Apple Wants To Know How The FBI Will Hack Its Phone

nilepez said:
Pretty sure the government is supposed to disclose security holes if they find them (not that the NSA does that).
Click to expand...

Which part of the government?

You do know it's not a generic thing. Just throwing around whatever and saying in general what the government is supposed to do is kinda lame.

For instance, the DoD isn't Law Enforcement and therefor they don't have a whole lot of responsibilities when it comes to enforcing the law, other then their own UCMJ for their own people.

In the same manner only specific parts of the government has any responsibility to report security flaws in software or systems. For instance as a contractor working on a DoD contract, if I find a software vulnerability all I have to do is report it to security, done. They will run that up the line to somewhere like DoD ACERT or something like that, and they will turn around and look into it, assess the risk to DoD systems, notify users and change STIG guidance so that DoD systems get tightened up. They will probably report it to the vendor who developed the software as well.

I haven't worked for other branches of the government and frankly I doubt most of them are even close to as good on security as the DoD is, but I am sure they have something remotely similar in place. The FDA, Dept of Trans, whichever one you pick. But the end reality is that they probably do not have a responsibility to report anything to the vendor unless they think they will need the vendors help. If a vulnerability is in something the government isn't really using, who cares, it's not their problem. It doesn't mean they won't report it, but it doesn't mean that they have to report it either.

Now I might be wrong but I have never seen anything that suggests otherwise, maybe someone else has though.
 
Brokennails said:
Also. I snicker at all these people omg the guberment is spying on me. They have this complex with 300,000,000 people each looking at a monitor for each person.... Lol
Click to expand...

Take it a step further - people going "OMG the GOVERNMENT IS SPYING ON ME!!!" ...

which is what they post on the same facebook page where they have a ton of drunk rants and risqué photos of themselves for strangers they forgot they friended 6 months ago can see, right after ''accidentally" texting some nude selfie to some random person in their 500 page phone list....
 
michalrz said:
Problem one:


This is pretty careless. Apple could comply in this way and 1) provide a clone of the 'subject device' simply to see what FBI can and can't do
or 2) just load unencryptable gibbrish to the real or fake 'subject' and then proudly claim they have awesome security.
BTW the password is either '35KGD203' or '123123123'.
Click to expand...


Why? For what possible reason? See, I think some of you still miss the intent of this court order. Apple assists the FBI is the point. What comes to mind when I read your statement is that;
1. Apple already lined out 4 ways to crack the phone and it seems it's possible there are others.
2. The FBI was somewhat specific in how Apple should go about this although they did leave things open for Apple to suggest other ways to meet the FBI's objectives.
3. All the FBI intends to do according to this court order is remote into the computer that's connected to the phone and run their cracking tool and all that is going to do is start brute forcing the unlock code entry so I don't know what revelations you think this is going to unearth.
4. And did you even consider what the Court would do to Apple if they were caught sabotaging the phone or hindering a federal investigation like this?
 
XenIneX said:
Properly implemented, with an appropriately complex password? Yes it will.

Barring an exploit, brute-forcing AES 256 encryption requires timescales typically referred to with phrases like "heat death of the universe", and would require more power than the current global electrical generation capacity to do so.
Click to expand...


Sounds like brute forcing AES 256 isn't the best way to crack it then :sneaky:
 
lcpiper said:
Why? For what possible reason? See, I think some of you still miss the intent of this court order. Apple assists the FBI is the point. What comes to mind when I read your statement is that;
1. Apple already lined out 4 ways to crack the phone and it seems it's possible there are others.
2. The FBI was somewhat specific in how Apple should go about this although they did leave things open for Apple to suggest other ways to meet the FBI's objectives.
3. All the FBI intends to do according to this court order is remote into the computer that's connected to the phone and run their cracking tool and all that is going to do is start brute forcing the unlock code entry so I don't know what revelations you think this is going to unearth.
4. And did you even consider what the Court would do to Apple if they were caught sabotaging the phone or hindering a federal investigation like this?
Click to expand...

Yes, yes, yes and yes.
I might have indeed missed some points, and please let me know if I missed the point.
But from what I've gathered, one of the ways they (the court) outlined to Apple (on how Apple can help the FBI) was to create an opportunity to remotely connect to the phone.
Apple would be then able to silently eavesdrop on this communication and find out how the FBI operates. Careless on the court's part.
Sure, I sometimes have problems getting my point across (never been outside Poland), so I'd be grateful if you corrected this assumption.
 
I believe the FBI don't have a fucking clue on how to unlock it, they just spread this rumor to get apple inside the door, to cooperate.
 
I hate the old "I have nothing to hide" argument. If you have iTunes or any other app that is hooked to a credit card, you don't want your phone able to be hacked. Personally, I don't use my phone for anything financial. I use it for phone calls, texts, checking my work email while at home and the occasional map search to find an address. But I certainly know a lot of people that use their phones for lots of stuff (banking, home security system control, etc) they wouldn't want falling into the hands of hackers / thieves. And if the government has access, it's only a matter of time (probably a short time) before "scary people" do too.
 
If the FBI/NSA can crack it, so will others sooner rather than later. If they don't, they don't.

Either way companies need to step up security in any case.
 
michalrz said:
Yes, yes, yes and yes.
I might have indeed missed some points, and please let me know if I missed the point.
But from what I've gathered, one of the ways they (the court) outlined to Apple (on how Apple can help the FBI) was to create an opportunity to remotely connect to the phone.
Apple would be then able to silently eavesdrop on this communication and find out how the FBI operates. Careless on the court's part.
Sure, I sometimes have problems getting my point across (never been outside Poland), so I'd be grateful if you corrected this assumption.
Click to expand...

OK, I'm Apple, I set up a computer and connect the iPhone to the computer.
I provide the FBI with remote access to the computer.
The FBI logs into the Apple Computer from a remote location and sees the iPhone connected to it.
Now the FBI executes their key generator against the phone to crack it.
That's it, that's all you will learn from the FBI about how they do things. You'll be able to monitor network packets being sent to the phone that look like;


aaaaaaaaaa
baaaaaaaaa
bbaaaaaaaa
bbbaaaaaaa
bbbbaaaaaa

Apple will not learn anything of value this way, but they will get paid for the work and their costs.

Eventually one of the codes will unlock the phone, the FBI will copy off the data, and it's all over, have a nice day Apple, what do we owe you? Here's a check. You may now do whatever you want with the phone and your custom software code. Toodles. Some people want to believe this would let the FBI "steal" the custom software, the "SIF". They are correct that the FBI could try, perhaps it would be possible, but yes, Apple could easily spot it by monitoring the connection. And the Court didn't actually write all of the Court Order, the FBI supplied all those details but the Judge/Court sort of "approves" it and it becomes a Court Order from there. So it's the FBI that decided how it was they wanted Apple to help them.
 
lcpiper said:
OK, I'm Apple, I set up a computer and connect the iPhone to the computer.
I provide the FBI with remote access to the computer.
The FBI logs into the Apple Computer from a remote location and sees the iPhone connected to it.
Now the FBI executes their key generator against the phone to crack it.
That's it, that's all you will learn from the FBI about how they do things. You'll be able to monitor network packets being sent to the phone that look like;

<other interesting things>
Click to expand...

Thanks a million Icpiper.

Wow, so just brute force or a dictionary attack. I was hoping they have a few tricks up their sleeve.
Because even myself, being far from what's considered *cough* 1337 *cough* would find another way.

Okay, I guess the data is encrypted on some flash. And then there's the operating system that introduces the 'timeout' when it detects brute force.

Following an idea I had about reading an EPROM chip by attaching vcc, gnd, simple LEDs to IO pins (assuming parallel read). Some wires, a battery and a hundred years of free time.
One could literally do it without a computer by simply maniuplating data read, data write, clock, hold and such.
So there goes your timeout. And then brute force the crap out of it. Do you think this would be doable?

Heck, tap into the clock generator in vivo and just 'fast forward' the timeouts by manipulating clockspeed (or other time reference it uses)
 
M76 said:
I believe the FBI don't have a fucking clue on how to unlock it, they just spread this rumor to get apple inside the door, to cooperate.
Click to expand...
The method they're going to use, according to the ArsTechinca story I read earlier today, is called "NAND mirroring".

They're going to disassemble the phone, copy the contents of the flash memory chips, then brute force through the password codes. After it becomes locked after the 10th failure, the data will be copied back and brute force resumed. This method could take up to 2 weeks.
 
pxc said:
The method they're going to use, according to the ArsTechinca story I read earlier today, is called "NAND mirroring".

They're going to disassemble the phone, copy the contents of the flash memory chips, then brute force through the password codes. After it becomes locked after the 10th failure, the data will be copied back and brute force resumed. This method could take up to 2 weeks.
Click to expand...

Boom! Pretty much called it! Refer back to my post #8.

While everybody is wearing their tin foil hats, I'm trying to figure out how they're doing it.
 
pxc said:
The method they're going to use, according to the ArsTechinca story I read earlier today, is called "NAND mirroring".

They're going to disassemble the phone, copy the contents of the flash memory chips, then brute force through the password codes. After it becomes locked after the 10th failure, the data will be copied back and brute force resumed. This method could take up to 2 weeks.
Click to expand...


As I understand it, the phone doesn't wipe the NAND. It generates a new key to encrypt the nand with, discarding the old one. That effectively erases the nand without actually having to reprogram the cells. So after that 10th time, restoring the nand would do no good since the phone would no longer have the key to decrypt the data partition.


It might be a good idea for them to tell Apple how they plan to get in so Apple has a chance to stop them from doing something stupid.
 
  • Like
Reactions: pxc
like this
ryan_975 said:
It might be a good idea for them to tell Apple how they plan to get in so Apple has a chance to stop them from doing something stupid.
Click to expand...
People don't often appreciate advice. I'd just let them learn their lesson if it goes horribly wrong.
 
Old_Way said:
I hate the old "I have nothing to hide" argument. If you have iTunes or any other app that is hooked to a credit card, you don't want your phone able to be hacked. Personally, I don't use my phone for anything financial. I use it for phone calls, texts, checking my work email while at home and the occasional map search to find an address. But I certainly know a lot of people that use their phones for lots of stuff (banking, home security system control, etc) they wouldn't want falling into the hands of hackers / thieves. And if the government has access, it's only a matter of time (probably a short time) before "scary people" do too.
Click to expand...
And I think that will become increasingly common. I've had a few times where I went to the grocery store; check out and find out I left my wallet at home. If I could pay with my phone (or just punch in my CC number), I'd be set, but I cant, so I have to drive home and back.
 
lcpiper said:
Which part of the government?

You do know it's not a generic thing. Just throwing around whatever and saying in general what the government is supposed to do is kinda lame.
Now I might be wrong but I have never seen anything that suggests otherwise, maybe someone else has though.
Click to expand...

I'm wrong. I recalled a statement saying bugs must be disclosed (which POTUS did make) but it allows for them to be kept secret if it benefits the NSA or law enforcement....so no disclosure is really required.

#eggOnFace
 
michalrz said:
Thanks a million Icpiper.

Wow, so just brute force or a dictionary attack. I was hoping they have a few tricks up their sleeve.
Because even myself, being far from what's considered *cough* 1337 *cough* would find another way.

Okay, I guess the data is encrypted on some flash. And then there's the operating system that introduces the 'timeout' when it detects brute force.

Following an idea I had about reading an EPROM chip by attaching vcc, gnd, simple LEDs to IO pins (assuming parallel read). Some wires, a battery and a hundred years of free time.
One could literally do it without a computer by simply maniuplating data read, data write, clock, hold and such.
So there goes your timeout. And then brute force the crap out of it. Do you think this would be doable?

Heck, tap into the clock generator in vivo and just 'fast forward' the timeouts by manipulating clockspeed (or other time reference it uses)
Click to expand...


Actually, although I have my own background in storage systems, I think you have a much better understanding of this problem then I do. I am making my own assumptions based on the specifics of the court order.

(1) it will bypass or disable the auto-erase function whether or not it has been enabled;
(2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and
(3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

So, in order to do this they either have to install their software for submitting passcodes to the phone on the Apple Computer or relay them via the remote connection right?

If they install the software on Apple's comp then all you will get out of monitoring the remote link is a normal RDP session of someone logging in and starting the app, the app will do it's think inside Apple's computer and to the iPhone.

If they simply use the Apple computer as a gateway/interface to the iPhone, then the remote connection will just get the passcode traffic.

That is all the order requires other than what is in the next paragraph which suggest how Apple should make the above happen.

3. Apple's reasonable technical assistance may include, but is.
not limited to:

providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE.
If everything is being done at Apple's facility then all Apple has to do is write the SIF and load it onto the phone, they don't actually have to hand it over to the FBI unless Apple decides not to do this on Apple's turf.

The SIF will load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory.
Now I have no idea what writing this SIF would really take, but Apple will be paid for it, and it isn't a new version of iOS or other operating system.

The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE.
Truthfully, I think this is a feel-good statement, if Apple controls everything at their facility and doesn't have to give the SIF or the phone to the FBI, then what's the point?

The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI.

Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2.

The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.

4. If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
People are interpreting this statement incorrectly and think the functionality set forth in paragraph 3 is all that stuff about the SIF, it is not. The functionality set forth in paragraph 3 is allowing the government to conduct passcode recovery analysis.
The parts of paragraph 3 that talk about the SIF being loaded into RAM and not modifying the iOS, etc, this is the "technological means" that is recommended by the government refered to in this statement. As an example, if Apple thinks there is a better way to load the SIF other than "The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI.", then Apple is free to recommend it and the government may accept it.

5. Apple shall advise the government of the reasonable cost of providing this service.
Apple get's paid.

6. Although Apple shall make reasonable efforts to maintain the integrity of data on the SUBJECT DEVICE, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein. All evidence preservation shall remain the responsibility of law enforcement agents.

7. To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.
And lastly, if Apple thinks this is too much they are free to try and convince the Judge so it isn't like they don't have a right to say "WTF".

It seems to have worked in New York.
Apple prevails in forced iPhone unlock case in New York court

As explained below, after reviewing the facts in the record and the parties' arguments, I conclude that none of those factors justifies imposing on Apple the obligation to assist the government's investigation against its will. I therefore deny the motion.
Click to expand...

In the above case Apple replied to the court order with the argument that the court order was unduly burdensome and between Apple's arguments, the government's arguments, and that Congress has consider passing a law that would have made this a non issue and decided against it, the Judge ruled against the Government. But in this San Bernadino case, things haven't gotten this far yet.
 
nilepez said:
I'm wrong. I recalled a statement saying bugs must be disclosed (which POTUS did make) but it allows for them to be kept secret if it benefits the NSA or law enforcement....so no disclosure is really required.

#eggOnFace
Click to expand...

You da man. Kudos (y)


Actually, they can keep them secret if the value is considered worth the risk to government systems.

In other words, let's say they find a vulnerability in Angry Birds, well that's important software so the government would have to report that to the vendor for patching :oops:
 
lcpiper said:
{solution} will load and run from Random Access Memory ("RAM")
{solution} will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory.
{solution} will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE.
Click to expand...

These three things are requirements for whatever solution Apple could have provided.

The first one is a technical requirement. The only way to get access to the keys is if the CPU on the phone itself is runnng the code to decrypt the content.

The second is a legal requirement. They can't very well use data as evidence if that evidence has been altered. To prevent alteration of data, any solution requires that contents of the NAND remain in the same form as it was acquired.

The third is another technical requirement that stems from the first. The iPhone's bootloader will not allow any unsigned firmware to be loaded. Signature of the firmware requires the identifiers of the device it's being loaded on.
 
Brokennails said:
Everyone spouting my privacy is soo damn important is annoying. What do you have on your phone that is so damn important? Oh noes. That porn I made with my wifes best friend. Woe is me.
Click to expand...

When you beat your wife that one time, the cops took notes on an iPad. And then when she went to the hospital, the staff used iPads all the way from admissions, to the OR, to billing. When her therapist talked to her about how you beat her, the therapist took notes on an iPad. Since she's divorcing you, the lawyer and all of his people are using an iPad and iPhone. Since you beat your wife in front of your kids, Child Protective Services came to visit, and they got case assignment via their iPhone and took notes on an iPad.

But none of that information has any expectation of privacy in your wife-beating world. Joy.
 
I'm just guessing Iciper, I'm no doctor :)

However what the EF BEE EYE (Hannibal Lecter's voice) has is stolen details about the circuitry inside the phone's CPU, source code of the kernel etc.
They "only" need RAM access so they can launch a 'clever little program' that might attack the device and bypass various things like the 'wrong password' counter, etc.
 
there is no right to privacy here.. the OWNER of the phone gave consent.... some of y'all missed that...
 
You missed the part of them wanting to pretty much set a precedent with the program for future cases. Small detail that is actually the whole case, they have gotten the info other ways in the past but just this one they want to go for it all.
 
LightningCrash said:
Read the thread, hombre...
Click to expand...


thread is irrelevant as the county owns the phone and gave consent as the owner.... for the FBI to search said device...

it's like living in an apartment, the landlord can give consent under certain circumstances for the police to search your apartment....
 
Kind of funny, the FBI lied to the Judge to use the All Writs Act to illegally compell Apple to do its bidding. And somehow this situation makes Apple look bad and the government trustworthy?
 
YeuEmMaiMai said:
thread is irrelevant as the county owns the phone and gave consent as the owner.... for the FBI to search said device...
it's like living in an apartment, the landlord can give consent under certain circumstances for the police to search your apartment....
Click to expand...

And apple is under no obligation to assist the FBI in compromising the phone.
 
Mike89 said:
I'm for privacy as much as the next guy but there should be exceptions to the rule, especially involving terrorism. I wonder if that cell phone contained information to attack your house and behead your children, if the privacy advocates would be so quick to side with Apple on this. I'm pretty sick with Apple playing this privacy precedent deal on this. I don't feel Apple helping give access to terrorist activities in any way affects my personal privacy.
Click to expand...

Ummm...You falling for the argument here? Let me share this with you: Exceptions do exist in the rule, like the specific court order that exists. Apple vagrantly violated that court order.

Believe it or not, I don't care, but the court actually already has the constitutional right to take away ANY of your rights necessary for 'reason', up to and including your very right to life (ever hear of death row?)
 
ryan_975 said:
These three things are requirements for whatever solution Apple could have provided.

The first one is a technical requirement. The only way to get access to the keys is if the CPU on the phone itself is runnng the code to decrypt the content.

The second is a legal requirement. They can't very well use data as evidence if that evidence has been altered. To prevent alteration of data, any solution requires that contents of the NAND remain in the same form as it was acquired.

The third is another technical requirement that stems from the first. The iPhone's bootloader will not allow any unsigned firmware to be loaded. Signature of the firmware requires the identifiers of the device it's being loaded on.
Click to expand...

No, you are incorrect.

Read what I wrote again and ask yourself this question with paragraph 4 in mind.

If, according to paragraph 4, Apple can recommend using an "alternate technological means from that recommended by the government" where in this court order is the "Government's recommended technological means"? It's not paragraph 2, paragraph 2 is " the three functions". What you are pointing two is how the Government is recommending that Apple accomplish the task but Apple has the option to recommend a better way.
 
BBA said:
Ummm...You falling for the argument here? Let me share this with you: Exceptions do exist in the rule, like the specific court order that exists. Apple vagrantly violated that court order.

Believe it or not, I don't care, but the court actually already has the constitutional right to take away ANY of your rights necessary for 'reason', up to and including your very right to life (ever hear of death row?)
Click to expand...


Actually I don't think Apple has violated the court order.

Apple received the court order and was given until Friday to respond. Prior to that date Apple filed a motion to vacate the order. Judge Pym denied Apple's motion to vacate. Apple then replied on Friday with their arguments on how burdensome the court order was and why they should not have to comply. A hearing was set to address Apple's response to the court order. Before the hearing could convene, the FBI gave notice to the court that they may no longer need Apple's assistance as they had found a 3rd party who is willing to assist. Judge Pym issued a stay on the court order awaiting notification from the FBI as to how things are going to go with unlocking the iPhone.

This is my best understanding of the case. If you have something to add please do, but if I am correct then Apple has not violated the court order in any way and has legally conducted it's business with the government and the court wholly within the limits of the law.
 
You must log in or register to reply here.
Back
Top