ФБР рассказало, как взламывало iPhone террориста из Сан-Бернардино в 2016 году
Федеральное бюро расследований США в 2016 году прибегло к помощи небольшой австралийской компании Azimuth, чтобы разблокировать iPhone 5C одного из двух стрелков, устроивших теракт в калифорнийском городе Сан-Бернардино, пишет Washington Post.
2 декабря 2015 года семейная пара пакистанского происхождения Саид Ризван Фарук и Ташфин Малик устроили стрельбу в здании центра для людей с ограниченным возможностями в Сан-Бернардино. Тогда погибли 16 человек, включая нападавших, и пострадали ещё 22 гражданских лица и двое полицейских. Через три дня после теракта ответственность за него взяла организация «Исламское государство» (запрещена в РФ).
В ходе расследования ФБР настаивало на том, чтобы Apple оказала помощь в получении информации о связях нападавших с террористическими организациями и другими их участниками. Кроме того, теракт в Сан-Бернардино бюро планировало использовать в суде, чтобы заставить компанию оставить «чёрный ход» в своих смартфонах, что должно было помочь в будущем разблокировать iPhone. Apple отказалась это делать, поскольку в компании посчитали, что это снизит безопасность конфиденциальных данных пользователей.
Проблема со взломом устройства состояла в том, что на смартфоне террориста была установлена iOS 9. До её выхода у ФБР был инструментарий, который позволял с помощью перебора получать четырёхзначный код доступа к телефону, причём на это требовалось около 25 минут, однако в девятой версии Apple исправила этот недочёт в безопасности iPhone — в 5С была функция, которая стирала информацию с устройства после десятикратного неправильного ввода пароля.
В феврале 2016 года Министерство юстиции США получило постановление суда, которое предписывало Apple написать ПО для обхода этой функции. Apple подала апелляцию, заявив, что таким образом власти заставляют компанию ослабить безопасность данных пользователей. ФБР приготовилось к судебной тяжбе, однако спустя несколько недель после начала расследования отозвало свои требования, поскольку вышло на Azimuth, которая пообещала бюро разблокировать доступ к смартфону террориста.
Сотрудники австралийской компании использовали целую цепочку эксплойтов, благодаря которым им удалось получить доступ к процессору iPhone и перебрать все возможные комбинации кода доступа, при этом минуя функцию стирания данных после десятикратного неправильного ввода. Для теста они закупили десять моделей iPhone 5C на eBay, и на каждом цепочка эксплойтов, которую назвали «Кондором», сработала.
В марте 2016 года Azimuth продемонстрировали своё решение для взлома устройства в штаб-квартире ФБР. Сотрудники бюро тоже протестировали «Кондор» — их опыты показали, что цепочка действительно работает. После этого необходимость в судебной тяжбе с Apple отпала, и 21 марта правительство отменило судебное слушание по этому делу.
Как пишет Washington Post, сотрудники бюро были в некоторой мере разочарованы этим, поскольку решение суда в их пользу могло быть использовано в будущем в случае появления новой необходимости взлома iPhone. Тем не менее, суд так и не состоялся, а Azimuth получила от американского правительства $900 тысяч за свои услуги.
В результате ФБР не нашла никакой полезной информации о связях террористов из Сан-Бернардино с другими террористическими организациями. Кроме того, через несколько месяцев после того, как бюро разблокировало iPhone, Apple обнаружила эксплойты и исправила их — «Кондор» перестал работать.
Источник
Apple v the FBI: what’s the beef, how did we get here and what’s at stake?
US law enforcement is taking on the tech giant in a case that has big implications for privacy and cybersecurity for millions of smartphone users
Apple is being asked to design software to help break into its own phones – in this case, the iPhone 5c. Photograph: Justin Sullivan/Getty Images
Apple is being asked to design software to help break into its own phones – in this case, the iPhone 5c. Photograph: Justin Sullivan/Getty Images
Last modified on Fri 14 Jul 2017 20.58 BST
Apple and the FBI are fighting over an iPhone recovered during the investigation of the San Bernardino massacre last December, and it may have serious implications for your own privacy.
The tech firm has been asked to help break into that phone, and they have refused to comply; the FBI has gotten a court order compelling them to do so. Apple has said it will fight the order and the Feds have accused the firm of prioritising its “public brand marketing strategy” over a terrorism investigation.
The fight has stretched from the Riverside, California offices of magistrate judge Sheri Pym (who ordered Apple to open the phone) all the way to the US House of Representatives in Washington, DC.
Apple and the Federal Bureau of Investigation are digging in for what promises to be an extended legal battle over the nature and extent of user privacy. Guardian
How did all this start?
Last December Syed Farook and his wife Tashfeen Malik killed 14 people and died in a shootout with police after a car chase. Police seized all their electronics in order to find out more about the pair, only to discover that the killers had smashed their cellphones and removed the hard drive from their laptop. An iPhone 5c belonging to Farook – his work phone – was found in the car where they died.
Why can’t the police get into the smartphone?
Apple has spent the past few years positioning itself as The Privacy Company. The tech giant has increased its security against everyone, including themselves, with the biggest change coming in an update to its operating system pushed out in September 2014, iOS 8.
There’s no way to get into your iPhone without the password, so an intruder has to guess it. With one particular setting turned on – which was enabled by default by Farook’s employer, who issued the phone – if you guess wrong 10 times, the phone destroys itself.
With the self-destruct mode off, the phone makes you wait a longer and longer time between guesses, up to an hour. So if someone is trying to “brute-force” the password – to just strategically guess until you get lucky and log all your guesses so you don’t repeat any – with the delay on, it would take years.
With the delay off? About half an hour.
What does the FBI expect to find on the phone?
That’s not clear. Though the FBI considers the San Bernardino killings a terrorist attack, there is no evidence as yet that Farook and Malik acted under the direction of a broader organization, and the iPhone in possession of the FBI is the only one of Farook and Malik’s three phones that the pair didn’t destroy. Both of the killers died in a shootout with police immediately following the murders.
One point in the FBI’s favor is that the owner of the phone is not Farook, but his employer, the San Bernardino Health Department, which has given the FBI permission to open it. The FBI has said it wants to look at communications between Farook and the people he killed in an effort to establish motive, though if the spree killing was indeed a terrorist attack the motive seems established.
Why does the FBI believe Apple should be compelled to open the phone?
Initially, the Department of Justice said that it wanted the company to help out in an emergency, just this once, but the organization has mostly abandoned that rationale.
Indeed, the DoJ’s supporters include many in law enforcement frustrated at their own inability to break into phones used by drug dealers and child molesters – Manhattan district attorney Cyrus Vance said he has 205 iPhones in his own office alone that ought to be cracked to aid various investigations, though it’s not clear how many of the people from whom those phones were confiscated are already in prison.
Who’s taking sides?
Secretary of defense Ashton Carter told the audience at the high-profile RSA encryption conference that he was “not a believer in backdoors or a single technical approach.
“I don’t think that’s realistic,” Carter said. The head of the defense department, himself a theoretical physicist, was enthusiastic about encryption generally in his speech, and he and others have a vested interest in not further alienating technology companies in Silicon Valley. That relationship is already tense in the wake of the Snowden revelations.
Silicon Valley has cast its lot with Apple. On 3 March, industry trade groups, rival corporations and civil liberties organizations filed amici with the company, saying the powers sought by the FBI were “unbound by any legal limits” in just one brief.
And there’s a similar, separate case in which Eastern District of New York judge James Orenstein’s ruled that the FBI’s request for a nearly identical order was unconstitutional. The authority the FBI sought under the 227-year-old All Writs Act could be used, Orenstein wrote, “to force private citizens to commit what they believe to be the moral equivalent of murder at the government’s behest.”
What about Congress?
The House made clear on 1 March it was unhappy with the way the FBI had pursued the order. Comey said several times that he wasn’t seeking to set precedent, notably in an op-ed on beltway legal blog Lawfare; by the time he went before the House of Representatives judiciary committee on Tuesday, he had more or less abandoned that argument and much of the committee was hopping mad about it. It’s their job to make the law, they told Comey, not his.
Isn’t that right?
Many perfectly good species have gone extinct waiting on Congress to find common ground. Comey essentially told the legislature it was too slow. “People keep asking ‘Why didn’t you come to Congress?’” he said. “Well, because we’re in the middle of a terrorism investigation. I think the courts will resolve this faster than any legislative body could.”
Comey wasn’t allowed to land many rhetorical points by the frustrated House committee, but he did get at least one good one in: “It’s not [Apple’s] job to watch out for public safety,” he said. “That’s our job.”
What kind of hi-tech law allows the FBI to tell a company to make a new piece of software to break into my phone?
That would be the All Writs Act of 1789, which the DoJ has used at least twice before to try to compel Apple to open a smartphone. Both cases are still open. The law itself is brief and broad: “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
The act is one of last resort. All other avenues have to be exhausted before the All Writs Act can be invoked.
Источник
FBI-Apple case: Investigators break into dead San Bernardino gunman’s iPhone
The FBI has managed to unlock the iPhone of the San Bernardino gunman without Apple’s help, ending a court case, the US justice department says.
Apple had been resisting a court order issued last month requiring the firm to write new software to allow officials to access Syed Rizwan Farook’s phone.
But officials on Monday said that it had been accessed independently and asked for the order to be withdrawn.
Farook and his wife killed 14 in San Bernardino, California, in December.
They were later shot dead by police.
The FBI said it needed access to the phone’s data to determine if the attackers worked with others, were targeting others and were supported by others.
US officials said Farook’s wife, Tashfeen Malik, had pledged allegiance to the so-called Islamic State on social media on the day of the shooting.
Last week, prosecutors said «an outside party» had demonstrated a possible way of unlocking the iPhone without the need to seek Apple’s help.
A court hearing with Apple was postponed at the request of the justice department, while it investigated new ways of accessing the phone.
At the time, Apple said it did not know how to gain access, and said it hoped that the government would share with them any vulnerabilities of the iPhone that might come to light.
On Monday a statement by Eileen Decker, the top federal prosecutor in California, said investigators had received the help of «a third party», but did not specify who that was.
Investigators had «a solemn commitment to the victims of the San Bernardino shooting», she said.
«It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties, or through the court system when co-operation fails,» the statement added.
Responding to the move, Apple said: «From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.»
The company said it would «continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated».
Analysis: Dave Lee, BBC North America technology reporter
The court case that had the US technology industry united against the FBI has for the time being gone away.
Now this debate moves into more uncertain territory. The US government has knowledge of a security vulnerability that in theory weakens Apple devices around the world.
To protect its reputation, Apple will rush to find and fix that flaw. Assuming it can do that, this row is back to square one.
Therefore Apple has called for the matter to remain part of the «national conversation», while the US department of justice says it will still try to use the courts to compel Apple and other phone makers to help with future investigations.
An Israeli newspaper last week reported that data forensics experts at cybersecurity firm Cellebrite, which has its headquarters in Israel, are involved in the case.
Cellebrite told the BBC that it works with the FBI but would not say more.
Its website, however, states that one of its tools can extract and decode data from the iPhone 5C, the model in question, among other locked handsets.
The court order had led to a vigorous debate over privacy, with Apple receiving support from other tech giants including Google, Microsoft, and Facebook.
FBI director James Comey said it was the «hardest question» he had tackled in his job.
However, he said, law enforcement saved lives, rescued children and prevented terror attacks using search warrants that gave it access to information on mobile phones.
Источник