Apple Has No Idea How the FBI Hacked Its iPhone
It can't fix the problem if it doesn't know what it is.
Apple may be safe from government legal pressure, but in many ways it’s even more vulnerable than before. There’s a flaw in Apple’s security, and no one but the government knows what it is. We know that the flaw works on iPhone 5C phones running iOS 9. Other than that, it’s anyone’s guess as to who hacked the phone and how vulnerable other phones are to government intrusion.
So far, the FBI has only released tidbits of clues. A senior law enforcement official told The Associated Press that the FBI managed to disable the passcode memory wipe feature, which would have destroyed the phone’s data after 10 incorrect passcode attempts. After that feature was offline, the government was able to use a brute force attack (a computer crunching every possible combination rapidly) to get into the phone in just 26 minutes.
Apple’s engineers have undoubtedly been working feverishly to find the security flaw and shut it down, but as of today, they still don’t know what they need to fix. The digital and physical architecture of an iPhone is a little like an extremely complicated house with thousands of doors and windows, surrounded by robbers. Apple knows one of the doors is open and the robbers are inside, but the breach might be in a part of the house they never go into, or might be a new door someone has hacked into the side of the house, or the robbers may have crawled through the air vents — you get the picture.
The thing is, the government isn’t supposed to act like robbers (or hackers) would. When researchers discovered a flaw in iMessage that allowed encrypted data to be intercepted during transmission, they promptly reported it to Apple, allowing it to fix the issue before publishing an academic essay about their findings. Apple has been trying to improve security on their phones, but no system is perfect, and researchers argue that the government should report their findings promptly and ethically, which so far it has not done.
Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, told The Associated Press that withholding information about a vital security flaw that affects millions of Apple’s customers, “is exactly opposite the disclosure practices of the security research community. The FBI and Apple have a common goal here: to keep people safe and secure. This is the FBI prioritizing an investigation over the interests of hundreds of millions of people worldwide.”
The government says it’s still investigating the data recovered from the San Bernardino shooter’s phone. It’s not saying what it found, or how it found it, and for the time being it doesn’t look likely that it will shed any light on the situation, leaving iPhone engineers and users alike in the dark about their phones’ security.