“The FBI may be allowed to withhold information about how it broke into an iPhone belonging to a gunman in the December San Bernardino shootings, despite a U.S. government policy of disclosing technology security flaws discovered by federal agencies,” Dustin Volz reports for Reuters.
“Under the U.S. vulnerabilities equities process, the government is supposed to err in favor of disclosing security issues so companies can devise fixes to protect data,” Volz reports. “The policy has exceptions for law enforcement, and there are no hard rules about when and how it must be applied.”
“The referee is likely to be a White House group formed during the Obama administration to review computer security flaws discovered by federal agencies and decide whether they should be disclosed,” Volz reports. “If a review is conducted, many security researchers expect that the White House group will not require the FBI to disclose the vulnerability it exploited. Some experts said the FBI might be able to avoid a review entirely if, for instance, it got past the phone’s encryption using a contractor’s proprietary technology.”
Read more in the full article here.
MacDailyNews Take: The FBI, in an effort to never let a serious crisis go to waste, despicably used dead terrorism victims to try to force the courts and public opinion to grant them a skeleton key into iOS.
The FBI either lied that they were unaware of other ways to get into that specific iPhone (Cellebrite is well-known; even Apple uses their services) than by trying to unconstitutionally force Apple engineers to write whatever the government dictates or the FBI is staffed by utter incompetents or both.
Apple could cement their win for liberty by simply buying Cellebrite, testing the method, stating publicly that all newer iPhones which contain the Secure Enclave have always been immune to hacking via the method the FBI paid Cellebrite to employ (NAND-mirroring) on the terrorist’s San Bernadino County-issued iPhone 5C.
SEE ALSO:
Apple’s new challenge: Learning how the U.S. cracked terrorist’s iPhone – March 29, 2016
Did the FBI just unleash a hacker army on Apple? – March 29, 2016
Apple declares victory in battle with FBI, but the war continues – March 29, 2016
Apple vows to increase security as FBI claims to break into terrorist’s iPhone – March 29, 2016
U.S. government drops Apple case after claiming hack of terrorist’s iPhone – March 29, 2016
Meet Cellebrite, the Israeli company reportedly cracking iPhones for the FBI – March 24, 2016
so what?
for starters, they are not obligated to
(and for the record, i am TOTALLY on apples side here)
secondly, mr apple is the one who wrote the code for encryption, so unless they are entirely dim they should already have some notions of the existing vulnerabilities, plus be able to reverse engineer the process and identify the means by which the fbi managed to crack the code.
unless of course, they didn’t but are just saying they did in order to try to rattle apple
but if the crack is real, apple is fully capable in figuring this out for themselves and plugging the vulnerabilities.
And third, if someone did actually manage to do it and is *not* on the black side of hacking, their info will be more valuable to sell back to Apple after this thing is over with. Apple will eventually know anyway.
dr. spare machinery “they are not obligated to”
are fu$#!ING kidding me they work for us – the TAX PAYERS!
they are obligated to for security reasons also.
Dear dr. sparemachinery = a sudo tough name does not make you a know all, super dude! In fact more like the opposite – be carful about you perspectives.
dear g,
the fbi is not obligated to tell mr. apple how they broke the code. period.
never said they were not obligated nor permitted not to try to break it.
everybody, from the fbi to apple to amalgamated widgets inc. LLc. has their own ‘trade secrets”
competitors may figure out a way to steal, finagle or otherwise duplicate those trade secrets, but competitors are not obligated to share them.
ps the word you were grasping for was pseudo, not sudo.
yer pal, the good doctor and even better speller and grammarian.
The Feds will not share national secrets with average citizens. To test this, call CIA, FBI, and NSA as see how far you get.
I think it’s naive to think that Apple could get that method by “simply buying Cellebrite.” I would suspect the FBI has some sort of gag included in their contract that would prevent enyone with knowledge of the method from ever disclosing it.
I’ll bet Apple is already looking into the possibility that it’s NAND mirroring and what they can do about it, but I wouldn’t expect them to send out a press release.
It may never be revealed cuz it never happened!
If a case of this type ends up in court, any evidence gathered would be subject to scrutiny. It wouldn’t be possible for the FBI to simply say “This is what we found, but we reuse to disclose how we found it.”
The defence lawyers would want to be satisfied that the means used to gather that evidence were trustworthy and therefore they would require the FBI to disclose how they did it. They couldn’t get away with saying that incriminating evidence came out of the FBIs little magic box.
reuse = refuse
The FIB is already trying to block releasing the information in a court case I was reading yesterday. I can’t remember the state though.
Apple shouldn’t buy Cellebrite, but maybe hire the chief engineer.
“… about how it *purportedly* broke into an iPhone…”
Unsubstantiated claims and rumors of claims made by lazy, willing accomplices in media doesn’t mean it’s true.
Pictures, or it didn’t happen.
The iPhone 5c does not have the secure enclave. It may well have been cracked and I wouldn’t be so skeptical. What we really want to know is if the technique they used also works against newer iPhones with the secure enclave.
It is important to understand the Apple’s goal in their encryption system was to prevent hackers getting into your data. There are several levels of security and the one we are most at risk of is hacker tapping into transmissions or remotely gaining access into a device.
The government or security forces still cannot do that with an Apple device so no snooping is possible. It does sound like that if they physically have the unit then they can decrypt the data. Since gaining access to a device will require a court order or have been collected at a crime scene then the level of access is significantly limited. If a phone is lost, it can be bricked and any credit cards linked to the device cancelled. This is exactly what would need to be done if you lost your wallet.
It’s not the “FBI method”… they hired another company, and that company has already revealed their process. Or am I missing something? I believe the process would’ve rendered the device useless afterwards?
Cellebrite have talked in vague terms about what they can do, but they have not specifically said exactly what they did with Farook’s iPhone. It’s possible that they used a technique which they haven’t previously talked about, but it’s equally possible that the FBI and/or Cellebrite are making more out of this than is appropriate. Both parties would benefit from people believing an inflated version of what might be possible.
Yay, the law-abiders will not have access to how to circumvent iPhone security.
If it (anything) exists, the law-breakers will obtain it if they haven’t already and use it in other law-breaking activities.
This is a simple pattern that can be applied to other similar discussions.
I think it’s extremely naive to think the FBI actually has a method that works. Soup to donuts they do nothing but piffle on about how it doesn’t work anymore, sorta like Uri Geller on Johnny Carson.
I love this can of worms. At the core of it, I don’t believe that FIB should reveal how it got passed the iPhone. It’s part of their secret sauce now and they can hide behind the same arguments that Apple used except being the government they can’t be bullied by the citizens who service them.
Even better if it’s a third party: “Some experts said the FBI might be able to avoid a review entirely if, for instance, it got past the phone’s encryption using a contractor’s proprietary technology.” That makes it totally secure, I mean no one short of a total moron bereft of any kind of morality would ask for the crown jewels and keys of a private company.
The good news is that while the FIB’s method of unlocking an iPhone may never be revealed odds are that Apple will know when the method no longer works. When that happens you can bet that FIB will be back requesting Apple to open a phone or they’ll come in and seize their crown jewels and keys.
I don’t know about you but it reminds me a bit of a bully, you know the type that can dish it out but that can’t take it.