FBI Can Unlock iPhone Without Apple’s Help

Federal authorities have cancelled the court hearing with Apple, saying an ‘outside party’ has shown a potential way to crack Syed Farook’s phone

A court hearing designed to force Apple into compromising its security systems for the iPhone was cancelled recently at the request of federal authorities saying they potentially had another way into the San Bernardino shooter’s phone.

An Apple loss in the San Bernardino encryption case risks creating a world in which we can no longer trust the gadgets that track how we drive, when we’re home and whether the door is locked

The astonishing reversal kicks the can down the road in what had become the climax of a two-year battle over digital privacy between the US government and Silicon Valley. At the same time, the standoff between Apple and the Department of Justice drew so much attention that policymakers or another court may weigh in soon regardless.

The government has until 5 April to determine whether it wants to pursue the case. Apple’s attorneys, in a conference call with reporters, said they do not consider the development a legal victory and warned they could be back in the same situation in two weeks. The attorneys spoke on the condition of not being quoted by name.

The company’s lawyers said they were as surprised as anyone and learned of the development in an afternoon phone call.

The government’s potential solution raises its own questions: if investigators figure out a way to hack into the device without Apple’s help, are they obligated to show Apple the security flaw they used to get inside? Attorneys for Apple, which almost assuredly would then patch such a flaw, said they would demand the government share their methods if they successfully get inside the phone.

Recently US magistrate judge Sheri Pym stayed her previous order that Apple help the government crack the passcode on the iPhone used by San Bernardino gunman Syed Farook, citing “uncertainty” on the part of the government.

In its filing, the justice department said it might have a different way to break into device – something cryptographers, leading data security experts and even Edward Snowden have said was possible without placing the cybersecurity of all iPhone users at risk through creating what Apple derisively calls “GovtOS”.

Nevertheless, the government has stated repeatedly, under oath, that Apple alone had the technical ability to get inside the device. The government wanted Apple to use an official Apple software update to turn off some security features, including one that can cause the phone to wipe its storage if someone enters the wrong passcode 10 times.

The justice department request comes after more than a month of heated insistence that the only way the FBI could examine a locked iPhone used by the gunman was for Apple to write new software that would be missing some of its operating system’s security features.

US investigators said they have continued to look for new ways into the iPhone 5C used by Farook since the justice department took Apple to court. In 2014, Apple updated its iPhone software such that it could no longer download data from locked devices without the user’s passcode, which Apple does not know.

The White House, which has stood by the justice department in its feud with Apple, did not immediately comment on the reversal. The forensic standstill caused many to question the FBI’s technical chops.

A law enforcement official who would not agree to be quoted by name said that the FBI was approached by an “outside party” unaffiliated with the government who offered a prospective path into the phone that would not require Apple’s assistance. The official refused to identify the party, and said that many people outside government had approached the FBI seeking to lend technical expertise.

The government said it would like to test the method and then file a report with the court.

Susan Landau, a cybersecurity expert who in a recent congressional hearing lambasted the FBI for its poor understanding of digital forensics, said she “certainly” felt that the unexpected development demonstrated her point. Landau also said she was not the “outside party” who provided the potential breakthrough.
“The FBI has been viewing security as an impedance rather than a necessity. That the bureau may not need Apple’s help to access the phone points up what’s been true in this case all along: the FBI needs to strengthen its own technological capabilities,” said Landau, a professor at Worcester Polytechnic Institute in Massachusetts. 

The law enforcement official did not answer the Guardian’s question about what the apparently unsolicited outside guidance indicates about the FBI’s competence in digital investigations. James Comey, the FBI director who has made law enforcement access to encrypted communications a national issue, told Congress that sometimes the FBI does not have technical expertise to match its pop culture portrayal as high-tech wizards.

Although the justice department had told the court that Apple had the “exclusive technical means” to provide the FBI with access to the locked phone, a second law enforcement official, who also would not be named, insisted the sudden breakthrough did not contradict the government’s earlier assurances.

“The arguments in our pleading were that we needed Apple’s assistance as a last resort, as the FBI’s efforts to date had not been successful”, the official said. The official would not say if the “outside party” was solicited by the government or offered an unsolicited technical suggestion.

But attorney Alex Abdo of the American Civil Liberties Union, which filed a brief supporting Apple, lambasted the government’s reversal.

“This suggests that the FBI either doesn’t understand the technology well enough or wasn’t telling us the full truth earlier when it said that only Apple could break into the phone. Either possibility is disconcerting.”

On the one hand, the delay short-circuits a massive privacy battle between America’s most valuable company and its government that had been building for two years. National media were already descending Monday on southern California for the hearing in the federal courthouse in Riverside.

On the other, the government’s reversal seems to only postpone the inevitable. Both US officials and technology executives have said that if the San Bernardino case had not brought the two sides into court, another one surely would.

Melanie Newman, a justice department spokeswoman, said the department was “cautiously optimistic” that the proposed new investigative tactic would work, but testing was required.

“If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people,” Newman said in a statement.

Yet the FBI is, for now, spared a showdown with Apple that saw an unprecedented near-unanimity of leading tech firms, more than a dozen of which rallied to Apple’s defense in court. Even the US defense secretary, Ashton Carter, undercut the FBI in public by singing the praises of encryption in a recent speech, suggesting a lack of government unity behind the FBI push.
Ein News: http://bit.ly/1RHkBQZ

« Clinton Emails Suggest Google's Assistance In Undermining Assad
Poland Strengthens Cybersecurity Against Russian Threat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.