
U.S. Says It May Not Need Apple’s Help to Unlock iPhone - qzervaas
http://www.nytimes.com/2016/03/22/technology/apple-fbi-hearing-unlock-iphone.html
======
nostromo
I suspect that the intelligence and law enforcement communities are afraid
that if this case goes to the Supreme Court the All Writs Act may be scaled
back or ruled unconstitutional.

The All Writs Act goes back to 1789 and is used for all sorts of things, like
wire tapping, obtaining call and ISP records, etc., and now trying to force
Apple to make malware for their own phone.

It's definitely a risk for the FBI to fight this battle and potentially lose a
tool they use all the time. Since there is probably no new info on the phone,
it may not be worth the risk of making this a big fight with a motivated and
well-financed adversary like Apple.

~~~
r00fus
So why did they push it so far? Was it really just a game of chicken where the
FBI wanted to stare down Apple?

~~~
ethanbond
I wouldn't be surprised. The fact that we don't hear about companies standing
up like this every couple of weeks might imply that the standard response is
compliance.

~~~
cema
Which in turn could mean that the standard request is valid, or appears to be
valid to the respective party.

------
ChuckMcM
I suspect this is a "Strategic Retreat" on the Justice department. The ability
to reflash the phone and avoid triggering the unlock erase was a pretty
obvious workaround.

So after investing a lot of time and money in trying to get case law to expand
the DoJ's power over corporations to conscript them into the War on the 4th
Amendment, it become possible that they would see a judgement against them
(especially if the Supreme court becomes more liberal with the next
appointment).

So I suspect the risk/reward outcomes of pushing this to a conclusion flip
flopped into more risk than reward and someone fairly high up said, "Ok kill
this whole effort before it makes things worse than they are."

Just an opinion of course but I think it fits the observed actions.

~~~
cageface
_especially if the Supreme court becomes more liberal with the next
appointment_

This is the only thing I'm not so sure about. This issue doesn't seem to
divide neatly along liberal/conservative lines.

~~~
PhasmaFelis
Yeah, this is one of those issues where Democrats and Republicans both just
assume that their party is the "good guys" and the other party is the "bad
guys," when in fact it's not a particularly partisan issue at all.

("Free speech" is another one of those--both parties have been pretty shitty
on free speech since 9/11, but everyone plays down their own party's sins and
screams about the other's.)

------
valine
So basically they're saying, "This isn't going according to plan. Let's wait
for another opportunity and try again."

~~~
Johnny555
And lets screw over Apple by claiming that we can crack the phone after Apple
claims that no one can.

We'll never have to prove it, so we win, Apple loses.

~~~
Avenger42
I don't think Apple has claimed no one can crack the phone. That's not what
this case was about.

~~~
Johnny555
There's a big difference between the actual details of the case (which few
outside of the technology fields understand) and the public perception of the
case. To the public, it was:

FBI: We need Apple to hack this terrorist's phone Apple: We could, but we
won't"

------
georgespencer
One of three things is true:

1\. The FBI is lying to save face,

2\. Someone -- but probably needs to be some _people_ \-- from Apple is
willing to help them,

3\. There is an undisclosed vulnerability in iOS which Apple is unaware of.

I find it really hard to believe that someone would disclose a zero day
exploit to the FBI without charging significant $ for it.

Am I missing something obvious?

~~~
Nadya
_> Am I missing something obvious?_

John McAfee did promise to do it for free. /½ s

The guy is eccentric but I don't think he's an idiot and I do think he is
likely talented, or at least rich enough to hire those who are.

That being said - he admits he was full of shit [0] and then claims that he
has a proper method that isn't full of shit but which he didn't want to
disclose. Chances are he's probably full of shit on that one too, given the
track record, but who knows?

[0] [http://www.dailydot.com/politics/john-mcafee-lied-iphone-
app...](http://www.dailydot.com/politics/john-mcafee-lied-iphone-apple-fbi/)

~~~
tptacek
He is an eccentric idiot. I am just enough _not_ of an idiot not to bet my
shoe for dinner that he had nothing to do with this, but I'm really close. If
I had smaller feet, I'd take that bet.

~~~
WalterSear
I'm a size 8 and willing to let you eat one from my pair of favourite shoes,
if that is more amenable.

But of course, only if The Most Interesting Douchebag In the World™ is even
remotely involved.

------
ipsin
Is it possible that Apple could file for a declaratory judgement with respect
to the All Writs Act, to remove the potential of the government filing
substantially the same request at a later date?

Until that happens, it seems like a very real risk to Apple's security claims.

------
hellbanner
I just want to point out that lots of HN recently has been saying "Apple would
NEVER deal with the FBI, there's too much risk of a leak!".. and yet, with the
example of what happened to Manning, Snowden (ETC) -- would you, with a 6
figure salary, want to tell the world of misdeeds when you could toil away
comfortably?

"So obvious no one will ever notice"

Apple removed their warrant canary about a year ago timed with press releases
about "revamping their privacy policy for better security and user happiness"
and a bunch of marketing bullshit. What I saw was the guarantees that they had
done everything they could to protect your data was gone, replaced by "we'll
follow the law" AKA they will screw you over willingly if they need to.

\---

Also, the FBI is NOT dumb. "Poor legal council" was mentioned in this thread.
With their budget, why would you not assume they have Grade AAA legal council?

\---

[https://news.ycombinator.com/item?id=11332377](https://news.ycombinator.com/item?id=11332377)

~~~
TazeTSchnitzel
What? Apple are quite good with privacy. Unlike Microsoft, for example,
Apple's operating systems have encryption on by default.

~~~
trakout
They removed their warrant canary. That's a giant red flag if there ever was
one. Cooperation w/ governments negates encryption, no matter how good.

~~~
hellbanner
Front page of HN says Apple suspects "third party tampering" with servers en
route to them. The plot thickens.

If you didn't build it, you can't trust it.

------
baldajan
What's interesting about this case is, when it started, the sides were split
50/50 between Apple and the FBI. But as time went on, and Apple's PR, legal,
and executive machine spoke and educated more people on the issue, the side
tipped towards Apple.

Then the congressional hearing happened, where Issa (R - Calirfornia) knew
more about the technical details of the phone than Commey. Given that Commey
didn't bring a technical aide with him, and him saying things like 'this
software would be obsolete because of newer iPhones, and wouldn't work on the
6 and 6S' were completely false and hard to imagine were made with merely
negligence (i.e. He was very clearly lying).

And after all that, and the FBI and DOJ PR machine trying to fight back, it
became clear that media was starting to side with Apple (Morning Joe on MSNBC
is a perfect example of what a 2-3 week time span can do to an opinion).

I even suspect the Judge would have also sided with Apple and the FBI would be
fighting for the appeal, and they would have known that. It's smart for the
FBI to drop the case, but timing + intentions to bring up the case in the
first place were scummy.

Let's remember that Commey, the director of the FBI, was a NY prosecutor.
Given that the current NY prosecutor wanted to unlock phones with ease (as
they don't have the resources of the FBI and access to the NSA), Commey was
"simply" trying to help a friend by deceiving the public and forcing Apple to
do something it didn't want to, that Apple knew it shouldn't. It simply wasn't
worth the fight, and I do believe it put the FBI in their place, as even a
terror attack couldn't even get them the mandate they sought. This is likely
not the end, and the FBI knows that any company that has the reach they need
will likely set a precedent against them, so it'll be interesting to see what
they do next.

All in all, what the FBI got out of this mess: making a whole lot of devices
and services more secure.

------
guscost
> On a conference call with reporters late Monday, a law enforcement official
> ... said the case was never about setting a precedent, but only about
> getting information from a dead terrorist’s phone

Pure 100% unpasteurized bullshit.

------
bcook
They could just contact geohot...

In some ways I suspect that the FBI's arguments are a smoke-screen to keep us
from talking about the fact that unknown 0-days exist and perhaps the NSA even
has a few.

~~~
TillE
It's not a very good smoke screen, since the most probable interpretation of
the filing is that the NSA has an exploit.

At least one security expert reported they were rebuffed by the FBI when they
offered to help, so I seriously doubt the "outside party" is outside the
government.

~~~
a3n
> It's not a very good smoke screen, since the most probable interpretation of
> the filing is that the NSA has an exploit.

I've wondered if the NSA already had the phone cracked, and Apple's help was
just parallel construction to not reveal capabilities.

~~~
BashiBazouk
Could the NSA crack the phone in a way that Apple engineers would not be able
to tell the phone had been cracked?

~~~
bcook
Presuming that we are unaware of the NSA's capabilities, the answer must be
"yes".

------
hackuser
There was no reason to think this phone, unlike every other system, was
uncrackable. Apple is setting impossible expectations, especially when the
attacker has the resources of the U.S. goverment.

------
nickbauman
_May?_ That's rich. They've always had the ability to circumvent the
encryption on Farook's phone since day one. They could have made a byte-by-
byte copy of the encrypted drive and bruteforced copies over and over. It's
just that they prefer to coerce Apple into making it _easier_ for them by
making GovtOS.

------
rubyfan
oh no what about that "dormant cyber pathogen" ?!?!?

------
RussellDussel
Can somebody please point out to me the obvious fact I am missing. Don't Apple
design their security such that even they themselves can't crack it? Like
storing hashed passwords, they don't want that kind of accountability. The
media keeps suggesting that Apple _won 't_ do it, I thought it would be the
case that Apple _can 't_ do it...

~~~
snowwrestler
Apple did try to design encryption that it can't break. But they also want to
be able to fix bugs. So they can update the OS on the phone even if it is
locked.

So by writing a new update, they could remove some of the ancillary security
features that reinforce short passcodes: the "wipe after 10 tries" feature,
and the "progressively longer delay between tries" feature. Without these, a
numeric (short) passcode can be brute-forced in a day or two. This is what the
FBI has been trying to force them to do: write a new update to remove these
features. That's what Apple has been refusing to do.

BTW, if you use a long alphanumeric passcode, then it wouldn't matter if Apple
was forced to push this update. A 15 character passcode with upper case, lower
case, numbers, and symbols would probably be safe from brute forcing no matter
how fast someone tries. But most folks are not willing to remember or type in
15 characters on their phone.

------
mattlutze
What courses of action are available for private persons to bring questions
like this in front of the Supreme Court? Is there something here that a
private individual / corporation could find cause for a suit against the USG,
so that the high courts have the opportunity to narrow the scope?

Or are we just left to petitioning and lobbying Congress to rewrite parts of
it?

------
cmurf
Dicks. They know they're fucked. They don't want a precedent. And they want to
bully everyone else like they did Lavabit.

------
batz
Surveillance only works when people believe their communications are private
and secure.

The 3rd party was probably NSA and they did not intervene up until because it
would reveal the existence of a cracking technique.

What changed is that weighed against a possible court verdict that would tell
every terrorist that no U.S. made device or encryption could possibly be
secure, (causing targets to avoid using broken crypto) revealing the existence
of a possible forensic technique was low risk.

The belief that it is possible to communicate securely is the most important
thing for spies to maintain. The FBI wants to discourage people from believing
it because they think it will make people less likely to commit crimes. The
spies want to encourage the belief because it ensures they can collect the
intelligence they need to maintain the status quo.

------
stestagg
Wouldn't it be great if Apple sued the FBI for details of the exploit, for
public interest reasons

------
studentrob
Beautiful. Congrats to the DOJ for seeing the light.

Will Obama now stop seeking "middle ground" as he mentioned at SXSW? Will
Burr-Feinstein halt their work on a backdoor bill? Nothing has changed on this
front, and there are still a host of reasons why a backdoor law is a bad idea.

~~~
joering2
Knowing both Burr and Feinstein past how little good their bills ever did, I
would highly doubt they ever stop wasting tax payers money.

------
lmcd
Here's one approach you could use if you had a reliable zero-day at your
disposal. I've been out of the jailbreak scene for a while, so I might be way
off the mark:

1) Have zero-day ([0]) that can be used to deliver executable payload over SMS
(think Stagefright). iOS devices can receive text messages _before_ the
filesystem is decrypted. Perhaps Apple should close this vector.

2) Deploy dylib that patches the SpringBoard UI (where the lock screen lives),
disabling the code that counts incorrect passcode attempts

3) Brute force the passcode

[0] [http://www.wired.com/2015/11/hackers-claim-million-dollar-
bo...](http://www.wired.com/2015/11/hackers-claim-million-dollar-bounty-for-
ios-attack/)

~~~
jamesrom
> Perhaps Apple should close this vector.

Perhaps. However, it's very likely that receiving SMS before decryption is not
a bug, but a feature.

------
a_imho
Is it normal to refer to the Justice Department as the U.S.? If I understand
correctly it is part of the Government, yes, but this whole issue was promoted
as FBI vs Apple, not US vs Apple. Not a native speak, just sounds strange to
me.

~~~
oddevan
I think it's just an easier-to-read headline; there's always some
oversimplification in those.

------
wahsd
Let's realize something here that I can attest to being 100% correct; the US
government is abysmally behind the curve ball on anything and all things
technology. I really even hate stating that because we are operating on a kind
of inertial perception of America's cyber might that partially was conjured
through movies and perception, but reality is that we are really bad off.
We're not just behind the curve ball, we're on a short bus trying to figure
out how to get to the damn ballpark.

The problem is a systemic one too, a lack of actual leadership, a personnel
problem if you will.

------
j1vms
And wouldn't it be ironic if the "outside party", referenced in the article,
was Apple itself. Maybe through several layers of indirection. Something to
think about, but most probably not the case.

------
Relys
Martin Hector (@marcan42) from the established hardware hacking group
fail0verflow has to say about the situation:
[https://marcan.st/2016/03/untangling-ios-pin-code-
security/](https://marcan.st/2016/03/untangling-ios-pin-code-security/)

Essentially you can just automate the backup/restore of the eMMC flash storage
and brute force the PIN. :)

------
sflicht
So does qualified immunity mean that Apple can't sue the Justice Department
for the (substantial) legal expenses it incurred?

------
XorNot
It seems far more likely then most of the conspiracy theories here that the
FBI was simply running parallel work for breaking into the phone that has
recently yielded results.

Since the All Writs Act has as a test, necessity, to stay within the law
they're required to notify the courts if that changes.

------
geekam
Can someone explain to me why is it wrong (cynical) to think they didn't have
this capability all along?

~~~
zaroth
It's not, and they did. What I don't understand why so-called "reporters" are
regurgitating the blatant trash from "unnamed FBI sources" as if it's fit to
print. I would hope at least to see front page NYT and WP editorials blasting
the FBI for their obvious failed attempt here to capitalize on a mass murder
for their own legal/policy purposes.

A few weeks ago they couldn't figure out how to unlock the phone, when it's
blatantly obvious the security weaknesses of the 5c, and today they suddenly
have seen the light but it just needs more testing? Department of Homeland
Security has been funding research into NAND-blockers for at least 6 years
now.

In a fair and adversarial system, the court would somehow sanction the FBI for
their prior sworn testimony that they couldn't do this themselves. But of
course when Federal agents lie under oath, it's not a crime, just a
misunderstanding.

------
nness
I've always wondered what the FBI really expected to find on the phone, and
more importantly, whether what they find will be worth the publicity and
debate.

If they find nothing, the perceived motive that they just wanted a backdoor
more than the device's data would feel all but confirmed.

------
pearjuice
Because iOS is closed source, proprietary software, the latest update might as
wel include a backdoor. Nobody knows. This isn't an issue about privacy but
rather with people comfortably trusting closed source software by the color of
Tim Cook's eyes.

------
the_watcher
I know this is somewhat counterintuitive, but this is potentially good news.
It means that we have not established precedent that the government can force
a private company to destroy even the illusion of privacy.

------
exabrial
This is the outcome I was hoping for... Apple is not weakening their products
and the USA is getting intel.

I would probably bet theyre getting in via an exotic side channel attack of
some sort to spy on the keys.

------
inci
What happens when Apple finds a way to secure this new attack vector. Is Apple
now actively working against the feds? That is certainly how it will be seen
by the US Gov.

------
astaroth360
If they actually manage to break into the phone, will that damage Apple's
reputation in the realm of security?

Anybody have any ideas what this 3rd party method could be?

------
thegayngler
There needs to be a constitutional amendment blocking the federal government
from this type of business disruption in the future.

~~~
vinay427
This sounds to me like the type of law that appears to solve a problem in this
particular case but would open a can of worms in other cases that involve
legitimate investigation into faulty business practices.

------
known
[http://www.iphoneasyunlock.com/](http://www.iphoneasyunlock.com/) FTW

------
pigpaws
There is always a coward willing to sell out their freedom and yours for their
own profit & "security".

------
tuyguntn
IMO.

1\. NSA and any other govt. organization do not need a help from Apple to gain
necessary information

2\. Most probably Apple and govt. are working together for the face of good PR

3\. Now after Apple keynote, seems like sales are ok, now they can publish
actual story step by step

In summary: digital is not secure enough to rely on, all other things are PR

------
awt
Perhaps they think they've successfully moved the Overton Window.

------
perfectstorm
what if Apple agreed to unlock it (either by custom software or by some other
means) but FBI won't say it publicly so Apple gets to save their face and FBI
gets what they want.

------
fredgrott
a greater concern is the NSA data hook that NSA is using to press any US
agency to mount court cases to support NSA's destroy encryption agenda...

------
abalone
While the legal maneuvering is interesting, I'd like to talk more about the
technical mechanisms. Is it _actually_ possible?

Snowden said the FBI is full of shit[1] and of course the phone is hackable,
citing an ACLU report.[2] This report states that one could "easily" bypass
the auto-erase-after-10-attempts function by popping out the Flash memory
chip, copying its contents into some sort of test rig wired in its place, and
then restoring it whenever it gets erased.

This is an interesting modification of an attack scenario laid out in an
excellent review of iPhone/iOS8 security by Matthew Green:

 _" Since only the device itself knows UID -- and the UID can't be removed
from the Secure Enclave -- this means all password cracking attempts have to
run on the device itself. That rules out the use of FPGA or ASICs to crack
passwords. Of course Apple could write a custom firmware that attempts to
crack the keys on the device but even in the best case such cracking could be
pretty time consuming, thanks to the 80ms PBKDF2 timing."[3]_

What this theoretical rig changes is it essentially allows a custom chip to
run on the device (namely a delete-proof Flash chip), bypassing the need for
Apple to write custom firmware. So a typical 6 digit one would take under a
day to crack, based on the 80ms cost per attempt.

So, it does seem possible to crack the pre-A7 phone in question with this rig.

However, and here is where it gets interesting, Apple has said conflicting
things about current phones. One the one hand, ever since the A7 they've added
a hardware-level escalating time delay between failed passcode attempts:

 _" On devices with an A7 or later A-series processor, the delays are enforced
by the Secure Enclave. If the device is restarted during a timed delay, the
delay is still enforced, with the timer starting over for the current
period."[4]_

This would in theory make it infeasible to attempt this kind of rig on a
current iPhone. Even a typical weak passcode would encounter an hour-long
delay at least once every 10 attempts. It could take years to bruteforce all
but the most predictable passcodes.

However, Apple has also said that "Yes, it is certainly possible to create an
entirely new operating system to undermine our security features as the
government wants."[5] This would seem to suggest that software alone could
enable bruteforcing, and this implication is in stark contrast to the
statement on hardware defenses within the secure enclave. (Did they mean
possible _only on pre-A7 phones?_ It sure feels like they feel there's more at
stake than that.)

So I don't know what to believe at this point. The ACLU seems wrong in
suggesting that this particular rig would work on anything but old pre-A7
iPhones, based on the current secure enclave's time delay. But Apple has
outright stated that GovtOS could enable the cracking of iPhones. So... how?

[1]
[https://twitter.com/Snowden/status/707299113449230336](https://twitter.com/Snowden/status/707299113449230336)

[2] [https://www.aclu.org/blog/free-future/one-fbis-major-
claims-...](https://www.aclu.org/blog/free-future/one-fbis-major-claims-
iphone-case-fraudulent)

[3] [http://blog.cryptographyengineering.com/2014/10/why-cant-
app...](http://blog.cryptographyengineering.com/2014/10/why-cant-apple-
decrypt-your-iphone.html)

[4]
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

[5] [http://www.apple.com/customer-
letter/answers/](http://www.apple.com/customer-letter/answers/)

------
jacquesm
Cold feet or technology?

------
marcoperaza
There's a lot of cynicism in this thread. Would you prefer that they try to
force Apple's hand anyway, even though they might have found another way that
makes the issue moot?

~~~
jacquesm
> Would you prefer that they try to force Apple's hand anyway, even though
> they might have found another way that makes the issue moot?

Yes, very much so. That way we can put this behind us rather than to wait for
the inevitable re-run with conditions carefully arranged to be more favorable
in order to set precedent.

~~~
marcoperaza
Their legal reasoning heavily relies on Apple being the only party capable of
assisting with unlocking the phone. They are talking about compelling someone,
so if there's a possibility that it's not necessary, they have a duty to find
out. Also, US courts don't rule on abstract ideas or hypothetical cases. No
"case or controversy", no judicial standing. If the FBI can unlock the device
without compelling Apple, there's no controversy since the FBI agrees Apple
wouldn't be required to help in that case.

~~~
jacquesm
Yes, but _that_ line of reasoning requires you to believe this was about the
phone's contents to begin with and it would take a serious act of suspension
of disbelief to go down that particular road with what's known about this
whole sordid affair to date. It's simply the FBI using a crisis to attempt to
expand their powers.

See also:

[http://www.npr.org/2016/03/14/470347719/encryption-and-
priva...](http://www.npr.org/2016/03/14/470347719/encryption-and-privacy-are-
larger-issues-than-fighting-terrorism-clarke-says)

