Apple remains in dark on how FBI hacked iPhone without help
The FBI's announcement that it mysteriously hacked into an iPhone is a public setback for Apple Inc., as consumers suddenly discover they can't keep their most personal information safe. Meanwhile, Apple remains in the dark about how to restore the security of its flagship product.
The government said it was able to break into an iPhone used by a gunman in a mass shooting in California, but it didn't say how. That puzzled Apple software engineers and outside experts about how the FBI broke the digital locks on the phone without Apple's help. It also complicated Apple's job repairing flaws that jeopardize its software. The Justice Department's announcement that it was dropping a legal fight to compel Apple to help it access the phone also took away any obvious legal avenues Apple might have used to learn how the FBI did it.
Magistrate Judge Sheri Pym vacated her Feb. 16 order, which compelled Apple to help the FBI hack their phone, on Tuesday.
A few clues have emerged. A senior law enforcement official told The Associated Press that the FBI managed to defeat an Apple security feature that threatened to delete the phone's contents if the FBI failed to enter the correct passcode combination after 10 tries. That allowed the government to repeatedly and continuously test passcodes in what's known as a brute-force attack until the right code is entered and the phone is unlocked. It wasn't clear how the FBI dealt with a related Apple security feature that introduces increasing time delays between guesses. FBI Director James Comey has said with those features removed, the FBI could break into the phone in 26 minutes. The FBI hacked into the iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in December in San Bernardino. The iPhone, issued to Farook by his employer, the county health department, was found in a vehicle the day after the shooting. The FBI is reviewing information from the iPhone, and it is unclear whether anything useful can be found.
Apple said in a statement Monday that the legal case to force its cooperation "should never have been brought," and it promised to increase the security of its products. CEO Tim Cook has said the Cupertino-based company is constantly trying to improve security for its users.
The FBI's announcement even without
revealing precise details that it had hacked the iPhone was at odds with the government's firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.
The aim is to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.
As far back as 2002, the Homeland Security Department ran a working group that included leading industry technology industry executives to advise the president on how to keep confidential discoveries by independent researchers that a company's software could be hacked until it was already fixed. Even now, the Commerce Department has been trying to fine-tune those rules. The next meeting of a conference on the subject is April 8 in Chicago and it's unclear how the FBI's behavior in the current case might influence the government's fragile relationship with technology companies or researchers.
The government said it was able to break into an iPhone used by a gunman in a mass shooting in California, but it didn't say how. That puzzled Apple software engineers and outside experts about how the FBI broke the digital locks on the phone without Apple's help. It also complicated Apple's job repairing flaws that jeopardize its software. The Justice Department's announcement that it was dropping a legal fight to compel Apple to help it access the phone also took away any obvious legal avenues Apple might have used to learn how the FBI did it.
Magistrate Judge Sheri Pym vacated her Feb. 16 order, which compelled Apple to help the FBI hack their phone, on Tuesday.
A few clues have emerged. A senior law enforcement official told The Associated Press that the FBI managed to defeat an Apple security feature that threatened to delete the phone's contents if the FBI failed to enter the correct passcode combination after 10 tries. That allowed the government to repeatedly and continuously test passcodes in what's known as a brute-force attack until the right code is entered and the phone is unlocked. It wasn't clear how the FBI dealt with a related Apple security feature that introduces increasing time delays between guesses. FBI Director James Comey has said with those features removed, the FBI could break into the phone in 26 minutes. The FBI hacked into the iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in December in San Bernardino. The iPhone, issued to Farook by his employer, the county health department, was found in a vehicle the day after the shooting. The FBI is reviewing information from the iPhone, and it is unclear whether anything useful can be found.
Apple said in a statement Monday that the legal case to force its cooperation "should never have been brought," and it promised to increase the security of its products. CEO Tim Cook has said the Cupertino-based company is constantly trying to improve security for its users.
The FBI's announcement even without
revealing precise details that it had hacked the iPhone was at odds with the government's firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers.
The aim is to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy.
As far back as 2002, the Homeland Security Department ran a working group that included leading industry technology industry executives to advise the president on how to keep confidential discoveries by independent researchers that a company's software could be hacked until it was already fixed. Even now, the Commerce Department has been trying to fine-tune those rules. The next meeting of a conference on the subject is April 8 in Chicago and it's unclear how the FBI's behavior in the current case might influence the government's fragile relationship with technology companies or researchers.