TechSpot

FBI won't reveal how it unlocked the San Bernardino iPhone

By Scorpus
Apr 27, 2016
Post New Reply
  1. The FBI has decided that it doesn't need to reveal how it unlocked the San Bernardino iPhone, which will prevent Apple from identifying the security vulnerability and closing it through a software update.

    Under a rule brought in by the US government in 2010 called the "Vulnerabilities Equities Process", government agencies like the FBI have to disclose any back doors or flaws in technology that they discover. The idea is that these vulnerabilities would be disclosed in private to the companies who make the products, provided the National Security Council gives the all clear, allowing them to fix the issue and keep Americans safe.

    However in the San Bernardino iPhone case, the FBI has a convenient excuse they can use to avoid disclosing the details of the vulnerability. As the agency used a third-party tool to unlock the device in question, the FBI can and will simply say that they are unfamiliar with how the tool works.

    If the FBI claims it doesn't know how the tool works, they won't have to disclose to Apple or the National Security Council what vulnerability the tool used to bypass the iPhone's lock screen. This keeps the flaw open and would allow the FBI to use the same tool to unlock similar phones in the future if need be.

    Apple no doubt will be annoyed at the FBI's refusal to detail which vulnerability allowed them to bypass the security measures on their handset. Although it's believed that the vulnerability is not present in more modern devices (the San Bernardino killer used an old iPhone 5c), Apple still wants to keep their entire product portfolio secure.

    Permalink to story.

     
  2. ikesmasher

    ikesmasher TS Evangelist Posts: 2,553   +858

    And no one cares how they are clearly and unarguably lying? I mean this is like sticking your tongue out at the general public...
     
  3. Tanstar

    Tanstar TS Guru Posts: 407   +88

    Just at the iphone general public. Meh. Besides, Apple has plenty of lawyers and can take the FBI to court. It'll take a few years, then the FBI will capitulate, but by then the 5Cs won't be getting updates anymore.
     
    Reehahs likes this.
  4. Uncle Al

    Uncle Al TS Evangelist Posts: 1,663   +774

    And they wonder why companies like Apple refuse to cooperate with them ........
     
    Reehahs likes this.
  5. Trillionsin

    Trillionsin TS Evangelist Posts: 1,315   +133

    Something is wrong here...
    How do you know this? How was this info leaked? If they've dont believe this vulnerability is NOT present in more modern devices(says who???) then why does it matter? If Apple has allegedly patched this in newer devices, I'm preeeeeeetttttyyyy sure their engineers and programmers can narrow down the vulnerability, because, of course, they've already found it and patched it.

    On the other hand, if the FBI is about keeping people safe. This is not something they should be doing. Someone has to be responsible, and if the FBI is lying and not saying WHO knows how the vulnerability works, then arent they colluding with the developer of the tool who DID make it and DOES understand how the vulnerability works? I'snt that itself, somehow, against the law?

    Like... I was with this guy who robbed a bank, but I didnt do it, he did it. I didnt really help him, or know how he did it but I knew about it, and he gave me some of the money. I dont get into trouble, AND I get some cash! The FBI asked me, and I didnt give them any information. I am off scot-free.

    You better bet your *** they will charge me with AT LEAST obstruction of justice, right? RIGHT? Please correct me if I'm wrong.
     
  6. Trillionsin

    Trillionsin TS Evangelist Posts: 1,315   +133

    This really seems like the case, but how can they then offer to unlock phones for state police in other cases? Wont that bust them?
     
    Uncle Al likes this.
  7. Uncle Al

    Uncle Al TS Evangelist Posts: 1,663   +774

    The trump card (sorry for that pun) could be the age old claim of "national security", which gives them the right to avoid prosecution as well as put a gag order on any further hearings; not to mention the "opportunity" to have the whole thing classified under the same umbrella. It has been awhile since this was done effectively, but with the government there is no telling how far they will try to take it.
     
  8. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,648   +521

    Could this be any less relevant? This is for the previous generation iPhone, the new ones illegibly can't be broken in the same manner, so good for the FBI, they have a secret way of breaking into a phone that's already old news. Hey terrorist, stop using the iPhone 5c is all they're saying with this.
     
  9. Squid Surprise

    Squid Surprise TS Guru Posts: 861   +272

    Apple still officially supports the 5C though... so I can see why they'd want to patch the exploit... since the exploit almost certainly involved nand shadowing, however, it's not like the average joe can hack in... so this is basically a whole hullabaloo for nothing.
     
  10. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,551   +2,894

    Right and continually using the unlock in other cases doesn't keep that door closed. That's like saying just because I have authorization to search one house we might as well search all of them on the block. And it is a bit late now for the FBI to suggest they have not used the unlock outside of the San Bernardino case.
     
  11. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    That's probably because they badly wasted the taxpayers money to have it unlocked when they could've muscled and coerced some reasonably competent high school hacker kid to do the same thing for free.
     
  12. Trillionsin

    Trillionsin TS Evangelist Posts: 1,315   +133

    ...what?! What my point was, is if they are lying about being able to unlock phones, but offer to unlock phones for state police officials, then wont they be found out? Either I'm an ***** and dont understand your reply, or you didnt get my point. I didnt mean literally "bust" them, I just mean like, "found out," or that their lie would be compromised.
     
  13. dwolfer

    dwolfer TS Rookie

    Anybody following the regular news outlets already knows how the FBI broke into the Apple phone used in San Bernadino. The stopped suing Apple the second and Israeli company said it could break it. Guess what, it took less than one week from the time the FBI hired this company to break into it before they succeeded. So any of you who really believe your phones are secure, you obviously are putting way more trust in the manufacturers abilities than you should. There is no such thing as an unbreakable technology. If you think there is, I want to talk to you about purchasing an igloo in the middle of Death Valley.
     
  14. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,551   +2,894

    Really! I bet you couldn't give Apple the specifics they would need to know in order to patch the vulnerability. But yet you have read all the news outlets and know exactly how it was done. There is quite a bit more to a vulnerability than simply labeling it a vulnerability.
     
  15. roberthi

    roberthi TS Enthusiast Posts: 79   +11

    Ah...but this would be called industrial espionage by the FBI. It's completely fine and legal for them to break the rules, because they're above the law. Bet you didn't know.
     
  16. Squid Surprise

    Squid Surprise TS Guru Posts: 861   +272

    They already said the vulnerability didn't exist in any iPhone newer than (and including) the iPhone 6... Since this is when Apple introduced secure enclave, it's a reasonable assumption that they used nand shadowing - this has all but been confirmed from various reports you can read online..

    Here's one...

    http://www.networkworld.com/article...ow-that-fbi-could-use-it-to-crack-iphone.html

    Obviously, they'll never admit to it... but this is the most likely method - and as it involves physically removing the nand chip and replacing it over and over (to achieve unlimited passcode attempts), this won't be something that the "average joe" ever attempts...
     
  17. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,551   +2,894

    Yeah I knew I had read that. But then without knowing exactly what the vulnerability is, you can't say that can you.
     
  18. Squid Surprise

    Squid Surprise TS Guru Posts: 861   +272

  19. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,551   +2,894

    I'll choose to call that a lie until I read a confirming second opinion from Apple. Lets not forget the FBI will do anything to keep this vulnerability alive, even if that means they have to lie about the range of devices effected.
     
  20. Squid Surprise

    Squid Surprise TS Guru Posts: 861   +272

    Yeah, but since it was nand shadowing, it looks like this time they might actually be telling the truth... this doesn't mean that they don't have OTHER vulnerabilities lying around...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...