Posted on 03/31/2016 10:20:28 AM PDT by BenLurkin
The FBI agreed Wednesday to help an Arkansas prosecutor unlock an iPhone and iPod belonging to two teenagers accused of killing a couple, just days after the federal agency announced it had gained access to an iPhone linked to the gunman in a mass shooting in California.
Faulkner County Prosecuting Attorney Cody Hiland said the FBI agreed to the request from his office and the Conway Police Department Wednesday afternoon. A judge on Tuesday agreed to postpone the trial of 18-year-old Hunter Drexler so prosecutors could ask the FBI for help. Drexler's trial was moved from next week to June 27.
Drexler and 15-year-old Justin Staton are accused of killing Robert and Patricia Cogdell at their home in Conway, 30 miles north of Little Rock, in July. The Cogdells had raised Staton as their grandson.
The FBI announced Monday that it had gained access to an iPhone belonging to Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in San Bernardino in December. The FBI hasn't revealed how it cracked Farook's iPhone. Authorities also haven't said whether the iPhone and iPod in the Arkansas case are the same models or whether the FBI will use the same method to try to get into the devices.
Hiland said he could not discuss details of the murder case in Arkansas, but confirmed the FBI had agreed less than a day after the initial request
(Excerpt) Read more at foxnews.com ...
You kidding? The FBI probably infiltrated Apple 30 years ago, and has agents as trusted apple engineers.
Now it appears that they may not be able to help after all.
http://www.cnet.com/news/fbi-unsure-it-can-unlock-iphone-in-arkansas-murder-case/
That paper you linked to is for "Symmetric Key Encryption" . . . again, an encryption used for communication, where there are two keys held at either end of the communication. Apple's system is a single key encryption used to encrypt stored data, which is NOT used for communication. . . nor is intended for another party to decrypt it. A single key is much harder to decrypt because there is just a single way to decrypt it. There are not any need for multiple factors to retrieve keys from multiple holders of the access. When there is only ONE key, the only way to decrypt the data is to use that ONE key. . . or to try and find some way to derive that key from the nature of the data. Both are extremely difficult.
A system such as the paper described was used to hack the 128 bit AES encryption used by iMessage and FaceTime. . . but it required the complicity of an Apple iPhone user to send many thousands of almost identical copies of a photo with very subtle variations known to the hackers who were using a man-in-the-middle fake Apple Server. They were able to analyze the slight changes from photo to photo and from those differences derive the symmetric communication encryption key.
The laws against export of RSA and other encryption algorithms became moot years ago when it turned out that many of the students CREATING them were foreign students who just simply went home. It became unenforceable. Some of the strongest algorithms come from off shore. So much for that argument.
One of the disadvantages for anyone trying to decrypt these data on Apple devices is that the data on the Flash drive that might give some idea of what one is looking at is randomized as to location. It makes it very difficult to identify what and where files are. . .
All of these approaches are very expensive in time and money. The data you want to retrieve has to exceed the value of that time and money to make it worth while.
All of these are working on the assumption that there is a unified encryption key for multiple devices. On Apple, there is not. Every device has its own unique encryption key derived from the Users passcode, a Unique Device ID, a Device Group ID, and a truly Entropic random number created when the user first entered his user passcode. . . all entangled together to create the encryption key. Each device has to be decrypted individually. Now, the cost of breaking the encryption has climbed immensely.
Thanks for the heads up. FreeRepublic thread on this:
Okay, good. The first step to tackling your confusion is admitting that your confused. Let me see if this example will help you to understand better.
You have locks on the doors to your home, your car, maybe even have a safe in your home somewhere. You have the keys to your home and your car and the combination to your safe, but in most cases, a locksmith or a competent criminal could easily gain entrance to your home, your car, even your safe. Heck, the police could literally break down your door or rip open your car like a can opener if they wanted to.
Now, let's say that you have a safe room in your home. The safe room is configured with a rolling lock vault door, biometrics, and a personal password. Let's say you have this safe room configured to protect you and your family, maybe you have some provisions in there. Let's say you keep private items in there as well. You get arrested, accused of a crime, and the government wants access to all of your records. There are some records in your safe room that could convict you of the crimes for which you're accused, and the government wants you to open that safe room to give them access to the records. They can't get in, because the systems are configured where only you can access it.
You refuse to give them anything, citing your 5th amendment privilege against self-incrimination. Now the DA REALLY wants in, and they're going to the courts to compel you to open the safe room, do you do it? No, of course you don't, because you don't want to go to jail! You stand your ground. A magistrate now orders law enforcement to take you to your home and forces you to open the safe room under the "penalty of law" and under duress, you open the door, they find your papers, you're in jail for the rest of your life. Does that sound like a country in which you want to live? One where you could be compelled to testify against yourself even though you don't want to?
Our rights as outlined under the Bill of Rights are not piecemeal. They're not mutually exclusive. They are meant to be all encompassing. You can't pick one (the 4th) without being able to also use/cite another (the 5th). Apple didn't have the keys to give the FBI, but the FBI persisted, demanding that they write something that would effectively reverse engineer their devices to give them access to the data.
Like any locksmith or competent criminal, the FBI was able to find someone who could unlock Apple's door. Apple never claimed the door was inviolable, only that they didn't have the key. That wasn't a lie or a misdirection, it's a fact.
That's nice. That means I can talk to you like an educated person using industry terminology.
A "Back Door" is a secret hack to allow someone direct entry into the system
No. Sorry Dio, but you're wrong. A back door in security parlance means a way to circumvent the protections afforded by the security in a device or software, usually for the purposes of monitoring, debugging, or administrative access. There's nothing secret about a back door. It takes about 30 seconds for me to scan a server or a piece of software to find a listening port or receptive API. Once that door is found, I immediately assume that the protections on that door are not as strong as the cryptographic safeguards in place on the device or in the code, and most back doors don't have additional protections such as DDoS prevention or brute force detection. That means I can take my time whittling away at it until it opens. Back doors are anything but secret.
So let's take a journey for a moment. I know this entire thing has been a pissing contest, but let's look at some facts. I posted an article earlier from Slate in 2014 where they discuss iOS 8 and the new methodology Apple applied to cryptography:
Is Apple Picking a Fight With the U.S. Government?
There are plenty of other articles out there discussing the exact same thing:
Apple can't unlock iOS 8 devices, even for police
Apple Won't Unlock iOS 8 Phones For The Police. Ever.
Apple tells judge it’s “impossible” to unlock a device running iOS 8 or higher
...and the list goes on.
If you read even one of those articles, you'll learn that Apple does not have the keys to each individual iPhone. They develop a proprietary algorithm to use, a salt and hash for cryptographic operations, and they deploy their software using unique markers in the hardware of each device to generate a cryptographically unique key using what's known as elliptic curve cryptography. The chances of generating the same key on two devices is statistically impossible (1 in a nondecillion). Even on the same device, the chances of generating the same key twice would require a quantum computer and 5-10 YEARS of time to complete. Remember, the only thing that Apple retains privately is their intellectual property: an algorithm, which have, time and time again, been determined to be as much the property of the corporation as any trade secret.
Apple's made it very public that if you mess up and your phone is wiped, they can't help you. This isn't shirking any sort of responsibility to provide a service to the customer. You can very easily shut off the functionality that wipes your phone! If anything, this is very American of Apple: they're placing the responsibility on the end user for their own device. Personal responsibility! Can you imagine?
Now, on to your request on the court filing... swordmaker has graciously provided you with numerous posts outlining the requests in the court filing. One of those requests was for Apple to design or develop a software recovery tool that would crack the protections on the device's EEPROM and unscramble the data in the user data partitions to allow the FBI access to everything. In order for this to happen, Apple would not only have to devote operating expenses in man hours/labor to develop the software (because it doesn't already exist), but they'd have to use their intellectual property to design that software, something they cannot be compelled to do by the law or otherwise. How a private entity uses their intellectual property is their business as long as it is within the confines of established law.
You should probably do some more reading on the entire subject. Apple did not have the means and had no obligation to provide access to that data. Matter of fact, if it wasn't for the hamhandedness of the FBI, the data might have been easier to recover. They confiscate computers all the time. Accessing those computers is usually pretty easy when all of the components are in one piece. If you brought me a hard drive and asked me to get data off of it, I can say with 90% or better certainty that I can recover your data. If the platters have come off their spindles or someone drilled through the casing, however, I don't care how much money or how many court orders you throw at me, that data is gone. There's no hope of recovery. In this case, the FBI lucked out and found an entity that hacked the phone and got them the data. What's funny about all of this is that in the end, we'll never know if any actionable intelligence was found, because I'd bet that there was nothing substantive on there to begin with.
Think about it: these aren't purse snatchers or petty criminals. These are trained terrorists. It doesn't take a summer at Quantico to learn that if an asset in your ring of trust is compromised, you destroy every trace of evidence of your connection with that person: phones, email accounts, computing devices, etc. You get a new identity. You move to a new location. Within days if not hours of the events in San Bernardino, any living associates of that asshat were off the radar. They could've decrypted that phone right then and there, and while they might've found a somewhat warm trail, there'd be more work for them. All of this was nothing but Kabuki theater, and I'd bet my bottom dollar that Apple's stock continues to rise as a result of their stalwart position on security and privacy, something I thought every liberty-loving American would value.
Great post. Thanks.
Hey Lurk. Great insights in your post, but I want to point out that linear differential cryptanalysis has been deprecated since most modern ciphers are generated using elliptic curves. This makes linear investigation of cryptography useless.
You do know that they have already released a newer version of this phone? Presumably this new version is already not susceptible to the method being used by the FBI.
Do you think Apple is going to attempt to R&D a patch for all their earlier 5C Iphones? (Assuming it can even be done.)
The only thing necessary for evil to conquer is if good men do nothing. I am beginning to regard all the high tech companies as just evil. They think i'm picking on Apple, but I hate Google, Microsoft, Twitter, Facebook and pretty much any Liberal ran corporation that is intent on rent-seeking or spying on us.
The courts are going to do their job- or perish- no matter Apple’s profits. If Fifth Amendment doctrine has to be adjusted to do so then so it will be.
A lot of people have not considered the viability of a nation that cannot use search warrants when necessary.
I predict a future when virtually everything will be digital data. Money, correspondence, tickets, deeds, virtually everything.
I agree that everyone should be secure in their papers and such, but when you have reason to believe that a crime has been committed and a Judge has issued a valid warrant to search, it becomes a question of abetting crime when you interfere with the ability of the legal system to discover evidence.
What we have to do is to balance the rights of the public with the necessities of governance. That is what the founders did when they created the Search Warrant system. Obviously the "writs of assistance" were overly broad, and Search Warrants became a reasonable compromise.
Skip. When you start out saying that I’m lying, my attention span goes to zero.
Yeah? So?
Is that short enough and intelligible enough for you?
It's short enough. It just doesn't contain any argument worthy of any meaningful response.
And no, i'm not the one who is lying. That would be the Apple suckups who are either talking out of ignorance, or deliberately misstating the truth.
Save your breath. I am astonished at the ignorance of many on this site who hate Apple so much that they miss the importance of this case. I stand by my earlier statement that I support Apple fully, and I praise them for standing up to the tyranny of the federal government. The FBI blinked and now they are in full spin mode to make this look like they got what they wanted. I do not believe for a minute that the FBI hacked into the dead terrorists’ iPhone.
I think you are using a "Liberal" or broad interpretation of the word, while I am using a "Conservative" or narrow interpretation of the word. The Dictionary mostly supports my view, but it allows enough wiggleroom to barely sneak yours in.
Back doors are anything but secret.
They are usually secret. Of what value is a "back door" when everyone knows about it? If everyone uses it, it becomes a "front door."
If you read even one of those articles, you'll learn that Apple does not have the keys to each individual iPhone. They develop a proprietary algorithm to use, a salt and hash for cryptographic operations, and they deploy their software using unique markers in the hardware of each device to generate a cryptographically unique key using what's known as elliptic curve cryptography. The chances of generating the same key on two devices is statistically impossible (1 in a nondecillion). Even on the same device, the chances of generating the same key twice would require a quantum computer and 5-10 YEARS of time to complete. Remember, the only thing that Apple retains privately is their intellectual property: an algorithm, which have, time and time again, been determined to be as much the property of the corporation as any trade secret.
Okay. I'm not sure you are aware you are doing it, but there is a fallacious method of argument whereby a person makes numerous factual statements, but none of the statements actually support the argument they are advancing. Apple's cryptography methodology has nothing to do with this issue. They aren't modifying their cryptography. The proposal was that they would modify existing operating system code to
1. Remove the 10 tries limitation.
2. Remove the incremental time delays per try.
3. Allow password entry electronically at maximum speed. (said to be 80 ms.)
None of that touches on Apple's cryptography. An effort to introduce cryptography into the conversation seems to me to be an effort to distract from the real issue.
Apple's made it very public that if you mess up and your phone is wiped, they can't help you. This isn't shirking any sort of responsibility to provide a service to the customer. You can very easily shut off the functionality that wipes your phone! If anything, this is very American of Apple: they're placing the responsibility on the end user for their own device. Personal responsibility! Can you imagine?
Again, nothing to do with the salient point.
1. This phone was used by a criminal.
2. This phone was not the property of the said criminal, but is instead the property of San Bernadino county.
3.This phone may contain important information that might save future lives.
4. The effort on the part of Apple would be trivial.
5.Apple was balking at a valid search writ.
Now, on to your request on the court filing... swordmaker has graciously provided you with numerous posts outlining the requests in the court filing.
Swordmaker only provides information from that filing which is deliberately misleading. Swordmaker has been shot down so many times on his propaganda attempt that everyone is sick of reading more of his propaganda attempts.
DID YOU READ THE COURT FILING YOURSELF? That's all I asked you to do. Did you do it?
In it you will find a section that gives Apple complete control over everything. The section Swordmaker keeps quoting is superseded by that later portion which grants Apple the power to accomplish this goal in any manner they see fit. It's an open ended blank check.
Apple can keep custody of the phone at an Apple facility. Apple can keep custody of the modified operating system and can keep it from ever falling into FBI, or any other hands.
Find that section in the FBI filing and get back to me. Till you've looked at what the actual filing says, you are merely regurgitating Apple inc Propaganda.
Here is a portion of some relevant sections:
Apple's reasonable technical assistance may include, but is not limited to:
The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility;
The Filing says Apple can control everything. Furthermore Apple could have requested clarification on this point if they had any doubts, but instead Apple chose to launch their Chicken Little, "The Sky is Falling!" act.
You are the ONLY one posting “Apple is the center of the universe” - I have yet to see a single pro-Apple posts here on FR that would make such a claim, even to insinuate it.
Read the FBI’s order against Apple and Apple’s letter to its customers. Then read the Fourth Amendment. This case is not about Apple refusing to honor a search warrant.
https://www.documentcloud.org/documents/2714001-SB-Shooter-Order-Compelling-Apple-Asst-iPhone.html
http://www.apple.com/customer-letter/
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
This case is not about the federal government trying to prevent further terrorist attacks. It is about a tyrannical and over-reaching government that wants to take control of the people by violating their Constitutional rights. If the government truly wanted to prevent terrorism, our borders would be sealed and the “little dears” would never have been allowed to enter the United States and obtain employment with a local municipality.
You are entitled to your own opinion, but not your own facts.
The level of ignorance and derangement upon display on this site in recent months is truly mind boggling.
There are none so blind as those who will not see.
We already know you have a short attention span for the truth. So why bother to post that?
What I’m trying to explain is that Apple can review testimony by any expert witness summoned in this case to figure out how the FBI was able to access this phone and plug the hole. The technology may have moved on and later models may not be susceptible to this exploit, but I would imagine that they’ll still want to fix it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.