The FBI Wants To Crack Another Dead Terrorist’s Locked iPhone
When the FBI asked a court to force Apple to help crack the encrypted iPhone 5c of San Bernardino shooter Rizwan Farook in February, Bureau director James Comey assured the public that his agency’s intrusive demand was about one terrorist’s phone, not repeated access to iPhone owners’ secrets. But now eight months have passed, and the FBI has in its hands another locked iPhone that once belonged to another dead terrorist. Which means they may have laid the groundwork for another legal showdown with Apple.
At a press conference in St. Cloud, Minnesota today, FBI special agent Rich Thorton said that the FBI has obtained the iPhone of Dahir Adan, who stabbed 10 people in a Minnesota mall before a police officer shot and killed him. (The fundamentalist militant organization ISIS claimed credit for the attack via social media.) As in Farook’s case, the attacker’s phone is locked with a passcode. And Thorton said the FBI is still trying to figure out how to gain access to the phone’s contents.
“Dahir Adan’s iPhone is locked,” Thornton told reporters, “We are in the process of assessing our legal and technical options to gain access to this device and the data it may contain.”
Thornton didn’t say in the press conference what model iPhone Adan owned or what operating system the device ran. Both are key factors in whether the FBI will be able to get past its security measures. That’s because beginning with iOS 8 in 2014, iPhones and iPads have been encrypted such that not even Apple can decrypt the device’s contents, even when police or FBI serve a warrant to the company demanding its help.
After the San Bernardino shootings last spring, that new software security feature led the FBI earlier this year to demand that Apple write a new version of its operating system designed to help law enforcement “brute force” the iPhone 5c PIN code of Rizwan Farook. The software it asked Apple to create would allow investigators to repeatedly try different PIN codes without triggering the lockout mechanism that prevents further guessing after ten tries. Apple refused, and the FBI filed a lawsuit.
The FBI didn’t respond to WIRED’s email or phone calls about the second locked iPhone, and Apple declined to comment as to whether the FBI had asked for its assistance in accessing the device.
The FBI’s standoff with Apple over Farook’s locked iPhone ended when the FBI announced that it had a method to break into the locked and encrypted phone.
Director Comey said that the Bureau paid more money for the technique than he’d make in the rest of his tenure at the FBI. If that’s true, it would mean a price tag over $1.2 million. But it’s still not clear if that attack would work for iPhones more recent than the 5c or newer versions of iOS that may have patched the security flaws it exploited.
In fact, Cambridge researcher Sergei Skorobogatov last month showed how he could break into an encrypted iPhone 5c by removing its flash memory, cloning it, and repeatedly trying PIN codes and then rewriting the memory’s data to “undo” the counter that tracks the number of PINs a user tries. But Skorobogatov wrote that his method wouldn’t work on an iPhone newer than the 5c due to a piece of security hardware known as the “secure enclave” that makes rewriting their memory far more difficult.
FBI Agent Thornton told Thursday’s press conference that the bureau had “analyzed more than 780 gigabytes of data from multiple computer and other electronic devices” in its investigation of Adan. “We are conducting an extensive review of his social media and other online activity,” he said. “We continue to review his electronic media and digital footprint.
But as with Farook, accessing one of the ISIS-linked attacker’s primary electronic devices may again depend on what version of Apple’s hardware and software he ran. If Adan carried an iPhone he bought in the last two years, and the FBI is determined to get inside it, the US government may find itself again at odds with the world’s biggest tech company.
This article is from: