FBI iPhone Unlock Trick Remains Secret

“iPhone 5C” by Kārlis Dambrāns is licensed under CC BY 2.0

A court says the FBI won’t have to reveal how it broke into an encrypted iPhone belonging to the San Bernadino shooter. The US district court rejected a freedom of information request to find out who got paid – and how much – to access the phone.

The phone belonged to Syed Farook, the man who shot dead 14 people in 2015. The FBI asked Apple to help unlock the phone, but Apple refused, arguing that by design this was impossible. The problem wasn’t so much the unlocking but rather a default setting that would have wiped the phone’s data after a limited number of failed attempts. That in turn limited the most likely FBI solution of a brute force unlock.

The FBI then went to court to demand Apple modify the operating system to let it bypass this setting. Apple refused, arguing that this created a risk of the modified OS falling into the wrong hands and thus undermining the security of millions of handsets.

That court battle looked set to run and run, but eventually the FBI withdrew from the case after finding a way to access the data. Exactly how that happened is uncertain, other than that the FBI paid a third party for help. It also appears likely, though not confirmed, that the solution in question was relatively targeted in that it only worked on a specific model (iPhone 5c) running a specific operating system edition (iOS 9).

Initially an Israeli tech firm was reported to be responsible, but that later came into question. There’s also dispute about how much the FBI paid.

A joint freedom of information lawsuit from the Associated Press, Vice News and USA Today asked for the FBI to be forced to reveal this information. Their argument was that government spending should be a matter of public record, particularly as there was no tendering process in this case.

The court sided with the FBI’s arguments to dismiss the request. The FBI said that if the vendor’s identity became public, it would come under attack from hackers who wanted to access and misuse the tools in question. It also said that any detail about the tools going public would limit its ability to use them in future cases.

[Via: ZDNET]