EncryptionFBI may be able to break into San Bernardino terrorist’s phone without Apple’s help

Published 22 March 2016

Magistrate Judge Sheri Pym has postponed until 5 April a court hearing about the FBI’s request that the court would order Apple to unlock the phone of one of the San Bernardino terrorists. The FBI asked the judge to postpone the hearing after the agency said it may have found a way to unlock the phone without Apple’s help.

A mobile phone may contain a wealth of information on home grown terrorists // Source: commons.wikimedia.org

Magistrate Judge Sheri Pym has postponed until 5 April a court hearing about the FBI’s request that the court would order Apple to unlock the phone of one of the San Bernardino terrorists. The FBI asked the judge to postpone the hearing after the agency said it may have found a way to unlock the phone without Apple’s help.

In a filing  Monday, federal prosecutors asked to delay a hearing set for today (Tuesday) over the FBI’s demand for Apple to relax its security system on Syed Rizwan Farook’s encrypted iPhone.

The Guardian reports that the filing said that an “an outside party” came forward over the weekend and demonstrated for the FBI a possible method to unlock the phone. 

The agency needs time to determine “whether it is a viable method that will not compromise data” on the phone.

If the proposed method works, “it should eliminate the need for the assistance from Apple,” according to the filing. 

In a statement, U.S. Justice Department spokeswoman Melanie Newman said the government was “cautiously optimistic” that the possible method will work. 

The government has been locked in a legal – and public — battle with Apple for more than a month over whether breaking into one phone would jeopardize the security of all encrypted devices and thus compromise the privacy of the owners of Apple devices. 

Last month, Pym ordered Apple to create software which would disable security features on the phone, including one that erases all the information if a passcode is incorrectly entered more than ten times. If the 10-attempt limit is removed, the FBI could use brute-force hacking to run all possible combinations to open the phone without the data being erased. 

Susan Landau, a cybersecurity expert who in a recent congressional hearing lambasted the FBI for its poor understanding of digital forensics, told the Guardian that she “certainly” felt that the unexpected development demonstrated her point. Landau also said she was not the “outside party” who provided the potential breakthrough.

“The FBI has been viewing security as an impedance rather than a necessity. That the Bureau may not need Apple’s help to access the phone points up what’s been true in this case all along: the FBI needs to strengthen its own technological capabilities,” said Landau, a professor at Worcester Polytechnic Institute in Massachusetts.

Legal and security experts note that the government’s potential solution to the password access problem  raises an intriguing question: If investigators figure out a way to hack into the device without Apple’s help, are they obligated to provide Apple with details of the security flaw the FBI used to get inside the phone? Attorneys for Apple said they would demand the government share their methods if they successfully get inside the phone, so Apple can patch the security flaw.