The FBI has finally done it. Nobody ever said they couldn’t, to be fair, but the government has now successfully hacked into the San Bernardino iPhone and extracted the information their anti-terrorism efforts require. As a result, the legal case aimed at forcing Apple to open the phone is no longer needed and, more importantly, will no longer be able to claim necessity in court. Monday evening, the government announced it will drop the case.
By Trojan horse, I mean that the particular phone in this case is less important than the legal precedent this particular phone could have been made to represent. The FBI likely always knew there were options for opening the phone on its own — the point is they didn’t want to, and more importantly they didn’t want to have to in the future. The next encryption case might end up seeming mild and unimportant (much like the FBI’s New York case concerned with the phone of an alleged drug dealer) but that’s the point. It will be up to technology companies to highlight the importance of the principle.
So, to be clear, what happened here is both a win and a loss for encryption. It’s a win because the FBI was given enough trouble in establishing the legal precedent that it had no real excuse not to simply get the results on its own. It’s a loss because the Department of Justice has made it clear that the fight is far from over. Without any actual legal decision in favor of Apple, there’s nothing stopping the government from filing another case down the line. And you can bet that case will be much tighter on the specifics, chosen and tailored to be a much stronger Trojan horse than this one.
The next real challenge to encryption will have to be one in which the government truly believes there is no way into the device without collusion from the software maker — or, at least, no way known to people outside the government itself. If the NSA has a way into a phone, it’s under no obligation to share that crack with the FBI, either because it wants an unnecessary case to go forward or because they secretly agree with encryption crusaders.
The FBI isn’t talking about just how it managed to hack this phone, but there are really only a few options, up to and including totally unknown types of attacks kept secret at government agencies and professional hacking firms. The FBI is known to have collaborated with the Israeli hacking (ahem: security) firm Cellebrite, so that’s the most likely cracker, but their attack has not been disclosed. The FBI has said that it tried and failed to use “NAND mirroring” to get in, in which an attacker copies the phone’s memory before attack and simply forces this version back onto the phone when it locks due to too many password attempts.
If a crack is available to criminals, that means it’s likely known to researchers and available to the FBI. The next case to challenge encryption might well come against a company other than Apple (Google, Microsoft, maybe even a little guy like BlackBerry) and will almost certainly come against a spanking-new version of the OS.
Regardless, the San Bernardino case has ended in a way that both sides will view as a victory, and which thus neither of them should view that way. This isn’t a win, or a loss, but a delay of game. Who wins the rematch will depend entirely on who trains harder in the meantime.
Just what Cellebrite did do to get into the phone isn’t known — but nobody wants to find out more than Apple. It’s clear, though, that John McAfee didn’t have anything to do with it. The anti-virus pioneer promised to open the San Bernardino phone “free of charge” and deliver the decrypted information to the FBI. “We will primarily use social engineering,” he said, “and it will take us three weeks.” Now, either I really don’t understand the frontiers of social engineering, or McAffee has finally lost his marbles — how do you socially engineer a password out of a dead guy?