How did the FBI hack an Apple iPhone? The story so far
Image 1 of 21
It begins with a tragedy...
The FBI’s battle with Apple over phone encryption is a high-stakes one. Here’s how we got where we are.
It begins with a tragedy: On December 2, 2015 at 10:59 a.m., married extremists Syed Rizwan Farook (inset) and Tashfeen Malik opened fire on the Inland Regional Center in San Bernardino, California.
The act, quickly classified as a terrorist attack, claimed the lives of 14 people and seriously injured 22 others.
The search for clues begins
In the aftermath, the FBI mounted a massive effort to uncover evidence that the killers may have disposed of. This included a diver search of Seccombe Lake (shown) and the killers’ home.
One man's trash...
FBI investigators discovered two crushed phones in Farook’s trash. A third device, an Apple iPhone 5C belonging to Farook’s employer, was also found.
All its secrets are just four numbers away
The iPhone 5C, owned by Farook’s employer, was PIN protected.
Though the FBI had permission from said employer to search the phone, attempting to guess at Farook’s chosen PIN could fully erase its contents after 10 attempts.
"The digital footprint is incredibly important"
Those phones became key pieces of evidence in the FBI investigation.
“As to those devices, obviously we’ve said from day one, the digital footprint is incredibly important for us to hopefully learn any contacts, any context, and ultimately any intent on their part,” said Assistant Director in Charge of the Los Angeles Field Office David Bowdich (shown). “I think that’s very, very important.”
The FBI wins Round 1
The FBI filed suit in the Central District of California federal court to compel Apple to allow access to the iPhone in question.
On Feb. 16, 2016, Judge Sheri Pym sided with the government, ordering Apple to break its own encryption on the phone.
The protests begin
The court’s demand, issued under the authority of a 227-year-old law called the All Writs Act, proved incredibly controversial.
Pro-privacy protesters quickly began surfacing outside FBI headquarters, as this man did on Feb. 23, 2016.
SEE: Apple vs. FBI: TechRepublic members speak out, side with Apple
Apple fires back
Apple said complying with the court’s request was impossible without breaking the security on all phones.
“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” the company responded on its website.
And then... it got even messier
A federal magistrate judge in New York made matters far more complex when he ruled, in an entirely different drug-related case, that it would be unconstitutional to force Apple to break its phone encryption via the 1789 All Writs Act.
It was “clear that the government has made the considered decision that it is better off securing such crypto-legislative authority from the courts (in proceedings that had always been, at the time it filed the instant Application, shielded from public scrutiny) rather than taking the chance that open legislative debate might produce a result less to its liking,” Judge James Orenstein wrote in his Feb. 29, 2016 ruling.
It's about privacy, too
Apple said it would fight the FBI all the way to the Supreme Court to protect its encryption.
“People like to frame this argument as privacy versus national security. That is overly simplistic and it is not true,” Apple’s Tim Cook said in a February 2016 interview with ABC’s World News Tonight. “This is also about public safety. The smartphone that you carry has more information about you on it than any other singular device or any other singular place.”
Mobile forensics to the rescue?
Unable to expeditiously force Apple’s hand through the courts, the FBI dropped its case and looked for a solution elsewhere.
In March 2016, Israeli newspaper Yedioth Ahronoth reported that the FBI was using a mobile forensics company named Cellebrite to help it break into the iPhone.
Did they use NAND mirroring?
It was speculated that Cellebrite would use a NAND mirroring technique to access the phone’s data. This involves desoldering the NAND storage chip and using a chip reader to make a full copy of its contents.
With its contents copied, the phone can be restored even after a lock screen wipe.
Automating the attack
The phone would then, according to Apple iOS security researcher Jonathan Zdziarski, likely be connected to a device similar to the IP-Box forensics device shown. Available in the US only to law enforcement, the device connects directly to phones to automate the process of guessing PINs until the correct one is found.
However…
Bring in the grey hats
On April 12, 2016, The Washington Post‘s Ellen Nakashima reported that Cellebrite wasn’t hacking the iPhone after all. Instead, her sources say the FBI paid a one-time fee to “grey hats” — for-profit hackers who find and sell access to otherwise unknown zero-day security vulnerabilities.
A limited solution
The purchased tool only works, in the words of FBI Director James Comey (shown), on a “narrow slice of phones” — only iPhone 5C devices running iOS 9. The tool cannot be used to hack phones with more complex encryption or Touch ID.
Keeping a secret from Apple
The FBI has declined to tell Apple exactly how it accomplished the task… for now.
“We tell Apple, then they’re going to fix it, then we’re back where we started from,” explains Comey. “We may end up there, we just haven’t decided.”
SEE: Apple demands to know how FBI cracked San Bernardino iPhone
Details on a need-to-know basis
It’s not a secret to everybody, though. The FBI did give a briefing on its methods to Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), ranking members of the Senate Intelligence Committee.
Congress doesn't understand encryption
In response to the controversy, The Hill reported that Sens. Burr and Feinstein (shown) have drafted a new bill requiring companies to provide the government with decryption services when served with a court order.
It would, essentially, mandate dangerous security backdoors.
"Ludicrous, dangerous, technically illiterate"
The leaked Burr-Feinstein bill was absolutely excoriated by tech critics.
“I gotta say, in my nearly 20 years of work in tech policy this is easily the most ludicrous, dangerous, technically illiterate proposal I’ve ever seen,” Kevin Bankston, director of the New America Foundation’s Open Technology Institute, told WIRED.
A pro-security filibuster
Senator Ron Wyden (D-OR) blasted the proposed bill and said he would filibuster it if necessary. “I believe that weakening strong encryption puts at risk millions of Americans, families, and communities from one end of the country to another,” he said.
Or should we target burners, instead?
Rep. Jackie Speier (D-CA), meanwhile, put forth an alternative bill that instead targets access to anonymous burner phones. Under her plan, you would need to provide basic ID information to purchase a phone.
Terrorists used burner phones to plot the 9/11 attacks, the November 2015 Paris attack, and the March 2016 bombing of Brussels.
SEE: How would Android fare under the FBI’s scrutiny?
-
Account Information
Contact Fox Van Allen
- |
- See all of Fox Van's content