FBI Can Unlock iPhone Without Apple’s Help

Federal authorities have cancelled the court hearing with Apple, saying an ‘outside party’ has shown a potential way to crack Syed Farook’s phone

A court hearing designed to force Apple into compromising its security systems for the iPhone was cancelled recently at the request of federal authorities saying they potentially had another way into the San Bernardino shooter’s phone.

An Apple loss in the San Bernardino encryption case risks creating a world in which we can no longer trust the gadgets that track how we drive, when we’re home and whether the door is locked

The astonishing reversal kicks the can down the road in what had become the climax of a two-year battle over digital privacy between the US government and Silicon Valley. At the same time, the standoff between Apple and the Department of Justice drew so much attention that policymakers or another court may weigh in soon regardless.

The government has until 5 April to determine whether it wants to pursue the case. Apple’s attorneys, in a conference call with reporters, said they do not consider the development a legal victory and warned they could be back in the same situation in two weeks. The attorneys spoke on the condition of not being quoted by name.

The company’s lawyers said they were as surprised as anyone and learned of the development in an afternoon phone call.

The government’s potential solution raises its own questions: if investigators figure out a way to hack into the device without Apple’s help, are they obligated to show Apple the security flaw they used to get inside? Attorneys for Apple, which almost assuredly would then patch such a flaw, said they would demand the government share their methods if they successfully get inside the phone.

Recently US magistrate judge Sheri Pym stayed her previous order that Apple help the government crack the passcode on the iPhone used by San Bernardino gunman Syed Farook, citing “uncertainty” on the part of the government.

In its filing, the justice department said it might have a different way to break into device – something cryptographers, leading data security experts and even Edward Snowden have said was possible without placing the cybersecurity of all iPhone users at risk through creating what Apple derisively calls “GovtOS”.

Nevertheless, the government has stated repeatedly, under oath, that Apple alone had the technical ability to get inside the device. The government wanted Apple to use an official Apple software update to turn off some security features, including one that can cause the phone to wipe its storage if someone enters the wrong passcode 10 times.

The justice department request comes after more than a month of heated insistence that the only way the FBI could examine a locked iPhone used by the gunman was for Apple to write new software that would be missing some of its operating system’s security features.

US investigators said they have continued to look for new ways into the iPhone 5C used by Farook since the justice department took Apple to court. In 2014, Apple updated its iPhone software such that it could no longer download data from locked devices without the user’s passcode, which Apple does not know.

The White House, which has stood by the justice department in its feud with Apple, did not immediately comment on the reversal. The forensic standstill caused many to question the FBI’s technical chops.

A law enforcement official who would not agree to be quoted by name said that the FBI was approached by an “outside party” unaffiliated with the government who offered a prospective path into the phone that would not require Apple’s assistance. The official refused to identify the party, and said that many people outside government had approached the FBI seeking to lend technical expertise.

The government said it would like to test the method and then file a report with the court.

Susan Landau, a cybersecurity expert who in a recent congressional hearing lambasted the FBI for its poor understanding of digital forensics, said she “certainly” felt that the unexpected development demonstrated her point. Landau also said she was not the “outside party” who provided the potential breakthrough.
“The FBI has been viewing security as an impedance rather than a necessity. That the bureau may not need Apple’s help to access the phone points up what’s been true in this case all along: the FBI needs to strengthen its own technological capabilities,” said Landau, a professor at Worcester Polytechnic Institute in Massachusetts. 

The law enforcement official did not answer the Guardian’s question about what the apparently unsolicited outside guidance indicates about the FBI’s competence in digital investigations. James Comey, the FBI director who has made law enforcement access to encrypted communications a national issue, told Congress that sometimes the FBI does not have technical expertise to match its pop culture portrayal as high-tech wizards.

Although the justice department had told the court that Apple had the “exclusive technical means” to provide the FBI with access to the locked phone, a second law enforcement official, who also would not be named, insisted the sudden breakthrough did not contradict the government’s earlier assurances.

“The arguments in our pleading were that we needed Apple’s assistance as a last resort, as the FBI’s efforts to date had not been successful”, the official said. The official would not say if the “outside party” was solicited by the government or offered an unsolicited technical suggestion.

But attorney Alex Abdo of the American Civil Liberties Union, which filed a brief supporting Apple, lambasted the government’s reversal.

“This suggests that the FBI either doesn’t understand the technology well enough or wasn’t telling us the full truth earlier when it said that only Apple could break into the phone. Either possibility is disconcerting.”

On the one hand, the delay short-circuits a massive privacy battle between America’s most valuable company and its government that had been building for two years. National media were already descending Monday on southern California for the hearing in the federal courthouse in Riverside.

On the other, the government’s reversal seems to only postpone the inevitable. Both US officials and technology executives have said that if the San Bernardino case had not brought the two sides into court, another one surely would.

Melanie Newman, a justice department spokeswoman, said the department was “cautiously optimistic” that the proposed new investigative tactic would work, but testing was required.

“If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people,” Newman said in a statement.

Yet the FBI is, for now, spared a showdown with Apple that saw an unprecedented near-unanimity of leading tech firms, more than a dozen of which rallied to Apple’s defense in court. Even the US defense secretary, Ashton Carter, undercut the FBI in public by singing the praises of encryption in a recent speech, suggesting a lack of government unity behind the FBI push.
Ein News: http://bit.ly/1RHkBQZ

« Clinton Emails Suggest Google's Assistance In Undermining Assad
Poland Strengthens Cybersecurity Against Russian Threat »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

TOAE Security

TOAE Security

TOAE Security is a trusted cyber security consulting partner helping today's leading organizations protect their most important assets from evolving cyber threats.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

London AI Safety Research (LASR)

London AI Safety Research (LASR)

London AI Safety Research Labs is a technical AI Safety research programme focussed on reducing the risk of loss of control to advanced AI.