• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The case of the Apple iPhone and the FBI: What it means

July 7, 2016 by Secure360 and UMSA

 

FBI iPhone hack

Copyright: Pixabay

The FBI insisted for weeks that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook. In March, however, they claimed they were able to do it themselves and decided to drop the legal case against the tech giant to unlock the device.

No one is really sure how the FBI managed to break into the device’s encryption after weeks of insisting that it could do so only with Apple’s help. The government has said it received assistance from a third party, but it has refused to identify that organization or the techniques that were used. In the meantime, the filing signals a break from the battle between Washington and Silicon Valley over privacy and security in the digital age.

A brief history of the case

Syed Farook and his wife killed 14 people during a mass shooting in San Bernardino, California, in December 2015. They later were killed in a shootout with authorities. The government recovered Farook’s iPhone 5C, but discovered that he had enabled the device’s encryption technology, preventing the FBI from accessing its contents without knowing the device’s four- or six-digit PIN. The FBI took Apple to court, demanding they help the government break into the device’s contents.

The encryption chip on the iPhone uses a powerful algorithm called AES that protects customer data. Each iPhone has a unique number called an encryption key that is used to scramble or unscramble the data on the iPhone. This key is 256 bits long —a string of 256 1s and 0s — which means there a never-ending number of possible values for an iPhone’s encryption key. On top of that, Apple doesn’t keep copies of these encryption keys, so if you wanted to crack the iPhone’s encryption by simply guessing until you find the right one, it would take a lifetime.

We determined above that discovering the encryption key was likely not a possibility for the FBI, which leaves the 4- or 6-digit PIN as an option. The passcode included security protocols, such as the time delay and auto-erase features that destroyed the phone’s data after 10 tries. These two features made it impossible for the government to repeatedly and continuously test passcodes, but with those features removed, the FBI said it would take 26 minutes to crack the phone.

What the FBI’s iPhone hack means

Just like Apple claimed they could not help the FBI, the FBI in turn refused to admit how they were able to hack into the iPhone. As for now, the courts will not have to rule whether or not tech companies will be compelled to help the government break encryption on customer’s devices in the future, although the issue will likely arise again in the near future.

Experts have discussed a number of possible strategies for accessing the device. For example, potentially decapping the iPhone, that involves performing “microscopic surgery” on the wiring and silicon chips to discover the identity of the encryption key buried in the device. Another possibility was the replay attack, that would override the device’s limit on passcode guessing by making a copy of the device’s memory, making a few guesses and then reversing back the device’s memory to its state before those guesses were made. However, FBI Director James Comey was asked about this method and said that it didn’t work.

The most popular theory is that the FBI accessed Farook’s iPhone by exploiting a previously unknown security vulnerability in the iPhone’s software. These vulnerabilities are a valuable commodity in the hacking and intelligence worlds, and the National Security Agency is believed to collect them. The FBI could have received assistance from the NSA, from private security firms, or from an independent security researcher who had discovered a new technique.

The big question is what happens to the many other iPhones that various law enforcement officials would like Apple to help unlock. Apple would like to prevent this situation from arising again by building an iPhone in which the security features are so powerful that even Apple can’t help break them, but as shown by this case, it will be difficult for them to build a smartphone capable of withstanding hacks from a sophisticated opponent such as the FBI.

Filed Under: News and Events, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 44 minutes ago

  2. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 2 hours ago

  3. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.