FBI uses mystery method to hack iPhone
The FBI said Monday it successfully used a mysterious technique without Apple Inc.’s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world’s leading technology companies.
The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how.
The FBI is now reviewing the information on the iPhone, the Justice Department said in a statement.
In response, Apple said in a statement that it will continue to increase the security of its products. While saying it will still provide some help to the government, “as we have done all along,” the company reiterated its position that the government’s demand was wrong.
“This case should never have been brought,” Apple said in its statement.
Both sides left important questions unanswered: Who showed the FBI how to break into iPhones? How did the government bypass the security features that Apple has invested millions of dollars to build into its flagship product? Are newer iPhones vulnerable to the same hacking technique? Will the FBI share its information with scores of state and local police agencies that said they also need to break into the iPhones of criminal suspects? Will the FBI reveal to Apple how it broke its security? Did the FBI find anything useful on the iPhone?
The surprise development also punctured the temporary perception that Apple’s security might have been good enough to keep consumers’ personal information safe even from the U.S. government — with the tremendous resources it can expend when it wants to uncover something.
The FBI used the technique to access data on an iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in San Bernardino, California, in December. The iPhone was found in a vehicle the day after the shooting; two personal phones were found destroyed so completely that the FBI couldn’t recover information from them.
U.S. magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Farook’s work-issued iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.
Apple was headed for a courtroom showdown with the government last week, until federal prosecutors abruptly asked for a postponement so they could test a potential solution brought to them by a party outside of the U.S. government last Sunday. Technical experts had said there might be a few ways an outsider could gain access to the phone, but the FBI insisted repeatedly until then that only Apple had the ability to override the iPhone’s security. FBI Director James Comey said the bureau even went to the National Security Agency, which did not have the ability to get into the phone.
A law enforcement official said the FBI was successful in unlocking the iPhone over the weekend. The official spoke to reporters on condition of anonymity because he wasn’t authorized to publicly comment. The official said federal law enforcement would continue to aid its local and state partners with gaining evidence in cases — implying that the method would be shared with them.
First in line is likely, Manhattan District Attorney Cyrus Vance, who told a U.S. House panel earlier this month that he has 205 iPhones his investigators can’t access data from in criminal investigations. Apple is also opposing requests to help extract information from 14 Apple devices in California, Illinois, Massachusetts and New York.
The case drew international attention and highlighted a growing friction between governments and the tech industry. Apple and other tech companies have said they feel increasing need to protect their customers’ data from hackers and unfriendly intruders, while police and other government authorities have warned that encryption and other data-protection measures are making it more difficult for investigators to track criminals and dangerous extremists.
Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent, making all iPhone users vulnerable, if Apple complied with the court order. Cook said Congress should take up the issue.
The withdrawal of the court process also takes away Apple’s ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.
The encrypted phone was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone’s data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what’s known as a brute-force attack. Comey said with those features removed, the FBI could break into the phone in 26 minutes.
The official said the method used to unlock the phone appears to work on the iPhone 5C operating a version of iOS 9. In late 2014, Apple updated its operating system so the passcode is linked to the phone’s overall encryption. The Cupertino-based company said that made it impossible for it to access data on the phone.
The Justice Department wouldn’t comment on any future disclosure of the method to Apple or the public.
The government’s announcement was praised by Stephen Larson, a Los Angeles attorney who filed a brief in support of the Justice Department’s case and represents seven families of those killed in the attack. “For this to have dragged out in court battles would not have served the interests of either” the victims or law enforcement, he said.
Alex Abdo, an attorney with the American Civil Liberties Union, which filed a brief supporting Apple in its case, said the case is far from settled and it was “just a delay of an inevitable fight” about whether the government can force a company like Apple to undermine the security of its products to facilitate an investigation.