DOJ finds successful iPhone crack; drops backdoor bid, for now

The DOJ found a successful iPhone crack to access the San Bernardino, Calif., terrorist's device and dropped the pending legal action against Apple, but only in that one case.

The technique put forward by an unknown third party has helped the Department of Justice find a successful iPhone...

crack for the device used by the San Bernardino, Calif., shooter, and has led to the case between the FBI and Apple being dropped -- for now. But experts said the fight over encryption and backdoors is far from over, and this result will delay the battle, rather than end it.

Last week, the FBI and Department of Justice (DOJ) announced they had a potential technique to crack the iPhone in question, and asked for a delay in the pending case against Apple. That iPhone crack worked, and the FBI noted in a court filing that it "no longer requires the assistance from Apple Inc."

DOJ spokesperson Melanie Newman said the FBI is reviewing the contents of the phone as "consistent with standard investigatory procedures," and the FBI "will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

The DOJ declined to comment on whether the iPhone crack would be applied to other encrypted devices to which various law enforcement agencies want access. It is also unclear if the method would be shared with Apple, but it was implied that the DOJ would continue to pursue legal action in other cases.

"It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety," the DOJ said in a statement, "either with cooperation from relevant parties or through the court system."

Apple responded to the news by saying the company had always believed the demands of the FBI to be wrong and "would set a dangerous precedent," adding that "this case should never have been brought."

"We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated," Apple said in a statement. "Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk."

What happens now?

The question remains how this new iPhone crack and the decision by the FBI to withdraw its case against Apple might affect the fight over backdoors and encryption going forward.

Tim Erlin, director of IT security and risk strategy for Tripwire Inc., based in Portland, Ore., said the FBI essentially sidestepped the encryption issue in this case, but the larger debate will continue.

"At a minimum, the FBI has failed to set a precedent for future cases. If they find they need Apple's assistance in a future case, they'll have to start over," Erlin said. "If the FBI had won the case, they would have set a strong precedent for forcing companies to take similar actions in the future."

Ben Johnson, co-founder and chief security strategist for Carbon Black Inc., based in Waltham, Mass., said the affects aren't so easy to parse.

"There are two sides to it, and some opinion has been that this very much worked out in the FBI's favor. Having said that, it is likely Apple can point to this the next time and say that the FBI was able to do it without their help," Johnson said. "It also was so visible that Apple will be unleashing its security researchers on the possible assumptions and gaps that are inherent in the iPhone to try to identify the vulnerability in order to mitigate it."

Rebecca Herold, CEO of Privacy Professor, agreed that while this may not help the FBI's case, it doesn't hurt, either.

"In the long run, it probably helps Apple. At least they can say, 'Look, if you want to get into encrypted files and systems, then use the NSA, or whatever other source was used, and crack into a device instead of forcing us to build a new system to actually serve as a backdoor for all similar types of operating systems,'" Herold said. "Keep in mind that cracking into one phone is a much different process than forcing a tech company to build a program that will break their own established security system. The method used for this situation may not be something that would be widely applicable to all similar phone systems. The program Apple would have created would have been."

It is unclear if the method used leveraged a known or unknown vulnerability in the iOS system, which raised questions over whether or not the FBI should, or will, disclose this iPhone crack to Apple.

"The FBI wants a backdoor, so why would they close the open door they found?" Johnson asked. "The public campaign they waged over trying to insert a backdoor might hurt them, as there were a lot of Apple sympathizers who will now be asking for the FBI to conduct responsible vulnerability disclosure."

Herold said it could benefit the FBI to share the iPhone crack method with Apple.

"In fact, if the FBI did tell Apple, they could try to use that as leverage for the next case like this they experience," Herold said. "They could say, 'Well, we helped you to improve the security of your phone in the San Bernardino case, so you should then be cooperative with us and build in magical backdoors that only the U.S. government can get through for your super strong encryption on your existing and ongoing evolution of smartphones and other smart devices.'"

Next Steps

Read more of the heated rhetoric between Apple and the FBI over a potential iPhone crack.

Learn why the battle between the FBI and Apple raises IT security and user privacy concerns.

Learn what cloud providers think of the iPhone backdoor debate.

Dig Deeper on Information Security Laws, Investigations and Ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

14 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you think this iPhone crack will affect the battle over encryption backdoors?
Cancel
"The iPhone Crack," as it is called. You mean changing the itunes password and restoring the phone from an icloud backup? 

No one "cracked" anything. They used commonsense...
Cancel
The method you described is exactly how the FBI locked themselves out of the more recent iCloud backups in the first place. Changing the password doesn't help, because they have no way to change the password on the phone as well, therefore no new backups are made. 
Cancel
Seems as if this should have been decided in a court?
Cancel
Well, the FBI short-circuited their ue of the courts by dropping their case against Apple. The iPhone model in particular is an older one supplied to the attacker through his place of employment. The attacker(s) destroyed their personal smartphone(s) beyond repair. Its seems likely that the FBI will find nothing stored on the iPhone they cracked that will prove material to the crime, otherwise it would have have been damaged beyond repair by the attacker(s) before they committed their crime. In the end the FBI looks foolish for trying to bully Apple into forcing the company to write software they didn't want to write.
Cancel
Well.... looks like FBI is again going to help DoJ Law Enforcement Crack another iPhone. So it's looking like they could actually use this method to Crack every iPhone related Criminal Case, meaning 1000's of crimes can be solved, without Apple!

What does this mean for Apple? Their iOS is not nearly as Secure as Apple thinks it is. But..... hey we knew that after Apple's government contract bids for Gov/DoD/FBI, etc fell on their face a couple of years ago.

What's that Apple couldn't out bid or provide the level of Security offered by foreign companies not so full of themselves with far better security obviously!

Fact; in 2013 DoD launched their Ultra High Security Hyper Tunneled Private Network (means it's an express route through the Internet completely isolated from it, without access from within or without it)!

So they pulled all devices off to check out which had the best security solutions, that could be used across all OS Platforms and Hardware over time. The only company to make the cut was Samsung w/ beefed up KNOX 2.0 Security Suite, approved by NSA for use on this Private Network.

Apple's plans were automatically rejected. Why? Because their solution was for Gov to be all in on Apple's devices and they would NOT offer an All Access Security Plan for BYOD! Yes..... Apple has lost every Gov Contract and Enterprise is also going with the Competition that gives them the ability to keep both personal and a private secure way of offering all employees the chance to eventually bring all brands on board this Private Network and other Enterprise Networks complete confidence in BYOD hardware options.

How? By simply bypassing device maker's control of their customers devices. With Samsung partnering w/ long time Security Conscious Blackberry with it's vaunted BES Encryption Servers and KNOX 2.x Security!

How great is it at protecting both personal and the Gov's or Enterprise Customer's Security? We are about to find out as Gov's Secure Network's Beta Testing is complete and Gov is offering $150,000 to White Hat Hacker Teams and Individuals if they can hack into it!!! .......so Sorry Apple, you didn't make the cut and now KNOX with BES Encryption Apple has no control of is being installed on BYOD devices in Gov and Enterprise Networks being installed on iPhones as well as Samsung and Blackberry phones alike!

FBI alone bought 26,500 KNOX Security Licenses. ZERO anything from Apple!!! ....and now with this DoJ/FBI Crack on Apple's Security, we know why they lost!!!
Cancel
One decisive win in a long battle over security. When pitted against mass murderers, Apple's arguments pale. Nothing stays secure (for long). In the past few years there have been a gazillion hacks and uncountable financial losses. During that same time, there have been approximately zero DOJ hacks. 

And the argument against a backdoor key is...? 
Cancel
Well, it appears that the Israeli government was able to access the Applie iPhone in question for the FBI. No word yet about what, if anything, was found that could provide evidence related to the crime being investigated. Crime itself is solved and the perpetrators of the crime are dead. Whether or not the techniques used by the Israeli government to do this can be applied to newer Apple iPhones remains to be seen. Several years ago, when Edward Snowden was secretly meeting with several reporters in Hong Kong, he would not allow one of the reporters to even turn ON their iPhone. But intercepting voice traffic and using someone's iPhone for spying on them is one thing, and breaking encrypted data stored on an iPhone is something else. Apple was within its rights to resist being compelled by the government to write code they did not want to write. And the FBI made a huge public relations mistake in their handling of the matter.
Cancel
If I were the FBI I would not divulge anything to Apple.  Apple was not going to help the FBI in a case where the phone involved belonged to a dead person. IF the FBI give Apple the info, Apple will patch it thus keeping the FBI out of future phones. Then the whole issues will start over where the FBI goes looking for help and Apple says no !
Cancel
FBI Throws their ARMS OPEN to Law Enforcement Nation Wide in an Offer to help them break into iPhones with proper court orders legal steps being offered. No Apple will not need to be requested. Basically Law Enforcement believes companies like Apple are incorrigible spoiled little children, that think they are more powerful than our own law enforcement and government. Guess this means Apple won't get any help from Gov on anything either!!! Serves them RIGHT!!!
Cancel
It wound be funny to see Apple get their system hacked and then turn to the FBI for help in finding out who is responsible. I wonder what the response would be.
Cancel
Well, if the FBI wants to host an iPhone "hackathon" I suppose they are free to do that, especially if they are unable to do it themselves after being lavishly funded by taxpayers to acquire cyber security skills. If you were alive back in the 60s and 70s you may recall how the FBI infiltrated protest groups and spied on Americans exercising their constitutional rights to free speech and assembly. Now the FBI wants to break into your smartphone, but they weren't able to do that so easily, or at least not without the help of a US-friendly foreign government.

This particular crime was "solved" the day it happened. The FBI has not come forward with any information of interest that was stored on the iPhone in question, probably because there isn't any. It was a "work" phone issued to the person who was responsible for the crime. They did destroy their personal smartphones.

The FBI should stick to the courts and let matters like this be properly adjudicated. It was the FBI who dropped their court case. Apple was prepared to challenge and appeal it, but the FBI was holding a weak hand and folded. In hindsight, the FBI picked a poor strategy in pursuing this case. It thought it could go to court in a public fashion, while encouraging public opinion to weigh in against Apple, but it didn't work.
Cancel
I'd be very curious to learn more about the method that the FBI is using (not that they're likely to reveal it). The way Apple has been building their devices, most cracks for a device like the iPhone 5c from this case wouldn't work on newer iPhones anyway.
Cancel
For All Those Thinking FBI got that Israeli company to do it for them? Apple themselves use them and do enterprise and Governments all over the World for data recovery, criminal cases, etc.

But even though FBI show a receipt for $15,000 to them, they were not able to use their solution still in Beta. Chances are they got help from IBM..... maybe even put Watson to the task!!! .....if not though lots of White Hat Hacker Groups love breaking into Apple products now with it being so easy to use their bug and kernel vulnerabilities to break in like child's play!!!

I love how they proved Apple iPhones are so easy to break into now!!!! :D
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close