GrogHeads Forum

http://www.zdnet.com/article/apple-must-to-help-fbi-unlock-san-bernardino-gunmans-phone-judge/

http://www.nbcnews.com/storyline/san-bernardino-shooting/judge-forces-apple-help-unlock-san-bernardino-shooter-iphone-n519701

http://www.apple.com/customer-letter/

I find this interesting from a technical standpoint. It stretches belief that the FBI or NSA cannot gain access to a device that they physically possess.

Here's the kicker:

QuoteThe iPhone is owned by Farook's employer, the San Bernardino County Department of Public Health, which assigned it to him. The county consented to investigators' requests to search its contents.

So basically, the IT Dept at the Dept of Public Health screwed up. They should already have admin access to the phone.

Quote from: mirth on February 17, 2016, 09:27:30 AM
It stretches belief that the FBI or NSA cannot gain access to a device that they physically possess.

The best encryption technology in the world is freely available.  In combination with good security practise and a decent passphrase, this isn't so far fetched.

I'm not buying it. If they have the phone they can get to the data.

The issue, apparently,  isn't even the encryption. It's the 6-digit passcode to unlock the phone. Once they're in, the FBI will brute force the encryption. They're asking Apple to give them a way to bypass the passcode.

More

http://qz.com/618348/this-is-why-the-fbi-cant-hack-into-iphones/ (http://qz.com/618348/this-is-why-the-fbi-cant-hack-into-iphones/)

blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/
(http://grogheads.com/forums/blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/)
https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6053155/in-the-matter-of-the-search.0.pdf (https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6053155/in-the-matter-of-the-search.0.pdf)

Sounds like this is they essential piece blocking the FBI from monkeying with the phone without Apple's help:

QuoteAs many jailbreakers are familiar, firmware can be loaded via Device Firmware Upgrade (DFU) Mode. Once an iPhone enters DFU mode, it will accept a new firmware image over a USB cable. Before any firmware image is loaded by an iPhone, the device first checks whether the firmware has a valid signature from Apple. This signature check is why the FBI cannot load new software onto an iPhone on their own — the FBI does not have the secret keys that Apple uses to sign firmware.

Quote from: mirth on February 17, 2016, 09:56:02 AM
I'm not buying it. If they have the phone they can get to the data.

How?

Quote from: Huw the Poo on February 17, 2016, 10:43:19 AM

Quote from: mirth on February 17, 2016, 09:56:02 AM
I'm not buying it. If they have the phone they can get to the data.

How?

I betting the NSA could figure it out. They're a pretty clever lot.

Rule number one of cyber security is that if you have the physical device you can get access to it with enough time and effort.

Quote from: mirth on February 17, 2016, 09:56:02 AM
The issue, apparently,  isn't even the encryption. It's the 6-digit passcode to unlock the phone. Once they're in, the FBI will brute force the encryption. They're asking Apple to give them a way to bypass the passcode.

As soon as Apple does, iPhone sales are done.

Quote from: bayonetbrant on February 17, 2016, 11:10:17 AM

Quote from: mirth on February 17, 2016, 09:56:02 AM
The issue, apparently,  isn't even the encryption. It's the 6-digit passcode to unlock the phone. Once they're in, the FBI will brute force the encryption. They're asking Apple to give them a way to bypass the passcode.

As soon as Apple does, iPhone sales are done.

Yeah. That's why Tim Cook said, "No, thanks".

Quote from: mirth on February 17, 2016, 10:49:39 AM
Rule number one of cyber security is that if you have the physical device you can get access to it with enough time and effort.

The key words here being "enough time and effort".  The point of strong encryption is to make it too expensive to succeed (or even attempt).  A seven word diceware passphrase, for example, is not crackable using any known technology due to the sheer amount of entropy in such a phrase.  Eight, nine or ten word passphrases are estimated by cryptologists to be uncrackable for decades at least.

John McAfee, you so crazy!  :crazy2:

http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2 (http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2)

The NSA should ask China. They've probably already figured it out.

http://www.msn.com/en-us/news/us/apple-unlocked-at-least-70-iphones-before-refusal/ar-BBpFBbK?ocid=spartanntp

No, Apple has not unlocked 70 iPhones for law enforcement (http://techcrunch.com/2016/02/18/no-apple-has-not-unlocked-70-iphones-for-law-enforcement/)

Apple does not have a legal leg to stand on.

This is all a big PR stunt by the Apple CEO.

This is entirely the fault of the San Bernadino County IT Department. They had a tool for allowing remote unlocking of the phone and failed to install it.

http://www.cbsnews.com/news/common-software-would-have-unlocked-san-bernardino-shooters-iphone/

Quote from: airboy on February 22, 2016, 11:39:38 AM
Apple does not have a legal leg to stand on.

This is all a big PR stunt by the Apple CEO.

What dreadful cynicism.  I'm the last person in the world who would be defending Apple, but if I were a US citizen I'd be hoping beyond hope that they win this battle.  Whether you think there's an ulterior motive or not, they're absolutely right to say that an incredibly dangerous precedent would be set if the US government win this case.

Ugh. What a mess.

http://www.businessinsider.com/fbi-confirms-shooters-icloud-password-reset-2016-2

Quote from: Huw the Poo on February 22, 2016, 01:48:22 PM

Quote from: airboy on February 22, 2016, 11:39:38 AM
Apple does not have a legal leg to stand on.

This is all a big PR stunt by the Apple CEO.

What dreadful cynicism.  I'm the last person in the world who would be defending Apple, but if I were a US citizen I'd be hoping beyond hope that they win this battle.  Whether you think there's an ulterior motive or not, they're absolutely right to say that an incredibly dangerous precedent would be set if the US government win this case.

Keep this in mind- if the FBI gets Apple to create custom hacking software then there is no way that the hacking tools get destroyed afterwards. The FBI could claim that they are now evidence in the case and must be preserved (probably at Quantico) in case they are needed at any future trials resulting from the recovered data. After that, the tools could be examined surreptitiously for ways to hack future iOS releases. Once that happens privacy in any home with an iPhone in it will be an illusion as that iPhone now allows the Gov't (or any foreign hackers who break into the Gov't's computers) to effectively listen in on what ever it is that you are up to. They could pretty much turn it into an eavesdropping device that not only sends them your emails, texts, and pix, but could also actually listen to you while it is lying on your coffee table charging.

Any of you iPhone haters/Android lovers, before you make any comments, be aware that the open nature of Android means that the above possibilities could already be a reality for you.

The courts can order Apple to access the files.  There is no difference between this, a hard disk, paper files or anything else.

If Apple can get into the data, the courts will order them to do so.  This is a mass murder case.  There is an indisputable reason for the US legal system to access all of the murderers records of any type - land line phone, papers, computer files, and phone information.  These precedents were set back in the 1930s.

This does not mean that the courts can order Apple to have a remote hack.  The courts could order Apple to crack the phone and provide a copy of the records of that phone to the legal authorities if that is necessary to protect trade secrets.

You are no more secure in your person, physical papers and what not in the USA than you are with electronic documents.

As I've said before, this is just marketing grandstanding by the Apple CEO.  You can be ordered to jail for failing to cooperate with a murder investigation.  The First Amendment (newspaper writer notes) won't protect you so a corporation doing this for marketing purposes won't protect you.

The argument that the employer should have had an Admin account is also irrelevant and has been litigated before.

Please provide details about how this has been litigated before

Airboy, no offense but you seem not to have understood this particular case.

Quote from: Staggerwing on February 22, 2016, 06:56:54 PM
They could pretty much turn it into an eavesdropping device that not only sends them your emails, texts, and pix, but could also actually listen to you while it is lying on your coffee table charging.

go low tech  O0
my phone is always in a leather sleeve, always!
(the camera is obscured and the microphone is muffled. i tested the acoustics damping and its pretty good)

my tablet which could work as a phone too does not have a sim-card in, and is in a folding protection cover which obscure the little frontside cam, and its lying with the not blocked backside cam with the backside on a surface when not in use

and my usb-webcam for the PC is unplugged when i don't use it.
the microphone jack of the headset (pink marking) too       

     

Quote from: MikeGER on February 23, 2016, 02:21:59 AM

Quote from: Staggerwing on February 22, 2016, 06:56:54 PM
They could pretty much turn it into an eavesdropping device that not only sends them your emails, texts, and pix, but could also actually listen to you while it is lying on your coffee table charging.

go low tech  O0
my phone is always in a leather sleeve, always!
(the camera is obscured and the microphone is muffled. i tested the acoustics damping and its pretty good)

my tablet which could work as a phone too does not have a sim-card in, and is in a folding protection cover which obscure the little frontside cam, and its lying with the not blocked backside cam with the backside on a surface when not in use

and my usb-webcam for the PC is unplugged when i don't use it.
the microphone jack of the headset (pink marking) too       

   

Go lower tech.... I don't own a cel phone.
O0

^ But you really should upgrade that clay tablet for papyrus.  :P

You can take my cuneiform stylus from my cold dead hands.  :knuppel2:

My knowledge of this comes from the original set of wiretapping cases from the 1930s and the extensive coverage of this in the Wall St. Journal.

I have been involved in the legal system as an expert and from being sued.  According to the WSJ - Apple cannot win this due to very clear case law.

Well, who knew?  We have someone with the definitive answer right here on Grogheads!  You should let Apple know, save them a fortune in legal fees. :)

Quote from: airboy on February 23, 2016, 10:05:20 AM
My knowledge of this comes from the original set of wiretapping cases from the 1930s and the extensive coverage of this in the Wall St. Journal.

I have been involved in the legal system as an expert and from being sued.  According to the WSJ - Apple cannot win this due to very clear case law.

So you're saying that the courts can force a private company to divert resources from it's business to write code to break it's own encryption?  ???

(https://scontent.xx.fbcdn.net/hphotos-xtl1/v/t1.0-9/12741981_1204209876274122_1250773270816210425_n.png?oh=ad63b9d2a4cb3e74d3080892e2cadb2a&oe=575E6E87)

Quote from: Barthheart on February 23, 2016, 02:03:50 PM

Quote from: airboy on February 23, 2016, 10:05:20 AM
My knowledge of this comes from the original set of wiretapping cases from the 1930s and the extensive coverage of this in the Wall St. Journal.

I have been involved in the legal system as an expert and from being sued.  According to the WSJ - Apple cannot win this due to very clear case law.

So you're saying that the courts can force a private company to divert resources from it's business to write code to break it's own encryption?  ???

The Justice Department & Apple seem to be talking past each other.  I reread the latest article today while giving an exam. 
The federal judge told Apple has to decrypt this one phone and provide the information.  Apple is arguing (in the press) that they will not provide a back-door, remote de-encryption process.

These are not the same thing.  Apple itself could decrypt the phone and turn over the records to the Justice Dept.  If Apple's encryption is so wonderful that they cannot break it, then the NSA or some other group will be hired to decrypt it.

BTW, companies fight losing battles in the courts to delay things or to serve a PR process.  Apple has an order from a judge to provide the information.  The likelihood they will win this is so remote as to be almost beyond belief.

Quote from: airboy on February 23, 2016, 05:11:24 PM
Apple itself could decrypt the phone and turn over the records to the Justice Dept.

No they couldn't!  Again, you have not understood this case.  Apple can't break the encryption, that's the whole point of encryption!  What they're being asked to do is roll back iOS so that they won't have to break the encryption.  As they rightly say - and, again, whether you think there's an ulterior motive or not (utterly irrelevant by the way, since Apple happen to be right and you're just someone on the internet) - it sets a dangerous precedent and would do away with any rights to privacy we all currently enjoy.

By the way, if the FBI are asking Apple to do this, that means the NSA can't crack the encryption either - unless you truly believe those two agencies don't cooperate at all!

Quote from: Huw the Poo on February 23, 2016, 05:52:51 PMBy the way, if the FBI are asking Apple to do this, that means the NSA can't crack the encryption either - unless you truly believe those two agencies don't cooperate at all!

see Twitter quote above ::)

This is strictly about bypassing specific parts of the passcode restrictions. The FBI is asking Apple to write and install a custom version of iOS so that the FBI can brute force the password, gain access to the phone and then decrypt the data.

The reality is that the government can break the encryption, the could even install there own hacked version of the software to bypass the passcode. It would take time and effort, but it could be done

What the government wants it to establish a precedent of a private company providing software versions with backdoors built-in for the government's use.

The NSA is not going to publicly acknowledge it's capability to break encryption (or lack there of) . But keep in mind that it is what it does and it's damned good at it.

Quote from: mirth on February 23, 2016, 06:08:17 PM
What the government wants it to establish a precedent of a private company providing software versions with backdoors built-in for the government's use.

This is where the US government needs to be very careful.  If Apple is forced to do that for them, then the Chinese and the Russians (and whom ever else) will demand the same backdoors. 

Quote from: OJsDad on February 23, 2016, 06:33:10 PM

Quote from: mirth on February 23, 2016, 06:08:17 PM
What the government wants it to establish a precedent of a private company providing software versions with backdoors built-in for the government's use.

This is where the US government needs to be very careful.  If Apple is forced to do that for them, then the Chinese and the Russians (and whom ever else) will demand the same backdoors. 

Absolutely right. The implications are very troubling.

I also understand why the FBI and intel agencies want into this particular phone. 

Quote from: OJsDad on February 23, 2016, 06:38:18 PM
I also understand why the FBI and intel agencies want into this particular phone. 

Completely understand it.

Quote from: mirth on February 23, 2016, 06:08:17 PM
What the government wants it to establish a precedent of a private company providing software versions with backdoors built-in for the government's use.

Precisely.  The root of all this is that the US government ideally wants backdoors built into all crypto software.  I won't bother to list the multitude of reasons that's a horrible idea.  Like them or not - I certainly don't - you'd have to be a fool not to back Apple in this.

Quote from: Huw the Poo on February 24, 2016, 11:51:52 AM
you'd have to be a fool not to back Apple in this.

That's part of what the government is counting on. It's easy to paint Apple as "helping the terrorists".

https://theintercept.com/2016/02/22/fbi-says-apple-court-order-is-narrow-but-other-law-enforcers-hungry-to-exploit-it/

Saw a few clips from the hearings today on this.  FBI says they're asking Apple to do two things;  1)  Disable the function that will cause the iPhone to erase all data after 10 failed logon attempts.  2) Eliminate the wait time between logon attempts.  After those two things, the FBI will be able to crack it in a few days.

Yeah, just saw the news. The FBI said Apple could keep the phone, software whatever. They just want the information on the phone. If that's true, Apple needs to comply.

I'm pretty sure that's what airboy was saying all along.  Apple can get the info from its phone and provide it to the FBI.

Quote from: airboy on February 23, 2016, 05:11:24 PM
Apple itself could decrypt the phone and turn over the records to the Justice Dept. 

The FBI is not asking Apple to retrieve the data. It is asking Apple to write and install a version of iOS that circumvents the passcode protections. If Apple does that, the FBI will crack the passcode and data encryption.

If Apple writes and installs a version of iOS with the backdoor that the FBI wants, the FBI will then have the phone and the compromised version of iOS. They will also have a precedent of forcing a private company to write a compromised version of its software for the government to use.

actually, the FBI isn't looking for Apple to decrypt the phone, the FBI will do that.  Just change those two settings, and the FBI will take over. 

Quote from: OJsDad on February 25, 2016, 08:44:12 PM
actually, the FBI isn't looking for Apple to decrypt the phone, the FBI will do that.  Just change those two settings, and the FBI will take over.

As Mirth said, the FBI wants to set a precedent of forcing a company to deploy a FBI-friendly version of it's software at the FBI's convenience to overwrite what is already on a device. Once that happens there is no effing way that the genie goes back in the privacy lamp since the rest of law enforcement is already queuing up to get their own cracked iOS.

There's some irony in the thought that Apple is the last bastion of protection for individual privacy.

Quote from: Bison on February 25, 2016, 10:32:53 PM
There's some irony in the thought that Apple is the last bastion of protection for individual privacy.

Not really. Their self concern about iOS's market share in relation to it's uncrackability is just another serendipitously tough brick in the slowly crumbling Firewall of Privacy.

Quote from: Staggerwing on February 25, 2016, 10:26:13 PM

Quote from: OJsDad on February 25, 2016, 08:44:12 PM
actually, the FBI isn't looking for Apple to decrypt the phone, the FBI will do that.  Just change those two settings, and the FBI will take over.

As Mirth said, the FBI wants to set a precedent of forcing a company to deploy a FBI-friendly version of it's software at the FBI's convenience to overwrite what is already on a device. Once that happens there is no effing way that the genie goes back in the privacy lamp since the rest of law enforcement is already queuing up to get their own cracked iOS.

That's not the way I understood the news report but granted that could be either due to me playing trying MOO while watching the news or the reporting itself. It sounded like all the FBI wanted was the information on the phone.

Quote from: Staggerwing on February 25, 2016, 10:26:13 PM

Quote from: OJsDad on February 25, 2016, 08:44:12 PM
actually, the FBI isn't looking for Apple to decrypt the phone, the FBI will do that.  Just change those two settings, and the FBI will take over.

As Mirth said, the FBI wants to set a precedent of forcing a company to deploy a FBI-friendly version of it's software at the FBI's convenience to overwrite what is already on a device. Once that happens there is no effing way that the genie goes back in the privacy lamp since the rest of law enforcement is already queuing up to get their own cracked iOS.

What the Judge ordered was Apple to decrypt one phone.  You are confusing two different issues.

It is well established that if you go to a judge, obtain a search warrant, that individuals and firms have to cooperate. 

It is another issue entirely that the US Government order a company to have a "backdoor" on devices that allow the government to search with or without a warrant.

Yes, but there's already a dozen other cases waiting for this precedent so they can rush to the courthouse and use it to force Apple to decrypt others, too.

Quote from: airboy on February 26, 2016, 11:20:26 AM

Quote from: Staggerwing on February 25, 2016, 10:26:13 PM

Quote from: OJsDad on February 25, 2016, 08:44:12 PM
actually, the FBI isn't looking for Apple to decrypt the phone, the FBI will do that.  Just change those two settings, and the FBI will take over.

As Mirth said, the FBI wants to set a precedent of forcing a company to deploy a FBI-friendly version of it's software at the FBI's convenience to overwrite what is already on a device. Once that happens there is no effing way that the genie goes back in the privacy lamp since the rest of law enforcement is already queuing up to get their own cracked iOS.

What the Judge ordered was Apple to decrypt one phone.  You are confusing two different issues.

It is well established that if you go to a judge, obtain a search warrant, that individuals and firms have to cooperate. 

It is another issue entirely that the US Government order a company to have a "backdoor" on devices that allow the government to search with or without a warrant.

I recommend you read the court order. Specifically Sections 2 and 3.

https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6053155/in-the-matter-of-the-search.0.pdf (https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6053155/in-the-matter-of-the-search.0.pdf)

This is a good technical breakdown of the encryption and what the FBI could do to defeat it

https://www.aclu.org/blog/free-future/does-fbi-really-even-need-apples-help

Quote from: bayonetbrant on February 26, 2016, 11:25:52 AM
Yes, but there's already a dozen other cases waiting for this precedent so they can rush to the courthouse and use it to force Apple to decrypt others, too.

Yup.

https://theintercept.com/2016/02/23/new-court-filing-reveals-apple-faces-12-other-requests-to-break-into-locked-iphones/

https://motherboard.vice.com/read/apple-fbi-should-ask-the-nsa-to-hack-shooters-iphone

Quote from: mirth on February 26, 2016, 12:38:56 PM
https://motherboard.vice.com/read/apple-fbi-should-ask-the-nsa-to-hack-shooters-iphone

The FBI doesn't want to run to the NSA every time it wants to peek inside an iPhone. It wants to set the precedent now that Apple just will have to create a cracked iOS release to go with every iOS version that is involved in an FBI investigation from here on in. There will no legal difference between this one iPhone and an iPhone used by some drug dealer, crooked politician, Call Girl with an interesting client list, or Four Star General having a fling with his comely biographer.

(https://scontent.fash1-1.fna.fbcdn.net/hphotos-xlf1/v/t1.0-9/12795391_1016112691813645_8960601980700963326_n.jpg?oh=9cd468d5558cf22adf78542024f30c6e&oe=576C7751)

LOL

+1. We can only wish.....

http://www.msn.com/en-us/news/world/exclusive-major-powers-team-up-to-tell-china-of-concerns-over-new-laws/ar-BBqbHYi?ocid=spartanntp

QuoteThe United States, Canada, Germany, Japan and the European Union have written to China to express concern over three new or planned laws, including one on counterterrorism, in a rare joint bid to pressure Beijing into taking their objections seriously.[/quote

....

QuoteOn the draft cyber security law, all five ambassadors were particularly concerned by provisions requiring companies to store data locally and to provide encryption keys, which technology firms worried may impinge on privacy and mean they would have to pass on sensitive intellectual property to the government in the name of security.

http://www.neowin.net/news/researchers-break-apples-imessage-encryption-patch-coming-in-ios-93 (http://www.neowin.net/news/researchers-break-apples-imessage-encryption-patch-coming-in-ios-93)

QuoteEven Apple, with all their skills - and they have terrific cryptographers - wasn't able to quite get this right. So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right.

terrorists's iPhone is hacked by FBI (http://www.foxnews.com/tech/2016/03/28/fbi-breaks-into-san-bernardino-gunmans-iphone-without-apples-help-ending-court-case.html?intcmp=hpbt3)

Gee. Go figure  ::)

(https://scontent.xx.fbcdn.net/hphotos-xfp1/v/t1.0-9/12936613_1067349756659695_4577927683508770765_n.jpg?oh=eeba70fbebd67348197bb78fb62bae3f&oe=5776ED38)

^  ;D  Probably close to the truth.