Should Apple help the government hack into encrypted devices?

[Merneith]

Plot Twist:

Apple: We tried to help FBI terror probe, but someone changed iCloud password

So it turns out that, at some point while the phone was in FBI posession, someone who works for the FBI changed the password to its current supposedly unknown iteration.

The idea was to force the iPhone 5C to auto-backup to Farook’s iCloud account. With a legal court order, Apple can and does turn over iCloud data. For some reason, Farook had not backed up the phone for roughly six weeks prior to the attack. The executive said Apple does not know whether the auto-backup was disabled or enabled, but he did say that the previous iCloud backups, which were handed over to investigators, were sporadic.

Apple suggested that the FBI take the iPhone 5C, plug it into a wall, connect it to a known Wi-Fi network and leave it overnight. The FBI took the phone to the San Bernardino County Health Department, where Farook worked prior to the December 2, 2015 attack.

When that attempt did not work, Apple was mystified, but soon found out that the Apple ID account password had been changed shortly after the phone was in the custody of law enforcement, possibly by someone from the county health department. With no way to enter the new password on the locked phone, even attempting an auto-backup was impossible. Had this iCloud auto-backup method actually functioned, Apple would have been easily able to assist the FBI with its investigation.

The executive only revealed this detail to reporters now because it had thought it was under a confidentiality agreement with the government. Apple seems to believe this agreement is now void since the government brought it up in a public court filing.

That means either

1. Some at the FBI changed it the password so that it would be safe from any of Sayed’s evildoer friends and then forgot to write down the new one

2. Someone at the FBI changed the password in order to make a big production and force Apple to make them a backdoor
   I would guess the odds are about 50-50.
   Anyway, if it’s true that the FBI implemented the current password, does that change the case for forcing Apple’s assistance in fixing it?

[CurtC]

erocked:

I’m no expert on encryption, but my understanding is that it works by multiplying prime numbers. The idea that the math is easy one way but near impossible the opposite way. 631x773=487,763. But to find the 2 original prime numbers is near impossible without trial and error. It is my understanding that they use very large primes.

You’re thinking of public-key encryption, where you need to be able to encode a message so that only the intended recipient can read it.

That’s not the case with iPhone encryption, which is just an application of traditional encryption, where you have one key that encrypts and the same key decrypts. That’s done with the AES256 standard, using a very tried-and-true method of encryption.

Hey Scylla - I’m intrigued by your ideas and would like to subscribe to your newsletter. Do you get your information from Infowars.com?

[CurtC]

Scylla:

What I am saying is that if we know that a given string of data is John Donnes “No man is an Island” poem, No matter how you encrypt that, the result is extremely vulnerable to decryption analysis.

That would be true if multiple iPhones were encrypting the same subsets of data with the same encryption key. But every iPhone uses a different key, so that does you no good.

Scylla, I can tell you really want to believe this. But every security expert on the planet disagrees with you. And the fact that you want to believe it should actually make you more suspicious of it.

[Magiver]

I still don’t see how the court can compel workers of Apple to work on the court’s behalf. They do not represent Apple. they work for Apple.

[Bricker]

Scylla:

I understand. What I am saying is that if we know that a given string of data is John Donnes “No man is an Island” poem, No matter how you encrypt that, the result is extremely vulnerable to decryption analysis. It doesn’t matter if my phone uses one key and your phone uses another. If we know how a large data stream decrypts than we essentially know how to decrypt it with not too much analysis.

If that were the only content being decrypted, yes.

But if we have three phones, and one contains the literal string:

NO MAN IS AN ISLAND by John Donnes

The second:

NO MAN IS AN ISLAND by John Donnes!

The third:

NO MAN IS AN ISLAND by: John Donnes

Then the resulting encryption for each will be complete different.

So the mere fact that you know a specific string is not helpful. That’s the whole point of hashing: a hash function maps different content to a wide range of results.

One of the hardest most unbearable types of encryption is the one time pad. Even so, the German’s managed to break some of this without knowing content or algorithm simply based on the fact that the lady spinning the bingo cage with the random numbers tended to get lazy later in the day. That’s a lot less to go on than we have with this iPhone.

The difficulty of the one-time pad is completely different. A one-time pad’s strength comes from limiting the amount of data exchanged using an existing shared secret. It relies on the idea that Alice and Bob, who are the users of the pad, have successfully shared two copies of the pad with each other and no one else. The Germans faced a vastly trivial encryption complexity method whose strength was that for the time, and the turnover of the key, there was still a massive computational hill to climb. The weakness they were able to exploit was that the key was not truly random: the key was not as strong as its users believed.

Here, in contrast, we have an unclimbable hill: the discrete logarithm. Even if we posit computers that are considerably faster than we have now, it doesn’t reduce the cracking time to inside a human lifetime.

The Germans also didn’t face the loss of their data after ten incorrect attempts at a key.

It resets the key, but not the password. Brute forcing the password for more than ten attempts would thwart another party that was working on the key. They would have to start again from scratch, but it doesn’t reset anything else. I just entered 13 incorrect passwords on my iPhone, and then put the correct one in and it worked just fine.

Go to Settings, then Touch ID and Passcode. At the bottom of the screen is an option that says, Erase Data. Is it on?

Yes. If the user in question was a longstanding iPhone user who had owned several iPhones and been through several iOS upgrades, than he has never gotten a prompt to upgrade his password beyond the four digits. If he was lazy or ignorant that is all he has. If he used an alphanumeric password of longer combination it is still unlikely that it is random. People use nicknames, birth dates, parents names, kid’s names birthday’s, past girlfriend’s names. Typically people choose passwords that they feel have special significance to them, but because we as people tend to think the same, we tend to choose passwords based on the same criteria. People almost never choose a random string or truly strong password.

You have ten chances to prove this theory.

You have a cite for that? My research is questionable on this particular. Evidence suggests that it won’t because this has been a known vulnerability of past versions that had been successfully spoofed. If in fact it is vulnerable to this which I consider possible but unlikely than the gov provably could spoof it on their own without Apple.

Sorry. What they have is a way to load a signed boot loader that is intended to zap the phone and reload iOS. What the government is asking them to do is use this boot loader capability to write something that will run on the iPhone, read the UID from hardware, accept a passcode, and generate a key, then try the key. It won’t erase the stored key after ten tries. It also won’t artificially extend key gen time to 80 ms.

[Bricker]

Merneith:

Anyway, if it’s true that the FBI implemented the current password, does that change the case for forcing Apple’s assistance in fixing it?

No.

The change the FBI made was external to the phone. They never had access to the phone.

The fact that by changing the iCloud password they cut off a promising method of gaining access is not legally relevant, unless they knew that this could result ahead of time.

[Crazyhorse]

Merneith:

That means either

1. Some at the FBI changed it the password so that it would be safe from any of Sayed’s evildoer friends and then forgot to write down the new one

2. Someone at the FBI changed the password in order to make a big production and force Apple to make them a backdoor…

This was apparently done by someone on the IT staff at his office in a really stupid attempt to gain access his iCloud account and not the FBI.

Since his employer controlled his email address they were able to submit a password change request to Apple and gain access to his iCloud account.

In the mean time the FBI had already long ago obtained the existing data in his iCloud account through a lawful warrant that Apple was willing and able to comply with. The FBI noticed it had been a while since the phone did a backup and wanted the most recent data on the phone.

Apple suggested that they trigger an automatic backup by connecting the phone to a known wifi network and plugging it in. At that point they discovered the phone can no longer back itself up to iCloud because the phone obviously still has the old iCloud password saved in it and that can’t be changed without unlocking the phone.

Apple has complied with lawful warrants to provide data that they have in their possession but this order requires them to actually create something that doesn’t exist to assist the government in its investigation. They already need to staff a compliance department with highly paid employees just to handle the volume of such warrants and court orders they receive as it is.

They aren’t about to allow a precedent to be set that also requires them to comply with government orders to write code, test theories and invent ways to bypass the security of their products every time an investigator wants them to.

Just another small point but it seems telling to me in terms the government seeing this as a precedent to be set too, and not just a one-off case: The court order requires Apple to find a way to bypass the auto-erase feature on the iPhone, even if it is not enabled on this particular iPhone. Why would they include that stipulation if not for a hope to use it in future cases too?

[Scylla]

Bricker:

If that were the only content being decrypted, yes.

But if we have three phones, and one contains the literal string:

NO MAN IS AN ISLAND by John Donnes

The second:

NO MAN IS AN ISLAND by John Donnes!

The third:

NO MAN IS AN ISLAND by: John Donnes

Then the resulting encryption for each will be complete different.

So the mere fact that you know a specific string is not helpful. That’s the whole point of hashing: a hash function maps different content to a wide range of results.

I understand that decryption on one phone will not apply to another. The UID means each phones key is unique. However, if we have two phones one unencrypted and one encrypted and we know they share common data than the problem is not the random billion billion year problem you suggest. Whether it’s a poem, or the operating system, if we know that some of the encrypted content will look like unencrypted, and we know the algorithm, than finding the key is not a random brute force task. It’s a matter of saying what key through this algorithm turns this specific data into this specific encrypted content. Next, that key can be applied to the rest of the encrypted data on that phone where the content is not known. That key will not work on a third or any other phone.

The difficulty of the one-time pad is completely different. A one-time pad’s strength comes from limiting the amount of data exchanged using an existing shared secret. It relies on the idea that Alice and Bob, who are the users of the pad, have successfully shared two copies of the pad with each other and no one else. The Germans faced a vastly trivial encryption complexity method whose strength was that for the time, and the turnover of the key, there was still a massive computational hill to climb. The weakness they were able to exploit was that the key was not truly random: the key was not as strong as its users believed.

All encryption is strengthened by limiting the size of the data. The more data you encrypt the more information you are providing a potential cryptographer, the more leverage he has to apply his tools.

Here, in contrast, we have an unclimbable hill: the discrete logarithm. Even if we posit computers that are considerably faster than we have now, it doesn’t reduce the cracking time to inside a human lifetime.

The Germans also didn’t face the loss of their data after ten incorrect attempts at a key.

My phone is not set that way. Is yours? Do we know that the phone in question is?

Go to Settings, then Touch ID and Passcode. At the bottom of the screen is an option that says, Erase Data. Is it on?

You have ten chances to prove this theory.

If that’s how the phone is set.

Sorry. What they have is a way to load a signed boot loader that is intended to zap the phone and reload iOS. What the government is asking them to do is use this boot loader capability to write something that will run on the iPhone, read the UID from hardware, accept a passcode, and generate a key, then try the key. It won’t erase the stored key after ten tries. It also won’t artificially extend key gen time to 80 ms.

The whole point of the UID is that it can’t be read. I really don’t know if it works as advertised. There seems to be some disagreement on that point.
Bricker:

Basically, the history of cryptography is that people think their encryption is secure and it turns out not to be. There have been an awful lot of “unbreakable” codes that failed to live up to billing. A phone is not a closed set of data either. Even in a locked phone there is dara being transmitted wirelessly, operations being performed within the phone etc, etc… There are potentially many many holes in a phone vulnerable to exploit. Every new version and upgrade of security from the first OS to the existing one has had as part of its purpose an attempt to close the flaws and holes in the previous versions. You seem to be suggesting that the current version on the suspects’ phone has done what all previous versions have failed to do and produced a flawless security system. I think that highly unlikely.

More likely is that the phone has been cracked the data is in the hands of the FBI, and this public song and dance is to convince interested parties that the opposite is true.

It is not enough to break a code. In order for that accomplishment to be useful the other party has to be convinced you have not broken it.

[Bricker]

Crazyhorse:

Just another small point but it seems telling to me in terms the government seeing this as a precedent to be set too, and not just a one-off case: The court order requires Apple to find a way to bypass the auto-erase feature on the iPhone, even if it is not enabled on this particular iPhone. Why would they include that stipulation if not for a hope to use it in future cases too?

They don’t know if the feature is enabled on this phone. That’s why.

[Bricker]

Scylla:

I understand that decryption on one phone will not apply to another. The UID means each phones key is unique. However, if we have two phones one unencrypted and one encrypted and we know they share common data than the problem is not the random billion billion year problem you suggest. Whether it’s a poem, or the operating system, if we know that some of the encrypted content will look like unencrypted, and we know the algorithm, than finding the key is not a random brute force task.

Do you get what a hashing function does?

My phone is not set that way. Is yours? Do we know that the phone in question is?

Yes, mine is.

We don’t know how the phone in question is set.

But because the option exists, do you understand why the government must proceed as though it is turned on?

Basically, the history of cryptography is that people think their encryption is secure and it turns out not to be. There have been an awful lot of “unbreakable” codes that failed to live up to billing. A phone is not a closed set of data either. Even in a locked phone there is dara being transmitted wirelessly, operations being performed within the phone etc, etc… There are potentially many many holes in a phone vulnerable to exploit. Every new version and upgrade of security from the first OS to the existing one has had as part of its purpose an attempt to close the flaws and holes in the previous versions. You seem to be suggesting that the current version on the suspects’ phone has done what all previous versions have failed to do and produced a flawless security system. I think that highly unlikely.

More likely is that the phone has been cracked the data is in the hands of the FBI, and this public song and dance is to convince interested parties that the opposite is true.

It is not enough to break a code. In order for that accomplishment to be useful the other party has to be convinced you have not broken it.

There are two general cases.

AES256 is broken, or,

The particular implementation here is known to be flawed.

Both are certainly theoretically possible. The first requires a genuine breakthrough in computing design.

The second might exist.

But so far, the only evidence that it exists is your speculation that it must.

[doubleminus]

I’m barging in quite late in this discussion, but being in the eye of the storm in the 90’s – in the first wave of crypto wars brought by the kind president Clinton, I have some knowledge of the issues involved from both sides of the debate.

1- The issues are very complicated and it is very difficult to phrase them in white or black terms. No obvious good or bad guys. It does not help that the technology constantly shifts and makes past arrangements impossible.

2-The US government primarily keeps loosing because it behaves like an elephant in a china shop. Even in this specific case *When the Feds asked for info that hadn’t been backed up, Apple balked. The FBI then made its tailored request, which Apple asked to be placed under seal, according to the New York Times. Instead, the FBI went public, setting off the high-profile drama that has turned Apple CEO Tim Cook into a privacy darling. *

3-It seems clear to me that the USG attempts to derail the attempts of the industry to lock themselves out of the capability of penetrating user devices. Apple and Google are claiming this self-inflicted incapacity for about a year now. Apple publicly acquiescing the self-hacking capability (and willingness) - albeit on a much less protected Iphone 5C- will make them hardly credible.

4-Aside of the moral issues involved, there are at least 2 reasons why Apple et al. don’t want to be able to provide data of their customers even reasonable subpoenad data. One is the huge potential liability, especially if hackers are able to enter their internal network and the leak is made public. The other one is that these are global companies. They will be blackmailed to death to provide the same set of capabilities to other governments. One has only to remember the fights RIM (Blackberry) had to engage with foreign governments in order to understand this.

5-I find it hard to believe that the billions that the NSA and CIA is pouring in crypto and cyber warfare would not be capable of recovering data on this phone. What the heck, they can easily read chips and find the keys or perform many other hardware-type analyses. It is of course possible that the FBI does not have that capabilities and/or NSA cannot work on this purely internal US case. However, my guess is that neither the Farook data is important enough nor significant effort was done by competent people on behalf of the government. Without being overly paranoid, I think this is a well calibrated case for ramming some back door technologies on device manufacturers.

6-Much of this, of course results from the unbelievably moronic policy that was effected in the Snowden debacle. Instead of somehow providing him immunity, 72 virgins and a 8 digit amount of money if he returned to the US(or Litvinenko methods alternatively), nowadays, the Russians have all the documents and release them slowly to the largest effect. For the large companies, it is now very clear that any secret cooperation with the USG that might be damnable in the eyes of the public is extremely dangerous.

7-As against any past period I can think of, the capability of monitoring people and their communications, actively tracking their every activity is many times greater. There is not any more reason to break encryption per se, there are so many possibilities. Just think, say, of a Chinese bright guy just finishing graduate studies in the US who is recruited by the Chinese intelligence and starts working at Apple, or Google, or… Let me assure you that no amount of auditing will be able to find the carefully concealed “bugs” planted by him somewhere in the millions of lines of code. And if it’s found - eh, a buffer overflow oversight. Does anyone think that this is only speculation ? And please remember that in a complex systems there is code everywhere - from the camera to the Synaptics touch controller.

In conclusion - my personal view is that privacy is so broken now that there should be a concerted action by everyone to shore it up. And what is amazing to me is that those persons in the US fighting against gun controls are on the other side of this debate which is much more conducive to Big Brother and government control and interference than firearms.

[Scylla]

Bricker:

Do you get what a hashing function does?

Yes, inverting a good one from encrypted data alone is generally considered a dead end. However, if you have an example of both the input and the output, then it is not so considered. In this particular case we have input and output and the algorithm. All that is lacking is the key.

But because the option exists, do you understand why the government must proceed as though it is turned on?

Not necessarily. Again, if the phone is backed up to a trusted computer or has info in the cloud one may be able to determine the security setting used. It may also be that a phone that is set to erase may respond somewhat differently to an input of the wrong code than one that is not, or may give its state away in some other determinable factor.

What you state here is possible, but not a given.

There are two general cases.

AES256 is broken, or,

The particular implementation here is known to be flawed.

Both are certainly theoretically possible. The first requires a genuine breakthrough in computing design.

The second might exist.

But so far, the only evidence that it exists is your speculation that it must.

I did not say that it “must,” simply that it is extremely likely. All previous versions of the iPhone had security flaws which could be exploited. Each new update fixes some, makes others more difficult to exploit and sometimes opens new ones. That this version has security flaws as well is the logical conclusion. Suggesting that this one does not is the speculative assumption.

Strong evidence that this phone has been cracked and that the data is being exploited is the fact that the government seems to be stating very clearly that it has not. Does the story about someone in the FBI accidentally resetting the password seem very credible to you, or does it seem more likely that that might be said to increase the confidence of the people who fear the FBI has the content on the phone?

This kind of thing has been done before. Misinformation is not a new concept.

[Magiver]

doubleminus:

In conclusion - my personal view is that privacy is so broken now that there should be a concerted action by everyone to shore it up. And what is amazing to me is that those persons in the US fighting against gun controls are on the other side of this debate which is much more conducive to Big Brother and government control and interference than firearms.

This. It’s mind boggling that people are so willing to give up their rights.

I wish the judge was in my neck of the woods. there’d be a crowd of at least one with a protest sign in front of the courthouse.

[Smapti]

Magiver:

This. It’s mind boggling that people are so willing to give up their rights.

What “rights” are anyone being asked to “give up”?

[Steve_MB]

The_Flying_Dutchman:

Why can’t we all just accept that there should not be any assumption of privacy over the internet.

Because that would destroy the economy to a degree that would make the fall of 2008 look like a hiccup.

[CurtC]

Scylla:

However, if we have two phones one unencrypted and one encrypted and we know they share common data than the problem is not the random billion billion year problem you suggest. Whether it’s a poem, or the operating system, if we know that some of the encrypted content will look like unencrypted, and we know the algorithm, than finding the key is not a random brute force task. It’s a matter of saying what key through this algorithm turns this specific data into this specific encrypted content.

What you have described here is exactly that billion billion year problem that Bricker talked about. Yes, if you have the unencrypted source text and the cipher text, and you know the AES256 algorithm like an expert, then finding the key that was used IS the billion billion year challenge. I’m wondering where you’re getting your ideas.

Scylla:

Strong evidence that this phone has been cracked and that the data is being exploited is the fact that the government seems to be stating very clearly that it has not.

Wait - the evidence that the FBI has cracked it is that they are saying they haven’t?

Scylla, you’re deep into Infowars territory here.

[Ravenman]

Steve_MB:

Because that would destroy the economy to a degree that would make the fall of 2008 look like a hiccup.

Fewer people buying iPhones would cause a global economic catastrophe?

[Steve_MB]

Merneith:

That means either

1. Some at the FBI changed it the password so that it would be safe from any of Sayed’s evildoer friends and then forgot to write down the new one

2. Someone at the FBI changed the password in order to make a big production and force Apple to make them a backdoor
   I would guess the odds are about 50-50.

I’d say closer to 0.01-99.99.

[doubleminus]

Smapti:

What “rights” are anyone being asked to “give up”?

If the backdoor idea is accepted – and believe me that this fight is about the backdoor issue notwithstanding the specific case at hand – than sooner or later, probably sooner, the bad guys with no court orders will be able to use it. You should be scared shitless about this possibility

[Ravenman]

But the backdoor is already there - there is a way to load on OS onto a locked phone. Do you think Apple made a mistake to allow this backdoor to exist, or did it on purpose?

I can’t be sure, of course, but I would lean toward thinking that they knew what they were doing. ETA: plus, aren’t security flaws found all the damn time? Isn’t he number one rule of cyber security to update your software regularly? I think folks are getting hysterical like this is the first time anyone’s exploited a security flaw.