Jump to content

Apple Vs. FBI


ShowHBK

Recommended Posts

The argument I am surprised the FBI is not making is one of chain of control over evidence. A backdoor exploit would allow them to create a clear chain of evidence where as receiving the data from a third party like apple muddies the chain a little and might require apple to testify as to the control of the evidence. They already have the ability to gain access to the data via warrant so I am really surprised this hasn't been brought up yet.

 

Your understanding of the technical issues involved is wanting.

 

I think it's amazing that given the budget of DOD/DOJ, the NSA/FBI/CIA/DHS can't manage to get into this phone themselves. It should be a testament to the ineptitude of those departments that they're trying to force a private company to compromise their integrity and the trust of their customers because they fucked up hard enough despite a budget that eclipses many nations (DOD: $500+bn, DOJ $27bn).

 

You can't fight math with money. Strong encryption with open standards that are heavily scrutinized isn't something that governments can just hack their way around in some back room somewhere. I know that's how it's been for a long time, but times are changing.

 

The county has also admitted that they CHANGED the PIN code at the request of the FBI, and apparently nobody bothered to write down the new one.

 

Not exactly. The phone was set to automatically back up to iCloud, and it's impossible to retrieve someone's iCloud password, but not impossible to reset it if you have access to the email address attaché to the account. Since it was a county phone and therefore a county email address, the county was able to reset his iCloud password and grant the FBI access to the data on the iCloud.

 

The phone will no longer automatically backup to iCloud because the saved password on the phone is now different, and the iCloud data is slightly stale. Apple pointed out that the FBI could have brought the phone to a known (remembered) wifi connection (say, at work) and it would have automatically backed up again IF they hadn't reset the password. Oops!

 

BUT! This is different from the PIN used to unlock the phone, and not everything on the phone gets backed up to iCloud, so the FBI is asking for the ability to brute force the PIN and get access to the phone without bricking it.

 

I think Apple has overstated the concerns here. They could, if they were so inclined, create a security-crippled version of iOS tied to this specific phone's hardware address, sign it with their private key, and there's essentially 0 risk right now that this version could leak out into the wild and actually cause harm. Furthermore, the only reason this is even possible is because it's a 5c; if it were a 5S, it'd have the secure enclave stuff and the FBI would be fucked. So other than Apple having to pay developers to do all this work for the government for free, there's really not much risk for the future.

 

That said, I think it's a bullshit request to begin with and the FBI should get bent.

Link to comment
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Your understanding of the technical issues involved is wanting.

 

 

but my understanding of evidence procedures is not. In a civil case a request for documents is sent and the other side turns over the documents and makes assurances that "that's all there is". No assets are seized.

 

In a criminal case usually the investigating agency seizes the asset and removes the evidence from it physically. Part of the investigator's testimony during trial is how he came into possession of the evidence by physically removing it from the asset. This establishes the chain of custody:

https://en.wikipedia.org/wiki/Chain_of_custody

 

If I am not mistaken the FBI is claiming that they need to be able to remove the data from the asset themselves and apple needs to facilitate this. This is consistent with the chain of custody. Hence why I am surprised this argument in defense of the FBI's actions have not come up - I mean other than being a boring argument that probably wouldn't create much public support.

Link to comment
Share on other sites

You can't fight math with money. Strong encryption with open standards that are heavily scrutinized isn't something that governments can just hack their way around in some back room somewhere. I know that's how it's been for a long time, but times are changing.

 

Math doesn't have a price, but people do. It's not above the intel services to bribe their way into the good graces of an engineer who DOES have the tools and/or knowhow. that's how the intel services of China, Russia, etc do it.

Link to comment
Share on other sites

I think what Apple is trying to say here is that all their customers are people, real people with personal data that is theirs and theirs alone. Apple has worked hard over the years to keep their customer's data safe by introducing great encryption measures and security features to keep data from falling into the wrong hands.

 

They can keep it in their hands. Again, all the FBI wants is the self destruct portion to be disabled on specific phones. No one is asking you or I to risk our data.

 

I almost feel like this falls under the same guidelines as "freedom of speech" in a sense that if I ever saw someone shouting racist remarks in public I would think that person is down right awful and has no place in modern society, but at the same time I would fight for the right of every person to say whatever the hell they want on public ground.
I would too, right up until someone yells fire in a theater or threatens another persons life. I would also protect my home from being treaded on without a warrant but if I'm suspected of murder, running from the cops and barge into your home, the police don't need a warrant to come get me.

 

In turn, Apple is fighting for the right of privacy and security no mater what the case or person.
Great, I'm alive, but if my daughter is murdered then she probably won't care if I crack her phone to read her texts in order to help lead to the killer that took her life.

 

your data is privet and belongs to you. Also, the FBI is literally ordering Apple to comply to a request that is unjust given the situation.
That's one view. I see it as Apple standing int he way of the families of many out there trying to obtain justice. One would think they would find a way to help and do the right thing.

 

This would not be just a "one time thing" once a backdoor, weakness, exploit, or any other form of tampering is created then that would open up a whole new world for other departments/people to take advantage of it.
Then let Apple retain that control so it's only "their time thing" when they decide for it to be broken. No one is telling them to build a system that "can be" hacked. Keep the security tight just let the good guys in when they ask with valid cause. In the Cali shooting case I think there's more than valid reasons to crack it. In the case where a family is pleading for them to help solve the murder of their own daughter I think there's also valid reasons.
Link to comment
Share on other sites

So Tim, the government should get a master key to everyone's front door, that way they didn't have to break down the door when they want to get in your house or anyone else's house. And that master key will no shape or form be able to be copied, distributed, or come up missing, it will be perfectly safe. LOL Right! Also how many FBI, CIA, NSA folks have iPhones and have classified info that would then be compromised once an OS that skirts the feature. China and Russia are drooling at the thought the government will make Apple produce this. It will be the most hacked after piece of software on the planet. I can't even believe people still use Android after clearly the back door is there in android since no fucks are given about Android....
Link to comment
Share on other sites

So Tim, the government should get a master key to everyone's front door, that way they didn't have to break down the door when they want to get in your house or anyone else's house. And that master key will no shape or form be able to be copied, distributed, or come up missing, it will be perfectly safe. LOL Right!

 

That's not what's being asked for them to do. No one demanding they make all iPhone vulnerable. They can do what's being asked of them on this single device or on those in questions with out it being turned loose for others to copy. Just hack the phone, unlock it or as per the request, make it so it won't self destruct after X number of attempts. Once that erase function is disabled from occurring the FBI will turn there people loose on it to crack the combination. The FBI has said they have no interest in "how it's done" just do it and keep the secret recipe in Apples Vault.

 

IMO Apple is using this "strength" as a selling tool so the world will see them as invincibly on the side of the phone owner come hell or high water come innocent person or even world hated terrorist. They would rather do that and keep their position as being seen as such vs doing the right thing and telling the world they actually will do the "right thing" when it comes to help solve a murder or a mass killing crime. Pretty sad IMO. Good for Apple to have such a position of power, sad for them for not knowing when to actually wield it. Sorry but I'm not a fan of such a pathetic decision.

Link to comment
Share on other sites

Yes, Tim, yes they are, that is exactly what they are asking for, something that can be used on every iPhone on the planet, including all the ones that law enforcement want to get into for other cases, I believe columbus has 127 phones they want into, once Apple gives the Feds this every state and city will be requesting it and there will be no security for you and I. (Well I as I think you use an Android, that any Russian and Chineese can hack) You need to think bigger, this is NOT for 1 stupid Terrorist phone at all.
Link to comment
Share on other sites

once Apple gives the Feds this every state and city will be requesting it and there will be no security for you and I.

 

unless during the agreement that's reached clear terms of it's use are defined. it's a pretty easy fix Ben, spell out the terms and agree to it. Nothing in this decision is blanket. in other words Apple is in a position to help define "the right thing to do" and "when" A pretty awesome position to be in. Not one I would say no to as they have done. It will be interesting to see if they side with what serves their interests first.

 

Let's face it, they really don't "care" about your personal data Ben. You're just a customer as a Millions of other people. They care about how they come across to their "customer base" who spend money on their stuff. Right now they are putting the revenue above the right thing. At least IMO. They can do both and are being asked to help define how. Thumbing their nose up at such a position is pretty arrogant.

Link to comment
Share on other sites

No it's not the right thing... You are a smart man, can't understand how you can't see the wolf in sheeps clothing. And it will be a snowball once it's made, it's completely awesome that not even Apple can at this moment do anything, they would have to create it. It's responsible code writing. There is a reason Apple Sandboxes so many APIs, it's secure, they are helping people consolidate their lives, securely and responsibly. The fact that almost every tech company is backing Apple should tell you what is RIGHT....

 

 

You are taking this whole anti-Apple to a whole new level. That or you are butt hurt that you know the device you carry at the moment is not secure and want to be on a level field, because you hate on Apple now.

 

Even the CEO of Google is behind Apple on this, the guy that is responsible for your device you carry.

Link to comment
Share on other sites

No it's not the right thing... You are a smart man, can't understand how you can't see the wolf in sheeps clothing. And it will be a snowball once it's made

 

We're each entitled to an opinion on what's the right thing to do. Also, the snowball thing, I've already addressed. The law is there to prevent such a snowball from beginning to roll. Again, pretty awesome Apple has a chance to help define all that. Pretty sad that they are just snubbing that opportunity. They are more concerned about what would happen to the value of their stock and their view by millions who don't understand the matter fully than they are with doing the right thing. Just my continued opinion.

 

 

they are helping people consolidate their lives, securely and responsibly.
yeah, because they've never been hacked...

 

The fact that almost every tech company is backing Apple should tell you what is RIGHT....
they are riding the coat-tails of what I noted above. not hard to see.

 

You are taking this whole anti-Apple to a whole new level. That or you are butt hurt that you know the device you carry at the moment is not secure and want to be on a level field, because you hate on Apple now.
I have no dog in this race. I have plenty of information available but nothing on my phone is going to end my world. IMO for someone to keep something so top secret that it could end their world on a phone is pretty stupid. Regardless of device. User error IMO.

 

Even the CEO of Google is behind Apple on this, the guy that is responsible for your device you carry.
Again, coat-tails. Edited by TTQ B4U
Link to comment
Share on other sites

That's not what's being asked for them to do. No one demanding they make all iPhone vulnerable.

 

This would only be true if the phone in question had a custom OS. Making all iphones vulnerable is exactly what the FBI is asking.

Link to comment
Share on other sites

Yes, Tim, yes they are, that is exactly what they are asking for, something that can be used on every iPhone on the planet, including all the ones that law enforcement want to get into for other cases

 

Here's exactly what' they are asking of Apple.

 

Three things Specific to the device in question:

 

  • Bypass or disable the auto-erase function in iOS which wipes devices after the incorrect passcode has been entered ten times,
  • allow the FBI to enter passcodes electronically, and
  • remove the delay feature that the iOS sets between incorrect passcode attempts.

^^ Again, call off the pit bulls and turn off the alarm on that specific phone so the FBI can take cracks at it. That's what they are asking. Nothing on the phone is property of the dead terrorist anyway as it was a County Owned Phone not personally owned. It's county property and even they are asking Apple do this. That's like being locked out of your car in a blizzard and GM Saying tough shit, we're not going to on-star unlock even YOUR OWN CAR!

Edited by TTQ B4U
Link to comment
Share on other sites

This would only be true if the phone in question had a custom OS. Making all iphones vulnerable is exactly what the FBI is asking.

 

The FBI has even said, make whatever you do only work on THIS UNIQUE DEVICE. They aren't asking to have a tool in their hands to crack my phone or yours. Apple can do all of this at their office and allow the FBI to access the phone remotely even. It's all been spelled out pretty clearly.

 

In this document it states:

 

  • That the iPhone in question is an iPhone 5c (a device which lacks the Touch ID and Secure Enclave security features). This is known in the document as the "SUBJECT DEVICE".
  • The FBI wants Apple to create code - which the document refers to as Software Image File or "SIF" - that it can load into the iPhone's RAM without modifying any of the data already stored on the flash memory, including "the iOS on the actual phone, the user data partition or system partition."
  • The FBI wants the SIF to be coded with "a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE."
  • The FBI want the SIF loaded onto the iPhone "at either a government facility, or alternatively, at an Apple facility." If it is done at an Apple facility, then "Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowed the government to conduct passcode recovery analysis."
  • This SIF needs to do three things:
    - Bypass or disable the auto-erase function in iOS which wipes devices after the incorrect passcode has been entered ten times,
    - allow the FBI to enter passcodes electronically, and
    - remove the delay feature that the iOS sets between incorrect passcode attempts.

Link to comment
Share on other sites

Math doesn't have a price, but people do. It's not above the intel services to bribe their way into the good graces of an engineer who DOES have the tools and/or knowhow. that's how the intel services of China, Russia, etc do it.

 

You're still not getting it. At some point in the encryption game, there is no such thing as simply acquiring the right tools and/or knowhow. It's just not possible to crack some things given the current state of technology.

 

If I am not mistaken the FBI is claiming that they need to be able to remove the data from the asset themselves and apple needs to facilitate this. This is consistent with the chain of custody. Hence why I am surprised this argument in defense of the FBI's actions have not come up - I mean other than being a boring argument that probably wouldn't create much public support.

 

I'm not sure if you're mistaken because I don't know why the FBI is asking to brute force the PIN themselves, but I suspect it's causing you some confusion about the technical issues here. If Apple wanted to pull the data themselves, they'd ALSO have to install a custom build of iOS and brute force the PIN in exactly the same manner that the FBI wants to. They don't have some alternate way in. The FBI isn't asking for this convoluted solution because it's the only way to preserve the chain of custody, they're asking for it because it's literally the only way.

 

This would only be true if the phone in question had a custom OS. Making all iphones vulnerable is exactly what the FBI is asking.

 

The FBI has even said, make whatever you do only work on THIS UNIQUE DEVICE.

 

FWIW here, PDQS4 is correct on this. There's no way this specific "hacK' would make all iPhones vulnerable. However, forcing Apple to build a custom version of it's software to bypass it's own security *might* set a precedent that would be alarming. For instance, the 5S and 6/7 phones are not currently susceptible to this "build a custom version of iOS for us" strategy. So what happens if the FBI asks Apple to do it anyway? "Do the impossible for us, Apple." Does Apple have to give it the ol' college try? Can they just say, "Nope, too hard?" And if so, why can't they say that now? Who determines what's "too hard?" That's why I side with Apple on this. There's not enough compelling state interest to go warrant going down this road.

Link to comment
Share on other sites

  • 2 weeks later...
By copying the whole NAND and trying a password and if it doesnt work copy it again. Essentially brute forced it.

 

Which is pretty bonkers. It has to be done on the phone itself (at least via that phone's processor). It's a pretty simple method and could only really work with a 4 digit pin. Still, kudos to them. Now how long until they admit there was nothing on there of interest?

Link to comment
Share on other sites

Anyone else think it's entirely possible that they DIDN'T actually crack it, and are just giving themselves a way to walk away from a political battle they may lose?

 

Additionally, who wants to bet that Tim Cook gets audited this year?

Link to comment
Share on other sites

Anyone else think it's entirely possible that they DIDN'T actually crack it, and are just giving themselves a way to walk away from a political battle they may lose?

 

Additionally, who wants to bet that Tim Cook gets audited this year?

 

Well thats America these days, the path to least resistance, not the path needing to be taken.

 

I would imagine they really got in the phone however, it seems it wasn't rocket science to get into this particular phone and had been done across the globe.

Link to comment
Share on other sites

Anyone else think it's entirely possible that they DIDN'T actually crack it, and are just giving themselves a way to walk away from a political battle they may lose?

 

It's possible, but I don't consider it likely. If the FBI wanted to set a precedent, they couldn't have picked a better case -- terrorism, and domestic Islamic terrorism at that, a relatively direct request and a straightforward technological solution. Since newer phones have different security, it's unlikely that they'll get a case like this again. Win or lose, this might be their best shot.

 

But a much simpler answer is that this isn't about setting a precedent or saving face. I think they just wanted to get access to this phone, and now they have. Occam's razor and all that.

Link to comment
Share on other sites

Unlocked iPhone Worthless After F.B.I. Spills Glass of Water on It

 

http://www.newyorker.com/humor/borowitz-report/unlocked-iphone-worthless-after-f-b-i-spills-glass-of-water-on-it

 

Article from link above:

"WASHINGTON (The Borowitz Report)—Moments after successfully unlocking the San Bernardino iPhone, the F.B.I. rendered the phone permanently useless by spilling a glass of water on it, an F.B.I. spokesman confirmed on Tuesday.

 

Calling the accident “one of the biggest embarrassments in F.B.I. history,” bureau spokesman Harland Dorrinson told reporters, “There’s no way to express how bad we feel about what happened to that phone.”

 

Walking reporters through the mishap, Dorrinson said that shortly after the iPhone was unlocked, “There were a lot of high-fives, which led to the unfortunate spilling of the water.”

 

After repeatedly attempting to reboot the phone with no success, the F.B.I. consulted several Apple support forums for tips on fixing a waterlogged iPhone. “I wish I could report that any of them worked,” the spokesman said.

 

In a possible thawing of relations between Apple and the F.B.I., Apple C.E.O. Tim Cook offered to replace the damaged iPhone for seven hundred and forty-nine dollars, or two hundred and ninety-nine dollars with a two-year contract."

Link to comment
Share on other sites

In a possible thawing of relations between Apple and the F.B.I., Apple C.E.O. Tim Cook offered to replace the damaged iPhone for seven hundred and forty-nine dollars, or two hundred and ninety-nine dollars with a two-year contract."

 

super lol. I love the new yorker.

Link to comment
Share on other sites

And that is why the government dropped the case as to now the government does not have to tell Apple how they did it. Had they kept the case open transparency dictates they tell Apple how. However it's already been disclosed how it was done and Apple knows.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...