back to article US govt says it has cracked killer's iPhone, legs it from Apple fight

The US Department of Justice (DoJ) says it no longer needs Apple to help unlock the iPhone 5C used by one of the San Bernardino killers. In a filing [PDF] made Monday to the Central California District Court, prosecutors say they have extracted data from the smartphone belonging to slain San Bernardino killer Syed Farook, thus …

  1. Gio Ciampa

    Do as we ask...

    ...or we'll just imply that there's an exploitable flaw in your devices...

    1. bazza Silver badge

      Re: Do as we ask...

      This is not really a good outcome from Apple's point of view.

      1. JB77

        Re: Do as we ask...

        Actually, Apple was given the best gift - ever!

        The gift of "tipping their hand".

        Apple, as well as the rest of the world, now knows that the FBI wants access to ALL secrets, everywhere. And now that Apple, and the rest of the world, is "armed" with that knowledge, Apple, and others in the tech community, will make their products even stronger.

        JB

        1. anody

          Re: Do as we ask...

          "Apple, as well as the rest of the world, now knows that the FBI wants access..."

          And that was a surprise...? oh, boy...

        2. boltar

          Re: Do as we ask...

          "Apple, and others in the tech community, will make their products even stronger."

          Yeah, believe that if you want. They'll make their products as strong as they need to to keep sales up. Proper security costs money - money which as far as Apple is concerned could be spent on the Oooh Shiny! aspects of its devices. Now Apple have done alright so far , but lets not pretend they're the shining white knight fighting for the little guy - they're a public corporation who answers to its shareholders first, customers second.

      2. DougS Silver badge

        Why is it not a good outcome for Apple?

        Had they appealed up to the Supreme Court and lost, they (and many other US tech companies) would be in a bind. If they won, they would be in no better position than they are today.

        The fact that the FBI got at the data doesn't really hurt them. Basically from the public point of view, the FBI had a LOT of trouble getting at the data so the phone is more than secure enough for their needs, since most of us wouldn't have the level of resources directed at breaking into our phones that the FBI was putting forth for this one. Plus, the DOJ says the method "only works on this particular phone" so it isn't like they have a new trick in their toolbag they can share with police all over the US to break into iPhones willy nilly.

        There's also no evidence what they did would have been possible on a newer iPhone with the secure enclave - and as of last week Apple no longer sells any iPhones that lack it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why is it not a good outcome for Apple?

          There's also no evidence what they did would have been possible on a newer iPhone with the secure enclave - and as of last week Apple no longer sells any iPhones that lack it.

          Given that the FBI started with a statement that "this would only be a one-off" which got disproved before the filing had cooled down from the laser printer I don't actually put much stock with the "we cracked it without Apple" statement either, to be honest. It seems more a deal with an obscure outfit to get lots of dev money for declaring they can break the iPhone so that the department saves face.

          The problem I have with these cases is that it pits more and more people AGAINST law enforcement. There used to be a time where you'd be glad to help them to indeed catch bad guys, but they seem to be hell bent on being the bad guys themselves now which isn't right.

          Restoring transparency and accountability appears to be a priority, now more than ever.

          1. James Pickett

            Re: Why is it not a good outcome for Apple?

            "declaring they can break the iPhone so that the department saves face."

            That seems very plausible. They didn't want the matter debated anywhere that might result in a legal precedent, and they can re-think their strategy for next time. If I was the magistrate, I would ask to see the alleged phone data.

        2. bazza Silver badge

          Re: Why is it not a good outcome for Apple?

          @Doug S

          "Had they appealed up to the Supreme Court and lost, they (and many other US tech companies) would be in a bind. If they won, they would be in no better position than they are today."

          Depends on one's point of view. The possibility that the FBI will make a similar request in the future is quite high (and getting higher, if Apple's security really does go up), and the matter is currently unresolved. Nobody wants that prospect lurking in the background forever, it'd be better for everyone if it were settled one way or the other.

          As things stand the next time this case comes up it might be impossible for Apple to resist; the FBI may have far stronger reasons next time than they did this time. And then the precedent would be set not in Apple's favour.

          If Apple were ever to take a chance to settle the matter in the way they wanted, this was the best opportunity. Everyone seemed to think the FBI had a weak hand. But they now cannot do that, even if they wanted to; the case is shelved.

          "The fact that the FBI got at the data doesn't really hurt them. Basically from the public point of view, the FBI had a LOT of trouble getting at the data so the phone is more than secure enough for their needs, since most of us wouldn't have the level of resources directed at breaking into our phones that the FBI was putting forth for this one."

          Well there's an odd thing. If as you suggest people are happy with the idea that FBI can get into their phones so long as there's some kind of barrier, why wouldn't they be happy with Apple being that barrier to access? They already are for iCloud accounts. It feels like a contradiction. Has Apple actually gone and asked any of their customers if they'd be OK with Apple being a gatekeeper like the one they already are?

          1. Anonymous Coward
            Anonymous Coward

            Re: Why is it not a good outcome for Apple?

            @bazza

            As things stand the next time this case comes up it might be impossible for Apple to resist; the FBI may have far stronger reasons next time than they did this time. And then the precedent would be set not in Apple's favour.

            Hang on, how much stronger arguments than "we need to catch terrorists" are there?

            I disagree with you. The FBI decided to play a high stakes game of precedent poker here and were eventually whistled back by a party whose interested they were damaging (no, I'm not assuming sanity prevailed because your rights don't have a play at that table). I don't buy the "we have managed to crack it" story for a minute, because you can't tell me the FBI isn't up to date on all possible resources and companies that have this ability (it's not like they're short of budget to buy any toy for this that they can even vaguely justify).

            You also continue to conflate iCloud access (which Apple can change the password for to access) and hardware access (which Apple can only have access to in limited circumstances when permitted by the user or an MDM platform). They are not the same environments, and require different efforts to break into.

          2. DougS Silver badge

            This idea that it is bad because the FBI can try again

            Yes, in theory the FBI can try again. What are the odds they will have such a slam dunk case again? The only way this case could have been more of a slam dunk for them would be if they could have somehow proven there definitely was intelligence on that phone and they definitely were part of a larger cell/plot.

            I think the FBI and Apple learned two important things, and both were surprised by what they learned. Originally Apple wanted the case filed under seal, but the FBI refused. I think Apple was worried about negative publicity from taking a stand that might appear "pro terrorist", and the FBI thought that negative publicity would force Apple to give in which is why they refused to file the case under seal. Turns out they were both wrong.

            While there certainly wasn't universal support for Apple, at best the FBI had only half the country on their side. And that was with a case that lined up almost perfectly to put Apple in the worst possible light. I honestly don't think the FBI is willing to try this again, because of the way they ran off with their tail between their legs on this one and went with the third party option that I'm sure they already knew about. They'll never get a better case, unless a terrorist is caught with a phone and taunts them "information about hundreds of ISIS terrorists in the US and dozens of active plots are on it, but it is encrypted so you'll never get in!" before he shoots himself to avoid being caught and forced to reveal the password.

        3. Rogerborg

          Re: Why is it not a good outcome for Apple?

          If by "a lot of trouble" you mean Googled "iphone 5c hacks" and paid some monies, sure.

          1. Danny 14 Silver badge

            Re: Why is it not a good outcome for Apple?

            It could end badly for apple in the future though. whilst apple (for right or wrong) didn't want to give the FBI carte blanche encryption breaking tools there may be a case in the future where they are compelled to - there may be a "terrorist" (using that phrase quite liberally where the American interpretations are concerned) incident that the public is more on side with - once that door has been opened it will be hard to shut it (even for lesser incidents).

            Until the matter is settled properly it will come up again i'm sure. It might not be an apple device next time, wonder what the likes of blackberry would do?

            1. Someone Else Silver badge

              @ Danny 14 --Re: Why is it not a good outcome for Apple?

              [...] there may be a "terrorist" (using that phrase quite liberally where the American interpretations are concerned) incident that the public is more on side with [...]

              I dunno. The key aspect of this particular case is that the FBI wanted to go snooping around in this particular piece of hardware "after-the-fact". From my perspective, any instance matching your criterion would require poking around in the device "before-the-fact", which would necessarily require that police work would have to precede any attempt at that poking. With that police work, would come (if the U.S. is still a constitutional democratic republic at the time) such things as search warrants, surveillance, interdiction...all the nasty stuff that goes with good ol' fashioned police work. Maybe my imagination just won't go there, but I have a hard time identifying a situation where end-running the Constitution just to break into a phone would go well with "the public".1

              1 Excluding supporters of Herr Drumpf, of course...,

              1. Anonymous Coward
                Anonymous Coward

                Re: @ Danny 14 --Why is it not a good outcome for Apple?

                Maybe my imagination just won't go there, but I have a hard time identifying a situation where end-running the Constitution just to break into a phone would go well with "the public".

                What exactly do you think happened after 9/11? Fear is a wonderful tool to sweep aside clear thinking, and the legal mess it created is still around. Even the "just now, only for this emergency" conditions still exists after the FREEDOM Act extended parts of the PATRIOT Act.

        4. Wommit

          Re: Why is it not a good outcome for Apple?

          But the final outcome is good news for Apple and all other technical companies. One of the main arguments the FBI put forward was that 'Apple had the "exclusive technical means" to unlock Farook's phone.' But it has now been proved that Apple didn't have this exclusivity. The Feds stance on forcing a company to comply has been weakened considerably.

          In any future case Apple, or any other company, can point to this precedent and tell the FBI (or whoever,) to use those means / methods again.

      3. Lucasjkr

        Re: Do as we ask...

        It's fine, really.

        From Day 1, both parties made it clear that what the FBI was after was only possible because the 5c used software to handle keys on the device, rather than the 6's secure enclave chip, which, we're told, such an attack would be useless against.

        If anything, knowing that Apple fought back might spur 5c owners to upgrade. Honestly it's doubtful, most people couldn't care less about device encryption.

        But this case should be illustrative to Apple and the rest of the industry if what the FBI will be after (not just furnishing warrants for hosted data, but using All Writs to demand software be written and failing that, threatening to sieze source code). So even though Secure Enclave has gotten no mainstream advertising, future upgrades (for new phones) will likely be talked up a lot more, well resourced companies like Apple will spend significantly more on security reviews, and who knows, could even spur Apple, Google and the like to transfer ownership and development of their devices source code, or even the security aspects, to countries with stronger legal protections - certainly there's some island in the Caribbean that's drafting legislation specifically to address that.

        At that point, when confronted with a demand, Apple could say "hey, we'd love to, but we can't. We only license the source code from this wholly owned subsidiary of ours. Why don't you try asking them?"

        I think this whole case was a fail for the FBI. Whoever had the bright idea of going after Apple to set a precedent.... Well, I don't know! The saner thing to have done is to have gone after a less well-resourced company, win your ruling against them, then point to that precedent when going after Apple.

        So at the end of the day, the FBI loses, because if nothing else, all they accomplished was to cause Apple, Google, Facebook, etc to all rethink their development policies to insure that they can't be subject to overreaching All Writs demands in the future, much less add many more sets of qualified eyes to security review. It's like the NSA and prism - worked fine, but once it was discovered/publicized, it only spurred the uptake of encryption by most the affected parties. Apple, with their device security, Google by encrypting not only external network links, but also all internal traffic as well.

    2. JeffyPoooh Silver badge
      Pint

      Re: Do as we ask...

      "...imply there's an exploitable flaw in your devices..."

      There's ALWAYS an exploitable flaw in your device.

      ALWAYS.

      It'll be decades before the first 'perfectly secure' device *actually* exists.

      False claims will continue, but you'd have to be pretty naïve to actually believe it.

      1. Mad Chaz

        Re: Do as we ask...

        "It as been centuries since the last 'perfectly secure' device *actually* existed."

        There, corrected that for you.

        1. Chris Parsons

          Re: Do as we ask...

          @Mad Chaz. Downvoted for smugness.

      2. Anonymous Coward
        Anonymous Coward

        Re: Do as we ask...

        It'll be decades before the first 'perfectly secure' device *actually* exists.

        There will never be a perfectly secure device because it's a never ending arms race. What people can make, people can break.

        What you can get is a hard to break device, the question is if you're willing to pay for it.

        1. Nigel 11

          Re: Do as we ask...

          There will never be a perfectly secure device

          If it is possible (even in theory) to eavesdrop on key distribution via a quantum communications channel , then the universe does not work the way that we think it does.

          And I'm pretty sure a device can be designed which will destructively erase itself as soon as its password has not been re-input for x hours, where x is smaller than the minimum amount of time required to reprogram it because of engineered-in slowness of its programming interface. Fail-destroyed rather than fail-safe. Whether anyone other than secret agents would want a "Mission Impossible" phone, is quite another matter.

      3. Christian Berger Silver badge

        Re: Do as we ask...

        "It'll be decades before the first 'perfectly secure' device *actually* exists."

        Actually we are moving away from secure devices, as such devices become more and more complex. Often that complexity is completely unnecessary.

        Only when we learn how to make such devices as simple as possible, we will get something that remotely resembles a secure device.

      4. Anonymous Coward
        Anonymous Coward

        Re: Do as we ask...

        There's ALWAYS an exploitable flaw in your device.

        ALWAYS.

        Given your, er, "expertise" in matters securiy, I presume you don't use email, buy anything online and only bank physically? I'm going to make you more scared then: check out how easy door locks are to crack - it's trivial. I'd give up on life if I were you.

  2. allthecoolshortnamesweretaken

    Okay, who called this off?

    1. Pseu Donyme

      >Okay, who called this off?

      A possibility is that both Apple and FBI did i.e. there was an agreement behind the scenes to Apple to continue unlocking its devices as it has until recently and the FBI to back off from the court case with a mealymouthed explanation: stakes were high for both and the outcome was unpredictable (not only from the courts, but potentially from the legislators as well). I suppose this is unlikely and I would like to think better of Apple*, but then they were among the other prominent US tech corps on the PRISM slides courtesy of Ed Snowden. Also, in this case Apple seems to have found its zeal for privacy advocacy only after asking the FBI to issue its application for the unlock tool under seal**.

      * a trivial reason being that I'd like to eventually replace my Blackberry with something decent, privacywise, of course it is great to see a big tech player putting emphasis on privacy, but then doubt towards tech from the US is not without reason

      ** http://www.nytimes.com/2016/02/19/technology/how-tim-cook-became-a-bulwark-for-digital-privacy.html

  3. Number6

    A Kick in the Nuts

    So now Apple have to rush around and try to uncover any potential security flaws in case it affects confidence in the security of their phones. Well played by the FBI, great return shot. Now we wait for Apple's reaction.

    1. Danny 14 Silver badge

      Re: A Kick in the Nuts

      not really. Like I said before, if you have deep pockets you could probably clone the phone. By cloning I mean forensically clone the NAND, hardware - make a duplicate. You can then use the duplicate to brute force, clone back, brute force, clone back etc. When you have the code use it on the original.

      You wouldn't need a "hack" and can use it on future devices. You would need intimate knowledge of the workings of course.

      1. Anonymous Coward
        Anonymous Coward

        Re: A Kick in the Nuts

        > forensically clone the NAND, hardware - make a duplicate

        That's what the "secure enclave" is for - something that's really, really hard to duplicate. Like, maybe if you shave the top off and scan it with an electron microscope you might have a chance. Except that a good secure enclave will self-destruct when it is opened.

        1. JeffyPoooh Silver badge
          Pint

          Re: A Kick in the Nuts

          "...a good secure enclave will self-destruct when it is opened."

          That's why they practice on a dozen disposable examples to learn about the booby traps, and learn how to avoid or bypass them. Only after it's down to a repeatable exercise would they put the process into 'production'.

          Your use of the word 'opened' leads to muddled thinking. The chip doesn't have a door. How does it know that it's been opened? Don't forget, the power is off. There's a half-dozen techniques, but perhaps only one or two new inventions (at most).

          1. Anonymous Coward
            Anonymous Coward

            Re: A Kick in the Nuts

            That's why they practice on a dozen disposable examples to learn about the booby traps, and learn how to avoid or bypass them. Only after it's down to a repeatable exercise would they put the process into 'production'.

            Shaving down chips is a technique that has been used for decades to crack satellite cards, but the APple chip is a bit different. I have worked with mil grade chips that had all sorts of fun stuff to prevent shaving like embedded wire cages so I think it's reasonable to assume Apple has thought just a little bit further than just replicate the satellite smartcard problem. In addition, you need to observe those chips in working order to get anywhere, and that is such a precarious exercise that I suspect you'll need far more than a dozen to get it right.

            Do you really think that a company that has spend man YEARS on improving its security (for the simple reason that it is a profitable feature) can be defeated by a man with a grinder in a few weeks? By the time your man has found his secret path in, Apple will have moved on. That was even the case here: it iPhone ran an old version of the OS, and it was old hardware.

            There may not be a totally safe device, but from a security perspective Apple appears to be doing things right to stay ahead in the arms race.

            By the way, I'd stop thinking in absolute terms. This is a race between budget, technology and time. There is no binary answer, but if you're really that paranoid I'm wondering why you're online and not living in a cave.

      2. John H Woods

        Re: A Kick in the Nuts

        "Like I said before, if you have deep pockets you could probably clone the phone" -- Danny14

        And like many of us said before, it's not that simple. Cloning memory is easy, but cloning other chippery is hard. Sure if you have deep enough pockets it can be done, but I don't think you really understand just how deep they have to be. And 256 bit encryption CANNOT be brute forced. Broken, perhaps, but this break will NEVER be by brute force.

        1. Percy the Paprika Pigeon

          Re: A Kick in the Nuts

          "And 256 bit encryption CANNOT be brute forced."

          That's not even wrong.

          1. This post has been deleted by its author

        2. Doctor Syntax Silver badge

          Re: A Kick in the Nuts

          "And 256 bit encryption CANNOT be brute forced. "

          How many times do we have to have somebody trying to show us how smart they are by grasping the wrong end of the stick.

          The FBI weren't trying to break 256 bit encryption by brute force.

          They were trying to break a pass code.

          A four digit pass code AIUI.

          Now go away and work out how many bits that is. Big clue: it's a lot less than 256 bits.

      3. MR J

        Re: A Kick in the Nuts

        You could take the clone bit up a level as well.

        If you were able to fully clone the hardware to multiple devices then the brute force time starts going down fairly fast.

        So a 4 digit pin would take less than 5 days, a 4 digit pin over 10 devices could be done during one night sleep.

        There were some brute force iPhone hacks in the past that would instantly reboot the phone if the password was wrong, bypassing the incorrect guess limit.

        1. Anonymous Coward
          Anonymous Coward

          Re: A Kick in the Nuts

          If you were able to fully clone the hardware to multiple devices then the brute force time starts going down fairly fast.

          If you were able to clone the hardware which is, of course, something Apple NEVER considered when they developed the security enclave, gosh no, I suggest you get that patented real quick before they stumble on that one, QUICK, uh, where was I? Oh yes. If you were to clone the HARDware and somehow magically managed to clone the burned in device code with it, you would not NEED brute forcing because you could just walk through the PIN code keyspace which is trivial, even if it was 6 characters alphanumeric.

          I am glad I have encountered you, oh enlightened crypto expert, before you become famous and write lots of books. With your level of expertise, a government job is inevitable.

          </sarcasm>

      4. Anonymous Coward
        Anonymous Coward

        Re: A Kick in the Nuts

        Like I said before, if you have deep pockets you could probably clone the phone. By cloning I mean forensically clone the NAND, hardware - make a duplicate. You can then use the duplicate to brute force, clone back, brute force, clone back etc. When you have the code use it on the original.

        Ah, what a wonderful suggestion. It's only been made about a 1000 times by other numpties who have also failed to attain the required level of comprehensive reading required to pick up the reasons why that isn't feasible, from posts going back weeks.

    2. Number6

      Re: A Kick in the Nuts

      I'm interested in why I got so many downvotes - is it because I implied criticism of Apple and the fanbois got upset? I'm actually on their side on this one, but I can appreciate the way the FBI are fighting their propaganda war. Until they produce the actual iPhone properly cracked and reveal what was on it, it might all just be hot air and sour grapes on their part. Saying they've done it but not passing on any information about how it was done or proof that it was done is, as I said, a kick in the nuts. They probably didn't want to risk a long drawn-out court case and possible adverse verdict at the end, so they've found a way to back out of it.

  4. emmanuel goldstein

    The FEDS were fishing for a legal precedent, that is all. The notion that the US lacks the technical ability to crack any mass-prodiced device wide-open is laughable (and scary).

    1. Danny 14 Silver badge

      who says they don't have *access* to the ability? The Feds wanted an EASIER way of doing it, and in such a way that in future they could get others (apple) to do it for them by waving a piece of paper. They didn't want to owe favours to other departments (are you saying the NSA cannot crack iphones? whilst they aren't omnipotent, I highly doubt they do not have the ability) or pay others to do it for them.

      At the end of the day the FBI are a police force, nothing more, I wouldn't expect them to be cutting edge at anything - encryption breaking included.

  5. Boris the Cockroach Silver badge
    FAIL

    And now this is the worst

    possible option

    Every government on the planet now knows that iPhones can be hacked, every cracker knows iPhones can be broken into... so I bet theres already several groups queuing up at the apple store to buy 1/2 a dozen phones especially to see if they can break into them.

    Where as if apple had complied with the warrent, people would only have known that apple can get into a phone with a modified O/S signed only by them.

    Hey ho

    1. Adam 52 Silver badge

      Re: And now this is the worst

      As if people haven't been looking for iPhone flaws already?

      The well funded governments and organised gangs will have their own exploits which may or may not be the same as this one.

      1. I. Aproveofitspendingonspecificprojects

        Speaking as a grasshopper

        It looks like the FBI have come out of the woodwork. It will be interesting if this turns into Armageddon a fourth world war between truth and secrecy. According to the Gronads it is: "With the court filing, Silicon Valley and Washington are poised to return to a cold war over the balance between privacy and law enforcement in the age of apps". I have suddenly found myself in the army.

        http://www.theguardian.com/technology/2016/mar/28/apple-fbi-case-dropped-san-bernardino-iphone

        And they blinked first!

    2. ratfox Silver badge

      Re: And now this is the worst

      It was always possible to decrypt an iPhone. People who had any chance of breaking into an iPhone were already trying to do so.

      However, it is now known that Apple will not roll over at the whim of random prosecutors. If they want an iPhone decrypted, they'll have to pay a professional company to do it, instead of just ordering Apple to do it whenever they want.

      I'd say Apple won this one. And what's more, I'd say we all did.

    3. John H Woods

      Re: And now this is the worst

      "Every government on the planet now knows that iPhones can be hacked"

      Everyone with a clue knew this already. What was being resisted was (a) a tool that could be routinely used (e.g. during police stop & search or temporary unauthorized access to a phone) and (b) a legal precedent. This is a 100% win for Apple.

      1. dajames Silver badge

        Re: And now this is the worst

        What was being resisted was (a) a tool that could be routinely used (e.g. during police stop & search or temporary unauthorized access to a phone)...

        That's not something that was ever being asked for, nor is it something that it would have been reasonable to believe was possible.

        However, we don't know what the FBI has now managed to obtain, with the help of its unspecified third-party consultants. It's possible that what they now have is more than they asked Apple for, so this may not be as good a result as you seem to believe.

        1. Adrian 4 Silver badge

          Re: And now this is the worst

          And if they have the knowledge of how to break into the older iphones and don't share it with the manufacturer so they can fix it, are they aiding and abetting criminals ?

        2. Doctor Syntax Silver badge

          Re: And now this is the worst

          "What was being resisted was (a) a tool that could be routinely used (e.g. during police stop & search or temporary unauthorized access to a phone)...

          That's not something that was ever being asked for, nor is it something that it would have been reasonable to believe was possible."

          You don't think so? Not necessarily in the first place. But having got a precedent in the bast case they could come up with the next step would be to widen it a little. And then a little more. And so on.

          The other issue could have been that there's a precedent which only applies if the suspect is dead. Well, that's a circumstance that could be arranged...

      2. Nigel 11

        Re: And now this is the worst

        Everyone now knows that obsolete iPhones can be hacked. Current ones?

        Law-abiding people probably don't want Apple or anyone else to make their phones as utterly unbreakably secure as they could. I'm quite happy with the idea that the NSA and suchlike could break any phone provided it was a matter of several days work in a forensic hardware lab costing tens of millions of dollars. I just don't want my phone to be an instantly open book to any slightly curious government employee. There's probably some degree of collusion behind the scenes between Apple and the NSA.

        I don't know about the USA, but in the UK what would happen if I was still alive, would be that they would simply tell me to unlock my phone for them to investigate. And I almost certainly would, after a greater or lesser amount of protest and delay depending on the circumstances. Because if I outright refuse, they will jail me. There are some safeguards here compared to electronic backdoors, although many don't see it. The threat is ineffective in the hands of a single rogue policeman. More importantly they can't do this without me knowing that they are doing it.

    4. a_yank_lurker Silver badge

      Re: And now this is the worst

      Not really if one understands the purpose behind security. The basic premise is any secure system with enough time and effort will be broken. A first class security system raises to the time or effort part to levels that very few have and by the time anyone else is able to break the system the data is useless. The typical security issues for a user is a hacker stealing bank logins and credit card numbers and the like. Spookhauses generally have the expertise and mobilize the effort to crack many if not most devices on the market. But they are not interested in a random credit card but in information that is useful for their masters. I would not be surprised if the NSA or CIA could and did crack the security.

      The Do(In)J was shopping for a precedent that would allow them to beat any company who sold a secured device in the US.

      1. Adam 1 Silver badge

        Re: And now this is the worst

        > The basic premise is any secure system with enough time and effort will be broken

        Realistically that is correct, but only because developers are humans with SNAFUs like in every other endeavour. Usually it is flawed implementations which are attacked.

        For example, it is possible to choose a key size such that even allowing for Moore's law to continue and the entire GDP of the world dedicated to breaking it would still take longer than our sun has left in it. But all that is based on our assumptions about the trapdoor functions that we rely upon. We assume that factorising the multiplication of two huge primes is really hard. We assume that the discrete log problem is really hard. But find some new mathematical construct then maybe it can be done with less effort. In fact if you look at the logjam attack it takes advantage of being able to precompute millions of CPU hours worth of computations and reuse that to simplify the computations for subsequent keys.

        But I digress. My point is that the goal is impossibility without the key. Good enough means uneconomical to crack (I think your point) but with the proviso that hardware reduced the cost per operation over time (in both time and power consumption), and sometimes your enemy is a miscreant who is paying for neither (malware / stolen Amazon keys / etc). If you accept the good enough argument, you need to make sure you adequately measure the economics rather than just trying to figure out what it would cost you to do.

        1. JeffyPoooh Silver badge
          Pint

          Re: And now this is the worst

          @Adam 1

          Side Channel attacks don't have to be "SNAFUs". Sometimes they are such blatant design implementation errors (e.g. failing to keep code branches equal clock cycles), but as those are slowly eliminated from newer implementations, there still remains an endless well of subtle design implementation characteristics which can be exploited.

          The point here is that even clever and careful designers cannot make an uncrackable device. It'll be decades before the 'Handbook of Side Channel Prevention' is even thought to be complete.

          Much of your post is still too focused on key length ("...GDP ...Sun ...hard ...power consumption..."), which COMPLETELY misses the entire point. Nothing in this entire story has anything to do with brute forcing anything. It's a huge mistake to focus on that too-obvious red herring.

    5. JeffyPoooh Silver badge
      Pint

      Re: And now this is the worst

      BtC "Every government on the planet now knows that iPhones can be hacked, every cracker knows iPhones can be broken into..."

      Only the utterly naïve didn't see this coming...

      Seriously, did you really think that the iPhone 5C was the very first uncrackable device in history?

      Or have you been ignoring The History of Cryptography?

      1. Anonymous Coward
        Anonymous Coward

        Re: And now this is the worst

        Or have you been ignoring The History of Cryptography?

        Was that in too in those CCC videos you keep referring to? Just curious.

        1. JeffyPoooh Silver badge
          Pint

          Re: And now this is the worst

          'The History of Cryptography in CCC?'

          The CCC presentations are what would be called 'Modern History'. They're often making the history, famously cracking the 'uncrackable'. Several that I've watched included a review of older history for context. Plenty of excellent books on my bookshelf, several feet on this topic (not all read yet).

          The repeating patterns in this area are crystal clear:

          10: Claims of 'Strong' security.

          20: Later shown to be utterly false, daft, naïve, hubris.

          30: Vulnerabilities. Side Channels. Clever hardware cracking.

          40: NOT brute force of huge keyspace.

          50: GOTO 10

          This endless loop has played out endless times.

          It's happened again just now with this FBI 5C instance. Noobies thought it was secure.

          It's just started again at Line 10 with the next generation of iPhones. Noobies post, "Yeah, but the iPhone 6 really is uncrackable." Here we go again... Sigh...

    6. Steve Davies 3 Silver badge

      Re: And now this is the worst

      so in your view, every iPhone is hackable?

      This was an iPhone 5c and running iOS 8.

      Both of these are significatly behind the times when it comes to current Apple Hardware and Software.

      To your statement should read

      iPhone 5C's running IOS8 can be hacked.

      We wait for someone to do the same hack on IOS9 running on an 6S.

      Then every apple user would have something to worry about.

      1. Anonymous Coward
        Anonymous Coward

        Every device being hackable

        The holy grail of cryptography is not that you can't access the encrypted data, but that you don't know if you have.

        Crypto, typically, makes semirandom changes to the data until it looks like what it's supposed to. It is also possible that making the wrong kind of semirandom changes to the encrypted data will result in you seeing Goatse instead of a vulnerable person's private emails. If the eavesdropper doesn't know whether the vulnerable person is emailing Goatse then they cannot know whether there is anything to continue trying to decrypt.

        1. Danny 14 Silver badge

          Re: Every device being hackable

          It wasn't a 100% win as the FBI folded. There was a bit of legal mileage to run and if the FBI pushed to the top then it *might* have won, that would be bad for the future as precedent would have been set (even for the FBIs so called one-off, sure it wouldn't have other one-offs either....)

          At least apple didn't have to do anything this time but you can bet it wont be the last attempt.

        2. itzman

          Re: Every device being hackable

          Indeed. The best cryptography is so well hidden that it doesn't even look like there is encrypted data at all, and even if you know there is, its buried in noise.

          Given a big enough data set, and a small enough message, its possible to hide anything in it, or indeed several different things, some of which may be red herrings.

          1. Barely registers

            Re: Every device being hackable

            Hidden messages aren't cryptography - it's stenography, and is ultimately security by obscurity which ultimately isn't security at all.

            1. 's water music Silver badge

              Re: Every device being hackable

              stenography

              steganography although if a stenographer were handy enough with his ascii art he might be able to achieve it

            2. Cynic_999 Silver badge

              Re: Every device being hackable

              "Hidden messages aren't cryptography - it's stenography, and is ultimately security by obscurity which ultimately isn't security at all."

              Besides spelling "steganography" incorrectly, you are wrong. It is not security by obscurity, but rather security by disguise, which works very well indeed. The secret data is disguised as non-secret data. Besides which, digital steganography almost always encrypts the data using conventional algorithms (DES, AES etc.) before disguising it, so it cannot be worse than having a conventional encrypted file. There is no way of determining whether a noisy (hissy) WAV file contains hidden data in its low-order bits, because those bits will be essentially random on any noisy WAV file.

      2. JeffyPoooh Silver badge
        Pint

        Re: And now this is the worst

        SD3: "This was an iPhone 5c and running iOS 8. We wait for someone to do the same hack on iOS9 running on an 6S."

        That's pretty lame... 1st gen - cracked. 3G - cracked. 3GS - cracked. 4 - cracked. 4S - cracked. 5 - cracked. 5C - cracked. ... Are you seeing a trend?

        As for iOS, look at the list of vulnerabilities being fixed with iOS 9.3. About a dozen. You think that's the last such update? When people keep finding a dozen needles in the haystack every time they walk past, then you can bet that the haystack is laced with ten thousand more needles. Not even including the new ones that they're pouring in the top (new features, fresh vulnerabilities).

        Any rational analysis clearly hints that we're at least a decade or more away from anyone actually implementing an actually uncrackable device. It's naïvite and/or hubris to believe otherwise.

  6. Michael Thibault

    So far...

    >successfully accessed the data

    Pix or it didn't happen.

    Seriously, there could be a bit of dissembling going on: the FBI/DoJ axis, plausibly, has reason to halt the train, and they may well have accessed the data--but without being able to read it. A fine distinction, but if that's applicable, they're not lying to the court in their request to vacate the court order.

    1. John Brown (no body) Silver badge

      Re: So far...

      Not only that, they already had access to the iCould backups. So what sort of incriminating evidence or leads to others might be on the iPhone that wasn't in the iCloud backup? Is the call history or SMS data not part of the backup?

      1. Phil Kingston Silver badge

        Re: So far...

        The iCloud backups were disabled a couple of weeks before the murders. The feds got the iCloud password reset (so broke any chance of getting the phone to do a current backup).

        There could be anything in there - selfies, videos, nudes, shopping lists, unsynced Candy Crush progress.

  7. Anonymous Coward
    Anonymous Coward

    His iPhone was already cracked! Smashed and destroyed by him on the day.

    1. Phil Kingston Silver badge

      That was his other one

  8. djack

    Working on Newer Devices?

    I thought that the key difference between this device and newer ones is that in this case, the encryption key handling is done in software whereas the newer phones have a dedicated hardware module that (should) securely handle the authentication, perform the encryption and prevent access to the keys.

    Attacking a key handling system in the OS is far easier than one which is in hardware.

    1. JeffyPoooh Silver badge
      Pint

      Re: Working on Newer Devices?

      Hacking into hardware isn't impossible.

      Please browse the educational videos on CCC.de Media.

      Conclusion: If someone claims that 'X' is perfectly secure, they're either lying or stupid.

      1. Anonymous Coward
        Anonymous Coward

        Re: Working on Newer Devices?

        Please browse the educational videos on CCC.de Media.

        Seeing videos isn't the same as understanding what goes on in them, though.

        Conclusion: If someone claims that 'X' is perfectly secure, they're either lying or stupid.

        That's correct. And they could be both :).

        1. JeffyPoooh Silver badge
          Pint

          Re: Working on Newer Devices?

          AC "Seeing videos isn't the same as understanding what goes on in them, though."

          The CCC.de Media presentations are made for the purpose of communicating what's going on. They're highly intelligible, except the ones in German...

          The advice is directed to those interested, especially anyone that can't yet drag their thought processes away from the key-length; as someone up a bit has done again ("...GDP....Sun...").

  9. Barry Rueger Silver badge

    What you don't know won't hurt you

    My assumptions with anything like this are:

    a) someone, somewhere probably already has a way in. Usually government or other bad guys.

    b) the really talented bad guys do it well enough that you're unlikely to know they've arrived (only stupid crooks get caught)

    c) the moment that someone like Apple or the DOJ admit that there may be a way to break in, legions of bad guys are hard at work to open the door.

    1. DougS Silver badge

      Re: What you don't know won't hurt you

      If a method requires prolonged physical access, especially if it requires disassembly/destruction of the phone, I'm not too worried about it since it can't be done without me finding out about it.

      1. NotBob
        Big Brother

        Re: What you don't know won't hurt you

        If we need prolonged physical access, that is likely to be the least of your problems. We might even set you up with a room in one of our quiet "resorts." We can work on you and your phone and see which cracks first.

        1. DougS Silver badge

          Re: What you don't know won't hurt you

          They wouldn't have to work on me, just threaten to work on me and I'll give up the password. I don't have any criminal activity to hide, I just think it is none of the government's damn business what is on my phone and I have the right to have a phone that is impossible for them to crack or as close as possible as I can get to that.

          But I'm not willing to endure torture just for the sake of that belief. I'm principled, not stupid. But again, if they did that it isn't like they could do it without my knowledge and I'd (eventually, when I was safe again, which would involve relocation to a new address that didn't include 'USA') make it known far and wide what happened to me.

          1. Anonymous Coward
            Anonymous Coward

            Re: What you don't know won't hurt you

            They wouldn't have to work on me, just threaten to work on me and I'll give up the password. I don't have any criminal activity to hide, I just think it is none of the government's damn business what is on my phone and I have the right to have a phone that is impossible for them to crack or as close as possible as I can get to that.

            I would have no problem with giving them access when they show me legal cause. A signed warrant from a judge will do. That is the process, and as a normal citizen I see no reason not to collaborate with a properly executed search insofar that I will not stand in the way when formally ordered to provide access. However, there is also nothing in law that compels me to help them find anything and if they screw up, that's not my fault.

  10. Marketing Hack Silver badge
    Megaphone

    Found on the terrorist's iPhone!!

    You saw it on el Reg first!!!

    https://www.youtube.com/watch?v=cbP2N1BQdYc

    1. Anonymous Coward
      Anonymous Coward

      Re: Found on the terrorist's iPhone!!

      Ba*d!

      I clicked it, and it was not funny, not really

      1. Anonymous Coward
        Anonymous Coward

        Re: Found on the terrorist's iPhone!!

        It was kinda funny.

    2. allthecoolshortnamesweretaken

      Re: Found on the terrorist's iPhone!!

      Cute! Also, once again, made me glad that I have a proper job.

  11. Rich 11 Silver badge

    Full story here!

    "The government has now successfully accessed the data stored on Farook's iPhone"

    And the complete, unredacted transcript of messages follows:

    "Hi Bob! About Martha's surprise party -- can we not schedule it for this Friday, please? The wife and I really feel we should attend mosque for a change, to keep her Dad happy, and we wouldn't want to miss Martha's do. How about Thursday?"

    "Joe's Pizza? Yeah, I wanna order a 12-inch Matador for this evening. Extra chillies."

    "Hey, sweetie. Whatcha doin' tonight? I got a real red hot delivery for you, honeybuns!"

    "Yeah, sorry about the delay, Bob. Car problems. I'll try to bring the album into work with me today. It'll blow your mind!"

    ----

    FBI Press Release

    Federal agents today confirmed that, based upon his work iPhone texts, Farook was an Islamic extremist who ordered his wife to pick up an explosive device from a secret rendezevous. Coded messages suggest that only a mechanical failure of the family car stopped a bomb from being driven into the centre of the city, threatening the lives of hundreds of innocent American women and children. Instead, the two terrorists were forced to enact Plan B.

    Their co-conspirators are being hunted down. God save America!

    ----

    1. a_yank_lurker Silver badge

      Re: Full story here!

      Only the ferals would believe these are coded messages.

    2. This post has been deleted by its author

  12. Privatelyjeff

    Admin password

    What I don't get is why there is no way on the iPhones for an administrator type password that can be set on these type of phones, that way the owner (if separate from the user) can configure or unlock it separate from the user.

    1. oldenoughtoknowbetter

      Re: Admin password

      I hope you're being sarcastic.

      Of course there is.

      If the employer had deployed an MDM solution this would have never come up.

      1. Phil Koenig

        Re: Admin password

        They did have an MDM solution at that San Bernardino agency, but apparently it was in "test mode" on Farook's phone and not fully enabled yet. Oops.

      2. Phil Kingston Silver badge

        Re: Admin password

        ... and the best bit is that the employer was a government body.

    2. Old Handle

      Re: Admin password

      I believe there actually is a feature for something like that, and given the phone belonged to Syed's employer (local government no less) they could easily have been using it. Unfortunately, they simply hadn't bothered to set it up.

      1. gnasher729 Silver badge

        Re: Admin password

        If an MDM solution had been used, there would have been no problem reading what's on the iPhone. On the other hand, we could guarantee that there would be nothing of interest on the phone.

  13. Likkie

    LOL

    So does this mean John McAfee come through in the end?

    1. Phil Koenig

      Re: LOL

      McAfee's credibility is several levels below the FBI's, at this point.

      1. Anonymous Coward
        Anonymous Coward

        Re: LOL

        McAfee's credibility is several levels below the FBI's, at this point.

        Interesting - it can have negative numbers?

        1. moiety

          Re: LOL

          I'd trust John McAfee way more than an FBI spokesman. Fortunately, trust in neither is required at this point.

    2. allthecoolshortnamesweretaken

      Re: LOL

      Yep. He just stared at it for a few minutes an uglied the data right out of the phone!

    3. hplasm Silver badge
      Happy

      Re: LOL

      He disguised himself as an iPhone and made friends with the TerrPhone.

  14. G.Y.

    that classified access method

    classified information-recovery method:

    (1) pull finger out

    (2) switch brain on

    (3) run away from failed lawsuit

  15. Likkie

    Too bad...

    Its a shame that this didn't play until the end. Apple is one of the few companies with the will and depth of pocket to fight this to a result.

    The best outcome for all of us would have been a ruling on the matter one way or the other. Then, by setting a precedent, we would have clarity for the future.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too bad...

      Its a shame that this didn't play until the end. Apple is one of the few companies with the will and depth of pocket to fight this to a result.

      The best outcome for all of us would have been a ruling on the matter one way or the other. Then, by setting a precedent, we would have clarity for the future.

      The problem is that a precedent either way would have been bad. This is why I expect the Microsoft vs DOJ case regarding the data of an Irish user also to halt on a technicality or on a statement that the DoJ managed to find the user logon details. That too will never make it to a defined result - nobody can afford a decision either way.

  16. JB77

    Wait for it...

    As I write this message, Apple is testing newer and more complex versions of its encryption systems. Live it up while it lasts, FBI. Be happy knowing all you have done is to push Apple ( and the rest of the tech community) to develop and employ stronger encryption.

    For that, I say: "Thank you FBI !"

    JB

    1. Aitor 1

      Re: Wait for it...

      They probably have their private keys, and can just update the firmware-

      So they don't NEED apple, but would like not to go the big effort it is to get the keys in the first place: it is expensive, and keys change, also, there are many companies.

      So they just wanted to have the precedence.

      1. DougS Silver badge

        "they probably have their private keys"

        And this is based on what evidence, exactly? Oh, just another person making baseless claims.

        1. Francis Vaughan

          Re: "they probably have their private keys"

          Zero chance the FBI or anyone else has the signing keys. That simply isn't way a proper signing system works. Nobody has access to the keys. Not even anyone within Apple. The idea that there is a safe somewhere with the keys written on a piece of paper is naive. The keys will live in a set of dedicated secure key devices - devices that erase their contents if tampered with, and the signing operation will be a matter of submitting the code to signed to the secure key system. It gives you the signature back. The key is untouched by human hand. Even if the supreme court ordered Apple to hand the key over there is no technical mechanism to do so. All that can every be done is to continue to sign things using the system. The key devices are maybe subject to sophisticated technical attack - so if they were all shipped to the NSA, maybe, just maybe, after a few years of effort the keys might be recovered. But the common ideas of bribery, disgruntled employees or espionage finding the keys is fanciful.

    2. JeffyPoooh Silver badge
      Pint

      Re: Wait for it...

      JB77 "...develop and employ stronger encryption."

      They didn't 'brute force' anything. They went AROUND the encryption.

      Building a taller wall makes no difference when there are other ways in.

      Next time maybe it'll take eight weeks, instead of five weeks.

      This should be a lesson to all, but apparently some are catching on...

  17. willi0000000
    Coat

    scenarios and paranoia

    you want a scenario with lots of paranoia built-in?

    this whole kerfuffle has been all lies from the beginning . . . Apple paid the FBI to initiate the request, and the judge to approve it, so they could be heroes to the public for fighting it and to get everybody to buy the latest phone that can't be cracked.

    +1 to the marketing team!

  18. a_yank_lurker Silver badge

    And the loser is...

    The ferals made a complete hash of this. They failed to get the precedent they wanted and they look like liars to anyone smarter than a rock.Also, they may have shown their technical capabilities which most suspected might be true but is now apparently confirmed.

    Apple wins because they stared down the (In)Justice Department forced the ferals to show their hand. Next time the ferals try a lawsuit, this will get through back into their faces.

  19. Old Handle
    Terminator

    I just hope they're careful not to let the dormant cyber pathogen out.

  20. x 7

    so......does iOS 9.3 have improved encryption?

    Given the problems with it, I wouldn't be surprised if its a quick and dirty rush job released to try and plug the apparent back door the third party has used............

    the timing just seems too close to the news to be coincidental

    1. DougS Silver badge

      If they used a hardware attack on the phone, it can't be patched, but it is unlikely to be possible against a newer model with the secure enclave.

      They had iOS 9.3 in beta since before the FBI filed the case, and the third party only got hold of it last week, so the timing doesn't work at all. They have already said they were working on tightening some things before the FBI case, and are probably going to go even further now, but it will take a while to roll them out. We will probably see some significant changes in iOS 10 this September, and iOS 11 the following year.

      All the FBI has done is incent Apple to tighten things down even further, since they now know they must be prepared to defend against themselves should the FBI bring and win similar court case in the future. By the time that happens, I'll bet Apple has made it so it is impossible for them to help even if they could deliver a new OS onto the phone (which by then they won't be able to if it is already locked)

    2. allthecoolshortnamesweretaken

      A bricked device is a safe device!

  21. Herby Silver badge

    But at what cost...

    The solution "requested" by the FBI was one of "low cost" (i.e. forcing Apple to do the work free of charge). The (assumed) solution appears to come at a much higher cost (sending it off to third parties unknown) which takes time and effort. Just about anyone can pop the device open and poke around the chips on the substrate, remove them and clone them for the purposes of finding out the information necessary. The problem is that this method takes somewhat specialized equipment and a bit of skill, neither of which (I assume, but I could be wrong!) a normal human has the ability. If the FBI sent the device off to a third party, they don't have the ability either, and must rely upon said third party's skill and willingness to do the nasty deed.

    We can only hope that this third party (NSA??) won't do this on a regular basis, and will understand that here in the USA we have a 4th amendment that attempts to protect us somewhat. As for other governments, all I can say is "good luck" and leave it at that. Sorry.

    1. Anonymous Coward
      Anonymous Coward

      Re: But at what cost...

      The solution "requested" by the FBI was one of "low cost" (i.e. forcing Apple to do the work free of charge)

      Maybe learn to read first? The filing did acknowledge they'd have to pay for the effort.

  22. JeffyPoooh Silver badge
    Pint

    Where are all the Noobies now?

    Where are all the Noobs that thought that this would take 10^77 years?

    LOL

    1. JeffyPoooh Silver badge
      Pint

      Re: Where are all the Noobies now?

      Three Noobs have confessed so far. There's gotta be more than that.

      1. John H Woods

        Re: Where are all the Noobies now?

        Depends if you're counting me :-) you did have a go at me for presenting the maths implied by the key length -- my defence was that I was only responding to people who suggested AES256 could be brute-forced. Neither of us think this has been cracked (if it has) by brute forcing a 256bit key, do we?

        1. JeffyPoooh Silver badge
          Pint

          Re: Where are all the Noobies now?

          @John H Woods

          I once wrote "It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far."

          You responded (quoting me) in a manner that indicated your faith in the security, "So far AES256 has resisted attacks fairly well." In the context, it appears that you had faith in the purported security of the device.

          I was confident that the iPhone in question could be and would be cracked.

          Many posted points that indicated that they believed it was quite secure.

          As it turns out, I was right. Others were wrong.

          Me being right is hardly worth noting. That others can be so oblivious to the endlessly repeating cycles of history (security claims, later being shown false) is the issue.

          As a species, we're losing the ability to invoke healthy skepticism. Perhaps we really are descended from telephone sanitizers and hairdressers (ref. D. Adams).

          Cheers.

  23. aregross

    I see Apple suing over this.

    1. JeffyPoooh Silver badge
      Pint

      "I see Apple suing over this."

      Who? Their staff, their designers?

      Crypto designers carry too much hubris. The hubris seems to survive even lessons like this one.

      Eventually there will exist an ACTUALLY uncrackable device. I expect we're still decades away from that point. Perhaps if the crypto designers were to adjust their confidence/competence ratio below unity, they might learn faster and cut the horizon to only 10-15 years.

      1. John H Woods

        "Eventually there will exist an ACTUALLY uncrackable device" --- JeffyPooh

        I think there are some quantum principles which could feasibly be exploited to yield a device that you couldn't crack even with prolonged unfettered physical access, so I think you're right. Not sure it will ever be possible with non-quantum methods.

        1. JeffyPoooh Silver badge
          Pint

          ...quantum principles...

          Last I read, it's not even crystal clear to everyone's satisfaction that the D-wave computers are actually working as they should. Some say yes, others have doubts.

          But yes, you're right. Eventually there will be what you're describing. Decades away of course.

          I'd expect that eventually, 'only' a decade or so, they'll implement a conventional device where every vulnerability and every side channel is covered. There might be some remaining subtle flaws, but nobody can find them. Effectively perfect. We're orders of magnitude away from that, at the present time. So it's at least 10-15 years away.

      2. Cynic_999 Silver badge

        "

        Eventually there will exist an ACTUALLY uncrackable device

        "

        There is no need for such a device, only for a device that cannot be cracked within a particular time period. In almost all cases data loses its value within 60 years at most, after which all the people involved are either dead or senile, and any plans have either been carried out or discarded.

        1. JeffyPoooh Silver badge
          Pint

          Cynic_999 "...60 years...."

          You're falling into the same mental trap. 60 years is a time scale that indicates that you're thinking about keys, key length, brute forcing, etc.

          The actual time scale is as follows: from introduction, weeks or months until someone is interested or motivated; then just days or weeks until they find the weakness or attack; then minutes or hours to crack their way into any device in their possession.

  24. Mark 85 Silver badge

    We live in interesting times...

    I don't believe for a moment that the games are over. Did the FBI actually get what they wanted or is this a face saving smokescreen. Since they could have got what they needed from using another source, they want the precedence. The next move is Apple's and their customers' responses.

    1. allthecoolshortnamesweretaken

      Re: We live in interesting times...

      I call face saving smokescreen / tactical retreat. It ain't over 'till the fat lady sings.

    2. Doctor Syntax Silver badge

      Re: We live in interesting times...

      "Did the FBI actually get what they wanted or is this a face saving smokescreen."

      Let's see what happens to all those other phones that are supposed to be in the queue. That might drop us a hint.

      Another factor about this one - even if there was information in here it wouldn't be likely to end up as evidence in court so they can keep quiet about what, if anything, they did. If there is a technique that works and that actually produces evidence in the other cases they'll have to tell something about it in court.

      As I said, let's see.

  25. DougS Silver badge

    I wonder if the FBI will claim they found something of value on the phone?

    Odds they will claim they found something? 99.8%

    Odds they won't disclose it, claiming it is 'classified': 99.9%

    Odds there is actually nothing of value on the phone: 100%

    They went to the trouble to destroy both their personal phones and dispose of the hard drives from their computers. They would not have ignored this phone if it contained anything useful.

    1. John Sturdy

      Re: I wonder if the FBI will claim they found something of value on the phone?

      Whether they actually cracked it is irrelevant. We have no way of knowing what, if anything, is behind the announcement (unless someone decides to be Snowden 2.0).

  26. jrwc

    Tim Cook is looking like a cracked egghead because Apple phones are not secure. If FBI (Fumbling Bureau Of Incompetence) can crack the scrambled IPhone, overly-used "Boffins" will put Apple in the coffin.

    1. This post has been deleted by its author

  27. Anonymous Coward
    Anonymous Coward

    Apple should put up a "bounty" and the promise of a job. This will bring out a greedy individual or two from the hackers team.

    1. DougS Silver badge

      Or they could pose as the official of some government, say they have a phone they need cracked, and if successful they require some basic information on how it was done to present in court. I'm sure that company would be happy to comply for their standard fee, and the explanation would help Apple close up the hole.

      Though if it is as people as suggesting, that they used some expensive lab equipment to make connections to the NAND chip pins to copy the data in them and rewrite it to allow brute forcing the 10000 possible 4 digit PINs it isn't something Apple needs to care about because:

      1) that attack wouldn't work against a newer phone with the secure enclave

      2) this case demonstrated that if you want to keep your iPhone secure from the FBI, don't use a 4 digit passcode, use an actual password

  28. I code for the bacon

    FBI called Chuck Norris

    ... and the Iphone unlocked itself. :)

  29. gnufrontier

    Ignore the man behind the curtain, ignore the curtain.

    There is no security issue here for the masses. No one cares about the crap on your phone and if you lose it the chances are slim to none that the person who finds it has the expertise and equipment to break into it and see your playlist and pictures of your dog.

    Of course if you are using your phone as a debit card that's another story but still the odds are that whoever finds it won't be able to do anything with it.

    If you are concerned about security, you should worry less about Apple's OS and more about the apps you download and the websites you visit. Of course you may also be a real dummy and open up all kinds of phishing emails and click away in which case you deserve everything you get. You are too stupid to own a smart phone.

    You don't need to lose your wallet or have the mailbox outside your house rifled through in order to have identity theft. No one cares about that, the name of the game as in everything else is volume. Hackers go after oceans of data, not your puddle.

    People would do well not to worry to much about all this for a simple reason, you are insignificant and nobody really cares about you at all. Turn off the news and go fishing, golfing or whatever.

    As for the government, believe me, if they want to know anything about you they will find it out whether they have a backdoor or not but I would bet money that no readers of the Register are even the smallest of blips on government radar. If you are on their radar you probably put yourself there in which case it's time to come up with plan B.

    Large scale societies already give one the best possible defense: anonymity.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ignore the man behind the curtain, ignore the curtain.

      We've already dealt with the "you've got nothing to hide, therefore you've got nothing to fear" argument here; and your post just seems to be a verbose rephrasing of that argument.

      I personally think that even the IDEA of the government tracking EVERYTHING innocent people do has a chilling effect that is hard to reconcile with a functioning democracy. And there's a personal aspect too --- I'm not happy with the idea some underpaid doughnut-dwelling douchebag is wanking over my daughter's sexts with her boyfriend, even if they don't ever stalk, blackmail or affect her life in the future.

  30. hypernovasoftware

    Somebody remembered the passcode that the FBI changed.

    Nothing to see here.

  31. garden-snail
    Go

    Passcode

    Turns out the passcode was 0000.

    1. TeeCee Gold badge
      Coat

      Re: Passcode

      Okay, hands up all those who have that on their luggage......

      1. Nigel 11

        Re: Luggage telltale

        I just use a cable tie. Serves the same purpose - if someone has rummaged in my luggage I'll probably know. (Depending on whether they replace it with one the same colour with the same little scratch on it).

        1. Cynic_999 Silver badge

          Re: Luggage telltale

          "

          I just use a cable tie. Serves the same purpose

          "

          Except that after your side-cutters have been confiscated at security, you have no way to open your own luggage ...

          1. Doctor Syntax Silver badge

            Re: Luggage telltale

            "Except that after your side-cutters have been confiscated at security, you have no way to open your own luggage"

            Don't they have shops that sell side cutters in the US?

  32. Jay 11

    So what happens...

    when the FBI say they found important evidence and use this as an example of why law makers should legislate on businesses selling encrypted equipment?

    I suspect this was going to be a win either way for the FBI.

    1. Doctor Syntax Silver badge

      Re: So what happens...

      "when the FBI say they found important evidence"

      And prove it.

  33. Anonymous Coward
    Anonymous Coward

    FBI

    Fan

    Boys

    Irate

    1. WolfFan Silver badge

      Re: FBI

      No.

      Fucking Bunch of Idiots.

  34. Martin Summers Silver badge

    "Security researchers believe that the data could have been accessed with either hardware or software techniques"

    As opposed to what, telepathy? I thought that was only in the higher end iphone.

    1. Cynic_999 Silver badge

      They could have held a séance and obtained the passcode from the owner?

  35. Anonymous Coward
    Anonymous Coward

    Shape shifters

    No wonder this was a high profile case the pair managed to appear like three tall white guys during the shooting, that must take some secret stuff, especially for the wife.

  36. Duffaboy
    Joke

    I wonder if the Password to the phone was

    Password

  37. JJKing Silver badge

    Did they really crack it?

    Did they really crack it or are the fibbies fibbing? Unless there is definitive proof, I call bullshit on this one.

    1. allthecoolshortnamesweretaken

      Re: Did they really crack it?

      If I've read it correctly, the FBI announced that they were able to extract the data. That is open to interpretation.

  38. Nifty

    Fingerprints

    I'm assuming the feds may have obtained the miscreants fingerprints at some point, perhaps during immigration? It is possible to recreate an inverse finger print to fool an iPhone with - it was done, albeit expensively, with one lifted from a glass once. This theory would apply to the 5s. And lower models were crackable by brute force password submissions I believe.

    1. TeeCee Gold badge
      Alert

      Re: Fingerprints

      Could be simpler than you think.

      I remember the Mythbusters doing that. They acquired a cheap USB fingerprint reader to test with and after several failures, ended up building a fake finger to get it to play ball. Once they had that sorted, they moved on to the real challenge, a multi-thousand dollar fingerprint activated biometric lock system.

      That one opened first try with their fake finger...... and also when given a piece of sellotape with a fingerprint on it.......(!!)

      1. Nigel 11

        Re: Fingerprints

        Which is one reason why I don't trust biometrics. The other being that if it needs my real finger, there are plenty of bad guys who will detach my finger from the rest of me.

    2. Doctor Syntax Silver badge

      Re: Fingerprints

      "I'm assuming the feds may have obtained the miscreants fingerprints at some point, perhaps during immigration?"

      What's this with immigration? They had the bodies - fingerprints, toeprints, arseprints, anything they wanted. I think we can assume that that wasn't enough.

  39. chivo243 Silver badge
    Trollface

    Laughing Gear Prepped and Ready to Go!

    When the FBI finds nothing of ANY use on the iThingy.

    Now is when adding two icons to you post would be good.... Troll and FacePalm

  40. All names Taken
    Facepalm

    Hmm?

    “DOJ says method used to break into San Bernardino shooter's iPhone only works on this particular phone.”

    I wonder if that is double-speak, legalese, ... for:

    We got his password?

    1. AIBailey
      Black Helicopters

      Re: Hmm?

      Convenient, isn't it.

      At least when they claim that it's specific to that phone, they can jump on the merry go round again next time they want a different phone unlocking, perhaps trying their luck against Google instead. Do it enough times, and once they've got that precious precedent in court, the world is their lobster.

  41. J J Carter Silver badge
    Alien

    Very simple explanation!

    Now the aliens held illegally in Area 51 have helped crack the iPhone, I call on the US to let them return to their home planet with our good wishes.

  42. OliverJ

    Right to refuse to testify for brain extensions ?

    I wonder if it's not time to rethink the whole matter in a radical way. I perfectly understand the reasoning behind the request of the FBI to gain access to this - and other - encrypted data. To solve criminal cases, or prevent terrorist acts, it is often necessary to invade the privacy of suspects.

    But given that electronic devices, and especially smart phones, are now an integral part of not only our daily lives, but also of how and what we think, I wonder if we should not extent the right to refuse to testify to such devices. A smartphone is so much more than a simple phone. Or a letter. Or a set of files in a register. Or a conversation behind closed doors.

    It always knows where we are, and why, and with whom. It begins to know more and more about what we think. What we are going to do in the near future. What interests we have. How healthy we live. In short - they start to become an extension of our own biological brain. But they are still treated under laws which date from the "pre-silicone" age.

    Getting access to a smart phone is not the same as getting access to phone records. Or even reading private letters, or a diary. It is a direct uplink to your brain, and this interface will become more and more all-inclusive. It is not far fetched to speculate that in ten or twenty years the ability to "snoop" on your smart device will be comparable to having your brain bugged.

  43. Anonymous Coward
    Thumb Up

    My theory

    My theory is that the FBI asked Cortana to ask Siri. Siri trusted Cortana because who wouldn't implicitly trust a Microsoft creation?

  44. Potemkine Silver badge

    Bad news for Apple

    in the meaning that it's now official, FBI-labeled that their products can be hacked.

    For the standard fanboy who believes that everything made by Apple is necessarily secure and inviolable and that life is all rainbows and lollipops, this may a shock....

  45. Archie Woodnuts

    It's almost as though

    They knew they could do this anyway but thought it might be nice to try and expand their reach even further with some legal jiggery-pokery.

  46. Anonymous Coward
    Anonymous Coward

    Has the phone really been cracked?

    All we have is a statement from the FBI that they have accessed the data with no evidence to back it up and a request to withdraw the court case.

  47. Anonymous Coward
    Anonymous Coward

    Only Apple can help us...

    So for the DoJ bods who initially swore up and down that "Only Apple can help us unlock this", as they were in court at the time (or at least filing court documents), does that mean they perjured themselves?

    1. John G Imrie Silver badge

      Re: Only Apple can help us...

      I hope so, but at the time they could have believed this. You can only perjurer your self if you lie. And to lie you have to know that what you are saying is false.

  48. Jason Bloomberg Silver badge
    Childcatcher

    Missing the big picture

    The bottom line is the FBI are now in a position to assert that Apple's unwillingness to help law enforcement endangered America and Americans.

    It doesn't matter that it isn't proven or may even be outright bullshit; it is what will be said and what many will choose to believe. It reinforces the view that "encryption is the terrorist's friend", those providing encryption are aiding terrorists, endangering people's security and safety.

    With "the safety and security of our citizens" as the number one priority, it will ultimately be a win for the FBI.

    1. Adrian 4 Silver badge

      Re: Missing the big picture

      Not really, since they claim to have extracted the data. So Apple didn't stop them doing that, and so Apple's attitude can't possibly have endangered any americans on un-americans.

    2. Doctor Syntax Silver badge

      Re: Missing the big picture

      "The bottom line is the FBI are now in a position to assert that Apple's unwillingness to help law enforcement endangered America and Americans."

      They can & maybe will assert it. You can assert anything you want. Proving it is tricky. To prove it they'd have to arrest some previously unknown co-conspirator and introduce evidence from the phone, together with an account of how that evidence was obtained.

      But you're right, they can assert it. That's easy.

  49. Swiss Anton

    Who was that masked man (or woman)?

    So an unnamed 3rd party unlocked the phone, could this have been Apple? Apple have the know how, and unlocking the phone gets the Feds off their back. Apple don't have to risk loosing a court case and the precedent that would create. In addition, they can announce a fix for the security hole, and this will delight their fan girls & boys. But then again, maybe I'm just too cynical.

  50. Conundrum1885

    Re. Very simple explanation!

    The Reptilian Alliance sssstrongly criticissse the ussse of captured Greysss to crack the codesss and demand that they be returned to their home planet, known as Kepler 452b or Dendera forthwith along with sssuitable compensssation for their imprisssonment without due process since July 1947.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019