Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption United States Apple News

The FBI Successfully Broke Into a Gunman's iPhone, But It's Still Very Angry at Apple (theverge.com) 211

After months of trying, the FBI successfully broke into iPhones belonging to the gunman responsible for a deadly shooting at Pensacola Naval Air Station in December 2019, and it now claims he had associations with terrorist organization al-Qaeda. Investigators managed to do so without Apple's help, but Attorney General William Barr and FBI director Christopher Wray both voiced strong frustration with the iPhone maker at a press conference on Monday morning. From a report: Both officials say that encryption on the gunman's devices severely hampered the investigation. "Thanks to the great work of the FBI -- and no thanks to Apple -- we were able to unlock Alshamrani's phones," said Barr, who lamented the months and "large sums of tax-payer dollars" it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th.

Apple has said it provided investigators with iCloud data it had available for Alshamrani's account but did not provide any assistance bypassing iOS's device encryption. Without that help, authorities spent many weeks trying to break in on their own. Wray chastised Apple for wasting the agency's time and resources to unlock the devices. "Public servants, already swamped with important things to do to protect the American people -- and toiling through a pandemic, with all the risk and hardship that entails -- had to spend all that time just to access evidence we got court-authorized search warrants for months ago," he said.

This discussion has been archived. No new comments can be posted.

The FBI Successfully Broke Into a Gunman's iPhone, But It's Still Very Angry at Apple

Comments Filter:
  • by dtmos ( 447842 ) * on Monday May 18, 2020 @01:48PM (#60074598)

    Rather than reading their search warrants, Barr and Wray should instead read the document they swore to uphold and protect -- the U.S. Constitution, as amended. As I recall, the latter does not cite any concerns with any inconvenience imposed on government entities due to the rights held by individuals.

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      Wrong 4 letter word. It's not that they didn't 'read' the the U.S. Constitution, as amended, it's that they don't 'care'.
    • If Apple has done it right they won't have the password anyway, only a one-way-hash of it.

      Presumably they don't know about any exploits either (they'd have patched them if they did).

      IOW the security is unbreakable as far as Apple knows.

      • by Joe Tennies ( 564856 ) on Monday May 18, 2020 @02:28PM (#60074760) Homepage

        Actually, if Apple had done it right, they wouldn't even have that. It would receive and validate the one-way-hash to then send another set of encrypted data it stored that the phone would have to decrypt on the phone itself. I'm not an Apple fan, but I believe this is the way it works and that they implemented it at least MOSTLY correctly.

        • by ShanghaiBill ( 739463 ) on Monday May 18, 2020 @02:43PM (#60074822)

          Yes, the fact that the FBI was able to get in means that Apple needs to improve security.

          But I appreciate that Apple stood up to the government and refused to cooperate.

          I will continue to be a loyal Apple customer.

          • I don't want the government to read data from my phone and yours. If they get a phone belonging to the head of ISIL, I *do* want them to be able to read his messages.

            That's very difficult ask, for them to be able to read his messages (given possession of his phone), but not be able to read everyone's messages. It sounds like it took them weeks and significant manpower to crack one phone. Perfect! That prevents mass surveillance, while making it possible, in very important cases, to actually execute a searc

          • Yes, the fact that the FBI was able to get in means that Apple needs to improve security.

            Ultimately, the device is made of integrated circuits, and a sophisticated enough forensic analysis will allow careful access to the circuit in order to bypass protections. Just because a government actor was able to gain access, probably with the help of an advanced commercial hardware lab, does not in any way imply that Apple failed at their security.

            Ultimately there has to be some point in the circuit where a voltage level represents the success of an access control. Theoretically, any security feature y

      • They already understand this (at least some of them). All this is public theater to get what they really want: a mandated backdoor into the encryption algorithm.

        Yes, anything they can access hackers can too, effectively making the encryption pointless, but they don't actually care about that.

        The thing is even if they convince Apple/Google/etc to do that, the people who truly care about keeping things private will use third party applications to encrypt their data (maybe not on an Apple device due to the wa

        • They're also pissed off that not all houses are built out of completely transparent walls, which makes solving many crimes more difficult than they need to be. Maybe they'll try to remedy that. There are two factors here that stand in their way: the constitution, which is able to be torn up or ignored of course; and that encryption is out there and in the hands of the public and the genie can't be shoved back into the bottle.

          If Apple puts in a backdoor, then other phone makers will step up. If all phone

        • "Yes, anything they can access hackers can too, effectively making the encryption pointless, but they don't actually care about that."

          No no, you have it all wrong. They do care. And to address that particular concern all they'd need to do is just write up some legislation that makes it illegal for bad guys to access the newly implemented backdoor. Problem solved.

      • If they can update the security software remotely then it's not secure. The pincode and drive encryption should be handled on a dedicated chip with no software update possible.
    • by TigerPlish ( 174064 ) on Monday May 18, 2020 @01:59PM (#60074660)

      The right of the people to have strong encryption should be either separately enumerated in Bill of Rights, or just declared to be an "Arm." Then it'd fall under 2nd Amendment.

      It's cute that you think government types actually care about the Constitution, though. They don't, from either party, and that's becoming a huge, huge problem. The whole lockdown thing is exposing true colors. People are noticing things they didn't before. When lawmakers stop listening to the Constitution and cops stop listening to lawmakers -- as is currently happenning -- we're not too far from the inevitable breakdown of society.

      Waiting for IMHO-derp36 to vomit his usual diatribe of why it would be good to let the cops in willy-nilly into everything. I hope he's well paid for his trollin'

      They can have my encryption when they pry it from my cold, dead fingers, along with my arms and my freedom from unreasonable search and all the other items of the BoR.

      • Considering that the USG went after Phillip Zimmerman for "arms trafficking" when he released PGP, I'd say that they've already screwed themselves on this count.
        • Considering that this is precedent ... I wonder why the FSF or ACLU hasn't sued based on this and to cite the 2nd amendment ...

        • by gTsiros ( 205624 )

          there's a joke somewhere in there about screwing and Phillips but it fell to the floor and rolled under the computer case

        • Considering that the USG went after Phillip Zimmerman for "arms trafficking" when he released PGP, I'd say that they've already screwed themselves on this count.

          There was a standing legal precedent for this. I know it's popular to represent this as a Constitutional problem, but software CAN BE regulated like armaments that go boom in a kinetic way. Follow me on this..

          For instance, the technology to BUILD a nuclear weapon is decidedly illegal to export to specific countries. It's illegal to ship them nuclear arms (of course..). It's illegal to ship them bomb parts that can be assembled into a nuclear bomb (again makes sense.) It's also illegal to ship them the

          • "For instance, the technology to BUILD a nuclear weapon is decidedly illegal to export to specific countries. It's illegal to ship them nuclear arms (of course..). It's illegal to ship them bomb parts that can be assembled into a nuclear bomb (again makes sense.) It's also illegal to ship them the information they'd need to build the parts and the materials needed to build them (not so obvious, but again makes sense if you think about it.) So, it's illegal to send them information in electronic form, relate

        • by q4Fry ( 1322209 )

          Obligatory [xkcd.com]

      • by Holi ( 250190 )
        Our rights are not enumerated by the Constitution. Why is this 1 fact so often ignored?
        • Our rights are not enumerated by the Constitution. Why is this 1 fact so often ignored?

          Because if it isn't enumerated, politicians will claim it is allowed by the commerce clause or is "promoting the general welfare" as mentioned in the preamble.

          Congress once declared that spousal abuse is a form of interstate commerce.

          Your originalist interpretation of the Constitution is mostly obsolete. If a right isn't enumerated, it isn't honored. Heck, even the enumerated rights are being challenged.

        • Your rights are not granted by the American Constitution. It defines the powers of your Federal Government.
      • by K. S. Kyosuke ( 729550 ) on Monday May 18, 2020 @02:41PM (#60074808)
        There's an ARM in every iPhone, so the right to bear ARMs already applies to it.
      • by ytene ( 4376651 )
        At one point in time [OK, quite a while ago] it was necessary to apply for an arms export license before US-developed encryption could be exported to a number of countries. Even then the maximum encryption strengths were limited.

        I suspect you're a lot closer to the truth than you realize.
      • Unfortunately complaining about accessing criminals phones has bipartisan support. You're unlikely get get such an amendment passed nor SCOTUS to render a favorable interpretation of an existing amendment to cover it.

        They do what they always do: associate a reasonable stance with a distasteful and only tangentially related one to turn the public against it. Any resistance to this just gets you labeled as supporting mass shooters or terrorists. Much like they recently have started to conflate all prostitut

      • The right of the people to have strong encryption should be either separately enumerated in Bill of Rights, or just declared to be an "Arm."

        Good luck with that. A warrant is a warrant. As long as you're not forced to testify against yourself, the Constitution doesn't care if it was an exploit or a service the government used to decrypt your data. It's like saying that the warrant doesn't cover your hand written notes because you wrote them in a cipher the government cracked. You weren't forced to reveal your cipher.

      • The right of the people to have strong encryption should be either separately enumerated in Bill of Rights, or just declared to be an "Arm." Then it'd fall under 2nd Amendment.

        I think "Strong" encryption is considered to be an arm, as I believe that export is controlled by US munitions laws. So, along w/ the 4th, people should be protected from the Feds by the 2nd.

    • Exactly! (Score:5, Insightful)

      by King_TJ ( 85913 ) on Monday May 18, 2020 @02:03PM (#60074676) Journal

      I don't have much to add to the parent post... They're simply ignoring the Constitution because it makes their investigations easier. Well, too bad, I say! Nobody ever said law enforcement was supposed to be easy. The idea is to build your cases based on evidence you're able to obtain legally and without demanding businesses or other entities do some of your work for you.

      If a device is encrypted and you're unable to gain access to its contents? Well, that just means you probably need to build your case without whatever information you're guessing might be found there. Really, it's no different than finding out your detective was unable to get some DNA evidence at a crime scene that would have been really useful to have, or ?? Deal with it.

      • Technically, dead people don't have Constitutional rights [wikipedia.org]. Not saying that they shouldn't (I honestly don't know). But under current U.S. law, hacking the shooter's phone was not a violation of his Constitutional rights, for the simple reason that he was dead and had no such rights.
        • Okay so all the feds would need to do is kill the person of interest; then all those pesky constitutional protections would go away?

          Shocking it doesn't happen. After all, thousands of people die in car accidents every single year...

    • by bobbied ( 2522392 ) on Monday May 18, 2020 @02:08PM (#60074690)

      Rather than reading their search warrants, Barr and Wray should instead read the document they swore to uphold and protect -- the U.S. Constitution, as amended. As I recall, the latter does not cite any concerns with any inconvenience imposed on government entities due to the rights held by individuals.

      The fact that they actually went before a judge and got the warrants means they DO uphold the U.S. Constitution and the fourth amendment which says:

      “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

      Law enforcement can search if they get the search warrant and that requires the sign off of a judge who makes sure there is probable cause. Seems to me that probable cause surely exists in this case, and that their warrants where 100% justified and legal.

      So, despite your apparent claim to the contrary, they ARE upholding the US Constitution (as amended) because they got a search warrant, duly signed by a judge to guarantee their search is properly justified. They followed the prescribed constitutional process here, and honored both the spirit and letter of the 4th amendment.

      • Given that Apple doesn't have a way to get into one person's phone - the problem is that they are, in essence, asking Apple to develop a way to gain access to *all* iPhones. The court did not authorize that.

        Apple *does* have a way to get at a person's iCloud data - and Apple did provide that data to them.

    • by gtall ( 79522 )

      While I agree with Apple's stance, the Constitution is a red herring here. The fellow involved was a Saudi national, not a U.S. citizen.

    • Don't worry, they may not be in that job long. Either there will be a new president, or the current one will go through another round of firing whoever didn't bow low enough.

  • by Joce640k ( 829181 ) on Monday May 18, 2020 @01:49PM (#60074602) Homepage

    It's a learning curve. I bet they'll do the next one a lot faster.

    • How could they break such strong keys? Suspicious on this one...
      - give us the keys
      - nope
      - look, give us the keys or (...). and don't worry, we won't say you gave it to us
      - ok, as long as we look good
  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Monday May 18, 2020 @01:49PM (#60074608)
    Comment removed based on user account deletion
  • As it should be (Score:5, Insightful)

    by phrekysht ( 1788274 ) on Monday May 18, 2020 @01:51PM (#60074616)
    I think the cost of access is exactly where it should be. If they really need the data, they'll spend the resources to access it. If Apple or anyone else makes it easier to bypass security measures, then it becomes easier for them to search devices in lesser cases. The 'terrorist case' argument is compelling, but there just isn't a way to only compromise the encryption on devices owned by bad people.
    • I am not sure how much more Apple could help them without making an Insecure Product to make the Justice Department Happy.

      Take out the SSD, Flash copies to different drive. And let a supercomputer have at it.

      If tasked writing a secure system I write it in a way that I the development cannot break into it. Even with access to the database.

    • I think the cost of access is exactly where it should be. If they really need the data, they'll spend the resources to access it. If Apple or anyone else makes it easier to bypass security measures, then it becomes easier for them to search devices in lesser cases. The 'terrorist case' argument is compelling, but there just isn't a way to only compromise the encryption on devices owned by bad people.

      I agree with this. They were able to break into the criminal's phone, which is good. But it's difficult enough that they're expending their energy on actual criminals.

  • by Junta ( 36770 ) on Monday May 18, 2020 @01:53PM (#60074636)

    Then it wouldn't have been good encryption. In any products that I support that have analogous protection, I would be less equipped than the FBI in trying to break it.

    I don't understand the assumption that encryption can just be breezed on by if you have the help of the people who designed the system.

    • I don't understand the assumption that encryption can just be breezed on by if you have the help of the people who designed the system.

      Watch more television.

      You get lines like: "This encryption is really good! It's going to take a few minutes to get around it, boss." And naturally, midway through a gun fight, the encryption is somehow cracked and they can proceed with their improbable adventures.

    • Then Apple can be COMPELLED to bypass, let's see now:

      1. Your phone
      2. Your competitor's phone
      3. Your ex-wife's phone
      4. The Congressman's phone
      5. The POTUS assistant you want info on.

      And if Apple can be compelled to bypass encryption, nothing on an Apple iPhone can be trusted data by anyone, because sooner or later everyone with a need will know how to bypass encryption! EVERYONE WITH A DESIRE TO KNOW.

      • Apple can be compelled to do all that, if someone gets the appropriate court order. This is going back to the old safe analogy. Yes a safe maker can be forced to help the government crack a safe. Should a safe maker crack a safe for personal/corrupt reasons? "No". Should that safe maker crack the safe when mandated by the court? "Yes" Should a safe maker crack a safe of a known terrorist without a court order? "Sure why not unless they are a pedantic dick?" In this case Apple is being pedantic just to cove
    • by bobbied ( 2522392 ) on Monday May 18, 2020 @02:29PM (#60074766)

      It's not "encryption" per se, it's coming up with a password that hashes to the key.

      IF you know the algorithm being used and have a copy of how they "match" the password/PIN to decrypt the device, then it's fairly easy to brute force the key fairly quickly by running many queries in parallel until you find a match. The trick is you have to know how many bits are in that hash and have a way to test for a match.

      Apple knows more about the process here, and could have shortened the end to end time with the knowledge they had. Although, I'm guessing that the FBI now has reverse engineered this well enough to do without Apple's help, if it has it doesn't really need Apple anymore for that kind of phone.

      • IF you know the algorithm being used and have a copy of how they "match" the password/PIN to decrypt the device, then it's fairly easy to brute force the key fairly quickly by running many queries in parallel until you find a match. The trick is you have to know how many bits are in that hash and have a way to test for a match.

        Have you read the public white paper on iPhone security and encryption? The way I read it: each file uses a separate 256 bit AES key. Anyone and everyone who bothered to download the white paper knows exactly the algorithm as AES is a NIST standard. At 256 bit, we are talking exponentially beyond the end of the universe amounts of computing time based on current technology. For each file.

        Apple knows more about the process here, and could have shortened the end to end time with the knowledge they had.

        Let me repeat again: AES is a NIST standard. At the lowest level of 128 bit AES, it would take only 1 billion billion ye

        • Yes, but the keys are decrypted by a single master key that is opened with the password/pin. You attack the easy part and not the hard part...

          • And how would you get that master key? It’s stored in the Secure Enclave and originally generated with some entropy.
      • IF you know the algorithm being used and have a copy of how they "match" the password/PIN to decrypt the device, then it's fairly easy to brute force the key fairly quickly by running many queries in parallel until you find a match. The trick is you have to know how many bits are in that hash and have a way to test for a match.

        No, that's not the issue. If merely knowing how to do the hashing were sufficient, it would be easy to reverse engineer the code. The "trick" done by the secure enclave consists of two parts:

        First, the hash isn't a simple hash, it's a keyed function that depends both on the password and on a device-specific high-entropy secret, mostly likely burned into fuses buried deep in the multi-layered silicon where it's very hard to retrieve. What this secret ensures is that, assuming you can't extract the secret

    • In Apple’s case they tell you exactly which encryption system they used: AES 256 which is a NIST standard. Good luck cracking anything encrypted with it in a few minutes.
  • by nucrash ( 549705 ) on Monday May 18, 2020 @01:54PM (#60074646)

    If you talk to anyone in the FBI, they will claim they aren't out to get you, only criminals. I tried to flip that concept on its head and explain to them that using technology such as embedding back doors or removing encryption allows hackers and state sponsored cyber criminals to see what they are doing and invade their personal life.

    Unfortunately law enforcement has tunnel vision and sees locking up "bad" people as the most important thing in the world. The world is a lot more nuance than that and the right to an individual's privacy must be protected. If you could find a way to ensure that bad people can't get access to encryption without hampering everyone else, that would be awesome. That's not going to happen, so stop blaming Apple or anyone else that works to keep their customer's data encrypted.

    I am also betting that Barr would be very upset if all of his text messages and other electronic communications were made public because of a government mandated back door.

    • by Ogive17 ( 691899 )
      Haha, you're assuming they'd allow high ranking government officials to use those phones. You can guarantee they'd have encrypted phones without back doors. Do you honestly expect our "leaders" to play by the same rules as us common folk? We all know they are angels and never break laws....
  • Make Saudi Arabia pay for the effort of decrypting it?
  • by Koby77 ( 992785 ) on Monday May 18, 2020 @01:57PM (#60074658)
    The FBI is just sour because they couldn't use this case to set court precedence. They wanted a court to demand that Apple unlock it because the FBI couldn't. But now, Apple doesn't need to compromise its own equipment, and the FBI will need to go back to doing it's own work.
  • by 93 Escort Wagon ( 326346 ) on Monday May 18, 2020 @02:01PM (#60074670)

    "... said Barr, who lamented the months and "large sums of tax-payer dollars" it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th."

    My memory may be a bit rusty on this; but I don't recall reading any clause in the Constitution stating that the rights it enshrines are dependent on the overall cost they incur on the government

  • *If* apple had contributed engineers to help break into the Iphone, and If they then found whatever exploit was eventually used, Apple would be morally obligated to fix it, thus making it useless for next time. Barr should have been happy FBI now had a working 0-day and kept this mouth shut,, but I guess that would require a few brain cells to rub together.

  • I understand Apple's reluctance to help. If they help once, that sets a precedent. If this becomes common, they might as well throw out the encryption because "it's safe, until it matters"
  • Just stupid people who should have left their feelings at home.

  • by Kohath ( 38547 ) on Monday May 18, 2020 @02:09PM (#60074698)

    If the authorities are frustrated with how much trouble they are having, that means you are doing civil liberties right. If the authorities can easily get whatever information they want, then civil liberty protections are inadequate.

  • you would love a backdoor in your security encryption.

  • Where does it end if the DOJ gets its way? If the DOJ/FBI can demand decryption access why can't all other countries demand the same? And most other countries have far fewer protections than the US.

    Once we start down this road we might as well have no encryption.

    Google can't be trusted the way they bend over when presented with a geofence warrant. And the FBI's railroading of General Flynn proves they can't be trusted.

  • Several weeks for government resources to break.

    Does not seem like effective strong encryption.

    What am I missing?
    • or is it something like brute-forcing the password, but having to create a replica or virtual replica of the apple secure enclave chip without the "can't repeat tries" feature?
      • Brute forcing modern secure encryption standards even with all the computing power in the world would take longer than the age of the universe, by a lot. They either have a working quantum computer exceeding ~1,200 entangled qubits or they have an exploit or back door.
    • If it only took a few weeks something is wrong with the security perhaps.
      Maybe not that strong?

    • They're lying. It didn't take weeks. They're just throwing a tantrum to see if they can get their way.

      • They're lying. It didn't take weeks. They're just throwing a tantrum to see if they can get their way.

        And to convince the common folk that what they say on their iTard devices is private and won't get them caught doing anything - since you know, that's when they're willing to say more. Look into MH370 and the reason why is obvious: they already have quantum computers more than powerful enough to run Shor's algorithm.

        I know that last bit probably seems out there, so here goes:
        MH370 was a mostly chartered flight for a corporation in China working on designing quantum computing hardware which could be fabr

  • Apparently these "cops" forgot that the constitution guarantees certain civil liberties to its citizens. It makes no guarantees to the government having access to our data.

  • was clearly not written to make it convenient for the government to intrude into our lives.

  • by magarity ( 164372 ) on Monday May 18, 2020 @02:42PM (#60074818)

    How is this relevant to the case of whether or not he shot those people? Shouldn't they have better spent their time doing ballistics analysis and interviewing witnesses instead of playing around with his phone?

    • I'm not defending the FBI wanting Apple to provide back doors, but I can think of legitimate reasons for them wanting to know what is on the phone: to find out if he was acting alone or in concert with others, if he was hired, associated with terrorist organizations etc. Motive is also of public interest.

    • They are after intelligence to determine if he was a lone actor or part of a cell or part of a yet larger organization. That is a valid motivation. In my opinion it does not justify expecting Apple to do their work for them.

  • Did they finally figure out the phone wasn't password protected at all?
  • Keep holding the line, Apple. It's one of the reasons why you still have my business. Personally, I would have absolutely no problem unlocking my iPhone for a government official. I wouldn't even hesitate for a second. But some people feel differently. And that respect for privacy is one of the reasons that I'm willing to pay a few hundred extra dollars, every 3-4 years, for an iphone.

    I actually support the idea of a fairly strong federal government. There are things that we need to happen, that simply
  • To use the standard "Locked in a safe" analogy.. The bad guy has something locked ina safe. The government gets a warrant to see all the things in that safe... So far so good... Now they are mad that the manufacturer of the safe doesn't have the combination to that safe, and won't help the government break into it.

    If it were a physical safe they would pay good money to some very skilled locksmith (and wait for them to break into it) and be done with it. But since this is a phone they are raising a stink at

    • by PPH ( 736903 )

      No. They are just upset that the safe manufacturer didn't fasten the back on with sheet metal screws.

  • Apple has offered to help the FBI, who often tries to do things their way and screws up the access, making it more difficult for Apple to help them. This makes me feel safer about my personal data, because it's the FBI fucking things up that will keep your data secure.

  • The only society where the job of the police should be made easy is in a POLICE STATE.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...