FBI Says It Has Unlocked iPhone Without Apple

[ The New York Times ] Katie Benner and Eric Lichtblau:

A second law enforcement official who spoke on the condition of anonymity to reporters in a conference call said that a company outside the government provided the F.B.I. with the means to get into the phone used by Mr. Farook, which is an iPhone 5C running Apple’s iOS 9 mobile operating system. The official would not name the company or discuss how it was accomplished, nor would officials say whether the process would ultimately be shared with Apple.

The third-party hack the FBI employed bypassed the iPhone’s security feature that auto-deletes everything when someone enters the wrong passcode 10 times. The iPhone 5c doesn’t have Touch ID, Apple’s fingerprint security technology where you put your finger on the iPhone’s home button to unlock it. But even with Touch ID you have the option of flipping the lock screen to the right and entering a passcode.

At that point the third-party hack should presumably work.

There’s a lot of valuable data in someone’s iPhone: keychain data (usernames and passwords), financial apps, iCloud access, health information, etc. I think a while back there were reports pointing to added security features like Touch ID and auto-deletion of data after 10 failed passcode attempts for iPhone theft going down. I think that’s going to reverse course if/when this new hack method gets to the black market, and especially if Apple isn’t able to patch the security hole.

This cat-and-mouse back-and-forth game of securing and hacking used to be between the good guys and the bad guys. It was clear before, but now it’s murky.

Harvard: Smart Windows Using Silver Nanowire

[ Treehugger ] Megan Treacy:

According to the university, “With an applied voltage, the nanowires on either side of the glass are energized to move toward each other, squeezing and deforming the soft elastomer. Because the nanowires are distributed unevenly across the surface, the elastomer deforms unevenly. The resulting uneven roughness causes light to scatter, turning the glass opaque.”

The opacity of the window can be controlled by the amount of voltage applied. A lower voltage creates a small amount of roughness to the elastomer meaning the window would just be a little cloudy, but a much higher voltage would increase the roughness enough to create an opaque window.

In the near future windows will will open and close automatically at the touch of a smart window app, or using an algorithm based on temperature settings, time of day, air quality, etc. Smart windows will of course have the ability to transition between being transparent and opaque. Now the trick is how to make smart windows affordable, easy to install, easy to use, reliable, and easy to fix.

Oh, if I can request one very important feature to the brilliant engineers who are working on smart windows: self-cleaning. Please.

FBI May Not Need Apple’s Help to Unlock iPhone

[ The New York Times ] Katie Benner and Matt Apuzzo:

In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook.

Did the FBI exhaust all of its options before going after Apple? Questionable.

The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The F.B.I. director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.

Exhaustive is not the word I would use to describe the FBI’s search for a way to hack into the iPhone.

The FBI vs. Apple, Inc. is not over; the Justice Department will come knocking on Apple’s door again, sooner than later. If this outside party is successful at penetrating the iPhone, the black market will soon be flooded with this method/tool, and iPhones will get hacked left and right by criminals and by those in law enforcement. As soon as Apple patches that particular security hole, the FBI will no doubt start throwing punches at Apple again.

PS: I’m looking forward to Apple implementing passcode- and fingerprint-based end-to-end encryption for all of our iCloud data, soon. I don’t mind a little inconvenience for a lot of privacy and security.

The Verge Camera Shootout: Galaxy S7 Edge vs. iPhone 6S Plus

[ The Verge (YouTube) ] Which smartphone has the best camera? I thought it was the iPhone 6S Plus. But not according to The Verge.

  • Speed (launch + take photo): The Samsung Galaxy S7 Edge is faster. Double-tap the home button launches the camera app on the Galaxy S7 Edge. The 6S Plus requires a power button push, an upper flick, and tap on the camera app. The S7 Edge’s autofocus notices new objects introduced to the frame almost instantly. The iPhone 6S Plus hunts a bit.
  • Lens: f/1.7 front and back for the S7 Edge. The 6S Plus sports a f/2.2 lens. The S7 Edge is brighter and provides more bokeh.
  • Low Light: The S7 Edge bested the 6S Plus.
  • Color: The S7 Edge is sharper with a bit more contrast than the 6S Plus.
  • Slow Motion Video: The S7 Edge gives you many manual settings you can change easily. The 6S Plus not so much.

Bottom Line: The Samsung Galaxy S7 Edge’s camera is better than the iPhone 6S Plus’s camera. Want to tune your photos? I do. Photos from the S7 Edge give you more detail to work with, and the folks at The Verge claims the S7 Edge’s camera is about a generation ahead of the 6S Plus. Apple has some catching up to do.

US Government Took Lavabit Source Code

[ ZDNet ] Zack Whittaker:

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. In a recent filing against Apple, the government cited a 2013 case where it won a court order demanding that Lavabit, an encrypted email provider said to have been used by whistleblower Edward Snowden, must turn over its source code and private keys. The Justice Dept. used that same filing to imply it would, in a similar effort, demand Apple’s source code and private keys in its ongoing case in an effort to compel the company’s help by unlocking an iPhone used by the San Bernardino shooter.

Unfortunately a legal precedent seems to be already present, for law enforcement authorities to take Apple’s iOS source code.

Without Restraint, Without Nobility

Theodore Gray:

If they can ask Apple to disable the password protections on an iPhone, they can ask Apple to turn on the microphone or the camera. On any iPhone, anywhere, in any home in this country. And you would never know.

Some years ago one could have argued that there would be restraint in the use of such powers. But no one can seriously make that case anymore. We all know they would do that sort of thing if they could, because we’ve all read of too many cases where they have.

Once the tool exists, it will be abused. I really wish I could say otherwise. I wish I lived in a country where law enforcement acted with the square-jawed nobility of a comic book FBI agent. I used to think I did live in such a country, but in recent years I have been forced to realize that I don’t. I think that, in your heart, you know it too.

And if you happen to like the party in power today, just remember, every tool you give them is inherited by the next guy.

If the FBI wins, nowhere in the world would a company that provides products and services and uses encryption to safeguard customer information be safe to operate without severe business-debilitating interference from law enforcement authorities. Why would it be debilitating to business? Who would trust weakened products and services that allows law enforcement authorities access to your data, at will?

Apple Encryption Engineers Might Resist

[ The New York Times ] John Markoff, Katie Benner, and Brian X. Chen:

Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.

Among those interviewed were Apple engineers who are involved in the development of mobile products and security, as well as former security engineers and executives.

Ordered to help. That sounds almost nice. But what really might happen is Apple employees will be forced, by law, to sabotage their own creation. I understand if Apple employees developed a malicious virus. I understand if Apple employees created a destructive worm. But it’s none of that.

Apple employees created a mobile operating system that secures your private information by encrypting it with your passcode or fingerprint. This is what the FBI, the DoJ, and other law enforcement authorities will force Apple employees to sabotage, if they win their legal battle against Apple.

And if the FBI et al. wins, every company that provides secure products and services will be on the hook: law enforcement authorities — in the U.S. as well as in other countries — will demand and get a weakened version to access data deemed necessary for an investigation.