Judge forces Apple to unlock iPhone

[Virge_]

Why can't they simply unlock that one unit, then return it to the FBI? I know that sounds way too simple, but I would think Apple would be able to do this, without revealing how they actually did it. I think it's important that they find out what kind of information is stored in that phone.

In previous briefings on this issue Apple stated the new iOS is encrypted in a way that Apple does not have the corresponding keypair to unlock it. It's not an issue of them being unwilling, it's an issue of them designing it in a way where they are incapable.

That's part of the battle - the State is trying to argue they did it to obstruct justice and are referring to the All Writs Act to enforce their will. Apple really just doesn't want the bad PR and there is zero strategic advantage that isn't overwhelmingly outweighed by the baggage. It's legitimately in the company, and through them the shareholders best interest to position themselves in this way as opposed to being a government proxy. Our current younger generation grew up fearing getting sued for downloading music and paying hundreds of dollars for college texts books just to get an e-code so they're suspicious of everything now, and that is the primary customer for Apples product lineup. Cause meet effect, there isn't much to be confused about here.

 

[lopri]

So how is Apple going to disable that feature? through the front door? how about a side window? or down the chimney?

They built it and they are not saying that they cannot do it. That is already different from what they used to say, which is not at all surprising. Corporations are not in the business of doing the right things, but doing profitable things.

Make no mistake, the altered firmware would effectively be a back door by making it trivial to brute-force the password.

Not just that, they want to be able to enter passwords via the lightning port in an automated fashion.

That is how brute-force works, and it is not trivial. But the difficulty of brute-forcing is beside the point. Question is whether there is a legitimate law enforcement interest and where the balance of competing interests of privacy and security rests.

So what are you smoking??? Your talking out your ass!! You give up your rights just because somebody hollers terrorist??

We are talking about terrorists who killed 14 people, and the FBI is in possession of a court-issued warrant. Your rights are served.

I think people are losing sight here. It is not like the government randomly picking a citizen's phone to see what he or she is into. There are innocent people dead because of these terrorists - how about the rights of those dead citizens? Do they not deserve justice?

 

[maddogchen]

They built it and they are not saying that they cannot do it. That is already different from what they used to say, which is not at all surprising. Corporations are not in the business of doing the right things, but doing profitable things.

No. Apple is saying they will not do what the FBI wants them to do, which is to create a back door into the phone to disable the wipe feature.
Governments are not in the business of doing the right things either. Once Apple creates this back door, China would love to use it too.

We are talking about terrorists who killed 14 people, and the FBI is in possession of a court-issued warrant. Your rights are served.

I think people are losing sight here. It is not like the government randomly picking a citizen's phone to see what he or she is into. There are innocent people dead because of these terrorists - how about the rights of those dead citizens? Do they not deserve justice?

14 dead trumps the rights of the millions of people who use iphones? Let all governments with their own laws force Apple to create and give them a back door? I think you are way too short sighted. You really can't see the big picture here.

 

[JEDIYoda]

We are talking about terrorists who killed 14 people, and the FBI is in possession of a court-issued warrant. Your rights are served.

I think people are losing sight here. It is not like the government randomly picking a citizen's phone to see what he or she is into. There are innocent people dead because of these terrorists - how about the rights of those dead citizens? Do they not deserve justice?

Playing the terrorist card is not reason to give up any of your rights! Unles you afraid or a pansy.........

 

[Brian Stirling]

This is yet another attempt to shame a tech company for not providing a backdoor. The goal here is to put heat on Apple and for that matter Google and MS so that they give our spy agencies what they want -- a backdoor.

Of course, if Apple and the rest are bludgeoned into compliance then China, Russia, Iran and everyone else will similarly expect access to the key or prevent those companies from doing business in there countries. But, that's not actually the worst of it, because you can bet your bottom bitcoin that 10,000 hackers will be working on it as well. Remember, the NSA pays hackers for Zero Day vulnerabilities so you know they have the skills to find the keys and use them.

Cyber crime is already 10X or more in economic impact than all street crime combined and if you force all device users to pull there pants down you can bet that 10X climbs to 20X and more.

But, out spy agencies are not concerned with that as they want the key and that's it.


Brian

 

[Victorian Gray]

Playing the terrorist card is not reason to give up any of your rights! Unles you afraid or a pansy.........

Is this what you meant?

 

[Exterous]

The comments section of my local news outlet is amazing. There's people saying Apple is a terrorist organization for encrypting their phones. Or that Tim Cook should be imprisoned for treason.

The stupidity of the average American still amazes me sometimes.

Its spread beyond that unfortunately. There are a few other forums I frequent that, if the posting history is to be believed, contain a large percentage of successful, well educated, and smart individuals who are completely against Apple in this. Its staggering to me how people could think that this is a good idea. There is an incredibly long and established history of abuse, negligent and fraudulent use of private data in both the government and corporate world and they want to make it easier to access the data?

Apple responds: http://www.apple.com/customer-letter/

Not always a huge apple fan but :thumbsup: for their stance

In previous briefings on this issue Apple stated the new iOS is encrypted in a way that Apple does not have the corresponding keypair to unlock it. It's not an issue of them being unwilling, it's an issue of them designing it in a way where they are incapable.

Not to mention a government trying to force them to make something that opens them up to huge liability issues

 

[waggy]

good for apple.

 

[Exterous]

I think people are losing sight here. It is not like the government randomly picking a citizen's phone to see what he or she is into. There are innocent people dead because of these terrorists - how about the rights of those dead citizens? Do they not deserve justice?

Losing sight? I think you are losing sight of whats happening. The 14 killed is a deplorable and tragic incident but at least they already know and have dealt with those responsible. But this is about a much bigger issue. I caught on ABC news last night that the FBI has 'hundreds' of other phones waiting to be unlocked. I'm sure there are numerous other agencies that would love to get their hands on something like this

But we can trust the government with something like this right? Its not like they have a long history of illegal spying on citizens, ignoring court orders regarding body scanners at airports, seizing money from citizens who have committed no crime etc etc. Then there's the just shear ineptitude with which they handle airport security with a 95% failure rate, the OPM data breach exposing 21.5 million people's security clearance applications (which has a TON of personal data in it), the no fly lists that bar people from flying from simple clerical errors that take years to reconcile.

And you want to give them more access to private data? Yeah I think you are the one who has lost sight of things.

This doesn't even start getting into the issues creating this would cause from the company or hacker standpoint. There are some things better left uncreated even if it means the contacts of the murders of 0.000000004% are left encrypted

 

[Genx87]

This isnt about one phone. The govt wants a backdoor to every phone. And they are going to use 14 dead Americans to push its case.

 

[Ken g6]

From what I can tell, Apple doesn't need to add a true backdoor in this case. They just need to prevent the iPhone from destroying its contents after 10 incorrect passcode attempts. Then they can try 10,000 different combinations until they unlock it.

 

[K1052]

This isnt about one phone. The govt wants a backdoor to every phone. And they are going to use 14 dead Americans to push its case.

Yep. Anyone who thinks this is a one time deal is either lying or super naive.

 

[Jaepheth]

...

Why can't the FBI clone the phone's memory into a virtual iPhone and then just use save-states and/or multiple instances to brute force it? Is it something other than they may not have the resources?

I think there's a physical encryption chip in the phone, right? Can that not be virtually duplicated even if you have physical access to it?

 

[dainthomas]

None of you people are important enough for the government to care about. You think the black helicopters will come to your house and swipe your phone so they can get the number of the trainer at the gym you wanna bang? It's laughable.

The tin foil hat is strong with this thread.

 

[PliotronX]

None of you people are important enough for the government to care about. You think the black helicopters will come to your house and swipe your phone so they can get the number of the trainer at the gym you wanna bang? It's laughable.

The tin foil hat is strong with this thread.

The precedent is what is dangerous. Ever hear of a slippery slope?

 

[Virge_]

...

Why can't the FBI clone the phone's memory into a virtual iPhone and then just use save-states and/or multiple instances to brute force it? Is it something other than they may not have the resources?

I think there's a physical encryption chip in the phone, right? Can that not be virtually duplicated even if you have physical access to it?

They very likely can - this isn't a true case about technicals, it's a response from Apple's actions to encrypt end-to-end being viewed by politicians as a direct smack in the face to government power.

This is a pissing contest - once Apple changes it once to remove themselves from having to assist, the government realizes that they have entered the "we change the rules, they change the product to avoid the rules" cycle and nobody really wants to be in a constant tug of war. The entire reason for the court proceedings are to prevent the dog and pony show currently being done and force Apple to help.

This is not a technical case, it is political.

 

[Genx87]

None of you people are important enough for the government to care about. You think the black helicopters will come to your house and swipe your phone so they can get the number of the trainer at the gym you wanna bang? It's laughable.

The tin foil hat is strong with this thread.

Nobody believes the black helicopters will come to their house until they do. Then they wonder "how did we get to this point"?

It is interesting to me how quickly people bend over when the govt claims security as a reason to invade privacy or break encryption or drone strike American citizens without trial.

 

[wetech]

From what I can tell, Apple doesn't need to add a true backdoor in this case. They just need to prevent the iPhone from destroying its contents after 10 incorrect passcode attempts. Then they can try 10,000 different combinations until they unlock it.

Semantics. Brute force doesn't work now because of PW entry delays, and auto wipes. If you remove those security features, you don't need a "backdoor". They want those removed, and the ability to enter passwords through a USB cable.

Saw an article stating that if the device were locked with a 6 digit PW, ignoring the wipe feature, but taking into account entry delays, it would take up to 5.5 years to brute force it.

 

[Subyman]

Why can't they simply unlock that one unit, then return it to the FBI? I know that sounds way too simple, but I would think Apple would be able to do this, without revealing how they actually did it. I think it's important that they find out what kind of information is stored in that phone.

From what I've read, Apple does not have the capability. The feds want to force them to develop the capability, which could be leaked. The crack would then *exist*, which in and of itself would compromise the security of the phone. I'm still not sure if it is even possible.

I'm not so sure there is much to be gained from the phone anyway. They have his call records, text messages, browsing history, emails, etc etc. The only thing that could be on the phone would be pictures, calendars, or notes that were never backed up or transferred.

The more likely scenario is that the feds are trying to set precedent using this tragedy. Law enforcement fell into a honey hole several years ago when smart phones became prolific. They could make their entire case off of only the phone. With the rise of theft and identity fraud, Apple moved to encrypt the drive by default to deter criminals. As a side effect the law enforcement lost their golden goose and have to go back to contacting Google, Microsoft, telecoms, Apple, etc to get the information to make their case. It is more cumbersome and less timely.

 

[Subyman]

None of you people are important enough for the government to care about. You think the black helicopters will come to your house and swipe your phone so they can get the number of the trainer at the gym you wanna bang? It's laughable.

The tin foil hat is strong with this thread.

And no terrorist is ever going to bust down your door and spray you and your family with lead, but you easily give up freedoms. Why?

 

[dank69]

They want Apple to recompile a new version of iOS that can be installed and be able to bypass software features that make it harder to brute force. A hacker does not have access to the iOS source code to allow them to make those changes, only the company does. I'm curious to know if what the feds want is even possible since the firmware has to be installed. I'd think you'd have to decrypt the drive first to allow the new OS to be installed.

This was my question as well. How do you get a software update on to a locked phone without unlocking it first?

 

[LookBehindYou]

This was my question as well. How do you get a software update on to a locked phone without unlocking it first?

I might be wrong, so I apologize if I am, but my understanding is that they want to be able to update it via UDF mode as a firmware update to circumvent the delay in wrong passwords, wiping the phone on x amount of wrong passwords, etc. Had it been an iPhone 6 or better (5s too maybe) it would have the secure enclave and you'd have to put the pin in to even do a firmware update.

 

[Darwin333]

Good. The government needs to stop trying to force companies to make backdoors into their products. We have enough problems with digital security without legislative requirements to make the storage more exploitable

Honestly I'd prefer that they didn't have the "exclusive ability" at all. It's quite easy for them to make a device that is secure from even themselves and make it autowipe after X amount of failed attempts to secure it from brute force attacks. The last thing would be to absolutely require user acceptance for OTA firmware updates.

The bottom line is that manufacturers should make their devices in a way that they can't be forced to defeat the security and it's very easy for them to do for little to no cost. Actually it would probably be cheaper in the end because they wouldn't have to spend anything fighting the government in a legal battle because they simply don't have the ability. I guarantee it would make their customers happy regardless of how much we would like to see them get into this particular phone. Once a "tool" exists to break the encryption it will eventually get into the wild or be abused as has almost always been the case historically.

 

[DrPizza]

...

Why can't the FBI clone the phone's memory into a virtual iPhone and then just use save-states and/or multiple instances to brute force it? Is it something other than they may not have the resources?

I think there's a physical encryption chip in the phone, right? Can that not be virtually duplicated even if you have physical access to it?

We had a speaker from the FBI come to our school to give a presentation. She was an "expert," yet didn't know how to make a video she was showing the audience full screen. I don't know - maybe she was misstating her credentials to give her presentation more credibility, or maybe they're not as sophisticated as we might hope.

 

[maddogchen]

one thing i have a hard time believing is that the NSA can't hack this phone. they can't hack commercial encrpytion? they can't defeat a self destruct device? The Russians, Chinese, and European governments, agents and spies all have better devices than iphones. Have they gone soft going after terrorists holed up in a goat den on a remote mountain side?