back to article Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

Everyone is losing their mind over Apple being forced to help the FBI unlock an iPhone. Just what is going on? Relax, don't spill your almond milk latte. We'll make it crystal clear for you. The FBI wants to unlock an iPhone 5C belonging to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers in December …

To be clear

The FBI could copy the memory of the device, spin up 1,000 vms and have the unlock code within an hour or so? Why do they need Apple to make a special firmware again? They've spent more time than that in front of a judge trying to get Apple to comply.

10
30
Anonymous Coward

Re: To be clear

Do you have the slightest technical idea of what you are suggesting?

You're pulling words out of something (I'm being polite), stringing them randomly together in the off chance it might make some sort of sense and failing miserably.

The iPhone has somewhat better security than a being a simple disk image. Go read up on what Apple have done (and the iPhone 5 is different to the later models in that its not quite so secure) and then come back and ask a grown up question. This is not trivial stuff, Apple has put a lot of time into this to make it difficult (but not impossible) to break into an iPhone. The code signing is a key element and only Apple (and probably the NSA) can do this. The NSA will not want to admit it, and certainly not to the FBI hence this charade.

Back to the main point, go read up on the security model on the iPhone and then come back and post something sensible.

47
9

Re: To be clear

to the poster you can't just clone the phone as it have to be jailbroken

other notes as your at the top, the article says the drive is running IOS 8 or 9 its Not its running IOS 7

if the device was running 8 or higher they would not be able to make a custom firmware to get into the phone as you need to wipe the phone to bypass the pinlock

1
9

Re: To be clear

ok other reports are now saying its running IOS9 (not sure where i got IOS7 from unless its different case)

they should not be able to easily be able to crack their own security (updating the hacked firmware could brick the phone as well)

3
2

Re: To be clear

I'm interested in this too. I assume the FBI has access to whatever analogue of a soldering iron is needed to access all parts of the memory of the iPhone, bypassing the components that wipe them after too many attempts.

I'm happy to accept, as anon and leexgx claim, that it's stupid to suggest that the feds could pull every byte of data off of the device. (By the sounds of it, this would include the private key, so even the brute force attack wouldn't be necessary.) But I'd like to know WHY? Perhaps I could do some research and find out for myself, but the title of this article claimed it would fix my confusion, and it didn't address the one thing I'm confused about. Anyone want to help out with a clear concise explanation?

4
1

Re: To be clear

As the article states, the key to the data (128 bits, 256 bits?) is buried in the CPU, and the CPU will only use it itself to decrypt data on presentation of a valid passcode. So even though the flash memory could be cloned, that is useless without the key, which stays buried in the CPU at all times. So you need both the memory and that particular CPU running valid code to be able to get at the data.

5
0
Boffin

Re: To be clear

Good lord, you've cracked it! I can't imagine why, with all the expertise, resources and time the FBI have spent on this, they never thought of this super simple solution themselves. Yet, put the problem onto The Register and within seconds someone has figured it out. And absolutely no expert knowledge required.

And how about that Apple? All their posturing about security, but it's this easy to get access to their phones. Bunch of amateurs.

The power of the internet shows itself once more. Well done everyone!

29
0
Anonymous Coward

Re: To be clear

I was going to suggest that the FBI could just do something cool with tachyons and lasers and black holes and read all the memory that way. Besides, everyone knows the FBI has access to alien technology, so they could just ask for help from Mars or whatever.

3
0

Re: To be clear

> So even though the flash memory could be cloned, that is useless without the key, which stays buried in the CPU at all times. So you need both the memory and that particular CPU running valid code to be able to get at the data.

But the issue is the wiping of the memory after 10 attempts. If the memory were backed up, the CPU could be bruteforced, no?

2
0
Silver badge

Re: To be clear

Re: go read up on the security model on the iPhone

There is a good article here:

http://www.bbc.co.uk/news/technology-35601035

and an informed technical article it references:

http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/

Both make interesting reading.

0
0

Re: To be clear @Just Enough

Leonard, is that sarcasm?

0
0

Re: To be clear

They can spin up the vms - but can't do the testing without the physical hardware. While the time delay and wipe functions are software controlled (and are even if there is a "secure enclave") the conversion of pin to candidate key is done "on chip" and the chip will not allow you to view the secret data it uses to do this. The good news is this conversion only takes *80ms*, so you can test a dozen keys per second - provided you can bypass the software time delay. Assuming a 6 digit number for the pin, that's just under a day of testing.

1
0
Anonymous Coward

Re: To be clear

10 failed attempts likely results in the CPU discarding the encryption key, much quicker than wiping the flash memory and even more effective as it blocks your "back up the flash and restore after every 10 failed attempts" idea.

0
0

Re: To be clear

@AC:

Apparently the FBI figured out that what I said is true. You don't need to crack the encryption. You just need a way to copy the data and reload it.

Oh, and yes, I do have more than a passing idea of what it was I was suggesting.

0
0

"For Your Protection", yadda yadda.

At least someone significant is standing up for our privacy. Feels like the Government aren't.

29
7

Re: "For Your Protection", yadda yadda.

Nobody is asking Apple to assist in going on a fishing trip. Only the most pedantic of barrack room lawyers would argue that there is any question over the guilt of the alleged offenders in this case (an argument which rests only the fact of a lack of actual conviction at this stage. There is no challenge to the alleged facts of the case as far as I know).

And even if there were the FBI are asking for specific, very limited assistance in gathering information maintained by this one, specific, individual device. Nothing about what is being asked for has any implications for the privacy of anyone else.

The authorities already have far greater powers to investigate BEFORE the fact of a conviction, with the ability to seize documents, tap communications on the basis of probable cause, subject (in most cases I would like to think) to the issuance of a warrant. The obstacle in the case of an iPhone is a strictly technical matter. if the information were papers kept in a secure filing cabinet then the FBI would simply physically force that cabinet open and the implications for "the privacy of the rest of us" would not even be in question.

The only difference here is that the filing cabinet is an iPhone and the FBI need Apple's help to be able force it open IN A REASONABLE TIME. Crucially, they could do it without Apple's help, just potentially not in a timeframe that would make the resulting information useful.

Assuming a simple incremental brute-force approach of testing each passcode from 0000 to 9999 sequentially in turn, then they might get in within 10 seconds. But thanks to the mechanisms on the device, it could also take ~9999 hours and may take over a year to get in, by which time the information may no longer be of any use in PROTECTING the rest of us.

Or, they find that there is no information on which to act and we are all safe anyway.

Anyone proclaiming "PRIVACY IS AT STAKE" in this case is either an idiot or selling something.

11
46
Silver badge

Re: "For Your Protection", yadda yadda.

I imagine the same arguments were used when formulating the RICO statutes.

No, no way agreement in this narrowly defined situation could ever become any sort of standard go-to technique. I see that now.

25
2

Re: "For Your Protection", yadda yadda.

Irrelevant. Nothing is stopping the Feds from accessing the content on the phone, it is purely a question of the time it will take them to do it.

Think of the phone as a locked filing cabinet. In that case if there were urgency involved and/or the lock/cabinet manufacture particularly problematic and causing difficult then they absolutely could get equivalent assistance and I doubt anybody would be at all concerned about the privacy implications for the rest of us.

Just what precisely is the difference that you see in this case ?

5
18
Silver badge

Re: "For Your Protection", yadda yadda.

Why do you think there's "nothing stopping the Feds from accessing the content on the phone"? They don't have the PIN, and after 10 failed attempts the phone will discard the encryption key that allows it to read the data partition where everything except the OS is stored, wiping it in an instant.

The FBI is asking a judge to force Apple to help them because they cannot do it at all, not that they can do it but are in a hurry. With Apple promising to appeal all the way to the Supreme Court this may not be decided for years.

16
2
Silver badge

Re: "For Your Protection", yadda yadda.

It might wipe itself after ten tries, if that feature was enabled.

2
0
Silver badge

Re: "For Your Protection", yadda yadda.

> Nothing about what is being asked for has any implications for the privacy of anyone else.

Naive.

Apple would be demonstrating that they can break their own security (on some of their product range, at least). That has wide privacy implications, not to mention setting a precedent that they will be hit with on every future occasion that $RANDOM_POLICEMAN wants to convict $RANDOM_PERSON.

14
2

Re: "For Your Protection", yadda yadda.

"It might wipe itself after ten tries, if that feature was enabled."

That is the core issue and why the F.B.I. have gone to court. Apple's technology that prevents brute force access is slowing the attempt down and it could potentially take five years or more of putting a passcode in every x amount of minutes or even hours.

From my reading of the court order Apple have not been specifically tasked with writing the firmware. That is part of the solution, they are being forced to re-examine the technology to see if there is any way around it, to surrender any existing way that the company is aware of for getting around it and or assisting the investigating officers in finding a new way around it.

So, firmware yes at later date, but there is other work to do such as zero day exploits etc. that need to be dealt with first.

More interestingly <sic> they have used an old British Romano based law to force this decision as congress had no lawas in place to deal with it. The law used was never intended for this purpose and is being used more and more in the US as a solution to bypass current laws. From the woman in 2012 who they tried to force decryption of her phone thereby ensuring she self incriminated (against 5th amendment?)herself to the tracking of satellite phones.

Rum covers over there, expect more of the same as the All Writs Act becomes the new RICO for technology.

2
0

Re: "For Your Protection", yadda yadda.

"Nobody is asking Apple to assist in going on a fishing trip. "

No. There are asking Apple to demonstrate how they can get access to a locked phone. And once they have done that a flood of similar demands from every judge/police force/military on the planet will follow. "You did it for them, so you can do it for us."

But I guess that's ok, because every single one of the thousands of requests will only be for one specific, individual device. And I'm sure they will all have genuine reasons for doing. Something about terrorism will do. That's not fishing, is it?

15
1

Re: "For Your Protection", yadda yadda.

> At least someone significant is standing up for our privacy.

Yeah, Scalia mysteriously died the week this issue comes up. He would have been the swing vote in the Supreme Court to side with the people against the FBI.

Odd how that timing worked, eh?

0
6
Silver badge

Re: "For Your Protection", yadda yadda.

Yeah, Scalia mysteriously died the week this issue comes up

What's mysterious about a 79 year old dying in his sleep?

7
0
Silver badge

Scalia would have sided with the people against the FBI?

I think you might want to read his opinions in similar cases if you believe that...

2
0
Silver badge

Testing

I wouldn't want to be the one doing the testing on that. "Ooops, sorry your honour. I seem to have bricked the phone."

23
0
Silver badge

Re: Testing

I wondered that. But the court order seems to give them a bit of a get out - the software has to be written to only work on the one handset, and I seem to recall towards the end if mentions something along the lines of "it's your best efforts we need" but stops short of stipulating the attempt be successful. At least, that was my reading of it yesterday.

4
1

Meh

They don't want one iPhone, they want to pwn them all, it's not like this guy's Dr Evil and they must have his iPhone, it doesn't stop there

30
9

Re: Meh

Hmmm, yes, probably they would like to pwn all iDevices.

It sounds like the more recent iPhones have deeply-linked hardware-software systems which would make such pwnage quite hard. The phone used by the killers did not have those security enhancements.

So an iOS firmware tweak Apple could apply to crack the iPhone 5C would not work on later models.

Any encryption software is hackable. But the bar can be set very, very high. Apple may have set a very high bar on the iPhone 7C and later. At least, from what I am able to comprehend from the tech descriptions... which is not very much. A shallow puddle indeed.

2
3

Re: Meh

Complete and utter male cattle excrement.

"They" are VERY precise and VERY specific in what they have asked for.

You may be right that the security services/police are frustrated and would LIKE broader powers and capabilities than they currently have but there is NOTHING in this case that gets them ANY closer to achieving that.

10
15
Anonymous Coward

Re: Meh

Complete and utter male cattle excrement.

"They" are VERY precise and VERY specific in what they have asked for.

You may be right that the security services/police are frustrated and would LIKE broader powers and capabilities than they currently have but there is NOTHING in this case that gets them ANY closer to achieving that.

You may want to look up what precedent means in US law. Sure, Apple fights this because it would harm their own business, but in the wider context it happens to coincide with a need to prevent this idea of vendor self harm from becoming a legal precedent.

15
0
Silver badge

Re: Meh

but there is NOTHING in this case that gets them ANY closer to achieving that.

Except for the construction of a firmware update which, while it might still remain Apple property, is going to be vulnerable to a tragically coincidental incidence of industrial espionage.

3
0
Anonymous Coward

It's probably just a false flag case...

...meant to reassure the public that devices exist which are so uncrackable, even the Feds can't get at your data.

14
8
Black Helicopters

Re: It's probably just a false flag case...

That makes the most sense to me.

The 1000 VM idea is the most obvious solution. So obvious that it's reasonable to assume they've already done this, have all the data, and have people under surveillance already.

So the point of the media circus must be to convinced the surveilled people into thinking they haven't been fingered, and therefore lure them into doing something they can be nabbed for.

....at least that's how I'd write it if I were working on a spy novel. But we wouldn't find that out until the last chapter.

2
18
Silver badge
Mushroom

Re: It's probably just a false flag case...

You and the other people who are talking about "1000 VMs" are utter morons who haven't bothered to read any facts about how Apple's encryption works. You can copy the entire contents of the flash and it will get you nothing, because the key isn't stored in the flash, nor in RAM. I won't tell you where it is, on the faint hope that you might decide to educate yourself and learn where it is stored, but I assume you'll continue spouting nonsense from a position of ignorance instead like most fools.

21
4
Terminator

Re: It's probably just a false flag case...

Yup. FBI/Apple Inc's version of FBI/MS's heroic Dublin pantomime. A PR exercise to trick the cattle into forgetting those nasty lies that nasty Snowden traitor told and thus restore consumer confidence and safeguard PROFIT$.

The FBI has a term for the disinformation operations like this which it perpetrates against the people it "protects" and "serves"

COINTELPRO

0
8

Re: It's probably just a false flag case...

...and it'd be 10,000 VM's anyway. 4-digit PIN...0000-9999

5
3
Silver badge

Re: It's probably just a false flag case...

...and it'd be 10,000 VM's anyway. 4-digit PIN...0000-9999

It depends how you look at it. I see why people are talking about 1,000 VMs -- that's because each VM gets 10 guesses at the PIN before the VM destroys the key.

Then again, if that attack worked, you could have 1 VM and restore from a snapshot after every 10 attempts, so the number wouldn't really matter as long as you have enough time.

However, it seems you may actually need 2^256 VMs (or a smaller number and more time) because if all you have is a snapshot of the memory you need to brute-force the AES key and not the PIN. That'll take a while ...

6
0
Anonymous Coward

Re: It's probably just a false flag case...

Then they need to clone/read the CPU memory some how?

There have been a few papers on reading memory, not seen any on reading CPU memory remotely.

0
0

Re: It's probably just a false flag case...

It must be stored somewhere. Either in the flash, a serial eeprom, or perhaps they are using a hash of the processor internal hardware serial numer + algorithm + 4 digit code.

If the processor has a jtag port for things like initial factory firmware load or debug purposes, then that provides access to all memory and peripheral devices on the system. Not saying it's easy, but it could be done...

1
3

Re: It's probably just a false flag case...

The more that they can convince people that it's uncrackable, the more likely it is that everyone will assume that it is, including the bad guys.

To avoid complacency, you have to ssume that *all* security devices can be cracked, given sufficient resources :-(...

0
0
Silver badge

Re: It's probably just a false flag case...

No one is claiming it is truly uncrackable. Apple hasn't claimed that what the FBI wants to them to do is impossible, but that there are multiple reasons they shouldn't be compelled to do it.

This phone is a 5c, the newer ones have a secure element that makes the strategy the FBI wants to pursue impossible. But given sufficient resources I'm sure even those could be cracked. You might need to decap the SoC in an unlit vacuum, use an electron microscope to read the fused UUID, who knows, so it could be cost prohibitive but I don't think anyone is naive enough to claim something like this is truly impossible. But truly impossible and impossible for all practical purposes are the same thing for most of us - in the 'good enough for me' category.

0
0

If Apple gives in on this, it could result in...

.. thousands of such judicial orders, which would cost it huge time and money.

And, of course, any "bulk" solution to those orders would constitute a True Threat to all older iPhones and devices.

18
0

Re: If Apple gives in on this, it could result in...

So, this is an older device and it may be a totally different story on newer devices, BUT, the general take-away is that if you really want to protect your customers from having their devices and data accessed by the government, you must also secure the devices from access by yourself (the vendor/manufacturer/coder).

Again, maybe the newer devices are like this but either way, IF a device can be accessed by the developer, the developer can then be obliged to access it on behalf of the government.

I.e - in this instance, Apple themselves are the weak link in the security.

Note that all of this is independent of the specific case in question.

7
1

Re: If Apple gives in on this, it could result in...

Hold on, this is a case where there is a wholly lawful and socially necessary request to access the phone data of someone who has committed a criminal act. Do we really want to allow any form of data storage that can never be read by anyone else in any circumstances? They are not asking for a remote back door, only forensic access to the data of a known felon.

Put yourself in the shoes of a victim or relation to a victim, not just of a terrorist act, but of a murder or other serious criminal act, would you really want it made impossible to read their data. Think about the consequences of not allowing the FBI warranted access. If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you. Remember in some cases perpetrators actually video their crimes on their smart phone, or take photographs, do you want them not caught, and convicted by their own records.

So if Apple does not give in it could result in every criminal and terrorist buying an iPhone to keep their records on. I would also assume as, in this case it is a terrorist act the NSA would crack the phone for the FBI if they could, and still manage to keep it secret.

2
17
Anonymous Coward

Re: If Apple gives in on this, it could result in...

If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you

.. which is why I have my passwords and PIN codes stored in a service with data inheritance enabled. There is no problem getting to my data if something happens to me, but you won't be able to do that behind my back because during the timeout the service will alert met that the inheritance clock has been started. All I have to do to stop such abuse is to generate a new inheritance code.

We should also not forget that the FBI has other means available to get information. For meta data, for instance, it apparently does not even need a court order so it should already have all the call data.

1
0
Silver badge

Re: If Apple gives in on this, it could result in...

> ... Put yourself in the shoes of a victim ...

You don't have put yourself "in the shoes of a victim". Without reliable encryption, you *are* a victim.

6
0

Re: If Apple gives in on this, it could result in...

"Do we really want to allow any form of data storage that can never be read by anyone else in any circumstances?"

Er, you mean like paper: which you can burn?

Given that the perpetrator in this case apparently destroyed two other phones, one would suspect that there will be nothing at all of interest on this one.

4
0
Silver badge

Re: If Apple gives in on this, it could result in...

"

If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you

"

Well, catering for the ability for others to access your data if you should die is up to you. After all, that part is no different whether you were murdered or run over by a bus, and I can think of many objections to the idea of providing automatic access to the encrypted data of anyone who dies.

As for accessing the data of your killers - why? They have already been caught and punished, so the data is unlikely to be of significant importance as far as you or yours is concerned. Unless of course you really meant to say that access should be granted to the data of your *suspected* killers - who may of course be entirely innocent, or could even be data of innocent people who the government would like to find out about, and where if you had your way a false accusation would then open the magic door ...

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018