igor - Fotolia
It seemed, for a moment, there might be movement in the court proceedings between Apple and the FBI. But now, it has been reported that the FBI may no longer need Apple's help to access the iPhone of deceased San Bernardino, Calif., shooter Syed Rizwan Farook.
After weeks of increasingly vitriolic comments from Apple and the FBI over whether Apple should be compelled to create an FBI iPhone backdoor, the two were scheduled to meet in court this past Tuesday. Last week, the FBI asked for that meeting to be an evidentiary hearing, meaning both sides would call expert witnesses to provide testimony.
Apple lawyers were reportedly surprised by the move, but were confident in its planned witnesses -- Erik Neuenschwander, Apple's leading cryptography expert; and Lisa Olle, the Apple attorney who dealt with the FBI as it requested details from the phone -- and its argument that the government was overstepping the purview of the All Writs Act.
That hearing never happened, because the Department of Justice (DOJ) filed a motion with the federal court to cancel the hearing, saying that a potential hack was found that could negate the need for Apple to create an FBI iPhone backdoor.
"On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [terrorist Syed] Farook's iPhone," the DOJ wrote in the filing. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case."
U.S. Magistrate Judge Sheri Pym agreed to postpone the hearing, and allowed the FBI until April 5 to determine if the proposed hack is viable. Apple reportedly planned to request further information regarding the potential vulnerability.
Who is helping the FBI?
Speculation began immediately on social media to determine what the possible method might be, and numerous unnamed industry experts have been cited as saying mobile forensic software provider Cellebrite, based in Israel, is that company.
It is unclear what method Cellebrite may have to allow the FBI access to the iPhone in question, but in August 2013, the FBI announced a contract with Cellebrite to purchase two Cellebrite UFED Touch Ultimate Kits. According to Cellebrite's website, the UFED Series "enables forensically sound data extraction, decoding and analysis techniques to obtain existing and deleted data" from supported devices.
However, the company website makes it clear the device has limitations, including not being able to physically extract data from iPhones newer than the iPhone 4 -- Farook's device was an iPhone 5c -- and only being able to extract logical or file-system data when devices are already unlocked. Additionally, the Cellebrite website only references decrypting data from iOS 4, 5 or 6, whereas the FBI iPhone in question was running iOS 9.
Whether or not the technique is related to Cellebrite's UFED kit, Morey Haber, vice president of technology at Phoenix-based BeyondTrust Inc., said he believes the crack to be "very real."
"This development really changes the game. Outside of physically disassembling the device, if any vulnerabilities and exploits are found or being used, including physically modifying the device, these methods may question companies' willingness to participate in ethical proper disclosure," Haber said. "While the industry is fully aware that zero [day] vulnerabilities are for sale, the balance of releasing them to improve security verses litigation like the Wassenaar Agreement may prevent companies like this from selling these hacks across country boundaries. This serves both the FBI's and Apple's arguments for engineering a method into the device, and produces a need that third-party companies are willing to try and meet, despite legal and ethical ramifications."
DOJ is confident
Attorney General Loretta Lynch said in a news conference on Thursday that the DOJ is "trying to exhaust all investigative tools," including using techniques offered by third parties. She said she was hopeful the new technique would work, but said it left open the question of whether the phone contained useful evidence.
"It has always been our goal to extract the information that may be on that phone and determine what information or evidence it may give us about this deadly attack," Lynch said. "At this point, it's really too early to say how that's going to work out."
FBI Director James Comey said many people around the world offered ideas on how to open the phone without Apple's help.
"It looks like we now have one that may work," Comey said at the news conference. But Comey also noted that litigation against Apple would continue if this option did not work.
Ben Johnson, co-founder and chief security strategist for Carbon Black Inc., based in Waltham, Mass., said if this new technique works, it would serve Apple's arguments in the iPhone backdoor case.
"If this works out for the FBI, it is more likely that this serves Apple's narrative better -- law enforcement got what it wanted, without coercion of the technology company to circumvent its product and break its trust," Johnson said. "This conclusion also depends on what's actually found, and what the public opinion is based on those findings. If extremely lucrative evidence is recovered, that gives the FBI ammunition. It still won't change Apple's stance, nor a lot of the public's, but those in the gray area would swing to supporting the FBI."
Learn more about the FBI's "going dark" campaign to gain access to encrypted evidence.