A U.S. Magistrate Judge suspended her Feb. 16 order that Apple help investigators unlock the iPhone used in the San Bernardino terror attack, according to The Wall Street Journal. The hearing was scheduled for Tuesday and has been indefinitely suspended. This decision defuses the conflict between the government and Apple, but it comes at a cost to Apple since it suggests there is a gap in its software. Apple had said there is no way to unlock the phone.
Since 2014, Apple has claimed it had no way to break into phones with the most recent versions of its software. In arguing against the government’s order to create a way to access the phone’s data, the company said doing so would endanger its customers’ privacy.
The court postponed the case Monday, saying it was investigating a way to get the information without help from Apple.
Edward McAndrew, a partner at the Ballard Spahr law firm and a former federal prosecutor, said the postponement suggests that what Apple feared already exists in some form, and it exists outside of the company.
Judge Suspends Order
U.S. Magistrate Judge Sherri Pym suspended her Feb. 16 order for Apple to assist investigators in unlocking the iPhone used by Syed Rizwan Farook, who with his wife killed 14 people in the Dec. 2 attack in San Bernardino, Calif.
The judge postponed the hearing indefinitely, defusing the conflict between the Justice Department and Apple that pitted security against privacy.
The FBI’s method for accessing the phone was not clear Tuesday. The government said an “outside party” brought the information. A government official said it was still testing the method but is hopeful it will be able to unlock the phone without assistance from Apple.
Theodore Boutros, Apple’s lawyer, urged the judge to revoke or suspend the order. He said the government indicated Apple did something wrong in creating its encryption and in objecting to the government’s order to unlock the phone.
Vacating the order would be premature since the new method might fail, said Tracy Wilkinson, an assistant U.S. Attorney. She said many people have offered assistance with alternate methods to unlock the phone, but none have succeeded.
FBI Could Gain A New Tool
Law enforcement has an interest to not only exploit vulnerabilities in the phone but to keep the information it uncovers out of Apple’s hands.
Casey Ellis, chief executive and co-founder of Bugcrowd, a cybersecurity firm, said the information will become another tool in the FBI’s surveillance arsenal until the vulnerability is fixed.
The government said it knows there is a possible gap in the software protecting the iPhones, but it isn’t saying anything more about it at present.
The main question in the case has been whether or not Apple has a responsibility to help law enforcement unlock the phone or whether law enforcement should help Apple protect its customers from iPhone vulnerabilities.
How To Breach The Phone
Security experts have hypothesized on how the iPhone could be breached. One possibility is that there is an undisclosed vulnerability in the software that the government can exploit, such as a “boot loader” code the iPhone uses to activate its iOS operating system.
Another possibility is that technicians could de-solder the encrypted memory chip, insert a test socket in place of the memory, then copy the encrypted data to memory chips, slide them into the test socked and guess Farook’s passcode. Guessing the passcode would take up to 10,000 guesses. The iPhone only allows 10 attempts, but the FBI could repeatedly load the data onto a flash chip to reset the counter. This system would cost $50,000 in equipment and take as little as two days, according to Daniel Kahn Gillmor, a technology fellow at the American Civil Liberties Union.
Another scenario would focus on an ion beam to probe the phone’s microprocessor, extract cryptographic information and use it to decrypt the phone’s data. This method would cost between $500,000 and $1 million and require several months.
Congressman Criticizes FBI
Rep. Ted Lieu, D-Calif., called the FBI’s actions extremely disconcerting since it filed the case against Apple before exhausting all its options, then asking to delay the hearing before knowing if the new method would work.
Lieu said there was a lack of due diligence, or the agency was not really interested in the iPhone and was using the tragedy to set a precedent.
A Justice Department official said the FBI continuously sought to access the phone’s data without Apple’s help but asked for the delay to test the newly proposed method.
Featured image from Shutterstock.