FBI Can't Win: Apple Engineers Will Quit Before Unlocking iPhone

[Doozie]

I'm happy to hear they're ready to walk. Breaking their security is an end-game for their phones, I'd certainly never use one a couple weeks after that set of keys were handed over to a group of untrustworthy fucks like the fbi.

 

[flying_whimsy]

I hate apple, I really do. But in this case, I'm totally on their side. The FBI is looking for a frankly dangerous court precedent here: namely one that allows them to legally compel anyone to do anything in the name of preventing terrorism or face trouble in court. Basically, it would give them carte blanche to make internet and phone providers do what they were doing before under the patriot act.

I think a lot of people tend to forget that the constitution was put in place to protect us from the government. Keeping them from coming into our homes and businesses and forcing us to do what they want would definitely qualify.

 

[BoogieManFL]

What if they had the cell phone of some crazy sick bastard who kidnapped a bus full of children and hid them somewhere only to get himself killed by authorities, and the only possible way to find them would be hacking his phone. Would they still say tough luck - our principals are worth more than lives?

"what if" situations are the cause to blame for a lot of wars and very stupid decisions throughout humanity. How about we focus on the here-and-now within reality's setting, m'kay? Besides, I highly doubt that the phone would be the only possible way to finding the kids. First off a thorough investigation would track last locations of the bus sighted, and manhunts would ensue within that region. Now without unlocking the phone, they can also pinpoint the closest towers it connected to during such and such time to further help locate the missing kids. Then, good old fashioned police work. There is NO miracle hiding behind technology; especially a measly cell phone.

This case is about the FBI wanting to hack the cell phone to try to further investigate OTHER people this already established terrorist was talking to and to find out if they're part of a terrorist cell. This isn't a bomb on a trigger. This is basically them wanting to circumvent system to try to track other people through this person's phone.


The worst part of this that is being downplayed is that the FBI gave advice to the supervisor of the owner of the phone to lock the dang thing in the first place. It is their own fault that they cannot get into it. That is the rub that is killing this case.

It's a hypothetical situation. It's that way because I said it was, I created it. It doesn't have to conform to anything you accept or even hold up to iron clad logic. A dissection of the question is not the purpose of most hypothetical situations and serves no purpose here.

The point is - would they and should they still say no in that situation? Where does the line get drawn, I wonder. It's not a question to argue for or against it, it's just a hypothetical question.

 

[The Enquirer]

Go team freedom! Fuck those potential terrorist victims who could be saved if contents of that phone would lead to other terrorists!

Except it isn't that simple. Encryption services, such as telegram or WhatsApp, are readily and freely available, with new ones popping up every day. There was one a while ago that was essentially a heavily encrypted version of snap chat, wherein the message would be deleted after an amount of time determined by the sender. So even if Apple were to lose this court case, it still would NOT ultimately help the issue you so sarcastically brought up. The issue here is regarding the legal precedent the case will set.

 

[Arnoxthe1]

...

I know Apple though. This feels like a massive publicity stunt. How do we know that Apple's no just putting on a show while secretly helping them with the backdoor in secret? I really wouldn't put it past them.

 

[Adam Jensen_v1legacy]

Go team freedom! Fuck those potential terrorist victims who could be saved if contents of that phone would lead to other terrorists!

That's the thing. There's no evidence that these people are a part of an organized terrorist cell. Claiming that the evidence might be inside the phone is a bad argument. You can say that about anyone who committed any act of violence or civil disobedience. And we've already seen how the government labels people terrorist with ease. Who the fuck would in their right mind give the authorities such a power? It's insane. Setting such a strong precedent that gives the government overwhelming power based on an assumption that it might kind of sort of maybe be useful is a TERRIBLE idea.

...

I know Apple though. This feels like a massive publicity stunt. How do we know that Apple's no just putting on a show while secretly helping them with the backdoor in secret? I really wouldn't put it past them.

It's not just about Apple. This would affect every other tech giant and not just in the US. And it wouldn't be a very good publicity stunt. Imagine all the people who could be buying an iPhone right now but they might be waiting to see what becomes of this. Apple is right to raise such a ruckus over this. A part of their defense is educating people on the importance of strong encryption.

 

[chimeracreator]

question: Im not entirely sure about this but... A password encryption is basically just a pasword being jumbled around by your key. You select a password (for example: puppy). The key encrypts it into: "w751|''dwER4$%". Someone explained it to me once that you can only run it through from front to back (puppy into w751|''dwER4$% and not w751|''dwER4$% into puppy).

...

Problem is that with 2048 bit encryptions or higher the combinations become too much for any supercomputer to try and break in this life time

...

My experience with IT and encryption in general is very limited so... correct, half wrong, totally wrong, shut up?

You're somewhat right. 2048 bit encryption only refers to asymmetric key cryptography, which is not what's being used here. I haven't had a chance to work with iPhone Decryption, but based on literature in the field it basically works as follows:

Step 1: Provide a Passcode (usually a 4 to 6 digit number)

Step 2: The passcode is hashed with a unique identifier on the phone. At this point the OS will add one to the number of login attempts. If this number exceeds 10 wipe the iPhone encryption key used in step 3.

Step 3: This hash is used as a key to decrypt the iPhone's storage key which is unique to the phone. This key was generated in a secure manner when the phone's file system was first formatted.

Step 4: Verify a hash of the decrypted key to ensure that the decryption was successful. If it was successful reset the login counter to 0. If it failed check if the login counter is now ten if so erase the iPhone encryption key used in step 3.

Step 5: You're either logged in or back to step 1.

Odds are the iPhone uses some AES256 variant like they were back in 2014, which is hard to crack, but brute forcing a 6 digit number isn't. However to brute force this number you would need to get access to the encrypted key, which is possible by physically removing the chip a technique known as chip-off.

This does have a few hard parts to it which are:
1. You risk damage to the chip and thus the data.
2. You need to know how the flash controller works so you can emulate the flash translation layer (FTL).
3. You need to know how the file system works.
4. You need to write a tool to decrypt the encrypted file system once you have the key since putting back on a flash chip once it was removed is nearly impossible.

Assuming a competent team was starting from scratch this process would take about a year... which is likely less time than this issue will sit in the courts. If the team had access to Apple engineers who were willing to share details about the flash translation layer and file system it would take significantly less time.

 

[Draconalis]

That is some great resolve by those engineers. I applaud them. "From our cold, dead hands," appears to be the motto. Luckily, I'm sure all of them can easily land a new position with another company should push come to "fuck you".

Yeah... a company like... pApple.

They are a new company that makes cell phones, and cell phone accessories.

 

[LetalisK]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

 

[chimeracreator]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

It erases the decryption key for your phone, which effectively erases everything. The difference is that it takes far less time.

 

[MetalheroDamien]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

Only if you have that turned on. It's under Settings>Touch ID & Passcode> Erase Data.

 

[Fdzzaigl]

Good. This news story will actually make me consider the (overpriced) Iphone for a new smartphone next time I need one.

 

[rednose1]

Someone help me understand something.. I get both sides. But..

If these people were terrorists can't they just unlock those phones and provide the data, then destroy the methods they used to unlock them assuming they don't already possess the ability to circumvent their own designs? Or do they want the ability to do so given to them on whoever they want? Is it specifically known? I assume they want a tool made for their personal use.. In which case I can see Apple's resistance. Maybe they should compromise and do it just for this one phone or incident..

What if they had the cell phone of some crazy sick bastard who kidnapped a bus full of children and hid them somewhere only to get himself killed by authorities, and the only possible way to find them would be hacking his phone. Would they still say tough luck - our principals are worth more than lives?

It's about setting a precedent. As soon as the courts say the F.B.I. is in the right, they'll use that example for all other cases (think they have 12 right now) to force compliance down the road. They're not trying to win this one fight, but all the others down the road. The F.B.I. is using this case in particular to argue because it sounds so good in the media. (Apple wont help us fight terrorists!!)

 

[Do4600]

Federal Bureau of Investigation.

F.B.I.

Central Intelligence Agency.

C.I.A.

Are you seriously telling me that these two GOVERNMENT AGENCIES, who have the same objectives in this terrorist investigation, aren't able to work together to hack a cell phone? Really?!

Is our government that inept that all we have now working for us is bureaucratic windbags (or douchebags?) that serve no purpose other than to argue in hearings and courtrooms? I'm more than certain that not only are there some highly trained programmers within the Air Force (the test alone to get into the program is insane). There is also the option of contracting out private contractors to do the hack as well.

This is just pure political poppycock in order to try to make precedence in order to make new laws. It is ridiculous!

The argument I've heard is that they ARE able to work together to hack a cell phone but the technology they would have to use to do it would be in the hands of the CIA if it does exist, if it does exist it would be very much in the interests of the CIA to keep it secret. If they do in fact find the threads of another terrorist plot the FBI would have to reveal how it is they know what they know to a court in order to get warrants and such things and then the technology and the way it works would no longer be secret.

So even if they could they can't, it makes no sense to spend millions developing top secret tools and then immediately reveal their capabilities, of course you could also argue that if you can't lend them out to different agencies why spend so much developing them?

The solution would almost be to let the FBI create their own tools with an additional budget but if they share the same capabilities and modes of operation of the CIA tools then it won't matter because everybody else would still know what to look out for and perhaps develop a means of defeating them.

It's a very strange problem.

 

[LetalisK]

I'm so confused about this subject. So if I get hammered because my wife left me and fat finger my passcode too many times in an attempt to drunk dial her, does my iPhone just lock me out permanently? Erase everything? If I take it to a Genius bar will they just tell me to eat shit and buy a new one?

It erases the decryption key for your phone, which effectively erases everything. The difference is that it takes far less time.

That blows my mind that it's even an option, but I'm also someone who liberally uses the "Forgot password?" on websites. It's clearly not meant for me.

 

[Magmarock]

As much as I don't like the Apple brand, this is great stuff. No government agency has the right to bully a company like this. They said no FBI get over it.

 

[Lightknight]

I just asked this in another thread but this one is more directly set on this. Let me propose a specific solution to our concerns and I'd love it if an expert could tell me why this wouldn't work (I will admit to having extensive pc security training though my job does not revolve around setting up security so much as getting through it on an upper level so I wouldn't consider myself an expert but would call myself familiar):

Let's say that they created a back door for new phones and such from the start. Something like bit locker that a key word could unlock. If left there, anyone who knew the word would get in. Now, let's say that the key word was tied to an algorithm that itself was under encryption with no back door. If left there, if the encryption ever got out or was successfully reverse engineered (not sure if non-back door encryption on it would prevent that) then anyone having it would be in. Next, let's include safety measures like it unlocking requiring second and third factor authentications that could include encrypted communication with a machine that has to be in physical range. Second and third factor authentications virtually remove the possibility of external success in cracking something. If it was even tied to specific machines that had to be physically present then that would destroy almost any kind of access I could think of even if an employee stole and released the algorithm.

Sure, you'd have workers on site that could abuse their access to the key algorithm and the physical devices for multi-factor communication, but they would be under incredibly close scrutiny and would be let go pretty darn fast by the people watching them and then that would be it (not to mention the employee would actually have to be the sort of person that can obtain a device containing information they'd want to hack). Combine it with stringent human management like making any device go through two random employees for the process and individuals may not even actually have access to both parts.

Surely there are ways like this that would ensure phone security for many years if not a decade. Two-factor authentication is currently amazing successful and if they tweaked it in the ways I specified then there would be nothing more secure on Earth that I know of. Even an offline machine you have to manually log into would be less safe than this.

 

[chimeracreator]

Let's say that they created a back door for new phones and such from the start. Something like bit locker that a key word could unlock. If left there, anyone who knew the word would get in. Now, let's say that the key word was tied to an algorithm that itself was under encryption with no back door.

For the sake of clarity this amounts to:

1. Generate the encryption key
2. Using a public key to decrypt the encryption key.

If left there, if the encryption ever got out or was successfully reverse engineered (not sure if non-back door encryption on it would prevent that) then anyone having it would be in. Next, let's include safety measures like it unlocking requiring second and third factor authentications that could include encrypted communication with a machine that has to be in physical range.

This part isn't possible. Cryptography doesn't respect physical demarcations. While the code you wrote to unlock the key could respect it if anyone got their hands on it they could easily remove these sections or fake them.

This leaves you with the much simpler and well examined approach of using a government held public key to encrypt and store a copy of your encryption key. In general this is how encrypted backup solutions work, and the approach has some merit. However from a technical standpoint it opens up two additional attacks:

1. Compromising the government's private key compromises all devices. This can be mitigated by limited the number of devices encrypted with each public-private key pair, but as private companies aren't supposed to hold these key the issue can not be negated.

2. Phones would still need to generate their own symmetric encryption keys which would then have to be encrypted and transmitted. This process is error prone and a skilled attacker could prevent the encryption key from ever being received by a government system.

 

[Lightknight]

Let's say that they created a back door for new phones and such from the start. Something like bit locker that a key word could unlock. If left there, anyone who knew the word would get in. Now, let's say that the key word was tied to an algorithm that itself was under encryption with no back door.

For the sake of clarity this amounts to:

1. Generate the encryption key
2. Using a public key to decrypt the encryption key.

I'm sort of talking more about what World of Warcraft does. You don't have a single key so much as the two sides have a pre-arranged agreement to generate a certain key if given certain parameters at a certain time. So while one key works for five minutes, it may never work again.

So I'm not talking about the key word being "applerules" and suddenly everyone can get into phones.

If left there, if the encryption ever got out or was successfully reverse engineered (not sure if non-back door encryption on it would prevent that) then anyone having it would be in. Next, let's include safety measures like it unlocking requiring second and third factor authentications that could include encrypted communication with a machine that has to be in physical range.

This part isn't possible. Cryptography doesn't respect physical demarcations. While the code you wrote to unlock the key could respect it if anyone got their hands on it they could easily remove these sections or fake them.

1. What if the key generator remains on an encrypted partition that itself has no back door? Bit Locker doesn't have to encrypt an entire drive and to be honest at multi-terabyte drives that could take a hell of a long time to do. But it can encrypt folders and partitions without encrypting the rest of the drive. The 2nd and 3rd factor authenticators would also be stored on devices with no back door in their encryption either.

2. Why would they be able to remove the two and three factor authentications if those are required to gain access to the phone in the first place? Hypothetically, even if you already knew the key you'd only have one of three or more keys. Hell, Apple could make them have to undergo a hundred factor authentication process and really gum up people's ability to rip them off. It could even be crazy where the employee has to apply the machine factor keys in a specific order.

3. I'm not talking about these things being given to the government. I'm talking about Apple and Microsoft and whomever else having a department like this and being able to bill the government for their services of unlocking these phones. I think it's totally bogus for the government to force anyone to do a job. The government can't enact temporary slavery just because they don't know how to get into a phone. Hypothetically, this would also produce a side business for these companies if someone gets locked out of their own phone and can prove identification.

I'd love it if they code named their encryption Ring at this point and and their decryption department Mordor...

4. I know you say they don't respect physical boundaries. But all I'm saying is that in addition to email based two factor authentication, they could also set up entire machines that are fully encrypted (again, no back doors present on these key machines) that themselves have to shake hands with the phones. Machines that are never exposed to the internet and generally only shake hands with these phones. That could present a markedly more difficult challenge to spoof in that you'd literally have to be one of a handful of people who maintain these machines that could have any kind of serious access to them.

The future probably has a bunch of apps that encrypt your data instead. That would probably be impossible to police. But for the major carriers it's all about casting the widest net.


5. The initial symmetric key is really just to start the communication. The idea is to assume that this will eventually get out but to make it hard enough that it should be years before that is reverse engineered. Hopefully years after the next phone has already replaced it and made un-encrypting it pointless. If you really think about it, our current market only needs about 3 years minimum to delay things. If they can get to 5 or more years then for all intents and purposes it will succeed.

6. Is there any secure way to update security on phones? My guess is since it is transmitted that it might be impossible. But if there are secure connections that can be made or perhaps if they have people go into physical store fronts to update then it's not unreasonable that every couple of years they could change the algorithm and factor keys for the security conscious.

 

[chimeracreator]

Let's say that they created a back door for new phones and such from the start. Something like bit locker that a key word could unlock. If left there, anyone who knew the word would get in. Now, let's say that the key word was tied to an algorithm that itself was under encryption with no back door.

For the sake of clarity this amounts to:

1. Generate the encryption key
2. Using a public key to decrypt the encryption key.

I'm sort of talking more about what World of Warcraft does. You don't have a single key so much as the two sides have a pre-arranged agreement to generate a certain key if given certain parameters at a certain time. So while one key works for five minutes, it may never work again.

So I'm not talking about the key word being "applerules" and suddenly everyone can get into phones.

If left there, if the encryption ever got out or was successfully reverse engineered (not sure if non-back door encryption on it would prevent that) then anyone having it would be in. Next, let's include safety measures like it unlocking requiring second and third factor authentications that could include encrypted communication with a machine that has to be in physical range.

These systems use encryption, but they aren't actually encryption systems themselves. These are authentication systems that use a shared symetric key which is generated at the time the device is initially synced. Both devices then generate a hash using their shared key plus a time epoch which lets them authenticate to each other.

Unfortunately none of this helps to actually securely encrypt the device's encryption key. For that you need to use public key cryptography.

1. What if the key generator remains on an encrypted partition that itself has no back door? Bit Locker doesn't have to encrypt an entire drive and to be honest at multi-terabyte drives that could take a hell of a long time to do. But it can encrypt folders and partitions without encrypting the rest of the drive. The 2nd and 3rd factor authenticators would also be stored on devices with no back door in their encryption either.

The security of the key generator isn't the primary problem with this scheme. This is part of Kerckhoffs's principle. Also to run the generator you would still need to decrypt it, and if the generator was in constant use it would need to stay decrypted. As such it could be harvested from memory if the host was compromised, which is a technique that's widely used to steal credit card numbers already.

2. Why would they be able to remove the two and three factor authentications if those are required to gain access to the phone in the first place? Hypothetically, even if you already knew the key you'd only have one of three or more keys. Hell, Apple could make them have to undergo a hundred factor authentication process and really gum up people's ability to rip them off. It could even be crazy where the employee has to apply the machine factor keys in a specific order.

I'm not exactly sure what you're saying here. Authorization controls normal access to a system. Direct physical access allows you to bypass authorization layers, which leaves only encryption. If you're talking about adding authorization layers onto the server system which hosts it that can help, but that won't stop them from being a target for hackers.

3. I'm not talking about these things being given to the government. I'm talking about Apple and Microsoft and whomever else having a department like this and being able to bill the government for their services of unlocking these phones. I think it's totally bogus for the government to force anyone to do a job. The government can't enact temporary slavery just because they don't know how to get into a phone. Hypothetically, this would also produce a side business for these companies if someone gets locked out of their own phone and can prove identification.

These companies honestly have a hard enough time securing themselves against everyone who wants to hack them now. They don't want to add an even more tempting target on their backs.

4. I know you say they don't respect physical boundaries. But all I'm saying is that in addition to email based two factor authentication, they could also set up entire machines that are fully encrypted (again, no back doors present on these key machines) that themselves have to shake hands with the phones. Machines that are never exposed to the internet and generally only shake hands with these phones. That could present a markedly more difficult challenge to spoof in that you'd literally have to be one of a handful of people who maintain these machines that could have any kind of serious access to them.

Again, this has to do with the authentication phase to get the master key not encryption.

5. The initial symmetric key is really just to start the communication. The idea is to assume that this will eventually get out but to make it hard enough that it should be years before that is reverse engineered. Hopefully years after the next phone has already replaced it and made un-encrypting it pointless. If you really think about it, our current market only needs about 3 years minimum to delay things. If they can get to 5 or more years then for all intents and purposes it will succeed.

Nope, the first symmetric key is for the phone itself. This is the only key which can actually decrypt data on the phone. Everything else is just a protection for it, including the fact that it is encrypted based on a much weaker user provided passkey.

6. Is there any secure way to update security on phones? My guess is since it is transmitted that it might be impossible. But if there are secure connections that can be made or perhaps if they have people go into physical store fronts to update then it's not unreasonable that every couple of years they could change the algorithm and factor keys for the security conscious.

In general yes, it is possible to update the security on phones. However the most secure systems available use purpose built chips for this and as such they cannot be upgraded, but also aren't vulnerable to a host of attacks that the iPhone can be hit with.