Federal judge FORCES Apple to help FBI decrypt San Bernardino killers iPhone 5C

[SuperCookie78]

i'm no lawyer but can't the court order to the guy to unlock his phone? or is that self-incrimination. 

[LAwLz]

15 minutes ago, SuperCookie78 said:

i'm no lawyer but can't the court order to the guy to unlock his phone? or is that self-incrimination. 

He/she is dead. The couple got shot after the attack.

If they were alive, I think it would fall under self-incrimination, but I think we have had cases go both ways on that so there is no definitive answer.

[SuperCookie78]

6 minutes ago, LAwLz said:

He/she is dead. The couple got shot after the attack.

If they were alive, I think it would fall under self-incrimination, but I think we have had cases go both ways on that so there is no definitive answer.

sorry for asking such a dumb question i haven't been following this story.

[Evyatar]

6 hours ago, Albatross said:

 

Why don't you think beyond this case, hmm? Perhaps then you will see the issue here. And well, well, well! You call someone an ass for thinking Apple shouldn't break their security but then you wish the murderer would repeat himself to someone's family, to more innocents? What does that make you?

 

You must be a hardcore lefty. Only they spew such backwards, crazy hypocritical (and other brands of wtf) nonsense to make themselves look and feel superior to others.

 

As a someone who's living in the middle east, I sure am not a lefty.
In MURDERING CASES IT'S A MUST TO SHOW EVIDENCE ABOUT IT.

Any other opinion is just intensity dude.

[Blade of Grass]

3 hours ago, SuperCookie78 said:

i'm no lawyer but can't the court order to the guy to unlock his phone? or is that self-incrimination. 

Yes? No? It's confusing. 

 

Depending on which district you live in, a different precedent has been set. In In Re Boucher, the court said that the encryption 

key is not protected by the constitution, but in US vs. Doe, they said it was. 

https://www.eff.org/cases/us-v-doe-re-grand-jury-subpoena-duces-tecum-dated-march-25-2011

(Linked the US vs Doe case because there'a many cases called that, whereas In Re Boucher is the only one comes up when you search it)

 

Also, remember that you cannot always claim your fifth amendment rights, and there's things that the court can do to circumvent it (for example, they can offer you immunity). 

[Demonking]

Apple just flood $ into congress & make them leave you alone.

[alamox]

why this obsession about unlocking the phone anyway, imagine they never found a phone, was that the end of the investigation ? even even if they manage to unlock it i am almost certain they wont find anything usefull, and yet here they are, i truly believe this is not just about unlocking THIS phone, but more about the backdoor for all the phones.

[stconquest]

6 minutes ago, alamox said:

why this obsession about unlocking the phone anyway, imagine they never found a phone, was that the end of the investigation ? even even if they manage to unlock it i am almost certain they wont find anything usefull, and yet here they are, i truly believe this is not just about unlocking THIS phone, but more about the backdoor for all the phones.

lol, sounds like the Skylake bug fix =D

[Trik'Stari]

On 2/17/2016 at 9:34 AM, Centurius said:

On the one hand I do feel this specific iPhone should be decrypted, on the other hand I agree with Apple that a backdoor that could potentially affect every iPhone is a horrible precedent.

Because they want to weaken the support for encryption. This is nothing but them spinning shit to the general public, in a way that the public will swallow. as @stconquest said in another thread.

[Roawoao]

There seems to be this misunderstanding that Apple cannot possibly contain special device specific operating system hack from being abused by any other party on a wide scale but people are ignoring that for that to happen they would have to compromise Apple's private signing authority keys which in themselves would literally be the key's to the kingdom. Who cares about any special backdoor OS version if you can literally push updates out to all phones or specific ones to accept anything you want. You can even remove/add apps, brick phones, force decryption, modify the baseband, update secure elements, update secure boot, the only thing you can't change is that root trust key ....

 

The same mathematically strong cryptography technology (different implementation/software obviously) that protects data also protects the software using the public private key model with very strong algorithmic strength (at least one would hope for such a critical aspect). When Apple says hackers might get at the software and abuse it that would also mean they have Apple's root authority private keys needed to sign the software to work on other phones, the loss of such keys would be catastrophic in comparison to the backdoor OS version's existance.

[AresKrieger]

Well they aren't asking apple to decrypt the phone they want apple to use an update to block the 10 guess memory wipe functionality, which they have the ability to do very easily, I honestly see no problem with this particular ruling since the owner was guilty and is dead, so long as they don't force a backdoor or circumnavigate the 4th amendment I don't have an issue with it.

[Sionji]

I think everyone's missing the point that Apple was trying to make here. Apple implemented encryption as a measure to protect user data from prying eyes. But lots of people here seem to have a fundamental misunderstanding of what this means. Encryption deals with complex algorithms and keys. In simple terms, these keys are big numbers that can be used to get the original data out of the scrambled up mess that encryption results in. What Apple is saying is that they designed this encryption schema in such a way that they don't have any private keys that would give them access to user data on the phone. 

 

A common argument I'm seeing here is that "Apple designed it, so can't they just decrypt it?" Well of course, if they had a key. Breaking encryption means finding the key to the encrypted data. However, modern methods of data encryption are done in such a way that even if you had the data in its encrypted form, you have nothing to go off of other than guessing. Constantly guessing to find the key is called a "Brute force attack." Brute forcing modern encryption methods mean that it could take millions upon millions of years to guess the key that works even with the fastest and most powerful supercomputers in the world trying keys. Unless the FBI is willing to wait this long, it can't be done.

 

Also, this means that should Apple find the key for this particular phone, there's no guarantee that the same key would work on the encrypted data of the next phone. What the government is doing is asking Apple to design their software in such a way that Apple always has a key that works. Now this sort of method is in use, such as the private keys that banks have which they use to decrypt transaction data sent from your computer or phone when purchasing something. But Apple argues that the type of data that the government could have access to with a single master key would be too telling about a person, and be a major breach of privacy. 

 

In short, fuck the government. Apple is totally in the right. 

[Roawoao]

I don't think saying fuck the government is the default answer and Apple is totally right. 

 

Apple's system on the iPhone 5c in question only has what amounts to a salted user supplied password protecting the FDE key. Dumping the flash memory is one way to allow brute forcing bypassing the OS protections. A device ID specific modified OS is also possible (not a very nice smelling idea of course) but technically speaking it is impossible for hackers or other actors to abuse without having Apple's private signing keys. (It would ruin the obviously not true, extremely good security apple advertises but that is just marketing not reality)

 

The pin in question is only a 4-6 digit numeric plus the UID salt so not very hard to brute force vs a strong all char password with salt. So it can be done.

 

This would obviously only apply to this one phone it wouldn't even work if someone had the same pin code because of the UID salt. (Good password storage practice)

[LAwLz]

9 hours ago, Roawoao said:

There seems to be this misunderstanding that Apple cannot possibly contain special device specific operating system hack from being abused by any other party on a wide scale but people are ignoring that for that to happen they would have to compromise Apple's private signing authority keys which in themselves would literally be the key's to the kingdom. Who cares about any special backdoor OS version if you can literally push updates out to all phones or specific ones to accept anything you want. You can even remove/add apps, brick phones, force decryption, modify the baseband, update secure elements, update secure boot, the only thing you can't change is that root trust key ....

 

The same mathematically strong cryptography technology (different implementation/software obviously) that protects data also protects the software using the public private key model with very strong algorithmic strength (at least one would hope for such a critical aspect). When Apple says hackers might get at the software and abuse it that would also mean they have Apple's root authority private keys needed to sign the software to work on other phones, the loss of such keys would be catastrophic in comparison to the backdoor OS version's existance.

They would not have to get Apple's private key. They would just need the modified OS, and if they followed FBI's order then the FBI would get access to it, and be able to install it on any phone they took possession of. Windows is signed but you don't have to get Microsoft's private key to be able to install that on your computer, right? Same thing here.

Also, you can change the "root trust key". It is not set in stone.

 

 

9 hours ago, AresKrieger said:

Well they aren't asking apple to decrypt the phone they want apple to use an update to block the 10 guess memory wipe functionality, which they have the ability to do very easily, I honestly see no problem with this particular ruling since the owner was guilty and is dead, so long as they don't force a backdoor or circumnavigate the 4th amendment I don't have an issue with it.

You are making a few assumptions here.

1) That it is easy to do. We don't know that.

2) That they won't force a backdoor. Rulings like these are used in future cases. It might be a guilty terrorist this time, but if a lesser crime comes up next week then that ruling would partially be based on this ruling. If we give FBI the power to disable security features for this known terrorist, we will also give them the power to do it on people who are merely suspected to have done (or plan to do) crimes, even if they are innocent.

 

This is not about protecting a known terrorist, and this case might not even be about getting access to a terrorist's phone. It is about whether or not the FBI should have the power to disable security features oh iPhones. If we let them do it this time, we will also let them do it in future cases, where the circumstances might be completely different.

 

 

 

8 hours ago, Roawoao said:

I don't think saying fuck the government is the default answer and Apple is totally right. 

 

Apple's system on the iPhone 5c in question only has what amounts to a salted user supplied password protecting the FDE key. Dumping the flash memory is one way to allow brute forcing bypassing the OS protections. A device ID specific modified OS is also possible (not a very nice smelling idea of course) but technically speaking it is impossible for hackers or other actors to abuse without having Apple's private signing keys. (It would ruin the obviously not true, extremely good security apple advertises but that is just marketing not reality)

 

The pin in question is only a 4-6 digit numeric plus the UID salt so not very hard to brute force vs a strong all char password with salt. So it can be done.

 

This would obviously only apply to this one phone it wouldn't even work if someone had the same pin code because of the UID salt. (Good password storage practice)

You know, you don't have to use every single cryptography related term you know of when you make a post.

 

The password might not just be 4-6 digits. iOS allows you to set custom numeric or alphabetic passwords. I don't know the limit, but it is very possible that the password to the phone is a long sequence of numbers and letters.

 

Salt does not have anything to do with this by the way, if it is a PIN lock. Salt only protects against dictionary attacks. It does not offer any extra security if brute force is used (since the same salt will be used for each brute force attempt).

[Roawoao]

20 minutes ago, LAwLz said:

They would not have to get Apple's private key. They would just need the modified OS, and if they followed FBI's order then the FBI would get access to it, and be able to install it on any phone they took possession of. Windows is signed but you don't have to get Microsoft's private key to be able to install that on your computer, right? Same thing here.

Also, you can change the "root trust key". It is not set in stone.

 

You are making a few assumptions here.

1) That it is easy to do. We don't know that.

2) That they won't force a backdoor. Rulings like these are used in future cases. It might be a guilty terrorist this time, but if a lesser crime comes up next week then that ruling would partially be based on this ruling. If we give FBI the power to disable security features for this known terrorist, we will also give them the power to do it on people who are merely suspected to have done (or plan to do) crimes, even if they are innocent.

 

This is not about protecting a known terrorist, and this case might not even be about getting access to a terrorist's phone. It is about whether or not the FBI should have the power to disable security features oh iPhones. If we let them do it this time, we will also let them do it in future cases, where the circumstances might be completely different.

 

 

 

You know, you don't have to use every single cryptography related term you know of when you make a post.

 

The password might not just be 4-6 digits. iOS allows you to set custom numeric or alphabetic passwords. I don't know the limit, but it is very possible that the password to the phone is a long sequence of numbers and letters.

 

Salt does not have anything to do with this by the way, if it is a PIN lock. Salt only protects against dictionary attacks. It does not offer any extra security if brute force is used (since the same salt will be used for each brute force attempt).

Wrong on the can change root trust key, if you could then it would be ultra-insecure and anyone could bypass the entire hardware stack.

" When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load."

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

 

You cannot install or even update the os or update the boot system without apple's signing authority. This is immutable. The only way around it is to compromise the private keys used to sign the software and at that point your totally screwed anyway in terms of security.

 

Now that this is out of the way you do realize when the iPhone is set to pin code mode the interface only allows for numbers to be entered to make things easier to use.

 

Salt protects against rainbow table attacks not dictionary attacks, two different things and wrong again. It offers extra security if for some reason somehow got a hold of thousands of device backups they can't use a precomputed table to just instantly try all possible pin codes they will have to use a dictionary and the UID salt to compute the guess every time. (Good security practice)

 

Also a dictionary attack is a form of a brute force attack which instead of just trying all characters you try common ones. A rainbow table attack is not a brute force calculation attack but a lookup table that basically works instantly due to the memory time trade off taken by precomputing the keys. Salts protect against this type of attack and force you to use a brute force attack which is a very good thing.

 

Edit: Basically while it would be legally bad for apple to make a backdoor OS there is strong encryption that prevents other actors from abusing such a special device specific version so it wouldn't actually open some pandora's box of technical weakness. The solution would be to use the entire encrypted user volume and device IDs to create a unique cryptographic hash that would tie the special OS version to the specific device. If a hacker wanted to alter this check they would need to re-sign using Apple's private keys which if they have those then they don't even need the backdoor OS update they can just do all manner of even worse things from a security perspective. This in itself is doubly moot because the user volume is only protected by the user pin code and device ID as the salt and guessing the pin code would be trivial as there is no secure element to prevent a direct flash dump without a backdoor OS update. 

 

[LAwLz]

1 hour ago, Roawoao said:

Wrong on the can change root trust key, if you could then it would be ultra-insecure and anyone could bypass the entire hardware stack.

-snip-

Oops sorry, didn't know Apple designed it that way. For root certificates which aren't stored in ROM, you can change them though. I did it last night with the Fiddler root certificate, and when Dell was caught having their own root cert on their laptops they released a program to automatically remove it.

Apple's root cert is not changeable because it is saved in ROM, not because it is a root cert.

 

1 hour ago, Roawoao said:

You cannot install or even update the os or update the boot system without apple's signing authority. This is immutable. The only way around it is to compromise the private keys used to sign the software and at that point your totally screwed anyway in terms of security.

Except you know, Apple would need to sign the weakened iOS version. Once the FBI got the signed version they can install it on any phone they get. Apple only signs an iOS version once, and then it gets pushed out to all iPhones. They are not individually signed to only work on a specific phone. It's like with Windows. If both you and I downloaded the Windows 10 ISO right now, we would both end up with the exact same file, both of them would be signed, and both of them would be install-able on our computers. Neither you nor I would need access to Microsoft's private key, the ISO would be identical, and it would install without any issues on both of our machines, right?

 

1 hour ago, Roawoao said:

Now that this is out of the way you do realize when the iPhone is set to pin code mode the interface only allows for numbers to be entered to make things easier to use.

Yes, and? We don't know if it was set to just a 4-6 PIN or a password. You're just making that assumption.

 

1 hour ago, Roawoao said:

Salt protects against rainbow table attacks not dictionary attacks, two different things and wrong again. It offers extra security if for some reason somehow got a hold of thousands of device backups they can't use a precomputed table to just instantly try all possible pin codes they will have to use a dictionary and the UID salt to compute the guess every time. (Good security practice)

Yeah sorry, I meant rainbow table attacks. It still does not protect against brute force attacks though, so I don't understand why you even brought it up.

Since you like being pedantic, you would only need a single device to build a rainbow table, but if it really only is a 4-6 PIN then it's barely even worth bothering with. You could crack that in seconds anyway.

 

1 hour ago, Roawoao said:

Edit: Basically while it would be legally bad for apple to make a backdoor OS there is strong encryption that prevents other actors from abusing such a special device specific version so it wouldn't actually open some pandora's box of technical weakness. The solution would be to use the entire encrypted user volume and device IDs to create a unique cryptographic hash that would tie the special OS version to the specific device. If a hacker wanted to alter this check they would need to re-sign using Apple's private keys which if they have those then they don't even need the backdoor OS update they can just do all manner of even worse things from a security perspective. This in itself is doubly moot because the user volume is only protected by the user pin code and device ID as the salt and guessing the pin code would be trivial as there is no secure element to prevent a direct flash dump without a backdoor OS update. 

That's making the assumption that creating a device unique iOS version would be possible, and not easily modified to remove that check. Jailbreaking bypasses validity checks all the time (without Apple's private key). I don't see any reason to assume that Apple could make a bullet proof system this time when they haven't been able to in the past.

 

 

Edit:
It might not be a "the world is going under tomorrow!"-tier idea, but it does introduce the possibility for attacks in the future. On top of that there are all the other aspects of it, like the possibility that if Apple has to do it now they might be forced to do it more times in the future, in far less obvious cases.

[XDroidie626]

On 17/02/2016 at 3:31 AM, Weak1ings said:

I think as a gesture of good will, Apple should unlock the killers phone.

Youve missed the point entirely, sure they would love to I believe, but 1 they personally cannot do it due to tampering and 2 if they release a tool that can break the encryption it will put every iPhone at risk.

So no they shouldn't FBI should break it them selfs if they want the information.

[Roawoao]

3 hours ago, LAwLz said:

Oops sorry, didn't know Apple designed it that way. For root certificates which aren't stored in ROM, you can change them though. I did it last night with the Fiddler root certificate, and when Dell was caught having their own root cert on their laptops they released a program to automatically remove it.

Apple's root cert is not changeable because it is saved in ROM, not because it is a root cert.

 

Except you know, Apple would need to sign the weakened iOS version. Once the FBI got the signed version they can install it on any phone they get. Apple only signs an iOS version once, and then it gets pushed out to all iPhones. They are not individually signed to only work on a specific phone. It's like with Windows. If both you and I downloaded the Windows 10 ISO right now, we would both end up with the exact same file, both of them would be signed, and both of them would be install-able on our computers. Neither you nor I would need access to Microsoft's private key, the ISO would be identical, and it would install without any issues on both of our machines, right?

 

Yes, and? We don't know if it was set to just a 4-6 PIN or a password. You're just making that assumption.

 

Yeah sorry, I meant rainbow table attacks. It still does not protect against brute force attacks though, so I don't understand why you even brought it up.

Since you like being pedantic, you would only need a single device to build a rainbow table, but if it really only is a 4-6 PIN then it's barely even worth bothering with. You could crack that in seconds anyway.

 

That's making the assumption that creating a device unique iOS version would be possible, and not easily modified to remove that check. Jailbreaking bypasses validity checks all the time (without Apple's private key). I don't see any reason to assume that Apple could make a bullet proof system this time when they haven't been able to in the past.

 

 

Edit:
It might not be a "the world is going under tomorrow!"-tier idea, but it does introduce the possibility for attacks in the future. On top of that there are all the other aspects of it, like the possibility that if Apple has to do it now they might be forced to do it more times in the future, in far less obvious cases.

 

I did say its the root hardware trust certificate not your typical root certificate. I don't think you really understand how public private key exchange works if Apple signs a special version which has a coded hash built into that only matches the phone in the court order (hash of the encrypted data + device specific IDs) then if the FBI wanted to use it on another phone they would have to first alter the hash check in the modified OS image and then re-sign it which requires Apple's private keys and something Apple would obviously say you lack the court order to update that.

 

We are talking about making a custom OS to only work on one specific phone and this is trivial with the existence of something called a cryptographic hash which would be used to generate a currently impossible break unique signature that only the phone in the court order would match. (Apple just computes this and literally just hard codes it into the special version, anyone wanting to change it needs to sign it again with Apple's private keys) Again the core issue is that if someone can use Apple's private key signing authority the entire ecosystem is already insecure as you can do things like install apps silently, push out hotfixes, remotely delete apps, update anything even things like the secure boot/secure enclave (that doesn't exist in the phone)/... basically losing the private key would be far more catastrophic but is required for someone to abuse a special version.

 

The probability that the non-touch ID equipped phone has a strong alphanumeric/all chars password is basically 0%. (Imagine how hard it would be to unlock the phone in regular use if you had to enter a strong long all char password). This is why apple introduced touchID so you could use a strong password you only need to enter on the boot time.

 

There is no point in generating a rainbow table attack against a single device because it won't work on any other device so there is no point in precomputing it first that just wastes time. Which is the whole point of password salting (wasting an attackers time). People say the salt makes it impossible to crack because it is unique to the device when they misunderstand that it isn't meant to stop a brute force attack as you say. That is why I'm making it clear and even you misunderstand in a different way by mixing up all the terminology.

 

Creating a device specific iOS version is possible it is trivial to add a check that is hard coded to the image. Again the public private trust model requires any change to be signed by apple for it to work on another device. Jailbreaking bypasses Apple's security model via security vulnerabilities it does not allow you to completely replace the bootloader, secure region firmware, and so on and so forth, many side effects occur now if you tried to jailbreak your phone of which include a total loss of security. Cryptography makes their OS system much more secure and it seems like you have a fundamental misunderstanding about what a hard coded public root certificate would allow Apple to do with respect to a custom OS tied to one phone's composite hash.

 

Again it does not introduce the possibility for attacks in the future because the attack would require Apple's private signing keys first which is already a nuclear security fail if that occurs. Legally speaking I'm sure bad times are ahead but on a purely technical front Apple is lying by saying it would weaken all users security when it only would if Apple lost their private keys which would not just weaken it would annihilate all semblance of security.

 

 

[RedRound2]

So apparently Department of Justice has ordered apple to help fbi and they have three days to respond

Source: http://9to5mac.com/2016/02/19/department-of-justice-files-motion-to-force-apple-to-comply-with-fbi-iphone-backdoor-request/

 

This is going to get ugly, real fast

[Roawoao]

9 hours ago, XDroidie626 said:

Youve missed the point entirely, sure they would love to I believe, but 1 they personally cannot do it due to tampering and 2 if they release a tool that can break the encryption it will put every iPhone at risk.

So no they shouldn't FBI should break it them selfs if they want the information.

Apple signs the custom OS version modifying to use on another single device would require that same signing authority. It isn't a tool either it is just a edited version of the software that runs on the phone and if you use a strong password your safe. The FBI isn't asking for the phone to be decrypted just the UI software OS level actions to be removed such as the password retry count to auto-wipe and ux delays that are on top of the hardware delays. Since there is no secure element these are trivially bypassed in software.

 

So while it is legally bad news technically speaking it is easy to achieve and would not easily be re-purposed to any other phone without more court orders. Ultimately if Apple's signing authority was compromised then you don't need any special OS version that messes with the lock screen you can just delete the lock screen entirely and sign that version and push it out to all phones if you use a time delay to sync up the actual effect you could decrypt, unlock, disable, compromise virtually all Apple devices in one instant (Assuming you have the private hardware root signing keys which are much more important than anything else). 

 

5 hours ago, RedRound2 said:

So apparently Department of Justice has ordered apple to help fbi and they have three days to respond

Source: http://9to5mac.com/2016/02/19/department-of-justice-files-motion-to-force-apple-to-comply-with-fbi-iphone-backdoor-request/

 

This is going to get ugly, real fast

Oh wow the DoJ wording is so icy burn tastic.

 

"It said that Apple’s refusal to help unlock the phone for the F.B.I. “appears to be based on its concern for its business model and public brand marketing strategy,” rather than a legal rationale." 

 

So there you have it the courts don't care if they ruin Apple's PR message about super great security (Which is more of decent security, so-so on older models). Apple really hasn't come up with any technical/legal roadblocks to counter the order.

[Stuff_]

Looks like Apple is going to be forced to do this or face some severe consequences. And people wonder why Apple seems to hate the US. 

[Roawoao]

18 minutes ago, Stuff_ said:

Looks like Apple is going to be forced to do this or face some severe consequences. And people wonder why Apple seems to hate the US. 

I wonder what the US government will do if Apple stonewalls them even if the supreme court orders them to comply or worse declines to hear them out (leaving the lower court's decision standing). The extent and range of remedies that the US government + courts can seek are almost endless.

 

Its PR fireworks and popcorn time. 

[SImoHayha]

How about you just unlock this phone for the FBI and don't give them the way to unlock it ?

 

* Mindblown* 

 

 

[Stuff_]

2 minutes ago, Roawoao said:

I wonder what the US government will do if Apple stonewalls them even if the supreme court orders them to comply or worse declines to hear them out (leaving the lower court's decision standing). The extent and range of remedies that the US government + courts can seek are almost endless.

 

Its PR fireworks and popcorn time. 

Yeah I feel like it's going to get a bit messy.

And worse for Apple will be, if this is done, and the terrorist didn't use his phone for any good information (it this really the FIRST terrorist's phone that has been recovered after an attack), then Apple doubly loses.

Forced to so this, plus forced to spend money that won't be compensated for absolutely nothing. 

 

[iamdarkyoshi]

Send the damn thing to apple already and have them do their magic