In one of the stranger and belated twists to Apple’s battle with the FBI over the San Bernardino iPhone, Oracle founder Larry Ellison has criticized the company.
He told Fox that Apple’s refusal to create a weakened version of iOS dubbed GovOS was a ‘bizarre’ decision …
A bipartisan bill being put before Congress would eliminate the possibility of any future battles between Apple and the government over backdoor access to iPhones. Apple famously fought the FBI when it demanded the firm create a compromised version of iOS to access a work iPhone used by one of the San Bernardino shooters.
The Secure Data Act would ‘prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies’ …
A Higher Loyalty, the memoir/exposé written by former FBI director James Comey, is now available for pre-order on iPhone and iPad, ahead of its official publication date tomorrow.
In the book –subtitled Truth, lies and leadership – Comey likens President Trump to a ‘mob boss’ who is ‘untethered to the truth’ and morally unfit to be president. But he also doesn’t hold back about Apple’s decision not to help the FBI in the San Bernardino shooting, describing it as ‘appalling’ …
It’s been a few years since the Apple vs FBI case, where The FBI asked Apple if they could create a backdoor into their operating system for law enforcement to easily access iPhone data.
A Department of Justice investigation has concluded that the FBI inadvertently misled Congress when it said that it had exhausted all attempts to access the iPhone used by one of the San Bernardino killers.
The FBI claimed in a court filing that it had no means to access data stored on the iPhone without Apple’s assistance, a claim later repeated to Congress. A report covering this statement concludes that while it was technically true, it gave a misleading impression …
The heads of the FBI, CIA, NSA and three other US intelligence agencies have warned Americans not to buy Huawei smartphones, or indeed any other Huawei products and services.
The reason is somewhat ironic in view of the agency’s battle with Apple …
While the battle between the FBI and Apple over backdoor access to iPhones ended without a legal ruling, it seems the European Union takes Apple’s side. The European Parliament has proposed legislation which would safeguard data privacy and specifically outlaw the creation of backdoors for law enforcement agencies.
The proposed legislation would also provide a legal right to use end-to-end encryption, preventing individual EU countries from banning its use …
Ousted FBI director James Comey will be testifying before the Senate intelligence committee this morning, and you can watch a livestream of the event.
The battle between the FBI and Apple over the San Bernardino iPhone may (for now) be long over, but one question remained: just how much did the FBI pay a third-party company to access the device?
FBI director James Comey yesterday told a Senate oversight committee that the FBI has been unable to access almost half of the mobile devices it tried to examine in the first half of the fiscal year, reports TechCrunch.
Comey said the FBI had been unable to access the contents of more than 3,000 mobile devices in the first half of the fiscal year, using what he described as “appropriate and available technical tools, even though there was the legal authority to do so.” He said that represented “nearly half” of all the mobile devices it had attempted to access in that time frame.
Comey made the statement in apparent support of the latest attempt at forcing phone manufacturers to provide backdoor access to the authorities …
Apple has joined Amazon and Microsoft in a court filing which supports Google’s decision to resist an FBI warrant demanding that it hand over emails stored outside the USA. The tech companies argue that this would set a ‘troubling’ precedent.
Business Insider reports that the FBI served search warrants ordering Google to hand over emails belonging to suspects in a criminal investigation. The emails in question were stored on a server stored outside the USA, and Google refused, arguing that a domestic search warrant could not apply to data stored in a foreign country …
Update: AP reports that Wikileaks has decided to address the first problem by giving tech companies details of the tools.
BREAKING: Julian Assange: WikiLeaks has decided to give details of CIA hacking tools to tech companies .
— The Associated Press (@AP) March 9, 2017
The WSJ reports that Apple engineers are working to address the remaining iOS exploits reportedly used by the CIA, but they and other tech companies are being hampered by two factors. The first is lack of any access to the code itself.
Apple engineers quickly began calling colleagues to bring them up to speed on the data dump and to coordinate the company’s response to this new security threat, according to a person familiar with the situation […]
Companies now find themselves in a difficult position: They believe that at least two organizations have access to hacking code that exploits their products — the CIA and WikiLeaks — but neither one is sharing this software …
FBI Director James Comey – who has previously attacked Apple for refusing to create a weak version of iOS to allow government access to iPhones – has said that Americans have no right to expect absolute privacy. CNN has a video clip of Comey making the statement yesterday at a Boston College conference on cybersecurity.
Even our communications with our spouses, with our clergy members, with our attorneys are not absolutely private in America […] There is no such thing as absolute privacy in America; there is no place outside of judicial reach …
Update: Edward Snowden has tweeted that the code names are real and would only be known by a cleared insider. The BBC has reported that some of the iOS malware allows ‘the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.’
What makes this look real?
Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.— Edward Snowden (@Snowden) March 7, 2017
Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware used to attack iPhones and iPads …
The San Bernardino iPhone hack story rumbles on, with three news organizations insisting that there is no good reason for the FBI to withhold the cost of accessing the phone. Associated Press, Vice Media and USA Today have asked a US judge to force the FBI to reveal the information, reports the BBC …
After the FBI refused to reveal details of who helped it to access the work iPhone in the San Bernardino shooting case despite Freedom of Information Act requests, three news organizations filed a lawsuit demanding access to the information. The agency has now responded with 100 pages of documents, but has censored the key facts, reports CNET.
[UPDATE: Apple has not been asked to unlock the shooter’s iPhone (therefore no denial to comply has been made either) despite conflicting reports, 9to5Mac has learned. Rather, local media initially reported that Russia plans to attempt to break the four-digit passcode on the recovered iPhone, although the passcode has not yet been broken, per initial reports.]
After an off-duty police officer shot dead the Russian ambassador to Turkey, Apple has been asked to help unlock an iPhone 4s recovered from the killer.
MacReports and other local media say that Apple is expected to refuse the request from Turkish authorities, but report that the Russian government has said it will help …
The Indian government has struck a deal to buy the technology Israel-based Cellebrite used to gain access to the iPhone in the San Bernardino shooting case, reports the Economic Times. The FBI was reported to have paid Cellebrite close to $1M to access the phone in the high-profile case resulting in a court battle with Apple and a Congressional hearing.
A statement by the FBI has raised the possibility of a second legal battle with Apple in a very similar case to the San Bernardino shooting. Wired reports that an FBI agent speaking about the case of the man who stabbed 10 people in a Minnesota mall last month has said that the agency was considering legal as well as technical options.
At a press conference in St. Cloud, Minnesota today, FBI special agent Rich Thorton said that the FBI has obtained the iPhone of Dahir Adan, who stabbed 10 people in a Minnesota mall before a police officer shot and killed him. (The fundamentalist militant organization ISIS claimed credit for the attack via social media.) As in Farook’s case, the attacker’s phone is locked with a passcode. And Thorton said the FBI is still trying to figure out how to gain access to the phone’s contents.
“Dahir Adan’s iPhone is locked,” Thornton told reporters, “We are in the process of assessing our legal and technical options to gain access to this device and the data it may contain.”
The similarities in the two cases are notable …
When the FBI was still demanding Apple’s help to access a work iPhone used by one of the San Bernardino killers, security firm Trail of Bits wrote a blog post claiming that the phone could be accessed without Apple’s assistance. A Cambridge University researcher has now successfully demonstrated that the method proposed would have worked.
It’s just ten days since I pointed to a Microsoft security leak as proof of my point that any iPhone master key created by Apple would inevitably fall into the wrong hands in time – and even more powerful support for that position now exists.
It was revealed last week that powerful hacking tools created by the NSA have been leaked, and are now being auctioned to the highest bidder. Christopher Soghoian, Principal Technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union, summarised that argument in a single tweet.
https://twitter.com/csoghoian/status/765785340892372992
Update: Steve Gibson has taken issue with the ‘golden key’ term used by Ars, arguing that it overplays the significance of the vulnerability.
I wrote an opinion piece predating the San Bernardino shootings on why Apple was right to stand firm on encryption even in the face of terrorist attacks, and another one afterwards explaining why it would be too dangerous to give the FBI the iPhone master key they demanded.
My main argument was that something as powerful as a master key to unlock an iPhone would eventually fall into the wrong hands.
So soon, the FBI would hold the key. Then other law enforcement agencies. In time, that key would be held in every police precinct house. We would then be trusting more than a million people with access to that key to abide by the rules. Government agencies don’t always have the best of track-records in doing that.
And Microsoft has just proven my point, even with code that was never intended to leave the company’s possession …
A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014.
The latest case involves a suspect accused of particularly unpleasant crimes, reports Ars Technica.
A Dallas, Texas man accused of prostituting underage girls was secretly ordered by a federal judge to unlock his iPhone using his fingerprint, according to federal court documents that are now unsealed.
The legal position of forcing suspects to use their fingerprints to unlock devices won’t be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes …
There must be some kind of irony award for using a security summit to attack the use of strong encryption, and BlackBerry CEO John Chen seems determined to win it. Speaking at the BlackBerry Security Summit, Chen said that he is ‘disturbed’ by Apple’s decision to work hard to keep its devices and messaging services secure, reports Patently Apple.