FBI Agrees to Help Arkansas Prosecutor Unlock iPhone and iPod in Homicide Case

[vrDrew]

I'm not so worried about what FBI is doing. I am more worried about the exploit being used by criminals.

In my mind there is a fundamental difference between being able to hack into a phone you have physical possession of; and that requires disassembly of the device, and removal of motherboard components - and being able to hack into a phone remotely; by means of covertly installing some piece of software, etc.

I don't worry about Russian criminals getting physical possession of my phone. Because I'm unlikely to leave it on a bus, and even if I did, the payoff for anyone finding a phone in such circumstances would be such that they would be extremely unlikely to expend the time and effort to open it up on the tiniest off chance that it might contain some information they could exploit for profit. If my phone is lost; it gives to the user time to remotely erase or otherwise disable it.

Maybe that should be the "reasonable standard" for smartphone encryption protection. A device that authorities actually have to have within their possession, and that requires a time-consuming and (presumably) expensive procedure to unlock. Versus something that can be done over the internet at essentially zero marginal cost.

 

[RickInHouston]

So, if this situation with security on a phone was COMPLETELY reversed. If we all knew information on our phones can be found out:

Would you use our phone differently?

 

[bushido]

to me its a big difference if the police gets access to your phone cuz u didnt protect it but to actually get a 3rd party involved to HACK the device to obtain information is a whole different story. this itself should be illegal

sorta like "you have the right to remain silent BUT I AM GONNA BEAT U UP AND SEND U TO SIBERIA TO GET ON THE INFORMATION ANYWAY"

 

[newdeal]

Not trying to be a downer but I have 0 to hide. Let them eat cake if I become a murderer. Until then they have no reason to, nor would it benefit them in any way to look at my phone. In fact, I'd unlock it right now fr them if they asked.

Just don't move to Manitowoc county
[doublepost=1459427789][/doublepost]I guess since I use touchID anyway I should make a much longer passcode so that its not just 4 of the same number LOL

 

[doelcm82]

I have no problem with this. The FBI needs to access the phones of bad guys.

I don't mind that the FBI tries to access phones of bad guys. It's part of their job.

Part of Apple's job is to make the iPhone as secure as they can, to keep bad guys out, protecting me, Iranian bloggers, American secret agents, and Hollywood starlets like Jennifer Lawrence, Zac Efron, and Meryl Streep.

Apple's security isn't intended to keep the FBI from doing its job. It's intended to protect my data.

I'm not for Apple against the FBI. I'm not for the FBI against Apple. In most of what they do they are both against the bad guys, and I'm for both of them against the bad guys. In the small area where both of their jobs conflict, I lean toward keeping my data secure. And if keeping my data secure means that sometimes the bad guys' data is secure, too, I'm willing to live with it.

They're not gonna invade your wifi. Take off your tin foil hats.

"I don't wear them, myself. You've probably noticed you've never seen me in a hat. I feel like a ninny in a hat. They're stupid things; they change my face. I've tried them on once or twice. I just don't like hats. They frighten me. I won't have them around the house.
"I hate hats."
-- Mike Nichols

 

[HEK]

Just to play devil's advocate, there is always the possibility that even a long, complex code is cracked quickly. If a computer can be set to start examining long codes first in a random order, then it could alight on the correct one after a few seconds by chance. Extremely low probability, I know, but possible.

A password always has an inherent weakness. More of a fail safe would be customisable safeguards. What I mean by that is different procedures that have to be gone through in order to unlock access. So, for instance, you may have to type a password twice; you may have to type a password correctly once, incorrectly once, then correctly once; you may have to type it incorrectly at first, then correctly after, the computer says it's the incorrect password, but if you press R\:6€¥¡, it unlocks. If it were possible to devise your own methods of entry, then this would increase the difficulty of breaking in even if you tried to brute force the password.

So how do they know I picked 20 digit So?maybe it was 8 maybe 14, no could be 13, nah 16. I will happily take the chance that someone hacking my phone will guess my password after a few seconds by chance. After all I picked the last 7 super lottery numbers by chance, twice in a row two weeks running. Your straw man argument is so weak, think you used one piece of straw.

 

[doelcm82]

I must have missed some Law change that states that crime is forbidden except if done with a smartphone, in which case the criminal has the right to keep the phone contents away from police. This of course has another exception: if the crime is against LGBT lobbies, Apple will fight the criminal. Otherwise, Apple will be on the criminals side.

I get it. You don't like LGBT people. Do you have a case where Apple is willing to give up our security because the crime is "against the LGBT lobbies"? Or is that just an imaginary situation you made up so that you can be mad at imaginary Apple for doing some imaginary thing?

 

[aka777]

There should be some sort of entry point when the authorities have a warrant.

You either have to be under 25, a loonitarian, or some paranoid anti-guvmint conspiracist to not grasp why law enforcement, with a warrant, should have a right to search one’s premises. Yes, that includes their phone.

 

[doelcm82]

I don't know that the FBI has "easy access" today. I strongly suspect they had to open the phone and decap the chip to get to the point where they could start extracting data. That is a whole lot of time (which = money) and effort to get the data. It also means they had to have physical possession of the phone. Assuming that is the case, the FBI is not in any position to do bulk / stealth data collection of unsuspecting users.

Chip makers could make decapping more difficult by storing data at different depths in the chip. By the time you go deep enough to read the passcode, you've shaved off the code for processing the passcode.

 

[HEK]

Chip makers could make decapping more difficult by storing data at different depths in the chip. By the time you go deep enough to read the passcode, you've shaved off the code for processing the passcode.

It's coming.

https://newsroom.intel.com/news-releases/intel-and-micron-produce-breakthrough-memory-technology/

 

[gsmornot]

No. I have four kids under four years old. The three-year-old and the 11-month-old reach for any unattended phone or remote control as soon as my back is turned. I don't doubt the 5-month-olds will do the same in a few months. Restoring my phone from backup would be too much of a hassle for me. I will probably switch to an alphanumeric passcode, though.

If they try enough times, restore is your only option for recovery. The difference in having the setting on or off is to erase after a number of tries or erase later if enough tries are made and the phone is disabled. The first step in recovery is to erase the device. My phone is set to 7 but its due to an Exchange global policy.
[doublepost=1459429764][/doublepost]

Yes and I increased my screen pass code from 4 digits.

I use 8 myself but this is part of a policy that forces the length. I would use 6 otherwise.

 

[0007776]

So did Apple really win? They won't need to create the back door the FBI was asking for but on the other hand the FBI now has a way to get in (older phones/iOS versions only??) without Apple knowing what it is.

Would it be better to have full control or no control at all? Apple will probably look better to the consumer not having control but then do we feel better knowing the FBI can bypass them?

Now that it is being used in a criminal case assuming the defendant has a competent lawyer they will ask questions about how it was unlocked. I'm sure Apple will be watching the case closely and seeing what the FBI's answers to those questions turn out to be.

Of course I'm not totally convinced that the FBI didn't guess the password to their phone a long time ago and just pretended not to be able to get in to use the case to set a precedent and once things were looking bad for them they decided to back off and claim they found a way in. If that's the case then they won't be much help here.

 

[PBRsg]

"Just this one phone"

At this point, I am just waiting for the FBI iPhone cracking kiosk inside Staples stores.

 

[HEK]

If they try enough times, restore is your only option for recovery. The difference in having the setting on or off is to erase after a number of tries or erase later if enough tries are made and the phone is disabled. The first step in recovery is to erase the device. My phone is set to 7 but its due to an Exchange global policy.
[doublepost=1459429764][/doublepost]
I use 8 myself but this is part of a policy that forces the length. I would use 6 otherwise.

So 8 numeric digits will take about 92 days for computer to try all codes at 80 milliseconds each.

 

[doelcm82]

If they try enough times, restore is your only option for recovery. The difference in having the setting on or off is to erase after a number of tries or erase later if enough tries are made and the phone is disabled. The first step in recovery is to erase the device. My phone is set to 7 but its due to an Exchange global policy.

True. But more likely they'll get bored and put it down when the phone is just locked for a minute. Then after a minute, I get one chance to put in the correct passcode. No restore needed.

 

[thermodynamic]

Apple helped the FFBI over 70 times in unlocking in the past. Even for molestation cases.

Apple has freely given source code to China in the past, more than once, and even when China asked for it for security reasons. If Apple can help China it can help the US.

http://www.watertowndailytimes.com/...-precedent-in-current-privacy-debate-20160221

http://qz.com/618371/apple-is-openl...-in-china-it-takes-a-very-different-approach/

http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

http://qz.com/332059/apple-is-repor...ess-to-its-devices-for-a-security-assessment/

http://www.thedailybeast.com/articl...ked-iphones-for-the-feds-70-times-before.html



etc
etc
etc
[doublepost=1459431593][/doublepost]

So 8 numeric digits will take about 92 days for computer to try all codes at 80 milliseconds each.

Only if the code is "99999999" and isn't programmed to be the first numerical sequence attempted.

Besides, most people use "55378008".

 

[doelcm82]

In my mind there is a fundamental difference between being able to hack into a phone you have physical possession of; and that requires disassembly of the device, and removal of motherboard components - and being able to hack into a phone remotely; by means of covertly installing some piece of software, etc.

I don't worry about Russian criminals getting physical possession of my phone. Because I'm unlikely to leave it on a bus, and even if I did, the payoff for anyone finding a phone in such circumstances would be such that they would be extremely unlikely to expend the time and effort to open it up on the tiniest off chance that it might contain some information they could exploit for profit. If my phone is lost; it gives to the user time to remotely erase or otherwise disable it.

Maybe that should be the "reasonable standard" for smartphone encryption protection. A device that authorities actually have to have within their possession, and that requires a time-consuming and (presumably) expensive procedure to unlock. Versus something that can be done over the internet at essentially zero marginal cost.

What that "reasonable standard" is can depend on who you are. No one's likely to steal my phone and go to the trouble of physically extracting the data. But someone with mischievous intent could bump into Jennifer Garner, and pick her phone out of her pocket looking for a lucrative scandal involving Ben Affleck. Or a political operative could lift Hillary Clinton's or Ted Cruz's phone and search for incriminating iMessage conversations about Bengazi! or a sexting affair with a campaign official. Or someone could grab an FBI agent's phone and extract the contact information for confidential informants.

Apple has a way for any of these people to remotely wipe their iPhones, of course. But a terrorist or criminal could also remotely wipe an iPhone with crucial evidence of their nefarious activities, so those who think the data should remain accessible to the FBI will also want to keep criminals (and Jennifer Garner) from being able to wipe their iPhones. Wipeable iPhones are just a way for Apple to support terrorism, right?

 

[macduke]

Criminals will just go back to paper and burning evidence. I bet that scares the crap out of authorities, because it means they'll have to actually do real police work again—an art-form that is slowly fading away. It's just as simple to plot a murder by meeting in person at a secluded location. Or GTA V style, planning heists on a chalkboard, haha.

This was all about getting control into everyone's lives, and they backed off because they were worried they would set precedent against themselves. They'll wait for a more opportune moment, at some point in the future, and try again. Perhaps after Apple strengthens their security even more, or they need a newer device unlocked which isn't possible to use the same hacks against.

As we slowly lose personal freedoms, but increase our freedom of speech through the web and our personal mobile devices, the government's need to tighten control increases. It's much easier to quash a rebellion against a corrupt government when they can track where nearly every person in their country is, what they're talking about, their bank account information, and personal information about their friends and family. I don't mean to get all conspiracy theory up in here, but with our freedoms and privacy (which to me are one in the same) eroding since the Bush administration, and continuing to decline during the Obama administration, one must consider the motivation behind wanting backdoor access to all phones.

 

[tardman91]

So, do you guys turn on the option to erase the phone after so many failed tries?

I did, until my toddler got a hold of my phone. I learned my lesson after that.

 

[6836838]

I have to suspect this is an older iPhone yet again.

Reason I say this is, the newer models with the 'secure enclave' are likely uncrackable, unlike the older ones with the vulnerability mentioned previously where one could reset the lock screen attempt counter.

Don't fall for the marketing spin. That secure enclave is only for your finger print records. It does't stop the phone being hackable.

 

[teslo]

In my mind there is a fundamental difference between being able to hack into a phone you have physical possession of; and that requires disassembly of the device, and removal of motherboard components - and being able to hack into a phone remotely; by means of covertly installing some piece of software, etc.

I don't worry about Russian criminals getting physical possession of my phone. Because I'm unlikely to leave it on a bus, and even if I did, the payoff for anyone finding a phone in such circumstances would be such that they would be extremely unlikely to expend the time and effort to open it up on the tiniest off chance that it might contain some information they could exploit for profit. If my phone is lost; it gives to the user time to remotely erase or otherwise disable it.

Maybe that should be the "reasonable standard" for smartphone encryption protection. A device that authorities actually have to have within their possession, and that requires a time-consuming and (presumably) expensive procedure to unlock. Versus something that can be done over the internet at essentially zero marginal cost.

you and i aren't the ones who would lose (or be targeted for stealing) a physical phone that has to do with national security. but others could. and any 'reasonable standard' for allowing entry would be abused if not outright ignored.

 

[HEK]

I did, until my toddler got a hold of my phone. I learned my lesson after that.

Don't need to turn on erase option. Just put in at least 10 digits. Take 25 years for computer to try all the possible codes.

 

[6836838]

to me its a big difference if the police gets access to your phone cuz u didnt protect it but to actually get a 3rd party involved to HACK the device to obtain information is a whole different story. this itself should be illegal

sorta like "you have the right to remain silent BUT I AM GONNA BEAT U UP AND SEND U TO SIBERIA TO GET ON THE INFORMATION ANYWAY"

The right to remain silent is different from evidence. You don't have the right to hide evidence.

 

[HEK]

The right to remain silent is different from evidence. You don't have the right to hide evidence.

Who is to say there is any evidence if they can't find it. I sure as hell have right to hide what I want.

 

[vrDrew]

you and i aren't the ones who would lose (or be targeted for stealing) a physical phone that has to do with national security. but others could

If a CIA officer keeps a list of his contacts on his iPhone; or an Air Force officer is keeping missile launch codes on his Samsung Galaxy - then thats their problem.

I don't mean to sound flippant. But it is the responsibility of those charged with maintaining National Security to do so. Not Apple; not me or you; and not the FBI or other legitimate law enforcement agencies.

We are setting ourselves up for an inevitably unsolvable legal and ethical dilemma if we expect consumer electronic devices, sold over the counter worldwide, to maintain the same level of unbreakable encryption we assign to secrets of the highest national importance.

We expect Apple to provide us with devices and services that are unhackable by criminals. That are inaccessible to casual browsing by rogue law enforcement officers snooping around in the course of a traffic stop. That protect our secrets from jealous spouses or nosy family members.

And that they can do. And will continue to do.

But a device that is seized during the course of a legitimate criminal investigation. That can only be accessed by physically opening the device; and applying a lengthy and costly technical process, under legally authorized supervision? I don't have a problem with that.

I don't want Apple modifying its operating systems to provide anyone with a software backdoor. The risk of such a loophole being exploited is too great for us to accept. But a physical examination of the device is, legally and philosophically, no different to what law enforcement does every day in the course of conducting physical searches of persons and premises; vehicles and commercial and banking records.