
FBI Makes Official Its Decision to Keep Apple iPhone Hack Secret - spuiszis
http://www.bloomberg.com/politics/articles/2016-04-27/fbi-makes-official-its-decision-to-keep-apple-iphone-hack-secret
======
pcl
This is a scary precedent.

From the bits I've seen of it, the Vulnerabilities Equities Process is a
really great bit of government transparency, run by a group of people who
understand that the best interests of different parts of the government and
the citizens of the country often end up at odds. The process allows for
vulnerabilities to be periodically reviewed so that the costs and benefits of
not disclosing can be weighed over time, and by an at-least-somewhat
independent group.

Just skipping it altogether because "we paid a contractor" completely subverts
the process. What's stopping all the TLAs from simply routing all their vulns
through a private third party and bypassing the VEP altogether?

~~~
bhuga
It's bad enough that the VEP was bypassed, but the high-profile, 7-figure
payout for the security researchers who had their hands on the bug is a
problem too. Plenty of bug bounty programs have remote code execution at $10k,
but the FBI paid _100 times_ that. That's an amount of money that some bug
hunters might find very challenging to turn down. And this is "above board",
with no shady bitcoin payments from dingy IRC channels.

~~~
zeckalpha
Even with it 100 times more, its still cheaper than the legal fees they were
facing.

~~~
maaku
I think you miss the point.

~~~
zeckalpha
Those are my tax dollars at work.

------
taildrop
This might be great for the FBI right up until they actually try to use the
evidence in court. The defense attorney can claim (rightly so) that unless
they can examine the unlock method to verify it doesn't tamper with any of the
data on the phone, the evidence is inadmissible.

The only way the FBI will be able to use this data in court is if they turn
the process over to the defense so they can have the process independently
verified. Since the article states that they don't have access to the
"technical details" of the hack, they have no way to prove the method doesn't
manipulate the data on the device.

~~~
djrogers
This was never intended to be used in court - the guy who carried the phone is
dead, as is his wife and partner-in-slaughter.

~~~
dantillberg
Information obtained from the phone could have been used to implicate a third
party, though.

~~~
MaulingMonkey
That's what parallel construction is for :(

~~~
seanp2k2
If they already had all the logs of everything happening on the Internet and
cell networks for that device, why even go through hacking the device?

~~~
dantaylor08
I don't even really trust that they _did_ hack it. Could just be a safe way
out when they realized apple wouldn't back down.

~~~
djsumdog
This! Why does everyone believe this FBI PR bullshit? It's classic propaganda
to save face.

------
justinlardinois
Did any of the commenters here actually read the article?

 _Although the FBI paid more than $1.3 million for the method, Amy Hess, the
agency’s executive assistant director for science and technology, said
Wednesday that it didn’t purchase the rights to the technical details and
therefore doesn’t have the necessary information to submit the method for an
Obama administration review known as the Vulnerabilities Equities Process.
"The FBI assesses that it cannot submit the method to the VEP," Hess said in a
statement. "We do not have enough technical information about any
vulnerability that would permit any meaningful review.”

...

The law enforcement agency bought the hacking tool from an entity it hasn’t
identified and then used it to access data on an encrypted iPhone_

It sounds like the FBI doesn't actually understand the details of how the
crack worked and was hand-holded through the process.

~~~
williamscales
I think the general implication that's being suggested is that the FBI is all
too happy to not know the details. It sets a dangerous precedent where these
sorts of things are routed through contractors so that safeguards like the VEP
are bypassed.

~~~
themartorana
Is there any sort of path to holding the FBI responsible for aiding and
abetting a criminal organization, or even working with domestic terrorists? I
imagine that's what I'd be labeled by the FBI if I hacked someone's phone (or
many peoples' phones) with this exploit.

~~~
roywiggins
The only phone we know has been hacked by this method is in the FBI's hands:
they have a warrant.

It's possible the contractor in question is a gray-hat hacker who really
hasn't ever performed the hack on any phones they don't own, which makes
everything they've done perfectly legal.

------
davesque
So, if I understand correctly, the FBI doesn't really know how the phone was
hacked? Wouldn't that also mean that they don't really know if the data their
contractors retrieved from the phone is really from the phone?

~~~
awqrre
"randomly" generated data, to assure accuracy

------
haberman
I've never seen government decision-making work first-hand, so I wouldn't
claim that this speculation should carry weight.

But if I was someone on the FBI side who wanted to "win" this somehow, I could
imagine how this might look like a victory. Apple wanted for its phones to
look so secure that they will even stand up to the government to protect them.
In response, the FBI made Apple's phones look so weak that anyone who has $1M
to spend on the black market can get in.

~~~
simondedalus
spending $1m to get into a 5c isn't exactly a PR disaster for apple.

~~~
nxzero
Agree, Is anyone even able to cite another singlural exploit that was solid
for over a million?

~~~
TACIXAT
Only seen that price for iOS jailbreaks. [1][2]

1\.
[https://www.theguardian.com/technology/2015/nov/03/jailbreak...](https://www.theguardian.com/technology/2015/nov/03/jailbreak-
for-iphones-wins-1m-bounty-zerodium-apple)

2\. [http://www.ibtimes.com/ios-9-jailbreak-reward-zerodium-
offer...](http://www.ibtimes.com/ios-9-jailbreak-reward-zerodium-
offers-1-million-bounty-hackers-unlock-apples-latest-2106420)

------
Claudus
Not to be a conspiracy theorist, but maybe they don't actually have a hack.
Maybe they just want people to think they do.

~~~
delecti
That seems like the most likely explanation to me too.

~~~
meddlepal
Really the most likely explanation is that Apple writes security bug free
code? My guess is the FBI found someone who knew how to exploit the phone or
asked a 3rd party with connections to the NSA so there is a level of plausible
deniability on the origins.

~~~
delecti
There are obviously security bugs in Apple's code, almost certainly some which
allow for breaking into a device. That's even more likely to be true because
the device in question wasn't fully updated.

However, the situation as I see it is this: The FBI realized they were going
to lose their legal battle to compel Apple to unlock the phone in question.
They then retracted their suit to avoid a precedent being set against them,
and announced "don't worry guys, we got in anyway" to deflect attention from
that particular iPhone, which they had argued was where the situation would
end in the first place.

Your explanation is certainly possible, I just don't think it's as likely that
they would really spend $1m on this phone which in all likelihood has nothing
of value on it to begin with.

~~~
janekm
For a government agency to spend money is not as undesirable as it would be
for you and me. Budgets have to be justified, and not spending money leads to
reduced budgets (and hence reduced influence). Spending budget on high-profile
projects can be seen as beneficial to career advancement. Though, $1 million
wouldn't get you far if it wasn't for the high-profile nature of this
"project"...

------
danenania
If the FBI can pay a million for the hack, what's stopping Apple? I'd expect
them to be fully aware of it by now.

~~~
Someone
I would think the fact that they don't have an official bug bounty program
makes it unlikely they have an unofficial one. If you are buying, it doesn't
harm to make that public.

On the other hand, cases like these may make them consider starting a bug
bounty program. and of course, they may already be advertising where it
matters (e.g. by calling various hackers, or by using an intermediary to buy
hacks) without telling the whole world.

~~~
Rumudiez
I think it would be against Apple's brand image to publicly invite people to
break their software, but your last point could be the case in a very limited
fashion.

Apple has persisted its appearances in shipping stable, valuable software and
hardware the first time quite well. No hiccups allowed here.

Admitting they can't catch every last bug before release would be killing this
advantage in public perception they have over competitors like Microsoft.

~~~
madeofpalk
I don't think the general public has this perception at all. Many of the non-
tech (and tech) people I talk to hold off on updating iOS because they think
it's always more buggy. I know people who swear by buying only the S models
because they assume by then all the kinks would be ironed out and the phone
will be more stable.

------
Esau
I personally don't have a problem with this, just as I had no problem with
Apple not wanting to help the government with an investigation. I don't think
it is right to want it both ways.

~~~
Johnny555
If the FBI were a private organization, I'd agree with you, but the FBI is
paid by the public and is supposed to be protecting the public, so they should
not leave the public open to a gaping security hole in a product that millions
of people use.

They can't even pretend that the technique would never be utilized by "bad
guys" outside of the USA government since whatever the technique is, it's
already available for purchase.

~~~
marcoperaza
Yeah, and British intelligence should have just called up the Germans to tell
them that their Enigma machines weren't configured correctly.

~~~
kmonsen
I'm guessing you are just trolling, but still going to address this.

Every time an american agency finds a vulnerability they are faced with a
choice: \- Use it, possibly against foreign targets \- Share it with american
vendors to make the country and its businesses safer

It should be clear that in most cases the value of protecting american
interest is vastly more valuable than attacking foreign interests.

It's like Clinton lobbying cruise missiles at Afghanistan, whatever they
destroyed was worth a lot less than the missile itself. If for example Apple
and Google can be protected that is probably worth a lot more than whatever
can be gained by using this offensively.

And note that every time a cyber weapon is used there is a large risk that the
entity being attacked can learn how the attack worked and use this back at
your interests.

~~~
marcoperaza
You're absolutely right that there's multiple interests being balanced here.
That's the point I was trying to make.

I think the FBI is making the right call here. An exploit that requires
physical access to the phone and that sells for a million dollars per use is
not a big risk to anyone.

------
krisgenre
I am really beginning to think if the FBI actually used a hack. There were
reports that the passcode was changed when in FBI's possession, what if this
was just a deliberate attempt to force Apple to create a backdoor?

~~~
madaxe_again
You mean they had access in the first place, and this is all smoke and mirrors
to cover the fact that they were bluffing when they were trying to subvert
apple, and there is no hack?

Plausible, actually - and if they wanted a cover story that would cause apple
as much collateral damage as possible, they've chosen well - as blowback
doesn't matter to the FBI. They're untouchable gods, above the law, above
public sentiment.

------
JustSomeNobody
Would FOIA apply here in any way?

~~~
djrogers
They could just reject the FOIA claim, stating it's part of an 'active
investigation' for the next decade or so.

------
coherentpony
Oh, now they care about privacy.

------
nodesocket
I assume Apple already knows the hack/vulnerability. Apple should announce
they know it, fix it, and give the FBI a big F-U.

~~~
lostgame
Uh...this is probably a hardware flaw.

Without recalling _all_ iPhones prior to the Secure Enclave, I'm not exactly
sure how they would 'fix it'.

------
djrogers
[https://www.whitehouse.gov/the-press-
office/2015/02/13/execu...](https://www.whitehouse.gov/the-press-
office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-
information-shari)

Then again, goose!=gander

------
digler999
Micro-probing the bus lines, to disable the self-destruct or time-delay
counter ? Or perhaps "glitching", sending badly-timed signals to the specific
part of the asic that keeps count of the number of bad tries, causing it to
lock up. Then brute forcing it at high speed.

~~~
j1vms
> sending badly-timed signals to the specific part of the asic

I would imagine that sort of thing would be very expensive to do correctly,
unless you are only talking about feeding badly-timed signals at the asic
pins.

~~~
digler999
_someone_ out there helped design the asic/MCU that does this. individuals on
that team would know how to do it very easily because they built the freakin'
thing.

------
icpmacdo
These times are so interesting. The FBI is making policy that they wont expose
the 0 days they bought for over a million USD. We need to consider the amount
of cool things we learn right now and appreciate it.

------
mattnumbe
Ive got a friend at Sun Corporation who, a few weeks ago, when I congratulated
her on the recent (unconfirmed) news of her company, she said it was
Cellebrite's news and not theirs.

------
mikx007
What would stop one or couple of apple engineers from creating a backdoor and
then selling a "unlock service" trough some foreign intermediary making $1 mil
each time?

~~~
eumoria
probably the threat of being caught and subsequent consequences probably stop
them. also (not saying Apple does and it's hard to do) but companies
compartmentalize portions of software making it difficult for an individual to
go rouge and break apart the security. higher up engineers probably could but
the risk is pretty crazy especially with the new "we can just do whatever we
want" terror laws that they would probably lay on them

~~~
therein
> not saying Apple does and it's hard to do) but companies compartmentalize
> portions of software making it difficult for an individual to go rouge and
> break apart the security

Apple does this to an extreme. You can't even see the code to projects you are
not on. Oh someone else's code has a bug? Well, you can do symbol search
across the entire codebase but you will get the line featuring the symbol, the
line above it and the line below it.

------
namelezz
Is FBI faking again [1]?

[1] -
[https://news.ycombinator.com/item?id=11578240](https://news.ycombinator.com/item?id=11578240)

------
pfista
Isn't this title a little misleading if they never knew the actual technical
process of hacking the iPhone? They can't share what they don't know.

------
yeukhon
Are we sure the FBI is not bluffing?

------
zmmmmm
I hope that the security community reciprocates: if the FBI won't disclose
security flaws to the community, then neither should the security community
give the FBI any special privilege or notice in disclosing flaws in FBI
software. The FBI might then learn about the benefits of disclosure the hard
way.

------
dimino
Just seems petty of the FBI to actually make an official announcement like
this. I get if it's understood that they're not releasing it, but why make a
formal press release about it?

------
CamperBob2
Translation: _We got taken for a $1M ride, and have neither a valid exploit
nor any data to disclose._

