The latest high-stakes standoff between Apple and the FBI has come to an end. After claiming for months that Apple alone could unlock the two iPhones of Pensacola shooter Mohammed Saeed Alshamrani, the agency announced today that it had managed to do so without Cupertino’s help—and without undermining the encryption that protects over a billion iOS users worldwide.
The détente comes five months after the attack last December at Naval Air Station Pensacola, in which Alshamrani killed three people and wounded eight more before being shot and killed by local law enforcement. The FBI recovered Alshamrani’s iPhone 5 and an iPhone 7 Plus in the wake of shooting; the devices were badly damaged, which the Justice Department implied in January made it more difficult to break in through traditional methods. The stance was always curious. The FBI confirmed it had managed to get the iPhones up and running, and has access to forensics tools from companies like Cellebrite that claim the ability to break into any iOS device. Older models like Alshamrani’s should have been relatively trivial to crack. But as with the 2015 San Bernadino shooting, the high-stakes case proved all too tempting for the agency to try to set a bad precedent.
“It was only a matter of time before they succeeded.”
Dan Guido, Trail of Bits
In both instances, the FBI wanted Apple’s help to establish a “backdoor” that would allow law enforcement to circumvent any iOS device’s encryption and access its data as needed. “We have always maintained there is no such thing as a backdoor just for the good guys,” Apple said in January in response to the Justice Department’s public admonition. “Backdoors can also be exploited by those who threaten our national security and the data security of our customers.” The company declined to comment on the latest development in the Pensacola case.
In a press conference today, FBI director Christopher Wray said that the agency had to develop its own tool to access the iPhones. “We canvassed every partner out there and every company that might have had a solution to access these phones. None did,” said Wray. “So we did it ourselves. Unfortunately the technique that we developed is not a fix for our broader Apple problem. It’s a pretty limited application.”
It’s unclear what that difficulty stems from. While still plenty secure for the average user, recent vulnerabilities in iOS have given hackers and forensic investigators ample avenues to break into iPhones. “If the FBI was able to repair the hardware sufficiently to boot them up, then existing forensics tools are more than capable of recovering data from those devices,” says Dan Guido, founder of cybersecurity firm Trail of Bits. He points specifically to the so-called checkm8 exploit, publicized last September, an unfixable flaw that makes it possible to “jailbreak” any iPhone from 2011 to 2017—which includes both of Alshamrani’s devices.
“The FBI could try as many PIN codes as they wanted until one worked,” says Guido, whose iVerify security app can tell if your phone is exposed to checkm8. “It was only a matter of time before they succeeded.”
In fact, iOS has seen several security lapses lately that, while largely harmless to the average user, make it possible for well-resourced technicians to break into devices. In addition to checkm8, vulnerability broker Zerodium recently announced that due to a glut of iOS and Safari bugs it wouldn’t accept certain classes of Apple bug submissions for the next several months.
“There’s been a proliferation of iOS vulnerabilities recently,” says Johns Hopkins University cryptographer Matthew Green. “There was a brief period around 2015 when Apple’s security outpaced the commercially available exploit market, and that period seems to be over.”
It’s unclear exactly how the FBI got the passcodes it needed. But the agency’s success in cracking the iPhones in its possession seems to undermine its central argument that Apple and other companies allow criminals to “go dark” by providing strong encryption on consumer devices. As in 2016 with the San Bernadino case, agents got in eventually.