How the FBI Cracked the Case of the Locked iPhone
Remember the Apple versus the FBI case? Here’s how the FBI cracked the iPhone.
Listen
How the FBI Cracked the Case of the Locked iPhone
Not long ago I wrote about the ongoing battle between Apple and the FBI. If you’re not familiar with the war that is being waged between the two of them, I recommend checking out this article to get up to speed.
The Legal Battle
Since that last post, there has been a legal deadlock between Apple and the FBI. A judge ruled that Apple had to help the FBI unlock the phone, which Apple followed up by filing an appeal. It was believed that this process would draw out all of the legal proceedings for some time, and then, in a huge twist this last Monday (March 21, 2016), the FBI made a statement that it had found a possible third party that would be able to unlock the iPhone 5c.
What’s interesting about this is that Apple was given less than 24 hours of notice before their court date scheduled for the next day, Tuesday March 22nd. It was at this point that Internet speculation imploded, with everyone trying to come up with explanations as to what was going on. It was soon discovered that the FBI was presented with a method of unlocking the phone by another company (ie, not Apple).
The Israeli Security Firm
The next question is: who was capable of unlocking this iPhone and how? According to Reuters, Cellebrite, a forensic software company based in Israel, was tasked by the FBI to break into the iPhone in question.
Cellebrite specializes in breaking into many different types of mobile devices for police and military applications. It’s not a surprise that a company with their reputation would have some technology to break into an iPhone. What is surprising though is that they can break such a current version of the operating system.
Generally speaking as devices and operating systems get older, more and more people find vulnerabilities in them. Old devices and operating systems like iOS 8 have a handful of known ways that hackers can break into them. However in this case the terrorist’s iPhone was a model 5c with a fairly current operating system iOS 9.0.
How Did They Do It?
The big question in everyone’s mind is how they broke into the iPhone. There are many theories. The one that seems to be most likely is an attack called NAND mirroring. NAND is the type of memory in many phones and portable electronic devices. You can think of it like the hard drive.
The FBI is worried that they only have 10 password attempts before the phone wipes itself clean. In order to get around this, Cellebrite is theorized to copy the encrypted data on the phone to another computer, try a couple of passcodes, then copy the original data back and try again.
It’s easier if you think about it like an etch a sketch. You try a couple of times, then once you’ve messed up, you can shake it and it goes back to how it was originally. You can then repeat this process many times over and over until you get into the phone. If you want to see the hack in action and have more technical details, you can check that out here.
What Comes Next for the Case?
Now that the phone has been unlocked, the FBI has done an incredible amount of damage to its legal campaign against Apple. The FBI’s primary reason for forcing Apple to write a new operating system to break its security was that it thought only Apple was capable of unlocking the iPhone. Now that it is unlocked, that argument that only Apple could break into an encrypted phone has been disproven.
In a complete turn of events, it appears that Apple may legally go after the FBI to find out how exactly they were able to get into the phone. I don’t think it’s likely that Apple will find out exactly how it was done. At this point I don’t think there will be many more big headlines coming from this case. However, I don’t think it will be long until we see Apple and the FBI in court again. After all the main question—should Apple be forced into helping the FBI break into its own product?—still hasn’t been answered.
What Comes Next for iPhone Owners?
So what does this mean if you’re an iPhone owner? Well the iPhone 5c that the FBI now has access to is missing the added security feature built into the newest line of iPhone 6s and newer, which is called the secure enclave. If you have an Apple device with the touch ID feature, then it’s highly unlikely that the NAND mirroring attack used by Cellebrite would be able to get into your phone.
However, what’s really interesting here is what the FBI expects to get from the iPhone it has just opened. Before the phone was unlocked, the FBI already had an old backup of the phone from six weeks before the shooting, as well as all text messages, phone calls, voicemails, and emails. The only thing more that I believe they want to be able to see are the apps that are actually stored on the phone, perhaps to find any secure messaging apps that may have been used to communicate with other terrorists or outside help.
I’ll be following this story closely, so feel free to check back regularly for any updates!
Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on Facebook QDTtechtalker.
Until next time, I’m the Tech Talker, keeping technology simple!
