The Justice Department announced, by complete surprise this Monday, that it no longer needs Apple to create a software tool to break into the iPhone used by one of the San Bernardino shooters.
The software tool in question, if actually developed, would be able to bypass the security mechanisms in Apple’s software so that the FBI could perform a brute force passcode attack. Apple feared that this would make all users’ phones susceptible to hacking, and resisted the FBI’s demands for this reason.
Saying that this resistance caused some controversy is a bit of an understatement.
Breaking Down Apple Security
There are two factors used to secure phones and encrypt data. The first is a special 4 to 6 digit numerical passcode designated by the user. The second is a 256-bit AES key that is uniquely embedded into each phone when manufactured. Both keys get ‘tangled’ to lock the phone, and get ‘untangled’ when the correct passcode is entered.
The ‘auto-erase’ feature can also be chosen by the user in order to limit the amount of guesses to ten before the passcode is wiped out permanently. Time delays also make it so that no one can enter in another passcode guess until 80 milliseconds after the first attempt.
Apple Security Bypassed
Previously, the FBI stated that it absolutely needed Apple’s help to unlock the phone. In a release, Apple responded:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
Now, the FBI announced that a certain technique they speculated might work, actually did.
Unfortunately, the method they used is unknown. Apple has mentioned that, if their claim is true, they will seek discovery to learn the particular method used to ensure that the FBI wasn’t lying just to save face. It is also important for Apple to understand the methods in order to ensure that users are still protected.
The community has been speculating widely on the possible methods that were used to crack the passcode. Last week, FBI Director James Comey told reporters that a technique called NAND Mirroring, which was labeled the best option by some in the security community, did not work.
As long as the technique remains classified, the answer for Apple and the public alike remains unknown, as Apple may uncover an entry method that is different than what the FBI actually used.
However, Apple (like the FBI) isn’t taking this lying down. Attorneys for Apple are currently looking into legal tactics that would require the government to turn over the specifics of how they hacked into the iphone, but the company had no update on its progress as of yesterday.
The Future of Security
So that’s it. Case closed. The debate is over?
Well, as the aforementioned may have indicated, not quite. The FBI was able to get into this phone, but what about the phones of the future? Of course, Apple will add new security features (they constantly are), and there is a good chance that the FBI won’t be able to crack the ‘phone of tomorrow.’ So where does that leave us?
It seems that it leaves us with the battle still raging.
The Justice spokeswoman speaking to the Wall Street Journal made it clear that, while this particular phone in this particular case is no longer being fought over, the broader fight over encryption-protected technology will continue—in essence, this is the end of one battle, but not the war.
“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails,” spokeswoman Melanie Newman stated.