After the San Bernardino shootings, the FBI tried to compel Apple to build a cracking tool to extract information from an encrypted iPhone used by one of the terrorists. Apple refused on the grounds that such a tool could jeopardize the privacy of all iPhone users, but the FBI was eventually able to hire private hackers to get into that particular iPhone 5c running iOS 9. This was the most prominent case of governments trying to force technology companies to install backdoors into their products.
Apparently, it wasn’t just about one iPhone. Despite the government’s protestations that it wasn’t seeking a backdoor when asking Apple to unlock the iPhone in the San Bernardino terrorism case, the Associated Press is reporting that the FBI has now agreed to help an Arkansas prosecutor unlock an iPhone and iPod associated with a double homicide. It remains to be seen if the FBI will share its knowledge of how the unlocking is being achieved with Apple, but it’s conceivable that the hack works only on older iPhones or models running a particular version of iOS. At that point, the FBI could both share the information with Apple and still use the technique on iPhones currently in the possession of law enforcement when possible.
While the FBI has successfully cracked the iPhone 5c, you can breathe a sigh of relief if you own an iOS device with Touch ID. Speaking at Kenyon College in Ohio, FBI Director James Comey said, “We have a tool that works on a narrow slice of iPhones. The world has moved onto [the iPhone] 6s and this doesn’t work on 6s or on iPhone 5Ss.” The Guardian speculates that this is due to the Secure Enclave baked into Touch ID devices, which acts as a lockbox for sensitive information.
Despite the Justice Department backing down after finding a way to unlock the iPhone 5c connected to the San Bernardino terrorism case, the U.S. government is continuing efforts to compel Apple to unlock iPhones associated with a Brooklyn drug case and a Boston gang conspiracy. In the Brooklyn case, Magistrate Judge James Orenstein has already said that the Justice Department overstepped its authority in trying to use the All Writs Act of 1789. But in the Boston case, a federal judge has directed Apple to assist the FBI. In short, it ain’t over till the Supreme Court rules.
Many media outlets reported that the FBI used Israeli firm Cellebrite to gain access to the iPhone 5c connected to the San Bernardino terrorism case, but The Washington Post is now reporting that the FBI instead hired professional “gray hat” hackers, paying them a one-time flat fee. The hackers had discovered a previously unknown software flaw, which was then used to develop a piece of hardware to crack the iPhone’s passcode without erasing the data after ten failed attempts. Meanwhile, pressure is mounting on the FBI to disclose the vulnerability it used, although the exploit is applicable only to the iPhone 5c running iOS 9.
Last Friday, the U.S. Department of Justice dropped its legal bid to force Apple to unlock an iPhone linked to a New York drug case. The FBI said that it had managed to get the iPhone’s passcode, making a court order unnecessary, but on Monday another reason came to light: the New York court had denied the government’s request. It’s starting to look like the government is using iPhones it already has access to in order to seek out precedent-setting court rulings, but dropping the cases when the chances of winning look slim.
Apple has scored an indirect victory in its ongoing skirmish with the FBI. A U.S. magistrate judge has ruled that the FBI cannot force potential targets to provide fingerprints to unlock Touch ID-equipped devices. The long-accepted rule of thumb in the security world has been that passcodes are more secure than fingerprints because you could be compelled to place your finger on the scanner but not to provide a passcode. This is a narrow decision, but it’s good to see the judicial system starting to catch up with the tech world.
Last year, Apple CEO Tim Cook came under fire from the FBI for not providing a custom, vulnerable version of iOS so the agency could hack into the iPhone 5c used by one of the San Bernardino mass shooters. Cook refused, on the grounds that it would be impossible to keep any such back door out of the hands of criminals and other intelligence agencies. His stance has now been vindicated, as stolen NSA exploits released by the Shadow Brokers hacking group were used to spread the WannaCry ransomware throughout the world. WannaCry dominated headlines briefly by infecting more than 230,000 Windows-based computers in 150 countries in 24 hours, affecting major companies and even Britain's National Health Service.
Security expert Jon Callas has written a four-part series for the ACLU on problems with the latest government proposal—this time from the UK’s GCHQ—to allow the government to listen in on encrypted communications. Spoiler: it won’t work.
Years after the FBI backed down from trying to force Apple to put a backdoor in the iPhone, it looks like the agency may be trying again by requesting that Apple decrypt iPhones related to the December 2019 shooting in Pensacola.
Reuters is reporting that Apple dropped plans to offer a stronger encryption option for iCloud backups under pressure from the US Federal Bureau of Investigation.
The FBI has cracked the iPhone at the center of the Pensacola naval base shooting case, but the agency still slammed Apple’s stance on encryption. This time, Apple didn’t pull any punches in its rebuttal.