ras-slava - Fotolia
The technique put forward by an unknown third party has helped the Department of Justice find a successful iPhone crack for the device used by the San Bernardino, Calif., shooter, and has led to the case between the FBI and Apple being dropped -- for now. But experts said the fight over encryption and backdoors is far from over, and this result will delay the battle, rather than end it.
Last week, the FBI and Department of Justice (DOJ) announced they had a potential technique to crack the iPhone in question, and asked for a delay in the pending case against Apple. That iPhone crack worked, and the FBI noted in a court filing that it "no longer requires the assistance from Apple Inc."
DOJ spokesperson Melanie Newman said the FBI is reviewing the contents of the phone as "consistent with standard investigatory procedures," and the FBI "will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."
The DOJ declined to comment on whether the iPhone crack would be applied to other encrypted devices to which various law enforcement agencies want access. It is also unclear if the method would be shared with Apple, but it was implied that the DOJ would continue to pursue legal action in other cases.
"It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety," the DOJ said in a statement, "either with cooperation from relevant parties or through the court system."
Apple responded to the news by saying the company had always believed the demands of the FBI to be wrong and "would set a dangerous precedent," adding that "this case should never have been brought."
"We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated," Apple said in a statement. "Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk."
What happens now?
The question remains how this new iPhone crack and the decision by the FBI to withdraw its case against Apple might affect the fight over backdoors and encryption going forward.
Tim Erlin, director of IT security and risk strategy for Tripwire Inc., based in Portland, Ore., said the FBI essentially sidestepped the encryption issue in this case, but the larger debate will continue.
"At a minimum, the FBI has failed to set a precedent for future cases. If they find they need Apple's assistance in a future case, they'll have to start over," Erlin said. "If the FBI had won the case, they would have set a strong precedent for forcing companies to take similar actions in the future."
Ben Johnson, co-founder and chief security strategist for Carbon Black Inc., based in Waltham, Mass., said the affects aren't so easy to parse.
"There are two sides to it, and some opinion has been that this very much worked out in the FBI's favor. Having said that, it is likely Apple can point to this the next time and say that the FBI was able to do it without their help," Johnson said. "It also was so visible that Apple will be unleashing its security researchers on the possible assumptions and gaps that are inherent in the iPhone to try to identify the vulnerability in order to mitigate it."
Rebecca Herold, CEO of Privacy Professor, agreed that while this may not help the FBI's case, it doesn't hurt, either.
"In the long run, it probably helps Apple. At least they can say, 'Look, if you want to get into encrypted files and systems, then use the NSA, or whatever other source was used, and crack into a device instead of forcing us to build a new system to actually serve as a backdoor for all similar types of operating systems,'" Herold said. "Keep in mind that cracking into one phone is a much different process than forcing a tech company to build a program that will break their own established security system. The method used for this situation may not be something that would be widely applicable to all similar phone systems. The program Apple would have created would have been."
It is unclear if the method used leveraged a known or unknown vulnerability in the iOS system, which raised questions over whether or not the FBI should, or will, disclose this iPhone crack to Apple.
"The FBI wants a backdoor, so why would they close the open door they found?" Johnson asked. "The public campaign they waged over trying to insert a backdoor might hurt them, as there were a lot of Apple sympathizers who will now be asking for the FBI to conduct responsible vulnerability disclosure."
Herold said it could benefit the FBI to share the iPhone crack method with Apple.
"In fact, if the FBI did tell Apple, they could try to use that as leverage for the next case like this they experience," Herold said. "They could say, 'Well, we helped you to improve the security of your phone in the San Bernardino case, so you should then be cooperative with us and build in magical backdoors that only the U.S. government can get through for your super strong encryption on your existing and ongoing evolution of smartphones and other smart devices.'"
Read more of the heated rhetoric between Apple and the FBI over a potential iPhone crack.