FBI vs. Apple vs. You

Shortly before entering the Inland Regional Center in San Bernardino, California and opening fire, killing 14 people and injuring another 20, the shooters — Syed Rizwan Farook and Tashfeen Malik — discarded their cell phones laptop’s hard drive. While the hard drive has not been located, the cell phones turned up in a dumpster near the terrorists’ rented home.

Four hours after the attack, Farook and Malik were killed in a gun battle with FBI agents. Unfortunately, they were shot before anybody got a chance to ask Farook what the four-digit lock code on his iPhone was. Oops.

An iPhone, when configured to do so, will back itself up to Apple’s iCloud when connected to an approved WiFi hotspot. Farook’s iPhone was configured to do this, but hadn’t been backed up in six weeks. To access the data on the phone, all the FBI needed to do was take the phone to a pre-approved WiFI network (say, Farook’s house or work) and turn the phone on. The phone would have backed itself up to iCloud, and the FBI would have been able to file a subpoena to obtain the (unencrypted) data from Apple.

But that’s not what they did. Instead, an FBI agent attempted to reset the phone’s security PIN via iCloud. This requires the phone to be unlocked to sync up. In other words, a random FBI agent who knew nothing about how iCloud works (he could have asked any 13 year old) locked the FBI out of the phone with this one single (dumb) action.

The FBI’s backup plan was to have Apple unlock the terrorist’s phone. First, they politely asked if Apple would break into the phone for them. Apple politely declined. Then, the FBI took Apple to court. When Apple still refused to cooperate, the Department of Justice also took the company to court, citing the All Writs Act (part of the Judiciary Act of 1789). Apple continued to drag their feet on the request.

And, for clarification, what the FBI was asking Apple to do was create a custom version of iOS with a backdoor in it that would allow them to bypass the security code. Because, nothing bad could possibly come from developing that. The government promised that it would only be used one time in a controlled environment, because of course they would promise that.

This story has freedom of speech, citizens’ rights, the right to encryption (and privacy from the government), the FBI vs. Apple, terrorists, murder… all they had to do was throw in a Star Wars reference and a video game and it would have been perfect!

From day one, I told my wife “the FBI does not need Apple to get into that phone. They will get in, regardless. This is a PR stunt.” My wife thinks I’m crazy (and not just because of this theory.) Any time the FBI makes a public release, it’s for a reason. The stuff they don’t want you to know about, you don’t know about. The stuff they do want you to know about makes the news.

Think of it this way: if Apple were to cave, it’s a lose/lose. Apple loses because it makes them look like they are catering to the government at the expense of their customers’ privacy. And the FBI loses twice: first, they look weak by not being able to break into a single phone, and second, they look like bullies. But if Apple were to stand up to the FBI and refuse to unlock the phone and the FBI were eventually able to unlock it on their own, that would be a win/win! Apple becomes the valiant defender of encryption and customer rights, while the FBI ends up looking like uber-hackers!

And, of course, that’s exactly what happened. On Monday, the FBI withdrew their case against Apple and said “thanks, bro, but we got in anyway.”

Above is a video of the XPIN CLIP in action attacking an iPhone running iOS 7x. What the device on the left is doing is sequentially sending passcodes to the phone. If you want to jump to the 3:30 mark you’ll see it send 1230, 1231, 1232, and 1233 before unlocking the phone with the correct code, 1234. Apple fixed this hole in iOS 8. A few weeks later, someone released a new device that worked against iPhones running iOS 8. Apple fixed that hole in iOS 9. It wouldn’t take a complete leap of faith to say that there’s a new device out there that works on the latest iPhone operating system.

But the terrorist’s phone had the security feature enabled that would wipe his phone after 10 incorrect guesses. Welp…

This is the IP Box unlocking an iPhone running iOS 8. The IP Box utilized an exploit that prevented the iPhone from recognizing incorrect guesses by pressing two buttons at the same time. Rumor has it that the newer versions of this box (available for around $200) can cut the power to the phone immediately after each attempt to prevent the phone from logging the incorrect guesses. It takes longer, extending the maximum amount of time from hours to days (but not weeks), but if you’re just dealing with one phone, that’s not too bad.

For now, this story is over (although you can bet Apple already has people trying to figure out how the FBI got into iOS 9, and will be patching that hole in the inevitably soon-to-be released update). Apple politely asked the FBI how they did it; the FBI politely refused to offer up that information. In the end, Apple won by not backing down, and the FBI won by gaining access to the terrorists’ selfies. The terrorists lost, but they were already dead so having their phone compromised is really just a parting gift.

The rest of us are stuck in the middle, hoping that the private information on our phones, computers, and stored in the cloud remains private.