from the shame-that-'one-size-fits-all-writs'-thing-didn't-work-out... dept
Some of the other iPhones the FBI tried to pretend weren't going to be the beneficiaries of a precedential All Writs order are apparently not even the beneficiaries of the agency's Break Into an iPhone Using This One Simple Trick! anticlimax in the San Bernardino case.
Director James Comey noted there were still more windmills to tilt at after discovering the still-secret exploit only works on a smallish subset of Apple's offerings. In two other cases, the agency has explored its available options. In one case in Massachusetts, it appears to be on the verge of abandoning its quest to force Apple to break into a phone for it, as Motherboard reports.
The Massachusetts case is unique because it's the first of its kind involving a newer model iPhone—an iPhone 6 Plus running iOS 9.1—that likely can not be unlocked using the mysterious method the government wound up using on the older iPhone 5c of Syed Farook, one of the San Bernardino shooters. In addition to security features that automatically wipe the device after 10 passcode attempts, newer models including the iPhone 6 and up have a hardware-backed security feature called Secure Enclave, which makes breaking into the devices significantly harder.The order set forth by the magistrate judge is unique in the fact that it compels Apple to turn over whatever data it recovers from the phone but does not demand the data be encrypted. Nor has Apple been ordered to assist in the decryption process. All of that ultimately doesn't matter if Apple can't access the data in the first place, hence the stalemate and apparent abandonment.
Thus, the case appears to have entered legal limbo, both because the government has failed to respond to Apple’s refusal and because Apple has no way of accessing the phone’s data anyway.
Meanwhile, slightly to the West, another legal battle over compelled decryption/access continues to be waged. The antagonist in this one is the DEA, however, which is seeking access to an older iPhone. The DOJ has already been served one rejection by magistrate judge James Orenstein. It has appealed that rejection, bumping it up a level in the district court. Now, it's filed a letter stating its intent to leave its All Writs application unaltered as the method the FBI used in the San Bernardino case won't work with this phone either.
The drug dealer had an iPhone 5C running iOS 7 software, while the San Bernardino shooter was using an iPhone 5C running iOS 9, a later version of Apple's operating system.Whatever the exploit is that works with this narrow band of phones, Apple has yet to learn the details. The FBI has shared it with the Senate Intelligence Committee, which means privacy champions like Dianne Feinstein possibly have more info on this security flaw than Apple does. Apple, however, has stated it will not seek to legally compel the FBI to turn over details on the exploit -- which is incredibly gentlemanly considering the FBI has done little else lately but seek to compel Apple to perform all sorts of work for it.
"The government continues to require Apple's assistance in accessing the data that it is authorized to search by warrant," wrote Capers.
Security researcher Jonathan Zdziarski -- in an open letter to FBI director James Comey -- argues that the FBI should turn over the details to Apple anyway for the safety of its customers.
What has been made painfully apparent to me for nearly the past decade in this field is that keeping an exploit secret is not possible, no matter how good an agency or corporation may be at keeping secrets – because an exploit is merely a dotted line on a blueprint. Mere knowledge of the general parameters of a vulnerability – even just the details of the device’s condition in this case – has been enough for security researchers to know exactly what security boundaries to start looking at, and they can do so now with the confidence that there is a known, exploitable vulnerability. One does not need to steal any exploit code in order to take advantage of a vulnerability; they only need to find the vulnerability; the way in already exists until it is closed.Not that the FBI will be swayed by the words of highly-respected iPhone forensics expert. It tuned out security researchers during its quest for alternate unlocking methods and it likely could care less who else gets in as long as law enforcement agencies get in first.
Given that it’s only a matter of time before a criminal finds the blueprint to this vulnerability, I urge you to consider briefing Apple of the tool and techniques used to access Syed Farook’s device. While the part of the tool that brute forces a PIN does not seem to work on newer devices, the locks that it picks in order to get past the front door most certainly can be vulnerabilities that carry over into newer devices. Depending on the nature of these components of the solution, criminals or nation states could take advantage of them to install malware, spyware, ransomware, or to infect a target by other means. Individual components of this tool may be very dangerous to millions of Americans, even if the solution as a whole is not viable.