• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • As FBI's iPhone exploit remains secret, Apple's security operation in transition

    Apple must now patch a security hole it knows nothing about, a report suggests it will be made more difficult by a recent change of its security team.



    The New York Times reports the company's security operation has been in a state of transition since late last year. Directly applicable to the Department of Justice case, Dallas DeAtley, who is one of a handful of managers with experience in handling government requests for iPhone data, changed positions last year.

    Apple, like many tech firms, is always on the lookout for fresh blood. The company has in the past poached engineers from rival corporations and is no stranger to making key acquisitions in efforts to stay ahead of the curve. For example, Apple last November hired two firmware security experts who ran "deep system security" startup LegbaCore, who helped develop a proof-of-concept Thunderbolt vulnerability dubbed Thunderstrike 2.

    On Monday, the Department of Justice withdrew a California court order compelling Apple's assistance in unlocking an iPhone 5c used by San Bernardino terrorist, Syed Rizwan Farook. Apple opposed of DOJ pressure and a battle had initiated.

    Prosecutors yesterday said an outside party approached the FBI with a viable data extraction method just days prior to a scheduled evidentiary hearing, rendering the case against Apple moot. A report from ABC News on Tuesday cited one law enforcement source as saying the iPhone exploit came to light not despite the very public court case, but because of it.

    It is unclear whether or not FBI officials will hand the working vulnerability over to Apple now that target data has been successfully extracted from Syed Rizwan Farook's iPhone, but chances are slim. A workable exploit ó especially one inaccessible to Apple ó is an invaluable digital forensics tool that might find use in multiple pending cases around the country. Apple a similar request for access in New York, for example.
    This article was originally published in forum thread: As FBI's iPhone exploit remains secret, Apple's security operation in transition started by Caiden Spencer View original post
    Comments 22 Comments
    1. Answer1o1's Avatar
      Answer1o1 -
      iOS 9.3 jailbreak brought to you via FBI
    1. Silvio6's Avatar
      Silvio6 -
      Even if i cherish my privacy, I don't think Apple should block the FBI. The fact that they have found a breach does not mean anyone can use it.
      You probably need their budget to exploit it (How much does it cost to achieve NAND mirroring for example?).
      If Apple patches the exploit, the next time the FBI needs same access, they may be able to force Apple or any tech company to weaken the security of their product, in the name of the fight against terrorism. They may even use the famous Bush line, if you don't help them, you're on the side of the enemy :-)
    1. Albut's Avatar
      Albut -
      Does this mean the hackers have let its public down and given JB to FBI. How much were they paid? Must have been more than public donate, millions!!!!!!
    1. miketurbo123's Avatar
      miketurbo123 -
      Quote Originally Posted by Answer1o1 View Post
      iOS 9.3 jailbreak brought to you via FBI
      Quote Originally Posted by Albut View Post
      Does this mean the hackers have let its public down and given JB to FBI. How much were they paid? Must have been more than public donate, millions!!!!!!
      I don't get it. If the iPhone was jailbroken, could it have given the FBI access to it?
    1. dubwise's Avatar
      dubwise -
      Quote Originally Posted by Silvio6 View Post
      Even if i cherish my privacy, I don't think Apple should block the FBI. The fact that they have found a breach does not mean anyone can use it.
      You probably need their budget to exploit it (How much does it cost to achieve NAND mirroring for example?).
      The Chinese government has plenty of budget. It's in the interests of national security to patch this bug ASAP.
    1. hogcia's Avatar
      hogcia -
      No system will ever be 100% Secure, Apple needs to get over it.
    1. King_O_Hill's Avatar
      King_O_Hill -
      So Apple should just not worry about security and not patch everything they can.
    1. peacedog's Avatar
      peacedog -
      Fair is fair.

      Apple has the right to not create a backdoor to their OS.
      FBI has the right to not disclose their hack to Apple.

      I still think Apple should pay for exploits. It's no different than companies hiring hackers to break into their system to find the weaknesses.
    1. 2Jaze's Avatar
      2Jaze -
      OR an insider did it and Apple is denying all knowledge.
    1. mcarchos's Avatar
      mcarchos -
      There may not be a security flaw that they exploited. Since my email to Tim Cook and Bob Sewell didn't have any visible affect a couple days before the court date I email the FBI office here in San Francisco about a possible way of accessing the data they needed without a flawed OS by using the awesome program iMazing. It allows you to make a current backup of any iOS device and access all of the data and content via a simple GUI.
    1. Answer1o1's Avatar
      Answer1o1 -
      The FBI could have simply just guessed the 4 digit password by now. I mean it has been several months. I'm sure they had people trying that for a while.
    1. Caiden Spencer's Avatar
      Caiden Spencer -
      Quote Originally Posted by Answer1o1 View Post
      The FBI could have simply just guessed the 4 digit password by now. I mean it has been several months. I'm sure they had people trying that for a while.
      The iPhone had a limited number of entries.
    1. Answer1o1's Avatar
      Answer1o1 -
      Quote Originally Posted by Caiden Spencer View Post
      The iPhone had a limited number of entries.
      Yeah, but doesn't it reset after a while?
    1. Caiden Spencer's Avatar
      Caiden Spencer -
      Quote Originally Posted by Answer1o1 View Post
      Yeah, but doesn't it reset after a while?
      If the iPhone is Disabled, and the user keeps inputting it wrong they have to wait longer and longer and longer.
      There is no "reset", you just have to wait it out.
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      I imagine they just did NAND mirroring. While expensive, itís fairly simple from my understanding and was what many security experts originally recommended.
    1. King_O_Hill's Avatar
      King_O_Hill -
      Quote Originally Posted by Answer1o1 View Post
      The FBI could have simply just guessed the 4 digit password by now. I mean it has been several months. I'm sure they had people trying that for a while.
      Apparently this is your first iPhone.

      Welcome to the community!!!
    1. fatzac's Avatar
      fatzac -
      Quote Originally Posted by mcarchos View Post
      There may not be a security flaw that they exploited. Since my email to Tim Cook and Bob Sewell didn't have any visible affect a couple days before the court date I email the FBI office here in San Francisco about a possible way of accessing the data they needed without a flawed OS by using the awesome program iMazing. It allows you to make a current backup of any iOS device and access all of the data and content via a simple GUI.
      Wouldn't iMazing only work if they had access to the phone and installed the app?
    1. bigray's Avatar
      bigray -
      I bet this guy can downgrade firmware, while we sit here waiting for a new jailbreak 😹😂
    1. dsg's Avatar
      dsg -
      Quote Originally Posted by Caiden Spencer View Post
      If the iPhone is Disabled, and the user keeps inputting it wrong they have to wait longer and longer and longer.
      There is no "reset", you just have to wait it out.
      Until you hit the ten tries limit(if set) and the iPhone wipes the data
    1. King_O_Hill's Avatar
      King_O_Hill -
      Quote Originally Posted by dsg View Post
      Until you hit the ten tries limit(if set) and the iPhone wipes the data
      Yes, well then there's that little issue.