Mine just has a text entry box that doesn’t hint at the number of characters required.
My guess is its an assumption, meant to fit the idea that ‘if they had the backdoor, they could brute force in x days’ - making the backdoor more valuable in a timing sense.
It’s also likely the most common pPIN length
Reality is they don’t have any real clue as to the pin - and its getting this build of the OS that allows for brute force attacks against it is the real goal. (Plus the precedence it sets)
I ciould swear I saw this affidavit online, but now can’t find it. Do you happen to have a link?
Tried PACER, but … you know how PACER is.
It looks like one of these.
Do you have a four digit numerical PIN? I’m guessing if you have alphanumeric, it wouldn’t look the same.
Good point!
Yes, I have alphanumeric. Just checked my wife’s and hers is six digit numeric, which looks like the right-hand image of four you posted.
By the way, I just came across this article from The Intercept, a group of journalists (not sure if that’s the right term, I think Edward Snowden Fan Club is probably more accurate) who point out how the FBI’s attempts to break into this iPhone can be easily foiled… by a stronger passcode.
Let’s keep in mind that this whole effort to break into the iPhone in question is a two-step process: first, get Apple to load a new iOS that disabled the feature which wipes the iPhone if 10 wrong passcodes are entered into the phone. Second, the FBI brute-forces the four digit PIN.
The Intercept article explains that even if the FBI forces Apple to comply with the first step, the second step is not necessarily technically feasible. While a four digit numerical PIN can probably be brute forced in a very short period of time, Apple allows iPhone users to use stronger passwords. A strong password would take thousands of years for the FBI to break.
Why is this important?
Because Apple, SteveMB, and many others are representing that if Apple is forced to do step number one, then it is only a matter of time before every single iPhone on the planet is a useless storage device with no more security than a Post-It note.
But as The Intercept explains so clearly, and in such simple language, that’s not true. Users just have to use stronger passcodes, and then the FBI’s Texas Two Step described above is going to be useless. That’s because there isn’t enough computing power to brute force a strong passcode on an iPhone in any kind of useful time frame. As the author of the article states himself: “By choosing a strong passcode, the FBI shouldn’t be able to unlock your encrypted phone, even if it installs a backdoored version of iOS on it. Not unless it has hundreds of years to spare.”
So maybe it is just about a small number of phones after all…
Here’s a link to the affidavit: http://www.wired.com/wp-content/uploads/2016/03/Apple-govt-REPLY-BRIEF-Pluhar-supp-dec-without-exs.pdf
If Apple crumbles to the orders, I am going to to be real glad I use Android.
Generally speaking, Android is far less secure. (I realize the site there is biased, but the experts they quote are not.)
What will happen is people will stop relying on the OS, and start relying on individual apps that provide encryption and device security.
Not everything on the phone is backed up to iCloud. The phone would definitely have things like browsing history, probably stored logins to things like Facebook, and probably apps like WhatsApp.
This is a viable option for the Supreme Court to punt on this issue. Maintain the test from NY Telephone company and find that Apple’s assistance isn’t the only way to get this data.
This is a good point. iOS9 (which the iPhone 5C in question was running) defaults to a six-digit numerical passcode. You can override that and require four digits, or more digits, OR an alphanumeric passcode with apparently no length limit. It takes several steps to do this, so probably most users will not – but they could.
Here is an online calculator that shows the permutations for passcodes of varying types and lengths: http://projects.lambry.com/elpassword/
Regarding the current case, I have never seen any authoritative info about why the FBI thinks he used a four or six-digit numeric passcode. Maybe just optimism, or a psychological profile? If he used a more difficult passcode (which any iPhone user on iOS9 can do) it would be very difficult to break, even using “GovtOS”.
Of course, mandatory strong passwords are not user-friendly and impose a significant support burden. But iOS does not currently force any password use at all.
Had the FBI not created such a high profile situation, it’s possible most iPhone users would have continued using no passwords or weak passwords. Now everyone (good and bad) have been repeatedly reminded of this issue. Also Apple may now feel impelled to close the iOS upload vulnerability so it’s impossible to use the “GovtOS” approach. They could even further strengthen chip-level anti-tamper fabrication which would make decapping much more difficult.
This Forbes article discusses various technical approaches the NSA could have used to crack the iPhone 5c: http://www.forbes.com/sites/thomasbrewster/2016/03/17/nsa-hackers-fbi-syed-farook-apple-iphone/#594a16b8425f
There has been significant informed commentary that a major rift exists between the intelligence community and the FBI on this. This possibly explains the 180 degree reversal by Senator Lindsey Graham, immediately after being briefed by U.S. intelligence:
It is conceivable the intelligence community feels that rambunctious FBI action will result in losing technical pathways they currently enjoy.
An added wrinkle:
Today, the New York Times is reporting that those Apple engineers most essential to writing the code demanded by the FBI are threatening to quit rather than comply. In that event, Apple could then legitimately say they now lack the technical expertise to carry out the court order.
As pointed out in the article, by the way, any of those engineers would have a more than easy time finding a job elsewhere in the industry. And quite possibly for better pay. IOW, not only would they be heroes (to some), they’d suffer no financial consequences by doing so.
Heck, have Apple set up a foreign-based subsidiary to hire these engineers, then Apple can use them as contract workers.
Apple would suffer the financial consequences of losing experienced engineers. Unless they hire them back as independent contractors. But will they have to quit? Even if the court enforces the order, Apple isn’t forced to fire anyone who refuses to comply, right?
No. They might offer them tax attorneys after all the programmers mysteriously get audited.
When you turn on an iPhone and it’s prompting you for the passcode, the screen you see will show you four or six spaces to fill in if it’s a four or six digit passcode. Like the images Ravenman linked to earlier:
Now the Feds say they don’t even need Apple’s help anymore (well, they may not need it). Apparently, there’s a third party who has a technique to get into the phone.
I think it’s a bluff and a way to make Apple look bad (after all, some ‘third party’ was able to penetrate their impregnable iPhone fortress). Nobody can ever force the FBI’s hand and demand to know what was, or was not, found (using the third party’s help). So, a good time to bluff, IMHO.
I think it’s full reverse back peddling designed to get their ass out of the Congressional line of fire.
This was a company phone that was supposed to have software on it that allowed the company access. They didn’t destroy it. They did destroy their private phones.
The FBI didn’t have public support, they didn’t have Congressional support and I doubt they had a legal case to work with. This was always a legal fishing expedition and they thought nobody would notice. Everybody noticed.
Indeed. And, just to be clear, when I said the Feds are bluffing, I mean that I don’t even think their so-called ‘third party’ even exists. Or, if it does, it’s probably one of the agent’s nerdy nephew.