would only load and execute
on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware
Upgrade ("DFU") mode, recovery mode, or other applicable mode
available to the FBI. Once active on the SUBJECT DEVICE, the SIF
will accomplish the three functions specified in paragraph 2. The
SIF will be loaded on the SUBJECT DEVICE at either a government
facility, or alternatively, at an Apple facility; if the latter,
Apple shall provide the government with remote access to the SUBJECT
DEVICE through a computer allowing the government to conduct passcode
recovery analysis.

First off, Apple has some say so in how to best do this. They can do it at their own facility, on their own computers and it says nothing about actually transferring anything to the FBI for the FBI to keep and hold. It is for the purposes of cracking into this phone and it doesn't say they have to turn the phone over to the FBI when they are done. This is all worded so that if Apple wishes, they can have the FBI come over while they do their thing to this phone and once everything is loaded and ready, the FBI then accesses the computer that is connected to the phone remotely and starts cracking it from "home".

And even if the court order leaves you with questions.

Feds: Apple Can Keep Software They Design To Help FBI Hack San Bernardino Attacker's iPhone

The Obama administration has told a U.S. magistrate judge it would be willing to allow Apple Inc. to retain possession of and later destroy specialized software it has been ordered to design to help the FBI hack into an encrypted iPhone used by the gunman in December’s mass shootings in California.

“Apple may maintain custody of the software, destroy it after its purpose under the order has been served, refuse to disseminate it outside of Apple and make clear to the world that it does not apply to other devices or users without lawful court orders,” the Justice Department told Judge Sheri Pym on Friday. “No one outside Apple would have access to the software required by the order unless Apple itself chose to share it.”

prosecutors explained that investigators would be willing to work remotely to test passcodes, while Apple retained both possession of the phone and the technology itself.

Apple was never required to actually give the FBI anything except remote access an Apple Computer at an Apple facility that in turn would allow them to run their password cracking tool against the phone after Apple put their custom code on it.

 

[lcpiper]

I really don't see how this case is different from a bank refusing to let the police have access to a lockbox in spite of a warrant. When someone is under investigation for a crime, they give up their right to privacy. That's always been the case. People keep talking about a precedent for unlocking the phones, and it doesn't make sense to me. They act as if the only two options here are either the terrorist's phone stays locked up forever, or the FBI gets to monitor everyone's phones 24/7, with nothing in-between. It seems to me that we need a way for the government get into a device when they have a warrant, but also a law protecting people from unreasonable electronic searches and seizures. Apple's stance, to me, was like a bank complaining that the only key they have is a specially-made skeleton key that fits all the locks, and that if they give it out, someone might be able to copy it and unlock everyone's box. And now they're upset and demanding to know how a locksmith managed to crack their "impenetrable" design.

I don't think this issue should be decided by the courts and stupid precedent rules, honestly. I think we need actual legislation that says government can't just hack into a random person's phone because they're suspected of something, but that they have to obtain a warrant of some kind first. Just like how they can't search your house or your car without cause, the same standard should apply on digital devices. There needs to be some kind of well-reasoned compromise between total encryption-based anarchy, and 1984-style monitoring.

In my mind, at least, there's a difference between monitoring everyone constantly, and simply having a way to break into someone's electronic devices to see the data when you already have legal cause to search their house or their car. People seem convinced that this will somehow evolve into the former, and that there's no way to have any kind of balance or logic, and that we just have to accept the encryption-based tech anarchy where anyone with expensive iPhone style tech is safe even if guilty, while people with "lesser" phones aren't entitled to any privacy at all even if they're innocent. It's like saying that people who can afford to hire bodyguards are above the law and always safe, while people who can't afford that somehow deserve to be robbed and treated badly. That line of thinking pretty barbaric, if you think about it. We wouldn't stand for it if it weren't for the Internet's culture being so anti-authoritarian.

It's not even that. There isn't even a privacy issue directly related to the phone because it's a San Bernadino County owned phone and not private property at all.

 

[lcpiper]

Maybe your little head can wrap your mind around it put another way:

Imagine you, and a select few others, had the ONLY x-ray goggles known to man. Now also imagine these same goggles could hear anything you wanted and also sniff out any information you wanted from anybody you happen to look at.

You would no doubt be curious enough to look through to your neighbors house....maybe you'll follow that one guy that rubbed you the wrong way in the bank teller line and you eavesdrop on them.....the list goes on man. What I mean by the law abiding citizen gets the shaft is just that. We're out in the open and with our privacy removed we're just another person in the house that you can peer through.

A terrorist, or any criminal for that matter, would be less susceptible to this because they are already trying to be secretive to begin with. They know they are doing bad dealings. They have that guilty conscience. Does that mean we all, as normal citizens, need to adopt a much more secretive way of life and live like them? No. We should be able to live as we live without any one person, or entity, given the choice to know whatever they want about you.

Clearly, since the bigger picture here is a philosophical/ethical argument, you're not going to get it if you need concrete 'evidence' about 'damages suffered' and whatever the hell else you need to attach to this to get yourself to understand.

Snowden outed the NSA and their 'meta data' sniffing program. You think that stopped? I doubt it. Given the keys to one of the most popular smart phones out there it just increases their net of visibility into the lives of ordinary people.

Unless you have a Government Security Clearance then you have no idea what it's like to have no privacy at all. About a year ago following all this Snowden bullshit the Government just came out and announced that all their cleared workers were going to be subjected to a new monitoring program. Bank, Medical, Social Networking, email, phone calls, everything at work and at home. No electronic privacy at all.

So if you don't fall into that camp, then you don't have a clue yet. I don't have to imagine shit, I'm already living it.

Now maybe you would like a chance to start over?

 

[bigdogchris]

I don't expect the FBI to cooperate with Apple on this, why would they? Apple choose not to cooperate. Just returning the favor.

 

[lcpiper]

I'm sure they had to pay off some hacker so they're going to try to get their money's worth out of it and tell people shit.

Well Apple turned them down on their offer;


The 5th Paragraph of the court order reads;

5. Apple shall advise the government of the reasonable cost of
providing this service.

 

[Deleted member 184142]

Still insisting this when it's proven not to be true.

Full Explanation of Court Order to Apple to Unlock San Bernardino Shooters' iPhone and Apple Refusal (Full text of court order and Tim Cook's letter included)


I call your attention to the 3rd Paragraph of the order and specifically the underlined text.



First off, Apple has some say so in how to best do this. They can do it at their own facility, on their own computers and it says nothing about actually transferring anything to the FBI for the FBI to keep and hold. It is for the purposes of cracking into this phone and it doesn't say they have to turn the phone over to the FBI when they are done. This is all worded so that if Apple wishes, they can have the FBI come over while they do their thing to this phone and once everything is loaded and ready, the FBI then accesses the computer that is connected to the phone remotely and starts cracking it from "home".

And even if the court order leaves you with questions.

Feds: Apple Can Keep Software They Design To Help FBI Hack San Bernardino Attacker's iPhone








Apple was never required to actually give the FBI anything except remote access an Apple Computer at an Apple facility that in turn would allow them to run their password cracking tool against the phone after Apple put their custom code on it.

Your own quote shows their intention in "providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF")", the "Obama administration" can say all they want, they are not the judge in the case, whatever they say means nothing. This is also long after Apple refused, at this point the FBI only wanted to set precedent. As others have already said, the FBI probably already had access to the phone and only wanted to push the case, after Apple not giving in and things slowly showing they were going to lose the case they want to drop it, because they don't want to lose a precedent case.

 

[lcpiper]

Your own quote shows their intention in "providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF")", the "Obama administration" can say all they want, they are not the judge in the case, whatever they say means nothing. This is also long after Apple refused, at this point the FBI only wanted to set precedent. As others have already said, the FBI probably already had access to the phone and only wanted to push the case, after Apple not giving in and things slowly showing they were going to lose the case they want to drop it, because they don't want to lose a precedent case.

It shows "no intention" at all. What is shows is what has been ordered and one paragraph of the court order doesn't exist in a vacuum from the rest. Read the entire court order and tell me you are convinced that Apple actually has to give the SIF code to the FBI so they can keep it because that Court Order doesn't say that at all.

 

[FrgMstr]

It shows "no intention" at all. What is shows is what has been ordered and one paragraph of the court order doesn't exist in a vacuum from the rest. Read the entire court order and tell me you are convinced that Apple actually has to give the SIF code to the FBI so they can keep it because that Court Order doesn't say that at all.

There has been a WHOLE LOT of folks that did not actually read the court order themselves, but rather relied on some bullshit website to tell them what the order means, and most of those were terribly wrong.

 

[nysmo]

Exactly. Asking for details is a win-win for Apple. If there is a vulnerability, Apple wants to know about it so they can close it. And if there isn't, they're calling the FBI's bluff, making them look like idiots.

Huh? What would the purpose of this FBI's bluff be? When you bluff it's because you expect a result. What is Apple supposed to do, say "nuh uh! Here we'll show you how you cant break into our product by breaking into it ourself! Wait doh!" Cmon dude. There's nothing the FBI could gain from this "bluff".

 

[OutOfPhase]

I'd think that preventing fraud and extortion of American citizens would be something they'd want to prevent. Securing phones would help to that end. This is also a bigger threat to most Americans than the boogeyman of terrorism.

 

[DukenukemX]

They found GeoHot hiding in his mom's basement to hack the iPhone.

 

[Dunnlang]

Whatever the hack is, it is almost certainly a DMCA violation. I highly doubt this legal battle is over.

 

[Osirus]

Huh? What would the purpose of this FBI's bluff be? When you bluff it's because you expect a result. What is Apple supposed to do, say "nuh uh! Here we'll show you how you cant break into our product by breaking into it ourself! Wait doh!" Cmon dude. There's nothing the FBI could gain from this "bluff".

Sure there is. Its a way for them to make the issue go away since their sniveling little attempt to get a back door into iOS built didn't sit well with public opinion.

 

[FrgMstr]

How do we know that an Apple employee did not come forward and supply software already held by Apple to unlock the phone? </tinfoil [H]at>

 

[lcpiper]

Whatever the hack is, it is almost certainly a DMCA violation. I highly doubt this legal battle is over.

Are you talking about this DMCA?

Digital Millennium Copyright Act - Wikipedia, the free encyclopedia

The Digital Millennium Copyright Act (DMCA) is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM) that control access to copyrighted works.

Unless Apple's security features qualify as a DRM Control Measure, and unless they are protecting access to copyrighted works, then I am thinking this DMCA does not apply.

But I am not a lawyer, perhaps you can sell it

 

[Dunnlang]

Are you talking about this DMCA?

Digital Millennium Copyright Act - Wikipedia, the free encyclopedia




Unless Apple's security features qualify as a DRM Control Measure, and unless they are protecting access to copyrighted works, then I am thinking this DMCA does not apply.

But I am not a lawyer, perhaps you can sell it

Yep, that's the one. Apparently you'd be surprised by the ways companies are using the DMCA these days. Car companies are even attempting to use it to restrict access to the ECU. Essentially all software is copyrighted. Any attempt to access or modify said software becomes a violation of the DMCA. Compiling and encrypting their software is a copy protection. Decompiling and decrypting is circumventing that.

 

[nilepez]

Since Apple refused to cooperate, I don't think they're obligated to tell them anything. Wouldn't be surprised if this "accidentally" fell into the hands of hackers and then Apple has to sweat for a few months trying to figure out where the weakness is. LOL.
Best situation would be for them to keep it secret, though. That way, Apple can't find out about it and patch it, and they won't have to be dealt with in the future. It would also prove Apple wrong about their inability to keep any sort of hack secret. "Oh, you think we can't keep a secret, huh? Good luck trying to figure out how we hacked your phone!"

Pretty sure the government is supposed to disclose security holes if they find them (not that the NSA does that).

 

[nilepez]

I'm for privacy as much as the next guy but there should be exceptions to the rule, especially involving terrorism. I wonder if that cell phone contained information to attack your house and behead your children, if the privacy advocates would be so quick to side with Apple on this. I'm pretty sick with Apple playing this privacy precedent deal on this. I don't feel Apple helping give access to terrorist activities in any way affects my personal privacy.

If they used this phone for planning, it'd kinda defeat the purpose of using burner phones, don't ya think?

 

[SvenBent]

I don't have anything to hide. How about you?

You must have a truly boring life...
Having stuff to hide is not the same as having illegal stuff.

But since you declared you have nothing to hide how about proving it by installer teamviewer and giving out the info to check that out ?

 

[Brokennails]

Sure. Then again. My ssd is wiped and am waiting on my new PC parts lol. And like I would trust you to not leave anything behind...


I gave up on dl'ing movies and mp3s a long time ago.

 

[Revdarian]

I don't have anything to hide. How about you?

Then post your SSN and all your personal information.

Nothing to hide right? please do comply.

 

[Brokennails]

Lol. Like I said on a previous post. No one can expect privacy on a phone. People overhear conversations and look over shoulders etc all the time. Home is another matter. But this thread isn't about that is it?

 

[Revdarian]

I am still not seeing a SSN + full name, let's add mother's maiden name, some CC info with the last numbers on the back too. Feel free to add username and password from any website that you use, including [H], be it for leisure or work.

Nothing to hide is such a blanket silly statement, and silly people that thinks that encryption is just for "bad secrets" need to be smacked on the head, hard.

 

[Brokennails]

Hahaha, having nothing to hide and just post personal info to cyber space is your response?

My bad. You won the argument. I stand corrected...

 

[Brokennails]

PS. Encryption shouldn't ever, ever be relied on as a safety. It will always be circumvented.

 

[CreatedTheMultiverse]

PS. Encryption shouldn't ever, ever be relied on as a safety. It will always be circumvented.

Stop wearing your seat belt (A seat belt, also known as a safety belt). They can't guarantee safety. Then stop locking your house doors, yes, they can be picked. Your logic is stupid, period.

Encryption must be good if it takes all this for progress either way.

 

[morningreis]

Everyone spouting my privacy is soo damn important is annoying. What do you have on your phone that is so damn important? Oh noes. That porn I made with my wifes best friend. Woe is me.

Yeah, I know. Morals is not cool in this day and age.

Giving up your right to privacy because you have nothing to hide is like giving up your freedom of speech because you have nothing to say.

 

[michalrz]

Problem one:

if the latter,
Apple shall provide the government with remote access to the SUBJECT
DEVICE through a computer allowing the government to conduct passcode
recovery analysis.

This is pretty careless. Apple could comply in this way and 1) provide a clone of the 'subject device' simply to see what FBI can and can't do
or 2) just load unencryptable gibbrish to the real or fake 'subject' and then proudly claim they have awesome security.
BTW the password is either '35KGD203' or '123123123'.

 

[Brokennails]

People are treating this iPhone case like if Apple complies the Guberment will look at all your iphones and the world will end. I highly doubt that 99% of the people would never even have their iPhone looked at by the guberment. The 1% that are looked at probably have a reason for it. Maybe I am naïve on that. Maybe they do have that room with 3,000,000 people watching everything everyone does 25 hours a day 8 days a week. Guess I will be the first person locked away on suspicion of doing something wrong because I say I have nothing to hide...

And the password would be 12345, the same as my suitcase code.

 

[Revdarian]

Securecom Mobile | Why Privacy Matters Even if You Have ‘Nothing to Hide’

Nothing to hide has never been a good argument, and will never be.

So yeah, you used a bad argument, and you should feel bad for doing so. A universally recognized bad argument at that.

 

[chenw]

People are treating this iPhone case like if Apple complies the Guberment will look at all your iphones and the world will end. I highly doubt that 99% of the people would never even have their iPhone looked at by the guberment. The 1% that are looked at probably have a reason for it. Maybe I am naïve on that. Maybe they do have that room with 3,000,000 people watching everything everyone does 25 hours a day 8 days a week. Guess I will be the first person locked away on suspicion of doing something wrong because I say I have nothing to hide...

And the password would be 12345, the same as my suitcase code.

"Nothing to hide" is a dangerous phrase, and you still seem to treat it as "nothing illegal to hide".

The fact that you have not shared your real name, your security questions, user name and answers means you DO have something you want to keep from us, which is nothing wrong in itself, but is definitely NOT "nothing to hide".

Everyone has SOMETHING they don't want shared with other people. For most of us it's just passwords and personal details that people don't want shared lest they get their identity stolen, which is a perfectly legitimate reason for wanting privacy when all you done in your entire life have been perfectly legal.

It's to stop OTHER PEOPLE from doing ILLEGAL STUFF with your details, lest it being government or other 3rd party.

 

[GaryJohnson]

PS. Encryption shouldn't ever, ever be relied on as a safety. It will always be circumvented.

That's not true. I mean I can give you a direct example: LGXRSSRAHB <- that's an encrypted message. It's not possible to circumvent the encryption without the key, because if you use a different key you get a different message and you have no way to know if it's the wrong message. The key I used is ECMGEWDJWY.

 

[Brokennails]

And this will be valid next month, next week, next year etc? You know this for fact? As apparently I don't know enough about encryption. But it seems there are always ways around this stuff. Look at rooting HTC stuff. With the right tools people got around the encryption.

 

[XenIneX]

And this will be valid next month, next week, next year etc? You know this for fact? As apparently I don't know enough about encryption. But it seems there are always ways around this stuff. Look at rooting HTC stuff. With the right tools people got around the encryption.

Properly implemented, with an appropriately complex password? Yes it will.

Barring an exploit, brute-forcing AES 256 encryption requires timescales typically referred to with phrases like "heat death of the universe", and would require more power than the current global electrical generation capacity to do so.

 

[455olds]

Well, the FBI did say it was a third party that found the way to circumvent it. That third party sharing that information with the FBI without Apple's permission is a DMCA violation. So...$0?



Would you allow the government to come into your house and have a look around whenever they felt like it?

This is all about legal precedent. Once you open that door, it's open forever. And once the first door is open, it makes other doors much easier to open.

I would let them in my house to cooperate with a terrorist investigation. There are acceptions.

 

[BinarySynapse]

Properly implemented, with an appropriately complex password? Yes it will.

Barring an exploit, brute-forcing AES 256 encryption requires timescales typically referred to with phrases like "heat death of the universe", and would require more power than the current global electrical generation capacity to do so.

* with current and near-term technology. Sudden shifts in computing power or methods could completely invalidate our current encryption standards. And there's no guarantee that we would have an accessible means of replacing them.

 

[Chance_P]

These analogies being thrown around by the "nothing to hide" herd are quite amusing, please continue..

 

[lcpiper]

Yep, that's the one. Apparently you'd be surprised by the ways companies are using the DMCA these days. Car companies are even attempting to use it to restrict access to the ECU. Essentially all software is copyrighted. Any attempt to access or modify said software becomes a violation of the DMCA. Compiling and encrypting their software is a copy protection. Decompiling and decrypting is circumventing that.

Well I'll let the courts figure that one out.