News

Actions

FBI unlocks iPhone without Apple's help

Posted at 2:58 PM, Mar 28, 2016
and last updated 2016-03-29 02:16:29-04

WASHINGTON (AP) — The FBI said Monday it successfully used a mysterious technique without Apple Inc.'s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world's leading technology companies.

The government asked a federal judge to vacate a disputed order forcing Apple to help the FBI break into the iPhone, saying it was no longer necessary. The court filing in U.S. District Court for the Central District of California provided no details about how the FBI did it or who showed it how. Apple did not immediately comment on the development.

The brief court notice left important questions unanswered: Who showed the FBI how to break into iPhones? How did the government bypass the security features that Apple has invested millions of dollars to build into its flagship product? Are newer iPhones vulnerable to the same hacking technique? Will the FBI share its information with scores of state and local police agencies that said they also need to break into the iPhones of criminal suspects? Will the FBI reveal to Apple how it broke its security? Did the FBI find anything useful on the iPhone?

The surprise development also punctured the temporary perception that Apple's security might have been good enough to keep consumers' personal information safe even from the U.S. government — with the tremendous resources it can expend when it wants to uncover something.

The FBI used the technique to access data on an iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in San Bernardino, California, in December. They're currently reviewing the information on the phone, the Justice Department said in a statement.

U.S. magistrate Sheri Pym of California last month ordered Apple to provide the FBI with software to help it hack into Farook's work-issued iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.

Apple was headed for a courtroom showdown with the government last week, until federal prosecutors abruptly asked for a postponement so they could test a potential solution that was brought to them by a party outside of the U.S. government the previous weekend. Technical experts had said there might be a few ways an outsider could gain access to the phone, although the FBI had insisted repeatedly until then that only Apple had the ability to override the iPhone's security. FBI Director James Comey said the bureau even went to the National Security Agency, which did not have the ability to get into the phone.

 

 

A law enforcement official said the FBI was successful in unlocking the iPhone over the weekend. The official spoke to reporters on a conference call on condition of anonymity because this person wasn't authorized by the Justice Department to publicly comment. The official said federal law enforcement would continue to aid its local and state partners with gaining evidence in cases — implying that the method would be shared with them.

Manhattan District Attorney Cyrus Vance testified before a U.S. House panel earlier this month that he has 205 iPhones his investigators can't access data from in criminal investigations. And Apple is opposing requests to help extract information from 14 Apple devices in California, Illinois, Massachusetts and New York.

The case drew international attention and highlighted a growing friction between governments and the tech industry. Government commissions have been formed to study the issue of encryption's impact on law enforcement and lawmakers have also held hearings, discussing the issue, since the Feb. 16 order. Apple and other tech companies have said they feel increasing need to protect their customers' data from hackers and unfriendly intruders, while police and other government authorities have warned that encryption and other data-protection measures are making it more difficult for investigators to track criminals and dangerous extremists.

The withdrawal of the court process also takes away Apple's ability to legally request details on the method the FBI used in this case. Apple attorneys said last week that they hoped the government would share that information with them if it proved successful.

The encrypted phone was protected by a passcode that included security protocols: a time delay and self-destruct feature that erased the phone's data after 10 tries. The two features made it impossible for the government to repeatedly and continuously test passcodes in what's known as a brute-force attack. Comey said with those features removed, the FBI could break into the phone in 26 minutes.

The official said the method used to unlock the phone appears to work on the iPhone 5C operating a version of iOS 9. In late 2014, Apple updated its operating system so the passcode is linked to the phone's overall encryption. The Cupertino-based company said that made it impossible for it to access data on the phone.

The Justice Department wouldn't comment on any future disclosures of the method to Apple or the public.

Apple CEO Tim Cook had argued that helping the FBI hack the iPhone would set a dangerous precedent — and make other iPhones vulnerable — if Apple complied with a court order to create software that would help investigators bypass the phone's security features.

It was a rare moment of public defiance by a major U.S. corporation. Other leading tech companies, including Facebook, Google and Twitter, soon voiced their support for Apple's position, as did computer security experts and civil liberties groups. But Cook's stance was denounced by top U.S. officials, including FBI Director James Comey and Attorney General Loretta Lynch, who accused Apple of trying to interfere with law enforcement.

In court filings, federal prosecutors also suggested Apple's emphasis on privacy was a marketing strategy, which Apple heatedly denied.

 

Read the order to vacate below. Mobile users click here.