Become a fan of Slashdot on Facebook


Forgot your password?
Security Encryption Government IOS Iphone Privacy Software The Courts Apple News Your Rights Online Hardware Technology

FBI Director Suggests iPhone Hacking Method May Remain Secret ( 110

An anonymous reader quotes a report from Reuters: FBI Director James Comey said on Tuesday that his agency was still assessing whether a vulnerability used to unlock an iPhone linked to one of the San Bernardino killers would go through a government review to determine if it should be disclosed to Apple or the public. "We are in the midst of trying to sort that out," Comey said. "The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?" The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. Although officials say the process leans toward disclosure, it is not set up to handle or reveal flaws that are discovered and owned by private companies, sources have told Reuters, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.
This discussion has been archived. No new comments can be posted.

FBI Director Suggests iPhone Hacking Method May Remain Secret

Comments Filter:
  • by bangular ( 736791 ) on Tuesday April 26, 2016 @06:44PM (#51992587)
    Does anyone actually believe anything they say on the matter anymore? I'm still not convinced they even have the contents of the phone at the point.
    • It's been said that this was never really about the data on the phone, but an opportunity to establish a "legal" government backdoor into millions of devices. The NSA can probably crack it, but will hardly say so. This is all smoke and mirrors.

    • by tom229 ( 1640685 )
      Why? It's not hard. What I can't believe is that anyone thinks Apple can successfully secure a device with a 4 digit pin. You can only obfuscate your encryption methods so much before you sacrifice too much performance, and even then all your work can be undone with a leak or even just a dedicated team of reverse engineers. There's a few things that are astonishing in this case:

      1) The sheer amount of misinformation swirling around the media
      2) The amount of people weighing in with opinions with no verific
      • by Imrik ( 148191 )

        Unfortunately, I don't find any of those astonishing.

      • Know how I can tell you've never read the iOS Security Paper and have no actual knowledge of how iOS encryption works?

        Because you think a 4 digit numeric passcode is the only thing that makes up the securely generated AES 256 encryption key. It's not. At all.

        Here's the iOS Security Paper []. The relevant section begins on page 10. Read it. Understand it. Then review your original comment and learn how many fundamental mistakes you made.

        • by Anonymous Coward

          I myself have actually read quite a lot about iOS security and still agree with tom229, he's fundamentally right that a 4-digit PIN or short password was not sufficient to protect the model(s) affected. The underlying encryption algorithm is irrelevant in this discussion. The paper you linked is also not relevant to this particular case as it's about iOS9 and later. You assume what he means or meant is the current models which is obviously not the case.

          The most significant weakness in a 4-digit PIN is that

        • by tom229 ( 1640685 )
          As someone already pointed out, I'm well aware of Apple's encryption methods. The fact remains, the weak pincode is their Achilles heel. The leading theory how the encryption was brute forced is a simple nand chip swap since the failed attempt increment is stored on the flash storage. A dedicated engineer with a fancy setup could swap nand chips and brute force at a rate that should discover a 4 digit pin in a few days. 6 digit in maybe a couple months. 8 digit alpha numeric, not in his life time.

          • Sigh. Could you at least have tried to read the iOS Security Paper before posting?

            If you had, you would have realized the decryption key is derived from the passcode, the unique UID burned into the SoC, and the GID unique to each model family.

            In order to brute force the securely generated AES 256 decryption key via the passcode, you need the other pieces of information. Had you read the paper, you would have learned how difficult that task is.

            • by tom229 ( 1640685 )
              I didn't explicitly mention the unique UID because it's not particularly relevant. You don't need to know the UID. In fact, the firmware running on the device never knows the UID. If it did, you could just write custom firmware to extract it.

              All the UID does is force you to run your brute force on that particular hardware (because you can never know it). Therefore if you use custom firmware to remove the artificial software security checks, you are only limited by the hardware encryption circuitry. I sai
    • "There is no phone" The entire story is a fairy tale.

    • Does anyone actually believe anything they say on the matter anymore? I'm still not convinced they even have the contents of the phone at the point.

      At this point, I'm not even sure there is a phone. I think they're just using stock photos. The Fucking Big Idiots are often said to have a hard time finding their own asshole with both hands and a map, I doubt they even know what an iPhone is.

    • by Maritz ( 1829006 )
      I would begin with the assumption that anything the likes of the FBI say publically is deception of one kind or another. If they are mulling 'disclosing' the vulnerability, then the vulnerability they disclose (if any) will not be the one that they used. I've not seen enough the other way to adjust that assumption.
  • Why do people even give a shit anymore? It was an old phone running old firmware.
    • Besides I'm sure China, Russia, North Korea and Co. already know how it was done. Just ask them!

      • As do several organized crime outfits in Eastern Europe.

      • The best guess I've heard is that the FBI hired an Israeli security firm.The Israelis have strong reasons to want to hack personal phones, which are used both for terrorist communications and for control devices for emote detonators.

    • Re:Who cares? (Score:5, Insightful)

      by vux984 ( 928602 ) on Tuesday April 26, 2016 @06:56PM (#51992647)

      Because its a policy / precedent.

      How they behave with this security vulnerability today is how they will behave with the next one tomorrow.

      It's literally a ... "first they came for the X, but I was not a X, so I did nothing" situation.

      And theirs is the wrong action, law enforcement should disclose vulnerabilities to the manufacturer and owners so that they can be corrected in future, not so that they can exploit them themselves.

      Its fundamentally the exact opposite of what they should be doing, FBI & NSA both, and the government in general. Their function is to 'serve and protect' the public. I am in no way being served by there being known security vulnerabilities in the products I use. If the government knows them, then so do other actors. I don't trust those other actors, and based on government behavior I don't trust them either.

      • by tom229 ( 1640685 )
        If you're really concerned about your safety all you need to know is that any data encrypted with a weak password or pincode... isn't very secure. I promise you, this "hack" wasnt extraordinary. It was likely just a leak of Apple's encryption algorithms, which is a problem for them, but not really for you. Unless of course you're an Apple customer that enjoys a false sense of security. But I hardly think it's the government's responsibility to maintain the delusions of citizens.
        • As reading the iOS Security Paper has proven too difficult for you, here's an excellent iOS Encryption Primer [] that discusses how iOS encryption actually works.

          • by tom229 ( 1640685 )
            I've already wrecked you in another thread so there's little point going over it all again here. You simply don't understand what you're reading Rosyna. The hardware UID isn't as magical as you think it is. All it does is force you to run brute force attacks on the actual hardware, instead of outside it. The weak pin code becomes a major problem due to a 4 digit pin having a mere 10,000 combinations. This is precisely why the firmware on the chip tries to limit the attempts, and frequency of attempts, and p
            • You haven't "wrecked" anything. All you've done is proven your unwillingness to learn.

              At least you're finally acknowledging it's no where near as simple as brute forcing a 4 digit PIN, as your previous posts claimed repeatedly.

              Now you've realized/learned there are other major, significant hurdles to doing a brute force attack, such as finding security holes in other parts of iOS that first allow you to run arbitrary code on the iOS device when you have physical access or getting access to the UID by physica

              • by tom229 ( 1640685 )
                Actually its probably as simple as, not reading the nand, but overwriting it, at least in the 5c implementation. The 5c does not have secure enclave which means the hardware encryption is done on the main soc, and the brute force security checks are likely part of iOS, instead of the secure enclave firmware. This means you could likely image the nand and solder in and out fresh copies to reset the failed attempts counter. This is a theory (not mine, but many others) and the logic is sound.

                if you would lik
                • iOS has an anti-replay counter to prevent reimaging like the type you suggest to assist with a brute force attack. Furthermore, the "secure enclave" is a marketing term Apple uses to group disparate security features under one umbrella. Most of the security features under the "secure enclave" umbrella still existed on previous iOS devices.

                  Finally, the Apple A6 SoC does have its own rewritable NVRAM that can be used to store the number of incorrect attempts without needing to store it on the NAND.

      • Re: (Score:1, Flamebait)

        by Bartles ( 1198017 )

        I bet you voted for Obama twice. I can tell, because he never enters the discussion. It's his fault.

      • by mysidia ( 191772 )

        How they behave with this security vulnerability today is how they will behave with the next one tomorrow.

        Requirement should be to prosecute someone in court, they have to disseminate all technical details to the public of how they gained access to the phone --- no black boxing, closed, secret, or proprietary technologies or programs allowed.

        No full disclosure of the design specs and source code of any exploit software or exploit devices, then no evidence from hacked phone can be used in court.

        • by Imrik ( 148191 )

          So, since there wasn't any useful data on the phone and they aren't actually prosecuting anyone, they should be allowed to keep it a secret?

          • by mysidia ( 191772 )

            I think most investigations stay secret. The police are not required to disclose the details of specific investigations, unless someone winds up in court charged with a crime.

            Why would you expect them to disclose the secret with no net benefit to the public in doing so, After the gov't Paid for this vulnerability, and the value derived from this payment will be completely destroyed if Apple learns the details of it?

            • by tlhIngan ( 30335 )

              unless someone winds up in court charged with a crime.

              Which is probably what's going to happen. I mean there's only so many times you can do it before some lawyer wises up and will try for "tampered evidence" defense.

              At which point the phone will come up and the FBI will have to describe how they cracked the phone. If it ends up with a third party they'd get at those details to make sure there was no chain of custody issues and that the methods used were kosher and won't tamper with evidence.

              At which point

        • by DarkOx ( 621550 )

          Well that isn't a problem in this case, they won't be taking a deceased perpetrator to court anyway.

  • Government: "This is not the iPhone hack you are looking for... move along."
    Citizen: "You are right, I am going to go home and rethink my life."

  • Too obvious (Score:4, Insightful)

    by jxander ( 2605655 ) on Tuesday April 26, 2016 @06:53PM (#51992633)

    Soo, they didn't actually crack the thing at all.

    Let's see: no actionable data from the phone (imagine the headline: "FBI's cracked iPhone thwarts terror plot"), they haven't shared this skeleton key with Law Enforcement, and now they might just never divulge the secret at all??

    "Ignore the man behind the curtain."

    • Or, the Gov did crack it and discovered it contained noting of value, and realized they spent all that legal effort to gain "legal" access to a worthless device.

      • Then why wouldn't they crack some phones for the cops?

        At least one of those thousands and thousands of phones in LEO possession would have solid leads, and generate some good PR for the FBI at least.

        • The third party that allegedly cracked the phone may have not shared the means with the FBI, only performed the service and handed the phone back. If I had that kind of knowledge, I'd be changing uncle Sam through the nose every time I was asked to break into another phone.

          Commit crime with iphone in hand > Allow phone to be found as evidence > Sell services to unlock said device > PROFIT! ... nah... couldn't be THAT easy.

          • I'd go one step shadier ... just buy up a dozen or so unlocked iphones. Write a small script to generate random contact info, browsing history, etc, so the phones look "used."

            Offer to unlock any phone for the FBI, on the condition that I'm given the phone and not observed while I work. Swap it out for the randomly populated device, and return it (maybe spend a bit of time strategically scuffing or cracking screens to match the physical appearance of the original) That'll be $150,000 please.

        • by DarkOx ( 621550 )

          Chain of custody probably.

          IANAL but I don't thing. "Then we sent it to *some people* at the FBI where they did *some stuff* to it and sent it back." will fly in most criminal cases.

      • Or Apple actually gave them access months ago, and this is all just a big cover story to keep the cozy Apple/FBI relationship going.

      • by Imrik ( 148191 )

        They already knew it contained nothing of value, they wanted to set precedent.


    Yeah. Like that's ACTUALLY going to happen.
    They can't keep anything ELSE secret, but this'll remain an undisclosed security hole until the end of time...

    Hey! Do they have any bridges to sell us too?
    Bargain priced ocean-front property in Nevada?
    Are they all secretly Nigerian princes looking to enrich us if we can just help them a little?

    Call me when these assclowns descend back to reality.

    • They can't keep anything ELSE secret

      How do we know? I guess that's the thing about secrets, if you know about them then they're not secrets.

    • by dbIII ( 701233 )
      Speaking of Nigeria, one interesting little thing leaked in the Manning cables was an oil company exec in Nigeria refusing to disclose commercial information to a US intelligence group because they were worried that it would leak.
  • by CCarrot ( 1562079 ) on Tuesday April 26, 2016 @07:13PM (#51992707)

    I've heard of extrapolating a process, or even inferring something unknown from known facts (sure, that could be a process). Heck, even "explicate" [] would work...but "implicate the process"?

    Implicate it in what? Manslaughter? Conspiracy to defraud?

  • by somenickname ( 1270442 ) on Tuesday April 26, 2016 @07:26PM (#51992741)

    They didn't use a third party to hack the phone. They had the ability the entire time and invented this narrative when they realized that they weren't going to get the court precedent that they wanted.

    • by tom229 ( 1640685 )
      What precedent? Company assistance in a search warrant? Besides the fact that Apple has done exactly this before [], have you even read the court order? Here's the full text [], and here's my favorite part:

      The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT

      The actual court order makes several attempts to insist the process only affects this one device, even explicitly suggesting Apple build a sanitized lab and give the FBI remote access, with monetary compensation.

      So undoubtedly it's you that has bought the narrative. It's you, and many others that have beli

    • The FBI is called any time a local law enforcement team is unable to handle their own processes. Consider it to be something like a two tier support system. Cops first, Feds next.

      When it comes to technology related issues, the FBI very likely is contacted for use of their forensics labs almost constantly. As telephones become more difficult for law enforcement to crack, the FBI will be contacted more often, establish a longer backlog and especially in the case of police departments with less funding, will h
  • "still assessing whether a vulnerability... would go through a government review to determine if it should be disclosed"

    They're debating over if they should debate over disclosing this. Yes, I get the reason why, but it still sounds moronic.
    • No, it makes perfect sense. He admits the truth -- they are fucking clueless on the details of the hack. They don't even have enough information to fill out the form to start the disclosure review process.

      They paid for either a service or an obfuscated, single purpose binary. For all Coomey knows it was leprechaun magic.

      • by Jeremi ( 14640 )

        They paid for either a service or an obfuscated, single purpose binary. For all Coomey knows it was leprechaun magic.

        I like to imagine that this third-party company received the iPhone from the FBI, wiped it clean, renamed it to "Sayed's iPhone", installed Angry Birds, then handed it back to the FBI, saying "here, it's unlocked now!" and collected their million-dollar fee.

      • by Imrik ( 148191 )

        No, it doesn't say they don't know the details of the hack, it says they're deciding if they know the details. If they do, then they'll release it, if they don't, then they won't. Granted this argument is kind of silly, but that's what it says.

        IMO, if they were telling the truth about this, they would just give Apple what they know about the hack and let them deal with any missing information.

  • by BitZtream ( 692029 ) on Tuesday April 26, 2016 @09:06PM (#51993145)

    So you've effectively put yourself at war with the American people in that statement, do you realize that?

    You've weaponized an asset of an American company and are intentionally putting the American public at risk to further your own agenda.

    You should be hung from the highest bridge with care.

    • You should be hung from the highest bridge with care.

      whoa buddy! don't you think that's a bit extreme? seriously, i don't want to have to figure out which bridge is the highest. how about we just stick with the highest bridge in a 50 mile radius? ;)

    • All this angst! I remind you that 95% of the congress that keeps this little game running is about to be reelected in just over six months. FBI is just following orders, ours...

      And yes, with today's infrastructure issues, you don't want any careless hangings []

  • " not set up to handle or reveal flaws that are discovered and owned by private companies..."
    It's OWNED by Apple. It's their software, copyright and all. (Maybe even a few patents in there.)
    Any flaw that's in it was created by Apple, even if unintentionally, and is still part of their software which they 'own'.

    Just because some guy in a trenchcoat sold you a map to the back door of the theater along with a copy of the key to unlock it, doesn't mean he owns the friggin door!
  • My thought: Security cam shoulder surfing. What if the "crack" actually involved checking security footage from any banks, stores, etc. visited by the terrorist before the incident. One of them might've had a clear enough angle to see him punch in the code.

    It's just dumb enough to actually work, but something the FBI might not want to admit out loud. Not only for fear of sounding stupid, but this would also back up Apple's stance that the phones themselves are secure... and the FBI doesn't want that.

  • I read that as "FBI Director James Cagney"...
  • I would like to point out the level of black helicopter craziness going on here. In one line you have individuals claiming the phone was never cracked, the next line you claiming it was cracked by apple at the start, the next a clamed that the FBI did it, the next that it was the NSA.

    The level of random ideas on the topic is indicative that there is actually something seriously wrong with the discourse on here. People are making way way to many random accusations that they appear 100% confident on. While

  • Go ahead. Release the information.

    If you have nothing to hide, you have nothing to fear.

    What? Isn't that what you keep telling us?

In order to get a loan you must first prove you don't need it.