After months of work, the FBI finally has a way into the San Bernardino iPhone. In a court filing today, prosecutors told the court the new method for breaking into the phone is sound, and Apple’s assistance is no longer required. “The government has now successfully accessed the data stored on Farook’s iPhone,” the filing reads, “and therefore no longer requires assistance from Apple.” The filing provides no further details on the nature of the new method. Still, the result effectively finishes the court fight that has consumed Apple since February.
The result is an abrupt end to this chapter of the FBI’s fight against encryption. We still don’t know the exact nature of the government’s exploit or how many different iPhones it could be used to unlock, but it’s unlikely to grant the broad powers that the proposed GovtOS would have.
BuzzFeed:
Apple on DoJ’s withdrawal of iPhone unlock case: this case should never have been brought; case raised issues that deserve a national conversation
The government says it is reviewing data recovered from the San Bernardino shooter’s iPhone, and will drop its case against Apple. “This case should never have been brought,” Apple said.
The Justice Department (DOJ) announced Monday that it had successfully accessed data on the iPhone used by one of the San Bernardino shooters and that it was dropping its case against Apple to help unlock the phone.
In a call with reporters Monday evening, a law enforcement official said the FBI is currently reviewing the iPhone’s data, which it obtained through the assistance of an outside party. The method they used, he said, worked on an iPhone 5c running iOS 9
The exploit proved successful this weekend, the official said, one week after the outside party showed the FBI how to gain access to the device. The government has declined to identify the outside party
“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent,” Apple said in a statement to BuzzFeed News. “As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
The government’s move appeared to end a monthlong standoff between the DOJ and one of the world’s most powerful technology companies — though the larger debate over law enforcement and government access to encrypted devices is far from settled.
By now you’ve doubtless heard that the FBI has broken the encryption on Syed Farook — the suicide terrorist who killed fourteen and then himself in San Bernardino. Consequently, they won’t be requiring Apple’s (compelled) services any more.
A number of people have written in and asked what we knew about the hack, and the frank answer is “not a heck of a lot”. And it’s not just us, because the FBI has classified the technique. What we do know is that they paid Cellebrite, an Israeli security firm, at least $218,004.85 to get the job done for them. Why would we want to know more? Because, broadly, it matters a lot if it was a hardware attack or a software attack.
Software or Hardware?
If the attack was hardware, it may not be such a big deal. The iPhones supposedly prevent a brute-force (guessing) attack against the password by wiping memory or delaying after a fixed number of wrong guesses. The basic idea behind a possible hardware attack is to dump the memory from an NAND flash chip on board, try a few passwords, and then re-flash the memory to the initial state before tripping the security. Another possibility, if there’s a timeout on password guesses, is to associate the phone with a fake cell tower, and push new times to the phone every time they get locked out. Delays are meaningless if you can arbitrarily set the time on the phone.
The hardware attacks, if these are they, aren’t a big deal because they require physical control of the phone, potentially for a long time.
Responsible Disclosure?
If the FBI is sitting on an OS flaw, and it is one that’s in principle exploitable by criminals, they owe it to their constituency — US citizens — to disclose that information to Apple so that it can get fixed. But because the FBI has classified the hack, they’re not going to be compelled to tell anyone how they did it.
More Legal Battles Ahead
So the Farook case is over, which means we can all rest assured that our phones are safe, right? (Or at least they’re safe from anyone who hasn’t hired Cellebrite.) After all, the FBI director publicly stated that this was just about unlocking only a single (terrorist’s) phone, and not about setting a precedent, so they’ll stop trying to force firms to break their own encryption, right?
Bloomberg Business:
Sources: FBI worked with Israel’s Cellebrite to crack the iPhone in the San Bernardino shooting case — FBI Worked With Israel’s Cellebrite to Crack iPhone — The U.S. Federal Bureau of Investigation worked with Israel’s Cellebrite Mobile Synchronization Ltd. to crack the iPhone used …
The U.S. Federal Bureau of Investigation worked with Israel’s Cellebrite Mobile Synchronization Ltd. to crack the iPhone used in the shooting last year in San Bernardino, California, according to people familiar with the matter.
The U.S. Justice Department said on Tuesday it gained access to the data on the shooter’s phone, after it said it was approached by a third party about a possible way in. The FBI had been locked in a standoff with Apple Inc. for a month over accessing data on the phone used by Syed Rizwan Farook in the attack.
The FBI was already a Cellebrite client before this project, the people said, who asked not to be identified as the matter is private. Cellebrite, founded in 1999, is a unit of Japan’s Sun Corporation.
Salvador Hernandez / BuzzFeed:
FBI Tells Local Law Enforcement It Will Help Unlock Phones — A law enforcement official told BuzzFeed News the FBI sent the advisory to local authorities on Friday in order to provide them with “technical assistance.” — Just days after breaking into a terrorist’s iPhone using …
A law enforcement official told BuzzFeed News the FBI sent the advisory to local authorities on Friday in order to provide them with “technical assistance.”
Last week, the FBI announced that it had, with the help of a third party, successfully broken into the passcode-protected iPhone 5C owned by San Bernardino shooter Syed Farook. It’s not clear yet whether the FBI found any information useful to its investigation
The agency hasn’t named its accomplice nor has it revealed how it gained access to the iPhone’s contents. To shed some light on the possibilities, IEEE Spectrum spoke with nine computer security experts and mobile phone forensics specialists about a few techniques that may have been behind this controversial hack
1. The easy way in
Perhaps the simplest hack of all would be to exploit a vulnerability in iOS 9, the version of Apple’s operating system installed on Farook’s phone.
Armed with the right security hole, also called a zero-day exploit, a hacker could potentially switch off functions that thwarted the FBI’s entry.
2. Trick the OS
hackers may have circumvented the iPhone’s passcode protection by hijacking operations between the A6 and the non-volatile memory.
3. Reset (and reset and reset) the memory
One of the most popular theories among crypto-experts, including Gary McGraw, chief technology officer at the software security consulting firm Cigital, is that the FBI hacked the iPhone through a tactic called NAND mirroring.
One way to manually do that might be to remove the memory chip that NAND protects and make a digital copy of it. Once the copy is made, a hacker could test out combinations and simply reload the memory back onto the original chip before the 10-attempt limit is reached.
4. Tear the whole thing apart
extract the handset’s unique ID, which is a special digital key that Apple assigns to each device during manufacturing and could be used to decode an iPhone’s memory.
“This is a very invasive and expensive and tricky thing to do,”
5. Sneak in through the side
A device that is hard at work can offer clues about the information it is handling. These clues include its power consumption, acoustic properties, electromagnetic radiation, or the time it takes for a specific component to complete a task.
Update: Server-side salvation from Cupertino In a release that’s bound to spark all sorts of speculation, Vulnerability Labs has disclosed an iOS touch passcode bypass at Full Disclosure on April 5.
Apple has pushed a fix on the server side, as noted at the end of this story.
Update: Thanks to the commentard who alerted us to Apple’s fix for the issue. Siri now demands your lock screen passcode, if someone tries to ask Siri for a search, while at a secured Lock screen.
As 9to5Mac notes, implementing the fix at the server side let Cupertino move fast on blocking the vulnerability.
Siri might be a (halfway) decent digital assistant, but Apple’s AI helper makes for a lousy security guard.
We’ve heard about a bunch of “sneaky” ways that evildoers can use Siri to get access to your photos, contacts or completely unlock your phone without entering a passcode or using Touch ID. Luckily, most of these “security problems” are bogus, but a newly discovered one is for real.
The good news, however, is that this Siri exploit only affects certain iPhone models and is completely preventable.
Because it uses 3D Touch, the Siri exploit only works on the iPhone 6s or 6s Plus. And fortunately, the settings that give the helperbot access are switched off by default.
Once the two sides had a chance to move everything to their opposite corners of the ring, people I know (me included) began to line up behind one side or another in the fight between Apple and the FBI. Writing this blog may unleash the passions of many the same way in-depth discussions of religion or politics do. But, I just have to ask: Where do you weigh in on Apple’s refusal to unlock the phone?
It’s fait accompli – the data has been taken off the phone. But still the questions linger, and the debate should not be forgotten—and won’t be. I’ll try to summarize the competing positions.
While Apple has no sympathy for terrorists, once the FBI made the mistake of changing the Apple ID password on the phone, there was no path to obtaining the data without the creation of a backdoor.
Apple suggested that the FBI (even after the government issued an order to create the unique version of the iOS to bypass security), Apple suggested pairing the phone to a previously joined network enabling the government to back it up and retrieve the data. However, once the FBI changed that password—iCloud services were no longer accessible.
While it would seem that Apple should, according to the FBI, be able to unlock the iPhone used in the San Bernardino terrorist attacks, and then not use it again, the reality is law enforcement nationally was lining up with iPhones in the hundreds that they wanted unlocked.
The government indicated that Apple’s business model and marketing strategy was at the heart of Apple’s refusal to create the backdoor.
So, here is my question: Now that another company has broken in and extracted the data (and we know that’s possible so the security isn’t as tight as Apple thought), should Apple have helped or not? At what point does a private company have to help, or does it ever?
Many were skeptical that the work iPhone at the centre of the San Bernardino controversy would prove in any way useful to the FBI given that the shooters left it untouched while destroying their personal phones, and so far that skepticism seems justified. Despite having had access to all the data on the phone for more than a week, the FBI has apparently not yet found anything of value.
The WSJ reports that FBI general counsel James Baker told an International Association of Privacy Professionals conference that it was “too early” to say whether anything useful would be found, and that it may or may not choose to reveal the answer once it is certain.
The FBI isn’t keeping its new iPhone attack secret from everyone. According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple’s recent legal fight.
CNNMoney:
FBI director James Comey says the 3rd-party tool the FBI bought and used to unlock San Bernardino shooter’s iPhone does not work with iPhone 5s or later — FBI director: We bought ‘a tool’ to hack terrorist’s iPhone — FBI Director James Comey said Wednesday that the government had purchased …
FBI Director James Comey said Wednesday that the government had purchased “a tool” from a private party in order to unlock the iPhone used by one of the San Bernardino shooters.
“Litigation between the government and Apple over the San Bernardino phone has ended, because the government has purchased, from a private party, a way to get into that phone, 5C, running iOS 9,” Comey said.
The FBI director also said the purchased tool worked only on a “narrow slice of phones” that does not include the newest Apple models, or the 5S.
“We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.”
Once the two sides had a chance to move everything to their opposite corners of the ring, people I know (me included) began to line up behind one side or another in the fight between Apple and the FBI. Writing this blog may unleash the passions of many the same way in-depth discussions of religion or politics do. But, I just have to ask: Where do you weigh in on Apple’s refusal to unlock the phone?
It’s fait accompli – the data has been taken off the phone. But still the questions linger, and the debate should not be forgotten—and won’t be. I’ll try to summarize the competing positions.
While Apple has no sympathy for terrorists, once the FBI made the mistake of changing the Apple ID password on the phone, there was no path to obtaining the data without the creation of a backdoor.
While it would seem that Apple should, according to the FBI, be able to unlock the iPhone used in the San Bernardino terrorist attacks, and then not use it again, the reality is law enforcement nationally was lining up with iPhones in the hundreds that they wanted unlocked.
Ellen Nakashima / Washington Post:
Sources: FBI did not use Cellebrite to crack San Bernardino iPhone, paid hackers for undisclosed software flaw that was used to create hardware to crack PIN — FBI paid professional hackers one-time fee to crack San Bernardino iPhone — The FBI cracked a San Bernardino terrorist’s phone …
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
Cracking the four-digit PIN, which the FBI had estimated would take 26 minutes, was not the hard part for the bureau. The challenge from the beginning was disabling a feature on the phone that wipes data stored on the device after 10 incorrect tries at guessing the code. A second feature also steadily increases the time allowed between attempts.
The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
Apple said last week that it would not sue the government to gain access to the solution.
Still, many security and privacy experts have been calling on the government to disclose the vulnerability data to Apple so that the firm can patch it.
The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find.
“When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White House cybersecurity coordinator Michael Daniel said in an October 2014 interview, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
Ellen Nakashima / Washington Post:
Sources: FBI did not use Cellebrite to crack San Bernardino iPhone, paid hackers for undisclosed software flaw that was used to create hardware to crack PIN — FBI paid professional hackers one-time fee to crack San Bernardino iPhone — The FBI cracked a San Bernardino terrorist’s phone …
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The FBI Finds Nothing Interesting So Far on Syed Farook’s iPhone
In a development that’s resulted in more facepalming than surprise within the cryptography community, a source tells CBS News that the FBI has found “nothing significant” in the data of the now-cracked iPhone of San Bernardino shooter Syed Rizwan Farook. According to CBS, the FBI is still analyzing the phone, which was unlocked with the assistance of contract hackers after a six-week legal dispute with Apple over the company’s refusal to help bypass its own encryption. But iPhone forensics expert Jonathan Zdziarski is skeptical: “There’s no such thing as ‘an ongoing analysis’ this long, unless you’re playing Angry Birds on Farook’s phone,” he wrote on Twitter.
The FBI cannot unlock 13% of the password-protected cellphones it has seized as evidence in the past six months, a top bureau official told a House panel Tuesday.
About 30% of the 3,000-plus phones that the FBI has seized since Oct. 1 require passwords to open
“Clearly, that presents us with a challenge,” Hess told members of the House Energy and Commerce Committee, which brought in law enforcement officials and tech experts to testify about the pros and cons of “end-to-end” encryption, which is designed so that only users can unlock it.
Congress is struggling to decide what legislation — if any — it should pass on encryption.
Law enforcement officials say that such a law is needed to keep terrorists and criminals from hiding plots and evidence from investigators armed with court orders. Silicon Valley has come out strongly against the bill, saying it will make Americans more vulnerable to cyber criminals and hackers.
Requests involving more than 500 encrypted devices flooded the FBI’s Computer Analysis Response Team and the agency’s Regional Computer Forensic Laboratory programs during a four-month period beginning last October, FBI officials have said.
FBI Director James Comey suggested to a conference in London that his agency paid more than $1.3 million to gray-hat hackers who were able to unlock the iPhone 5C that was used by Syed Farook Rizwan, the dead terrorist who masterminded the attack in San Bernardino, California, in December 2015.
According to Reuters, Comey was asked Thursday how much the FBI paid for the technique that eventually allowed investigators to access the locked phone.
“A lot. More than I will make in the remainder of this job, which is seven years and four months for sure,” Comey said. “But it was, in my view, worth it.”
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.
That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.
For the second time, the FBI has dropped a legal attempt to force Apple to unlock an iPhone at the last minute.
Earlier this month, the FBI backed away from the high-profile San Bernardino case the day before it was due in court by claiming it had paid a third party (apparently $1.2m) to unlock the phone.
Devlin Barrett / Wall Street Journal:
Sources: FBI plans to keep iPhone-hacking method secret, will discourage White House from beginning internal review of whether it should be disclosed to Apple — FBI Plans to Keep Apple iPhone-Hacking Method Secret — Move would likely keep Apple in the dark about security weakness
Joseph Menn / Reuters:
Apple says it received its first FBI tip via Vulnerability Equities Process on April 14; vulnerability already fixed on iOS9 and El Capitan — Apple says FBI gave it first vulnerability tip on April 14 — The FBI informed Apple Inc of a vulnerability in its iPhone and Mac software on April 14 …
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
22 Comments
Tomi Engdahl says:
Apple’s San Bernardino fight is officially over as government confirms working attack
http://www.theverge.com/2016/3/28/11317396/apple-fbi-encryption-vacate-iphone-order-san-bernardino
After months of work, the FBI finally has a way into the San Bernardino iPhone. In a court filing today, prosecutors told the court the new method for breaking into the phone is sound, and Apple’s assistance is no longer required. “The government has now successfully accessed the data stored on Farook’s iPhone,” the filing reads, “and therefore no longer requires assistance from Apple.” The filing provides no further details on the nature of the new method. Still, the result effectively finishes the court fight that has consumed Apple since February.
The result is an abrupt end to this chapter of the FBI’s fight against encryption. We still don’t know the exact nature of the government’s exploit or how many different iPhones it could be used to unlock, but it’s unlikely to grant the broad powers that the proposed GovtOS would have.
Tomi Engdahl says:
BuzzFeed:
Apple on DoJ’s withdrawal of iPhone unlock case: this case should never have been brought; case raised issues that deserve a national conversation
FBI Accessed San Bernardino Shooter’s iPhone Without Apple, Drops Litigation
http://www.buzzfeed.com/sheerafrenkel/fbi-accessed-san-bernardino-shooters-iphone-without-apple-dr#.ikwlMYv95W
The government says it is reviewing data recovered from the San Bernardino shooter’s iPhone, and will drop its case against Apple. “This case should never have been brought,” Apple said.
The Justice Department (DOJ) announced Monday that it had successfully accessed data on the iPhone used by one of the San Bernardino shooters and that it was dropping its case against Apple to help unlock the phone.
In a call with reporters Monday evening, a law enforcement official said the FBI is currently reviewing the iPhone’s data, which it obtained through the assistance of an outside party. The method they used, he said, worked on an iPhone 5c running iOS 9
The exploit proved successful this weekend, the official said, one week after the outside party showed the FBI how to gain access to the device. The government has declined to identify the outside party
“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent,” Apple said in a statement to BuzzFeed News. “As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.”
The government’s move appeared to end a monthlong standoff between the DOJ and one of the world’s most powerful technology companies — though the larger debate over law enforcement and government access to encrypted devices is far from settled.
Tomi Engdahl says:
Could test and measurement crack Farook’s iPhone?
http://www.edn.com/electronics-blogs/test-cafe/4441638/Could-test-and-measurement-crack-Farook-s-iPhone-?_mc=NL_EDN_EDT_EDN_weekly_20160324&cid=NL_EDN_EDT_EDN_weekly_20160324&elqTrackId=df4a4a968d494883bad66e29f52e9885&elq=b7f356127460453c9e14b347d510fe95&elqaid=31479&elqat=1&elqCampaignId=27508
Tomi Engdahl says:
FBI vs Apple: A Postmortem
http://hackaday.com/2016/03/30/fbi-vs-apple-a-postmortem/
By now you’ve doubtless heard that the FBI has broken the encryption on Syed Farook — the suicide terrorist who killed fourteen and then himself in San Bernardino. Consequently, they won’t be requiring Apple’s (compelled) services any more.
A number of people have written in and asked what we knew about the hack, and the frank answer is “not a heck of a lot”. And it’s not just us, because the FBI has classified the technique. What we do know is that they paid Cellebrite, an Israeli security firm, at least $218,004.85 to get the job done for them. Why would we want to know more? Because, broadly, it matters a lot if it was a hardware attack or a software attack.
Software or Hardware?
If the attack was hardware, it may not be such a big deal. The iPhones supposedly prevent a brute-force (guessing) attack against the password by wiping memory or delaying after a fixed number of wrong guesses. The basic idea behind a possible hardware attack is to dump the memory from an NAND flash chip on board, try a few passwords, and then re-flash the memory to the initial state before tripping the security. Another possibility, if there’s a timeout on password guesses, is to associate the phone with a fake cell tower, and push new times to the phone every time they get locked out. Delays are meaningless if you can arbitrarily set the time on the phone.
The hardware attacks, if these are they, aren’t a big deal because they require physical control of the phone, potentially for a long time.
Responsible Disclosure?
If the FBI is sitting on an OS flaw, and it is one that’s in principle exploitable by criminals, they owe it to their constituency — US citizens — to disclose that information to Apple so that it can get fixed. But because the FBI has classified the hack, they’re not going to be compelled to tell anyone how they did it.
More Legal Battles Ahead
So the Farook case is over, which means we can all rest assured that our phones are safe, right? (Or at least they’re safe from anyone who hasn’t hired Cellebrite.) After all, the FBI director publicly stated that this was just about unlocking only a single (terrorist’s) phone, and not about setting a precedent, so they’ll stop trying to force firms to break their own encryption, right?
Tomi Engdahl says:
Bloomberg Business:
Sources: FBI worked with Israel’s Cellebrite to crack the iPhone in the San Bernardino shooting case — FBI Worked With Israel’s Cellebrite to Crack iPhone — The U.S. Federal Bureau of Investigation worked with Israel’s Cellebrite Mobile Synchronization Ltd. to crack the iPhone used …
FBI Worked With Israel’s Cellebrite to Crack iPhone
http://www.bloomberg.com/news/articles/2016-03-30/fbi-said-to-work-with-israel-s-cellebrite-to-crack-iphone
The U.S. Federal Bureau of Investigation worked with Israel’s Cellebrite Mobile Synchronization Ltd. to crack the iPhone used in the shooting last year in San Bernardino, California, according to people familiar with the matter.
The U.S. Justice Department said on Tuesday it gained access to the data on the shooter’s phone, after it said it was approached by a third party about a possible way in. The FBI had been locked in a standoff with Apple Inc. for a month over accessing data on the phone used by Syed Rizwan Farook in the attack.
The FBI was already a Cellebrite client before this project, the people said, who asked not to be identified as the matter is private. Cellebrite, founded in 1999, is a unit of Japan’s Sun Corporation.
Tomi Engdahl says:
Salvador Hernandez / BuzzFeed:
FBI Tells Local Law Enforcement It Will Help Unlock Phones — A law enforcement official told BuzzFeed News the FBI sent the advisory to local authorities on Friday in order to provide them with “technical assistance.” — Just days after breaking into a terrorist’s iPhone using …
FBI Tells Local Law Enforcement It Will Help Unlock Phones
http://www.buzzfeed.com/salvadorhernandez/fbi-tells-local-law-enforcement-it-will-help-unlock-phones#.qcaQ50dgMK
A law enforcement official told BuzzFeed News the FBI sent the advisory to local authorities on Friday in order to provide them with “technical assistance.”
Tomi Engdahl says:
5 Ways Cyber Experts Think the FBI Might Have Hacked the San Bernardino iPhone
http://spectrum.ieee.org/tech-talk/telecom/security/5-ways-experts-think-the-fbi-might-have-hacked-the-san-bernardino-iphone
Last week, the FBI announced that it had, with the help of a third party, successfully broken into the passcode-protected iPhone 5C owned by San Bernardino shooter Syed Farook. It’s not clear yet whether the FBI found any information useful to its investigation
The agency hasn’t named its accomplice nor has it revealed how it gained access to the iPhone’s contents. To shed some light on the possibilities, IEEE Spectrum spoke with nine computer security experts and mobile phone forensics specialists about a few techniques that may have been behind this controversial hack
1. The easy way in
Perhaps the simplest hack of all would be to exploit a vulnerability in iOS 9, the version of Apple’s operating system installed on Farook’s phone.
Armed with the right security hole, also called a zero-day exploit, a hacker could potentially switch off functions that thwarted the FBI’s entry.
2. Trick the OS
hackers may have circumvented the iPhone’s passcode protection by hijacking operations between the A6 and the non-volatile memory.
3. Reset (and reset and reset) the memory
One of the most popular theories among crypto-experts, including Gary McGraw, chief technology officer at the software security consulting firm Cigital, is that the FBI hacked the iPhone through a tactic called NAND mirroring.
One way to manually do that might be to remove the memory chip that NAND protects and make a digital copy of it. Once the copy is made, a hacker could test out combinations and simply reload the memory back onto the original chip before the 10-attempt limit is reached.
4. Tear the whole thing apart
extract the handset’s unique ID, which is a special digital key that Apple assigns to each device during manufacturing and could be used to decode an iPhone’s memory.
“This is a very invasive and expensive and tricky thing to do,”
5. Sneak in through the side
A device that is hard at work can offer clues about the information it is handling. These clues include its power consumption, acoustic properties, electromagnetic radiation, or the time it takes for a specific component to complete a task.
Tomi Engdahl says:
Security bods disclose lock bypass bug in iOS
Let the wild speculation about just how the FBI cracked San Bernardino killer’s phone begin
http://www.theregister.co.uk/2016/04/06/security_bods_disclose_lock_bypass_bug_in_ios/
Update: Server-side salvation from Cupertino In a release that’s bound to spark all sorts of speculation, Vulnerability Labs has disclosed an iOS touch passcode bypass at Full Disclosure on April 5.
Apple has pushed a fix on the server side, as noted at the end of this story.
Update: Thanks to the commentard who alerted us to Apple’s fix for the issue. Siri now demands your lock screen passcode, if someone tries to ask Siri for a search, while at a secured Lock screen.
As 9to5Mac notes, implementing the fix at the server side let Cupertino move fast on blocking the vulnerability.
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) – (3D Touch) Passcode Bypass Vulnerability
http://seclists.org/fulldisclosure/2016/Apr/19
Tomi Engdahl says:
Latest Siri exploit is super-specific (and avoidable)
http://www.cultofmac.com/421448/latest-siri-exploit-is-super-specific-and-avoidable/
Siri might be a (halfway) decent digital assistant, but Apple’s AI helper makes for a lousy security guard.
We’ve heard about a bunch of “sneaky” ways that evildoers can use Siri to get access to your photos, contacts or completely unlock your phone without entering a passcode or using Touch ID. Luckily, most of these “security problems” are bogus, but a newly discovered one is for real.
The good news, however, is that this Siri exploit only affects certain iPhone models and is completely preventable.
Because it uses 3D Touch, the Siri exploit only works on the iPhone 6s or 6s Plus. And fortunately, the settings that give the helperbot access are switched off by default.
Tomi Engdahl says:
Apple vs FBI: When privacy and safety collide
http://www.edn.com/electronics-blogs/from-the-edge-/4441781/Apple-vs-FBI–When-privacy-and-safety-collide?_mc=NL_EDN_EDT_EDN_today_20160406&cid=NL_EDN_EDT_EDN_today_20160406&elqTrackId=9c5473c96b8545bb92f33a2763bf59e2&elq=6f1a51d62eca4f9d80264ceb02708e0a&elqaid=31688&elqat=1&elqCampaignId=27673
Once the two sides had a chance to move everything to their opposite corners of the ring, people I know (me included) began to line up behind one side or another in the fight between Apple and the FBI. Writing this blog may unleash the passions of many the same way in-depth discussions of religion or politics do. But, I just have to ask: Where do you weigh in on Apple’s refusal to unlock the phone?
It’s fait accompli – the data has been taken off the phone. But still the questions linger, and the debate should not be forgotten—and won’t be. I’ll try to summarize the competing positions.
While Apple has no sympathy for terrorists, once the FBI made the mistake of changing the Apple ID password on the phone, there was no path to obtaining the data without the creation of a backdoor.
Apple suggested that the FBI (even after the government issued an order to create the unique version of the iOS to bypass security), Apple suggested pairing the phone to a previously joined network enabling the government to back it up and retrieve the data. However, once the FBI changed that password—iCloud services were no longer accessible.
While it would seem that Apple should, according to the FBI, be able to unlock the iPhone used in the San Bernardino terrorist attacks, and then not use it again, the reality is law enforcement nationally was lining up with iPhones in the hundreds that they wanted unlocked.
The government indicated that Apple’s business model and marketing strategy was at the heart of Apple’s refusal to create the backdoor.
So, here is my question: Now that another company has broken in and extracted the data (and we know that’s possible so the security isn’t as tight as Apple thought), should Apple have helped or not? At what point does a private company have to help, or does it ever?
Tomi Engdahl says:
FBI says it doesn’t know if San Bernardino iPhone is useful, may or may not share the answer
http://9to5mac.com/2016/04/06/fbi-san-bernardino-iphone-data/
Many were skeptical that the work iPhone at the centre of the San Bernardino controversy would prove in any way useful to the FBI given that the shooters left it untouched while destroying their personal phones, and so far that skepticism seems justified. Despite having had access to all the data on the phone for more than a week, the FBI has apparently not yet found anything of value.
The WSJ reports that FBI general counsel James Baker told an International Association of Privacy Professionals conference that it was “too early” to say whether anything useful would be found, and that it may or may not choose to reveal the answer once it is certain.
Tomi Engdahl says:
The FBI is telling senators how it hacked the San Bernardino iPhone
http://www.theverge.com/2016/4/6/11380204/fbi-iphone-attack-san-bernardino-secret
The FBI isn’t keeping its new iPhone attack secret from everyone. According to a new report in National Journal, the FBI has already briefed Senator Diane Feinstein (D-CA) on the methods used to break into the iPhone at the center of Apple’s recent legal fight.
Tomi Engdahl says:
CNNMoney:
FBI director James Comey says the 3rd-party tool the FBI bought and used to unlock San Bernardino shooter’s iPhone does not work with iPhone 5s or later — FBI director: We bought ‘a tool’ to hack terrorist’s iPhone — FBI Director James Comey said Wednesday that the government had purchased …
FBI director: We bought ‘a tool’ to hack terrorist’s iPhone
http://money.cnn.com/2016/04/07/technology/fbi-iphone-hack-san-bernardino/
FBI Director James Comey said Wednesday that the government had purchased “a tool” from a private party in order to unlock the iPhone used by one of the San Bernardino shooters.
“Litigation between the government and Apple over the San Bernardino phone has ended, because the government has purchased, from a private party, a way to get into that phone, 5C, running iOS 9,” Comey said.
The FBI director also said the purchased tool worked only on a “narrow slice of phones” that does not include the newest Apple models, or the 5S.
“We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.”
Tomi Engdahl says:
Apple vs FBI: When privacy and safety collide
http://www.edn.com/electronics-blogs/from-the-edge-/4441781/Apple-vs-FBI–When-privacy-and-safety-collide?_mc=NL_EDN_EDT_EDN_weekly_20160407&cid=NL_EDN_EDT_EDN_weekly_20160407&elqTrackId=b7a16ea4a60047b3b00aaad051393c67&elq=9d6dd7061f1a46d5a4535eb93af1da75&elqaid=31714&elqat=1&elqCampaignId=27703
Once the two sides had a chance to move everything to their opposite corners of the ring, people I know (me included) began to line up behind one side or another in the fight between Apple and the FBI. Writing this blog may unleash the passions of many the same way in-depth discussions of religion or politics do. But, I just have to ask: Where do you weigh in on Apple’s refusal to unlock the phone?
It’s fait accompli – the data has been taken off the phone. But still the questions linger, and the debate should not be forgotten—and won’t be. I’ll try to summarize the competing positions.
While Apple has no sympathy for terrorists, once the FBI made the mistake of changing the Apple ID password on the phone, there was no path to obtaining the data without the creation of a backdoor.
While it would seem that Apple should, according to the FBI, be able to unlock the iPhone used in the San Bernardino terrorist attacks, and then not use it again, the reality is law enforcement nationally was lining up with iPhones in the hundreds that they wanted unlocked.
Tomi Engdahl says:
Ellen Nakashima / Washington Post:
Sources: FBI did not use Cellebrite to crack San Bernardino iPhone, paid hackers for undisclosed software flaw that was used to create hardware to crack PIN — FBI paid professional hackers one-time fee to crack San Bernardino iPhone — The FBI cracked a San Bernardino terrorist’s phone …
FBI paid professional hackers one-time fee to crack San Bernardino iPhone
https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
Cracking the four-digit PIN, which the FBI had estimated would take 26 minutes, was not the hard part for the bureau. The challenge from the beginning was disabling a feature on the phone that wipes data stored on the device after 10 incorrect tries at guessing the code. A second feature also steadily increases the time allowed between attempts.
The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.
Apple said last week that it would not sue the government to gain access to the solution.
Still, many security and privacy experts have been calling on the government to disclose the vulnerability data to Apple so that the firm can patch it.
The White House has established a process in which federal officials weigh whether to disclose any security vulnerabilities they find.
“When we discover these vulnerabilities, there’s a very strong bias towards disclosure,” White House cybersecurity coordinator Michael Daniel said in an October 2014 interview, speaking generally and not about the Apple case. “That’s for a good reason. If you had to pick the economy and the government that is most dependent on a digital infrastructure, that would be the United States.”
Tomi Engdahl says:
FBI paid hackers to crack San Bernardino gunman’s iPhone
http://www.chicagotribune.com/news/nationworld/ct-apple-fbi-encryption-debate-20160412-story.html
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.
Tomi Engdahl says:
Ellen Nakashima / Washington Post:
Sources: FBI did not use Cellebrite to crack San Bernardino iPhone, paid hackers for undisclosed software flaw that was used to create hardware to crack PIN — FBI paid professional hackers one-time fee to crack San Bernardino iPhone — The FBI cracked a San Bernardino terrorist’s phone …
FBI paid professional hackers one-time fee to crack San Bernardino iPhone
https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html
The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
Tomi Engdahl says:
The FBI Finds Nothing Interesting So Far on Syed Farook’s iPhone
In a development that’s resulted in more facepalming than surprise within the cryptography community, a source tells CBS News that the FBI has found “nothing significant” in the data of the now-cracked iPhone of San Bernardino shooter Syed Rizwan Farook. According to CBS, the FBI is still analyzing the phone, which was unlocked with the assistance of contract hackers after a six-week legal dispute with Apple over the company’s refusal to help bypass its own encryption. But iPhone forensics expert Jonathan Zdziarski is skeptical: “There’s no such thing as ‘an ongoing analysis’ this long, unless you’re playing Angry Birds on Farook’s phone,” he wrote on Twitter.
Source: http://www.wired.com/2016/04/security-week-tax-day-near-irs-hackable-ever/
Tomi Engdahl says:
FBI can’t unlock 13% of password-protected phones it seized, official says
http://www.usatoday.com/story/news/politics/2016/04/19/fbi-cant-unlock-13-password-protected-phones-seized-official-says/83224860/
The FBI cannot unlock 13% of the password-protected cellphones it has seized as evidence in the past six months, a top bureau official told a House panel Tuesday.
About 30% of the 3,000-plus phones that the FBI has seized since Oct. 1 require passwords to open
“Clearly, that presents us with a challenge,” Hess told members of the House Energy and Commerce Committee, which brought in law enforcement officials and tech experts to testify about the pros and cons of “end-to-end” encryption, which is designed so that only users can unlock it.
Congress is struggling to decide what legislation — if any — it should pass on encryption.
Law enforcement officials say that such a law is needed to keep terrorists and criminals from hiding plots and evidence from investigators armed with court orders. Silicon Valley has come out strongly against the bill, saying it will make Americans more vulnerable to cyber criminals and hackers.
Requests involving more than 500 encrypted devices flooded the FBI’s Computer Analysis Response Team and the agency’s Regional Computer Forensic Laboratory programs during a four-month period beginning last October, FBI officials have said.
Tomi Engdahl says:
FBI paid at least $1.3M for zero-day to get into San Bernardino iPhone
FBI Director James Comey: “But it was, in my view, worth it.”
http://arstechnica.com/tech-policy/2016/04/fbi-paid-at-least-1-3m-for-zero-day-to-get-into-san-bernardino-iphone/
FBI Director James Comey suggested to a conference in London that his agency paid more than $1.3 million to gray-hat hackers who were able to unlock the iPhone 5C that was used by Syed Farook Rizwan, the dead terrorist who masterminded the attack in San Bernardino, California, in December 2015.
According to Reuters, Comey was asked Thursday how much the FBI paid for the technique that eventually allowed investigators to access the locked phone.
“A lot. More than I will make in the remainder of this job, which is seven years and four months for sure,” Comey said. “But it was, in my view, worth it.”
FBI paid more than $1.3 million to break into San Bernardino iPhone
http://www.reuters.com/article/us-apple-encryption-fbi-idUSKCN0XI2IB?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+reuters%2FtechnologyNews+%28Reuters+Technology+News%29
Federal Bureau of Investigation Director James Comey said on Thursday the agency paid more to get into the iPhone of one of the San Bernardino shooters than he will make in the remaining seven years and four months he has in his job.
According to figures from the FBI and the U.S. Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300. Without a raise or bonus, Comey will make $1.34 million over the remainder of his job.
That suggests the FBI paid the largest ever publicized fee for a hacking job, easily surpassing the $1 million paid by U.S. information security company Zerodium to break into phones.
Tomi Engdahl says:
FBI ends second iPhone fight after someone, um, ‘remembers’ the PIN
Feds backing away from effort to set legal precedent
http://www.theregister.co.uk/2016/04/25/fbi_drops_second_iphone_case/
For the second time, the FBI has dropped a legal attempt to force Apple to unlock an iPhone at the last minute.
Earlier this month, the FBI backed away from the high-profile San Bernardino case the day before it was due in court by claiming it had paid a third party (apparently $1.2m) to unlock the phone.
Tomi Engdahl says:
Devlin Barrett / Wall Street Journal:
Sources: FBI plans to keep iPhone-hacking method secret, will discourage White House from beginning internal review of whether it should be disclosed to Apple — FBI Plans to Keep Apple iPhone-Hacking Method Secret — Move would likely keep Apple in the dark about security weakness
FBI Plans to Keep Apple iPhone-Hacking Method Secret
Move would likely keep Apple in the dark about security weakness
http://www.wsj.com/article_email/fbi-plans-to-keep-apple-iphone-hacking-method-secret-sources-say-1461694735-lMyQjAxMTE2MTI5NjcyMTYyWj
Joseph Menn / Reuters:
Apple says it received its first FBI tip via Vulnerability Equities Process on April 14; vulnerability already fixed on iOS9 and El Capitan — Apple says FBI gave it first vulnerability tip on April 14 — The FBI informed Apple Inc of a vulnerability in its iPhone and Mac software on April 14 …
Apple says FBI gave it first vulnerability tip on April 14
http://www.reuters.com/article/us-apple-encryption-fbi-disclosure-idUSKCN0XO00T