Justice Department Officially Drops Lawsuit Against Apple in Ongoing iPhone Unlocking Dispute [Updated]

[HEK]

But since the guy probably only had 6 digit code, it wouldn't have taken FBI a life time.... .. as they found out.

They never think before they act.

Probably had four digit code.
[doublepost=1459237623][/doublepost]

so, i'm guessing Apple still is perusing stronger security then despite FBI got their way in the end.. ?

After all with "forensics" u can do just about anything... Even Apple cannot stop that.

Security is still strong on iOS, and Apple services, so why not just leave it "as is" ? The only means to make it more secure, was over this case.. but that is no longer an issue.

Forensics can't alter physics or statistics.

And this was never about this one case. It was an attempt to circumvent all Apple device encryption and security by trying to force them to write a back door. Apple has and is trying to make the latest sign phones us hackable. Phones with iOS 7 and before were compromised easily as Apple had the access code. They could access with a court order. With the advent of the secure enclave on the chip, the access code is kept on the phone, and never sent to Apple. Apple can't fulfill the court orders to open the phones because even they can't open the latest ones with latest software.

FBI wanted Apple to write special software to break into the phones. Apple said no. In this phone's case due to simple unlock code a brute force entry was possible. Apple has to prevent the 10 try erase code from being bypassed. And if you want more security, you need to use a complex unlock code so that brute force attacks will take too long to be useful.

There are hundreds of more phones various police departments want unlocked. Apple get served with these unlock court orders all the time. As was revealed they will comply to best of their ability. So iCloud backup data is retrievable by Apple to give to police. So save to iTunes on your computer.

I value my privacy, even though I have nothing to hide on my phone, from the police. But I want a locked encrypted phone because police are the least of my concern when it comes to my data. Hackers will continue to try. And I want to be confident everything is being done to keep my data secure. So I want and applaud apple's help. And take my responsibility by using a complex unlock code.

 

[DCIFRTHS]

... Brute force attack by guessing the four digit code is not a backdoor. ...

When you know that it will allow access to the device it is.

If my software/hardware will not accept more than x number of wrong guesses before it will erase itself, and I give you a special version of the software that allows you an infinite number of wrong guesses, without erasing the itself, I have given you a backdoor into the device. Why? Because I know that you have the capability to break in. I have created an opening (backdoor) for you.

 

[CarlJ]

Not sure why people are happy, this means an iPhones encryption was managed to be compromised surely?

An iPhone 5c, running an older version of iOS, is a very different beast from the current iPhones. Security is not a yes-or-no thing. It's a constant struggle to find and fix ever more obscure holes (assuming you aren't making huge new ones all the time - anyone else remember WinXP being the sloppily-written disease-ridden OS poster child for the better part of a decade?*). iOS is good, and it's getting better, security-wise (you can argue color scheme choices and features all you want, I'm talking about the security aspects).

*: (I especially liked the part where it got so that brand new WinXP installs on machines connected to the internet were getting owned before the install had finished loading all the extra bits and updates and such, because they were coming up with all their network ports turned on by default.)

 

[HEK]

When you know that it will allow access to the device it is.

If my software/hardware will not accept more than x number of wrong guesses before it will erase itself, and I give you a special version of the software that allows you an infinite number of wrong guesses, without erasing the itself, I have given you a backdoor into the device. Why? Because I know that you have the capability to break in. I have created an opening (backdoor) for you.

Stop using a four digit code!!!!! Jeez sakes

 

[gnasher729]

Uh I wouldn't call this a win on Apples part. I don't understand why everyone is happy and like yay good job Apple. Apple lost! Apple flat out completely ****ing lost. They got into the phone! That means Apple has failed to provide security.

The government got into a three year old phone with outdated security, using a four digit passcode, paying a company reportedly $15,000 to do it. If you feel insecure, there is a very, very simple solution: Use an 8 digit passcode.
[doublepost=1459238892][/doublepost]

But since the guy probably only had 6 digit code, it wouldn't have taken FBI a life time.... .. as they found out.

The phone had a _four digit_ code.
[doublepost=1459239197][/doublepost]

The FBI ran to the courts because Apple forced them to. As Apple refused to unlock the phone, the government had to other recourse than to compel Apple to do so, and the only way to do that is through a court order. Obviously this case wouldve kept getting kicked higher and higher until there was a resolution. A resolution of this case is what wouldve created precedence.

Actually, what you say is not true. The FBI ran to the courts without telling Apple about it, and without having asked Apple what they asked the court. Tim Cook was enormously pleased hearing about a court order not from the FBI, not from the court, but from the press. The FBI _never_ told Apple "do this, or we will take you to court". The court order was their first step.

A backdoor is a way to instantly bypass normal authentication. In the case of the FBI request, authentication remained in play. The real passcode was still required. In fact, if the guy had used a strong passcode, brute force could still take a half decade.

A backdoor is also by definition something that is _intentionally_ built in. An unintended insecurity is _not_ a backdoor. If you leave your home with the keys in your front door, that's not a back door to your home, it is an insecure front door.

Anyone want to bet Apple will be buying Cellebrite?

I'd say absolutely no way whatsoever. Apple's first argument was all the time that they _cannot_ break into that iPhone. Can you see how buying Cellebrite would somehow weaken that argument?

 

[8692574]

How can Apple patch a hole if they don't know where it is?

Basically our phones are compromised until Apple says they have found the hole.

And that is why I said : "Apple >>> can <<< patch the hole that has been found"

I am sure Apple has all the engineers looking for that (and that is IF the thing that need to be patched is still there in 9.3), chances are they already closed the hole in software updates as that phone was running an older version.

Our phones where "compromised" from day one and they will always be as there is no software that is 100% safe, so nothing to get crazy about.

The iPhone might be the safest phone, but that does not mean it is 100% secure.

 

[gnasher729]

So after FBI and Apple got some PR out of this case, what about the rest of us and our privacy ? Good news for us? Not so sure , Apple handed over the iCloud backups asap, and as expected the iPhone is not as secure as apple claims as FBI are now able to access the data.

You have no right to privacy after killing 14 people. Or better, the police will get any search warrant that they want. But Apple's goal is not to protect you from legal search warrants; the goal is to protect you from criminals, hackers, including state sponsored hackers. Apple will not change anything about iCloud backups. If the police comes with a search warrant, they can break open your door, and Apple will hand over the iCloud backups. However, this case shows that your phone is not safe from state sponsored hackers. If Barack Obama loses his iPhone, we now know there is a problem (if you didn't use an 8 digit passcode, and if it is an old phone). So Apple will try to do something about it.

 

[mikecorp]

I do not believe FBI, they just trying to safe their face? no **** face in emojis?

 

[HEK]

You have no right to privacy after killing 14 people. Or better, the police will get any search warrant that they want. But Apple's goal is not to protect you from legal search warrants; the goal is to protect you from criminals, hackers, including state sponsored hackers. Apple will not change anything about iCloud backups. If the police comes with a search warrant, they can break open your door, and Apple will hand over the iCloud backups. However, this case shows that your phone is not safe from state sponsored hackers. If Barack Obama loses his iPhone, we now know there is a problem (if you didn't use an 8 digit passcode, and if it is an old phone). So Apple will try to do something about it.

Actually I recently read something about making iCloud backups more secure and encrypted. Apple has to comply with legal warrants if information is available to them. The improvements made to recent software and iPhones is that even they can no longer access that information. That is what has FBI so spooked, and why they tried to force Apple to write new code to hack their own encryption. Apple said NO WAY. Seems Mr Cook understands constitution better than our own government officials.

Anyway, iCloud storage will be next for encryption Apple won't be able to break and if warrant comes that will be even less Apple can provide. FBI can go to carriers and get your call logs, numbers, times etc. Just would be easier to get Apple to hack it all. This ain't over. Better write your congressman and senators if you want to keep your privacy intact.

 

[gnasher729]

You've been playing dodge ball this entire time. Tell us something new that real sources haven't already discussed. Experts (i. e. not you) have already discussed how Apple can make it really difficult to bypass an iPhone's passcode.

Actually, you _can't_ bypass the iPhone's passcode if you want to unlock it. You _must_ enter the correct code. And it takes an iPhone 80 milliseconds to check whether a passcode is correct or not, so that is an absolute limit for how long it takes to unlock an iPhone, no matter what hacks you use.

Since a human can't type a passcode in 80 milliseconds, it will take longer. Someone has built a tiny machine that can tap in passcodes one after the other, 24 hours a day, and probably quicker than a human; that would probably unlock your phone with a six digit passcode in two weeks if they are patient. So use 8 digits.

 

[Tech198]

Probably had four digit code.
[doublepost=1459237623][/doublepost]
Forensics can't alter physics or statistics.

And this was never about this one case. It was an attempt to circumvent all Apple device encryption and security by trying to force them to write a back door. Apple has and is trying to make the latest sign phones us hackable. Phones with iOS 7 and before were compromised easily as Apple had the access code. They could access with a court order. With the advent of the secure enclave on the chip, the access code is kept on the phone, and never sent to Apple. Apple can't fulfill the court orders to open the phones because even they can't open the latest ones with latest software.

FBI wanted Apple to write special software to break into the phones. Apple said no. In this phone's case due to simple unlock code a brute force entry was possible. Apple has to prevent the 10 try erase code from being bypassed. And if you want more security, you need to use a complex unlock code so that brute force attacks will take too long to be useful.

There are hundreds of more phones various police departments want unlocked. Apple get served with these unlock court orders all the time. As was revealed they will comply to best of their ability. So iCloud backup data is retrievable by Apple to give to police. So save to iTunes on your computer.

I value my privacy, even though I have nothing to hide on my phone, from the police. But I want a locked encrypted phone because police are the least of my concern when it comes to my data. Hackers will continue to try. And I want to be confident everything is being done to keep my data secure. So I want and applaud apple's help. And take my responsibility by using a complex unlock code.

Yes it was

That's what the FBI want us to believe...


They gave the illusion of saying they want an entire re-write, to making it sound more scary, but its only until *now* the FBI gave it a second chance after reading online and teaming up with the forensics. they suddenly found out it was possible..

Thus... we had no way to knowing that the FBI was use it for bad..... they never said that.... Apple said it, and we all believed it.

Instead of believing Apple, its hard to say weather the FBI was telling the truth, or not. But without proof from THEM we won't know. Plus, the whole case was ridiculous anyway, since the FBI knew that an whole OS is not required,...... even i know they were pulling the wool. But the point was to make the story 'sound' more scary and the FBI pulled it off. Thus, they had it all planned in advance what they were going to tell Apple.

 

[DCIFRTHS]

Stop using a four digit code!!!!! Jeez sakes

I don't use a four digit code. I don't even think that I use a passcode... I was just making a point.

EDIT: Just kidding. I use something more secure than a 4 digit passcode.

[doublepost=1459241224][/doublepost]

A backdoor is also by definition something that is _intentionally_ built in. An unintended insecurity is _not_ a backdoor. If you leave your home with the keys in your front door, that's not a back door to your home, it is an insecure front door.

Finally. Someone makes sense

 

[diipii]

Apple's ongoing fight with the U.S. government over an order that would require the company to unlock the iPhone 5c used by San Bernardino shooter Syed Farook has come to an end, after the Justice Department today announced plans to drop its case against Apple.

In a motion asking the court to vacate the original order, prosecutors said the FBI has been able to access the data stored on the iPhone 5c without Apple's help, reports CNBC. From the court filing:Apple was scheduled to square off against the FBI in court on Tuesday, March 22, but just a day ahead of when the court date was set to take place, the FBI asked for a temporary postponement as it had discovered a way to access the iPhone that would not require Apple's participation.

It later came out that the FBI had enlisted the help of Israeli mobile software developer Cellebrite, a company that offers "mobile forensic solutions" to help law enforcement agencies crack the encryption on smartphones to access data. The government has not disclosed the method used to obtain the information on the iPhone, stating only that it has been retrieved.

The withdrawal of the case brings the heated battle between Apple and the U.S. government to a close. The two have been fighting a very public debate over encryption and personal privacy, which kicked off when a court ordered Apple to help the FBI unlock the iPhone 5c in question.

Unlocking the iPhone would have required Apple to build a new version of iOS that bypassed iPhone passcode restrictions and provided the FBI with a way to enter passcodes electronically, something Apple staunchly refused to do as it would set a dangerous precedent for the future of device encryption.

Update: Apple has provided an official statement on the dismissal of the lawsuit.Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Justice Department Officially Drops Lawsuit Against Apple in Ongoing iPhone Unlocking Dispute [Updated]

 

[CarlJ]

When you know that it will allow access to the device it is.

If my software/hardware will not accept more than x number of wrong guesses before it will erase itself, and I give you a special version of the software that allows you an infinite number of wrong guesses, without erasing the itself, I have given you a backdoor into the device. Why? Because I know that you have the capability to break in. I have created an opening (backdoor) for you.

Folks keep arguing using different notions of what "backdoor" means (you're not getting it wrong, but a lot of others here are). Traditionally, a backdoor has been an intentional way in around the security system. Finding a vulnerability is not a backdoor, it's... a vulnerability, also called an exploit. Backdoors have traditionally been, "oh, yes, you can set the password on your router, but our programmers also put in 'xyzzy' for testing and left it in, but nobody would ever guess that, right?" When these come to light it reflects very poorly on the company involved.

What Cellebrite has is either an exploit, or, likely, physical tricks (like cutting up the flash chip to get make a copy, allowing them to reset before getting to the enough-failed-attempts-to-erase things). It's almost certainly not a backdoor. If Cellebrite has a hardware exploit, it is at least something that the FBI can't use en masse over the airwaves against lots of phones. And Apple will work on plugging up whatever route Cellebrite is using.

As an aside, this is also a thing that the Jailbreaking community doesn't understand. When they find a way to root the phone, to install additional software, it's generally because of an exploit. Fine, whatever. But then they get all up-in-arms when Apple fixes the exploit used (thus rendering their jailbreak unworkable). Which they are doing because it's THEIR JOB. Apple wants to make a secure phone, the Jailbreak exploit represents a widely known exploit (since the code is distributed by the Jailbreak developers), so OF COURSE Apple patches the hole. They aren't trying to take away the Jailbreaker's fun, that's irrelevant to them. Apple's goal is to make the phone secure. People read a surprising amount of malice into actions of Apple when Apple simply has no interest in the thing people are concerned about. (sorry, stepping down off soapbox now).

 

[MH01]

You have no right to privacy after killing 14 people. Or better, the police will get any search warrant that they want. But Apple's goal is not to protect you from legal search warrants; the goal is to protect you from criminals, hackers, including state sponsored hackers. Apple will not change anything about iCloud backups. If the police comes with a search warrant, they can break open your door, and Apple will hand over the iCloud backups. However, this case shows that your phone is not safe from state sponsored hackers. If Barack Obama loses his iPhone, we now know there is a problem (if you didn't use an 8 digit passcode, and if it is an old phone). So Apple will try to do something about it.

Well, id like to see apple make the iCloud backups more secure. Cause whats the point of stating that the iPhone is secure, when someone with admin rights or some one who has illegally got access to the back end, can just access all that info.

This has kinda blown up in Apple's face now. A backdoor that everyone was worried about exists, and if one group of "hackers" can use it, so can others. SO unless Apple comes out very soon stating that they are aware of the exploit that is being used and have closed it, we are in the scenario that everyone was dreading.

Lets see how Apple responds now that the action has gone away. I hope they find the exploit asap and close it.

 

[Tech198]

Apple can do what it wants .. The FBI and forensics has already lightened it over the Apple vs FBI case...

Apple gets want it wants which is built better security, and FBI will continue with getting experts to get access to iPhones, just like it should be.... They do that with any other phone, and why the iPhone should be any different i'll never know.

Its only "secure" because Apple told is it was recently...

if someone told us there are gold in the old mines, we'd all suddenly start jumping for joy as it being "true" too. *rolls eyes* the FBI should be doing its job, than to annoy Apple with something not even wroth fighting for. If the FBI wants it badly enough... go get it yourself.. But don't come to me.

 

[CarlJ]

I'd say absolutely no way whatsoever. Apple's first argument was all the time that they _cannot_ break into that iPhone. Can you see how buying Cellebrite would somehow weaken that argument?

It probably won't happen, but I would _love_ to see Apple buy Cellebrite for whatever it costs (because they can afford to throw half a billion at the problem), and say, "your guys' job now is to show us every sneaky trick you have - hardware _and_ software - for getting into the phone and help us design countermeasures to harden the phone against them." Give a big ol' finger to the FBI.

 

[Nuvi]

And there goes the first domino. How many are next? How many will they be able to unlock now? And what is apple going to do to try and prevent it?

This was most likely a hardware hack in which the chip was capped off then examined with electron microscope and drilled with ion laser to find UID. After that the chip was brute forced with supercomputer. In all honesty this won't be start of mass examinations of mobile devices. There are very limited number of organisations with this kind of capability.

 

[Michael Scrip]

It probably won't happen, but I would _love_ to see Apple buy Cellebrite for whatever it costs (because they can afford to throw half a billion at the problem), and say, "your guys' job now is to show us every sneaky trick you have - hardware _and_ software - for getting into the phone and help us design countermeasures to harden the phone against them." Give a big ol' finger to the FBI.

Don't you think Apple already knows the vulnerabilities of the 2012-era iPhone 5(C) with the A6 processor? And every other iPhone since then?

That's why they've improved the iPhone's security with each subsequent iPhone release.

If Cellebrite could crack my iPhone 6S.... then they should buy them

 

[gnasher729]

Well, id like to see apple make the iCloud backups more secure. Cause whats the point of stating that the iPhone is secure, when someone with admin rights or some one who has illegally got access to the back end, can just access all that info.

We know "Apple" can access things in your iCloud account. We don't know how it works. A simple method for example would be that three employees have to enter a key each to unlock an account. "Someone with admin rights" couldn't do anything, three very specific employees could. That's quite secure. It's like some people at your bank, working together, would probably be able to change the amount of money in your bank account. I assume it's possible to fix unforeseen and rare problems, but a single person couldn't do that.

 

[John Mcgregor]

Well, id like to see apple make the iCloud backups more secure. Cause whats the point of stating that the iPhone is secure, when someone with admin rights or some one who has illegally got access to the back end, can just access all that info.

This has kinda blown up in Apple's face now. A backdoor that everyone was worried about exists, and if one group of "hackers" can use it, so can others. SO unless Apple comes out very soon stating that they are aware of the exploit that is being used and have closed it, we are in the scenario that everyone was dreading.

Lets see how Apple responds now that the action has gone away. I hope they find the exploit asap and close it.

They did make iCloud backups more secure. I had to setup few new devices last week and during setup i was asked to set a passcode for iCloud backups.

 

[CarlJ]

This has kinda blown up in Apple's face now. A backdoor that everyone was worried about exists, and if one group of "hackers" can use it, so can others. SO unless Apple comes out very soon stating that they are aware of the exploit that is being used and have closed it, we are in the scenario that everyone was dreading.

Nope, not the scenario everyone was dreading, and what Cellebrite has is almost certainly NOT a backdoor. A backdoor is an intentional sneaky way in, left open by the manufacturer either, a) on purpose, b) by programmers neglecting to close something that was set up only for testing before sending the product out the door, or occasionally c) via industrial espionage, say a programmer inside the company who is actually working for a competitor or for a government agency, whose goal is to slip in a backdoor without anyone else at the company noticing. A backdoor is sort of like a cheat code in a game. It can work on any one of those phones or games or whatever, but nobody knows it's there. Until someone tells just one or two people. And then the Internet happens, and everyone knows. Except being able to walk through walls in a FPS is a lot less dangerous than being able to tap in an listed to any conversation or read any email or note or text message.

The FBI was asking for something similar to a backdoor, except more like a special testing rig - it wouldn't be a backdoor because it wouldn't be something new added to all shipping phones, it'd be a special OS build just for hacking a phone and would probably go along with special cabling to allow the brute-force hacking to be run by a computer (because you really don't want to hire a human to type in every possible 4-6 digit code). Having Apple build this would be bad news, because then the FBI and law enforcement agencies across the country will want to come in with boxes of phones, and court orders, to make use of the same thing once the precedent is set. The next step would be the FBI saying, "well, there's this suspect whose phone we want to hack, but he still has it, so you now you need to get us in remotely, and we have this NSL document so you're not allowed to tell anyone we're forcing you to do this." Then, the foreign governments will want in. If you trust the US government, do you trust China, to not use this technology to go after dissidents? What about some of the lovely bastions of democracy in the Middle East? How would you have Apple respond to them when they demand the same access?

An exploit, is when someone finds an unintentional bug in the software. Or, more clearly, a vulnerability is when the bug is discovered, while an exploit is code written to make use of the vulnerability to break into the device.
[doublepost=1459245139][/doublepost]

Don't you think Apple already knows the vulnerabilities of the 2012-era iPhone 5(C) with the A6 processor? And every other iPhone since then?

That's why they've improved the iPhone's security with each subsequent iPhone release.

If Cellebrite could crack my iPhone 6S.... then they should buy them

Oh, I'm sure Apple knows the hardware vulnerabilities of the 5C, but there are several factors in play: Cellebrite may have ideas theoretical or underway for getting into newer phones (it's not the kind of thing you want to announce loudly, because it tells Apple where to look for holes); having people who started out full-time looking for vulnerabilities now on your side can be very helpful; and, it would take them out of the marketplace - Apple could say, "sorry, FBI/shady-domestic-and-foreign-government-agencies, Cellebrite is no longer accepting contract work from anyone else, they're part of Apple now."

 

[antonis]

How do we know Tim Cook / Apple is not lying?

Well we do know, as ALL corporations lie.
Company spokesperson should be renamed "official company liar" generally.

Yes, they do. However, ALL governments lie, as well. Especially this one, especially in such matters...

 

[tresmith]

Terrorists are going to start wiping their iphones before the act or allowing a third party to remote wipe the phone for them.

 

[Sy7ygy]

The bottom line is. Apple tried to make this a good PR case; but in fact it turned out to be a disaster. The press will not highlight that the phone was '4 years old' or 'out of date' - they will just highlight the facts: The FBI got round Apple's security.

If anyone here thinks otherwise; then you are just delusional.