Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

It's Over: The FBI says it has hacked into the San Bernardino shooter's phone without Apple's help
Business Insider ^ | 03/28/2016 | Kif Leswing

Posted on 03/28/2016 4:42:23 PM PDT by SeekAndFind

Apple won a major victory in its showdown with the government when the US Justice Department (DOJ) abandoned its plans on Monday to force the company to write software to bypass iPhone security measures.

The Justice Department told a federal court on Monday that it no longer needed Apple's help to access data on an iPhone used by one of the San Bernardino shooters, and requested that its original order for Apple's technical assistance be withdrawn.

According to the DOJ, the reason it withdrew is because it was successfully able to access the data on the iPhone without Apple's help.

Magistrate Judge Sheri Pym vacated the original order.

Last week, the DOJ asked to delay a hearing over the issue because the FBI said it had found a "third-party" that may have been able to get into shooter Syed Farook's iPhone, meaning that Apple's help would not be needed. Monday's developments indicate that the FBI was successful.

The DOJ said in a statement:

"The FBI has now successfully retrieved the data stored on the San Bernardino terrorist's iPhone and therefore no longer requires the assistance from Apple required by the Court Order. The FBI is currently reviewing the information on the phone, consistent with standard investigatory procedures.

It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails. We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

(Excerpt) Read more at businessinsider.com ...


TOPICS: Computers/Internet
KEYWORDS: apple; bhodoj; counterterrorism; fbi; iphone; sanbernardino; terrorism
Navigation: use the links below to view more comments.
first previous 1-2021-4041-42 next last
To: arl295

Do you hold a current CISSP?

Apple’s 256 bit AES encryption is about as good as it gets in the civilian space. Same for Samsung, etc.

If you think this is an Apple ‘fail’ then you don’t understand encryption.


21 posted on 03/28/2016 5:11:57 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Blueflag

I haven’t been paying too much attention but I thought the issue was bypassing the safeties that kept them from getting to the brute-force process.

Something about ten bad passwords in a row and the phone would delete the data, and how fast it could be fed passwords.

At least that’s what I read around here somewhere.


22 posted on 03/28/2016 5:26:59 PM PDT by PLMerite (The Revolution...will not be kind.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: eyeamok
"The FBI has always had the info, Looks more like Netanyahu poking Obama in the eye. My Money says The Israeli’s went Public with the offer just to piss off Obama."

From the land of milk and honey, they give us a schadenfreude moment that is delicious at the uber hollier than thou Silicone Valley-er's and Leer Deader expense. The Irony is the wack jobs phone were the same enemies Israel has and Tim Cook and "some other guy" can't see it, have disdain for Israel, or anti-Semites or all of the above. We will never understand how their brains work, they see the world 180 degrees from where we see it.

But to those that did this off and for eyeamok's observations,...

Bravo!


23 posted on 03/28/2016 5:37:09 PM PDT by taildragger (Not my Monkey, not my Circus...)
[ Post Reply | Private Reply | To 19 | View Replies]

To: PLMerite

When you create a PIN on your iOS device, THAT act causes the operating system to encrypt the data on your device, and requires a PIN that not only opens up the UI to use, but also that when the PIN is entered the OS employs a ‘key’ to unlock the encryption so the data are available to the user, the apps on the phone, or another device connected to the iOS device - by wired or wireless connection. The level of encryption employed is a 256 AES (Advanced Encryption Standard) bit ‘key’ — think about the nonsense key you enter to make downloaded software function; it’s somewhat like that but ‘longer.’

The data on an iOS encrypted device, or a Samsung or LG or HTC encrypted device are highly secure ‘at-rest’ by virtue of your PIN (not very secure) and the device-level encryption.

When you miss-guess the PIN too many times, Apples (and some others) “brick” to a locked unusable state that is AES encryprted, while Samsung Androids for instance reset-to-factory setting (’wipe’ the data, but really just destroy the keys to it— leaving the device bootable in a ‘from the factory’ state ... but your data that might remain are still 256 bit encrypted, with no key available)

256 bit AES encryption is in theory “computationally secure” - meaning (in theory a regular brute force attack - generating keys until the data are decrypted— would take longer than our lifetimes) your data are highly secure from someone trying to break through the front door. FRONT door is a key word. Apple refused to admit to, offer up, or develop a “back door”.

Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed.

NET: Apple’s security is no better or worse than the industry standard for “highly-secure” — 256 bit AES.

NET: APPLE cannot on its own restore a deleted key in the key store. You cannot send a “bricked” iOS device to Apple and have them unlock it.

NET: APPLE refused to build a back door for future use.

I hope this helped a little.

REM: 256 bit encryption is 10e128 ‘times’ more secure than 128 bit encryption in common use over the public internet.


24 posted on 03/28/2016 5:50:57 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 22 | View Replies]

To: SeekAndFind

Good for them


25 posted on 03/28/2016 5:51:35 PM PDT by wardaddy (Cruz path to nomination is a box canyon)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SeekAndFind
The situation is best explained here.

Electronic Frontier Foundation


26 posted on 03/28/2016 5:58:56 PM PDT by familyop ("Welcome to Costco. I love you." --Costco greeter in the movie, "Idiocracy")
[ Post Reply | Private Reply | To 1 | View Replies]

To: PLMerite

By the way, a clarification.

There *IS* a program from Apple called the Device Enrollment Program, or DEP.

There is a class of enterprise security software call MDM, or EMM - for managing and securing mobile devices, and it is in common use in the enterprise, healthcare and public sector worlds.

This software enables the company to see, secure and manage that device; control the apps on device and how they connect back into the company; restrict web site access; and wipe or lock the device (but only the enterprise data, NOT your photos) if it is lost, reported stolen, or simply in a state outside of corporate policy.

Until recently even THAT software could not un-brick an APPLE device that was locked by multiple password fails, or en employee refusing to provide it when they leave the company.

With the advent of Apple DEP, an ‘enrolled’ device can be un-bricked when the administrator of the EMM software sends a code to the device from the EMM. For what it’s worth, APPLE does not have this code; rather it is passed to the company when the device is enrolled in the DEP, and so STILL APPLE cannot un-brick a device - only the rightful owner. Apple DEP is a new, free service.

An analogous service/feature is available from Google for Androids Marshmallow and newer - called Android for Work.


27 posted on 03/28/2016 6:00:30 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Blueflag
"Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed."

I doubt its anything like that. What is most likely is that they cloned(Nand Cloned?) the entire contents of the phone and emulated it in a virtual machine. They try 10 tries at the pin, if it bricks, they kill the virtual machine and spawn a new one. Rinse, repeat until they get a valid pin.

Clearly it takes some pretty sophisticated techniques to accomplish this but it's faster than trying to brute force a 256bit key, which it's essentially impossible as we know it today.

28 posted on 03/28/2016 6:04:44 PM PDT by Malsua
[ Post Reply | Private Reply | To 24 | View Replies]

To: Malsua

Might be a novel way - create ‘billions’ of virtual machines and brute force them. You don’t need to copy the data, just enough of the OS and the keystore ... until one opens. Create and discard in a ‘wave’ as they brick, freeing up prior disk space and processor power.

Finally you guess right ad win the PowerBall.

Probably could be done on a few terabytes of fast solid state disk space and an obscene amount of RAM.

Clever.

I like the way you think ...


29 posted on 03/28/2016 6:09:58 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 28 | View Replies]

To: SeekAndFind; Blueflag

Such encryption can be cracked with one of the few supercomputers or with a very large distributed computing effort. It’s a matter of whether or not the cracking needed has a high enough priority for the time and resources required for either kind of effort. And if so, likely a matter of weeks.


30 posted on 03/28/2016 6:10:13 PM PDT by familyop ("Welcome to Costco. I love you." --Costco greeter in the movie, "Idiocracy")
[ Post Reply | Private Reply | To 1 | View Replies]

To: butlerweave
good find!
31 posted on 03/28/2016 6:10:26 PM PDT by vigilante2 (Re-elect nobody)
[ Post Reply | Private Reply | To 17 | View Replies]

To: SeekAndFind; Blueflag

And with such an effort, BTW, only one instance of encrypted data is cracked—not the encryption scheme.


32 posted on 03/28/2016 6:12:33 PM PDT by familyop ("Welcome to Costco. I love you." --Costco greeter in the movie, "Idiocracy")
[ Post Reply | Private Reply | To 30 | View Replies]

To: familyop

Probably not weeks - think ‘eons.’ ;-0

Just over 10e77 combinations in a 256 bit key.

Here’s a fairly easy read on the topic — http://www.eetimes.com/document.asp?doc_id=1279619


33 posted on 03/28/2016 6:14:11 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 30 | View Replies]

To: familyop

That’s true - you have only stumbled upon the key for THAT device.


34 posted on 03/28/2016 6:14:53 PM PDT by Blueflag (Res ipsa loquitur: non vehere est inermus)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Blueflag

As encryption becomes stronger and more prevalent (the need is obvious) it will become a major problem for even mundane court cases like thefts and assaults.
From this case it seems that manufacturers are not taking the needs of the justice system into account, in effect selling encryption at society’s expense.
Surely it’s not difficult to offer secure encryption that will not make our courts useless.


35 posted on 03/28/2016 6:17:54 PM PDT by mrsmith (Dumb sluts: Lifeblood of the Media, Backbone of the Democrat/RINO Party!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: SeekAndFind

..proof that there really is a Chloe O’Brien...


36 posted on 03/28/2016 6:20:04 PM PDT by WalterSkinner ( In Memory of My Father--WWII Vet and Patriot 1926-2007)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Blueflag
"Here’s a fairly easy read on the topic — http://www.eetimes.com/document.asp?doc_id=1279619"

Thanks.


37 posted on 03/28/2016 6:37:00 PM PDT by familyop ("Welcome to Costco. I love you." --Costco greeter in the movie, "Idiocracy")
[ Post Reply | Private Reply | To 33 | View Replies]

To: SeekAndFind

Was it Apple + Israeli company + NSA that cracked the encryption?
Apple ceo given choice of cooperating or jail?


38 posted on 03/28/2016 7:18:11 PM PDT by minnesota_bound
[ Post Reply | Private Reply | To 1 | View Replies]

To: mrsmith
Surely it’s not difficult...

...to make a tasty double cheeseburger with only 10 calories.
...to make a car that gets 500 miles to the gallon.
...to abolish taxes without making unpopular spending cuts or increasing the deficit.
...etc.

Math works the same way for Good Guys and Bad Guys. A back door created for Good Guys will be used by Bad Guys. That's just how reality is.

39 posted on 03/29/2016 8:06:42 AM PDT by Cyberman
[ Post Reply | Private Reply | To 35 | View Replies]

To: Cyberman

Now the FBI can find a way to blame a tea partier.


40 posted on 03/29/2016 8:42:51 AM PDT by freedomlover
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-42 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson