It's Over: The FBI says it has hacked into the San Bernardino shooter's phone without Apple's help

Business Insider ^ | 03/28/2016 | Kif Leswing

[SeekAndFind]

Apple won a major victory in its showdown with the government when the US Justice Department (DOJ) abandoned its plans on Monday to force the company to write software to bypass iPhone security measures.

The Justice Department told a federal court on Monday that it no longer needed Apple's help to access data on an iPhone used by one of the San Bernardino shooters, and requested that its original order for Apple's technical assistance be withdrawn.

According to the DOJ, the reason it withdrew is because it was successfully able to access the data on the iPhone without Apple's help.

Magistrate Judge Sheri Pym vacated the original order.

Last week, the DOJ asked to delay a hearing over the issue because the FBI said it had found a "third-party" that may have been able to get into shooter Syed Farook's iPhone, meaning that Apple's help would not be needed. Monday's developments indicate that the FBI was successful.

The DOJ said in a statement:

"The FBI has now successfully retrieved the data stored on the San Bernardino terrorist's iPhone and therefore no longer requires the assistance from Apple required by the Court Order. The FBI is currently reviewing the information on the phone, consistent with standard investigatory procedures.

It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails. We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

[Blueflag]

Do you hold a current CISSP?

Apple’s 256 bit AES encryption is about as good as it gets in the civilian space. Same for Samsung, etc.

If you think this is an Apple ‘fail’ then you don’t understand encryption.

[PLMerite]

I haven’t been paying too much attention but I thought the issue was bypassing the safeties that kept them from getting to the brute-force process.

Something about ten bad passwords in a row and the phone would delete the data, and how fast it could be fed passwords.

At least that’s what I read around here somewhere.

[taildragger]

"The FBI has always had the info, Looks more like Netanyahu poking Obama in the eye. My Money says The Israeli’s went Public with the offer just to piss off Obama."

From the land of milk and honey, they give us a schadenfreude moment that is delicious at the uber hollier than thou Silicone Valley-er's and Leer Deader expense. The Irony is the wack jobs phone were the same enemies Israel has and Tim Cook and "some other guy" can't see it, have disdain for Israel, or anti-Semites or all of the above. We will never understand how their brains work, they see the world 180 degrees from where we see it.

But to those that did this off and for eyeamok's observations,...

Bravo!

[Blueflag]

When you create a PIN on your iOS device, THAT act causes the operating system to encrypt the data on your device, and requires a PIN that not only opens up the UI to use, but also that when the PIN is entered the OS employs a ‘key’ to unlock the encryption so the data are available to the user, the apps on the phone, or another device connected to the iOS device - by wired or wireless connection. The level of encryption employed is a 256 AES (Advanced Encryption Standard) bit ‘key’ — think about the nonsense key you enter to make downloaded software function; it’s somewhat like that but ‘longer.’

The data on an iOS encrypted device, or a Samsung or LG or HTC encrypted device are highly secure ‘at-rest’ by virtue of your PIN (not very secure) and the device-level encryption.

When you miss-guess the PIN too many times, Apples (and some others) “brick” to a locked unusable state that is AES encryprted, while Samsung Androids for instance reset-to-factory setting (’wipe’ the data, but really just destroy the keys to it— leaving the device bootable in a ‘from the factory’ state ... but your data that might remain are still 256 bit encrypted, with no key available)

256 bit AES encryption is in theory “computationally secure” - meaning (in theory a regular brute force attack - generating keys until the data are decrypted— would take longer than our lifetimes) your data are highly secure from someone trying to break through the front door. FRONT door is a key word. Apple refused to admit to, offer up, or develop a “back door”.

Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed.

NET: Apple’s security is no better or worse than the industry standard for “highly-secure” — 256 bit AES.

NET: APPLE cannot on its own restore a deleted key in the key store. You cannot send a “bricked” iOS device to Apple and have them unlock it.

NET: APPLE refused to build a back door for future use.

I hope this helped a little.

REM: 256 bit encryption is 10e128 ‘times’ more secure than 128 bit encryption in common use over the public internet.

[wardaddy]

Good for them

[familyop]

The situation is best explained here.

Electronic Frontier Foundation

[Blueflag]

By the way, a clarification.

There *IS* a program from Apple called the Device Enrollment Program, or DEP.

There is a class of enterprise security software call MDM, or EMM - for managing and securing mobile devices, and it is in common use in the enterprise, healthcare and public sector worlds.

This software enables the company to see, secure and manage that device; control the apps on device and how they connect back into the company; restrict web site access; and wipe or lock the device (but only the enterprise data, NOT your photos) if it is lost, reported stolen, or simply in a state outside of corporate policy.

Until recently even THAT software could not un-brick an APPLE device that was locked by multiple password fails, or en employee refusing to provide it when they leave the company.

With the advent of Apple DEP, an ‘enrolled’ device can be un-bricked when the administrator of the EMM software sends a code to the device from the EMM. For what it’s worth, APPLE does not have this code; rather it is passed to the company when the device is enrolled in the DEP, and so STILL APPLE cannot un-brick a device - only the rightful owner. Apple DEP is a new, free service.

An analogous service/feature is available from Google for Androids Marshmallow and newer - called Android for Work.

[Malsua]

"Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed."

I doubt its anything like that. What is most likely is that they cloned(Nand Cloned?) the entire contents of the phone and emulated it in a virtual machine. They try 10 tries at the pin, if it bricks, they kill the virtual machine and spawn a new one. Rinse, repeat until they get a valid pin.

Clearly it takes some pretty sophisticated techniques to accomplish this but it's faster than trying to brute force a 256bit key, which it's essentially impossible as we know it today.

[Blueflag]

Might be a novel way - create ‘billions’ of virtual machines and brute force them. You don’t need to copy the data, just enough of the OS and the keystore ... until one opens. Create and discard in a ‘wave’ as they brick, freeing up prior disk space and processor power.

Finally you guess right ad win the PowerBall.

Probably could be done on a few terabytes of fast solid state disk space and an obscene amount of RAM.

Clever.

I like the way you think ...

[familyop]

Such encryption can be cracked with one of the few supercomputers or with a very large distributed computing effort. It’s a matter of whether or not the cracking needed has a high enough priority for the time and resources required for either kind of effort. And if so, likely a matter of weeks.

[vigilante2]

good find!

[familyop]

And with such an effort, BTW, only one instance of encrypted data is cracked—not the encryption scheme.

[Blueflag]

Probably not weeks - think ‘eons.’ ;-0

Just over 10e77 combinations in a 256 bit key.

Here’s a fairly easy read on the topic — http://www.eetimes.com/document.asp?doc_id=1279619

[Blueflag]

That’s true - you have only stumbled upon the key for THAT device.

[mrsmith]

As encryption becomes stronger and more prevalent (the need is obvious) it will become a major problem for even mundane court cases like thefts and assaults.
From this case it seems that manufacturers are not taking the needs of the justice system into account, in effect selling encryption at society’s expense.
Surely it’s not difficult to offer secure encryption that will not make our courts useless.

[WalterSkinner]

..proof that there really is a Chloe O’Brien...

[familyop]

"Here’s a fairly easy read on the topic — http://www.eetimes.com/document.asp?doc_id=1279619"

Thanks.

[minnesota_bound]

Was it Apple + Israeli company + NSA that cracked the encryption?
Apple ceo given choice of cooperating or jail?

[Cyberman]

Surely it’s not difficult...

...to make a tasty double cheeseburger with only 10 calories.
...to make a car that gets 500 miles to the gallon.
...to abolish taxes without making unpopular spending cuts or increasing the deficit.
...etc.

Math works the same way for Good Guys and Bad Guys. A back door created for Good Guys will be used by Bad Guys. That's just how reality is.

[freedomlover]

Now the FBI can find a way to blame a tea partier.