The FBI was holding the legal equivalent of a pair of twos and it knew the law was not on its side—sort of ironic for a law enforcement agency. Taking a page out of the Kenny Rogers book of knowing when to hold ‘em and knowing when to fold ‘em, the FBI wisely backed down and found another way.
Call me a cynic, but I am not convinced that the FBI actually even hacked the device. Or, if it did I believe it knew all along that it could do it, but was hoping to take advantage of this opportunity to establish a legal precedent it could use to compel private corporations to cooperate in future investigations. I think the FBI conveniently “found a way” to hack the iPhone because it didn’t want to be publicly humiliated in court.
An ABC News report states, “An urgent meeting inside FBI headquarters little more than a week ago is what convinced federal law enforcement officials that they may be able to abandon a brewing legal fight with tech giant Apple, sources told ABC News today.”
The report goes on to suggest that countless companies and hackers stepped forward to offer assistance to the FBI, but some were just total whackos and none of the solutions seemed viable. Then a mystery company appeared with a possible method of accessing the iPhone.
“On Sunday, March 20, in a meeting at FBI headquarters, company officials demonstrated their technology on another iPhone. Convinced it would work, the FBI greenlighted applying it to Farook’s phone, sources said.”
ABC Breaking News | Latest News Videos
I spoke last week with Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. He shared his belief that this entire charade was all about the FBI seeking a legal precedent—a precedent for forcing a company to weaken the data security of its product. Clarke said such a precedent would strengthen the case for an encryption backdoor.
From that perspective, it may actually have been beneficial for the FBI to go to court and lose. If it could demonstrate publicly that it has no legal standing to compel Apple to cooperate by writing a custom version of iOS, it might have galvanized support for mandating some sort of encryption back door to prevent similar conflicts in the future.
By magically finding a way to hack the unhackable iPhone, the FBI has undermined any argument it may have had either with the All Writs Act or an encryption back door. If the FBI can just hire hackers to access devices in these cases, we don’t need to bother with legal precedent or compelling private companies to build encryption back doors.
I don’t mean to suggest in any way that I don’t think the iPhone is hackable. Despite Apple’s reputation for superior security, there is no such thing as an impenetrable device and I’m confident there’s more than one way to access an “unhackable” iPhone. I’m simply stating that I find the timing of the FBI revelation the day before it was going to lose in court as both convenient and suspicious.
Clarke suggested that FBI did not really look around for another solution until the negative publicity began. It’s possible the FBI was confident that public opinion would be on its side and that this would be the perfect case to establish a legal precedent. Once the FBI analyzed the situation and realized that Apple might win on appeal, it scrambled for an alternative.
Clarke told me, “I think they realized they were playing a losing hand.” He also expressed that FBI Director James Comey is not being well advised, and is overly relying on his Special Agents for advice.
The whole circus was a mistake in my opinion. The FBI—and government intelligence and law enforcement agencies in general—are much better served by working in stealth when it comes to something like this. Had the FBI succeeded in compelling Apple to weaken its own security, it would have also succeeded in convincing would-be terrorists and criminals to avoid using iPhones. By announcing to the world that it has found a way to hack the iPhone, it has accomplished that same goal. It would have made more sense to figure out how to hack the iPhone in secret so that the bad guys the FBI wants to monitor and investigate aren’t aware that the FBI has that capability.
The whole thing seems more like an episode of Get Smart than something I would expect from some of the smartest minds in intelligence.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024
View Comments (69)
We all knew the phone was hackable. Apple knew it but did not want to be involved in a public case of hacking their own phone. The FBI wanted it to be public knowledge that the phone was hackable. Apple wins/ FBI wins.....
or, apple complied with a secret court order and can't say they did but has the condition of being able to act like they didn't comply. Patriot act is sticky.
Apple did a major security update sinse the phone in question, so there was no need to be tight-lipped.
What part of "patriot act allows the federal government to establish secret courts that make orders that can't be spoken of" don't you understand? It's entirely possible Apple was forced to comply and is being allowed to act like they didn't. Apple does security updates all the time like everyone else. Hell, the "security update" could have been opening a hole.
I'm not even a fanboy, but noted b/c the author didn't care to research.. Apple did a complete overhaul in security between the 5s and 6, and at the same time greatly stopped complying in gov-requests. This was last September. Not a security update, rather a complete software and hardware overhaul. Sure it's possible they complied w: the govt now - I just not likely it would play out as it has had the hacked phone had the updated security.
It's not really a conspiracy. Every computer manufacturer and ISP has had these court orders put on them at one time or another. AT&T mirrored ALL traffic leaving the U.S. for decades before it was leaked, and now likely still does, just more hidden.
I refuse to believe that A) Apple doesn't know how to get into their own products, they are tyrants about control over their products, or B) that the government didn't already know how to break it or didn't already make Apple comply.
They likely did what was suggested before the court case hullabaloo began; make several forensic copies and brute each one until you find the password. You don't need to defeat the encryption if you can make a side channel attack.
I hear that. At the same time it's a 4 digit code they wanted not some Turring level shit.
It's a 4 digit code that wipes if it's wrong 10 times. That's the reason the FBI is claiming they needed Apple's involvement. I'd imagine there's some kind of safeguard to prevent making forensic copies when that feature is enabled, and is likely what was actually circumvented.
A simple software check of the serial number of the flash chip would ensure that law enforcement or anyone else couldn't just desolder the chip, copy it, and re-solder the new one in place to get around the 10 entry limit.
Your average time to brute force though is half the possible numbers, no matter what, possibly less if "random" entries are used and not sequential. once it's been copied once, why do I need to even use an Apple platform? If I was able to get a forensic copy other than not having the 10 wipe function, why not just make however many copies you need of that to brute attempt faster?
Because part of the encryption key is the device ID that is embedded in the hardware of the phone. So without the chip being installed in that particular phone, which the wipe function is also embedded in the hardware, you will never be able to brute force the pin. And forcing the pin is the easier option, when compared to breaking AES 256 bit encryption that would take several hundred years on a super computer to crack.
The holder of the phone killed a whole bunch of people with help from a foreign influence. 1000 hours (~42 days) does not seem like much to get information that might be useful chasing these folks down. In fact, it seems to fit pretty much in the time the Feds fought Apple in court.
You wouldn't have to go thru all that. You would only have to desolder the chip from the board and place it onto another board to start hitting it with codes with no limit. The strorage flash isn't what activates the wiping of the data on the flash. You take the storage flash off the board and your no longer constrained to Apple's specs anymore. A hardware solution is very dangerous though. I'm the proud owner of a previously icloud locked ipad 3. Anything is hackable.
If what you say is true, the FBI & Apple could have kept it secret from the start.
if you can score PR, why not? Remember how AT&T always touted they don't sell your data to the government?
Occam's Razor. I suspect that Apple has "clean hands" in all this. The FBI was trying to force a precedent that would have rendered the Constitution moot. Only Congress has the authority to authorize such "adventures" by the FBI or to force Apple, et al, to eliminate effective encryption and thus render all communications and storage public. This is a much wider issue than just Apple. This is about all communcations and all storage encryption. The government wants absolute access to all content ostensibly to combat crime and terrorism but it is a slippery slope defining what a "crime" actually is and then you get to 1984 and "thought crime" very quickly and lest us not forget the political implications of making all content public?
All I have to say is Apple is no patriot!
How is that. They fought for their rights in court against a government which was LOSING and overstepping their authority. You have no clue what a patriot is.
Wow. Double stanard. Stick it in your ear timmy. As for how they did it rather simple. Remove internal flash drive the bastards at apple solder it to the man board. Almost all their products are soldered or glued. Once removed connect power supply and copy entire drive to another flash drive. You still need the pass code to bypass drive and access data. Repeat on multiple drives and start random code access until goal is achieved. You may go through a lot drives but a simple algorithm based on owners habits will provide 1. Each drive has 10 tries before erase and lock take affect. If encryption can be created it could always be bypassed. Only until Quantum Computing Takes affect in the next decade will it possibly almost be impossible to accomplished but that's a whole other article in itself
The method you describe isn't possible with the iPhone. The encryption algorithm uses a random device ID that is generated at the time of manufacture by the physical manufacturing process. With the flash memory not in the original device it was installed in, it won't have access to that device ID. Without the device ID, generating the correct hash from the pin is impossible so you will never succeed in unlocking it. Of course, if the flash is in the phone then you are limited to 10 tries before the device deletes the encryption key, hence the FBI's problem. I'm sure Apple thought of removing the flash chip and checks the serial number of the flash chip or something similar to detect tampering. That would be a rather obvious flaw otherwise.
I work for flashback data based in Austin we freeze drives and read the algorithms bit by bit no encryption is uncrackable it's time-consuming but not impossible once you come to drive over and over again it doesn't matter what device ID is it available and we keep a database of all IDs based on the device from the manufacturer on sequel databases at home if you can write the encryption they could always be broken
Linux is a beautiful language
and cisco claims their salted hashes can't be broken either.
Yeah and its not something a company could "Demo" on a different device as proof of concept to sell the idea. The government would have wanted to see a successful demo of this in action and I doubt they would have been patient to watch some company remove and connect this thing countless times while the password was guessed at.
I don't believe the FBI actually hacked the phone. This was all a ruse to destroy effective encryption and set precedents way beyond Apple - think google, facebook, etc ad nauseum ... this was about circumventing the constitution and setting a dangerous precedent, . When the FBI determined it was likely to lose the precedent, they just folded. The phone likely never has been accessed and now Apple can use FOIA requests to determine how the phone was accessed, if indeed, it was.
The phone was hacked. But the FBI didn't do it. It was Cellebrite, an Israeli firm.
That is the prevailing--but as-yet-uncomfirmed-officially--speculation I have heard.
Please point to the article or amendment in the Constitution covering the right of criminals to keep secrets. Please point to the section covering anyone's right to encode information at all. The closest might be the 4th amendment (protection from unreasonable search and seizure). The question there is it unreasonable for the public to want the information encoded by a mass murderer. Hard to make that case I think.
The government and law enforcement have a right to reasonable search and seizure with probable cause and a warrant. That right does not, however, extend to conscripting private companies or individuals to work for the government in creating new tools--especially when those tools weaken and undermine the security of products the company relies on for revenue. There is nothing wrong with the FBI wanting access. I don't even have a problem with the FBI getting access--if it actually did. That is fine. The problem is believing the FBI has the authority to compel Apple to write a custom version of iOS to help them. That circumvents the Constitution.
Your argument with respect to enforced conscription is weakened by the Obamacare Supreme Court case which gave the government the right to force people to buy health insurance. If you can be forced to buy health insurance, it is not that big an additional step to require tech companies to unlock their devices following terrorist killings. The Obamacare case established the principle that citizens can be forced to take action that they would choose not to do if given the choice
JD
Hardly. States have been requiring drivers carry car insurance for decades. Certain mortgages require homeowners carry mortgage insurance. Certain homeowners are required to carry flood insurance.
Obamacare isn't even new on the specific point. The individual mandate is a key feature of the plan in Massachusetts (as backed by and signed into law by a Republican governor) and a key feature of the plan proposed by the Republican Congress in the early/mid 1990's.
The government has always been able to require specific behavior from both companies and citizens under a wide range of circumstances. One can debate where the line should be drawn but the fact that most states have long mandated liability and healthcare coverage as part of auto insurance policies make Obamacare nearly the last in line on this specific topic.
There is no such protection in the Constitution. Perhaps there should be. It does feel wrong to compel a private company as you describe. But, the Constitution provides no specific protection against the government ordering a company to act or not act in furtherance of a criminal investigation. It would require a court decision to interpret such protection similar to how the court found a right to privacy when the word privacy does not appear in the document.
Thay may be fine to do but, if such a thing happens, i very much hope that it is done better than Rowe was done. Better yet, it would be nice if Congress stepped up and wrote some law making it unnecessary for the court to legislate from the bench.
Regardless, a plain text reading of the Constitution does not solve this problem. It is mute on the questuon of what the government can or cannot compel a corporation to do or not do in this circumstance.
Hacking is a felony. The government can't order you to commit a crime.
It's not hacking. The legal owner of the phone (the county of San Bernadino) asked for access to their phone. This is more like having a two truck driver help you unlock your car when the keys are locked inside.
I think you and Tony Bradley here are both right and both wrong. I don't want a government that can require backdoors into anything made, nor do I want a company like Apple sticking its nose up at our government and constantly trying to undermine their ability to carry out it's duties.
If the government wins we can all be watched anytime any place, if a corporation wins this gambit the power to abuse it will eventually be realized. Heck, as it stands it seems as if corporations determine what laws they follow based on profitability not moral grounds.
I agree; I don't want the government to have that power either. Right now, it does by virtue of the fact that there is neither legislation nor precedent on point. It would be nice if congress would act before the court does and pass law covering this situation. Sadly, we have a Congress that thinks it is a virtue to not act and does not do its job.
I tend to agree with Snowden: FBI very likely knew how to hack it from day one but attempted to use it as pretext to force the industry into compromising their encryption products. When it became clear that won't work, they simply announced that "suddenly" they could decrypt it after all. What bothers me is that nobody in the media points out to the obvious idiocy of all such attempts by the government: terrorists simply DO NOT USE the encryption embedded in the devices. Instead, they download the uncompromised, independently made, foolproof programs available on the Internet since the early 1990s. That's what's so annoying: all these discussions about the built-in encryption in smartphones etc. is completely IRRELEVANT because the criminals NEVER use those products!
Irrelevant like the Gov spying in on Gmail accounts. Any terrorist worth his salt is using Tor for communicating and would NEVER use Gmail.
but the Navy made Tor.
The Aliens made it, after the first abduction.
Which is the great irony in all of this. Terrorists are using secure communication methods created by the government that was given away for all to use.
They weren't exactly given away for free, encryption was munitions until a few years ago and sharing it, even paper printed code, was a major felony if sent outside the U.S.. Look at the warnings that still exist on Cisco CLI.
Translation: "Tech persons, like Apple and me, are smart. Cops, like the FBI, are stupid. The cops would have been humiliated---really, they would---because they are not smart, like I are smart. The way things worked out, it might not seem that way---but really, that is the way it is."
( like I are smart ) Did not spend too much time studying the English language though, Huh ?
Zoom.... right over your head...
Thank you.
Well...he was "citing" the "smart" author...get the point ? :)
Thanks.
What a great, silly article!
Most likely they had the means to get into the phone all along and this was just a legal exercise.
Iphones are for morons/douchebags/nerds who think holding one would make them cool.
There are only two possibilities here:
1. The gov't already could already break strong encryption on an iphone by
(a) having a mole in Apple or an undisclosed agreement with the company which had already inserted a backdoor - which is what Snowden hinted at - or
(b) having a quantum computer that no one else knows about.
2. The gov't did not really break the encryption, but realized it was going to fail to establish the precedent it sought, and wanted to bring down trust in Apple with it by making it seem like someone had hacked their products already.
There is no possibility 3, where the gov't suddenly figured out how to crack it, just now, today.
Wrong. Possibility 3 is that the FBI once again turned to the Israeli company Cellebrite to hack the phone.
And they hacked it.
http://www.reuters.com/article/idUSFWN1710PM
The writer of this article is a really stupid, smart person. Apple was most likely in the wrong ethically and legally. When you are talking about a terrorist attack against your country, the rules generally change. Instead of helping the FBI, Apple forced them to break their encryption. Really dumb. Now Apple has zero say in what the FBI does with their phones because of that. It amazes me how dumb some smart people are.
If you would not assume "smart", you would not be amazed at all.
It has been a long time since Apple could call the US its country. Had this happened in Taiwan, things might have been different.
Apple always had zero say. The FBI could have simply found a hacker without the public dog and pony show. Aside from the possible impact on Apple's reputation in the eyes of people naïve enough to believe the iPhone is / was unhackable, nothing has changed. The iPhone was hackable, and now the iPhone is hackable.
The government has never proven they unlocked that phone. And now their trying to get Apple to unlock an OLDER phone. Your government has deceived you and lied right to your face. The government folded their hand because they were going to lose the next day in court. The FBI had a pair of 2's and Apple had a full house.