This all might sound familiar: After a mass shooting, the Federal Bureau of Investigation wants Apple to build a tool that can unlock the attacker’s iPhones. But don’t expect round two of Apple versus the FBI to necessarily play out like the first. The broad outlines are the same, but the details have shifted precariously.
For all the FBI’s posturing, its attempt to force Apple to unlock the phone of one of the San Bernardino terrorists ultimately ended in a draw in 2016. The FBI dropped its lawsuit after the agency found a third-party firm to crack it for them. Now, the FBI claims that only Apple can circumvent the encryption protections on the two recovered iPhones of Mohammed Saeed Alshamrani, who killed three people and wounded eight in December at a naval air station in Pensacola, Florida. As it did four years ago, Apple has declined.
Apple’s central argument against helping the FBI in this way remains the same: creating a backdoor for the government also creates one for hackers and bad actors. It makes all iPhones less safe, full stop. Since the last Apple-FBI showdown, though, technological capabilities on both sides, the US political landscape, and global pressures have all substantially evolved.
“It seems that the FBI doesn’t have an Apple problem, it has a bullet problem.”
Matthew Green, Johns Hopkins University
First there are the phones themselves. In the San Bernardino case, the FBI contracted with the digital forensics firm Cellebrite to unlock one of the shooters’ iPhone 5C, which ran iOS 9. Apple’s iOS defenses have evolved significantly since then, particularly to stymie early generations of unlocking tools. For example, multiple rounds of updates in iOS 11—Apple’s mobile operating system from September 2017 to September 2018—were specifically designed to plug holes hackers and third-party cracking services had used to bypass data protections.
But every time Apple closes a door, enterprising security firms open a window. Just last summer, Cellebrite publicly claimed that its tools could unlock any iOS device up to those running iOS 12.3, the current version at the time. A few months later, researchers discovered additional hardware flaws that provide even more options for cracking any iOS device released between 2011 and 2017.
That applies to both of the Pensacola shooter’s phones, an iPhone 5 and an iPhone 7 Plus. Alshamrani did attempt to physically destroy both by shooting and smashing them, but attorney general William Barr has said that the FBI’s Crime Lab was able to “fix both damaged phones so that they are operational.” Given this restoration and the legacy phone models in question, it’s unclear why the FBI wouldn’t be able to use third-party cracking tools developed by companies like Cellebrite or Grayshift to access data on the phones.
“If they can boot up the phone then existing tools will work,” says Dan Guido, CEO of Trail of Bits, a company that consults on iOS security. “I’m not sure how the state of the hardware may complicate matters, because there’s no detailed information about that. Even then, I’m sure forensics firms receive broken phones all the time.”
Despite Barr’s claims Monday that the phones are “virtually impossible to unlock without the password,” and that Apple has “not given any substantive assistance,” existing methods appear readily available to the FBI. And while Apple understandably refuses to undermine the encryption of these devices, the company says it has turned over “many gigabytes” of iCloud and other data to investigators.
“As far as we know, law enforcement has a number of workable options for unlocking phones, particularly older phones like these,” says Johns Hopkins cryptographer Matthew Green. “It’s not clear to me why those tools wouldn’t work against these phones, but it’s possible that it’s related to the deliberately inflicted physical damage. If that’s the case, then it seems that the FBI doesn’t have an Apple problem, it has a bullet problem.”