The FBI may have found a different way to break into the locked iPhone at the center of the US government’s court battle with Apple.
Apple and the US Department of Justice (DOJ) were scheduled to appear in federal court today, for a judge to decide whether Apple must assist the FBI in breaking into the iPhone that belonged to one of the shooters in last December’s terrorist attack in San Bernardino, California.
But in a surprising move yesterday, the DOJ filed a motion to delay the court hearing until the 5th April, to give the FBI more time to test a newly discovered method for unlocking the iPhone.
In the DOJ’s court motion, the government said that an unnamed third party came forward on Sunday (20 March) to demonstrate for the FBI a “possible method” for unlocking the iPhone of San Bernardino shooter Syed Rizwan Farook, who was killed in a gun battle with police after the attack.
Farook’s passcode-protected iPhone has iOS 9, which includes a security feature that erases all data on the device after 10 failed passcode attempts.
However, if the method revealed to the FBI can get around the passcode protection in iOS 9 without erasing the iPhone’s data, it would “eliminate the need for assistance from Apple,” the government’s motion said:
The FBI Files a motion requesting a delay in FBI vs Apple
Last month, Judge Sheri Pym ordered Apple to create special iPhone software that would disable the limitation on passcode guesses and the auto-erase feature. This would allow the FBI to make unlimited guesses of Farook’s passcode until finding the right combination to unlock the device. A ‘brute force’ attack.
Apple appealed, arguing that to do so would create a “backdoor” that could potentially jeopardize the security of every iPhone out there.
If the FBI is able to unlock the iPhone without Apple’s assistance, it could end this particular court battle but it would leave the central disagreement about encryption backdoors unresolved, and raise a number of new and very disconcerting issues.
First, it would tip the scales in favor of law enforcement without the issue being tested in court.
Second, it would suggest that there is a method for cracking iPhone encryption or rate limiting, perhaps a 0-day exploit, that’s in-the-wild and currently unknown to Apple.
If the FBI is in possession of a 0-day exploit and it hands over details of that exploit to Apple, then it won’t be able to use it again in future – improving the security of private citizens and criminals alike but robbing the FBI of a capability it clearly thinks is important. It seems unlikely to us that the FBI would disclose such a 0-day.
If the FBI doesn’t give the details to Apple, it could leave iPhones with a de-facto backdoor with unknown provenance that at least one “outside party” has already discovered and which anyone else could find, abuse or sell on to others who wish to use the 0-day.
Whatever the outcome, it won’t put an end to the feud between Apple and the US government over iPhone encryption.
Apple CEO Tim Cook has forcefully opposed the government’s demands for what he calls a backdoor into Apple’s products.
Cook addressed the backdoors issue at yesterday’s Apple town hall event.
“We need to decide as a nation how much power the government should have over our data and over our privacy,” Cook said.
In his opening remarks at the event, Cook noted that Apple will be celebrating its 40th anniversary next week, and talked about how Apple’s products are “an important part of people’s daily lives.”
The iPhone is “a deeply personal device,” Cook said, and Apple has a “responsibility to protect your data and your privacy.”