The mystery technique used to crack Syed Farook’s iPhone is expected to be patched before long
The FBI has confirmed it plans to help local law enforcement authorities across the US unlock mobile devices, following its success in accessing an iPhone used by shooting suspect Syed Farook without the assistance of Apple.
The move is significant because it suggests the access technique provided to the FBI by an unknown third party will not remain confidential for long.
Apple has said that when it becomes aware of the method used to unlock the handset it plans to patch iOS to render the technique obsolete.
Offer of help
“As has been our longstanding policy, the FBI will of course consider any tool that might be helpful to our partners,” Kerry Sleeper, assistant director with the FBI’s Office of Partner Engagement, said in a letter sent to local law-enforcement authorities on Friday.
“Please know that we will continue to do everything we can to help you consistent with our legal and policy constraints… We are in this together.”
While the FBI’s court order to force Apple to help it unlock the iPhone in question had no outcome, the publicity around the court battle led to the FBI’s ultimate success in accessing the device, according to Sleeper.
Third-party organisations, hearing of the case, contacted the FBI offering their assistance, and one of the avenues attempted eventually proved successful, she said.
“In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone,” she wrote. “That method for unlocking that specific iPhone proved successful.”
The letter was obtained by news agencies and published widely.
Security arms race
The US Justice Department had earlier in the week dropped its litigation with Apple, allowing the company to claim victory. The company has been outspoken in its opposition to proposed policy measures that would oblige it to make its devices accessible to investigators.
Apple and outside experts have said they expect the method used by the FBI to quickly become known, allowing the company to close the hole.
If the FBI unlocks a device used by a living suspect, attorneys will have an opportunity to cross-examine the technicians involved in an effort to discover whether evidence was tampered with. Such cross-examination should reveal enough information for a patch to be written, an unnamed Apple employee told Reuters.
The hole could also come to light if the contractor involved provides it to another agency or country, industry experts said.
Such flaws by their nature have a short shelf-life, with companies constantly patching them and hackers constantly looking for new breach techniques.
Israeli firm Cellebrite, one of the companies that offered to help the FBI, has developed an entire business around specialised law-enforcement tools for cracking encrypted devices, including PGP-encrypted BlackBerry handsets.
Are you a security pro? Try our quiz!