FBI Can Unlock iPhone Without Apple’s Help

Federal authorities have cancelled the court hearing with Apple, saying an ‘outside party’ has shown a potential way to crack Syed Farook’s phone

A court hearing designed to force Apple into compromising its security systems for the iPhone was cancelled recently at the request of federal authorities saying they potentially had another way into the San Bernardino shooter’s phone.

An Apple loss in the San Bernardino encryption case risks creating a world in which we can no longer trust the gadgets that track how we drive, when we’re home and whether the door is locked

The astonishing reversal kicks the can down the road in what had become the climax of a two-year battle over digital privacy between the US government and Silicon Valley. At the same time, the standoff between Apple and the Department of Justice drew so much attention that policymakers or another court may weigh in soon regardless.

The government has until 5 April to determine whether it wants to pursue the case. Apple’s attorneys, in a conference call with reporters, said they do not consider the development a legal victory and warned they could be back in the same situation in two weeks. The attorneys spoke on the condition of not being quoted by name.

The company’s lawyers said they were as surprised as anyone and learned of the development in an afternoon phone call.

The government’s potential solution raises its own questions: if investigators figure out a way to hack into the device without Apple’s help, are they obligated to show Apple the security flaw they used to get inside? Attorneys for Apple, which almost assuredly would then patch such a flaw, said they would demand the government share their methods if they successfully get inside the phone.

Recently US magistrate judge Sheri Pym stayed her previous order that Apple help the government crack the passcode on the iPhone used by San Bernardino gunman Syed Farook, citing “uncertainty” on the part of the government.

In its filing, the justice department said it might have a different way to break into device – something cryptographers, leading data security experts and even Edward Snowden have said was possible without placing the cybersecurity of all iPhone users at risk through creating what Apple derisively calls “GovtOS”.

Nevertheless, the government has stated repeatedly, under oath, that Apple alone had the technical ability to get inside the device. The government wanted Apple to use an official Apple software update to turn off some security features, including one that can cause the phone to wipe its storage if someone enters the wrong passcode 10 times.

The justice department request comes after more than a month of heated insistence that the only way the FBI could examine a locked iPhone used by the gunman was for Apple to write new software that would be missing some of its operating system’s security features.

US investigators said they have continued to look for new ways into the iPhone 5C used by Farook since the justice department took Apple to court. In 2014, Apple updated its iPhone software such that it could no longer download data from locked devices without the user’s passcode, which Apple does not know.

The White House, which has stood by the justice department in its feud with Apple, did not immediately comment on the reversal. The forensic standstill caused many to question the FBI’s technical chops.

A law enforcement official who would not agree to be quoted by name said that the FBI was approached by an “outside party” unaffiliated with the government who offered a prospective path into the phone that would not require Apple’s assistance. The official refused to identify the party, and said that many people outside government had approached the FBI seeking to lend technical expertise.

The government said it would like to test the method and then file a report with the court.

Susan Landau, a cybersecurity expert who in a recent congressional hearing lambasted the FBI for its poor understanding of digital forensics, said she “certainly” felt that the unexpected development demonstrated her point. Landau also said she was not the “outside party” who provided the potential breakthrough.
“The FBI has been viewing security as an impedance rather than a necessity. That the bureau may not need Apple’s help to access the phone points up what’s been true in this case all along: the FBI needs to strengthen its own technological capabilities,” said Landau, a professor at Worcester Polytechnic Institute in Massachusetts. 

The law enforcement official did not answer the Guardian’s question about what the apparently unsolicited outside guidance indicates about the FBI’s competence in digital investigations. James Comey, the FBI director who has made law enforcement access to encrypted communications a national issue, told Congress that sometimes the FBI does not have technical expertise to match its pop culture portrayal as high-tech wizards.

Although the justice department had told the court that Apple had the “exclusive technical means” to provide the FBI with access to the locked phone, a second law enforcement official, who also would not be named, insisted the sudden breakthrough did not contradict the government’s earlier assurances.

“The arguments in our pleading were that we needed Apple’s assistance as a last resort, as the FBI’s efforts to date had not been successful”, the official said. The official would not say if the “outside party” was solicited by the government or offered an unsolicited technical suggestion.

But attorney Alex Abdo of the American Civil Liberties Union, which filed a brief supporting Apple, lambasted the government’s reversal.

“This suggests that the FBI either doesn’t understand the technology well enough or wasn’t telling us the full truth earlier when it said that only Apple could break into the phone. Either possibility is disconcerting.”

On the one hand, the delay short-circuits a massive privacy battle between America’s most valuable company and its government that had been building for two years. National media were already descending Monday on southern California for the hearing in the federal courthouse in Riverside.

On the other, the government’s reversal seems to only postpone the inevitable. Both US officials and technology executives have said that if the San Bernardino case had not brought the two sides into court, another one surely would.

Melanie Newman, a justice department spokeswoman, said the department was “cautiously optimistic” that the proposed new investigative tactic would work, but testing was required.

“If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people,” Newman said in a statement.

Yet the FBI is, for now, spared a showdown with Apple that saw an unprecedented near-unanimity of leading tech firms, more than a dozen of which rallied to Apple’s defense in court. Even the US defense secretary, Ashton Carter, undercut the FBI in public by singing the praises of encryption in a recent speech, suggesting a lack of government unity behind the FBI push.
Ein News: http://bit.ly/1RHkBQZ

« Clinton Emails Suggest Google's Assistance In Undermining Assad
Poland Strengthens Cybersecurity Against Russian Threat »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

NTIC Cyber Center - USA

NTIC Cyber Center - USA

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

TachTech

TachTech

TachTech is passionate about trust, security and privacy in the digital world. We create tailored security and compliance solutions to improve your business.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.

Telcion Communications Group

Telcion Communications Group

Telcion Communications Group provides communication and IT solutions to businesses and organizations throughout California and neighbouring states.