A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone.
The DOJ said in its motion that it no longer needed Apple’s help as mandated in a Feb. 16 court order and asked that the order be vacated.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016,” today’s motion says.
The FBI said one week ago that an “outside party” had demonstrated a way onto the device and that it may eliminate the need for Apple’s help. The FBI asked for a two-week continuance in order to test this method, and promised a status report by April 5.
It’s unknown what, if anything, was on shooter Syed Farook’s iPhone 5c. Farook and his wife Tashfeen Malik murdered 14 people on Dec. 2. The phone was issued to Farook by his employer, San Bernardino County; two other phones belonging to the couple had already been destroyed.
Apple’s contention since Day 1 has been that the case was never really about the data on this one phone, but instead was about establishing a legal precedent that would allow the government to access data on locked devices in other cases. The original court order mandated that Apple assist the FBI in unlocking the phone. To do so, Apple would have to build new firmware that would bypass security on the phone that protects against brute-force attacks against the passcode.
The mysterious “outside party” has not been identified, though some have speculated that it could be a current partner of the FBI’s. The FBI has business arrangements with a number of mobile forensics outfits, and one in particular, Cellebrite of Israel, was flagged as a possibility by a newspaper in Israel.
It may never be known whether Cellebrite is indeed the “outside party,” or whether the FBI purchased a software exploit, or used some other means such as a hardware hack to get onto the device.
IOS forensics expert Jonathan Zdziarski published a report last week that said NAND mirroring might be one way the FBI’s partner could be getting onto the phone. The technique involves mirroring the chip, Zdziarski said, so that the FBI and its outside party could perform offline brute-force attacks against the four-digit passcode without causing the phone to wipe itself. Days later, researchers at Johns Hopkins University published a report describing weaknesses and attacks against Apple’s iMessage encryption that could be used by an attacker to read attachments. Apple last week patched those flaws.
In greater context, the research demonstrates that, counter to the FBI’s claims, Apple was not the only entity that could break the phone and that forcing it to intentionally weaken the cryptography protecting its products put all of its users at risk. As it stands now, there is a public exploit available to break at least older versions of iOS and it’s unlikely the FBI will share what it knows with Apple.