Since the FBI vs Apple court case in California, FBI in other jurisdictions, criminal investigations, have aired the need for access to iPhones. For those stories, please use an internet search.
FBI drops its case against Apple after getting into that iPhone
by Kim Zetter
After more than a month of a heated standoff between the Justice Department and Apple over access to an iPhone belonging to one of the alleged San Bernardino shooters, the government announced today that an alternative method for breaking into the phone has worked.
In a motion filed with the court Monday afternoon, the Justice Department has asked a California court to vacate its previous order commanding Apple to create a software tool to help authorities break into the phone.
“The government has asked a United States Magistrate Judge in Riverside, California to vacate her order compelling Apple to assist the FBI in unlocking the iPhone,” United States Attorney Eileen M. Decker said in a statement. “Our decision to conclude the litigation was based solely on the fact that, with the recent assistance of a third party, we are now able to unlock that iPhone without compromising any information on the phone…. Although this step in the investigation is now complete, we will continue to explore every lead, and seek any appropriate legal process, to ensure our investigation collects all of the evidence related to this terrorist attack.”
Last week, a day before a scheduled court hearing to discuss the case, the Justice Department pulled a surprise move and asked the court to delay the hearing after learning of a possible method it could use to get into the phone without Apple’s help. The government had insisted repeatedly to Magistrate Judge Sheri Pym that it could not get into the phone without Apple’s help, so the sudden turnaround surprised reporters and others who had gathered in Riverside, California for the hearing.
Since that announcement, the security community has speculated about what possible method the feds could be using. Last week, FBI Director James Comey told reporters at a news conference that a method called NAND mirroring, that some in the security community insisted was the best option the FBI had for getting into the phone, did not in fact work. Comey didn’t elaborate.
The government’s announcement today leaves that question unanswered. Apple told reporters last week that if the feds did find a way into the phone, it would seek discovery to learn the method that was used in order to confirm that the feds did indeed get into the device and didn’t just claim it did to save face and withdraw from the case. But Apple may never be able to get an answer to that question if the government classified the method.
Also left unanswered is whether the phone actually contained any data useful to the government’s investigation that it had not already obtained through the iCloud backups of the phone.
Apple did not yet respond to a call for comment. We’ll update this story when they do.
Last month a federal court ordered Apple to create a software tool that would bypass security mechanisms in Apple’s software so that the government could perform what’s known as a bruteforce password attack to guess the password on the phone.
Starting with versions of its operating system released in 2014 and later, Apple uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. The user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes, and if the result is the correct passcode, the device and data are unlocked.
To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. This happens after 10 failed guesses if a user has enabled the iPhone’s auto-erase feature
In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. Instead of being able to try hundreds or thousands of password guesses per second, the feds would only be able to try eight or nine per second.
The FBI wanted Apple to create a version of its software that eliminated these two protections.