The battle between the FBI and Apple over a terrorist's iPhone won't be settled in a court of law after all. After a much-watched standstill with the computer giant, the FBI announced earlier this week that it was able to crack into the iPhone 5C owned by Syed Rizwan Farook, the culprit in a December 2015 mass shooting in San Bernardino, Calif., with the help of an as-yet-unidentified third-party company.
Now it's Apple's turn to demand answers. But the FBI is staying mum on the methods it used to finally crack the phone. The agency originally sought Apple's help in cracking the phone out of fear that too many incorrect guesses at Farook's password would activate a security feature that would erase all of the phone's data -- data that could be potentially useful in counterterrorism efforts. Anonymous sources speaking to the LA Times said that the third-party company was able to remove this failsafe, thus allowing the FBI to make as many password guesses as it wanted.
Apple refused the FBI's original request based on the feeling that creating software to crack into a locked iPhone would pose a danger to all iPhone owners' data once the software itself or the information on how to create it was leaked. The company's stance was so firm that Apple engineers told the New York Times they would resign if forced to create the phone cracking software.
Apple's stand against the FBI brought global attention to the issue, but ironically may have also brought third parties forward who were up to the task in Apple's absence. And now the FBI is using Apple's same logic to keep its method for cracking the iPhone a secret. An anonymous FBI official told the LA Times that revealing its method would place the information in the public domain, where it could be accessed by hackers and others with malicious intent.
However, according to Reuters, Apple may be able to compel the FBI to reveal its secret based on a precedent that could be set by a DOJ case against Apple involving a Brookyln drug case. If the DOJ forces Apple to unlock a phone in this case, the company could push for the FBI to reveal how it unlocked Farook's phone.
Whereas the Apple/FBI standoff had sparked concerns over the government's role to compel companies to release information, this latest development has fueled ongoing concerns over government agencies digging into our privacy without us even knowing in the first place. While a smartphone certainly resonates with consumers, of bigger concern should be the sensitive data being stored in factories and on cloud-based servers. The key takeaway here for any software engineer should be that even if a company says its systems are secure and convinces everyone that only it has the key, there's always another individual or organization willing to try crack the system and possibly succeed. And in cases like this they can do it with government support. "It proves once again that what you don't know, you can buy," Nikias Bassen, principal mobile security researcher at Zimperium, told the LA Times.
There is no word yet on if the FBI was able to gather any information of value from Farook's unlocked phone.
Apple wants the FBI to reveal how it hacked the San Bernardino killer's iPhone | LA Times
Chris Wiltz is the Managing Editor of Design News