News:

And we're back!

Main Menu

Apple vs the FBI

Started by Berkut, March 01, 2016, 11:45:51 AM

Previous topic - Next topic

DontSayBanana

Quote from: Berkut on March 29, 2016, 11:53:50 AM
Quote from: grumbler on March 29, 2016, 11:49:32 AM
That kinda makes Apple's contention that it would have taken many man-months of expert work to accomplish this look bad.

Not really - so far as I know, the FBI method involved some exploit in the software, which Apple clearly doesn't know about, or they would fix it.

Unlikely.  The most likely solution (according to most forensic peeps I've been listening to) is NAND mirroring.  It's a little more technically involved than this, but long story short, somebody realized they could make unlimited clones of the encrypted phone and just keep trying to break into the clones.  Bricked from 10 unsuccessful attempts at 0-0-0-9?  Make another clone and start guessing at 0-0-1-0.

Basically, the phone can know how many times passcodes have been tried, but the phone doesn't have any way to know it's a copy.
Experience bij!

Berkut

Interesting. How do you make the clone though?
"If you think this has a happy ending, then you haven't been paying attention."

select * from users where clue > 0
0 rows returned

Razgovory

I've given it serious thought. I must scorn the ways of my family, and seek a Japanese woman to yield me my progeny. He shall live in the lands of the east, and be well tutored in his sacred trust to weave the best traditions of Japan and the Sacred South together, until such time as he (or, indeed his house, which will periodically require infusion of both Southern and Japanese bloodlines of note) can deliver to the South it's independence, either in this world or in space.  -Lettow April of 2011

Raz is right. -MadImmortalMan March of 2017

grumbler

Quote from: Berkut on March 29, 2016, 10:07:02 PM
Interesting. How do you make the clone though?
You just copy over the 1s and 0s.
The future is all around us, waiting, in moments of transition, to be born in moments of revelation. No one knows the shape of that future or where it will take us. We know only that it is always born in pain.   -G'Kar

Bayraktar!

Brazen

That's it, the genie's out of the bottle:

FBI agrees to unlock another iPhone in homicide case

http://www.bbc.co.uk/news/technology-35933239

Berkut

That cannot be right, we were assured this was a one off thing and would set no precedent.
"If you think this has a happy ending, then you haven't been paying attention."

select * from users where clue > 0
0 rows returned

garbon

Quote from: Berkut on March 31, 2016, 09:19:28 AM
That cannot be right, we were assured this was a one off thing and would set no precedent.

Well yes it does establish the precedent that once the gov't is able to do something for themselves, they'll do it many times over.
"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

Valmy

Quote from: Berkut on March 31, 2016, 09:19:28 AM
That cannot be right, we were assured this was a one off thing and would set no precedent.



But as garbon says, once they can do it themselves there is no reason for them to make a concession like that.
Quote"This is a Russian warship. I propose you lay down arms and surrender to avoid bloodshed & unnecessary victims. Otherwise, you'll be bombed."

Zmiinyi defenders: "Russian warship, go fuck yourself."

DontSayBanana

Quote from: Berkut on March 29, 2016, 10:07:02 PM
Interesting. How do you make the clone though?

As I understand it, it's pretty labor intensive- it involves desoldering the chips from the phone's motherboards and flashing clones of them individually.  I imagine most of the chips need to be identical, because Apple knows enough about encryption to make the hashes rely on the "identity" of other chips from the iPhone, or else anybody with a Cellebrite machine could just copy the encrypted contents of the storage to any other iPhone.

http://www.networkworld.com/article/3048488/security/nand-mirroring-proof-of-concept-show-that-fbi-could-use-it-to-crack-iphone.html
Experience bij!

grumbler

Quote from: Berkut on March 31, 2016, 09:19:28 AM
That cannot be right, we were assured this was a one off thing and would set no precedent.

What, exactly, were we assured was the one-time thing, and by whom were we assured?
The future is all around us, waiting, in moments of transition, to be born in moments of revelation. No one knows the shape of that future or where it will take us. We know only that it is always born in pain.   -G'Kar

Bayraktar!

CountDeMoney

Further proof that you can mask any amount of incompetence if your budget is big enough.


QuoteThe FBI paid more than $1 million to crack the San Bernardino iPhone
washingtonpost.com


FBI Director James Comey suggested Thursday that the bureau paid more than $1 million to access an iPhone belonging to one of the San Bernardino attackers, the first time the agency has offered a possible price tag in the high-profile case.

While speaking at a security forum in London hosted by the Aspen Institute, Comey would not offer a precise dollar figure, saying only that it cost "a lot" to get into the phone.

He said the cost of the tool was "more than I will make in the remainder of this job, which is seven years and four months, for sure." As he made his remark, Comey, a former federal prosecutor who speaks precisely in public settings, paused as if to consider the math he was performing in his head.

The FBI director serves a 10-year term, though Comey's predecessor, Robert S. Mueller III, served for 12 years after Congress approved a request from President Obama to extend his tenure.

Comey was confirmed July 2013 and took office in September of that year, so he has more than seven years left in his term. According to the federal statute detailing his salary, Comey is paid the rate set for Level II of the executive salary schedule. That means he makes $185,100 a year, under the pay schedules that went into effect this year.

As a result, Comey's remarks strongly implied that the bureau paid at least $1.3 million to get onto the phone, which had belonged to Syed Rizwan Farook, who, with his wife, killed 14 people during the Dec. 2 terror attack in San Bernardino, Calif.

"But it was, in my view, worth it," the FBI director said of what it cost to access the phone's data.

An FBI spokesman said the bureau would not comment on Comey's remarks.

Federal authorities have not publicly revealed who helped the FBI unlock the San Bernardino iPhone, which was at the center of an extended fight between the government and Apple. The Justice Department had maintained that only Apple could help it access the phone without erasing all of its data before abruptly saying it had gotten help from an outside party and no longer needed Apple's assistance.

According to people familiar with the issue, the FBI cracked the phone with the help of professional hackers who were paid a one-time flat fee. Law enforcement officials have said recently that the FBI has found no links to foreign terrorists on the phone, though they are still hoping that geolocation data on the device could help reveal what the attackers did during an 18-minute period after the shooting.

Earlier this month, Comey had said that the government was considering telling Apple how it accessed the phone, though he acknowledged that if that happened, the technology giant would fix the flaw and close off that avenue. But he said the tool would only work on a "narrow slice" of devices, saying he was "pretty confident" it would not work on newer models.

Comey conceded Thursday that the tool would work only on an iPhone 5c running iOS 9. In part because of the price tag, Comey said he hoped the government could figure out a solution to access other, more current phones without having to make mass appeals to the tech industry for some kind of hack.

He noted that there were 18,000 law enforcement agencies across the U.S. that might want to access phones and could not afford what the FBI paid to access the San Bernardino phone. The FBI's total budget for fiscal year 2016 was more than $8.7 billion, and the bureau requested more than $9.5 billion for fiscal year 2017.

"I'm hoping that we can somehow get to a place where we have a sensible solution, or set of solutions, that doesn't involve hacking, it doesn't involve spending tons of money in a way that's un-scaleable," Comey said.

Admiral Yi

i don't remember anyone claiming that if the government gained the ability to hack a phone they would never do it again.


11B4V

Damn, a million bones. What a bunch of nards.
"there's a long tradition of insulting people we disagree with here, and I'll be damned if I listen to your entreaties otherwise."-OVB

"Obviously not a Berkut-commanded armored column.  They're not all brewing."- CdM

"We've reached one of our phase lines after the firefight and it smells bad—meaning it's a little bit suspicious... Could be an amb—".

Berkut

Quote from: grumbler on March 31, 2016, 11:25:33 AM
Quote from: Berkut on March 31, 2016, 09:19:28 AM
That cannot be right, we were assured this was a one off thing and would set no precedent.

What, exactly, were we assured was the one-time thing, and by whom were we assured?

http://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html
Quote
What was the battle over?

Last month, a federal judge asked Apple to help the FBI unlock an iPhone belonging to Syed Farook, who was responsible for the shootings in San Bernardino in December which left 14 people dead.

The judge asked Apple to provide "reasonable technical assistance" to the U.S. authorities, which would require the technology giant to overhaul the system that disables the phone after 10 unsuccessful password attempts. Once this feature kicks in, all the data on the phone is inaccessible. Apple declined to help the FBI.

At the time, Apple chief executive Tim Cook called the order "chilling" and said that it would require writing new software that would be "a master key, capable of opening hundreds of millions of locks". Cook's argument was that if the FBI could access this iPhone, nothing would stop them from doing it to many others.

Law enforcement authorities insisted that it was a one-off request. As a result the case went to court.
"If you think this has a happy ending, then you haven't been paying attention."

select * from users where clue > 0
0 rows returned