Loading...
Does Apple mean that if a user forgets his password (for whatever reason), his iPhone would become useless forever? As an IT professional, I don't believe so at all.
Neither do I believe that if wrong passwords are entered several times then the data stored in that iPhone would be erased permanently, as mentioned in some news reports recently. If that's the case, iPhone would be the least safe smart phone--That means if your 6-year-old kid plays with your iPhone and tries passwords a few times while you are having a nap, the data in your iPhone could be gone forever.
Regarding the San Bernardino shooters' iPhone, Apple has the obiligation to assist FBI retrieving data in it. This is the obligation to the society. A locksmith should assist the police to unlock a criminal suspect's home, so should Apple.
Having said that, such data recovery work should be done on a case-by-case basis, authorized by court orders. The law enforcement should not have a dedicated hacking tool that allows them to hack into iPhones at their own wish. Don't forget that those working in law enforcement are also human beings. Some of them can break the law and abuse such hacking tool too.
WASHINGTON — The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage.
“There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone.
F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.
The iPhone used by Syed Rizwan Farook, one of the assailants in the Dec. 2 attack in which 14 people were killed, is at the center of a fierce legal and political fight over the balance between national security and consumer privacy. Many lawmakers at Tuesday’s hearing of the House Judiciary Committee seemed torn over where to draw the line.
“The big question for our country is how much privacy are we going to give up in the name of security,” Representative Jason Chaffetz, a Utah Republican, told Mr. Comey. “And there’s no easy answer to that.”
While some lawmakers voiced support for Apple’s privacy concerns, others attacked the company’s position, saying it threatened to deprive the authorities of evidence in critical cases involving newer iPhones.
“We’re going to create evidence-free zones?” asked Representative Trey Gowdy, a South Carolina Republican who once served as a federal prosecutor. “Am I missing something?”
“How the hell you can’t access a phone, I just find baffling,” he said.
Bruce Sewell, Apple’s general counsel, told committee members that the F.B.I.’s demand for technical help to unlock Mr. Farook’s iPhone 5c “would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” Apple has said that in many cases investigators have other means to gain access to crucial information, and in some instances it has turned over data stored in iCloud.
Mr. Sewell reacted angrily to the Justice Department’s suggestion that Apple’s branding and marketing strategy was driving its resistance to helping the F.B.I., an assertion that he said made his “blood boil.”
“We don’t put up billboards that market our security,” he said. “We do this because we think protecting security and privacy of hundreds of millions of iPhones is the right thing to do.”
F.B.I. officials say that encrypted data in Mr. Farook’s phone and its GPS system may hold vital clues about where he and his wife, Tashfeen Malik, traveled in the 18 minutes after the shootings, and about whom they might have contacted beforehand. While investigators believe that the couple was “inspired” by the Islamic State, they have not found evidence that they had contact with any extremists overseas.
A judge last month ordered Apple to develop software that would disable security mechanisms on Mr. Farook’s phone so that the F.B.I. could try multiple passwords to unlock the phone through a “brute force” attack, without destroying any data. Once the systems were disabled, it would take only about 26 minutes to find the correct password, Mr. Comey said.
He rejected an idea expressed by several lawmakers that the F.B.I. was trying to force Apple to build a “back door” to decrypt its own security features. He used a different analogy to explain the government’s demands.
“There’s already a door on that iPhone,” Mr. Comey said. “Essentially, we’re saying to Apple ‘take the vicious guard dog away and let us pick the lock.’ ”
But the F.B.I. did not help its case with lawmakers when Mr. Comey acknowledged the mistake of changing the iCloud password.
When the dispute over Mr. Farook’s iPhone erupted two weeks ago, the Justice Department blamed technicians at San Bernardino County, which employed Mr. Farook as an environmental health specialist and which owned the phone he used. But county officials said their technicians had changed the password only “at the F.B.I.’s request.”
Mr. Comey acknowledged at the hearing that the F.B.I. had directed the county to change the password.
Mr. Sewell, the Apple lawyer, explained to the committee that before F.B.I. officials ordered the password reset, Apple first wanted them to try to connect the phone to a “known” Wi-Fi connection that Mr. Farook had used. Doing so might have recovered information saved to the phone since October, when it was last connected to iCloud.
“The very information that the F.B.I. is seeking would have been available, and we could have pulled it down from the cloud,” he said.
The F.B.I.’s handling of the password change drew criticism from both Democrats and Republicans at the hearing.
“If the F.B.I. hadn’t instructed San Bernardino County to change the password to the iCloud account, all this would have been unnecessary, and you would have had that information,” said Representative Jerrold Nadler, Democrat of New York.
Mr. Chaffetz leveled a similar criticism during the more than two and a half hours of testimony from Mr. Comey.
“With all due respect to the F.B.I., they didn’t do what Apple had suggested they do in order to retrieve the data, correct?” Mr. Chaffetz asked the director. “I mean, when they went to change the password, that kind of screwed things up, did it not?”
But Mr. Comey said that even if the F.B.I. had not mishandled the password, he did not think the bureau could have gotten everything it wanted from the phone and would still have needed Apple to help disable the security features in the phone.
“We would still be in litigation,” he said, “because the experts tell me there’s no way we would have gotten everything off the phone from a backup.”
Mr. Comey stressed that the fight with Apple was about trying to get as much information as possible about the San Bernardino attack — not about gaining a powerful law enforcement tool elsewhere.
But when he was asked whether the F.B.I. would seek to unlock other encrypted phones if it prevailed in the San Bernardino case, he responded, “Of course.”
In the audience were relatives of a Louisiana woman, Brittney Mills, who was shot to death at her doorstep last year when she was about eight months pregnant.
Mr. Comey said the data in her phone could help investigators determine whether she was shot by someone she knew, but they had been unable to break the passcode.
This Wednesday, Feb. 17, 2016 file photo shows an iPhone in Washington. (AP / Carolyn Kaster, File)
NEW YORK -- Turns out there's a shadowy global industry devoted to breaking into smartphones and extracting their information. But you've probably never heard of it unless you're a worried parent, a betrayed spouse - or a federal law enforcement agency.
Now one of those hacking businesses may well be helping the FBI try to break into the iPhone of one of the San Bernardino killers.
Late Monday, the FBI abruptly put its legal fight with Apple on hold, announcing that an "outside party" had come forward with a possible way to unlock the phone. In an update for reporters Thursday, FBI Director James Comey said the method "may work." If so, it could render Apple's forced cooperation unnecessary.
The announcement has thrown a spotlight on a group of digital forensics companies, contractors and freelance consultants that make a living cracking security protections on phones and computers. Comey said the publicity around the Apple case encouraged such people to come forward with new ideas.
Most such companies keep a very low profile. Since the bulk of their business is with governments and law enforcement, there's no reason to for them to advertise their services. In addition, it's in their interest to keep exactly what they do under wraps, said Christopher Soghoian, principal technology expert for the ACLU.
"The companies won't share their secrets. It's their special sauce," Soghoian said. "And they certainly won't tell Apple how they're doing what they're doing."
For the moment, no one outside the Justice Department appears to know who the FBI's white knight is. A great deal of speculation centers on Cellebrite - an Israel-based forensics firm that says it does business with thousands of law enforcement and intelligence agencies, militaries and governments in more than 90 countries - though it remains one of several possible candidates. A company spokesman declined to comment.
Cellebrite, founded in 1999, has contracts with the FBI dating back to at least 2013. The firm makes devices that allow law enforcement to extract and decode data such as contacts, pictures and text messages from more than 15,000 kinds of smartphones and other mobile devices.
It also makes commercial products that companies can use to help their customers transfer data from old phones to new ones. Apple even uses Cellebrite devices in some of its stores.
In the cybersecurity arms race, Apple has managed to stay ahead of these forensics companies. Cellebrite's website says its commercial tools work with iPhones running older operating systems, including iOS 8, but not the latest version, iOS 9, which is on the San Bernardino phone.
Of course, it's possible that one of these companies has made a breakthrough.
"Anything is crackable - it's just how much time do you have and how much money do you have to spend," said Jeremy Kirby, sales director at Susteen, a Cellebrite competitor in Irvine, California, that says it's not the FBI's outside party.
Susteen started as a software developer that made tools for cellphone companies. Kirby said his firm began developing forensic products for law enforcement about 10 years ago, after the FBI asked it to produce a tool that could preserve cellphone data for criminal investigations.
Now the company says its products are used by the Defense Department and hundreds of law enforcement agencies nationwide. It also sells a less-powerful data-extraction tool for consumers who want to check up on their kids or spouses by seeing their text messages, emails, smartphone photos and even deleted files.
Forensics companies maintain their own research staffs that probe target devices for weak spots, but for tough jobs, they sometimes turn to freelance hackers, some of whom will work for the highest bidder.
"What we're seeing now is what you can't do for yourself, you can buy," said Zuk Avraham, founder of the mobile security firm Zimperium, which seeks to defend phones against hacking.
Inspired by the FBI-Apple standoff, Rook Security, an Indianapolis-based cybersecurity firm that works with law enforcement, formed an expert team devoted to creating a copy of an iPhone's flash memory , hoping a backup would allow investigators to restore data that could be wiped out after too many wrong password guesses.
Many security researchers think that might work, though no one has announced success or demonstrated it on an iPhone running iOS 9 or higher. Rook, however, suspended its efforts when it couldn't find a way to take the phone apart without damaging it.
Avraham said he has no doubt the San Bernardino iPhone can be hacked.
"It's only a matter of time and resources," he said. "We have seen so many times when security researchers claim something to be impossible. They're proven wrong over time."
-----
Daniel Estrin in Jerusalem and Tami Abdollah in Washington contributed to this report.