The FBI may have found a way to break into the locked iPhone at the center of the US government’s court battle with Apple.
Apple and the US Department of Justice (DOJ) were scheduled to appear in federal court today, for a judge to decide whether Apple must assist the FBI in breaking into the iPhone that belonged to one of the shooters in last December’s terrorist attack in San Bernardino, California.
But in a surprising move yesterday, the DOJ filed a motion to delay the court hearing until 5 April, in order to give the FBI more time to test a newly discovered method for unlocking the iPhone.
In the DOJ’s motion, the government said that an unnamed third party came forward on Sunday (20 March) to demonstrate for the FBI a “possible method” for unlocking the iPhone of San Bernardino shooter Syed Rizwan Farook, who was killed in a gun fight with police after the attack.
Farook’s passcode-protected iPhone has iOS 9, which includes a security feature that erases all data on the device after 10 failed passcode guesses.
However, if the method revealed to the FBI can get around the passcode protection in iOS 9 without erasing the iPhone’s data, it would “eliminate the need for assistance from Apple,” the government’s motion said:
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case.
Last month, Judge Sheri Pym ordered Apple to create special software that would disable the limitation on passcode guesses and the auto-erase feature, allowing the FBI to make unlimited guesses of Farook’s passcode until finding the right combination to unlock the device.
Apple appealed, arguing that to do so would create a “backdoor” that could potentially jeopardize the security of every iPhone.
If the FBI is able to unlock the iPhone without Apple’s assistance, it could end this particular court battle but it would leave the central disagreement about encryption backdoors unresolved, and raise a number of new and very discomforting issues.
Firstly, it would tip the scales in favor of law enforcement without the issue being tested in court.
Secondly, it would suggest that there is a method for cracking iPhone encryption or rate limiting, perhaps a 0-day exploit, that’s in-the-wild and unknown to Apple.
If the FBI is in possession of a 0-day exploit and it hands over details of that exploit to Apple, then it won’t be able to use it again in future – improving the security of private citizens and criminals alike but robbing the FBI of a capability it clearly thinks is important.
If the FBI doesn’t give the details to Apple, it could leave iPhones with a de-facto backdoor with unknown provenance that at least one “outside party” has already discovered and which anyone else could find, abuse or sell on.
Whatever the outcome, it surely won’t put an end to the feud between Apple and the US government over iPhone encryption.
Apple CEO Tim Cook has forcefully opposed the government’s demands for what he calls a backdoor into Apple’s products.
Cook addressed the backdoors issue at yesterday’s Apple town hall event.
“We need to decide as a nation how much power the government should have over our data and over our privacy,” Cook said.
In his opening remarks at the event, Cook noted that Apple will be celebrating its 40th anniversary next week, and talked about how Apple’s products are “an important part of people’s daily lives.”
The iPhone is “a deeply personal device,” Cook said, and Apple has a “responsibility to protect your data and your privacy.”
Cook continued:
We did not expect to be in this position at odds with our own government. But we believe strongly we have a responsibility to help you protect your data and protect your privacy. We owe it to our customers and we owe it to our country. This is an issue that impacts all of us and we will not shrink from this responsibility.
With neither Cook nor the FBI backing down, the judge’s decision in the San Bernardino case could have far-reaching implications in other legal cases, and in the broader encryption debate.
The world is watching and waiting to find out what happens next.
Image of apple with zipper courtesy of Shutterstock.com.