back to article FBI Director defends iPhone 5C unlock tool that's obviously going to leak into wrong hands

FBI Director James Comey says the tool his agents bought and used to unlock the San Bernardino killer's iPhone will only work on a "narrow slice" of phones. On Wednesday, Comey gave a lecture at Ohio's Kenyon College's Center for the Study of American Democracy in which he said the exploit only works on iOS 9 iPhone 5Cs. Apple …

  1. All names Taken
    FAIL

    Leakage?

    If the tool leaks either into the open or into the wild will the aforesaid mentioned organisation accept full and absolute responsibility and for any damages incurred or ensued?

    1. Mark 85 Silver badge

      Re: Leakage?

      Uh... have you ever heard of any agency in the Federal Government taking responsibility for damages? Even if they wanted to, there's a law that says the Government has the right to decline to be sued. So... not gonna' happen in our lifetime.

    2. Harry the Bastard

      Re: Leakage?

      q: will apple "accept full and absolute responsibility and for any damages incurred or ensued?" for shipping insecure product?

      a: no

  2. DougS Silver badge

    Who cares if it leaks?

    It is unlikely to the extreme that it is using a remote exploit, so it isn't like I have to worry about someone getting into my phone unless they steal mine. I think it is very likely they are copying the NAND contents, resetting the retry counter, and copying the NAND back onto the phone to try another half dozen PINs.

    Those who claim they can copy it onto multiple phones are wrong, the NAND is encrypted with a key generated from the unique device key of the iPhone, other iPhones have different device keys and wouldn't decrypt even with the correct unlock code. If it is using NAND mirroring then:

    1) it would only work on pre-5S models, since the lock counter is stored in the secure enclave on newer models

    2) it would require rather expensive equipment - and physical possession and disassembly of the phone

    3) it would be rather slow, since you could only try about a half dozen PINs between NAND copies

    4) it would only work on phones where a 4 digit PIN is being used, not on phones where an alphanumeric password is being used

    1. Adam 1 Silver badge

      Re: Who cares if it leaks?

      I guess you are lucky enough to live in a free country. Yes a lot of those good points mitigate many threat models, but a big part of this is a march towards government intrusion (even in free countries) and intrusion above and beyond the level warranted by the alleged crimes of people.

      It isn't going to leak so much to Eastern European mobs but firstly to other agencies. In the now famous iPhone debacle, there was a second request for the same assistance in NY for cracking some alleged drug lord's iPhone. Fair call, he sounds like a Bad Guy™. But sooner or later it becomes routine in all investigations. Next thing you know, a fishing expedition is launched whenever someone forgets to return a DVD.

      Assuming that our friendly TLAs hadn't already cracked it and were just trying to set a legal precedent (that is a pretty big assumption there), if you can control the parts that retrieve and act upon the device key (ie not containing secure enclave) it is possible to pull the device key. Once you have that, brute force of any short password or PIN can be done for a few bucks of Amazon time.

      1. DougS Silver badge

        Re: Who cares if it leaks?

        If it is the NAND mirroring thing then you have to disassemble the phone and connect it to some rather expensive hardware. It won't be something a typical police department can afford, nor will they be sending phones to the FBI (or your local equivalent) for this lengthy process for a simple fishing expedition.

        Use a password rather than a PIN and you are completely protected from the NAND mirroring attack. It isn't certain they are using that, but it seems more and more likely, given the information that has been publicly released.

      2. tom dial Silver badge

        Re: Who cares if it leaks?

        The "second request" mentioned appears likely, in fact, to be an earlier one, where the judge suggested Apple oppose it and sent them back a couple of times to get them to revise their brief so he could deny the order, which he did. That one was in various states of play from October, 2015 on.

        All these cases (by now several hundred) have to do with executing legally obtained search warrant for a phone the police have in their possession.

    2. DropBear Silver badge

      Re: Who cares if it leaks?

      " it would be rather slow, since you could only try about a half dozen PINs between NAND copies"

      Arguably so, although the sensible approach would be not to keep re-flashing the NAND but to connect a piece of hardware emulating it that reverts instantly to the original image. Still need to keep rebooting the phone though, so a really professional attack device might also have the DRAM de-soldered and emulate that too - and just keep going...

      1. DougS Silver badge

        Re: Who cares if it leaks?

        That won't work, because each iPhone has a unique ID that's part of the SoC. Trying to extract that would require removing the A5 SoC used in the 5c, decapping it and using an electron microscope to determine the unique ID (assuming you know where to look the die, which may require Apple's help)

        The passwords can only be tried on the original phone, they can't copy the data elsewhere to an emulator unless they can get at that unique ID.

        Maybe that's what the Israeli firm did, but if so that raises the cost an order of magnitude due to the extremely expensive equipment required, though at least it would be quick. But still, only useful for phones using a PIN, if you use a password you'd be fine so long as it isn't susceptible to a dictionary attack (so don't use "password"!)

  3. goldcd

    Leaks?

    AFAIK, the 'exploit' was already out there, and the FBI just paid somebody to use it.

  4. J J Carter Silver badge
    Trollface

    Who you gonna call?

    Well done PLA Unit 61398

  5. chris 17 Bronze badge

    Just who are the fbi trying to protect?

    They wanted to force apple to produce an exploit they claimed would only be valid on 1 iPhone 5c, but now they have an exploit that can affect all iPhone 5c and prior phones they don't want to share with Apple so they rectify the bug enabling the exploit. They are intentionally endangering the American publics right to privacy by not releasing details to the manufacturer that is willing to produce software to fix this exploit. They are not protecting or serving in this case.

    1. cyrus

      Re:

      That's okay. It is no longer their mandate to protect or serve the citizens of this great country. The new mandate is to protect those in power at all costs.

      Go back to sleep, little one. They're taking care of these problems for you. When you wake up, there will be nothing to fear.

    2. Phil Kingston Silver badge

      "They are intentionally endangering the American publics right to privacy"

      And there's the nub - do Americans actually have that right? They assume they do.

      1. tom dial Silver badge

        Americans do indeed have a right of privacy from undue police inquiry. That right can be modified by issue of a search warrant, however, as was done in the cases for which they obtained orders for Apple to assist them. The search warrant specifies the modifications in terms of what can be searched and what, if found, can be used in a prosecution.

        1. dan-o

          Privacy rights notwithstanding PRISM https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 effectively means electronic privacy is a dead concept, and the list of tech companies including Apple who participate in that are indeed a bunch of disingenuous liars, and not just when they pimp their products.

    3. se99paj

      Different perspective

      I have a slightly different perspective.

      The FBI asked Apple to help exploit a single iPhone 5C, Apple would complete the exploit and provide the unlocked device to the FBI. How that device was unlocked would remain within Apple.

      Apple made a choice not to provide this exploit and therefore forced the FBI to look at alternative options, there is no reason for these options to be bound to a single device. The single device was only a requirement of the Apple court order that the FBI submitted.

      Why would the FBI intentionally contact Apple, asking them to fix an exploit, that they wanted to leverage. Its like getting the keys to a safe and then asking the owner to change the lock. If Apple provided their support from the start then they'd still have the keys and they would only be giving the FBI an unlocked safe.

    4. Michael Thibault

      >They are intentionally endangering the American publics [sic] right to privacy by not releasing details to the manufacturer that is willing to produce software to fix this exploit.

      Apple should ... take them to court?

  6. Anonymous Coward
    Anonymous Coward

    The drawback of lack of cooperation

    Law enforcements agencies won't tell you about the flaws they become aware of...

    1. Deltics

      Re: The drawback of lack of cooperation

      Quid quo pro, Tim (Cook).

  7. Colin Millar

    Oh the ironing

    Trust us - we're the guys who bugged MLK - reason for wiretap request - cos this is one uppity n****r

  8. Anonymous Coward
    Anonymous Coward

    The people we bought this from – I know a fair amount about them and I have a high degree of confidence that they are very good at protecting it and that their motivations align with ours.

    Wasn't there something about an Italian company that had its export licence revoked recently that had programs that did things like this? Could this be the reason, with the Italian government not wanting their phones being hijacked?

    1. Mark 85 Silver badge

      I'm not sure if the Hacking Team were doing tools for phones. There's that Israeli company that offered to break it, though.

  9. Ilmarinen
    Coat

    Trust in me, only me ...

    "people should not worry about the FBI's actions, he said, since every agent receives training in the importance of due process and respecting individual privacy rights."

    So don't worry, everything's all right. Nothing to see, move along little people.

    (I'll only be a few seconds - just checking your coat to make sure your phone is safe from terrorists)

    1. a_yank_lurker Silver badge

      Re: Trust in me, only me ...

      Reminds of Reagan's comment about the most scary phrase in the English language: "I'm from the government and here to help." The ferals have shown themselves to more interested in protecting their power and prestige than in such mundane ideas such as justice, privacy, and freedom. This whole episode reeks of a feral power grab.

      As far as protecting the "secret", the ferals not very good at that either with OPM hack, numerous moles, Foggy Bottom's total indifference to protecting secrets for starters.

  10. ashdav
    Black Helicopters

    The source of this....

    My money is on Apple for the source of this. But they can't be seen to be giving away access to their phones so "a third party did it"

    It won't go into the wild as it was passed directly.

    Call me a cynic but........

  11. Rory B Bellows
    Black Helicopters

    Hacking Team

    Not the best at protecting things, but certainly aligned with rogue governments...

  12. x 7
    Happy

    "every agent receives training in the importance of due process and respecting individual privacy rights"

  13. Palpy

    "The FBI is very good at keeping secrets" --

    -- says James Comey.

    Oh, I haven't laughed so much since Pryor was doing stand-up.

    leak

    leak

    leak

    Those are only the tip of the leak-berg.

  14. Stevie Silver badge

    Bah!

    "Comey also questioned whether people were not being a little too emotional about the whole issue, commenting that we all leave so much "digital dust" about ourselves on social media sites that there was very little need for the FBI to get involved in extreme device hacking scenarios."

    Then what the fuck was all the FBI-generated fuss about in the first place, you disingenuous bastard?

    1. BenR

      Re: Bah!

      "very little need" =/= "no need"

      But I see your point.

  15. Anonymous Coward
    Anonymous Coward

    Trust me, I'm from head office

    Just 1 phone or just 24 million.

    Let's not argue over semantics.

    Move on citizen, you are late.

    1. John Robson Silver badge

      Re: Trust me, I'm from head office

      Slartibartfast: Come. Come now or you will be late.

      Arthur: Late? What for?

      Slartibartfast: What is your name, human?

      Arthur: Dent. Arthur Dent.

      Slartibartfast: Late as in the late Dentarthurdent. It's a sort of threat, you see. I've never been terribly good at them myself but I'm told they can be terribly effective.

  16. RIBrsiq
    Facepalm

    FBI Director James Comey:

    "The people we bought this from [...] their motivations align with ours."

    1. Dan 55 Silver badge
      Trollface

      So it's Mossad then?

  17. noj

    FBI Director James Comey says...

    Whatever. It doesn't matter. Nobody believes you anymore.

    1. This post has been deleted by its author

  18. Esme

    The trouble is

    right here:

    "The people we bought this from – I know a fair amount about them and I have a high degree of confidence that they are very good at protecting it and that their motivations align with ours."

    - and I doubt anybody outside the USA (aside from, maybe, the denizens of GCHQ) trusts the FBI in a good way (I note that a criminal gang would fit the requirements of the statement quoted above). The various secruity agencies in the West need to get real and acknowledge that they've betrayed the trust that the populace they're supposed to protect had placed in them. They've turned themselves into exactly the kind of bad actor that we DON'T want around, and set themselves against the rest of us. This is not likely to end well.

  19. g e
    Facepalm

    That backdrop...

    "American Democracy" like it's something distinct from "Actual Democracy".

    Oh. I see now...

    1. Andrew Moore

      Re: That backdrop...

      America doesn't have a democracy. At best it has what can be called a "representative democracy". Due to the Electoral College it is possible for one candidate to receive the most votes and still lose which would not be possible in a true democracy.

  20. Anonymous Coward
    Anonymous Coward

    Hubris is not security

    @" I have a high degree of confidence that they are very good at protecting it and that their motivations align with ours."

    Really? If Apple cannot be allowed to secure its phone you think this company can secure this information? Even when its selling it around the world to companies it doesn't control?

    1) He assumes they're the only people who can discover this. It is likely in several companies hands.

    2) It is hearsay, one man's opinion about somebody else told to third parties.

    3) You have not met all their staff, and cannot therefore speak with authority, Mr FBI man, it would take only one leak from one of them.

    4) They are likely hacked and don't know it.

    5) It will also be rediscovered by many others independently.

    You FBI man need to go to Apple and TELL THEM OF THIS ZERO DAY EXPLOIT before the bad guys use it. Because hubris is not security.

  21. DanX

    I don't beleive them.

    I think the FBI are just saying they have opened up the iPhone to mess with apple. I'm unconvinced that there will be much of use on it anyway.

    May be I'm just very mistrustful?

    At least this way the FBI can't hand out the secrets to enemies of the state by mistake right?

  22. Anonymous Coward
    Anonymous Coward

    "The FBI is very good at keeping secrets,"

    Manhattan project

  23. Anonymous Coward
    Anonymous Coward

    "a letter from J Edgar Hoover requesting clearance to wiretap Martin Luther King – as a reminder"

    ...of what exactly?

    * that it is OK to wiretap any citizen just because they oppose the government?

    * that the president can authorise the FBI to do anything they like?

  24. cortland
    Big Brother

    Anything found possible

    Anything possible is going to be looked at somewhere. If it's also practical and affordable, it will appear everywhere.

    If I had the test equipment, and I were seeking to break into a device that wiped its memory after, say, 10 attempts, I'd buy a similar device and instrument all of the reset and I/O. I'd be looking for [pins] that only changed status or state on the 11th attempt – and then I'd pull it high or low or provide the normal signals to see if that was the controlling input. Not easy, and for most of not affordable, but certainly practical if you've got the money, the time, and the lab.

    That's probably not what the FBI or their helpers did, but it's the first thing that I would have thought of. Then again, I have a different way of thinking. Just ask anyone who knows me!

  25. Anonymous Coward
    Anonymous Coward

    Tool leaks to unlock a discontinued phone not on sale anymore.

    No one cared.

  26. BebopWeBop Silver badge

    Comey said that he has a glass-topped desk at the bureau and in it is a letter from J Edgar Hoover requesting clearance to wiretap Martin Luther King – as a reminder of how important privacy is.

    You really could not make this up. What next for the guy, Saturday Night Live?

  27. JayB
    Unhappy

    Communication

    "We are not living in a golden age of surveillance, he said, rather a golden age of communication".

    HAHAHAH, f**king cockwomble. Let me fix that for ya mate..

    "We are not living in a golden age of surveillance, you peons are, but me and my mates aren't.... rather a golden age of communication... whereby we talk to your electronics and it will be forced to talk to us, and we'll neither tell you, nor give a fuck whether you like it or not".

    I believe someone has already used the term "disingenuous bastard". I second the motion!

  28. paulsk

    Wont stop the iSheep

    people will still buy the products, in the eyes of an Apple lover they can do no wrong - Fisher Price phones are probably more secure

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019