Hack and Tell

The FBI made a late call, less than a day before it was supposed to face Apple in court. The two had been squabbling over the unlocking of an iPhone belonging to one of the terrorists responsible for the San Bernardino shootings last year. But just before their eagerly anticipated court hearing even started, the FBI requested that it be suspended. The bureaucracy said that it had found an “outside party” to assist it in the unlocking of the phone. For now, it would mean that the FBI will not be trying to force Apple to create an operating system, deprived of default security mechanisms, to access data on the phone to aid its investigation.

Numerous reports have claimed that the “outside party” is Cellebrite, an Israeli mobile forensics company. This claim seems plausible; the company specialises in providing forensics systems that extract data from mobile devices, of which has been used by law enforcement and intelligence agencies, as well as the military. It have a particularly long history with FBI, providing the agency with equipment and services to help it conduct its investigations.

The actual solution which the FBI has claimed to have found remains ambiguous. Jonathan  Zdziarski, a forensic scientist who has previously worked on identifying iPhone backdoors, has suggested that a process known as NAND mirroring may be the method being used. This technique involves taking the phone’s NAND chip (a flash storage technology) and making a copy of its memory with some sort of chip reader. From here the FBI can brute force the phone as many times as it needs until it figures out the four-digit passcode. Whenever the phone wipes itself after a certain number of incorrect guesses, the flash storage can be replaced with another chip containing the same contents, and the FBI can try again. This is one possible way the FBI could be trying to get into the phone without Apple’s help, but nobody is certain that this is definitely the method being used.

This latest twist adds yet another dynamic to the debate and has given rise to new speculations and interesting perceptions. Initially, some may have perceived the FBI’s cancellation of the court hearing as a bluff. Many observers and IT security experts have criticised the FBI’s request, arguing that developing ‘GovtOS’ would unnecessarily compromise the security of other iPhone users. Furthermore, the potential threat to civil liberties also added damage to the FBI’s case. A victory for the federal bureaucracy may provide a template that the government could use to force other tech companies to comply with government requests. Equally, requests from autocratic foreign governments, such as China, may be harder for Apple to resist with them knowing that such software exists. Thus, the tech giant has claimed that this would be a “dangerous precedent” and alluded to the possible abuse of power that it may incite. In addition, Apple would have argued in court that by the FBI forcing Apple to design ‘GovtOS’, it would be a violation of free speech. The tech giant’s premise for such an argument suggests that computer code is a valid form of expression under the 1st Amendment of the US constitution. All of these seemingly compelling arguments may have been enough to beat the FBI in court, and thus the bureaucracy has perhaps decided to pull the plug, but cover up its embarrassment with the fabrication of an apparent alternative.

Contrastingly, there are those who believe that this really is not a bluff. The FBI’s newfound alternative solution has, in fact, worried some observers. John McAfee, the founder of McAfee, says that Apple will not “be happy with the solution that the FBI has come up with.” This is where the latest controversy may lie. If the FBI has come up with a solution, Apple will definitely want to know exactly what it is. If the solution is the one proposed by Mr Zdziarski, then the tech giant may not be too concerned, since this kind of procedure is fairly complex and requires the use of specialised technologies and tools. On the other hand, if the solution involves the exploitation of an undiscovered security vulnerability or software bug, then Apple’s stance may differ. A security loophole would trigger other malicious actors to find it themselves, and use it to break into other iPhones. There is the possibility that the bug may have actually been found by hackers lurking around on the dark web, as opposed to Cellebrite identifying it, and may have been available to the highest bidder, of which could have been the FBI.

If it is the exploitation of a weakness in the code, then Apple will be desperate to know about it. It may either request that the FBI reveals what the bug is, or put its engineers through the wringer to find the bug and patch it up on its own accord. The fear is that if the FBI did find a bug, it may be tempted to keep the discovery to itself, perceiving it as a helpful tool to break into other devices whenever it needs to. Either way Apple has a right to be concerned about what the FBI is up to. For now, much of the talk around the subject consists merely of hollow speculations and disproven theories. But the bureaucracy has until April 5 to report whether the newfound solution has worked, or if the previously arranged court hearing should be set at a later date. By then the world may find out what the FBI has managed, or not managed, to accomplish. Thus, the hugely important tussle, with so much at stake, is still far from over.