Join Us!

Apple Unlocking iPh...
 
Notifications
Clear all

Apple Unlocking iPhones vs US Government  

Page 1 / 6
  RSS
dan0841
(@dan0841)
Member

It will be interesting to see who wins this one and how/if it's resolved

BBC Apple vs LE

Quote
Posted : 17/02/2016 1:26 pm
DCS1094
(@dcs1094)
Active Member

The FBI has asked Apple to do two things.

First, it wants the company to alter Farook's iPhone so that investigators can make unlimited attempts at the passcode without the risk of erasing the data.

"Hi Apple, you know that security flaw you patched? Can you reinstate it again?"

roll Not going to happen!

ReplyQuote
Posted : 17/02/2016 4:48 pm
trewmte
(@trewmte)
Community Legend

Apple's Open Letter
https://www.apple.com/customer-letter/
"But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

What is fascinating is that Apple isn't (implicitly or explicitly) disagreeing with the principle that backdooring is impossible, merely that they don't want to put that principle into final practice.

Judge's Order
https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

ReplyQuote
Posted : 17/02/2016 10:59 pm
hcso1510
(@hcso1510)
Active Member

First off let me start by saying that even before Riley I have always been an advocate for obtaining a search warrant to search a cell phone. I don't work terrorism related cases, but I do work cases involving the Internet and victims under the age of 18.

I'm sure I'll have some of my facts off a bit, but I hope you will judge me on the overall and not take an opportunity to pick me apart. I don't know if you look at Eric Snowden as a hero or a villain, but much of the security talk today is related to the things he disclosed.

I'm painting with a broad brush, but to some extent Apple has decided that a note typed into one of its locked cell phones should receive greater 4th Ammendment protection than a note that is scribbled on a piece of paper currently in your locked residence.

So here I am, a law enforcement officer with a criminal case and probable cause. With a search warrant law enforcement can get into cars, residences, and locked containers, but not a locked cell phone?

Several years ago, I believe it was around the time the 4S came out, Apple encrypted its data within their phones, which basically rendered Cellular forensic tools impotent, provided the phone was locked.

Lots of hackers out there I guess so Apple wanted to provide customers with added security. The forensics folks weren't all that excited about it, but I get it.

Law enforcement would then get a Search Warrant and send the phone off to Apple with an external drive and get the contents back at a later date. Apple, I would assume,was swamped with work that they were not getting paid for?

Then we all awoke one sunny day and found out that if we downloaded the new fix Apple would no longer be able to open these phones at their facility and provide encryption that only the user could access.

Hmmmmm. Prior to this "Fix" is that what the public was crying out for?

Now I have no idea what the internal communications at Apple were prior to the "Fix", but I would imagine during a board meeting one day the CEO asked how the Law Enforcement Assistance Group was doing and the reply was

Boss, we are being totally over run with requests from law enforcement to pull content out of these phones. We have trained people leaving because they are worked so hard and we have had to hire additional examiners. We are taking on additional costs every day and one of our employees was looking at an article on an ACLU/EFF/Digitaldueprocess website that suggested that even if we were complying with a lawful search warrant, supported by probable cause, we were nothing more that acting as agents of the government.

CEO "Dear God, we can't have that. Someone might go out and by an Android. Get the chief tech dude in here now. Were gonna put a stop to this c**p. Tech dude, we need to create a "Fix" and in doing so we will tell everyone that only the end user can access the device. We will tell everyone from this day forward we can't. Of coarse if one of us gets locked out of our phones you guys will need to get into them, but we will tell everyone we can't. From this day forward this will be the company line.

The above is somewhat tongue and cheek, but can anyone tell me that this was done for any other reason than a financial one? And by the way, under the 'old system' of Apple examining the phone and dumping the content onto an external drive can anyone tell me about how your data was compromised?

I think at some point the pendulum swings back slightly. I don't believe general public wants to be spied on and neither do I. However I do believe that the general public believes law enforcement should have the ability to access a cell phone when they have probable cause.

Just my two cents. How about you?

ReplyQuote
Posted : 18/02/2016 5:01 am
mark_adp
(@mark_adp)
Member

I am inclined to agree that both Apple and other HSM don't want to be overloaded with requests from LEA. They have configured their phones in such a way that there is now no "backdoor" in, however they must still be able to brute force a device using the right custom signed boot loaders.

I would be very surprised if its a capability issue, but more a capacity issue and a PR issue. People buy iPhones because they are secure, while what is being proposed (from my understanding) would not reduce the security of every phone, only the ones being submitted to Apple, from a PR perspective, it doesn't look good.

ReplyQuote
Posted : 18/02/2016 12:38 pm
gorvq7222
(@gorvq7222)
Active Member

I do worry about iOS forensics going dark~ Apple claims that they want to protect people's privacy and Apple decide not to let LE got chance to dig out the evidence from a passcode locked iDevice…The truth is that manufacturers couldn't care less about privacy or security…they care about sales and revenue…

Imagine that one day you buy a auto car whose name is "iCar" and you lost the key/password to wake up your iCar… Apple will tell you that sorry for no any chance to bring your iCar back alive, and the only thing you could do is to download ipsw and use iTunes to flash your iCar. What about the data inside the iCar like driving records??? Data is gone with the wind and Apple doesn't give a s**t! No matter the driving records inside iCar have something to do with a criminal case or not, Apple won't aid LE to extract the evidence. Of couse it's easier for Apple to do so and the Police or FBI or CIA or NSA won't bother Apple any more.

ReplyQuote
Posted : 18/02/2016 7:59 pm
meso
 meso
(@meso)
New Member

I have problems believing that Apple doesn't have the ability to access a locked device. I think it revolves around public perception of their security and the fear of losing sales. It's not logical to think that a company that produces such sophisticated hardware and software has no backdoor into it. No one will ever be able to convince me that if one of Tim Cook's loved ones was murdered and evidence of that crime was contained on a locked IOS device that he would not provide technical resources to law enforcement to open the device.

As a citizen, I want privacy and security, while recognizing that a judge can give law enforcement access to my private stuff.

As a law enforcement officer, I respect people's right to privacy in their homes and on their digital devices, while fully expecting that if I have probable cause (facts, circumstances, or other information that would lead a reasonable person to believe that a crime has been committed or is about to be committed, that a certain individual is responsible for that crime, and evidence of that crime is contained on the device), that I can obtain a search warrant from a judge to get the data, utilizing whatever technical means are necessary.

I'm very interested to see where this goes…..

ReplyQuote
Posted : 18/02/2016 11:17 pm
trewmte
(@trewmte)
Community Legend

CONUNDRUM!

What would make YOU decide to backdoor where the interest of a matter is greater than privacy and security?

Place in your order of importance the below and highlight at what stage you would expect Apple to concede and backdoor their devices for the greater good?

10………………..backdoor device to find a burglary/car thief
9………………..backdoor device to find local cannabis supplier
8………………backdoor device to find IIoC photo distributor/procurer
7…………….backdoor device to find people trafficker
6…………..backdoor device to find arms smuggler
5………..backdoor device to find LE or civilian murderer
4………backdoor device to find agent spreading bacterial warfare
3…….backdoor device to find murderer of national president
2…..backdoor device to find kidnapper of 30 babies from hospital
1…backdoor device to find where nuclear device placed before explodes

Remember more is less and less is more.

ReplyQuote
Posted : 19/02/2016 12:02 am
dan0841
(@dan0841)
Member

CONUNDRUM!

What would make YOU decide to backdoor where the interest of a matter is greater than privacy and security?

Place in your order of importance the below and highlight at what stage you would expect Apple to concede and backdoor their devices for the greater good?

10………………..backdoor device to find a burglary/car thief
9………………..backdoor device to find local cannabis supplier
8………………backdoor device to find IIoC photo distributor/procurer
7…………….backdoor device to find people trafficker
6…………..backdoor device to find arms smuggler
5………..backdoor device to find LE or civilian murderer
4………backdoor device to find agent spreading bacterial warfare
3…….backdoor device to find murderer of national president
2…..backdoor device to find kidnapper of 30 babies from hospital
1…backdoor device to find where nuclear device placed before explodes

Remember more is less and less is more.

1 - 8 Inclusive. I would, however, make sure there are sufficient safeguards as with other Telecoms based requests (At least in the UK anyway).

ReplyQuote
Posted : 19/02/2016 1:27 am
jaclaz
(@jaclaz)
Community Legend

Apart from the specific case (and the opportunity and the Law, and Privacy and everything else) there is an underlying issue IMHO
https://www.apple.com/customer-letter/

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The good Apple guys are not saying that what the FBI asked is impossible (which is what I seemed to understand they said to everyone else before) they are saying that
1) it does not exist (yet)
2) that they will try to not make it

Till now the debate was more whether a new version of the OS would have been made in such a way to allow access to the encrypted data without knowing the pin/password/etc., it was assumed (or implied, or both) that it was not possible to replace parts (or the whole) OS on a "locked" device, i.e. both the encryption was "unbreakable" but also was not "by-passable", the news seem to be that while the encryption is still "unbreakable", it is actually "by-passable".

In other words one thing is creating a new OS that has a backdoor and install it on a new or however "unlocked" device, another thing is "injecting" an OS with a backdoor in an existing, "locked" device.

jaclaz

ReplyQuote
Posted : 19/02/2016 5:17 pm
thefuf
(@thefuf)
Active Member

Apple, FBI, and the Burden of Forensic Methodology. Is it a kind of the CSI effect when dealing with forensic tools?

ReplyQuote
Posted : 19/02/2016 8:42 pm
hcso1510
(@hcso1510)
Active Member

I really do wish that we could stop calling this a back door. To me, back door denotes some sort of illegal hacking. I want a front door, but I know that can only come with a Search Warrant supported by probable cause.

Companies are not in business to support law enforcement investigations, but I never really thought they were in business to thwart them either.

I don't believe we need to wait for Apple to develop anything when they have everything they need right now.

I don't know the exact version of iOS when Apple stated only the end user could access a locked device, but there was a version just prior to that.

I would think they could push out an update that now allowed them to be able to access the phones, like they can't now???, and make it mandatory. They could also give everyone a set time period to download the update or their phones would be unsupported.

I dont see the general public throwing their iOS into the trash bins over this, but while the public does want mobile phone security I also believe they would think law enforcement should be able to access a device with a search warrant. They certainly don't want to hear that law enforcement cant access a terrorist's phone.

I'm somewhat surprised Apple hasn't come out and said "Ok, but we will charge $100 per phone." Who knows what the future holds….

ReplyQuote
Posted : 20/02/2016 12:50 pm
jaclaz
(@jaclaz)
Community Legend

The news about the change of i-cloud password after the device was already seized add some further spice to the issue
http//www.wired.com/2016/02/apple-says-the-government-bungled-its-chance-to-hack-that-iphone/?

Shortly after the phone in question was seized from an SUV belonging to Farook and his wife, someone changed an Apple ID that might have allowed the phone to back up data to iCloud—which would have given the government a chance to seize the data with a court order. But because that ID was changed, there is no chance the phone could have ever backed up additional data to iCloud, a senior Apple executive said on a call today with reporters.

When asked who changed that ID, the executive said that the government indicated it was someone who worked for the county, but that he didn’t know the identity of that worker. However, this presumably would have been an IT worker for the county who supplied the phone to Farook.

The government touched on this detail in a motion it filed with the court today but placed it only in a lengthy footnote at the bottom of one page. The government also didn’t acknowledge in the footnote that this was likely the best chance it had of retrieving the data it wanted from the phone.

jaclaz

ReplyQuote
Posted : 20/02/2016 5:43 pm
C.R.S.
(@c-r-s)
Active Member

I really do wish that we could stop calling this a back door.

Fully agree. It's not even a back door in technical terms, it's exploitation. They have a device which is somewhere between secure and insecure out of the factory, depending on your adversary. For the manufacturer, this iPhone is easily accessible to prepare a brute force attack.

I'm not an expert for US law, but I think, it is entirely possible to hold a third party responsible for reasonable efforts in such cases. Apple is to be compensated for these efforts. Apple refuses because of post-Snowden hysteria and related PR issues.

ReplyQuote
Posted : 20/02/2016 6:17 pm
trewmte
(@trewmte)
Community Legend

I really do wish that we could stop calling this a back door.

Fully agree. It's not even a back door in technical terms, it's exploitation.

Technically fair observations and I don't have a problem with those terms. It might be though others might think this is being a little bit semantically picky. It is possibly far too late in the day to only now start the conversion of institutions (ITU, ETSI, 3GPP etc. that use the term back-door, since 2000) and the media and non-technical people to start now using "front-doors" or "exploitation" with regards to Apple iPhone 5C.

ReplyQuote
Posted : 20/02/2016 6:39 pm
Page 1 / 6
Share: