FBI Can Unlock iPhone Without Apple’s Help

Uploaded on 2016-03-29 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Federal authorities have cancelled the court hearing with Apple, saying an ‘outside party’ has shown a potential way to crack Syed Farook’s phone

A court hearing designed to force Apple into compromising its security systems for the iPhone was cancelled recently at the request of federal authorities saying they potentially had another way into the San Bernardino shooter’s phone.

An Apple loss in the San Bernardino encryption case risks creating a world in which we can no longer trust the gadgets that track how we drive, when we’re home and whether the door is locked

The astonishing reversal kicks the can down the road in what had become the climax of a two-year battle over digital privacy between the US government and Silicon Valley. At the same time, the standoff between Apple and the Department of Justice drew so much attention that policymakers or another court may weigh in soon regardless.

The government has until 5 April to determine whether it wants to pursue the case. Apple’s attorneys, in a conference call with reporters, said they do not consider the development a legal victory and warned they could be back in the same situation in two weeks. The attorneys spoke on the condition of not being quoted by name.

The company’s lawyers said they were as surprised as anyone and learned of the development in an afternoon phone call.

The government’s potential solution raises its own questions: if investigators figure out a way to hack into the device without Apple’s help, are they obligated to show Apple the security flaw they used to get inside? Attorneys for Apple, which almost assuredly would then patch such a flaw, said they would demand the government share their methods if they successfully get inside the phone.

Recently US magistrate judge Sheri Pym stayed her previous order that Apple help the government crack the passcode on the iPhone used by San Bernardino gunman Syed Farook, citing “uncertainty” on the part of the government.

In its filing, the justice department said it might have a different way to break into device – something cryptographers, leading data security experts and even Edward Snowden have said was possible without placing the cybersecurity of all iPhone users at risk through creating what Apple derisively calls “GovtOS”.

Nevertheless, the government has stated repeatedly, under oath, that Apple alone had the technical ability to get inside the device. The government wanted Apple to use an official Apple software update to turn off some security features, including one that can cause the phone to wipe its storage if someone enters the wrong passcode 10 times.

The justice department request comes after more than a month of heated insistence that the only way the FBI could examine a locked iPhone used by the gunman was for Apple to write new software that would be missing some of its operating system’s security features.

US investigators said they have continued to look for new ways into the iPhone 5C used by Farook since the justice department took Apple to court. In 2014, Apple updated its iPhone software such that it could no longer download data from locked devices without the user’s passcode, which Apple does not know.

The White House, which has stood by the justice department in its feud with Apple, did not immediately comment on the reversal. The forensic standstill caused many to question the FBI’s technical chops.

A law enforcement official who would not agree to be quoted by name said that the FBI was approached by an “outside party” unaffiliated with the government who offered a prospective path into the phone that would not require Apple’s assistance. The official refused to identify the party, and said that many people outside government had approached the FBI seeking to lend technical expertise.

The government said it would like to test the method and then file a report with the court.

Susan Landau, a cybersecurity expert who in a recent congressional hearing lambasted the FBI for its poor understanding of digital forensics, said she “certainly” felt that the unexpected development demonstrated her point. Landau also said she was not the “outside party” who provided the potential breakthrough.
“The FBI has been viewing security as an impedance rather than a necessity. That the bureau may not need Apple’s help to access the phone points up what’s been true in this case all along: the FBI needs to strengthen its own technological capabilities,” said Landau, a professor at Worcester Polytechnic Institute in Massachusetts. 

The law enforcement official did not answer the Guardian’s question about what the apparently unsolicited outside guidance indicates about the FBI’s competence in digital investigations. James Comey, the FBI director who has made law enforcement access to encrypted communications a national issue, told Congress that sometimes the FBI does not have technical expertise to match its pop culture portrayal as high-tech wizards.

Although the justice department had told the court that Apple had the “exclusive technical means” to provide the FBI with access to the locked phone, a second law enforcement official, who also would not be named, insisted the sudden breakthrough did not contradict the government’s earlier assurances.

“The arguments in our pleading were that we needed Apple’s assistance as a last resort, as the FBI’s efforts to date had not been successful”, the official said. The official would not say if the “outside party” was solicited by the government or offered an unsolicited technical suggestion.

But attorney Alex Abdo of the American Civil Liberties Union, which filed a brief supporting Apple, lambasted the government’s reversal.

“This suggests that the FBI either doesn’t understand the technology well enough or wasn’t telling us the full truth earlier when it said that only Apple could break into the phone. Either possibility is disconcerting.”

On the one hand, the delay short-circuits a massive privacy battle between America’s most valuable company and its government that had been building for two years. National media were already descending Monday on southern California for the hearing in the federal courthouse in Riverside.

On the other, the government’s reversal seems to only postpone the inevitable. Both US officials and technology executives have said that if the San Bernardino case had not brought the two sides into court, another one surely would.

Melanie Newman, a justice department spokeswoman, said the department was “cautiously optimistic” that the proposed new investigative tactic would work, but testing was required.

“If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people,” Newman said in a statement.

Yet the FBI is, for now, spared a showdown with Apple that saw an unprecedented near-unanimity of leading tech firms, more than a dozen of which rallied to Apple’s defense in court. Even the US defense secretary, Ashton Carter, undercut the FBI in public by singing the praises of encryption in a recent speech, suggesting a lack of government unity behind the FBI push.
Ein News: http://bit.ly/1RHkBQZ

« Clinton Emails Suggest Google's Assistance In Undermining Assad
Poland Strengthens Cybersecurity Against Russian Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Inogesis

Inogesis

Inogesis helps blue-chip organisations harness disruptive technologies and thinking to drive new revenues or overcome challenges by connecting them with dynamic small companies.

Halon

Halon

Halon is a flexible security and operations platform for in-transit email.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Infosec Institute

Infosec Institute

Infosec is a leading cybersecurity training company, we help IT and security professionals advance their careers with skills development and certifications.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.