I'm quite impressed by how difficult it is to hack into an iPhone... Apple did a good job there.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FBI Enlists Israeli Firm Cellebrite to Unlock Shooter's iPhone
- Thread starter MacRumors
- Start date
- Sort by reaction score
I'm quite impressed by how difficult it is to hack into an iPhone... Apple did a good job there.
There's nothing on this phone! The government is using it as a tool. Do you seriously think that this phone wasn't destroyed for a reason?????????????? They destroyed their personal phones. They destroyed their hard drives. Yet this work phone was still in tact. I mean seriously..... does our idiot government really think these terrorists were stupid enough to use their WORK PHONES to conduct their terrorist communications??????
It's an expensive labor intensive hack.
Unless you are worried about the typical hacker owning the equipment to de-cap semiconductors and also have E-beam equipment, then there is nothing to worry about.
a "Jailbreak" is just a hack that provides root access to the phone. Throughout the history of the iPhone there have been many different flavors of jailbreak that have exploited multiple vulnerabilities in the product, each eventually being patched and then replaced with a newer variant of jailbreak. So far all of these (that I'm aware of) hacks have required the phone to be unlocked as an unlocked phone has more functionality enabled and thus a larger surface area to exploit for attack vectors it is much more likely to find something exploitable in an unlocked phone. However... in theory a locked phone could be jailbroken as well. The problem is that the exposed surface area of the locked firmware is much smaller so it is less likely anyone would find something to be exploited and gain control of the device. Hasn't been done to date that I'm aware of but that doesn't mean that "jailbreak" could never occur on a locked phone.
Hope that helps.
[doublepost=1458751690][/doublepost]
https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
for the truly paranoid
for the truly paranoid
There are plenty of those folks in this thread, that's for sure.
This may be a stupid question, but do they actually KNOW that the iPhone has the passcode fail wipe setting enabled? If that isn't enabled, the phone will not be wiped if they fail to guess the passcode. How do they know this setting is enabled on the phone?
I'm astonished by FBI behavior
[doublepost=1458752877][/doublepost]
[doublepost=1458752877][/doublepost]
Current iPhones use a different iOS version , and different hardware, than that iPhone 5C.
You can unlock any phone encrypted or otherwise. You scrape the data off of the chips then run all of the possible key combinations against it, in this case all of the 4 digit passcode combinations. Would take them about a week.
But the mechanism to disable brute force attacks is applicable to all....I'm astonished by FBI behavior
[doublepost=1458752877][/doublepost]
Current iPhones use a different iOS version , and different hardware, than that iPhone 5C.
Third party is pretty obviously the correct answer because any hole created by Apple for the US Gov ends up being usable by a third party anyway. At least with no intentional hole, it's harder for the third party to find the other holes and there is a single party abusing any holes that everyone else (US Gov) then goes through.
The latter.
The biggest fear comes from the US government compelling unwilling citizens to work very much against their own interests. If the FBI pulls this on Apple, there will be no end to jurisdictions demanding particular phones be cracked, and no end to jurisdictions demanding "back doors" be installed (lest Apple implement an "uncrackable" system) - all at Apple's expense, and to Apple's detriment as users can't trust the products to be secure. Also, the techniques & master keys will be leaked, either thru unintentional reveals (see the "TSA master key" fiasco), bribery (enormous black-market demand for such tools), or legal obligation (public record in court proceedings).
Given the two, I'd much rather a willing third party be contracted to crack the device in question. We know such efforts are underway (aforementioned black-market demand, among others) anyway. Apple would not be required to act against its own interests (imagine a bank vault manufacturer being required to hand out viable lock picks to bureaucrats). And the company doing the work does so in a fair & legal marketplace, lawfully disassembling of devices others built.
TL;DR - If Apple is compelled, they'll never be allowed to improve security beyond "back doors". If another company cracks the security, Apple remains free to make the next version harder (even impossible) to crack.
I'm solidly in Apple's camp on this issue.
I'm generally aware of the mass surveillance conducted by the US Gov.
It seems reasonable to me that everything is hackable, especially when in someone's possession, verses remotely hackable.
I'm not mad at the FBI for memory swap, laser etching, byte copying, etc. etc hacks of this sort. This IS their job. Forcing a company to make a tool to break the security of all phones, or to create a tool that could be (or risk being) used to against all phones, remotely, to hack/monitor IS A MAJOR PROBLEM, IN MY OPINION!
The spirit here is, the FBI is taking ownership of their spying, investigations, not compelling individuals or corporation to be spies of everyone en masse.
Good for the FBI in this case!
I'm generally aware of the mass surveillance conducted by the US Gov.
It seems reasonable to me that everything is hackable, especially when in someone's possession, verses remotely hackable.
I'm not mad at the FBI for memory swap, laser etching, byte copying, etc. etc hacks of this sort. This IS their job. Forcing a company to make a tool to break the security of all phones, or to create a tool that could be (or risk being) used to against all phones, remotely, to hack/monitor IS A MAJOR PROBLEM, IN MY OPINION!
The spirit here is, the FBI is taking ownership of their spying, investigations, not compelling individuals or corporation to be spies of everyone en masse.
Good for the FBI in this case!
Imagine the free positive advertising that will come from the third-party company failing to crack the security. "5C security held up to the infinite resources of the FBI! and later iPhone security just keeps getting better still."
Ya know, Apple could just buy 'em, and tell the FBI to pound sand.
Well if the only way they can do it is with special tools and taking the phone apart I would go with the later. Your first case is wrong any way. The FBI will not give them the phone and then have Apple give them the data back. That is not what was asked for and that is not how it would work.
A) $15,000 is a small price to pay for the DOJ/FBI to save face
B) third party doing a physical crack of the phone is not as threatening as 1st party using software
Props to Apple on this one... Even after the new iPad "Pro" debacle
B) third party doing a physical crack of the phone is not as threatening as 1st party using software
Props to Apple on this one... Even after the new iPad "Pro" debacle
Actually, Apple's brief was considered crudely organized and clearly aimed at the press, not judges. They put the most emotional arguments first, and the best legal arguments last.
Doesn't matter if the code become public or not. That's not the important part at all. The signing key is.
If Apple's public facing OS validator refuses to sign a particular version, it cannot be loaded.
Our devices were fine anyway (see above).
But I think Apple lost, at least in one way. Prior to the FBI going to a third party, Apple could publicly play it as it only Apple could unlock an iPhone and only under duress from a warrant. Now everyone and their mother will know their iPhone is breakable by others. (Most people here already knew that, of course.)
Apple would've been smarter to protest a bit, then do it under the guise of being a good corporate citizen. That way, they would've retained control of the PR.
Maybe in fifty years. Otherwise, if there actually is anything on the phone that can lead to other terrorists, then it would be unwise to reveal any details to warn them, or even let them know that it worked.
In fact, if anyone other than the braindead FBI was running this op, I'd say they'd even go so far as to claim it did not work, just to throw terrorists off the scent.
Disagree. The only time a citizen can be compelled to assist the government is to first go through the judicial process where the government has to make significant showings that such actions are necessary, not burdensome to the citizen, and that there are no other reasonable alternatives for the government, and that the request has to be approved by a neutral judge. It is a very fact-specific analysis and there is no guarantee that just because it worked in once scenario means it will work in another.
As for who holds the keys, as I've said before, I would much prefer that Apple hold the keys to any software cracks or iOS variants because they can be used only if the government goes through all the hoops of proving why they want them. Apple also has better means for keeping this stuff secure, like they do for the iOS code and signature keys. This gives Apple, not the government, a lot of control. If the government holds the keys, I believe there is much more chance of abuse.
As far as third-party contractors to open a phone, that may be acceptable. Although, I would not be surprised if the FBI sets up its own lab and hires its own experts to accomplish same in house at some point.