FBI tests technique’s ability to unlock more iPhone models, iOS versions

“The Federal Bureau of Investigation is testing the method used to crack a terrorist’s iPhone to see how many other versions of the device it could open, but it could take officials many more months to decide what to do with their newfound ability,” Devlin Barrett reports for The Wall Street Journal.

“The showdown between the FBI and Apple Inc. over the locked iPhone of San Bernardino, Calif., gunman Syed Rizwan Farook came to a halt this week when officials announced that an undisclosed third party had shown the government a technique for decrypting the phone’s data,” Barrett reports. “The FBI hasn’t disclosed the technique or what it found on the phone.”

“Apple hasn’t identified the security flaw that let the FBI access Mr. Farook’s iPhone 5C, or determined how many of its other devices might be vulnerable,” Barrett reports. “Robert Anderson, a former senior FBI official who is now an executive at Navigant Consulting Inc., said that the more iPhones could be opened with the technique, the more likely the government would be to disclose it to Apple… Mr. Anderson added, however, that much of the discussion of the Apple-FBI fight fails to account for the fact that technological advances outpace the government’s efforts to stay on top of them. The FBI’s success in cracking the phone ‘is going to last for about 30 seconds in the cyberworld… and we’ll be right back to square one,’ Mr. Anderson said.”

Read more in the full article here.

MacDailyNews Take: The FBI made a crucial mistake by taking this to the courts. Apple will rightfully double down on their already formidable security and spread encryption for which they do not hold the key to iCloud as well.

SEE ALSO:
ACLU: U.S. government forced Google and Apple to unlock 63 devices – March 31, 2016
FBI agrees to unlock iPhone, iPod in Arkansas homicide case – March 31, 2016
U.S. Senator Wyden pledges to fight limits on encryption – March 31, 2016
Apple’s new challenge: Learning how the U.S. cracked terrorist’s iPhone – March 29, 2016
Did the FBI just unleash a hacker army on Apple? – March 29, 2016
Apple declares victory in battle with FBI, but the war continues – March 29, 2016
Apple vows to increase security as FBI claims to break into terrorist’s iPhone – March 29, 2016
U.S. government drops Apple case after claiming hack of terrorist’s iPhone – March 29, 2016
Meet Cellebrite, the Israeli company reportedly cracking iPhones for the FBI – March 24, 2016

13 Comments

  1. I think it’s pretty obvious that any iPhone with a Touch ID sensor, secure enclave, and iOS 8 or 9 is not vulnerable to whatever technique they used.

    The only thing they could’ve done post iOS 8 was hardware mirroring anyway, which is tricking the phone to think it’s on a simulator, and I’m reasonably certain that digitally cloning the flash won’t work in something with an authentication mechanism built into the device in hardware.

    This would make the iPad mini 2, iPad Air, iPod touch 6th gen, and iPhone 5/5c and below still vulnerable. But every other device on sale since 2014 wouldn’t be (5s, iPad Air 2 and above).

    This could easily turn into a massive marketing tool for Apple, “upgrade to a secure device asap”. And they could even build a kill switch into iOS for older hardware for this type of cracking.

  2. But… But…But…

    Didn’t the FBI and Justice Department repeatedly claim in court documents that this was just for that one terrorist’s phone? Didn’t they repeatedly claim in court documents that they would not use it in other cases or allow non FBI to use it?

    If the U.S. actually had a “Justice System” rather than a broken “Legal System” then those lawyers for the FBI and Justice Department would be getting heavy fines for intentionally lying to the court! But, alas, that will never happen.

      1. You’re pretty thick, huh? The justice in “criminal justice system” is justice for the victims or society at large.

        Regardless of the crime, criminals should be treated fairly and the authorities should have strict rules for conducting investigations. Some less intelligent people see this as treating criminals with a respect and fairness they do not deserve. However, the rest of us realize those rules exist as an attempt to prevent authorities from intruding into and ruining lives at will.

        It’s plainly obvious the rules need to be strengthened and expanded, as those in power are quite hungry for increasingly intrusive powers.

    1. Lawyers get a lot of “shoot the messenger” flak. Sometimes (though certainly not all the time), they are not lying, but simply mistaken.

      The DOJ lawyers’ client told them that there was no way to crack the phone without GovtOS, so that’s what they put in the pleadings. They weren’t lying, because they didn’t know the actual facts. Most attorneys are not tech-savvy (or Blackberries and WordPerfect on DOS/Windows would not have been the gold standards in legal circles for so long). They have to take their client’s word for things, particularly when the client—and not an independent investigator—is assembling all the evidence. When the lawyers learned that using Apple was not necessary, they dropped the suit.

      As for the “it’s only this one phone,” that was just an acknowledgment that the access method won via a properly limited court order could only lawfully be used on the phone described in that one order, just as each individual search warrant requires a specific description of the place to be searched and the thing to be searched for. Forcing Apple to access any other phone would require a individualized showing of necessity and a new court order. I don’t believe that either the FBI or the DOJ ever promised that they would never ask to access any other phone ever again. They were just saying, accurately, that the order they were seeking would not allow cracking any other device.

      They were being disingenuous about the precedent they wanted to create, but they weren’t lying. In the strict sense, no ruling by a Magistrate Judge can constitute a binding precedent even within the Federal District where it is issued. Only a decision by the U.S. Supreme Court can serve as a nationwide binding precedent. Until a case reaches that court (as this would have), lower-court decisions at most provide guidance for any other court. So having a judge agree with the DOJ opinion of the law in this case would strengthen their position, but it would still be just an opinion until the High Nine weighed in. Getting one order might make getting another more likely, but it would not have been a sure thing.

      As it happens, the FBI did not need the court order. They obtained the cracking software independently, so they can use it to decrypt any phone data that is lawfully in their possession without asking any further permission from the courts. That use is not inconsistent with anything they said in the San Bernardino case. Unless I’m missing something (and I don’t think I am), it is also consistent with the U.S. Constitution and laws.

      Since this cracking method is now “in the wild,” it is only a matter of time until it leaks and becomes available for use on devices that are NOT in the cracker’s lawful possession. Apple is no doubt working feverishly to plug the hole before that happens.

  3. WTF? How is taking part the physical device to access the chips a security flaw? By all accounts of knowledgable people, the method used as to deconstruct the iPhone, clone the chips onto hundreds or thousands of other chips, and brute force an individual chip ten tries at a time to stumble onto the access code.

    Physical access to a device has never (IIRC) been considered a security ‘flaw’

    1. Yes, it is still a flaw. An inelegant, brute force method that is able to extract data is still placing users at risk. Thieves and voyeurs are not bound by silly little rules of criminality that you suggest. If a thief could force entry into your $300 iPhone to access $30,000 in your bank account does it matter to you that the method was inelegant? Of course not. A flaw is a flaw is a flaw. Apple needs to develop a method of self destruction for improper entry into its devices.

  4. I personally think that FIB should keep their secret ability secret. After all you wouldn’t want some sleazy unethical organization breaking down your door and demanding you to decrypt something they had or they’ll bring in their buddies to steal your crown jewels. It’s a hypothetical situation, no one could be possibly that moronic, but come on it’s April fool’s day.

    1. Well, true of false this other ‘edge’ of FUD may keep the criminal element second guessing on whether to trust their data to an iPhone. 😛

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.