Skip to Content

Data Sheet—Saturday, March 26, 2016

Who’d have guessed it?

The Federal Bureau of Investigation said Monday—a day prior to a scheduled courtroom hearing with Apple—that it had learned of a possible alternate means of breaking into the iPhone once used by Syed Rizwan Farook, one of the San Bernardino shooters. Talk about being down to the last minute.

The best rundown I’ve seen of how the method might work was written by Jonathan Zdziarski, a computer forensics expert who specializes in Apple products, on his personal blog. He proposes a number of possibilities and reaches a conclusion. The likeliest method involves removing one of the handset’s memory chips, making a copy of it, and then testing out possible passcodes on it. Should the chip wipe itself after 10 failed unlock attempts—an optional feature in Apple’s system—then the Feds can simply rewrite the chip, restoring it to its previous state, and start over. (Sorry—no lasers, no acid in this approach.)

Zdziarski has a beautiful analogy to describe the process that the gamers among us will appreciate. “This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying,” he writes. “Only instead of playing a game, they’re trying different pin combinations.” Consider it an inexhaustible 1-Up.

The same day that news broke of the surprise hacking technique, the world learned that Andy Grove, former CEO and effective cofounder of Intel, the Silicon Valley veteran that built its business on memory chips, had passed away. You can read my colleagues’ tender remembrances here, here, here, here, and here. I would also urge you to read this piece, drummed up from Fortune’s annals, that describes Grove’s distinctive management style. As he put it, pithily: “Only the paranoid survive.”

Nothing could be truer in the world of cybersecurity.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune‘s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

FBI pushes off court hearing. The Federal Bureau of Investigation postponed its legal showdown with Apple over accessing the data stored on a terrorist’s work iPhone. The agency said it had learned of another possible method to break into the phone. Apple followed up by requesting a delay in another similar case. (Fortune, Document Cloud)

U.S. indicts Iranian dam hackers. The United States Justice Department brought charges against seven Iranians who allegedly conducted cyberattacks against banks and critical infrastructure, including a dam in New York. The indictment follows a watershed case that two years ago brought hacking charges against five members of the Chinese military. (Fortune)

Apple iMessage security hole plugged. Computer security researchers discovered a flaw in Apple’s chat application that would allow hackers to steal users’ photos and videos. Apple patched the vulnerability in iOS 9.3, its latest software update. (Fortune)

Uber expands bug bounty program. The ride-hailing service debuted a public-facing white hat hacker program that pays researchers to find and report computer bugs in the company’s websites and apps. The program got off to a rocky start with some early participants when Uber tweaked the rules to invalidate certain minor bug reports. (Fortune, El Reg)

Microsoft’s AI chatbot fail. The software giant released an experimental chatbot on Twitter powered by machine learning technology. The bot, named Tay, soon began posting racist and sexist speech. Microsoft said it is “deeply sorry for the unintended offensive and hurtful tweets.”  (Fortune, Fortune)

Anonymous vs. Trump: a schism? The loosely defined underground hacking collective Anonymous is divided on whether to promote #OpTrump, a grassroots hacking campaign that targets the GOP frontrunner. Some factions within the group support it; others do not. (Fortune)

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Fortune’s Jeff John Roberts explains how banks are using biometrics—including heartbeats—to detect scammers.

Something wasn’t right. An uneasy feeling swept over the security specialists watching activity at the bank. A sensor in the branch, located in a port city on the East Coast, had detected unusual heartbeats and body heat patterns from new customers who had come to open an account.

Something was wrong. These “customers” had entered the country days before as human cargo on a ship from Europe. Now a criminal gang was using them to orchestrate financial fraud. But the biometric sensors installed at the bank branch detected patterns that pointed to telltale signs of stress, tipping off the bank to the ruse.

This episode, which took place last year, is one of the more dramatic examples of how the financial services industry is deploying various types of biometric technology to rebuff sophisticated criminals. A new generation of tools beyond fingerprints and iris scans can measure qualities like body temperature and blood circulation at a short distance and without alerting the subject. Read the rest on Fortune.com.

FORTUNE RECON

Here’s How the FBI Might Unlock That iPhone Without Apple’s Help by Hilary Brueck

Exclusive: Pivotal Succumbs to Phishing Attack by Barb Darrow

5 Immediate Ways to Fight Cybercrime by Verne Harnish

Apple May Be Worried a Secret Security Threat Lurks in Its Servers by Robert Hackett

What Adele’s Photo Hack Says About Cybersecurity by Rajiv Gupta

An Obsessed Fan Hacked Into Adele’s Boyfriend’s Email and Posted Her Pregnancy Photos Online by Valentina Zarya

Can the Pentagon Pull a Branding Refresh on the Troubled F-35? by Clay Dillow

Man Arrested Over Rented VHS Tape 14 Years Overdue by Don Reisinger

Facebook’s New Feature Will Protect You From Catfish by Benjamin Snyder

Why Apple’s Fight With the FBI Is Not Over Yet by Jay Kaplan

Why the IRS’s Technology Nightmare Is Far From Over by Jen Wieczner

ONE MORE THING

Appease the machines when naming your kids. Poor Jennifer Null. She began running into problems with IT systems after taking her husbands surname, a term that computers use to signify the absence of data. Null is not alone; imagine the troubles of one Janice Keihanaikukauakahihulihe’ekahaunaele, a Hawaiian woman whose name barely fits in this newsletter. (BBC Future)