Apple remains in dark on how FBI hacked iPhone without help
ASSOCIATED PRESS
The FBI’s announcement that it mysteriously hacked into an iPhone is a setback for Apple and increases pressure on the technology company to restore the security of its flagship product.
WASHINGTON » The FBI’s announcement that it mysteriously hacked into an iPhone is a public setback for Apple Inc., as consumers learned that they can’t keep the government out of even an encrypted device that U.S. officials had claimed was impossible to crack. Apple, meanwhile, remains in the dark about how to restore the security of its flagship product.
The government said it was able to break into an iPhone used by a gunman in a mass shooting in California, but it didn’t say how. That puzzled Apple software engineers — and outside experts — about how the FBI broke the digital locks on the phone without Apple’s help. It also complicated Apple’s job repairing flaws that jeopardize its software.
The Justice Department’s announcement that it was dropping a legal fight to compel Apple to help it access the phone also took away any obvious legal avenues Apple might have used to learn how the FBI did it. Magistrate Judge Sheri Pym on Tuesday vacated her Feb. 16 order, which compelled Apple to assist the FBI in hacking their phone.
The Justice Department declined through a spokeswoman to comment Tuesday.
A few clues have emerged. A senior law enforcement official told The Associated Press that the FBI managed to defeat an Apple security feature that threatened to delete the phone’s contents if the FBI failed to enter the correct passcode combination after 10 tries. That allowed the government to repeatedly and continuously test passcodes in what’s known as a brute-force attack until the right code is entered and the phone is unlocked.
It wasn’t clear how the FBI dealt with a related Apple security feature that introduces increasing time delays between guesses. The official spoke on condition of anonymity because this person was not authorized to discuss the technique publicly.
FBI Director James Comey has said with those features removed, the FBI could break into the phone in 26 minutes.
The FBI hacked into the iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in December in San Bernardino. The iPhone, issued to Farook by his employer, the county health department, was found in a vehicle the day after the shooting.
The FBI is reviewing information from the iPhone, and it is unclear whether anything useful can be found.
Apple said that the legal case to force its cooperation “should never have been brought,” and it promised to increase the security of its products. CEO Tim Cook has said the Cupertino-based company is constantly trying to improve security for its users. The company declined to comment more Tuesday.
The FBI’s announcement — even without revealing precise details — that it had hacked the iPhone was at odds with the government’s firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.
The aim is to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.
As far back as 2002, the Homeland Security Department ran a working group that included leading technology industry executives to advise the president on how to keep confidential discoveries by independent researchers that a company’s software could be hacked until it was already fixed. Even now, the Commerce Department has been trying to fine-tune those rules. The next meeting of a conference on the subject is April 8 in Chicago and it’s unclear how the FBI’s behavior in the current case might influence the government’s fragile relationship with technology companies or researchers.
The industry’s rules are not legally binding, but the government’s top intelligence agency said in 2014 that such vulnerabilities should be reported to companies and the Obama administration put forward an interagency process to do so.
“When federal agencies discover a new vulnerability in commercial and open source software — a so-called ‘zero day’ vulnerability because the developers of the vulnerable software have had zero days to fix it — it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose,” the Office of the Director of National Intelligence said in a statement in April 2014.
The statement recommended generally divulging such flaws to manufacturers “unless there is a clear national security or law enforcement need.”
Last week a team from Johns Hopkins University said it had found a security bug in Apple’s iMessage service that would allow hackers under certain circumstances to decrypt some text messages. The team reported its findings to Apple in November and published an academic paper after Apple fixed it.
“That’s the way the research community handles the situation. And that’s appropriate,” said Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute. She said it was acceptable for the government to find a way to unlock the phone but said it should reveal its method to Apple.
Mobile phones are frequently used to improve cybersecurity, for example, as a place to send a backup code to access a website or authenticate a user.
The chief technologist at the Center for Democracy and Technology, Joseph Lorenzo Hall, said keeping details secret about a flaw affecting millions of iPhone users “is exactly opposite the disclosure practices of the security research community. The FBI and Apple have a common goal here: to keep people safe and secure. This is the FBI prioritizing an investigation over the interests of hundreds of millions of people worldwide.”
14 responses to “Apple remains in dark on how FBI hacked iPhone without help”
Leave a Reply
You must be logged in to post a comment.
Needs of the many outweigh the needs of the few.
Which is precisely why Apple did the right thing is refusing to budge. Billions of tablet and smartphone users should not have their privacy infringed upon because of two people. That would be like arguing all guns in the US need to be GPS tracked every second because of one shooting.
This is all assuming that the FBI isn’t lying about cracking the phone.
We know the FBI lied about the number of devices it was requesting on.
We know the FBI deliberately omitted how the terrorists destroyed their personal phones and computers.
We know the FBI had 11 prior requests for similar or identical technical problems and only went public with this one.
We know the FBI was facing nearly unanimous tech opposition and growing opposition from both parties.
We know the FBI was shaky on its reliance on the All Writs Act.
We know the FBI lied about no employer software management system on the phone.
We know the FBI deliberately spun this as merely unlocking rather than a building a backdoor.
We know the FBI knew there were other options such as decapping but refused to do them.
So how can we trust the FBI on their word they actually did it the DAY before the court date?
You seem to know a lot. I’m not sure if “We know” everything that you claim to know. Regardless, while I believe the FBI is very capable of lying, why would they do so here? They already had one judge side with them to order Apple to comply. They definitely have an interest in hacking the phone. Why would they claim claim this and give up actually doing so?
Actually we do. All of it has been covered in the news and the FBI has backed away from many of its arguments it previously made in the early days of the court of public opinion. The FBI flat out stated this is about one phone until Apple released the other 11 cases that the FBI wanted identical help for. The FBI has been caught lying about this case over and over and over again. And in virtually every FBI press release, they NEVER mention how the terrorists destroyed their personal devices. The tech media had to report that because the FBI didn’t want those pieces of information annihilating their narrative. The FBI has engaged in bold faced lies and lies of omission over and over in this to the point they have no credibility whatsoever.
Why would they claim this? To save face. If they went to court and lost, they would set a precedent against any future demands on the tech industry. Several law enforcement agencies have flat out stated that there isn’t likely to be anything of value on the phones. The FBI is purely doing this to create a legal precedent to require tech firms to create backdoors. With the legal case collapsing around them and the virtual certainty that Apple’s engineers will quit rather than comply in the rare chance the courts agree, the FBI was facing a lose-lose scenario. They lose in court, they set a precedent against them. They win in court they face a firm who’s key employees will quit and Apple can’t comply. And if they win in court, they are almost certainly going to face huge political backlash and legislation to curtail their new found powers. There really isn’t anything the FBI can call a win here.
Didn’t the FBI say they had an “unidentified outside source” who would help them hack into the phone? Now this story says the FBI didn’t have outside help???????
I hope the FBI doesn’t share how they cracked the phone, especially not with Apple !!!!
Exactly! Apple had the chance to comply with a proper court order, and they chose not to. Now that the FBI cracked it, Apple wants the FBI to tell them how they cracked it so they can patch the software. Too bad!
Agreed. Apple chose not to cooperate with the FBI. Now the shoe’s on the other foot. I hope the FBI tells Apple to go pack sand. Figure it out yourself, Apple!
You’re a big fan of Putin ordering the assassination of journalists aren’t you?
Common sense tells you that those persons entrusted with access to these encrypted devices must be absolutely enforced, with no exceptions whatsoever.
It also tells you that it is absolutely necessary to fight terrorism. If having this backdoor saves even one life, anywhere in the world, it is worth it.
Fascist regimes everywhere thank people like you. It is because of you that they will be able to track, torture and murder dissidents.
Bleeding heart liberal, through and through. Your thought process is very entertaining. Thanks for the laughs! I suggest you go to Iran or North Korea where you can practice your liberal philosophy and experience how REAL tyranny works. Don’t bother calling the U.S. Consulate collect.
One has to wonder if you are capable of understanding English.
Tell me why we should help Putin track journalists who reveal his corruption to help him murder them.
And if thinking that a society should be free to say what it wants makes me a bleeding heart liberal, then so be it. I’d rather live in a world that doesn’t give its government huge intrusive powers.
As i’ve said before, Republicans here HATE Libertarians and you’re a perfect example of it.