
FBI paid professional hackers one-time fee to crack San Bernardino iPhone - molecule
https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html
======
zxv
Responsible disclosure involves notifying the vendor (Apple) first.

[https://en.wikipedia.org/wiki/Responsible_disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)

If the FBI wanted to protect the public, responsible disclosure of the exploit
is a first step.

Sigh.

~~~
williamcotton
Apple used the FBI hearings as a public relations project. They lost all
sympathy from the Feds after that. They really should have played their card
differently but instead wanted to rally the public against a federal law
enforcement agency so they can prove to customers that they take privacy
seriously.

I'm not sure if Apple intended to rile up the Snowden/tin-hat wearing crowd
who thinks the government is out to get everyone, but that sure didn't leave a
nice aftertaste in the FBI's mouth.

Looking at this objectively, Apple shouldn't expect the curtesy of responsible
disclosure. If this makes the public wary of Apple ability to protect their
privacy, well, so be it. The FBI's duty is to actually protect the public, not
to protect the customers of a single corporation.

I think this is brilliant counter-marketing on the part of the FBI and a real
"fuck you" to Apple for turning a criminal investigation of a mass murder in
to some fucking sideshow circus where they could show the public just how much
more they care about privacy than the government.

EDIT: I'm sorry, but I have a rate limited account because my conservative
opinions are not valued by the HackerNews community. I have some follow ups to
your comments:

\---

> That includes protecting the public's communication from criminal
> eavesdropping, which they are undermining when they keep an exploit secret
> instead of responsibly disclosing it.

I'm sorry, but this is not how the courts see things. Please see
[https://en.wikipedia.org/wiki/Third-
party_doctrine](https://en.wikipedia.org/wiki/Third-party_doctrine)

As far as I'm concerned and as far as the US government is concerned, as soon
as you broadcast radio and electrical signals from your private person or
property, it's been published. That's how it's been since the beginning of the
country and that why Apple and Facebook are even allowed to sell your
information to third-party marketers. Everything that leaves your devices
legally has to be made public so our data can be legally sold.

This is also related to credit reports, doing-business-as, and many other
kinds of public record keeping. You should not expect privacy when buying and
selling goods in a public marketplace. How could you possible stop someone
from monitoring what you're buying and selling? Consumer reporting, public
record keeping, and public census data are incredibly important parts of our
institutions.

We're going to need a newly defined set of laws and regulations to actual
define what I've been calling "privished" works, that is, information that a
third-party is liable to both the individual as well as the government, to
make sure that the 4th amendment is still a two-way contract.

I suggest you brush up on some of your constitutional and common law
interpretations of what privacy actually means with regards to mass
communication. I think most of the HN threads are missing half of the social
contract and fail to see the importance of granting the government the right
to warranted search and seizure.

~~~
duaneb
> wanted to rally the public

Source? Preferably the press release in question.

It's FBI who was pushing the polemic, and that's the same polemic you are now
pushing.

Also, this isn't a show. These are legitimate privacy concerns that require
active protection. The FBI is hardly in the business of protecting information
from hackers. If they were, they probably wouldn't need Apple's help in the
first place to penetrate their security. They simply don't have the expertise.

Again, I'd like to point out that it was the FBI who took to the PR stand to
address the public directly in a political manner.

~~~
Pyxl101
Allegedly Apple wanted this request from the FBI to stay under seal, and it
was the FBI who pushed to make it public. If that's the case, then it may have
indeed been the FBI not Apple who turned this into a PR situation.

~~~
billions
Somebody inside the FBI was greedy for a raise and took the risk to try to
take a bite out of the Apple. I doubt they got demoted or took a salary hit.
The career upside for the individuals involved would have been huge. Perhaps
they believed in their anti-terrorist cause but no more than an Apple employee
proud to build the next version of iTunes.

------
janekm
Am I the only one who reads the quotes in this article as "see Apple, if you
don't give us what we want then we may just have operational reasons to not
disclose vulnerabilities to you, wouldn't that be a shame..."?

~~~
mturmon
It does come off a bit like a multidimensional pissing match - with the FBI
alternately saying, "We can force you to break this phone", "We can break it
ourselves if we want to", "We will break it and not tell you how", "We can
insert a succession of stories in the media that will call your security into
question."

~~~
williamcotton
It is of course a territorial pissing match. Apple, and most of Silicon
Valley, thinks and acts like they are more important and powerful than the
country that granted them a corporate charter and the public infrastructure
with which to do business.

~~~
trhway
> Apple, and most of Silicon Valley, thinks and acts like they are more
> important and powerful than the country that granted them a corporate
> charter and the public infrastructure with which to do business.

Apple was defending the fundamental rights of the public - "we the people"
(i.e. country that granted them a corporate charter) - against an agent of
said country who tried to overstep the bounds of the power the country (again
"we the people") granted them.

The court was the way for the agent to prove what they don't overstep the
boundaries of the power that the public granted to the agent, and for all we
know the agent failed to do so.

to the "venomsnake" below : i didn't say Apple always defends the fundamental
rights, i even didn't say that Apple in this case was motivated by the defense
of the fundamental rights. The fact that we do know is that Apple in this case
defended the fundamental rights - for whatever motivation, probably for profit
as a corporation and that would be my guess is that Tim Cook was doing it for
the fundamental rights really or may be just to piss off FBI for fun.

~~~
venomsnake
If apple believed in any form of fundamental rights for their users they would
have given root, unlocked boot loader and alternative appstores to the people.

~~~
Dylan16807
You can believe in a fundamental right to privacy without a fundamental right
to full control over devices.

In fact a strong enough emphasis on privacy leads you to restricting the
ability of the user to undermine their own security.

You dislike apple's methods, which is fine, but it doesn't make them
hypocritical.

~~~
venomsnake
You can't have privacy without control. It is impossible. You cannot hide from
your sysadmin - that is axiom.

~~~
Dylan16807
Unless you have a staff of experts, you're not going to be able to secure the
device yourself. So Apple has to be involved in almost everyone's security
whether you like it or not. Putting the user in charge is good for freedom,
but it takes you from one failure point to two failure points.

------
jessaustin
Missing from TFA: any consideration of whether the "work phone", which was
subject at all times to repossession and inspection by San Bernardino County,
stored any information about terrorism, particularly information worth
overturning fundamental assumptions about the duties of electronic device
manufacturers.

~~~
ikeboy
Iirc comey said in one interview that they wanted to know which path they went
on during missing minutes on the day of the shooting when the phone was with
them, and hoped the phone had location data.

Edit: see [http://nytimes.com/2016/03/02/technology/apple-and-fbi-
face-...](http://nytimes.com/2016/03/02/technology/apple-and-fbi-face-off-
before-house-judiciary-committee.html)

~~~
matt_wulfeck
That data is easily available via tower pings without needing to unlock the
phone. Who sets up their phone to record constant GPS coordinates?

~~~
carboncopy
Do towers record past telemetry data? Assuming they do, the granularity of
knowing that a particular tower handled a phone ping is comparatively useless.
A guessed location (stored on the iPhone) based off of cell tower
triangulation and the occasional GPS calculation is far more valuable.

I do agree that we should consider the FBI's statement with skepticism.

~~~
pdkl95
> Do towers record past telemetry data?

Yes. Did everyone forget about COTRAVELER?

[http://apps.washingtonpost.com/g/page/national/how-the-
nsa-i...](http://apps.washingtonpost.com/g/page/national/how-the-nsa-is-
tracking-people-right-now/634/)

> the granularity of knowing that a particular tower handled a phone ping is
> comparatively useless.

No, it's not. A simple correlation with other phones tells you who is
traveling together (co-travelers). This only requires knowing which phones are
near each tower, at a fairly low temporal granularity.

I'm sure there are additional ways to analyze that data, too. The travel and
relationship map that COTRAVELER discovers is merely the project we know
about.

------
madaxe_again
Sorry, but selling to corrupt governments for personal profit makes you black,
not grey, hat.

------
Azkar
How come the FBI isn't afraid these guys are going to sell the same exploit to
foreign governments which will use them to break into US government phones?

~~~
roel_v
? The FBI probably assumes that yes, other actors do have access to unknown
exploitable vulnerabilities.

It's 2016. Any data that hasn't been airgapped for the entirety of its
existence needs to be considered if not public, then at least known to the
enemy. (if accountants in tax havens would take that to heart, they wouldn't
be in the predicament they are in now...)

------
zakarum009
FBI also paid professional researchers to deanonymize the Tor network, so I
don't see how this comes as a surprise to anyone.

------
droopybuns
Philosophical rudderlessness: Fidelitry, Bravery, Integrity.

If you want a successful career in public service, don't serve the public. The
FBI does not want the public protected from this vulnerability.

~~~
themartorana
The FBI is willing to protect you how they see fit only, notwithstanding how
that may fit within the bounds of Constitutionality. If you are not willing to
give up such rights, the FBI will protect you through any means necessary -
through force if it comes to it.

------
bogomipz
Does any suspect that this might all just be PR posturing? They found a zero
day exploit but they don't have to say what it was. They don't have to whether
or not more interesting data was found. Nothing. Could it be they are just
trying to save face? Granted they've looked quite foolish in all of this but
still.

------
wdr1
Working under the assumption the FBI works for us, the people, I would hope
two things:

1) They disclose the vulnerability to Apple and make us all safer

2) Having now unlocked the phone, disclose if there was additional information
that materially helped the case.

I'm cynical about them doing either, but I think they're both reasonable
requests from the population.

------
facepalm
Just had a thought: couldn't you copy the encrypted phone, run it in 10000
emulators and try a different PIN in every emulator? If the problem really is
just a 4 digit PIN, that should work?

Or is the flash memory and the flash memory controller doing the decryption
entangled on a single chip so that they can not be physically separated?

------
nodesocket
> "The U.S. government now has to weigh whether to disclose the flaws to
> Apple..."

Apple is going to find the flaw. They wrote all the code and have some of the
smartest people in the world working there. No reason for Apple to even ask
the government to disclose the vulnerability to them.

~~~
piyush_soni
Well, the same smartest people unknowingly put the bug there. It's not as easy
to find a security flaw (without someone telling about it) as you think.
They'll eventually figure it out, but may be not immediately.

------
smegel
I suspected as much. Those guys who kept jailbreaking time after time seem
like good candidates.

~~~
rasz_pl
geohot is busy doing car AI

------
begemotz
Did the FBI pay for them to hack or pay for the (exclusive rights to the)
exploit? The rest of the article implies the latter- but if the former, what
is stopping Apple from paying the "hackers" for the exploit?

------
ComodoHacker
So not the NAND mirroring thing, right? Just a software exploit?

~~~
bogomipz
Whats the NAND mirroring thing? Could you explain?

~~~
john_reel
You copy the storage of the phone (the NAND) and then put it into a bunch of
iPhones and try all 10,000 possible pins. If a phone gets locked out, you just
restore the mirrored (the copied) NAND.

------
PascalsMugger
I wonder what the price was.

------
beedogs
I knew those clowns couldn't have done it themselves. The FBI are more or less
inept.

------
antidaily
Apparently the code was 6969. Got it on the third try.

------
x5n1
Yes, yes that's exactly what happened. Apple had nothing to do with it. And
that charade they put up about suing then not suing, etc, was not a charade at
all. /s

~~~
janekm
I'm continually baffled by the pathological disdain some people like yourself
seem to show towards Apple... Is it the cognitive dissonance that "Google does
no evil", therefore if Apple is seen working for the privacy of their users
(which they have both sound business reasons and I have no reason to doubt
moral convictions to do), where Google does not, then they must have a hidden
agenda?

~~~
x5n1
i said nothing about google, i am cynical about the whole industry in terms of
its collusion with the government. you sound like an apple fan boy.

~~~
janekm
Fair enough, the Google comment was unfounded (and I do believe that many at
Google also have strong convictions to protect their customers' privacy but
it's a lot harder to do when your business model depends on storing your
customers data in clear-text on your servers).

Personally I am disturbed by the continual government assault on the security
of personal data and I believe that companies like Apple are our strongest
stalwart against it.

I may be a bit of an "Apple fan boy", indeed.

~~~
mindslight
It's great that Apple is a company with lots of money that can stand a chance
in court and all that, but that also means they're a government-legible single
point of failure. Their business model is still "administer our users'
devices". While this is _much_ better than Google's "surveil our users",
maintaining their privileged access puts their users at risk, as highlighted
by this recent battle.

~~~
ceejayoz
It seems fairly clear that Apple's trying to engineer out as much of their
being a single point of failure as possible.

~~~
mindslight
I haven't heard of any plans of making the updating process more self-
controlled (eg allowing users compare checksums with friends before updating,
or additional third-party signatures), or hardening their firmware against
local tampering (since their security model incorporates trusted computing).
The references to "secure enclave" seem mostly for comparison rather than any
direct analysis, and it seems like another general-purpose easily-updateable
chip.

It doesn't seem like it's actually possible to do all that much without
releasing source for a TCB, especially with the possibility of NSL (etc)
mandating secret backdoors for every device.

But maybe I have just missed the recent news.

