By now you’ve doubtless heard that the FBI has broken the encryption on Syed Farook — the suicide terrorist who killed fourteen and then himself in San Bernardino. Consequently, they won’t be requiring Apple’s (compelled) services any more.
A number of people have written in and asked what we knew about the hack, and the frank answer is “not a heck of a lot”. And it’s not just us, because the FBI has classified the technique. What we do know is that they paid Cellebrite, an Israeli security firm, at least $218,004.85 to get the job done for them. Why would we want to know more? Because, broadly, it matters a lot if it was a hardware attack or a software attack.
Software or Hardware?
If the attack was hardware, it may not be such a big deal. The iPhones supposedly prevent a brute-force (guessing) attack against the password by wiping memory or delaying after a fixed number of wrong guesses. The basic idea behind a possible hardware attack is to dump the memory from an NAND flash chip on board, try a few passwords, and then re-flash the memory to the initial state before tripping the security. Another possibility, if there’s a timeout on password guesses, is to associate the phone with a fake cell tower, and push new times to the phone every time they get locked out. Delays are meaningless if you can arbitrarily set the time on the phone.
The hardware attacks, if these are they, aren’t a big deal because they require physical control of the phone, potentially for a long time. This isn’t something that a criminal gang is going to use to steal your bank account data, but something that governments can do in limited situations, legally, and with warrants. In contrast, an unknown flaw in the OS’s security model could be remotely exploitable, and would likely work on any phone in a lot shorter time. If the flaw became known to criminal gangs before Apple, millions of Americans with iPhones will be at risk.
Responsible Disclosure?
If the FBI is sitting on an OS flaw, and it is one that’s in principle exploitable by criminals, they owe it to their constituency — US citizens — to disclose that information to Apple so that it can get fixed. But because the FBI has classified the hack, they’re not going to be compelled to tell anyone how they did it.
It’s certainly the case that if we had hacked this phone, we’d be subject to charges under the DMCA or worse. And we’d certainly be under a moral, if not legal, obligation to inform Apple so that they could fix things. We hope that this means that the crack was hardware based. It’s worth mentioning that what the FBI was demanding from Apple was a software attack — this may be further evidence that they don’t have one.
More Legal Battles Ahead
So the Farook case is over, which means we can all rest assured that our phones are safe, right? (Or at least they’re safe from anyone who hasn’t hired Cellebrite.) After all, the FBI director publicly stated that this was just about unlocking only a single (terrorist’s) phone, and not about setting a precedent, so they’ll stop trying to force firms to break their own encryption, right?
We don’t believe that for a second. The Farook case was intended to capitalize on the public’s fear of terrorism to force Apple to play along and take actions that harm all of their customers. The FBI will be trying to establish precedent to compel decryption again, and will try until they find a judge to agree with them.
Sounds like a conspiracy theory? Don’t listen to some crackpot writer for a niche tech website. Richard Clarke, former national security advisor and head of counter terrorism weighed in on the subject:
“[The FBI] is not as interested in solving the problem as they are in getting a legal precedent,” Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”
“The FBI director is exaggerating the need for this, trying to build it up as an emotional case … It’s Jim Comey. And the Attorney General is letting him get away with it.”
What Clarke said is consistent with our crackpot conspiracy theories. The FBI has been systematically trying to compel firms to backdoor their own encryption. If they were interested in just one phone, they’d pay an Israeli security firm $200,000 to get the job done. (We have no inside information about if or why the NSA wouldn’t play along.)
The FBI has been after Apple since they announced that they were expanding encryption coverage. Read this headline from December 2014. Does that sound familiar? It’s exactly the same legal argument they used in the Farook case. Only the FBI got shut down instead of hiring an outside hacking firm. That didn’t stop the FBI from telling Apple employees that they would be killing children by enabling encryption on their phones.
You don’t need to look very far into the future to find the FBI’s next test case, either. Indeed, there are currently at least a dozen open cases at the moment, all justified under the All Writs Act. It’s hard to believe Director Comey’s argument that Farook was about a single phone.
(As we were writing this article, the Justice Department essentially declared victory in Farook, and now seems to say that it will use the Farook result as precedent. That was fast!)
Which Side Are They On?
There is a real problem at both the NSA and the FBI at the moment. They’re tasked with getting information on potential terrorists and prosecuting crimes, while at the same time protecting American citizens’ data and property. In particular, the NSA helps develop civilian cryptography, and the FBI is responsible for interstate Internet fraud. In cases like this, the same agencies have both an interest in the public’s benefit from strong encryption but also the desire to decrypt individual’s phones as evidence. They’re required to be schizophrenic. One can only hope that they’re balancing the conflicting demands appropriately.
If the Farook case has shown us anything, it’s that the FBI is behaving as if they value their offensive mandate more heavily than their defensive one — even though it weakens the security of US citizens with legitimate interests in keeping their confidential information safe.
The FBI testified that only Apple could unlock the phone while seeking an outside firm to unlock the phone. Indeed, it was cracked just over a month after this testimony. They picked an emotionally charged case and touted it heavily in the public press, something that they don’t do with their other cases — most notably those where the judges decide against their interpretation of the All Writs Act. They’re asking for a software-based attack, which is something with far-reaching consequences (and dangers if it falls into the wrong hands). And finally, they’ve relied on misleading and hyperbolic testimony to push the issue. In short, they’re playing dirty pool and stretching the truth, which is what one expects of the prosecution.
This would be uncontroversial if they’re weren’t also tasked with protecting the interests of American citizens.
My first question is this. Did they really hack the phone?
I would venture “yes” based on the fact that they dropped the case against Apple.
Maybe. I think it’s probable that they dropped the case because public opinion was leaning heavily against them and if they lost the case that would have set the exact opposite precedent than what they wanted.
If the FBI had continued the lawsuit Apple could have pursued legal motions to have them disclose the exploit that they use to crack the phone
I think they’ve had the capability all along. Remember the Carnivore network traffic and email monitoring program?
I believe, also, that they probably knew of a way to get into it using the methods suggested in the article but then just used the opportunity to try and force a backdoor into the software to make it easier (and cheaper) for them to do on a regular basis. All a big game.
Ooh, that’s a good conspiracy!
Sadly, I think the answer is probably yes, because they absolutely _did_ pay Cellebrite $200k. It would be a shame to get nothing but a coverup for their money.
Keep in mind Rizwan took care to software wipe and then smash with a hammer his personal cell phone a day before his attack, which are the actions of someone wanting to prevent data recovery.
This case is about Rizwans work phone, which he didn’t even change from PIN to password, wipe, try to destroy, and in fact left the phone at work on his desk before he went out and did his attack, which are the actions of someone who knows nothing incriminating was on that work phone and didn’t care.
He probably also assumed his work phone was controlled via MDM and would be unlockable by his boss in <10 seconds.
It's a bit mind boggling a government department didn't use MDM at all, though not too surprising. Their windows PCs are all standalone too and not joined to a domain to be managed centrally, so it fits with their consistent "doing things wrong" style.
The FBI also had the work phones phone call records, text message contents, contact list, and voicemail contents (thanks AT&T!) plus its entire iCloud backup (because Apple does comply with actual legal court orders)
The FBI knew damn well nothing was on this phone before they started.
Not to mention the FBIs entire past 20 year history of trying and succeeding in many cases to force vendors to install backdoors, like Cisco Oracle and Microsoft.
If you look at that as a modus operandi, it would be consistent for the FBI to be using this as an excuse to get Apple to install a backdoor for them too, and be completely inconsistent regarding obtaining data which they (at least the NSA) have always had and currently have the ability to do.
They had all the data they were going to get long before the Apple lawsuit started and they knew it.
There is no reason at all to believe they unlocked the phone without proof, and not much reason to believe they paid an outside company to get anything in return.
Note I'm not claiming they didn't actually pay that company, I just only have reason to believe they did not hack the phone and won't believe they did hack it without proof – which is apparently now classified. riiight…
Over the past 100+ years very little the FBI has stated has been shown to be true, and very much has shown to be lies where the truth is the exact opposite of their claims.
Saying the FBI is telling the truth is a very extraordinary claim requiring equally extraordinary proof.
For those of us less well versed in phone hacking, could you elaborate?
What ive heard/read in several places is that this company is very skilled at these sort of things, and they have this ‘magical hardware box’ where you can hook up 2 phones, one locked, one stock, and then copy over all data from the locked phone to the stock. No clue how that works in detail (one would assume the data is encrypted, but apparently only the access to it is encrypted or something)
The company in question sells hardware for (among other things) simplifying merging a company between different devices (like blackberry-os to android or windows phone to ios) and ive seen a guy explain that the thing offered the above option (for dealing with locked devices) if you take that optional ‘module’, he went on to explain they had the company do that one time in house with an iphone5 (apparently the module is incredibly pricey) the phone the fbi wanted access too is a iphone5s or something, so (provided that what that guy posted is true) like 99% chance thats how they went about things, apparently they can also do the hardware hack people have been discussing (read out and reconstruct the data) but its not really needed in most cases.
Oh and the FBI is apparently stating they will help solve a murder case involving an iphone6 and ipod, so my guess is they actually bought the same ‘magical hardware box’ with said module.
Source of the ‘magical box’ story, in dutch though:
http://tweakers.net/nieuws/109601/israelisch-bedrijf-cellebrite-helpt-fbi-bij-toegang-tot-iphone.html#r_8362119
Very nice article, thanks for summing it.
Nice article, thank you…
@Wayne – good question, sir…
we will never know if they did break into the phone in question or not.
given the fact that the 3 letter agencies lie, cheat and steal on an hourly basis – to feed their child-like demands for the eventual panopticon, we can’t ever know the truth in this case.
all we know is that our ‘leaders’ have sold us out and are on their own personal power trips, the rest of the world be damned. this is what I take-away from this situation. the TLA’s word is worthless, these days, but we can see what their world views are like and what makes THEM tick.
its also clear that we have to constantly keep fighting for our privacy and personal freedoms and those in authority will never want to make peace with the concept of individual rights. they are ‘sure’ they are right and the rest of the world can go to hell for all they care. they are on a religious-like mission and no one can change their minds ;(
I really want to call this male cow fæces, and flame you with strong arguments. Just imagine what kind of a world we would live in if we couldn’t trust our elected authorities and their agents. But sadly I think you are right.
TLAs are under governmental “control”, and we still have the right to vote. But what politician would get elected on “weakening intelligence”. As long as the dichotomy is personal freedom vs. safety from terrorism, the outlook is dire.
Wow, what world do you live in? It sounds nice there.
Depends on what color pill I take.
I assume Cellebrite will come out with a new Iphone cracker if they did crack it due to they will generate so much revenure and beat oxygen and various other cellphone forensic firms
Most likely they didn’t crack the phone in a conventional way, this probably required serious hacking. Many people speculated that they did a hardware hack. I believe this is probably true. It basically means your phone is safe from this attack if you have possession of it. They had to open up the phone and directly attack the circuit board, which was probably something that requires great skill and an expensive tool set.
I agree that a bluff is very possible. Its a win-win for them. They will never declassify, they’ll look good for “solving” it, plus they make it look like an iPhone can be hacked a sting Apple for taking it to court.
Noone will be talking about this in 2 weeks.
“we will never know if they did break into the phone in question or not.”
We might know one day, maybe, though I’m not holding my breath.
For sure they’ll keep shut up or very scarce on details for years to come. The point is that those agencies don’t just want to hide what they can do, but more importantly what they cannot do.
Today I read about a case where the FBI took over a chidporn tor site, then ran it for 2 weeks (WTF?) and then arrested all visitors, then one defendant wanted to check how they got the IP’s of those tor users to see if it was legal, so the judge approved and ordered the FBI to hand over that info, and the FBI blatantly refuses saying ‘if someone got through the door and found evidence it does not matter how but just what they found inside’, Double WTF.. that part of the freaking constitution, doesn’t’ matter? What the hell? Shows you how the FBI thinks, like a untouchable above the law clandestine group who can do ANYTHING they want and ignore any law.
You can find an informative text obut it on the Reg http://m.theregister.co.uk/2016/03/29/fbi_tor/
You called it. The FBI has an “offensive mandate”.
More like, Executive agencies are allowed to make the requests they want to ( There was never anything illegal about this request ), thanks to so called “Follow that Car!” laws. Whether or not anyone has to comply is up to the Judiciary. If you want this type of behavior made illegal – reach out to the Legislature.
The FBI has done many atrocious things in its history. However, this? This hardly compares to harassing civil rights leaders or framing politicians. The FBI thought they had the public support and they didn’t. Simple as that. Not everything has to be a conspiracy.
My guess is they leaned on apple and they did it, but publically
Not admitting it. Contrary to what people may think once the search order was served, or in this case post mortemly, apple had no choice but to comply. It would have ended with a congressional hearing where Apple would have had no leg to stand on.
apple has more money than god, being the richest company in the world. its not at all clear that the US would have done that court case. in fact, most people believe apple would have won and THIS is the reason the gov is backing out with its tail between its legs, acting like it won when it really just decided to bail on this one battle.
I don’t believe a thing the cheerleaders (I mean, ‘news’ orgs) say at this point. they stopped challenging the government and are their lapdogs. we don’t have any real free press fighting against the infowars that the US is putting out.
my guess is that there was no hack and the phone is still sitting there. of course, it was never about this one phone and we all agree on that much, at least.
the ‘war on terror’ is a joke; but the war on freedom by OUR OWN LEADERS is very very real and this is where we need to put our energy. our leaders have gone to the dark side, ironically, in their self-absorbed power struggle to control every minute aspect of our lives. in a way, the religious terrorists are NOT VERY DIFFERENT, deep down, than our leaders, if you think about it. both want what they want, are not willing to listen to reason and will stop at nothing to get what they BELIEVE is their god-given rights. think about it and you’ll see many scary parallels, here.
+1
Absolutely
It is especially true in USA where they think that the nation is protected and favorited by God (the christian one). Look at Georges W. Bush… I mean come on, only in USA people can trust what he said about being approved by God for the second Iraki war.
Except GWB’s god was/is the almighty dollar. And there were A LOT of dollars made by him and his ilk on the side bet that was the Iraq war. I don’t think the whole OBL thing as a ruse, but it sure was convenient. Now we have yet another war, like the war on drugs that cannot be “won” by the means at which they are fighting it, but it sure as hell makes a lot of $$$ if you are in the right business, and therefore it has to be sustained to keep that cash cow paying out.
Suggested reading: “The Ominous Parallels” by Leonard Peikoff.
They got the data off the chip(s), but I still haven’t seen anywhere where they say they’ve actually decrypted it? I think that’s all they’ve done (so far) — Extracted the encrypted data out of the phone and loaded it into another environment. One where they can do their planned brute force attacks, except without the password slow downs, lockouts and possible erasures they were asking Apple to remove from the custom iOS they requested. They haven’t actually “broken the encryption”, as brute forcing a password is not “breaking” the encryption, instead it’s more akin to using a password you found on a post-it note (in a pile of a million post-its ;) )
That was my first thought of what the FBI could do however the encryption is tied to a specific piece of hardware in the device. It is responsible for the randomness of the key.
Now my thought on the matter was to just clone the device and then do the n number of tries before the phone wipes and then restore from the clone and repeat. However this could take a long time depending on the password used. If it was a simple screen “connect the dots” that shouldn’t be that hard. A few years ago I was talking to somebody who thought his phone was secure because of that but I “hacked” (lol) his phone using 2 methods, the streaks left by his finger and a quick notice of how/where his pattern started and ended. He was shocked I was able to break such a perfect lock screen.
if you can emulate the iphone and then load up the image from the flash chips, you could in theory clone the phone a million times, stick it on a server cluster an brute force a certain password range on every core. when the virtual phone locks up, delete and load a new copy.
The main problem is that there is the requirement for the hardware, not only the software. There is something in the encryption that is specifically looking for the hardware and it is the main reason that Apple was always stating that they would have to create a special iOS to facilitate this warrant.
I am not going to say the hardware couldn’t be emulated in software, I don’t know exactly what it is looking for, but without the hardware on the device, it would be much more difficult.
The hardware limitations actually only apply to later versions of the iPhone. Chip off forensic solutions on iPhone 5 have been around for a while – they just run enormous risks of data loss if you screw anything up.
Search youtube for video “Jacob Applebaum: To Protect And Infect, Part 2”, and skip to 45 minutes to see a catch. NSA claims they will always succeed in their attempts to infect iOS. So they have permanent backdoor for decrypting iPhones, the rest is just play for media.
Apple is US company – NSA issue a secret FISA court order, backdroor in place. Spy agencies ask, FISA never says no, it happens.
True. Everything was done away from the public eye. Just continue with bread and circuses, to keep the plebs happy.
> but something that governments can do in limited situations, legally, and with warrants.
… and illegally without warrants if they want to.
There is probably no known case of such illegal activities every occurring.
Yes, my issue here is how these law enforcement “tools” are safe guarded against misuse. My go-to analogy on this one is Snowden’s access to data collection tools and databases. If he had access and sacrificed life as he knew it to disclose this publicly, how many other people were dipping into that data set for their own personal gain (or entertainment, etc.).
I do think this is preaching to the choir. Almost everyone will admit there is potential for abuse when it comes to circumventing data protection. That’s one of the reasons that the DMCA passed in the first place.
Previous comment directed at rewolff.
Why is there no way to edit comments?
because no one at hackaday knows how to edit wordpress and write custom code
USIS ( Snowdens employer ) was created to mine through endless amounts of consumer data and come up with trends. It was a former government think tank spun off by the Reagan Administration.
Nothing really dark or in the shadows about it.
You didn’t pay much attention to the Snowden case, did you?
>”even though it weakens the security of US citizens with legitimate interests in keeping their confidential information safe.”
It also undermines non-us citizens security. On another perspective, they’re trying to get device manufacturers to create backdoors for easier espionage abroad.
One of the most annoying things about this is the short-sightedness of thinking that a hack stops at US borders. I mean… I know the FBI is tasked only to uphold security of the USA and everyone else be damned. But many US citizens do actually care if e.g. China or North Korea uses those same backdoors to bolster their executions of dissidents.
It undermines everyone’s security, but the FBI’s job stops with protecting US citizens/interests. I know it sucks…
USA: World Police
(If you’re American)
Frankly this is the moral issue the rest of the world has with America, and is facing with China. We suckle at the Economic teat, but then implicitly condone the laws and actions of those states and how they enforce them.
There is, of course, no answer for the citizens of other counties except to enter into debate with the citizens of those countries and ask them kindly to stop treating the rest of us like three-fifths of a person
What gets me is why did PHOEBE (aka FBI) wait this long to play the CELLEBRITE card? Every IC member knows about their new data extraction gadget which is kinda’ sorta’ “otherworldly” in how it operates – since 2007. Just read the Wikipedia page about it. It appears Richard Clarke (my personal hero) was right. FBI could have just dropped the phone off at Fort Meade (NSA) and they would have cracked it and returned it by end of day. But US alphabet-soup TURF WARS raises it’s ugly head again. Evidently the crack is a no-brainer for some, but leave it to PHOEBE to re-invent the cyber-wheel.
And why is CELLEBRITE charging so much to just plug their gadget in and press a few buttons? I’m sure Jim Comey (FBI-DIR) knows CELLEBRITE has a vested interest into anti-terrorism being who they really are and their CEO’s personal backgrounds. If Comey really wanted a freebie on this one he could have gone to the guys over in Langley VA and the resident office of the Israeli alphabet soup could have just called in a few favors to the CEOs. But turf wars prevent that. If FBI was smart they should spend that money on buying the gadget the way Michigan State Police did. With it no cellphone or tablet is safe from snooping.
Apple just dodge a bullet as they say.
This is the device used by CELLEBRITE to do the data extraction and decryption:
https://www.youtube.com/watch?v=qaeiBHPbJ-I
The FBI could have just purchased their own UFED from Cellebrite and did it themselves. Why they paid them $200K+ is a mystery to me! UFED means Universal Forensic Extraction Device. You can get a used one from $299 to $699 on EBAY. How much could it be new suggested retail???
Here is a UFED (Universal Forensic Extraction Device) that broke the Apple iPhone for FBI:
http://i.ebayimg.com/00/s/MTAwMFg3NTA=/z/mpwAAOSwr7ZW4al9/$_57.JPG?set_id=880000500F
Maybe they are getting their advice from WALTER O’BRIEN? Mr. Scorpion? I hope not!!!
Apropos of nothing: Lady Justice is looking mighty hot in this article…
I noticed that too. I don’t typically think of Justice as being nubile or perky
They are constantly dragging her through the mud, so she had to take a shower.
Except for the fists which look like Marv’s from Sin City.
Well AT&T could lend their (dirty_hands) help here and volunteer their TV spokeswoman Milana Vayntrub as the model for Lady Justice.
Here she is:
http://www.celebjihad.com/celeb-jihad/images/milana_att.jpg
Whatever you do do NOT type Milana Vayntrub Nude in Google Images!!! D’oh! You did anyway… shame on you! (LOL)
BTW – Milana speaks fluent Russian as she is from Uzbekistan…
My main gripe is how poorly this has been reported even by relatively reputable news organizations like the BBC. If they had said what was said above, people would be much better informed. In addition, Apple seems to have done a terrible job of explaining their position. The motivation oif the FBI was clearly not just to hack one phone. I would be stunned if they couldn’t do that. The question is whether they just want their job made easy or whether there is something more nefarious going on. I hope not.
Apple has been very diplomatic in explaining their side. There are a number of times where they could have called a spade a spade (and Comey a perjurer). But this is a long game, and they know it. They’re going to have to get along with the US gov’t for many years to come, and they’ve got their own favors to ask for.
I’m surprised, and heartened, that they pushed it as far as they did. It could have been worse.
Is telling outright lies being diplomatic? Apple lied when they said they could be forced to do it by other governments if the did it for the FBI. This is a lie because they still could be forced to do it by China for example, simply because China know they can do it, and that has nothing to do with the FBI because it was Apple who made it known that it was technically possible.
now that it is know that it can be done one way or another.
Every hacker will try and one day it will be in hackaday saying how they did it.
Now the real race begins….
Have fun guys.
During a typical search and seizure, should the government be allowed to open one’s wallet?
“We don’t believe that for a second.”
And who exactly is “we”?
“We” in this case is actually just me. It’s our style — although I could have gone “I” in this one, I think.
I’m not shocked, however, if many of the other HaD’ers who followed the story reached similar conclusions.
I have always wondered about why we don’t hear about the NSA in regard to this. This is their business, they have more know-how and resources than anyone in this area. Clearly the FBI-Apple media blitz is all about propaganda and leverage to further some other agenda or gain precedent. Do I believe it is an issue of agency turf wars? Maybe, but if so then why is the FBI so gentlemanly not to be mentioning the NSA lack of cooperation in the media. I think only 10 percent of what we know about this case has any relation to the truth.
It’s so absurdly difficult for someone at the FBI to get help from someone at NSA that it’s almost laughable. It’s easier to share intelligence with a partner in the UK than someone a few DC suburbs away.
This. Plus if the NSA _does_ have an 0-day on iOS, they’re not going to burn it on the FBI’s behalf. Especially not to gain information about a dead terrorist. They’ll save it for someone important, or for where there’s not so much public scrutiny and they can plausibly reuse.
Conspiracy theory: the NSA _did_ do it, using Cellebrite as cover. (Totally groundless, yet not implausible. We’ll never know.)
I’ll just leave this *old* video here and point out some basic physics that electron density determines the diffraction of x-rays.
https://www.youtube.com/watch?v=EtqzVlWksGE
And this from a few years later,
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3216544/
Oh and there are very recent advances in coherent x-ray sources that make them far more compact too. Ever heard of what happens if you etch a set of lines on a diamond and then hit it with a bean of particles? You get a very small x-ray laser. It does not have to have much power, just enough to illuminate the device so that it casts a detectable image and being coherent you can point multiple x-lasers at it at the same time from different angles so the tomography does not require physical scanning. You can also tune the wavelength to target different details but ultimately on a run you are just after electrons at key points in the chip that allow you to watch it in operation. Another nice thing about coherent x-lasers is the image is projected so that it can be much larger than the target, making the construction of your sensor array easier.
https://en.wikipedia.org/wiki/Flat_panel_detector
There is at least one old video of electrons being imaged in a chip using an electron microscope, not exactly the same method but I’d like to find it again because it helps people to understand the concept of imaging a chip while it is operating. If anyone find it please let me know.
So tell me why you think it is not possible to watch a chip’s internals operating in real time? It is the ultimate debugging tool, which you should all realise means it is the ultimate hacking tool. Not that any HaD hacker could afford such tools, then again did you even know they existed?
Have you ever tried attaching a random device, be it TV or a router to a JTAG? Most SoCs support JTAG and many boards even in consumer products have it available. If you’ve done it then you know that you need some information (addresses, magic values) about the platform you are hacking to get any valuable information. The same goes for wathching a chip (let’s don’t care about the frame rate required), you need to know whay you are looking for and the chances are high that the parts responsible for crypto have been manually adjusted (spread accross the chip) to make them harder to analyse.
Yes it is hard, as hard as etching chips with particle beans until you get down to the point and layer you need to tap into, but there are people skilled enough to do that too, Have a look around and you will find videos of a young guy doing it and explaining how in detail. If I recall correctly all the gear belonged to his father’s company. I’m not making this stuff up. For at least two decades there have been DSP systems that operate in the tens of gigahertz too, easily fast enough once you locate the points you need to monitor. The fact that each phone is not a one off helps to eliminate a lot of work because you have references to study before you look at the target device.
So the “it is very hard therefore it can’t be done at all” type argument is naive and illogical.
“particle beans” LOL! That should read beams.
r.e. those videos, I’m still looking for them but they may have been posted on HaD before. Does anyone else remember?
maybe apple should consider for future iphones both software and hardware a collapsable circuit (hollywood’s method for preventing bomb squad from disarming bomb usually results in either advancing the timer or immediate firing)
so if anyone tries a nand dump or mirror they wipe the phone furtherly destroying any chances of recovery (sorry drive recovery houses your work will destroy the data you are trying to recover so all you get is a blank nand chip with all 0’s or all 1’s).
That’s actually pretty close to what Apple actually did on all future iPhone models – about 4 years ago.
Remember the iPhone 5c being discussed is exceptionally old tech. The very next model and everything after have a hardware security chip that generates a random key, the CPU generates a random key, and both keys must be used together along with the actual password to build the key used to decrypt the flash chip.
Swap any one of those three components out for another and significant parts of the key are simply missing.
Search for “Apple Secure Enclave Chip” for more details
Not really surprised it was Cellebrite who did it in the end. The company started out as a manufacturer of tools for servicing cellular phones, and they leveraged this experience to develop a device that can dump any and every phone on the market- the UFED. They also have a very large capacity for refurbishing phones, and a dedicated department for device forensics.
>They’re required to be schizophrenic.
I fail to see what chronic hallucinations have to do with cognative dissonnance. To even allude to dissociative identity disorder and call it schizophrenia, which it is not, only marginalizes both. The disinformation encircling schizophrenia is remnants of a bygone era. ‘Schizophrenic” in any context that isn’t purely psychiatric is merely a pejorative popularized by the CIA and friends to discredit intellectuals, communists and dissidents. Any belief in otherwise objective facts can be explained away as [insert false realitirs] of [insert demonized], [insert discredited], [insert dehumanized] misanthrope if you willfully ignore how rare extreme cases of schizophrenia and Dissociative Identity Disorder really are.
Calling a manipulative, two-faced creep a schizophrenic is about as appropriate as calling him “retarded” or “autistic”. It just seems less offensive because you’re conditioned to believe that it’s culturally acceptable to mindlessly slap some purely psychiatric terms on some people and not others. The dated, albeit culturally accepted nonsense about schizophrenia finds its way into wikipedia articles and gets used as a psychological bullying tactic on message boards on the daily because historically schizophrenia means whatever a high-level Machiavellian master-manipulator wants it to mean but this is only useful in the context of realtime psychological war where adequate reference materials are unavailable and your target audience is your enemy.
What I’m saying is that calling the FBI schizophrenic is an insult to schizophrenics.
Hang on …
> by: Elliot Williams
*slow claps*
You got me again, Elliot. Third time in a row. You work for the FBI, don’t you? Limited hangout! Digital Panopticon! Jet fuel doesn’t melt steel beams! IT’S HAPPENING!
At about the same time this was in the news my friend wanted to unlock an i-phone and he found this. he told me it worked for him to get access but you could only do it once. Would this have worked for the FBI? was the answer on youtube all along ?
https://youtu.be/mHq3gM7WvEY
Neat followup: Same thing for Android. Google has unlocked phones for the gov’t, but has not provided a tool that would unlock them in general. They say they would fight such an order.
https://motherboard.vice.com/read/google-has-helped-the-feds-access-at-least-9-locked-android-phones-using-the-all-writs-act
I am incredibly impressed with the level of conspiracy theorists here. Let me suggest something simpler, namely, most of our government are very good people doing a great job and are your family and friends and neighbors that you accuse here of these conspiracies and that when the level of hard terrorism that afflicts other parts of the world come home to the US that hopefully your consideration, appreciation, and incorrect assumptions will change
This is all interesting, but I think a wrong turn was taken early on, on the basis of actual ownership of the phone. The phone was owned by the terrorists employer, who was the county government. Irrespective of who the end user was, I would have thought Apple could provide password access to the owner of the phone if they had asked. All of this assumes the owner was indeed the county (I think this has been verified to be true), and the owner shared the FBI’s interest in unlocking the phone for the sake of supporting the investigation.
Actually, Apple doesn’t have your phone pin/password. When they first rolled out encryption on the iPhone they specifically stated that they couldn’t help you if you forgot it.
The Israel firm uses a vulnerability in the iTunes protocol handler to execute code that resets the counter with a process that contains the crypto material.. They are actually partially transparent with it. They even have a instructional video public on Youtube.
A lot of people on the internet including myself got a laugh out of the fact Marcan42 and the rest of the jailbreak community made exhaustive lists of all the possible methods and it wasn’t on any of them..
I really don’t see the big deal here. This is not rocket science.
Read all the NV memory so you can start over if need be.
Try to lock all the NV so that a lockout can’t be preformed by the phone.
Or better still simulate the whole phone on a large computer for speed.
Brute force the password.
They used a vulnerability in the iTunes USB protocol handling process to either block/hook/intercept counter calls or they reset the counter.
Uhm ” killed fourteen and then himself”? Didn’t they get gunned down by the cops?
Wikipedia says:
“The gunfire lasted for around five minutes before both perpetrators were killed. The sheriff’s department confirmed that a man and a woman were killed. One of the shooters died outside the SUV while getting out and trying to cross the street, while the other shooter died inside the vehicle””
CNN (not the best source but OK ” Syed Rizwan Farook and his wife, Tashfeen Malik — were fatally shot in a gun battle with police hours after the initial incident. Farook worked for the county health department.” Syed Rizwan Farook and his wife, Tashfeen Malik — were fatally shot in a gun battle with police hours after the initial incident. Farook worked for the county health department
And on top of it all yo suggest he was the only one doing the action, when in fact it seems his wife was not only in the gun battle and violence but might have been the most enthusiastic one.
Should we really adapt to the obama and trump world you think? Or could we do less male chauvinism?
If it was on IOS 8, they could had used devices like this: https://www.mfcbox.com/
>the FBI from telling Apple employees that they would be killing children
http://i0.kym-cdn.com/photos/images/newsfeed/000/550/009/39a.gif
Apple.cares.about.not.money.
Ground control to Major Gettin Cot. Bane and 4 U /b/rother.
I wouldn’t be surprised if the FBI (or other politicians) really did want to set legal precedent supporting backdoors. It’s been 20-some years since the Clipper chip (hardware backdoor). Maybe we should pay closer attention this election and vote out politicians who keep pushing antiquated ideals like this.
Why does the article claim that the FBI paid Cellebrite to do it for them? The link in this text:
“What we do know is that they paid Cellebrite, an Israeli security firm, at least $218,004.85 to get the job done for them. ”
takes you to a record for some sort of Cellebrite Service Renewal. I take it that someone just assumed that was payment for hacking the phone?
But if you dig deeper, you can also find a payment to Cellebrite in December of 2015, $36,000 was paid to Cellebrite for a “Cellebrite UFED4PC Logical/Physical Kit mobile forensic tool”
Digging even deeper, by searching for “Cellebrite USA Corp” on that FPDS-NG ezSearch site, you can find that Cellebrite has been paid a little over $1.15 million in 2016 so far (just over $32 million in the past 10 years, click the CSV download button in the search results). So, obviously, the government isn’t just paying them for iPhone hacks. Cellebrite offers many products and services, so making an assumption based upon timing of a large payment to media hype is really lame.
Here’s another
http://www.bbc.com/news/technology-35933239
how danger this case is?