The Government 'Purchased A Tool' To Access iPhones

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The director of the FBI says the government purchased a tool that works on a "narrow slice" of iPhones. While I'm sure this will come as welcomed news to all the other agencies with iPhones to crack, Apple probably isn't too pleased. Thanks to Lloyd P. for the link.

The head of the FBI said Wednesday that the government had "purchased a tool" enabling investigators to access an iPhone belonging to San Bernardino gunman Syed Farook. The disclosure by James Comey in a speech at Ohio's Kenyon College was a departure from previous official statements, which had been vague in explaining the details of how the government broke into the phone last month.
 
Was just reading about this online the other day. Im not surprised they found someone to get into the iphone, I'm sure they put a huge signing bonus out for anyone who was willing to help them crack the phone. Surely someone involved with jailbreak was able to give info on how to get passed icloud and passcode locks
 
  • Like
Reactions: Madoc
like this
If I were to take a guess, there's probably a work around that allows downloading of a complete raw image of the phones memory bit for bit.


1. Download image
2. Attempt code
3. If failed, upload image, goto step 2
4. done
 
DigitalGriffin said:
If I were to take a guess, there's probably a work around that allows downloading of a complete raw image of the phones memory bit for bit.


1. Download image
2. Attempt code
3. If failed, upload image, goto step 2
4. done
Click to expand...

good theory, i was thinking same thing, no way they are simply bruteforcing till they get the right code

OregonLAN said:
Isn't it illegal to purchase or sell tools to circumvent encryption?
Click to expand...

Most likely but its the goverment, theyll do what they want lol the purpose of their tool was to get into the phone of a murder so the intentions are good atleast but maybe lead to future issues
 
Is Apple's encryption protected by any law? Something to the idea of attempting to break/hack encryption as a crime? Breach of computer security? I would say this falls along the same lines as someone who tries breaking a government computer's encryption... am i right?

The government needs to fess up to who decrypted it, otherwise we'll have to file this under government anti-trust as to keeping information from the public.
 
Does anyone knows if the FBI recover any information after unlocking the phone? Did they recover anything at all?
 
My understand it was not so much a tool but an 0day exploit kit that only worked on that version of the iphone.
 
serious said:
Does anyone knows if the FBI recover any information after unlocking the phone? Did they recover anything at all?
Click to expand...
That wasn't the point of this. The FBI has their tool. The 'narrow' group of iPhones is probably that model.
 
ShagnWagn said:
Is Apple's encryption protected by any law? Something to the idea of attempting to break/hack encryption as a crime? Breach of computer security? I would say this falls along the same lines as someone who tries breaking a government computer's encryption... am i right?

The government needs to fess up to who decrypted it, otherwise we'll have to file this under government anti-trust as to keeping information from the public.
Click to expand...

No, not encryption itself. It's illegal to access computing devices without consent, but not the act of breaking encryption.
 
lcpiper said:
No, not encryption itself. It's illegal to access computing devices without consent, but not the act of breaking encryption.
Click to expand...

Yeah, for an analogy... imagine you lose the keys to your house and you need to get past the locked door. Or someone sells you a house and forgets to give you the keys... or you're a bank and you've repossessed a house from an unwilling occupant that has tried messing with the locks to keep you out.

In any of those cases, you just call a locksmith or find some way to get past the lock. It's not illegal to pick a lock... however, if you're a thief and you pick a lock to enter someone else's house, you're breaking the law.

Incidentally, even if the door is unlocked, it's still illegal to enter someone's home without their permission. One could argue that it would be stupid to leave your door unlocked, but that doesn't make it legal for someone to steal from you if you forget. So it would also be illegal for someone to take data off your phone without your consent even if it weren't encrypted.

The reason we have security is because it can be very hard to prove someone accessed your phone without consent, and because by the time you realize it has happened, the damage would have already been done. But technically speaking, these kind of deterrents don't have anything to do with what's legal.
 
athenian200 said:
The reason we have security is because it can be very hard to prove someone accessed your phone without consent, and because by the time you realize it has happened, the damage would have already been done. But technically speaking, these kind of deterrents don't have anything to do with what's legal.
Click to expand...
unless you break government or Big Media encryption.
 
Spewn said:
Right, but as with DeCSS before it, this is because the encryption was being used as copy protection and not just because it was encryption.
Click to expand...
Isn't the reason for encryption to prevent copying? "copy protection"?
 
I was just going in to read up on that link. I am sure it's interesting. What Spewn is saying is just the kind of thing I was going to be looking for but he already has it nailed down. Damn, site is blocked :cry:

So if I am understanding Spewn's explanation, it's not because he broke the encryption but because he defeated an copy protection scheme by doing so. And the actually charges fit that as well right?
 
ShagnWagn said:
Isn't the reason for encryption to prevent copying? "copy protection"?
Click to expand...


It's not illegal to break encryption in general, which can be used for protecting all manner of things. It is illegal to break the encryption specifically protecting a copyrighted work.
 
ryan_975 said:
It's not illegal to break encryption in general, which can be used for protecting all manner of things. It is illegal to break the encryption specifically protecting a copyrighted work.
Click to expand...
That seems like it's an excuse added to make it sound specific.
 
ShagnWagn, I think you have confused the illegal act "circumventing a copy protection mechanism" with a tool, encryption.

To clarify I would pose a question, what if your copy protection scheme didn't rely on encryption at all. For instance, go old school, passcodes embedded in a manual for a game. This was an old copy protection measure that was rendered obsolete before the DCMA even existed, but. It still serves as an example.

In this example, when you started the game it would ask you for the 3rd word on the 22nd line on page 14 in the manual.

I searched the code for the words that were used as passcodes to get into the game. When I found known passcodes in the code, I would change them all to the same common code word so that I didn't have to hunt them up anymore. Eventually every passcode became the same word, "hammer". I circumvented a copy protection scheme but encryption wasn't involved really. I did have to use a hex editor, but I am not sure that burying passcodes inside programing code qualifies as an encryption method. Maybe what I did was still illegal at the time, but I might have challenged that under fair use since I never tried to divulge or sell my solution or the hacked code. Still, if I had done this more recently, DCMA might apply.
 
TechLarry said:
Isn't there a DMCA violation in here somewhere?
Click to expand...
3a33525811dae3e7245bf8357886c6f9.jpg
 
Krenum said:
Interesting!

Found a good video about it.
Click to expand...


Yeah, it is sort of sad that Carlin wasn't actually joking.........but comedy is one of the most effective means of social commentary.
 
Krenum said:
3a33525811dae3e7245bf8357886c6f9.jpg
Click to expand...

George is right. The Democrats want everyone to be drone workers so they can control them with the government. Republicans are the critical thinkers.

lcpiper said:
ShagnWagn, I think you have confused the illegal act "circumventing a copy protection mechanism" with a tool, encryption.

To clarify I would pose a question, what if your copy protection scheme didn't rely on encryption at all. For instance, go old school, passcodes embedded in a manual for a game. This was an old copy protection measure that was rendered obsolete before the DCMA even existed, but. It still serves as an example.

In this example, when you started the game it would ask you for the 3rd word on the 22nd line on page 14 in the manual.

I searched the code for the words that were used as passcodes to get into the game. When I found known passcodes in the code, I would change them all to the same common code word so that I didn't have to hunt them up anymore. Eventually every passcode became the same word, "hammer". I circumvented a copy protection scheme but encryption wasn't involved really. I did have to use a hex editor, but I am not sure that burying passcodes inside programing code qualifies as an encryption method. Maybe what I did was still illegal at the time, but I might have challenged that under fair use since I never tried to divulge or sell my solution or the hacked code. Still, if I had done this more recently, DCMA might apply.
Click to expand...

Not confused. I'm following along. I was around in those days. The difference is you were accessing something that was your property. This thread is about accessing someone else's private data by hacking a "lock" that is called encryption (aka stealing/theft). If it's not illegal, it should be.
 
ShagnWagn said:
George is right. The Democrats want everyone to be drone workers so they can control them with the government. Republicans are the critical thinkers.
Click to expand...
Lol. Reagan, Bush, The Tea Partiers, Fox news are all critical thinkers. :D
 
DigitalGriffin said:
If I were to take a guess, there's probably a work around that allows downloading of a complete raw image of the phones memory bit for bit.


1. Download image
2. Attempt code
3. If failed, upload image, goto step 2
4. done
Click to expand...
I thought they couldn't do this because the encryption code is tied to the specific phone's hardware.
 
ShagnWagn said:
George is right. The Democrats want everyone to be drone workers so they can control them with the government. Republicans are the critical thinkers.



Not confused. I'm following along. I was around in those days. The difference is you were accessing something that was your property. This thread is about accessing someone else's private data by hacking a "lock" that is called encryption (aka stealing/theft). If it's not illegal, it should be.
Click to expand...

No, I think this thread is still about accessing data on a government owned phone, or at least that is the genesis of it. And all legality aside, my example had nothing to do with whether what I did was illegal or not. It was about the difference between encryption as a tool and encryption as a copy protection scheme relative to DMCA.

See, just like in previous issues where the same sort of thing has happened. We have jumped from the frying pan into the fire. Had Apple not refused to assist with a clearly legitimate request for assistance then the company and it's customers would have been in much better shape now. All Apple needed to have done was help unlock that phone and they wouldn't have had to give the FBI anything but the data. Now the FBI has had an outside entity sell them a lock pick.
 
ShagnWagn said:
George is right. The Democrats want everyone to be drone workers so they can control them with the government. Republicans are the critical thinkers.
Click to expand...
I would like to think the Republican were an alternative but they offer pretty much the same thing. Maybe there is a subtle different like Serfdom to government reinforced by corporations vs. serfdom to corporations reinforced by government. But to most of us, it ends up in the same place.
 
Armenius said:
I thought they couldn't do this because the encryption code is tied to the specific phone's hardware.
Click to expand...

The firmware is signed by apple for each specific phone, to prevent downgrade attacks.
Fortunately, the portions of the storage that store the lockout counter are not signed by Apple. So if you could somehow manipulate the storage manually, you could restore that file and reboot. The iOS signature would still be valid, and you could try more PW attempts.
 
You must log in or register to reply here.
Back
Top