FBI Can't Win: Apple Engineers Will Quit Before Unlocking iPhone

[Doozie]

I'm happy to hear they're ready to walk. Breaking their security is an end-game for their phones, I'd certainly never use one a couple weeks after that set of keys were handed over to a group of untrustworthy fucks like the fbi.

 

[flying_whimsy]

I hate apple, I really do. But in this case, I'm totally on their side. The FBI is looking for a frankly dangerous court precedent here: namely one that allows them to legally compel anyone to do anything in the name of preventing terrorism or face trouble in court. Basically, it would give them carte blanche to make internet and phone providers do what they were doing before under the patriot act.

I think a lot of people tend to forget that the constitution was put in place to protect us from the government. Keeping them from coming into our homes and businesses and forcing us to do what they want would definitely qualify.

 

[BoogieManFL]

What if they had the cell phone of some crazy sick bastard who kidnapped a bus full of children and hid them somewhere only to get himself killed by authorities, and the only possible way to find them would be hacking his phone. Would they still say tough luck - our principals are worth more than lives?

"what if" situations are the cause to blame for a lot of wars and very stupid decisions throughout humanity. How about we focus on the here-and-now within reality's setting, m'kay? Besides, I highly doubt that the phone would be the only possible way to finding the kids. First off a thorough investigation would track last locations of the bus sighted, and manhunts would ensue within that region. Now without unlocking the phone, they can also pinpoint the closest towers it connected to during such and such time to further help locate the missing kids. Then, good old fashioned police work. There is NO miracle hiding behind technology; especially a measly cell phone.

This case is about the FBI wanting to hack the cell phone to try to further investigate OTHER people this already established terrorist was talking to and to find out if they're part of a terrorist cell. This isn't a bomb on a trigger. This is basically them wanting to circumvent system to try to track other people through this person's phone.


The worst part of this that is being downplayed is that the FBI gave advice to the supervisor of the owner of the phone to lock the dang thing in the first place. It is their own fault that they cannot get into it. That is the rub that is killing this case.

It's a hypothetical situation. It's that way because I said it was, I created it. It doesn't have to conform to anything you accept or even hold up to iron clad logic. A dissection of the question is not the purpose of most hypothetical situations and serves no purpose here.

The point is - would they and should they still say no in that situation? Where does the line get drawn, I wonder. It's not a question to argue for or against it, it's just a hypothetical question.

 

[The Enquirer]

Go team freedom! Fuck those potential terrorist victims who could be saved if contents of that phone would lead to other terrorists!

Except it isn't that simple. Encryption services, such as telegram or WhatsApp, are readily and freely available, with new ones popping up every day. There was one a while ago that was essentially a heavily encrypted version of snap chat, wherein the message would be deleted after an amount of time determined by the sender. So even if Apple were to lose this court case, it still would NOT ultimately help the issue you so sarcastically brought up. The issue here is regarding the legal precedent the case will set.

 

[Arnoxthe1]

...

I know Apple though. This feels like a massive publicity stunt. How do we know that Apple's no just putting on a show while secretly helping them with the backdoor in secret? I really wouldn't put it past them.

 

[Adam Jensen_v1legacy]

Go team freedom! Fuck those potential terrorist victims who could be saved if contents of that phone would lead to other terrorists!

That's the thing. There's no evidence that these people are a part of an organized terrorist cell. Claiming that the evidence might be inside the phone is a bad argument. You can say that about anyone who committed any act of violence or civil disobedience. And we've already seen how the government labels people terrorist with ease. Who the fuck would in their right mind give the authorities such a power? It's insane. Setting such a strong precedent that gives the government overwhelming power based on an assumption that it might kind of sort of maybe be useful is a TERRIBLE idea.

...

I know Apple though. This feels like a massive publicity stunt. How do we know that Apple's no just putting on a show while secretly helping them with the backdoor in secret? I really wouldn't put it past them.

It's not just about Apple. This would affect every other tech giant and not just in the US. And it wouldn't be a very good publicity stunt. Imagine all the people who could be buying an iPhone right now but they might be waiting to see what becomes of this. Apple is right to raise such a ruckus over this. A part of their defense is educating people on the importance of strong encryption.

 

[chimeracreator]

question: Im not entirely sure about this but... A password encryption is basically just a pasword being jumbled around by your key. You select a password (for example: puppy). The key encrypts it into: "w751|''dwER4$%". Someone explained it to me once that you can only run it through from front to back (puppy into w751|''dwER4$% and not w751|''dwER4$% into puppy).

...

Problem is that with 2048 bit encryptions or higher the combinations become too much for any supercomputer to try and break in this life time

...

My experience with IT and encryption in general is very limited so... correct, half wrong, totally wrong, shut up?

You're somewhat right. 2048 bit encryption only refers to asymmetric key cryptography, which is not what's being used here. I haven't had a chance to work with iPhone Decryption, but based on literature in the field it basically works as follows:

Step 1: Provide a Passcode (usually a 4 to 6 digit number)

Step 2: The passcode is hashed with a unique identifier on the phone. At this point the OS will add one to the number of login attempts. If this number exceeds 10 wipe the iPhone encryption key used in step 3.

Step 3: This hash is used as a key to decrypt the iPhone's storage key which is unique to the phone. This key was generated in a secure manner when the phone's file system was first formatted.

Step 4: Verify a hash of the decrypted key to ensure that the decryption was successful. If it was successful reset the login counter to 0. If it failed check if the login counter is now ten if so erase the iPhone encryption key used in step 3.

Step 5: You're either logged in or back to step 1.

Odds are the iPhone uses some AES256 variant like they were back in 2014, which is hard to crack, but brute forcing a 6 digit number isn't. However to brute force this number you would need to get access to the encrypted key, which is possible by physically removing the chip a technique known as chip-off.

This does have a few hard parts to it which are:
1. You risk damage to the chip and thus the data.
2. You need to know how the flash controller works so you can emulate the flash translation layer (FTL).
3. You need to know how the file system works.
4. You need to write a tool to decrypt the encrypted file system once you have the key since putting back on a flash chip once it was removed is nearly impossible.

Assuming a competent team was starting from scratch this process would take about a year... which is likely less time than this issue will sit in the courts. If the team had access to Apple engineers who were willing to share details about the flash translation layer and file system it would take significantly less time.

 

[Draconalis]

That is some great resolve by those engineers. I applaud them. "From our cold, dead hands," appears to be the motto. Luckily, I'm sure all of them can easily land a new position with another company should push come to "fuck you".

Yeah... a company like... pApple.

They are a new company that makes cell phones, and cell phone accessories.

 

[LetalisK]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

 

[chimeracreator]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

It erases the decryption key for your phone, which effectively erases everything. The difference is that it takes far less time.

 

[MetalheroDamien]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

Only if you have that turned on. It's under Settings>Touch ID & Passcode> Erase Data.

 

[Fdzzaigl]

Good. This news story will actually make me consider the (overpriced) Iphone for a new smartphone next time I need one.

 

[rednose1]

Someone help me understand something.. I get both sides. But..

If these people were terrorists can't they just unlock those phones and provide the data, then destroy the methods they used to unlock them assuming they don't already possess the ability to circumvent their own designs? Or do they want the ability to do so given to them on whoever they want? Is it specifically known? I assume they want a tool made for their personal use.. In which case I can see Apple's resistance. Maybe they should compromise and do it just for this one phone or incident..

What if they had the cell phone of some crazy sick bastard who kidnapped a bus full of children and hid them somewhere only to get himself killed by authorities, and the only possible way to find them would be hacking his phone. Would they still say tough luck - our principals are worth more than lives?

It's about setting a precedent. As soon as the courts say the F.B.I. is in the right, they'll use that example for all other cases (think they have 12 right now) to force compliance down the road. They're not trying to win this one fight, but all the others down the road. The F.B.I. is using this case in particular to argue because it sounds so good in the media. (Apple wont help us fight terrorists!!)

 

[Do4600]

Federal Bureau of Investigation.

F.B.I.

Central Intelligence Agency.

C.I.A.

Are you seriously telling me that these two GOVERNMENT AGENCIES, who have the same objectives in this terrorist investigation, aren't able to work together to hack a cell phone? Really?!

Is our government that inept that all we have now working for us is bureaucratic windbags (or douchebags?) that serve no purpose other than to argue in hearings and courtrooms? I'm more than certain that not only are there some highly trained programmers within the Air Force (the test alone to get into the program is insane). There is also the option of contracting out private contractors to do the hack as well.

This is just pure political poppycock in order to try to make precedence in order to make new laws. It is ridiculous!

The argument I've heard is that they ARE able to work together to hack a cell phone but the technology they would have to use to do it would be in the hands of the CIA if it does exist, if it does exist it would be very much in the interests of the CIA to keep it secret. If they do in fact find the threads of another terrorist plot the FBI would have to reveal how it is they know what they know to a court in order to get warrants and such things and then the technology and the way it works would no longer be secret.

So even if they could they can't, it makes no sense to spend millions developing top secret tools and then immediately reveal their capabilities, of course you could also argue that if you can't lend them out to different agencies why spend so much developing them?

The solution would almost be to let the FBI create their own tools with an additional budget but if they share the same capabilities and modes of operation of the CIA tools then it won't matter because everybody else would still know what to look out for and perhaps develop a means of defeating them.

It's a very strange problem.

 

[LetalisK]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

It erases the decryption key for your phone, which effectively erases everything. The difference is that it takes far less time.

That blows my mind that it's even an option, but I'm also someone who liberally uses the "Forgot password?" on websites. It's clearly not meant for me.

 

[Magmarock]

As much as I don't like the Apple brand, this is great stuff. No government agency has the right to bully a company like this. They said no FBI get over it.

 

[Lightknight]

I just asked this in another thread but this one is more directly set on this. Let me propose a specific solution to our concerns and I'd love it if an expert could tell me why this wouldn't work (I will admit to having extensive pc security training though my job does not revolve around setting up security so much as getting through it on an upper level so I wouldn't consider myself an expert but would call myself familiar):

Let's say that they created a back door for new phones and such from the start. Something like bit locker that a key word could unlock. If left there, anyone who knew the word would get in. Now, let's say that the key word was tied to an algorithm that itself was under encryption with no back door. If left there, if the encryption ever got out or was successfully reverse engineered (not sure if non-back door encryption on it would prevent that) then anyone having it would be in. Next, let's include safety measures like it unlocking requiring second and third factor authentications that could include encrypted communication with a machine that has to be in physical range. Second and third factor authentications virtually remove the possibility of external success in cracking something. If it was even tied to specific machines that had to be physically present then that would destroy almost any kind of access I could think of even if an employee stole and released the algorithm.

Sure, you'd have workers on site that could abuse their access to the key algorithm and the physical devices for multi-factor communication, but they would be under incredibly close scrutiny and would be let go pretty darn fast by the people watching them and then that would be it (not to mention the employee would actually have to be the sort of person that can obtain a device containing information they'd want to hack). Combine it with stringent human management like making any device go through two random employees for the process and individuals may not even actually have access to both parts.

Surely there are ways like this that would ensure phone security for many years if not a decade. Two-factor authentication is currently amazing successful and if they tweaked it in the ways I specified then there would be nothing more secure on Earth that I know of. Even an offline machine you have to manually log into would be less safe than this.