• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The case of the Apple iPhone and the FBI: What it means

July 7, 2016 by Secure360 and UMSA

 

FBI iPhone hack

Copyright: Pixabay

The FBI insisted for weeks that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook. In March, however, they claimed they were able to do it themselves and decided to drop the legal case against the tech giant to unlock the device.

No one is really sure how the FBI managed to break into the device’s encryption after weeks of insisting that it could do so only with Apple’s help. The government has said it received assistance from a third party, but it has refused to identify that organization or the techniques that were used. In the meantime, the filing signals a break from the battle between Washington and Silicon Valley over privacy and security in the digital age.

A brief history of the case

Syed Farook and his wife killed 14 people during a mass shooting in San Bernardino, California, in December 2015. They later were killed in a shootout with authorities. The government recovered Farook’s iPhone 5C, but discovered that he had enabled the device’s encryption technology, preventing the FBI from accessing its contents without knowing the device’s four- or six-digit PIN. The FBI took Apple to court, demanding they help the government break into the device’s contents.

The encryption chip on the iPhone uses a powerful algorithm called AES that protects customer data. Each iPhone has a unique number called an encryption key that is used to scramble or unscramble the data on the iPhone. This key is 256 bits long —a string of 256 1s and 0s — which means there a never-ending number of possible values for an iPhone’s encryption key. On top of that, Apple doesn’t keep copies of these encryption keys, so if you wanted to crack the iPhone’s encryption by simply guessing until you find the right one, it would take a lifetime.

We determined above that discovering the encryption key was likely not a possibility for the FBI, which leaves the 4- or 6-digit PIN as an option. The passcode included security protocols, such as the time delay and auto-erase features that destroyed the phone’s data after 10 tries. These two features made it impossible for the government to repeatedly and continuously test passcodes, but with those features removed, the FBI said it would take 26 minutes to crack the phone.

What the FBI’s iPhone hack means

Just like Apple claimed they could not help the FBI, the FBI in turn refused to admit how they were able to hack into the iPhone. As for now, the courts will not have to rule whether or not tech companies will be compelled to help the government break encryption on customer’s devices in the future, although the issue will likely arise again in the near future.

Experts have discussed a number of possible strategies for accessing the device. For example, potentially decapping the iPhone, that involves performing “microscopic surgery” on the wiring and silicon chips to discover the identity of the encryption key buried in the device. Another possibility was the replay attack, that would override the device’s limit on passcode guessing by making a copy of the device’s memory, making a few guesses and then reversing back the device’s memory to its state before those guesses were made. However, FBI Director James Comey was asked about this method and said that it didn’t work.

The most popular theory is that the FBI accessed Farook’s iPhone by exploiting a previously unknown security vulnerability in the iPhone’s software. These vulnerabilities are a valuable commodity in the hacking and intelligence worlds, and the National Security Agency is believed to collect them. The FBI could have received assistance from the NSA, from private security firms, or from an independent security researcher who had discovered a new technique.

The big question is what happens to the many other iPhones that various law enforcement officials would like Apple to help unlock. Apple would like to prevent this situation from arising again by building an iPhone in which the security features are so powerful that even Apple can’t help break them, but as shown by this case, it will be difficult for them to build a smartphone capable of withstanding hacks from a sophisticated opponent such as the FBI.

Filed Under: News and Events, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 4 days ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 5 days ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 1 week ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.