FBI May Unlock iPhone Without Apple's Help
The FBI says it may be able to unlock the San Bernadino shooter's phone without Apple's help. But it's refusing to reveal details of its apparent solution.
Apple recently refused to comply with an order to assist law enforcement officials with unlocking the phone, leading to a planned courtroom hearing this week. The FBI then asked for the case to be put on hold until next month, saying it wanted to investigate a method it discovered this past weekend that may make Apple's help irrelevant.
The argument isn't about decrypting the data on the phone, something that's effectively impossible to do whether or not Apple complies. Instead, the FBI wants Apple to deactivate an operating system feature that means ten failed attempts to guess the password which decrypts the data will automatically wipe the phone.
Apple says doing so would involve creating a new version of the iOS software which would then run the risk of falling into the wrong hands, and effectively make every iPhone vulnerable to access by thieves. The legal argument is about whether this, and the hassle of producing the software, is enough to make the government demand be considered "unreasonable," and thus invalid.
FBI Keeping Tactics Under Wraps
The FBI has yet to reveal exactly what its method for accessing the data is, saying only that it has seen it demonstrated. It appears the court delay is designed to give the FBI time to not only confirm that the method really does work, but that it is certain to unlock the data without causing a wipe.
An Israeli security firm has confirmed it is working with the FBI, but hasn't commented on reports that it is involved in this apparent solution. (Source: bbc.co.uk)
If the method does prove successful, it will make the Apple court case largely irrelevant, but may open up other legal issues. Apple will likely demand to know exactly how the FBI unlocked the phone, though the court may say the FBI can provide these details as sealed evidence which only the judge sees. (Source: theguardian.com)
Further Legal Battles Likely
It's a tricky subject; whatever the method involves could arguably be seen as a security vulnerability in the iPhone. Normal convention suggests that those who discovered the flaw would act responsibly and hand the details over to Apple so that the vulnerability can be fixed; however, it's unlikely the FBI would want to give up that potential tool for accessing phones.
However, if it kept the method secret, it could mean future court cases involving data retrieved from iPhones led to defense lawyers demanding to know how the data was accessed so that they could determine if such evidence was gathered legally and thus valid to present in court.
What's Your Opinion?
Do you believe the FBI has a way to access the phone without Apple's help? If so, should it reveal the details to Apple? Should courts and/or Congress set clearer guidelines about the balance between privacy and security to deal with evolving technologies?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Security vulnerabilities
Security for any device is only as good as whether or not it has the latest updates for its operating system. If a vulnerability is discovered, then the device is susceptible. It sounds like the FBI has found a way to use an existing input function on the phone to bypass security measures (example: hack the blue tooth protocol to connect the phone to another device, then secretly dump a payload to the phone to gain root access to the device). Once the payload is in, they can do whatever they want with the phone. I'm just wondering if they have access to the phone right now. If they don't have access to the phone or if it is not powered on, then the exploit can't be carried out.
Virtual Clones?
I'm no expert on the subject, so I'll just throw in half a cent worth of opinion. I would go about trying to clone the storage medium (data) and run brute force against it over and over. The stock Iphone will wipe after 10 missed passwords, if that is indeed what needs to be bypassed. I wouldn't be trying to crack the encryption, but the password. However this may not be possible, but I can't say either way, there is my half cent on the matter.
Security for all
When it comes to security it must be for all not just those hiding behind a system which does not allow any one to see what's going on that's helping those who wish to hide from all. Let's not create a system where law enforcement can't even see the bad guys.
Security Vulnerabilities
I believe the FBI probably has figured out a theoretical way to hack the phone without Apple's help. Now they will try to make it work. Personally I think Apple should have helped if a Search Warrant was issued. If the court issues a Search Warrant against me they can come into my home and look for anything. We have allowed that breach of privacy since the first days of our Republic. So why is electronic data any different? All societies have to function with compromises where two basic principles collide. I do not believe any one principle, in this case, is supreme at all costs. The right to privacy is well regarded, as it should be, but it cannot be absolute because we have to prosecute criminals (and other reasons). So, in this case, I fall on the side of the government. However, I have mixed feelings on my stance so it is not absolute either.
Not so fast
Yes with a warrant, the Police may search my house. But I do NOT have to tell them the acct number or PIN to my Swiss bank acct, or tell them which cave in a State Park I hid the proceeds from my crimes. Similarly, any cell phone manufacturer is under no obligation to disclose data they didn't create/store or otherwise have access to. Now if the FBI offers to pay a manufacturer to assist them AND if the manufacturer agrees to help, that is different.
The genie is out of the bottle
Way to go Apple. In your neverending quest for self righteousness, you just shot yourself in the foot. If you had done what the government had asked, you could've kept it all in house for your own use. Once the breaking of your unbreakable security is accomplished, the hack will be spread across the interenet in days, which will lead to poorly made security patches and later, newer half finished firmwares.
Bluff
So the FBI was just pushing a bluff to get authority to spy even more than now? Government(s) have no right to my privacy.
Well, if they found a way in
Well, if they found a way in good for them. That's their job and how it should be.
The court thing was probably to cover/explain their breaking in already, but not wanting other undesirables to know they could.
This is how I see it in very simple terms. If they(government) can single out and demand a private party to provide labor and services NOT generally expected of the public, where does it stop? And, how does that work with that action being vital to their business?
They may as well tell SC Johnson and Son to quit making Ziplok bags because the corner dealers use them for packaging drugs. Wait...can they?
FBI unlocking iPhone
Have we learned nothing from the NSA overreach of its legal restrictions. The government has persistently used the post 9/11 hysteria to eliminate 200 years of constitutional protections on privacy and yet this is not enough to satisfy those who think these protections are an inconvenience to their "legitimate" security concerns. The terrorists have won when their actions make us so willing to give up the rights our forefathers so valiantly fought to obtain and we so rightously claim make us superior to them.
Let's take it to the extreme ...
Let's just say that it was known that the iPhone contained some information about ISIS detonating a nuclear bomb in New York City. Would anyone truly think the possible 10 million lives lost was worth Apple's sanctity in not opening a door into the phone for the FBI? I'm VERY happy that the FBI found a way in without Apple's help.
Unlicking the phone.
I agree totally.
Agreed. And as a side note -
I'm actually quite happy the FBI has for once put Apple in its place. Apple often acts in an arrogant and bullyish way towards its customers, and loves to dictate to them how they may or may not use its products. It's high time someone showed them there are two sides to that game.
Apple Phone:
I agree totally.
iPhone, best purchase ever.....
Gee, all I wanted when I bought my iPhone was the best mobile device on the planet. Little did I know that in the process I would also get a government sponsored floor show. What did the Feds really want from Apple? Recovery of some files from a phone? A key to unlock the iUniverse? Did the Feds come prepared with the required court orders? Do we really know the story? I doubt if we will ever truly know the answer to these questions. We know what the media has put out, but how accurate is that? For a culture that's in the midst of the information age, we are pretty close to ignorant when it comes to knowing the facts about, well, pretty much anything.