Shekha News: 03/29/16

Apple remains in dark on how FBI hacked iPhone without helpdh

WASHINGTON (AP) -- The FBI's announcement that it mysteriously hacked into an iPhone is a public setback for Apple Inc., as consumers suddenly discover they can't keep their most personal information safe. Meanwhile, Apple remains in the dark about how to restore the security of its flagship product.

The government said it was able to break into an iPhone used by a gunman in a mass shooting in California, but it didn't say how. That puzzled Apple software engineers — and outside experts — about how the FBI broke the digital locks on the phone without Apple's help. It also complicated Apple's job repairing flaws that jeopardize its software.

The Justice Department's announcement that it was dropping a legal fight to compel Apple to help it access the phone also took away any obvious legal avenues Apple might have used to learn how the FBI did it.

Magistrate Judge Sheri Pym vacated her Feb. 16 order, which compelled Apple to help the FBI hack their phone, on Tuesday.

The Justice Department declined through a spokeswoman to comment Tuesday.

A few clues have emerged. A senior law enforcement official told The Associated Press that the FBI managed to defeat an Apple security feature that threatened to delete the phone's contents if the FBI failed to enter the correct passcode combination after 10 tries. That allowed the government to repeatedly and continuously test passcodes in what's known as a brute-force attack until the right code is entered and the phone is unlocked.

It wasn't clear how the FBI dealt with a related Apple security feature that introduces increasing time delays between guesses. The official spoke on condition of anonymity because this person was not authorized to discuss the technique publicly.

FBI Director James Comey has said with those features removed, the FBI could break into the phone in 26 minutes.

The FBI hacked into the iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in December in San Bernardino. The iPhone, issued to Farook by his employer, the county health department, was found in a vehicle the day after the shooting.

The FBI is reviewing information from the iPhone, and it is unclear whether anything useful can be found.

Apple said in a statement Monday that the legal case to force its cooperation "should never have been brought," and it promised to increase the security of its products. CEO Tim Cook has said the Cupertino-based company is constantly trying to improve security for its users.

The FBI's announcement — even without revealing precise details — that it had hacked the iPhone was at odds with the government's firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.

The aim is to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.

As far back as 2002, the Homeland Security Department ran a working group that included leading industry technology industry executives to advise the president on how to keep confidential discoveries by independent researchers that a company's software could be hacked until it was already fixed. Even now, the Commerce Department has been trying to fine-tune those rules. The next meeting of a conference on the subject is April 8 in Chicago and it's unclear how the FBI's behavior in the current case might influence the government's fragile relationship with technology companies or researchers.

The industry's rules are not legally binding, but the government's top intelligence agency said in 2014 that such vulnerabilities should be reported to companies.

"When federal agencies discover a new vulnerability in commercial and open source software — a so-called 'zero day' vulnerability because the developers of the vulnerable software have had zero days to fix it — it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose," the Office of the Director of National Intelligence said in a statement in April 2014.

The statement recommended generally divulging such flaws to manufacturers "unless there is a clear national security or law

Apple could use Brooklyn case to pursue details about FBI iPhone hack - sourcehk

SAN FRANCISCO (Reuters) - If the U.S. Department of Justice asks a New York court to force Apple Inc to unlock an iPhone, the technology company could push the government to reveal how it accessed the phone which belonged to a shooter in San Bernardino, a source familiar with the situation said.

The Justice Department will disclose over the next two weeks whether it will continue with its bid to compel Apple to help access an iPhone in a Brooklyn drug case, according to a court filing on Tuesday.

The Justice Department this week withdrew a similar request in California, saying it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple's help.

The legal dispute between the U.S. government and Apple has been a high-profile test of whether law enforcement should have access to encrypted phone data.

Apple, supported by most of the technology industry, says anything that helps authorities bypass security features will undermine security for all users. Government officials say that all kinds of criminal investigations will be crippled without access to phone data.

Prosecutors have not said whether the San Bernardino technique would work for other seized iPhones, including the one at issue in Brooklyn. Should the Brooklyn case continue, Apple could pursue legal discovery that would potentially force the FBI to reveal what technique it used on the San Bernardino phone, the source said.

A Justice Department representative did not have immediate comment.

In a statement, Apple said "we don't know" the FBI's technical solution, which vendor developed it or "what it allegedly achieves."

A federal magistrate in Brooklyn last month ruled that he did not have authority to order Apple to disable the security of an iPhone seized during a drug investigation. The Justice Department then appealed to a district court judge.

After filing that appeal, U.S. prosecutors notified the magistrate in the San Bernardino case that a third party had demonstrated a new technique which could access the iPhone in question.

The Justice Department disclosed the new technique to the judge one day after the demonstration, and then confirmed its success on Monday, according to court filings, though it did not reveal how its solution works.

The U.S. government did not disclose any details in a letter to the Brooklyn judge on Tuesday. Instead, prosecutors only agreed with a request by Apple to delay briefing deadlines in the case, and said it would update the court by April 11 as to whether it would "modify" its own request for Apple's assistance.

Law enforcement officials across the country have said they regularly encounter Apple devices they cannot access.

Hillar Moore III, the district attorney in East Baton Rouge, said he has asked the FBI whether its new technique would access an iPhone to help solve a murder case he is overseeing. Moore has not yet received an answer.

"Eventually we would like to know: Is this technology available to us, or is the third party going to sell it, and how much would it cost?" he said

FBI hacks attacker's iPhone, drops Apple suitsgddf

Los Angeles (AFP) - The FBI has unlocked the iPhone used by one of the San Bernardino terror attackers, officials said, ending a heated legal standoff with Apple that had pitted US authorities against Silicon Valley.

Apple, backed by a broad coalition of technology giants like Google and Facebook, was fiercely opposed to assisting the US government in unlocking the iPhone on grounds it would have wide-reaching implications on digital security and privacy.

A key court hearing scheduled earlier this month to hear arguments from both sides in the sensitive case was abruptly cancelled after the FBI said it no longer needed Apple's help because it had found an outside party to unlock the phone.

Syed Farook and his wife Tashfeen Malik killed 14 people in San Bernardino, California on December 2 before dying in a firefight with police. Two other phones linked to the pair were found destroyed after the attack.

"Our decision to conclude the litigation was based solely on the fact that, with the recent assistance of a third party, we are now able to unlock that iPhone without compromising any information on the phone," US attorney Eileen Decker said in a statement.

In a court filing asking that the case be dismissed, federal prosecutors said the US government had "successfully accessed the data stored on Farook's iPhone and therefore no longer requires assistance from Apple Inc."

It was unclear who helped the FBI access the phone and what was stored on the device.

But news reports have said the FBI may have sought assistance from an Israeli forensics company.

In a statement late Monday the FBI declined to say who that party was, or what technical steps were taken to unlock the phone.

"The full exploitation of the phone and follow-up investigative steps are continuing. My law enforcement partners and I made a commitment to the victims of the 12/2 attack in San Bernardino and to the American people that no stone would be left unturned in this case," said Laura Eimiller, spokeswoman for the FBI's Los Angeles field office.

The goal of the probe is to determine if the California attackers worked with others, were targeting others and were supported by others, the FBI said.

"While we continue to explore the contents of the iPhone and other evidence, these questions may not be fully resolved, but I am satisfied that we have access to more answers than we did before and that the investigative process is moving forward," Eimiller said.

- 'Hit a new low' -

Tech companies, security experts and civil rights advocates had vowed to fight the government, saying it would set a precedent to compel companies to build backdoors into their products.

The government had fired back, insisting that Apple was not above the law and that its request for technical assistance concerned only Farook's work phone from the San Bernardino health department.

Evan Greer, campaign director of Fight for the Future, a non-profit that supports Apple, said Monday's announcement was proof the government had an alternative motive in the case.

"The FBI's credibility just hit a new low," he said in a statement. "They repeatedly lied to the court and the public in pursuit of a dangerous precedent that would have made all of us less safe.

"Fortunately, Internet users mobilized quickly and powerfully to educate the public about the dangers of backdoors, and together we forced the government to back down."

In a recent editorial, The Wall Street Journal also criticized the Justice Department's legal battle as "reckless" and said the FBI had "fibbed by saying the Apple case is about one phone."

FBI director James Comey said his agency only decided to back down in the court case after it found a third party that could crack the phone.

"You are simply wrong to assert that the FBI and the Justice Department lied about our ability to access the San Bernardino killer's phone," Comey said in an open letter

This company is encouraging people to punch its smartphonesdd

There are many ways a company can prove how impervious to damage their latest smartphones are. Whether it’s thrown from a building, or driven over with a 10-ton truck, we’ve seen it all. Except this one. Chinese smartphone brand Oukitel is actively encouraging people to punch its newest product. Yes, punch.

The K4000 Pro was announced at the beginning of the year, and it’s designed to be tough. What better way is there to demonstrate resilience than being able to take a fist right in the face? Repeatedly. Oukitel’s apparently asking members of the public at pop-up events promoting the phone to come and give the K4000 Pro one right in the kisser.

Read More: Meet two of the cheapest smartwatches around, the Oukitel A29 and the Bluboo Uwatch

Like some bizarre, modern version of the High Striker strength test found in fairgrounds, those keen to channel their inner Rocky are queuing up to show the phone who’s boss. It’s not hearsay either, just check out the video above, where strength and stupidity are shown in equal amounts. Why stupidity? Because they’re unlikely to be punching a hole through the K4000 Pro any time soon.

The phone has a metal frame with a structure designed to take a fall, while the glass screen is 1.1mm thick and tempered for added protection. At the end of 2015, Oukitel showed the poor K4000 Pro being used to bang nine nails into a piece of wood, then for good measure, knock a few out again. It showed no sign of damage, and appeared to work as expected afterwards. Your fleshy fists aren’t going to do it much damage. Judging by the aggression being taken out on the phone, and the ease with which those plastic seats give up in the video, there’s a higher chance you’ll be the one sustaining injury.

Oukitel’s K4000 Pro phone has a 5-inch screen, a massive 4600mAh battery, a quad-core MediaTek processor, and a 13-megapixel camera, all for around $100. Oh, and it can take a beating.

Apple is working on a fix for iOS 9.3 link crashing bugf

After a significant number of iOS users complained on Apple’s support forums that their iOS 9.3 device sometimes freezes after tapping on a link, the company announced it is working on a fix.

“We are aware of this issue, and we will release a fix in a software update soon,” the company said, according to 9to5Mac.

Read More: Apple’s iOS 9.3 has even more issues than we thought

As of this writing, the thread on Apple’s support forums pointing out the issue has more than 620 replies, indicating the problem is widespread.

According to most complaints, tapping on a link in a browser, such as Safari or Chrome, or an app like Twitter, sometimes causes the phone to lock up. Disabling JavaScript in Safari or opening the link in a new tab (by holding it) is a temporary fix for some users, but not all.

The bug seems to be tied to the Booking.com app; YouTube user Sergey Roshchin published a video (in Russian, below) in which he demonstrates his iPad experiencing the issue only after the app is installed. However, some user reports indicate that other apps might cause the issue as well.

Justice Department cracks iPhone; withdraws legal actionrg

WASHINGTON (AP) — The FBI said Monday it successfully used a mysterious technique without Apple Inc.'s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world's leading technology companies.

Related Stories

US hacks iPhone, ends legal battle but questions linger Associated Press
Feds get data off terrorist's iPhone without Apple's help CNET
U.S. succeeds in cracking Apple's iPhone, drops legal action Reuters
FBI to Apple: We don't need your iPhone hack CNET
[$$] FBI Opens San Bernardino Shooter’s iPhone; U.S. Drops Demand on Apple The Wall Street Journal
The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how.

The FBI is now reviewing the information on the iPhone, the Justice Department said in a statement.

In response, Apple said in a statement that it will continue to increase the security of its products. While saying it will still provide some help to the government, "as we have done all along," the company reiterated its position that the government's demand was wrong.

"This case should never have been brought," Apple said in its statement.

Both sides left important questions unanswered: Who showed the FBI how to break into iPhones? How did the government bypass the security features that Apple has invested millions of dollars to build into its flagship product? Are newer iPhones vulnerable to the same hacking technique? Will the FBI share its information with scores of state and local police agencies that said they also need to break into the iPhones of criminal suspects? Will the FBI reveal to Apple how it broke its security? Did the FBI find anything useful on the iPhone?

The surprise development also punctured the temporary perception that Apple's security might have been good enough to keep consumers' personal information safe even from the U.S. government — with the tremendous resources it can expend when it wants to uncover something.

The FBI used the technique to access data on an iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in San Bernardino, California, in December. The iPhone was found in a vehicle the day after the shooting; two personal phones were found destroyed so completely that the FBI couldn't recover information from them.

U.S. magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Farook's work-issued iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.

Apple was headed for a courtroom showdown with the government last week, until federal prosecutors abruptly asked for a postponement so they could test a potential solution brought to them by a party outside of the U.S. government last Sunday. Technical experts had said there might be a few ways an outsider could gain access to the phone, but the FBI insisted repeatedly until then that only Apple had the ability to override the iPhone's security. FBI Director James Comey said the bureau even went to the National Security Agency, which did not have the ability to get into the phone.

A law enforcement official said the FBI was successful in unlocking the iPhone over the weekend. The official spoke to reporters on condition of anonymity because he wasn't authorized to publicly comment. The official said federal law enforcement would continue to aid its local and state partners with gaining evidence in cases — implying that the method would be shared with them.

First in line is likely, Manhattan District Attorney Cyrus Vance, who told a U.S. House panel earlier this month that he has 205 iPhones his investigators can't access data from in criminal investigations. Apple is also opposing requests to help extract information from 14 Apple devices in California, Illinois, Massachusetts and New York.

The case drew international attention and highlighted a growing friction between governments and the tech industry. Apple and other tech companies have said they feel increasing need to protect their customers' data from hackers and unfriendly intruders, while police and other government authorities have warned that encryption and other data-protection measures are making it more difficult for investigators to track criminals and dangerous extremists.

Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent, making all iPhone users vulnerable, if Apple complied with the court order. Cook said Congress should take up the issue.

The withdrawal of the court process also takes away Apple's ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.

The encrypted phone was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone's data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what's known as a brute-force attack. Comey said with those features removed, the FBI could break into the phone in 26 minutes.

The official said the method used to unlock the phone appears to work on the iPhone 5C operating a version of iOS 9. In late 2014, Apple updated its operating system so the passcode is linked to the phone's overall encryption. The Cupertino-based company said that made it impossible for it to access data on the phone.

The Justice Department wouldn't comment on any future disclosure of the method to Apple or the public.

The government's announcement was praised by Stephen Larson, a Los Angeles attorney who filed a brief in support of the Justice Department's case and represents seven families of those killed in the attack. "For this to have dragged out in court battles would not have served the interests of either" the victims or law enforcement, he said.

Alex Abdo, an attorney with the American Civil Liberties Union, which filed a brief supporting Apple in its case, said the case is far from settled and it was "just a delay of an inevitable fight" about whether the government can force a company like Apple to undermine the security of its products to facilitate an investigation.

___