[conspire] Order to Compel Apple to Assist With SB Shooter Unlock

Rick Moen rick at linuxmafia.com
Thu Feb 18 18:36:11 PST 2016 

Quoting Steve M Bibayoff (bibayoff at gmail.com):

> What I don't understand is do they REALLY need Apple to write this for
> them? It does seem like a simple (or at least straight forward) enough
> task. And I'll be really surprised if they're not tools out there
> already that does this.

Here's a (very speculative, twisty) possibility:  Maybe there already
are.  Maybe the point of the Assistant AGs' court action is merely to
establish legal precedent about right to compell breaking of device
security, for use in later/other cases entirely.

They might already know all about what was on Farook's iPhone 5c, and
only be trying to gain the right to compell technology firms as a goal
in itself.  There are any number of other ways to break into such
embedded device -- the common theme among these and other specialists in
creating security compromise being the use of lateral thinking.  It's
dumb to (metaphorically) batter down the armoured door, and instead you
look for the unlatched window.

I cannot stress the unlatched-window point enough:  Often, even the
authors and architects of computing systems get blindsided by security
cracks based on creative workarounds, the more so because the mindset of 
device cracking is alien to that of most coders.  The latter will often
sputter 'But you're not supposed to do that!'  Yes, quite.  And thus the
power of attacking systems by poking them in exactly the ways they
weren't ever anticipated to be poked.

I was talking to my acquaintance Russell Coker (who's normally in
Melbourne but is visiting Sydney with his family) about this yesterday.
Russell said, can't FBI use something like the 'Cold boot attack' where
you freeze the RAM, power off, and then retrieve crypto key contents
from the RAM that still holds the runtime image that remain in the
cooled RAM for some minutes there after?
(https://en.wikipedia.org/wiki/Cold_boot_attack  This is an example of a
category of attack mode called 'side channel attacks'.)  I thought for a
minute, and said 'Maybe they already can, but the legal action isn't 
about gaining the passcode so much about it is about the right ot
compell Apple to crack its own devices any time the govermnent demands
that?'

FYI, starting with iOS 8, most userspace applications on an iPhone have
written all their back-end (disk) stored data strongly encrypted using a
symmetric AES cipher whose key is a combination of a 256-bit key (the
'UID') and the user's 4-digit numeric passcode.  [RM: No longer 4-digit.
See correction below.]  Details here:
http://www.darthnull.org/2014/10/06/ios-encryption

The normal iOS 8 software, in addtiion to applying the
10-failed-passcode autowipe, enforces (on recent hardware) a 5-second
enforced delay after each failed request.

This explains the utility to the Feds of finding a way to brute-force
Farook's passcode without triggering the ten-wrong-attempts autowipe:
Brute-force or otherwise derive the correct four digits and you can
waltz straight through the armoured front doorway -- a useful objective
for governments and spooks (not to mention criminal organisations and
industrial spies), irrespective of any unlatched windows that might also
exist.

Personally, I think the safest assumption for owners of embedded
computing devices is that motivated and well-funded attackers _will_ be
able to crack computer devices to which they have unimpeded physical
access -- encryption or no encryption.  This at least has always been
our byword in system administration and server computing:  You regard
any significant, lengthy access to the physical host as functionally
equivalent to owning root.  You therefore do what you can to restrict
physical access (locked server rooms), and maybe also take steps to make
the physical hardware and the server configuration tamper-evident (so at
least you know you're PWNED even if you couldn't prevent it).

Anyway, the nature of what the Assistant AGs (fronting for the FBI) is
requesting is obvious:  The iPhone 5c includes some number of built-in
hooks for booting Apple-signed external boot images, bypassing the iOS
preload on the device itself.  The FBI would still face the need to gain
the passcode, because that's a compoenent of the symmetric crypto key
for the strongly-encrypted data store.  (They _might_ already
have some way of extracting or deriving the app-processor's 256-bit
UID, but I hear that's deliberately extremely difficult, so that would
be a reason for doing the attack on the device itself rather than a
captured image of its storage.)  

So, if they're successful in compelling Apple to spend 10 million
dollars of development effort conjuring up a bespoke netbootable iOS
image without the 5-second login delays or autowipe, they'll be able to
just hook up the iPhone (or an image of it, if they're able to extract
the UID) to a test harness and quickly dictionary-attack through the
9999 possible passcodes [again, correction below], et voila -- even
though they may _actually_ already know everything on Farook's 'phone,
and might actually not care about it.  Point is, the San Bernardino
shooters were God's gift to prosecutors seeking the legal right to gain
fishing-expedition powers at someone else's expense.  It's a dream test
case for that, with a dream perpetrator at its heart in the form of the
late Mr. Farook -- the test case they were doubtless waiting for.

Er, correction:  Early iOS versions supported only 4-digit numeric
passcodes.  According to Deirdre, recent versions also support long and
strong alphanumeric passcodes.  This means that a suitably chosen
passcode could impede for months, years, tens of years, even the sort of
optimal, manufacturer-assisted brute-force cracking FBI is now seeking.
So, a user wishing to significantly impede or foil _even_ the FBI should
use such a passcode -- and should also power off the device any time it
is going to be out of the user's control.


Revisiting the subject of the All Writs Act (a remnant in the US Code of
the Judiciary Act of 1789):  Upon doing more reading, I find that it has
a long but somewhat specialised history.

As I was saying, it's a generic establishment of the Federal court's
right and duty to issue writs, passed immediately upon adoption of the
Constitution to, essentially, enable the Federal courts to enforce the
laws, generically.  This Stanford Law School video (about 6 minutes) 
will give you the overview:  https://www.youtube.com/watch?v=PoNJvmB16bQ

It persists for use in extraordinary decisions, such as those where
prosecutors seek a search or seizure, or where prosecutors seek to
compell third parties' assistance.  Federal court rules require any such
action to satisfy these criteria:

o  All Writs Act can be invoked only if there is no existing court rule
   or statute to address the situation.  (It's usable only as a
   fallback.)

o  It can be applied to third parties only if they have some connection 
   to a Federal investigation.

o  Court must agree that the Act's use is justified by extraordinary 
   circumstances.

o  Court must agree that compliance isn't an 'unreasonable burden'.


The latter criterion is probably what Apple's legal team will be
streessing, since obviously a completely unprecedented new engineering
project by which Apple is forced to security-crack its own devices,
costing it $10 million or more, and tying up engineers for months and
preventing them from doing their real jobs, it pretty burdensome.


The Act has been invoked in some other vaguely similar cases with
smartphones, sometimes successfully:
http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/
and sometimes the judge says 'no, that's unreasonbly burdensome':
https://www.washingtonpost.com/world/national-security/federal-judge-stokes-debate-about-data-encryption/2015/10/10/c75da20e-6f6f-11e5-9bfe-e59f5e244f92_story.html

More information about the conspire mailing list