It's not clear how the FBI cracked the phone's security
(WASHINGTON) — The FBI said Monday it successfully used a
mysterious technique without Apple Inc.’s help to hack into the iPhone
used by a gunman in a mass shooting in California, effectively ending a
pitched court battle between the Obama administration and one of the
world’s leading technology companies.
The government asked a federal judge to vacate a disputed order
forcing Apple to help the FBI break into the iPhone, saying it was no
longer necessary. The court filing in U.S. District Court for the
Central District of California provided no details about how the FBI did
it or who showed it how. Apple did not immediately comment on the
development.
The brief court notice left important questions unanswered: Who
showed the FBI how to break into iPhones? How did the government bypass
the security features that Apple has invested millions of dollars to
build into its flagship product? Are newer iPhones vulnerable to the
same hacking technique? Will the FBI share its information with scores
of state and local police agencies that said they also need to break
into the iPhones of criminal suspects? Will the FBI reveal to Apple how
it broke its security? Did the FBI find anything useful on the iPhone?
The surprise development also punctured the temporary perception that
Apple’s security might have been good enough to keep consumers’
personal information safe even from the U.S. government — with the
tremendous resources it can expend when it wants to uncover something.
The FBI used the technique to access data on an iPhone used by gunman
Syed Farook, who died with his wife in a gun battle with police after
they killed 14 people in San Bernardino, California, in December.
They’re currently reviewing the information on the phone, the Justice
Department said in a statement.
U.S. magistrate Sheri Pym of California last month ordered Apple to
provide the FBI with software to help it hack into Farook’s work-issued
iPhone. The order touched off a debate pitting digital privacy rights
against national security concerns.
Apple was headed for a courtroom showdown with the government last
week, until federal prosecutors abruptly asked for a postponement so
they could test a potential solution that was brought to them by a party
outside of the U.S. government the previous weekend. Technical experts
had said there might be a few ways an outsider could gain access to the
phone, although the FBI had insisted repeatedly until then that only
Apple had the ability to override the iPhone’s security. FBI Director
James Comey said the bureau even went to the National Security Agency,
which did not have the ability to get into the phone.
A law enforcement official said the FBI was successful in unlocking
the iPhone over the weekend. The official spoke to reporters on a
conference call on condition of anonymity because this person wasn’t
authorized by the Justice Department to publicly comment. The official
said federal law enforcement would continue to aid its local and state
partners with gaining evidence in cases — implying that the method would
be shared with them.
Manhattan District Attorney Cyrus Vance testified before a U.S. House
panel earlier this month that he has 205 iPhones his investigators
can’t access data from in criminal investigations. And Apple is opposing
requests to help extract information from 14 Apple devices in
California, Illinois, Massachusetts and New York.
The case drew international attention and highlighted a growing
friction between governments and the tech industry. Government
commissions have been formed to study the issue of encryption’s impact
on law enforcement and lawmakers have also held hearings, discussing the
issue, since the Feb. 16 order. Apple and other tech companies have
said they feel increasing need to protect their customers’ data from
hackers and unfriendly intruders, while police and other government
authorities have warned that encryption and other data-protection
measures are making it more difficult for investigators to track
criminals and dangerous extremists.
The withdrawal of the court process also takes away Apple’s ability
to legally request details on the method theFBI used in this case. Apple
attorneys said last week that they hoped the government would share
that information with them if it proved successful.
The encrypted phone was protected by a passcode that included
security protocols: a time delay and self-destruct feature that erased
the phone’s data after 10 tries. The two features made it impossible for
the government to repeatedly and continuously test passcodes in what’s
known as a brute-force attack. Comey said with those features removed,
the FBI could break into the phone in 26 minutes.
The official said the method used to unlock the phone appears to work
on the iPhone 5C operating a version of iOS 9. In late 2014, Apple
updated its operating system so the passcode is linked to the phone’s
overall encryption. The Cupertino-based company said that made it
impossible for it to access data on the phone.
The Justice Department wouldn’t comment on any future disclosures of the method to Apple or the public.
Apple CEO Tim Cook had argued that helping the FBI hack the iPhone
would set a dangerous precedent — and make other iPhones vulnerable — if
Apple complied with a court order to create software that would help
investigators bypass the phone’s security features.
It was a rare moment of public defiance by a major U.S. corporation.
Other leading tech companies, including Facebook, Google and Twitter,
soon voiced their support for Apple’s position, as did computer security
experts and civil liberties groups. But Cook’s stance was denounced by
top U.S. officials, including FBI Director James Comey and Attorney
General Loretta Lynch, who accused Apple of trying to interfere with law
enforcement.
In court filings, federal prosecutors also suggested Apple’s emphasis
on privacy was a marketing strategy, which Apple heatedly deni
