FBI hack to remain secret from Apple

The FBI has no plans to reveal how they hacked the San Bernardino shooter’s iPhone, not even to Apple.

In March, the FBI announced that they would be dropping their case with Apple after having purchased a hacking tool from a third party to aid in breaking into the phone. Apple had cooperated with the FBI, but would not create new firmware to break their own encryption. The high profile nature of this case brought the debate about privacy and security to the national stage. Although there was a judge assigned to rule on the case, the FBI’s purchasing of a hacking tool put the need for a ruling to bed.

Since then, the FBI has been mum on how this hacking tool was able to be successful and how it works. Prior to purchasing the tool, the FBI insisted that it needed Apple to update the firmware in order for them to do a hack on the shooter’s iPhone. The security on iPhone only allows 10 consecutive attempts to break the passcode before all data is erased on the phone.

Apple has a vested interest in understanding the hack, because the tech company would want to patch any vulnerabilities that allowed the FBI to use this tool to access the iPhone.  Hacking into this iPhone will make all iPhones vulnerable to the same sort of attack, which ultimately puts many iPhones around the world at risk.

An Apple attorney has stated that the company has no plans to sue the government to reveal how the San Bernardino iPhone was unlocked.

The government already has policies in place, called theVulnerabilities Equities Process, which governs disclosure of security problems to companies. This policy is notoriously shrouded in secrecy, but the government is generally supportive of vulnerability disclosure in order to ensure that vulnerabilities are not exploited by malicious hackers.

The FBI has found success with this tool, but it doesn’t mean that they are in a place to support vulnerability disclosure. The agency has already made plans to argue that it does not know enough about the hacking tool that it purchased to substantively explain how it works. FBI director James Comey has revealed that his agency spent more than $1 million to obtain the tool.

Article via TechCrunch, 26 April 2016

Photo El FBI no necesita a Apple para desbloquear un iPhone by iphonedigital [Creative Commons Attribution-NonCommercial-NoDerivs]

 


FBI hacks another iPhone, iPod

After all the stink made by the FBI about getting Apple to hack the iPhone, last week the FBI hacked the iPhone themselves. There are still no details on how the FBI was able to complete the hack. Their original request stated that they were in need of Apple’s help in order to avoid permanently erasing the phone. Now that there has been one successful attempt, the FBI is ready to hack again, this time for a murder case happening in Arkansas.

Cody Hiland, a prosecuting attorney in Faulkner County, told the Associated Press on Wednesday that the FBI had approved a request from his office and the Conway Police Department to crack an iPhone and an iPod. The devices belong to two teenagers that are being accused of murder. The day after the FBI announced that they had hacked the San Bernardino shooter’s iPhone without Apple’s assistance, an Arkansas judge agreed to postpone the trial of 18-year-old Hunter Drexler. Prosecutors in this case believe the devices may hold evidence related to the murders last July of Robert and Patricia Cogdell.

The actions of the government may be setting a dangerous precedent. Apple’s concern over hacking their own devices laid not only in their integrity as a company, but the privacy expected by their users. Now that the FBI has hacked the San Bernadino shooter’s iPhone, and helping to do the same for other cases, there will be an expectation that phones and devices will be unlocked for trials in the future. This Arkansas case is not the only request. A Justice Department request to unlock an iPhone linked to an accused drug dealer in New York was denied in February, but the department is appealing that decision.

All of this leaves Apple in a bad position. No company wants their devices hacked, even if it is the government doing so in the name of justice. Since we don’t know how the government unlocked the phone, it is likely that their method may end up being used by hackers and criminals. This would put all iPhones at risk and challenge Apple to continue to prevent decryption attempts in the future without all the knowledge of how these phones are being hacked.

Article via CNET, 30 March 2016

Photo: iPixel by Francis  [Creative Commons Attribution-NonCommercial-NoDerivs]


FBI-Apple showdown ends

Just before a court hearing schedule for Tuesday, the FBI decided to pursue and attack method that would not require Apple’s assistance. This effectively put the FBI’s case on pause, and created an anti-climactic end to the battle between the government and the tech giant over hacking into the San Bernardino shooters iPhone. A U.S. District Court in California ruled that good cause had been shown by the government for the delay and ordered it to file a status report with the court on April 5.

Originally the FBI had wanted Apple to write software that would change the amount of password attempts that could be made before the phone erased itself. Currently, an iPhone will be erased after 10 unsuccessful attempts with the wrong passcode. The FBI stated that it would need Apple’s help to get around this hurdle, but apparently that has changed. This leave many to wonder how to agency might defeat the phone’s security.

“You can always attack the phone while it’s running. There are hundreds of people in the world, if not more, who can do that,” said Rod Schultz, vice president of product at Rubicon Labs.”They can attach a debugger to the device, and modify the instructions that are doing the policy check,” he told TechNewsWorld.

The password also could be recovered through a technique known as NAND mirroring. It requires making a copy of the iPhone’s memory. Then, after 10 wrong password guesses erased the phone’s contents, the memory would be reloaded into the phone and the FBI could take 10 more tries at cracking it. That process would be repeated several times until the FBI was able to hack into the phone. The downside is that it takes a long time, and that is most why the FBI didn’t want to do it.

The is some skepticism about the reasons why the FBI asked for the delay. “Those of us who are watching both the technology arguments and the legal arguments are somewhat skeptical of the claim that the FBI suddenly discovered they could get into the phone,” said Mike Godwin, general counsel and director of innovation policy at the R Street Institute.

“The legal arguments that Apple produced were quite strong,” Godwin told TechNewsWorld. “I think the FBI was worried it was going to lose based on the legal arguments.”

As for Apple, its public stance is that the issue must be settled outside the courts. “Tim Cook has never said Apple will never cooperate with the FBI,” observed R Street’s Godwin.

Article via TechNewsWorld, 23 March 2016

Photo: The Apple – FBI Electronic Encryption Fight RGB Triptych v1.3 by Surian Soosay [Creative Commons Attribution-NonCommercial-NoDerivs]


Panel: U.S. government sending mixed encryption messages

Privacy professionals are saying the U.S. government is sending mixed encryption messages to technology companies. They build privacy and security by design in products and services, but leave them open to backdoor access by default. This issue became more prominent after an argument whether the Federal Bureau of Investigation (FBI) can force Apple, Inc. to unlock an iPhone used by one of the shooters involved in the San Bernardino terrorist attack.

On Feb. 16th, a federal judge ordered Apple to provide the FBI with software to disable the security feature that auto-erases the phone’s data after multiple incorrect attempts to enter the pass code. Demetrios Eleftheriou, Symantec Corp. global privacy director said, “It just seems like there’s a bit of an inconsistent message from the government. We have law enforcement on the one end saying you build back doors, they want broken by design.”  On the other end are “the regulators saying you have to incorporate security by default, privacy by default in the product,” he said.

Eleftheriou asserts that the U.S. government needs to consider if their ambivalent stance on consumer encryption is compatible with the new European Union General Data Protection Regulation requirements for privacy by design and security by default. “A weakness is a weakness. It can be exploited by anybody.”

Will DeVries, Google Inc. privacy counsel said companies “want the process to be really clear, really defined and based on principles that we can apply globally to our services that actually make sense and keep us all safe.”DeVries believes the argument against accessing a terrorist’s phone is just one “red herring”. “We’re actually worried about the precedent of saying can you ask a tech company to undermine the security of devices that’s out in the public, not just for the device they’re talking but a security flaw that then can be used on any device,” DeVries said.

Companies can be ordered to assist with law enforcement to get at some data, Chris Jay Hoofnagle, member of the advisory board of Bloomberg BNA’s Privacy & Data Security Law Report, said. “Obviously, what makes this situation so dangerous and difficult is that the work the government would like Apple to do could be used prospectively and could be used to erode privacy and security in devices generally,” Hoofnagle said. The technology industry is at this point in time now where the devices can outsmart these forensic appliances so whatever happens paves the way for the future of device security.

Hoofnagle sees that this tinkers with the Fourth Amendment. “We might come to a world in the U.S. where we basically have different Fourth Amendment standards for the terrorism case where maybe we do feel as though the phone should be unlocked versus other types of crimes that aren’t as serious.”

Article via Bloomberg BNA, February 19, 2016

Photo: System Lock via Yuri Samoilov


Nation divided over Apple decision

Apple’s decision to refuse the FBI order requiring the company to unlock a phone used by Syed Farook, one of the terrorists in the San Bernardino shooting, has divided the nation into two camps. Those who support the company believe that the FBI order jeopardizes individual privacy. Others argue that Apple’s challenge threatens national security.

In order to unlock Syed Farook’s iPhone, Apple would have to design a new software that would provide a backdoor through the phone’s security features. That software does not yet exist, and Apple argues it should stay that way.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices,” states Tim Cook’s response posted on the Apple website.

The non-profit advocacy group Fight for the Future organized demonstrations across the nation following the Apple decision in order to show solidarity with the company. Evan Greer, the organization’s campaign director, spoke about the importance of encryption in protecting public facilities like hospitals and airports, as well as in assuring the safety of individuals.

“For myself as a member of the LGBT community, I know there are a lot of people that have heightened needs for security. A breach is not just inconvenient or embarrassing, but can put people in threat of physical violence,” Greer said.

Henry Nickel, a San Bernardino city councilman, has the opposing opinion that Apple’s decision is an obstruction of justice. He likens Apple’s refusal to access the contents of Farook’s phone to a landlord’s refusal to unlock a suspect’s door in the face of a search warrant.

“I do not feel that digital data is in any way subject to additional protection from search or seizure than any other aspects of our lives,” Nickel said. “Apple is simply wrong if it believes digital information is somehow more sacred than any other type of information.”

San Bernardino Mayor R. Carey Davis felt similarly. “The attacks on December 2nd was the deadliest terrorist attack in the US since 9/11, and law enforcement officials continue to follow up on leads related to the case… It is my hope that Apple cooperates given the circumstances of this investigation,” he said.

Article via: The Washington Post, 19 February, 2016

Photo: Laughing Squid iPhone Webclip Icon by Scott Beale [Creative Commons Attribution-NonCommercial-NoDerivs]


Alphabet, worlds most valuable company

On Monday, Alphabet, the company that owns Google, overtook Apple by becoming the most valuable company in the world.

The most valuable companies in America are nearly all tech companies. Google and Apple are leading the pack with market values of $543 billion and $535 billion respectively. Behind those two companies sits Microsoft at $433 billion. Facebook, at $328 billion, took fourth on Monday, surpassing Exxon Mobile at $318 billion. The revenues of the top leaders (Google and Apple) are higher than any other company in corporate history.

Just last quarter Alphabet reported revenues of more than $21.3 billion, blowing past estimates by roughly half a billion dollars. Traders are expecting Alphabet to keep the title of most valuable company for some time to come. Revenue for the company saw $74.5 billion in sales for all of 2015, up from $66 billion in 2014. The good news keeps coming as Monday their stock rose another 5 percent.

Colin Gillis, senior technology analyst for BGC Partners, believes that Alphabet will become the world’s first trillion dollar company. Why? Sheer numbers, for one, Gillis said in an interview. “Think about the number of services they have with a billion users: Google Search, YouTube, Maps. Some of those are used multiple times every single day,” he said.

Some also think that the deciding factor between Google and Apple is all about China. Apple reported the slowest-ever sales growth for the iPhone and revealed that its business in China is facing trouble. In contrast, Alphabet makes very little money off hardware and does almost no business in China. Now that China’s economy is slowing down, Apple and their stock seem to be following suit.

It could be that Alphabet knows exactly how to show investors its future promise. Google has been famous for its moonshots, like the self driving car. The reorganization of Google, including the creation of the parent company Alphabet, has allowed transparency into its many services and what they offer. All that adds up to a lot of success and the number one spot for the tech company.

Article via The Washington Post,1 Febraurary, 2016

Photo: iPhone Alphabet by schnaars [Creative Commons Attribution-NonCommercial-NoDerivs]