Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Cloud Encryption Government IOS Iphone Privacy Security Software The Courts United States News Apple Your Rights Online

FBI Unlocks iPhone Without Apple's Help In San Bernadino Case (recode.net) 457

New submitter A_Mang writes: After asking for a delay last week, today the FBI revealed that a third party has succeeded in unlocking the iPhone used by a shooter in the San Bernadino attack. They've asked the court to vacate their request for an injunction forcing Apple to provide tools for unlocking the phone. "The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court's Order," the filing reads. The report doesn't elaborate on how they've gained access, nor does it reveal any of the information stored on the phone. What we do know is that last week the FBI contracted Israeli software provider, Cellebrite, to help break into the phone.
This discussion has been archived. No new comments can be posted.

FBI Unlocks iPhone Without Apple's Help In San Bernadino Case

Comments Filter:
  • Really... (Score:3, Informative)

    by DoraLives ( 622001 ) on Monday March 28, 2016 @06:54PM (#51795867)
    ...was there ever any doubt?
    • Re:Really... (Score:5, Interesting)

      by Mitreya ( 579078 ) <mitreya@gmail. c o m> on Monday March 28, 2016 @07:15PM (#51796055)

      ...was there ever any doubt?

      There is still doubt.
      The announcement is so vague that I am not convinced if they accessed the phone or are just saving face (since they didn't particularly need the contents in the first place).

      • Re:Really... (Score:5, Insightful)

        by shutdown -p now ( 807394 ) on Tuesday March 29, 2016 @02:23AM (#51798065) Journal

        A way to unlock the phone was described in detail long before: basically, copy the flash memory that contains the "wipe key", and restore it every time the phone "wipes" itself during bruteforcing. Given that this method is known, why is it surprising that FBI unlocked the phone? The only surprising thing here is why it took them so long to actually do that, but it's only surprising if you assume that the goal of that whole kerfluffle was to unlock the phone, and not to set the precedent to force everyone to give them the skeleton key. If it's actually the latter, then it's only logical that they gave up and just unlocked it when they realized that courts won't rule in their favor.

    • by AmiMoJo ( 196126 )

      ...was there ever any doubt?

      Legally, yes. This is important because it's the first step to proving that Comey perjured himself. Now we just need to show that the FBI knew that there were companies offering this service (i.e. the FBI knows how to google "unlock iphone 5c") and either lied about it or deliberately chose not to ask them until it looked like they might lose.

  • by Anonymous Coward on Monday March 28, 2016 @06:55PM (#51795873)

    The FBI found a Post-It (tm) note stuck to Farook's home computer monitor.
    the note mentioned PIN : 1234

    eNjoy!

  • by zenlessyank ( 748553 ) on Monday March 28, 2016 @06:56PM (#51795877)
    Thanks FBI !!!!
  • They did go to John McAfee for help!
  • by Anonymous Coward on Monday March 28, 2016 @06:58PM (#51795905)

    iPhone 8 will require fingerprint, retina scan, 57 digit passcode, DNA sample, and Tim Cook's voice passcode for access.

  • "FBI Claims..." (Score:5, Insightful)

    by Anonymous Coward on Monday March 28, 2016 @07:00PM (#51795929)

    FIFY.

    I would not necessarily be inclined to believe this without a peer-reviewed verification. There is a lot of face-saving that occurs in the terrorism-industrial complex. E.g. the constant refrain of "we foiled a plot" without any details or substantiating evidence. Budgets need to be re-upped.

    Maybe. But they have little track record for credibility.

  • by Atomizer ( 25193 ) on Monday March 28, 2016 @07:04PM (#51795953)
    How long until Apple buys Cellebrite?
  • It's very likely that Apple knew the FBI could break in, but they figured it would take some time and therefore chose the good PR route by saying they wouldn't help ...yada yada ... civil liberties... yada yada.
    • by Trongy ( 64652 )

      > It's very likely that Apple knew the FBI could break in ...

      Apple implied this in court when they stated that no other government body had ever requested similar access.

      It's pretty clear that the FBI's motive was not this particular case - they wanted Apple to create software to allow them to have routine access to iphones without effort.

      Apple's intention was to keep the bar to access high enough to hope that their phones will only be broken in the worst cases, not routinely and without a warrant by an

  • When they unlocked it and started looking through the files, and realised there was feck all of interest on it
  • Apple's response? (Score:4, Interesting)

    by Sparowl ( 4374991 ) on Monday March 28, 2016 @07:06PM (#51795981)

    So, now the question becomes - What does Apple do?

    Do they risk trying to get the case dismissed with prejudice, as to prevent it from coming up again (or at least giving them precedent to have it thrown out?)

    Obviously they will try and find the way it was done (if they don't already know). Will they try and claim the problem is fixed?

    Does the FBI have the ability to do this continually now? Or is it a case by case basis using an outside firm that has ongoing costs? What about all the phones the police departments had lined up?

    Quite a few unanswered questions.

    • Re:Apple's response? (Score:5, Interesting)

      by dbIII ( 701233 ) on Monday March 28, 2016 @10:00PM (#51797029)
      Charles Stross has a bit about this on his blog. He suspects that Apple is moving into the electronic funds transfer sector a bit more than they already are and that if there was a publicly known backdoor that would screw over trust issues enough to mess up potential future business.
      He phrases it as the FBI wanting a backdoor into what will effectively be an ATM machine network. Not a good look for the vendor of such a thing.

      In around 2000 there were people buying fuel at the pump in one country via their phones but the banks got in the way of that being a viable payment method in general. Now Apple probably have the ability to do to the banks what they did to the music companies and actually implement the old electronic wallet idea. I'm not saying it's necessarily a good thing or a bad thing, just that it looks like Apple is heading in that direction and the FBI having a backdoor into it would be a danger to such a system.
  • "impossible" (Score:5, Insightful)

    by supernova87a ( 532540 ) <kepler1.hotmail@com> on Monday March 28, 2016 @07:07PM (#51796007)
    So, the government misrepresented in its original filing that, "Apple must be compelled to provide the backdoor to unlock the phone, because we have no other means of doing so".

    Always interesting how a party can be motivated to do the impossible when you force them to think about it hard enough.
  • The official declined to speculate whether the method will be used on other phones in other investigations, or if the method will be shared with law enforcement agencies at the state and local level, or if information about it will be shared with Apple.

    It is a pretty safe bet the method will be used in other investigations, though I'd be shocked if the information is shared with one of those listed.

  • Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.
    • by Karlt1 ( 231423 )

      They decrypted a 32 bit iPhone 5c running iOS 7. All indications are that security professionals think that if it had been a newer 64 bit phone with the extra encryption hardware running a later version of the OS, it would be harder to decrypt.

      • Unless Apple implemented some glaring obvious hole in their system of course the newer version is going to be harder.
    • by brunes69 ( 86786 ) <[gro.daetsriek] [ta] [todhsals]> on Monday March 28, 2016 @07:20PM (#51796093) Homepage

      The game does not need to be "upped". The only reason the encryption is so easily crackable is because it only had a 4 digit PIN. If the person had used a 16 character alphanumeric passcode, the encryption would be for all intents and purposes "uncrackable" as even with Apple's assistance, the FBI would never be able to brute-force the lock.

    • Apple cannot be happy about this. Users, of which I am one, am not happy about this. Apple needs to up their game. NOW.

      I had asked before: has Apple ever said its phones' data are positively, absolutely, perfectly secure from others accessing it if you implement such-and-such procedures we told you to do?

      I think this has been the conventional understanding but may have been a fiction generated by Apple diehards and perhaps not denied by Apple as a PR ploy. Look, it took quite some time for President Obama to get a secure Black Berry phone and Mrs. Clinton would have needed some kind of $4k + device to be secure. If Apple

  • by BurnTim ( 1531915 ) on Monday March 28, 2016 @07:12PM (#51796031)
    The FBI have confirmed that Farook had a Flappy Bird High Score of 31.
  • The leading theory is: Desolder the memory chip, make an off line copy, then reattach the chip, try 10 unlock codes. If it scrambles the memory restore from back up and try next 10 unlock codes.

    The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.

    I don't know how necessary it would be detach the chip

    • The leading theory is: Desolder the memory chip, make an off line copy, then reattach the chip, try 10 unlock codes. If it scrambles the memory restore from back up and try next 10 unlock codes.

      The downside seems to be: It is a delicate operation to desolder and remove the memory chip. But if it is successfully removed, then they will probably attach a harness so that they can detach/restore/reattach a memory chip many times to try different codes.

      It's not that delicate. There's a Samsung engineer who was unlocking iPhones for $200 a pop with about an 95% success rate using a toaster oven for the reflow, back when there wasn't a software unlock.

      Also, what I suggested in the first place. A variant of the technique would disable the flash write enable pin after it boots. That way /var/run/* is all happy, and the phone can't tell during boot.

      The fix is to just try a write during pin entry, and read it back, and if it's not the same, iOS knows it's be

    • by jrumney ( 197329 )
      Why desolder and risk damaging the IC? Does the iPhone not have JTAG test points on the PCB?
  • with the new and improved encryption. the FBI just wrote Apple's Ad copy.
  • Who knew? (Score:3, Funny)

    by IWantMoreSpamPlease ( 571972 ) on Monday March 28, 2016 @07:34PM (#51796189) Homepage Journal

    That in 2016, the Jews would be helping the Nazis... ...it's a strange world...

  • by tlambert ( 566799 ) on Monday March 28, 2016 @07:53PM (#51796299)

    The incredibly funny part is coming... 3... 2... 1...

    Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.

    And then Apple releases an iOS update.

    • by LetterRip ( 30937 ) on Monday March 28, 2016 @08:17PM (#51796457)

      Apple files suit in federal court under the DMCA, claiming Cellebrite has created a circumvention device; and since they, themselves were not law enforcement agents, and they did it on contract, rather than doing it as independent security research, the DMCA safe harbor procedures don't apply.

      And then Apple releases an iOS update.

      Method got classified by FBI, which defeats Apple being able to do so.

  • On the bright side (Score:5, Interesting)

    by wickerprints ( 1094741 ) on Monday March 28, 2016 @07:54PM (#51796309)

    Let's look at the positives here:

    1. No legal precedent has been established that says the All Writs Act can be used to compel a company to write new software to circumvent an encryption scheme, or to force a company to turn over source code and signing keys.

    2. The FBI's legal credibility has been damaged by erroneously claiming that all technological avenues to breaking the encryption on the phone in question, only to later say that they did have another approach and that it was successful. Whether or not this is true, the contradiction is now on the record: they complained, "we need the court to force Apple to help us because there's no other way," then said "never mind, we did it another way in the end." This potentially could be used against them in future court cases.

    I, for one, would have preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption. But things could have turned out a lot worse. We need to continue to fight for our right to privacy and security. It's not over, and it won't be over for a long, long time.

    • by AHuxley ( 892839 )
      Re "preferred to see things settled decisively in our favor: that a legal precedent would be established enshrining the right to encryption."
      "Justice Dept. withdraws legal action against Apple over San Bernardino iPhone"
      http://www.usatoday.com/story/... [usatoday.com]
      has the quote ""consistent with standard investigatory procedures.''"
      A method that is open court ready with the origins of any new case for any legal team to question in open court for all the other generation of phones?
      Ready for a set of state and fed
    • Plus since Cellebrite is a non-US company, they can't be "legally compelled" by anyone to reproduce this method for all [nytimes.com] the other iPhones [kitguru.net] that have been discussed by various District Attorneys.
  • by BronsCon ( 927697 ) <social@bronstrup.com> on Monday March 28, 2016 @07:55PM (#51796319) Journal
    It only took 1/4 as long as they spent bitching about Apple not helping with it!
  • by l0n3s0m3phr34k ( 2613107 ) on Monday March 28, 2016 @09:14PM (#51796785)
    If someone can get physical access, then your security paradigm is already broken. Very few systems can withstand direct physical assault; it's not like the iPhone is built to the NSA's CSfC guidelines and meant to be completely secure against all threats. It's a consumer-level mobile phone; mass-produced with a unsecured supply chain and an open-sourced operating system. It says quite a bit to Apple's security engineers that it took this level of work to get access. Anyone who thinks "oh, this is proof that iPhones are totally unsecure!" obviously can't comprehend the level of effort it took to get into this phone.

    If a rapid NAND mirroring system is what broke this, I'm betting that Apples next major security upgrade will include some type of encryption that is uncopiable, Slashdot even had an article about this [slashdot.org] that incorporates unreproducible physical defects unique to each NAND chip.

We cannot command nature except by obeying her. -- Sir Francis Bacon

Working...