FBI Makes Official Its Decision to Keep Apple iPhone Hack Secret

158 点作者 spuiszis大约 9 年前

23 条评论

pcl大约 9 年前

This is a scary precedent.From the bits I've seen of it, the Vulnerabilities Equities Process is a really great bit of government transparency, run by a group of people who understand that the best interests of different parts of the government and the citizens of the country often end up at odds. The process allows for vulnerabilities to be periodically reviewed so that the costs and benefits of not disclosing can be weighed over time, and by an at-least-somewhat independent group.Just skipping it altogether because "we paid a contractor" completely subverts the process. What's stopping all the TLAs from simply routing all their vulns through a private third party and bypassing the VEP altogether?

评论 #11585537 未加载

评论 #11587428 未加载

评论 #11586016 未加载

评论 #11584678 未加载

评论 #11585030 未加载

评论 #11586279 未加载

评论 #11584916 未加载

taildrop大约 9 年前

This might be great for the FBI right up until they actually try to use the evidence in court. The defense attorney can claim (rightly so) that unless they can examine the unlock method to verify it doesn't tamper with any of the data on the phone, the evidence is inadmissible.The only way the FBI will be able to use this data in court is if they turn the process over to the defense so they can have the process independently verified. Since the article states that they don't have access to the "technical details" of the hack, they have no way to prove the method doesn't manipulate the data on the device.

评论 #11584315 未加载

justinlardinois大约 9 年前

Did any of the commenters here actually read the article?Although the FBI paid more than $1.3 million for the method, Amy Hess, the agency’s executive assistant director for science and technology, said Wednesday that it didn’t purchase the rights to the technical details and therefore doesn’t have the necessary information to submit the method for an Obama administration review known as the Vulnerabilities Equities Process. "The FBI assesses that it cannot submit the method to the VEP," Hess said in a statement. "We do not have enough technical information about any vulnerability that would permit any meaningful review.”...The law enforcement agency bought the hacking tool from an entity it hasn’t identified and then used it to access data on an encrypted iPhoneIt sounds like the FBI doesn't actually understand the details of how the crack worked and was hand-holded through the process.

评论 #11585151 未加载

评论 #11585138 未加载

davesque大约 9 年前

So, if I understand correctly, the FBI doesn't really know how the phone was hacked? Wouldn't that also mean that they don't really know if the data their contractors retrieved from the phone is really from the phone?

评论 #11586059 未加载

haberman大约 9 年前

I've never seen government decision-making work first-hand, so I wouldn't claim that this speculation should carry weight.But if I was someone on the FBI side who wanted to "win" this somehow, I could imagine how this might look like a victory. Apple wanted for its phones to look so secure that they will even stand up to the government to protect them. In response, the FBI made Apple's phones look so weak that anyone who has $1M to spend on the black market can get in.

评论 #11584638 未加载

评论 #11584075 未加载

Claudus大约 9 年前

Not to be a conspiracy theorist, but maybe they don't actually have a hack. Maybe they just want people to think they do.

评论 #11585130 未加载

评论 #11584801 未加载

danenania大约 9 年前

If the FBI can pay a million for the hack, what's stopping Apple? I'd expect them to be fully aware of it by now.

评论 #11583460 未加载

评论 #11584261 未加载

评论 #11584063 未加载

评论 #11586425 未加载

评论 #11585082 未加载

评论 #11583660 未加载

评论 #11586277 未加载

评论 #11583946 未加载

Esau大约 9 年前

I personally don't have a problem with this, just as I had no problem with Apple not wanting to help the government with an investigation. I don't think it is right to want it both ways.

评论 #11584092 未加载

评论 #11583925 未加载

评论 #11583978 未加载

krisgenre大约 9 年前

I am really beginning to think if the FBI actually used a hack. There were reports that the passcode was changed when in FBI's possession, what if this was just a deliberate attempt to force Apple to create a backdoor?

评论 #11587438 未加载

JustSomeNobody大约 9 年前

Would FOIA apply here in any way?

评论 #11584328 未加载

coherentpony大约 9 年前

Oh, now they care about privacy.

nodesocket大约 9 年前

I assume Apple already knows the hack/vulnerability. Apple should announce they know it, fix it, and give the FBI a big F-U.

评论 #11583745 未加载

评论 #11584877 未加载

评论 #11585034 未加载

评论 #11583708 未加载

评论 #11583714 未加载

评论 #11583965 未加载

djrogers大约 9 年前

<a href="https://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari" rel="nofollow">https://www.whitehouse.gov/the-press-office/2015/02/13/execu...</a>Then again, goose!=gander

digler999大约 9 年前

Micro-probing the bus lines, to disable the self-destruct or time-delay counter ? Or perhaps "glitching", sending badly-timed signals to the specific part of the asic that keeps count of the number of bad tries, causing it to lock up. Then brute forcing it at high speed.

评论 #11584252 未加载

icpmacdo大约 9 年前

These times are so interesting. The FBI is making policy that they wont expose the 0 days they bought for over a million USD. We need to consider the amount of cool things we learn right now and appreciate it.

mattnumbe大约 9 年前

Ive got a friend at Sun Corporation who, a few weeks ago, when I congratulated her on the recent (unconfirmed) news of her company, she said it was Cellebrite's news and not theirs.

mikx007大约 9 年前

What would stop one or couple of apple engineers from creating a backdoor and then selling a "unlock service" trough some foreign intermediary making $1 mil each time?

评论 #11584079 未加载

评论 #11586348 未加载

namelezz大约 9 年前

Is FBI faking again [1]?[1] - <a href="https://news.ycombinator.com/item?id=11578240" rel="nofollow">https://news.ycombinator.com/item?id=11578240</a>

pfista大约 9 年前

Isn't this title a little misleading if they never knew the actual technical process of hacking the iPhone? They can't share what they don't know.

yeukhon大约 9 年前

Are we sure the FBI is not bluffing?

zmmmmm大约 9 年前

I hope that the security community reciprocates: if the FBI won't disclose security flaws to the community, then neither should the security community give the FBI any special privilege or notice in disclosing flaws in FBI software. The FBI might then learn about the benefits of disclosure the hard way.

dimino大约 9 年前

Just seems petty of the FBI to actually make an official announcement like this. I get if it's understood that they're not releasing it, but why make a formal press release about it?

CamperBob2大约 9 年前

Translation: We got taken for a $1M ride, and have neither a valid exploit nor any data to disclose.