How did the FBI hack an Apple iPhone? The story so far

The search for clues begins

In the aftermath, the FBI mounted a massive effort to uncover evidence that the killers may have disposed of. This included a diver search of Seccombe Lake (shown) and the killers' home.

Image: Ringo Chiu/ZUMA Press/Corbis

One man's trash...

FBI investigators discovered two crushed phones in Farook's trash. A third device, an Apple iPhone 5C belonging to Farook's employer, was also found.

EPA/Justin Lane

All its secrets are just four numbers away

The iPhone 5C, owned by Farook's employer, was PIN protected.

Though the FBI had permission from said employer to search the phone, attempting to guess at Farook's chosen PIN could fully erase its contents after 10 attempts.

Image: Erik S. Lesser/epa/Corbis

"The digital footprint is incredibly important"

Those phones became key pieces of evidence in the FBI investigation.

"As to those devices, obviously we've said from day one, the digital footprint is incredibly important for us to hopefully learn any contacts, any context, and ultimately any intent on their part," said Assistant Director in Charge of the Los Angeles Field Office David Bowdich (shown). "I think that's very, very important."

Image: Zhang Chaoqun/Xinhua Press/Corbis

The FBI wins Round 1

The FBI filed suit in the Central District of California federal court to compel Apple to allow access to the iPhone in question.

On Feb. 16, 2016, Judge Sheri Pym sided with the government, ordering Apple to break its own encryption on the phone.

Image: 237/Chris Ryan/Ocean/Corbis

The protests begin

The court's demand, issued under the authority of a 227-year-old law called the All Writs Act, proved incredibly controversial.

Pro-privacy protesters quickly began surfacing outside FBI headquarters, as this man did on Feb. 23, 2016.

SEE: Apple vs. FBI: TechRepublic members speak out, side with Apple

Image: Michael Reynolds/epa/Corbis

Apple fires back

Apple said complying with the court's request was impossible without breaking the security on all phones.

"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the company responded on its website.

Image: EPA/Shawn Thew

And then... it got even messier

A federal magistrate judge in New York made matters far more complex when he ruled, in an entirely different drug-related case, that it would be unconstitutional to force Apple to break its phone encryption via the 1789 All Writs Act.

It was "clear that the government has made the considered decision that it is better off securing such crypto-legislative authority from the courts (in proceedings that had always been, at the time it filed the instant Application, shielded from public scrutiny) rather than taking the chance that open legislative debate might produce a result less to its liking," Judge James Orenstein wrote in his Feb. 29, 2016 ruling.

Image: EPA/Shawn Thew

It's about privacy, too

Apple said it would fight the FBI all the way to the Supreme Court to protect its encryption.

“People like to frame this argument as privacy versus national security. That is overly simplistic and it is not true,” Apple's Tim Cook said in a February 2016 interview with ABC's World News Tonight. “This is also about public safety. The smartphone that you carry has more information about you on it than any other singular device or any other singular place.”

Image: Christoph Dernbach/dpa/Corbis

Mobile forensics to the rescue?

Unable to expeditiously force Apple's hand through the courts, the FBI dropped its case and looked for a solution elsewhere.

In March 2016, Israeli newspaper Yedioth Ahronoth reported that the FBI was using a mobile forensics company named Cellebrite to help it break into the iPhone.

Image: Jebb Harris/ZUMA Press/Corbis

Did they use NAND mirroring?

It was speculated that Cellebrite would use a NAND mirroring technique to access the phone's data. This involves desoldering the NAND storage chip and using a chip reader to make a full copy of its contents.

With its contents copied, the phone can be restored even after a lock screen wipe.

Image: Bill Detwiler/TechRepublic

Automating the attack

The phone would then, according to Apple iOS security researcher Jonathan Zdziarski, likely be connected to a device similar to the IP-Box forensics device shown. Available in the US only to law enforcement, the device connects directly to phones to automate the process of guessing PINs until the correct one is found.

However...

Image: Ubaldo GSM

Bring in the grey hats

On April 12, 2016, The Washington Post's Ellen Nakashima reported that Cellebrite wasn't hacking the iPhone after all. Instead, her sources say the FBI paid a one-time fee to "grey hats" -- for-profit hackers who find and sell access to otherwise unknown zero-day security vulnerabilities.

Image: 68/Ocean/Corbis

A limited solution

The purchased tool only works, in the words of FBI Director James Comey (shown), on a "narrow slice of phones" -- only iPhone 5C devices running iOS 9. The tool cannot be used to hack phones with more complex encryption or Touch ID.

Image: Shawn Thew/epa/Corbis

Keeping a secret from Apple

The FBI has declined to tell Apple exactly how it accomplished the task... for now.

"We tell Apple, then they're going to fix it, then we're back where we started from," explains Comey. "We may end up there, we just haven't decided."

SEE: Apple demands to know how FBI cracked San Bernardino iPhone

Image: Jim Lo Scalzo/epa/Corbis

Details on a need-to-know basis

It's not a secret to everybody, though. The FBI did give a briefing on its methods to Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), ranking members of the Senate Intelligence Committee.

Image: Ron Sachs/CNP/AdMedia/AdMedia/Corbis

Congress doesn't understand encryption

In response to the controversy, The Hill reported that Sens. Burr and Feinstein (shown) have drafted a new bill requiring companies to provide the government with decryption services when served with a court order.

It would, essentially, mandate dangerous security backdoors.

Image: Jim Lo Scalzo/epa/Corbis

"Ludicrous, dangerous, technically illiterate"

The leaked Burr-Feinstein bill was absolutely excoriated by tech critics.

"I gotta say, in my nearly 20 years of work in tech policy this is easily the most ludicrous, dangerous, technically illiterate proposal I've ever seen," Kevin Bankston, director of the New America Foundation's Open Technology Institute, told WIRED.

Image: Eugene Garcia/epa/Corbis

A pro-security filibuster

Senator Ron Wyden (D-OR) blasted the proposed bill and said he would filibuster it if necessary. "I believe that weakening strong encryption puts at risk millions of Americans, families, and communities from one end of the country to another," he said.

Image: Jay Mallin/ZUMA Press/Corbis

Or should we target burners, instead?

Rep. Jackie Speier (D-CA), meanwhile, put forth an alternative bill that instead targets access to anonymous burner phones. Under her plan, you would need to provide basic ID information to purchase a phone.

Terrorists used burner phones to plot the 9/11 attacks, the November 2015 Paris attack, and the March 2016 bombing of Brussels.

SEE: How would Android fare under the FBI's scrutiny?

Image: Ehsan Ahmad/Demotix/Corbis