Apple v FBI

pb4uski said:
As a spin-off let's say my spouse or child or parent dies and I inherit their i-phone and want to open it but don't know the code.... wouldn't it be consumer responsive for Apple to open the i-phone for me? Ditto if they become incapacitated and I am the POA.
Click to expand...

In this case you would be out of luck. As you would be if you just forgot your pass code and did not have a fingerprint reader on the phone. Apple currently CANNOT unlock any iOS 9 phone, not "will not". Even with this change the government is asking for, Apple WILL NOT be able to unlock the phone.

The only way to unlock the phone is to enter the correct pass code.

The government is asking Apple to build a new version of their iOS that can be installed on the phone that will remove other security restrictions. They want this new version to:
  • Remove the option that wipes the phone after 10 bad password attempts
  • Removes the delay between password attempts after 5 bad password attempts
  • Allows passwords to be entered through the data port by a computer and remove the restriction that they go thru the screen
By removing those three restrictions the government will be able to rapidly try all the possible passwords until it finds the correct one.
 
ChiliPepr said:
.. Apple currently CANNOT unlock any iOS 9 phone, not "will not". Even with this change the government is asking for, Apple WILL NOT be able to unlock the phone.

The only way to unlock the phone is to enter the correct pass code. ...
Click to expand...

I agree that may very well be the case (see my previous posts). But do you have any info to say that actually is the case? I have not come across it.

The government is asking Apple to build a new version of their iOS that can be installed on the phone that will remove other security restrictions. They want this new version to:
  • Remove the option that wipes the phone after 10 bad password attempts
  • Removes the delay between password attempts after 5 bad password attempts
  • Allows passwords to be entered through the data port by a computer and remove the restriction that they go thru the screen
By removing those three restrictions the government will be able to rapidly try all the possible passwords until it finds the correct one.
Click to expand...

That does bolster your claim - it seems the FBI isn't actually asking Apple to unlock the phone, they are 'only' asking Apple for the tools to allow the FBI to attempt a 'computer speed' brute force attack w/o extraneous limits.

As an aside, I wonder if the FBI uses some sort of profiling to prioritize passwords more likely to be used by the password creator? Like if certain numbers are considered 'bad luck', or some letter combos would be avoided, or maybe some are preferred?

-ERD50
 
ok, you're right ... I forgot that they are not asking them to open the phone but more to simply keep it from locking up after x unsuccessful tries.
 
I just thought of something.

A prankster could ruin an iPhone by quickly fingering in 10 bad codes. That would brick your iPhone, and lock you out of your own data and photos, and Apple will not help you.

PS. There's a delay between each attempt. I do not have the latest phone to know what that delay is.
 
Last edited:
I have an Apple Iphone 6. Will it lock me out forever if I succeed in achieving 10 unsuccessful tries in-a-row? When punching in my code, my usual "unsuccessful try number" is three (sometimes four).
 
NW-Bound said:
I just thought of something.

A prankster could ruin an iPhone by quickly fingering in 10 bad codes. That would brick your iPhone, and lock you out of your own data and photos, and Apple will not help you.

PS. There's a delay between each attempt. I do not have the latest phone to know what that delay is.
Click to expand...

And then you just restore the iPhone from backup. You'll need your iCloud password, or the password you set for your iTunes backup, of course. Takes maybe 10 minutes. You DID make a backup?

There is a delay on entering passwords. On the 6th failure the wait time goes to a minute. After 7, its 5 minutes. After 8, it's 15 minutes, then 60 minutes, then 60 minutes again, then *poof* after a total of 141 minutes.
 
It looks like it's no longer 'just one phone'.

The Federal government has several more phones they'd like to make crackable:
Apple Has Gotten Federal Orders To Help Unlock At Least 13 Devices : The Two-Way : NPR

Manhattan District Attorney Cyrus Vance has 175 he'd like some help opening.
New York officials say Apple?s unwillingness to unlock criminals? iPhones is irresponsible : Law & Society : Lawyer Herald

The Chinese government has an iPhone fro a US Embassy employee they suspect of being a CIA plant, and their court would like Apple's co-operation should the hack be shown to be possible.
 
M Paquette, guess you answered my question in your response to NW-Bound's post.
 
NW-Bound said:
I just thought of something.

A prankster could ruin an iPhone by quickly fingering in 10 bad codes. That would brick your iPhone, and lock you out of your own data and photos, and Apple will not help you.

PS. There's a delay between each attempt. I do not have the latest phone to know what that delay is.
Click to expand...


Only if you have activated the Erase Data function. I think the default must be to NOT have this function enabled, because I checked my iPhone and DH's (5S phones running iOS 9.2.1) and neither had it enabled.

To check your phone, go to Settings and select "Touch ID and Passcode". Scroll down to the bottom and there is an "Erase Data" function.

I left ours turned off, partly to protect against the scenario you presented. If my iPhone is lost or stolen, I could disable remotely via my iCloud account before the bad guy could manually enter all the possible combinations.
 
ls99 said:
From a personal point of view, privacy trumps the FBI's poking, let them do the hacking of the phone. If they can't, well tough tooties. Disclaimer: I am no fan of apple. Quiet to the contrary.
Click to expand...
I'm quite sure that if terrorists held your child or significant other hostage and were threatening to blow them up but could be stopped if apple would just unlock the security code of the phone controlling the bomb's detonator & give it to the FBI so that the FBI could disable the detonator that you'd be telling apple to respect the terrorists' privacy & not do it. All hail privacy!!
 
Philliefan33 said:
I left ours ["Erase Data" function] turned off, partly to protect against the scenario you presented. If my iPhone is lost or stolen, I could disable remotely via my iCloud account before the bad guy could manually enter all the possible combinations.
Click to expand...
That sets up an interesting scenario: Would Apple agree to a properly-issued government request to "force" a backup of a customer's phone's data to the "iCloud" and to disable the "Erase Data" function of that phone in advance of an anticipated arrest of that customer? It could prove very useful to authorities, and there are no immediate privacy concerns (the data is only being preserved, not immediately exploited. I'd assume the actual exploitation of the data would require a separate action by a court. )
 
M Paquette said:
Yup.

And back up your device. Backups are your friend.
Click to expand...

However there's a difference between iCloud backups and backup you do via iTunes to your own hard drive.

The latter is more secure and the govt has a higher legal bar to get access to the latter.

When you back up to iCloud, you're sending your data to a third party and you don't get the same fourth amendment protections.

Also for the person who thinks they can remotely erase a stolen or lost phone, some thieves have been known to pull the SIM card immediately so that it can't be located via Find My IPhone and the Android equivalent.

Instead of expecting to retrieve your device, your first priority should be to prevent access to your data.
 
Also, there's talk about legislation to force the mobile OS companies to make a master key or a cryptographic back door.

When that happens, there will be specific apps which do their own encryption. For instance, your password manager should be enabled with its own pass code, separate from your device code.
 
Philliefan33 said:
Only if you have activated the Erase Data function. I think the default must be to NOT have this function enabled, because I checked my iPhone and DH's (5S phones running iOS 9.2.1) and neither had it enabled.

To check your phone, go to Settings and select "Touch ID and Passcode". Scroll down to the bottom and there is an "Erase Data" function.

I left ours turned off, partly to protect against the scenario you presented. If my iPhone is lost or stolen, I could disable remotely via my iCloud account before the bad guy could manually enter all the possible combinations.
Click to expand...

If you lost your iPhone I believe you can only lock it by creating a 4 digit passcode, not completely disable it unless you choose to erase it. (and when you get a new iPhone you can recover all your data from the iCloud using your password.

Last year a lightning strike wiped out all of my son's electronic devices that were plugged in, including his iPod Touch (same IOS as the iPhone I believe).

He bought a new iPod at an excellent trade-in price from Apple, and in the initial set-up process he was given the option to recover from the iCloud back-up, and he said it worked brilliantly well, even though it took quite a while to download all his data from the cloud.

http://www.apple.com/icloud/find-my-iphone.html
 
Midpack said:
Thanks for confirming you missed the point altogether. :facepalm:
Click to expand...
attachment.php

For your use, as you see fit
 
Another interesting article (here) from ARS Technica regarding the defense strategy Apple intends to follow.
One legal angle Apple is also expected to assert is that the Fifth Amendment protects it from having to comport with the order.
./.
But the Fifth Amendment goes beyond the well-known right against compelled self-incrimination. The relevant part for the Apple analysis is: "nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
The idea here is that the government is conscripting Apple to build something that it doesn't want to do. That allegedly is a breach of its "substantive due process." The government is "conscripting a company's employees to become agents for the government," as one source familiar with Apple's legal strategy told Ars. The doctrine of substantive due process, according to Cornell University School of Law, holds "that the 5th and 14th Amendments require all governmental intrusions into fundamental rights and liberties be fair and reasonable and in furtherance of a legitimate governmental interest."
Click to expand...
 
Alan said:
If you lost your iPhone I believe you can only lock it by creating a 4 digit passcode, not completely disable it unless you choose to erase it. (and when you get a new iPhone you can recover all your data from the iCloud using your password.


http://www.apple.com/icloud/find-my-iphone.html
Click to expand...


My iPhone is locked with a passcode. Or I can open it with my fingerprint. What I was referring to is the "self-destruct" mode that erases the data in the phone if ten incorrect pass codes are attempted. I do not have that function enabled. So in my case, the FBI could try every combination until they got it correct. So could a crook. But if I lose my phone, I will most likely have time to use the Find My Phone function on the iCloud to erase my data before anyone could get in.

The only thing I would be concerned about is any banking/financial information. If for some reason I was unable to brick my lost phone, an afternoon of phone calls to my financial institutions to alert them and change my passwords would be necessary. But I could most likely get that done before the bad guy broke into my phone.

I don't know if I should bother worrying about it. Since our whole family's personal data was compromised courtesy of OPM, my SSN/name/DOB might be floating around anyway.
 
MichaelB said:
Another interesting article (here) from ARS Technica regarding the defense strategy Apple intends to follow.
Click to expand...
So Apple's argument would be that the government must pay for the services, which seems to be well supported by the 5th Amendment and case law.

One factor that Apple is likely considering among all the others: If they don't provide the assistance the government is requesting and if the government has someone else do it, Apple has a lot less control over what happens next with the newly created procedure/tool. The existence of a "key" (and possibly many people with new experience in how it was built, and capable of doing it again) outside of the employ of Apple could considerably reduce the value of Apple's privacy technologies--worldwide.
 
Philliefan33 said:
My iPhone is locked with a passcode. Or I can open it with my fingerprint. What I was referring to is the "self-destruct" mode that erases the data in the phone if ten incorrect pass codes are attempted. I do not have that function enabled. So in my case, the FBI could try every combination until they got it correct. So could a crook. But if I lose my phone, I will most likely have time to use the Find My Phone function on the iCloud to erase my data before anyone could get in.

The only thing I would be concerned about is any banking/financial information. If for some reason I was unable to brick my lost phone, an afternoon of phone calls to my financial institutions to alert them and change my passwords would be necessary. But I could most likely get that done before the bad guy broke into my phone.

I don't know if I should bother worrying about it. Since our whole family's personal data was compromised courtesy of OPM, my SSN/name/DOB might be floating around anyway.
Click to expand...

With the default settings then after multiple attempts the iPhone gets locked anyway and the only way to unlock it is via the iCloud (I believe).

What I was actually referring to was your statement
Philliefan33 said:
If my iPhone is lost or stolen, I could disable remotely via my iCloud account before the bad guy could manually enter all the possible combinations.
Click to expand...

I believe that accessing the iPhone using find my iPhone does not allow you to disable it, simply lock it with a passcode, so the bad guys can still continue guessing until it locks up after a certain number of attempts. You can also choose to erase the data remotely which really does make the phone unusable to the bad guys, but still restorable by you.
 
samclem said:
So Apple's argument would be that the government must pay for the services, which seems to be well supported by the 5th Amendment and case law.

One factor that Apple is likely considering among all the others: If they don't provide the assistance the government is requesting and if the government has someone else do it, Apple has a lot less control over what happens next with the newly created procedure/tool. The existence of a "key" (and possibly many people with new experience in how it was built, and capable of doing it again) outside of the employ of Apple could considerably reduce the value of Apple's privacy technologies--worldwide.
Click to expand...

I doubt a third party could get the key to install any new firmware images on iOS devices, unless there was some slick social engineering.

As for doing it by brute force, well if that was feasible, FBI would probably be talking to the NSA, not going to court to conscript Apple.
 
Alan said:
With the default settings then after multiple attempts the iPhone gets locked anyway and the only way to unlock it is via the iCloud (I believe).

What I was actually referring to was your statement


I believe that accessing the iPhone using find my iPhone does not allow you to disable it, simply lock it with a passcode, so the bad guys can still continue guessing until it locks up after a certain number of attempts. You can also choose to erase the data remotely which really does make the phone unusable to the bad guys, but still restorable by you.
Click to expand...


Not according to my web search. The phone can be erased via iCloud.
 
You must log in or register to reply here.

Similar threads

Qs Laptop
Apple Pays Out Over Claims it Deliberately Slowed Down iPhones
Replies
5
Views
638
Qs Laptop
Qs Laptop
Katsmeow
New iPhone/Apple Watch?
3 4 5
Replies
109
Views
11K
braumeister
braumeister
MichaelB
Apple ending iTunes
2
Replies
32
Views
3K
mpeirce
mpeirce
S
Trip Summary - England, France and Spain, Sep-Oct 19
Replies
2
Views
936
Bamaman
B
Katsmeow
New iPhones/Apple Watch?
5 6 7
Replies
159
Views
10K
Sunny
Sunny

Latest posts

Back
Top Bottom