They (some they contracted) could have unlocked it by mucking around with the hardware - the problem is, that’s risky. It became a risk they were willing to take when the court case was dragging out (and they might not win) and, since it was a work phone, they knew there probably wasn’t even anything useful on it. We’ll never know what they find on the phone, I suspect - they won’t want to admit they were willing to fight a big legal action over a phone with nothing but unrelated work shit on it. Plus they want to keep their options open to go back to the legal fight when they have a bit of hardware to crack that they can claim this time is really critical.
1 Like
Yes. Sounds sus alright.
The FBI remind me of the guy in the joke who gets his foot stuck in the railway line with a train thundering towards him in the distance. After struggling a bit he starts praying frantically: please God, I’ve never been a good servant but if you spare me from this I’ll change my ways etc. Nothing. He ups the ante, swearing to wear sackcloth and give all his worldly goods to the poor. Still nothing, train a hundred yards away now. Wriggling frantically, he swears on his immortal soul to become the very paragon of virtue and devote his life to good works blah blah. Suddenly his foot pulls free and he tumbles safely clear as the train roars past.
Brushing down his clothes, he gets to his feet and say “Thanks anyway God, I got it myself.”
Please NB This is just a funny joke, not trying to make any remotely religious or judgemental comment here whatsoever!
2 Likes
Can’t we get them on some kind of DMC related charge?
I think the fashion police would have jurisdiction.
1 Like
In who’s trial? The alleged perpetrators of the one known crime so far are dead Investigation in this case is likely more preventative. If it does turn up co-conspirators, that’s another kettle of fish.
Some girls like them. As long as they aren’t unsolicited.
1 Like
There is so much attention on this case, they would not be lying. At some point, we will find out the exact details, and we would find out of that they are lying. The short term gain of “See Apple, We Were In Your Base Killing Your Dudez” would pale in comparison to the long term, historical embarrassment that such a lie would generate.
They cracked it. There would be no benefit to such a public, bald-faced lie.
But what’s interesting is: I would think it is now Apple’s top priority to close this security loophole as soon as possible and announce that, “So, yeah, the government got away with it this time, but, No, they can no longer use this hack to render our product useless.”
Other than a way to get back at Apple by making the public think their phones are not secure and hurting their sales. - or so sayeth the foil hat
I think that they tend to be more popular with guys.
If they came with some Issac Hayes and a little story they would maybe appeal a little more cross-gender.
Did I put my foot in it?
It’s like the the a nation claiming they had walked on the moon if they had not. Short term gain, with long-term, permanent embarrassment. The government can and might lie about a lot of things, they wouldn’t lie about this. This is no conceivable gain to lying here. None.
I think the most plausible theory I’ve heard on how they actually did it would be through physically removing the SSD chips and then cloning them virtually. Then, just use super computers to try passwords on virtualized instances of the phone 24/7. Three tries on each instance, then just kill it and try again on another one.
The upside of this scenario working would be that it would still require the government to have a physical phone to work and wouldn’t be able to do it remotely.
But, I’m not sure how realistic it is to clone an encrypted SSD chip in real life.
That’s what the FBI said. But seriously, you might want to look in to the FBI and their history of ‘honesty’.
1 Like
My understanding is that vectors of attack may have been possible for this particular iPhone, that for a late model device running a current OS, might not be available. Maybe I have it wrong, but they very well may have already fixed these holes at both a hardware and software level.
Well thank god that’s resolved and we can all now uncategorically trust Apple.
I don’t buy your logic. People lie all the time, loudly and proudly, even when supposedly scrutinized. Fact is, nobody really has the means to fact check their claim, and nobody likely ever will. I don’t inherently disbelieve them, I just don’t think there’s any reason to trust their claim either, and I can think of a bunch of reasons for them to lie about it. I’m very open to both options, and even middle ground somewhere between those two extremes (this is the territory truth often exists in, IMHO).
I’d be comparatively surprised if they have, in fact, failed to get the phone unlocked. Every credible commentator in the hardware security research/reverse engineering scene appeared pretty confident that(since the secret that was supposed to be wiped if a brute-force was detected was stored in external flash) the 5c would be hard pressed to resist a hardware attack based on this angle, even if there are no cool zero days or other neat toys squirreled away by Team Spook. The company rumored to be the contractor who did the job is also a plausible choice, they do a lot of cellphone forensics products for law enforcement customers.
What I find wildly unbelievable is that(despite iOS8 the 5c being not at all new and a pretty substantial slice of the smartphone market, it was after all, basically the cheapest way in to iDevice ownership for well over a year) the FBI had allegedly been unable to find anyone capable of attacking that combination; nor had any suppliers of attacks attempted a sales pitch, until the 11th hour just before a court proceeding that showed signs of quite possibly not going their way.
Since, in their original request, they swore up and down that Only Apple’s Cooperation could get the terrorist secrets and save us from the lying-dormant-cyber-pathogen, it would be perjuriously awkward if they had actually learned about the existence of the method any earlier than they claim.
Even in their ‘scary writeups for the court’, the FBI didn’t seem too concerned about getting in quickly; so I suspect that they didn’t think that there was much of interest to be found(especially since the guy destroyed his non-work phone; and who plots Jihad where IT can see them?) but I can’t imagine that they’d just leave it rotting in the evidence locker if one of their contractors was able to crack it for a reasonable fee(it’s a phone, not a rape kit, after all, priorities here); and I have no reason to doubt that it would succumb to somebody willing to crack the hardware open and get their hands dirty.
The alleged timeline, though? My suspended disbelief crashed to earth some time ago.
4 Likes
With physical access(and some skill at the rework station) eminently plausible. Bunnie Huang (of xbox hacking fame back when he was a student) describes reverse engineering a device by emulating its SPI flash with an FPGA and that approach is a modification of an earlier hack that worked for NAND flash. With a suitably fast host computer, even low-speed RAM might be clonable and wholly under the observation and control of the attacker. Both flash and RAM in commercial use tend to follow known standards(or somewhat bastardized versions that people skilled in the area are familiar with either through the assistance of the vendor or just plain poking at it; so the iphone flash chips are unlikely to be particularly special or brutally esoteric).
My understanding is that Apple built some countermeasures into iOS to defeat the most naive ‘just block the delete commands when we try to wipe the key’ attacks; but there is only so much you can do when the attacker has full control over all your persistent storage and, even if they aren’t also faking your RAM and can’t control your CPU cache and registers, can always cut the power to flush system state, restore the storage to where they want it, and try again.
Apparently with the newer chips in the later model phones, more of the security-related stuff is moved on-die (Apple calls it “the secure enclave”) which makes it harder to pull off this sort of thing. You can decap an integrated circuit and actually prod it quite delicately; but it’s a much riskier and more demanding operation.
2 Likes
This topic was automatically closed after 5 days. New replies are no longer allowed.
