Apple’s new challenge: Learning how the U.S. cracked terrorist’s iPhone

“Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.,” Katie Benner, John Markoff and Nicole Perlroth report for The New York Times.

MacDailyNews Take: The United States government has claimed it’s cracked open an iPhone. We’ve seen no proof of that fact. Show us the cafeteria tray photos that we paid for, FBI!

“But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked,” Benner, Markoff and Perlroth report. “The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.”

“‘Apple is a business, and it has to earn the trust of its customers,’ said Jay Kaplan, chief executive of the tech security company Synack and a former National Security Agency analyst. ‘It needs to be perceived as having something that can fix this vulnerability as soon as possible,'” Benner, Markoff and Perlroth report. “‘There is very little debate that it is in everyone’s best interest that Apple find out about this vulnerability and everyone should be asking why that is not the case,’ said Alex Rice, the chief technology officer at HackerOne, a security company in San Francisco that helps coordinate vulnerability disclosure for corporations.”

Read more in the full article here.

MacDailyNews Take: The Islamic terrorist’s government-issued iPhone 5C lacks a Secure Enclave. Newer iPhones may indeed be uncrackable by the FBI’s claimed undisclosed method (NAND-mirroring) via an undisclosed third-party (Cellebrite).

Again, if the feds fail to disclose, as we wrote last week:

Apple should simply buy Cellebrite and other entities like it and task these newly acquired engineers with hardening iPhone to ridiculously hack-proof levels.

Furthermore, the simple act of Apple acquiring Cellebrite will be a marketing coup as any doubts about iPhone security will be immediately erased.

Did the FBI just unleash a hacker army on Apple? – March 29, 2016
Apple declares victory in battle with FBI, but the war continues – March 29, 2016
Apple vows to increase security as FBI claims to break into terrorist’s iPhone – March 29, 2016
U.S. government drops Apple case after claiming hack of terrorist’s iPhone – March 29, 2016
Meet Cellebrite, the Israeli company reportedly cracking iPhones for the FBI – March 24, 2016


    1. I’m calling ‘bullsh*t’ on this story.

      The FBI didn’t crack anything. The FBI *said* that they did, released an unsubstantiated story to a bunch of news outlets and now there’s a bunch of speculation going about ‘how’ they did it, in an attempt to lend credence to the assertion.

      This is a disinformation campaign, designed to extricate Comey & the FBI from the unpopular position they’ve gotten themselves into.

      Remember, the FBI & CIA have Psy-op and propaganda specialists in their employ.

      *puts on tin-foil hat*

      Just because you’re paranoid doesn’t mean that they aren’t out to get you.

      1. I agree — it is all BS — they never cracked the phone. They said they did to save face. These are the same morons who couldn’t stop a bunch of people from crashing very large planes into the World Trade Center. Don’t give them too much credit.

      2. Chinstrap’s right. The FBI “claims” they cracked the phone.
        Start with George Carlin’s saying “I don’t believe anything
        the government tells me” and go from there.

  1. “The challenges start with the lack of information about the method that . . . ”

    The FBI should be more like the CIA and stop giving terrorist’s a playbook on how to keep their information private. Going after Apple in such a public way was a BIG mistake.
    In other words, keep your mouth shut! — and stop bashing Apple!

    1. And don’t forget:

      Apple’s 1 billion strong army that drove public supportand shut down the FBI, will again rise in Apple’s favor and defend its champoin at all costs if the government fucks with Apple.

      Consider this a sample of loyanty that is air tight.

  2. Current iPhones are very complex. I can’t begin to understand details behind their security.

    From a gut level, if the FBI/CIA needed physical access to hack an iPhone, then that tells me, the common criminal is of less concern.

    For the most part, software is the weakest link. But Apple is usually up on this and takes care of us in a timely way.

    The knowledge of how the FBI did it, which we know will leak out, could be meaningless to anyone other than a government agency.

    The simple difficulty of the task, does a couple of things, it adds cost and time to getting to someone’s data. With that, they will use it sparingly. When the task becomes easy and automated, then that is when governments will be tempted to implement mass surveillance, as recently documented in Southern California, where whole area codes were tapped, looking for drug traffickers.

    Our service providers need to develop technologies that make the process of surveillance, expensive and time consuming so that governments think twice before taking action.

    As it stands, with so much easy access to data, it has a negative effect of swamping our nations security in white noise. It’s an unnecessary invasion of privacy and it creates a huge haystack of information that makes finding relevant data more difficult. It’s an addictive activity, but using restraint is good for everyone.

    I am no expert… Just thinking about what it all means.

  3. There is no obligation for the govt to disclose to Apple or anyone the details of how they got into the iPhone. That’s secret info. So that will not be happening.

    No need to buy Cellebrite, it’s a good bet that the smart folks at Apple already have a very good idea of how the iPhone data was accessed. It’s not like Cellebrite has some magic tool.

    And anyone who worries that their iPhone will be hacked into the same way is a bit paranoid.

  4. If I were government and I realised that I can’t force Apple to unlock (bad political move – nasty backlash, lost of tax dollars), I won’t back down and say SORRY. That is a big loss of face. I’ll do what they did

  5. What about just this (1) one iPhone? The ONLY reason AAPL won this battle is because of Tim Cook. It did not hurt either that Apple has more cash on hand than most other governments. Tim Cooks last meeting before he was (informed by THE PRESS! of such action) told the incompetent dolts that “There is a lack of leadership in government”. Where was the narcissistic “PUPPET”?! Making nice with Cuba and sun tanning in Argentina! That’s where!!
    What a FCK in CIRCUS! Not my circus NOT my monkey. We are lucky to have such a LEADER in Tim Cook. The US GOVERNMENT is the pinnacle of corruption.
    Unlike the San Bernardino case, which played out in a hyper-political and very public way after Apple CEO Tim Cook made the company’s position clear in an open letter last month, the vast majority of other cases brought by the government have played out behind closed doors. That’s typically how these types of orders are sought, with a judge only hearing one side of the case — usually the government’s. In the 63 cases identified by the ACLU, judges approved the orders a majority of the time, often within a day or less of the request being filed.
    SAD. Lead, follow,…. OR GET OUT OF THE WAY!!

    Eric T. Mole is very much behind the scenes pulling on the PUPPET’s Strings. Why is he not being investigated?

    1. Here is the entire article.


  6. New York Times…meh
    “There is very little debate that it is in everyone’s best interest that Apple find out about this vulnerability and everyone should be asking why that is not the case,”
    Is that two and a half ‘strawman fails’_per_sentence a record?
    Does it come with extra fries?
    The world needs to know.

  7. MDN refers to the Secure Enclave, but I had previously thought it was called the Secure Element. I looked it up and found official Apple documents referring to “Enclave.” But I also found many tech article referring to Element. Did apple change this one mid stream like Bonjour (formerly Rendezvous)?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.