The US government’s declaration that it has “successfully accessed the data stored on [San Bernardino gunman] Farook’s iPhone and therefore no longer requires” assistance from Apple, ends a six week-long legal clash between the tech firm and the FBI.
But it leaves the issue at the heart of the dispute unresolved: could the FBI have forced Apple to help it unlock the device?
It is unlikely that this will be the last time a law enforcement agency tries to compel a tech company to help bypass security measures.
At this point, there is nothing to compel the FBI to reveal how it was done, although Apple is likely to be pressing hard to find out.
The tech firm’s lawyers have already said they would want details of the technique to be made public if evidence from the cracked iPhone is later used at trial.
But it could remain secret. There is scope within US law for the authorities to withhold the source of information if it was supplied to them on a confidential basis, and to protect sensitive intelligence-gathering methodologies.
The court order originally obtained by the FBI had instructed Apple to come up with a special version of its operating system that would have prevented Farook’s iPhone from deleting its data or imposing long lockout periods if too many incorrect passcode guesses were made.
However, the latest court filings do not say that someone else has now done this, but merely that some data stored on the device has been obtained.
Researchers at the cybersecurity firm IOActive had proposed that one way of getting data off an iPhone would be to “de-cap” its memory chips.
The process they described involved using acid and lasers to expose and copy ID information about the device so that efforts to crack its passcode could be simulated on another computer without risk of triggering the original iPhone’s self-destruct tool.
If indeed this is what happened, it is not easy and there’s a high risk of causing so much damage to the phone that the desired data becomes irretrievable.
By contrast, Cellebrite – a data forensics firm that has reportedly helped the FBI with the case – has previously discussed “bypassing” passcode locks rather than trying to deduce the number.
But it is possible that doing this would yield access to only a limited amount of a handset’s data.
One other point is that Apple recently updated its iOS software.
Each upgrade adds security fixes. So, if the FBI has indeed been alerted to a flaw in Farook’s phone’s security settings, that bug may no longer exist in devices that have installed iOS 9.3.
So what can iPhone users do to further ensure their devices are secure?
You can use encryption-enabled apps to digitally scramble data.
So, even if a cracked iPhone did give up the contents of its text messages, emails and WhatsApp chats, the contents of the encryption-enabled apps should remain safe.
All this presumes, however, that the authorities do not manage to install spyware on your device. If that happens, all bets are off.
Leave a Reply