The FBI insisted for weeks that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook. In March, however, they claimed they were able to do it themselves and decided to drop the legal case against the tech giant to unlock the device.
No one is really sure how the FBI managed to break into the device’s encryption after weeks of insisting that it could do so only with Apple’s help. The government has said it received assistance from a third party, but it has refused to identify that organization or the techniques that were used. In the meantime, the filing signals a break from the battle between Washington and Silicon Valley over privacy and security in the digital age.
A brief history of the case
Syed Farook and his wife killed 14 people during a mass shooting in San Bernardino, California, in December 2015. They later were killed in a shootout with authorities. The government recovered Farook’s iPhone 5C, but discovered that he had enabled the device’s encryption technology, preventing the FBI from accessing its contents without knowing the device’s four- or six-digit PIN. The FBI took Apple to court, demanding they help the government break into the device’s contents.
The encryption chip on the iPhone uses a powerful algorithm called AES that protects customer data. Each iPhone has a unique number called an encryption key that is used to scramble or unscramble the data on the iPhone. This key is 256 bits long —a string of 256 1s and 0s — which means there a never-ending number of possible values for an iPhone’s encryption key. On top of that, Apple doesn’t keep copies of these encryption keys, so if you wanted to crack the iPhone’s encryption by simply guessing until you find the right one, it would take a lifetime.
We determined above that discovering the encryption key was likely not a possibility for the FBI, which leaves the 4- or 6-digit PIN as an option. The passcode included security protocols, such as the time delay and auto-erase features that destroyed the phone’s data after 10 tries. These two features made it impossible for the government to repeatedly and continuously test passcodes, but with those features removed, the FBI said it would take 26 minutes to crack the phone.
What the FBI’s iPhone hack means
Just like Apple claimed they could not help the FBI, the FBI in turn refused to admit how they were able to hack into the iPhone. As for now, the courts will not have to rule whether or not tech companies will be compelled to help the government break encryption on customer’s devices in the future, although the issue will likely arise again in the near future.
Experts have discussed a number of possible strategies for accessing the device. For example, potentially decapping the iPhone, that involves performing “microscopic surgery” on the wiring and silicon chips to discover the identity of the encryption key buried in the device. Another possibility was the replay attack, that would override the device’s limit on passcode guessing by making a copy of the device’s memory, making a few guesses and then reversing back the device’s memory to its state before those guesses were made. However, FBI Director James Comey was asked about this method and said that it didn’t work.
The most popular theory is that the FBI accessed Farook’s iPhone by exploiting a previously unknown security vulnerability in the iPhone’s software. These vulnerabilities are a valuable commodity in the hacking and intelligence worlds, and the National Security Agency is believed to collect them. The FBI could have received assistance from the NSA, from private security firms, or from an independent security researcher who had discovered a new technique.
The big question is what happens to the many other iPhones that various law enforcement officials would like Apple to help unlock. Apple would like to prevent this situation from arising again by building an iPhone in which the security features are so powerful that even Apple can’t help break them, but as shown by this case, it will be difficult for them to build a smartphone capable of withstanding hacks from a sophisticated opponent such as the FBI.