FBI Folds after Apple Calls Its Bluff

69

The FBI was holding the legal equivalent of a pair of twos and it knew the law was not on its side—sort of ironic for a law enforcement agency. Taking a page out of the Kenny Rogers book of knowing when to hold ‘em and knowing when to fold ‘em, the FBI wisely backed down and found another way.

Call me a cynic, but I am not convinced that the FBI actually even hacked the device. Or, if it did I believe it knew all along that it could do it, but was hoping to take advantage of this opportunity to establish a legal precedent it could use to compel private corporations to cooperate in future investigations. I think the FBI conveniently “found a way” to hack the iPhone because it didn’t want to be publicly humiliated in court.

An ABC News report states, “An urgent meeting inside FBI headquarters little more than a week ago is what convinced federal law enforcement officials that they may be able to abandon a brewing legal fight with tech giant Apple, sources told ABC News today.”

The report goes on to suggest that countless companies and hackers stepped forward to offer assistance to the FBI, but some were just total whackos and none of the solutions seemed viable. Then a mystery company appeared with a possible method of accessing the iPhone.

“On Sunday, March 20, in a meeting at FBI headquarters, company officials demonstrated their technology on another iPhone. Convinced it would work, the FBI greenlighted applying it to Farook’s phone, sources said.”


ABC Breaking News | Latest News Videos

I spoke last week with Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. He shared his belief that this entire charade was all about the FBI seeking a legal precedent—a precedent for forcing a company to weaken the data security of its product. Clarke said such a precedent would strengthen the case for an encryption backdoor.

From that perspective, it may actually have been beneficial for the FBI to go to court and lose. If it could demonstrate publicly that it has no legal standing to compel Apple to cooperate by writing a custom version of iOS, it might have galvanized support for mandating some sort of encryption back door to prevent similar conflicts in the future.

By magically finding a way to hack the unhackable iPhone, the FBI has undermined any argument it may have had either with the All Writs Act or an encryption back door. If the FBI can just hire hackers to access devices in these cases, we don’t need to bother with legal precedent or compelling private companies to build encryption back doors.

I don’t mean to suggest in any way that I don’t think the iPhone is hackable. Despite Apple’s reputation for superior security, there is no such thing as an impenetrable device and I’m confident there’s more than one way to access an “unhackable” iPhone. I’m simply stating that I find the timing of the FBI revelation the day before it was going to lose in court as both convenient and suspicious.

Clarke suggested that FBI did not really look around for another solution until the negative publicity began. It’s possible the FBI was confident that public opinion would be on its side and that this would be the perfect case to establish a legal precedent. Once the FBI analyzed the situation and realized that Apple might win on appeal, it scrambled for an alternative.

Clarke told me, “I think they realized they were playing a losing hand.” He also expressed that FBI Director James Comey is not being well advised, and is overly relying on his Special Agents for advice.

The whole circus was a mistake in my opinion. The FBI—and government intelligence and law enforcement agencies in general—are much better served by working in stealth when it comes to something like this. Had the FBI succeeded in compelling Apple to weaken its own security, it would have also succeeded in convincing would-be terrorists and criminals to avoid using iPhones. By announcing to the world that it has found a way to hack the iPhone, it has accomplished that same goal. It would have made more sense to figure out how to hack the iPhone in secret so that the bad guys the FBI wants to monitor and investigate aren’t aware that the FBI has that capability.

The whole thing seems more like an episode of Get Smart than something I would expect from some of the smartest minds in intelligence.

Share.

About Author

Tony Bradley is a social media, community, and content marketing wizard--and also Editor-in-Chief of TechSpective. Tony has a passion for technology and gadgets--with a focus on Microsoft and security. He also loves spending time with his family and likes to think he enjoys reading and golf even though he never finds the time for either.

69 Comments

  1. oldprofessor on

    We all knew the phone was hackable. Apple knew it but did not want to be involved in a public case of hacking their own phone. The FBI wanted it to be public knowledge that the phone was hackable. Apple wins/ FBI wins…..

    • or, apple complied with a secret court order and can’t say they did but has the condition of being able to act like they didn’t comply. Patriot act is sticky.

      • noneed4aname on

        Apple did a major security update sinse the phone in question, so there was no need to be tight-lipped.

        • What part of “patriot act allows the federal government to establish secret courts that make orders that can’t be spoken of” don’t you understand? It’s entirely possible Apple was forced to comply and is being allowed to act like they didn’t. Apple does security updates all the time like everyone else. Hell, the “security update” could have been opening a hole.

          • noneed4aname on

            I’m not even a fanboy, but noted b/c the author didn’t care to research.. Apple did a complete overhaul in security between the 5s and 6, and at the same time greatly stopped complying in gov-requests. This was last September. Not a security update, rather a complete software and hardware overhaul. Sure it’s possible they complied w: the govt now – I just not likely it would play out as it has had the hacked phone had the updated security.

          • It’s not really a conspiracy. Every computer manufacturer and ISP has had these court orders put on them at one time or another. AT&T mirrored ALL traffic leaving the U.S. for decades before it was leaked, and now likely still does, just more hidden.

            I refuse to believe that A) Apple doesn’t know how to get into their own products, they are tyrants about control over their products, or B) that the government didn’t already know how to break it or didn’t already make Apple comply.

            They likely did what was suggested before the court case hullabaloo began; make several forensic copies and brute each one until you find the password. You don’t need to defeat the encryption if you can make a side channel attack.

          • noneed4aname on

            I hear that. At the same time it’s a 4 digit code they wanted not some Turring level shit.

          • It’s a 4 digit code that wipes if it’s wrong 10 times. That’s the reason the FBI is claiming they needed Apple’s involvement. I’d imagine there’s some kind of safeguard to prevent making forensic copies when that feature is enabled, and is likely what was actually circumvented.

          • A simple software check of the serial number of the flash chip would ensure that law enforcement or anyone else couldn’t just desolder the chip, copy it, and re-solder the new one in place to get around the 10 entry limit.

          • Your average time to brute force though is half the possible numbers, no matter what, possibly less if “random” entries are used and not sequential. once it’s been copied once, why do I need to even use an Apple platform? If I was able to get a forensic copy other than not having the 10 wipe function, why not just make however many copies you need of that to brute attempt faster?

          • Because part of the encryption key is the device ID that is embedded in the hardware of the phone. So without the chip being installed in that particular phone, which the wipe function is also embedded in the hardware, you will never be able to brute force the pin. And forcing the pin is the easier option, when compared to breaking AES 256 bit encryption that would take several hundred years on a super computer to crack.

          • Don Turnbull on

            The holder of the phone killed a whole bunch of people with help from a foreign influence. 1000 hours (~42 days) does not seem like much to get information that might be useful chasing these folks down. In fact, it seems to fit pretty much in the time the Feds fought Apple in court.

          • Gerry Blevins on

            You wouldn’t have to go thru all that. You would only have to desolder the chip from the board and place it onto another board to start hitting it with codes with no limit. The strorage flash isn’t what activates the wiping of the data on the flash. You take the storage flash off the board and your no longer constrained to Apple’s specs anymore. A hardware solution is very dangerous though. I’m the proud owner of a previously icloud locked ipad 3. Anything is hackable.

          • If what you say is true, the FBI & Apple could have kept it secret from the start.

          • if you can score PR, why not? Remember how AT&T always touted they don’t sell your data to the government?

      • Neville Chamberlain on

        Occam’s Razor. I suspect that Apple has “clean hands” in all this. The FBI was trying to force a precedent that would have rendered the Constitution moot. Only Congress has the authority to authorize such “adventures” by the FBI or to force Apple, et al, to eliminate effective encryption and thus render all communications and storage public. This is a much wider issue than just Apple. This is about all communcations and all storage encryption. The government wants absolute access to all content ostensibly to combat crime and terrorism but it is a slippery slope defining what a “crime” actually is and then you get to 1984 and “thought crime” very quickly and lest us not forget the political implications of making all content public?

      • Gerry Blevins on

        How is that. They fought for their rights in court against a government which was LOSING and overstepping their authority. You have no clue what a patriot is.

  2. Wow. Double stanard. Stick it in your ear timmy. As for how they did it rather simple. Remove internal flash drive the bastards at apple solder it to the man board. Almost all their products are soldered or glued. Once removed connect power supply and copy entire drive to another flash drive. You still need the pass code to bypass drive and access data. Repeat on multiple drives and start random code access until goal is achieved. You may go through a lot drives but a simple algorithm based on owners habits will provide 1. Each drive has 10 tries before erase and lock take affect. If encryption can be created it could always be bypassed. Only until Quantum Computing Takes affect in the next decade will it possibly almost be impossible to accomplished but that’s a whole other article in itself

    • The method you describe isn’t possible with the iPhone. The encryption algorithm uses a random device ID that is generated at the time of manufacture by the physical manufacturing process. With the flash memory not in the original device it was installed in, it won’t have access to that device ID. Without the device ID, generating the correct hash from the pin is impossible so you will never succeed in unlocking it. Of course, if the flash is in the phone then you are limited to 10 tries before the device deletes the encryption key, hence the FBI’s problem. I’m sure Apple thought of removing the flash chip and checks the serial number of the flash chip or something similar to detect tampering. That would be a rather obvious flaw otherwise.

      • I work for flashback data based in Austin we freeze drives and read the algorithms bit by bit no encryption is uncrackable it’s time-consuming but not impossible once you come to drive over and over again it doesn’t matter what device ID is it available and we keep a database of all IDs based on the device from the manufacturer on sequel databases at home if you can write the encryption they could always be broken

      • Yeah and its not something a company could “Demo” on a different device as proof of concept to sell the idea. The government would have wanted to see a successful demo of this in action and I doubt they would have been patient to watch some company remove and connect this thing countless times while the password was guessed at.

  3. Neville Chamberlain on

    I don’t believe the FBI actually hacked the phone. This was all a ruse to destroy effective encryption and set precedents way beyond Apple – think google, facebook, etc ad nauseum … this was about circumventing the constitution and setting a dangerous precedent, . When the FBI determined it was likely to lose the precedent, they just folded. The phone likely never has been accessed and now Apple can use FOIA requests to determine how the phone was accessed, if indeed, it was.

    • Don Turnbull on

      Please point to the article or amendment in the Constitution covering the right of criminals to keep secrets. Please point to the section covering anyone’s right to encode information at all. The closest might be the 4th amendment (protection from unreasonable search and seizure). The question there is it unreasonable for the public to want the information encoded by a mass murderer. Hard to make that case I think.

      • The government and law enforcement have a right to reasonable search and seizure with probable cause and a warrant. That right does not, however, extend to conscripting private companies or individuals to work for the government in creating new tools–especially when those tools weaken and undermine the security of products the company relies on for revenue. There is nothing wrong with the FBI wanting access. I don’t even have a problem with the FBI getting access–if it actually did. That is fine. The problem is believing the FBI has the authority to compel Apple to write a custom version of iOS to help them. That circumvents the Constitution.

        • Your argument with respect to enforced conscription is weakened by the Obamacare Supreme Court case which gave the government the right to force people to buy health insurance. If you can be forced to buy health insurance, it is not that big an additional step to require tech companies to unlock their devices following terrorist killings. The Obamacare case established the principle that citizens can be forced to take action that they would choose not to do if given the choice

          JD

          • Don Turnbull on

            Hardly. States have been requiring drivers carry car insurance for decades. Certain mortgages require homeowners carry mortgage insurance. Certain homeowners are required to carry flood insurance.

            Obamacare isn’t even new on the specific point. The individual mandate is a key feature of the plan in Massachusetts (as backed by and signed into law by a Republican governor) and a key feature of the plan proposed by the Republican Congress in the early/mid 1990’s.

            The government has always been able to require specific behavior from both companies and citizens under a wide range of circumstances. One can debate where the line should be drawn but the fact that most states have long mandated liability and healthcare coverage as part of auto insurance policies make Obamacare nearly the last in line on this specific topic.

        • Don Turnbull on

          There is no such protection in the Constitution. Perhaps there should be. It does feel wrong to compel a private company as you describe. But, the Constitution provides no specific protection against the government ordering a company to act or not act in furtherance of a criminal investigation. It would require a court decision to interpret such protection similar to how the court found a right to privacy when the word privacy does not appear in the document.

          Thay may be fine to do but, if such a thing happens, i very much hope that it is done better than Rowe was done. Better yet, it would be nice if Congress stepped up and wrote some law making it unnecessary for the court to legislate from the bench.

          Regardless, a plain text reading of the Constitution does not solve this problem. It is mute on the questuon of what the government can or cannot compel a corporation to do or not do in this circumstance.

          • Don Turnbull on

            It’s not hacking. The legal owner of the phone (the county of San Bernadino) asked for access to their phone. This is more like having a two truck driver help you unlock your car when the keys are locked inside.

      • I think you and Tony Bradley here are both right and both wrong. I don’t want a government that can require backdoors into anything made, nor do I want a company like Apple sticking its nose up at our government and constantly trying to undermine their ability to carry out it’s duties.

        If the government wins we can all be watched anytime any place, if a corporation wins this gambit the power to abuse it will eventually be realized. Heck, as it stands it seems as if corporations determine what laws they follow based on profitability not moral grounds.

        • I agree; I don’t want the government to have that power either. Right now, it does by virtue of the fact that there is neither legislation nor precedent on point. It would be nice if congress would act before the court does and pass law covering this situation. Sadly, we have a Congress that thinks it is a virtue to not act and does not do its job.

  4. I tend to agree with Snowden: FBI very likely knew how to hack it from day one but attempted to use it as pretext to force the industry into compromising their encryption products. When it became clear that won’t work, they simply announced that “suddenly” they could decrypt it after all. What bothers me is that nobody in the media points out to the obvious idiocy of all such attempts by the government: terrorists simply DO NOT USE the encryption embedded in the devices. Instead, they download the uncompromised, independently made, foolproof programs available on the Internet since the early 1990s. That’s what’s so annoying: all these discussions about the built-in encryption in smartphones etc. is completely IRRELEVANT because the criminals NEVER use those products!

    • Irrelevant like the Gov spying in on Gmail accounts. Any terrorist worth his salt is using Tor for communicating and would NEVER use Gmail.

        • Which is the great irony in all of this. Terrorists are using secure communication methods created by the government that was given away for all to use.

          • They weren’t exactly given away for free, encryption was munitions until a few years ago and sharing it, even paper printed code, was a major felony if sent outside the U.S.. Look at the warnings that still exist on Cisco CLI.

  5. J_Bonaccorsi_Philadelphia on

    Translation: “Tech persons, like Apple and me, are smart. Cops, like the FBI, are stupid. The cops would have been humiliated—really, they would—because they are not smart, like I are smart. The way things worked out, it might not seem that way—but really, that is the way it is.”

  6. chevyclutchfoot on

    There are only two possibilities here:

    1. The gov’t already could already break strong encryption on an iphone by
    (a) having a mole in Apple or an undisclosed agreement with the company which had already inserted a backdoor – which is what Snowden hinted at – or
    (b) having a quantum computer that no one else knows about.

    2. The gov’t did not really break the encryption, but realized it was going to fail to establish the precedent it sought, and wanted to bring down trust in Apple with it by making it seem like someone had hacked their products already.

    There is no possibility 3, where the gov’t suddenly figured out how to crack it, just now, today.

  7. The writer of this article is a really stupid, smart person. Apple was most likely in the wrong ethically and legally. When you are talking about a terrorist attack against your country, the rules generally change. Instead of helping the FBI, Apple forced them to break their encryption. Really dumb. Now Apple has zero say in what the FBI does with their phones because of that. It amazes me how dumb some smart people are.

    • Don Turnbull on

      It has been a long time since Apple could call the US its country. Had this happened in Taiwan, things might have been different.

    • Apple always had zero say. The FBI could have simply found a hacker without the public dog and pony show. Aside from the possible impact on Apple’s reputation in the eyes of people naïve enough to believe the iPhone is / was unhackable, nothing has changed. The iPhone was hackable, and now the iPhone is hackable.

    • Gerry Blevins on

      The government has never proven they unlocked that phone. And now their trying to get Apple to unlock an OLDER phone. Your government has deceived you and lied right to your face. The government folded their hand because they were going to lose the next day in court. The FBI had a pair of 2’s and Apple had a full house.

  8. Oh my..poor techies..all your porn is not safe from the prying eyes of the gubmint..
    Really..
    Such sophomoric outrage…
    You’d think the United States of North Korea is just around the corner.

    • Again–that is the prevailing theory. I have not seen official or credible confirmation of that speculation yet. I’m not saying it’s not possible–or even likely–just that it is not a “fact” at this point as far as I know.

  9. Lots of discussion about how the phone was hacked and who won or lost in the fight…but why no discussion about what was found? Shouldn’t that be the question all should be asking? After all, the whole point of this was for the FBI to get potentially important information for their investigation, right? Well? Did they? A statement that the FBI “is still reviewing the information on the phone” does not wash and everyone in Washington can recognize government blah blah speak when they hear it. The FBI knew what information they were looking for and if they truly hacked the phone they would likely know within minutes whether they had something useful or not. It is nearly impossible to conceive that several days post-hack they are still reviewing information. It just may be they defeated the security on the phone but still have issues reading or understanding the information on it. Worse, it may be they went through all this for no useful information in which case, and because of their public posture during the last 2 months, they can hardly acknowledge now and risk a real tide of public opinion turning against them.

  10. Not totally sure where I fall in this argument. At first I was on the Government’s side, “How could apple do this, keep us from getting in to a terrorists’s phone..blah blah.”

    But then I changed my opinion within a few days of reading what was actually happening, at least on coverage that I was reading, none of which may be the real story. But I sided with Apple. The Government seemed liked bungling fools, could have unlocked the phone in secret perhaps with Apple’s help instead of public battle, could have done many things better.

    But now, I’m flip flopping again after reading that now Apple… wants the Governments help… in knowing how they unlocked the phone.

    I let that sink in a few times. Totally understandable they’d want to know how someone broke into their phone.

    And of course.. If.. they really did. Which I’m also on the fence about. I had the same though, maybe this was the Government’s way of just backing out of this whole mess.

    Or maybe they really did get into the phone in which case, now what? Do they turn around and help Apple make their phone more secure so that next time they need Apple’s help.. again… Apple can refuse?

    So many weird twists here an things to think about. It’s hard to really, deep down, take either side. I totally get Apple’s side. I want my phone secure, from everyone. Even if it’s not, I want to believe the lock is good.

    I totally get the Governments side too. At least much of it. Not the part about the re-writing the OS to allow for a back door (I don’t believe this was really what they were after although you never know). I believe they just wanted into this one device but it kind of ballooned in the media to become ALL iphones.

  11. dominio.publico on

    Even just playing the odds that had a 1 in 9999 chance of guessing the pin right. It’s hardly winning the lottery. The code was probably 1234.

  12. Don Turnbull on

    Well, you definitely have a unique perspective as promised. I do agree that the FBI had the ability all along to break the phone and wanted Apple to put itself in a more cooperative position.

    Another way to look at this is that Apple had an opportunity to manage how this sort of thing would happen now and in the future. It could have had a seat at the table where it could see when government intrusion was frivolous or improper. Instead, it decided to fight and win a pyrrhic victory. Now, the FBI will simply invade any phone it wants and, when challenged, it will say “well, we tried to work cooperatively with business and they chose not to be a part of it.”

    Well done Apple. Instead of protecting your users, you have likely left them without a strong voice in these matters. Apple’s actions virtually insure that law enforcement will eventually overstep and there will be no one with a motivation to call them on it around at the time. And all this over a publicly owned phone (property of San Bernadino County) used by a mass murderer who is dead and long past any privacy concern.

    Well done, you, Apple, and Charlie Sheen are “winning”.

  13. You should be careful what you wish for. Apple did not want to assist in the investigation. By so doing it forced the government to break the encryption on its own. The government’s action showed that the Apple phone was not secure and now Apple has no way of knowing how its phones can be hacked.

    I should add that generally I am very skeptical of government backdoors. However, after a terrorist attack where there is a good chance that dozens of lives may be saved, I would make an exception.

    • Gerry Blevins on

      The government never cracked the iphone. Their lying to you. They folded the day before they were going to lose in court.

  14. Agreed! Never believe everything you read on the internet :-D.

    LOL… I can fart into the mouth of a partially hydrogenated ape and see what time the Mayan calendar is actually going to expire…. Really… I don’t have to prove it or show anyone a video… I just say I can do it and you MUST believe me!!!

    The internet is a funny… Funny place… Everyone knows the only way to be totally secure is to use Linux… Over 20 years of operation and maybe has 2 or 3 viruses that were eradicated years ago anyway :-D… Try to listen to my CPU while running Linux and come up with a crack for that…. Aint gonna happy silly goose!!!

    Silly monkeys!!!

Leave A Reply