Blog

iPhone hacking: FBI allowed to keep details secret of how it broke encryption on terrorist's phone

Posted by Dee McArthur on October 2, 2017 at 10:30pm

iPhone hacking: FBI allowed to keep details secret of how it broke encryption on terrorist's phone

By Daniel Miller

Updated yesterday at 8:15pm

Close up of the lock screen on an iPhone with a message saying Try Again.PHOTO: The FBI gained access to an encrypted iPhone 5C. (ABC News)
Several news agencies have failed in their freedom of information bid to get the FBI to reveal details about how the agency hacked into a terrorist's iPhone.

The Associated Press, Vice Media and USA Today had filed a lawsuit in the US seeking information on which company unlocked San Bernardino shooter Syed Rizwan Farook's iPhone 5C for the FBI and how much the agency paid.

Farook and his wife killed 14 people at a Californian disability centre in 2015 before being shot dead.

The FBI had taken Apple to court to compel the phone maker to break the encryption on Farook's iPhone before ultimately abandoning the case in 2016 after gaining access to the phone with the "assistance of a third party".

Why did the court let the FBI keep the details secret?

In a judgement released at the weekend, US District Judge Tanya Chutkan sided with the FBI's national security arguments as to why it should not reveal how much it paid or who unlocked the encrypted phone for them.

The FBI had argued that "if the vendor's identity were made public, a review of the company's work could lead antagonists to develop exploits for the vendor's unique product".

It also warned that the vendor's cyber security was not as advanced as the FBI's and worried that releasing the vendor's name "could subject the vendor to attacks by entities who wish to exploit the technology".

But why not release the price?

Justice Chutkan said the cost of the service "could logically reveal how much the FBI values gaining access to suspects' phones, and the breath of the tool's capabilities".

What model iPhone does this hack work on?

iPhone 5c models on display after their launch in California, September 11, 2013PHOTO: iPhone 5C: The model that authorities have been able to hack. (AFP: Justin Sullivan)

At the time of the original case between Apple and the FBI, then FBI director James Comey said he was "highly confident" the hacking tool only worked on an iPhone 5C running iOS 9.

But in denying the release of the hacking company's name, Justice Chutkan's reasoned "the FBI may find a way to enhance the tool's capabilities" or use an "advanced version of similar technology in the future".

The FBI's iPhone crack


The FBI broke into the iPhone 5C used by one of the San Bernardino shooters after a request for help from Apple was refused — but how did they do it?

So, in short, we know it definitely works on an iPhone 5C running 2015's iOS 9.

Security researchers like Jonathan Zdziarski, who now works for Apple, speculated in 2016 that if the hacking method was hardware based (like making a copy of the iPhone's memory chip), then only iPhone models up to the 5C would be affected.

Newer models, starting with the iPhone 6, store sensitive information in a "secure enclave" that researchers have not been able to access, Mr Zdziarski said.

But if the hacking tool exploited a bug in the phone's software, then newer models may be affected.

Without researchers able to investigate the company or its methods, we don't know for certain what phones can be hacked.

We already kind of know how much it cost

Although the judgment ruled against releasing details of how much the FBI paid to unlock the phone, we do have a rough figure.

US Democrat senator Dianne Feinstein told Mr Comey during a Senate committee hearing earlier this year that "you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open".

This is getting close to a ballpark figure Mr Comey revealed in 2016 to a security forum in London, where he said it was "a lot" and "more than I will make in the remainder of this job".

Reuters reported that figure would be at least $US1.3 million.

Syed Rizwan Farook license photo released by DMV officialsPHOTO: The FBI paid a heft amount to unlock Syed Rizwan Farook's iPhone. (DMV)

In its freedom of information request, the news agencies tried to argue that Mr Comey's admission meant that there was no national security reason for the FBI to still keep the price a secret.

But Justice Chutkan did not think it met the "strict test" for being officially disclosed.

"Comey provided only a general estimate, rather than the specific price paid for the tool," she wrote in her judgement.

"He admitted himself that in making that estimate, he was 'just winging that'."

Regardless of the exact figure, what we do know is that government access to a single encrypted iPhone is expensive, and not a trivial undertaking.

We know Apple gets A LOT of government requests for data

Australia is third in the world for the amount of government requests for information on Apple devices, behind only Germany and the US.

Apple's transparency report covering the first half of 2017 reveals there were 2,578 device requests received from Australian authorities, compared to 12,677 in Germany and 4,479 in the US.

China made only 1,273 requests.

Apple said these requests from law enforcement agencies include things such as fraud investigations or customers needing help locating lost or stolen phones.

Views: 34
Tags: (fbi), (foi), america, apple, bureau, federal, freedom, information, investigation, states
E-mail me when people leave their comments –
Follow

You need to be a member of Archives Live to add comments!

Join Archives Live