Deja Vu: FBI asks Apple to unlock a terrorist's iPhones
If you've been with us for a few years, you might recall when Apple and the FBI were slugging it out for months over a terrorist's iPhone. It started on December 2nd, 2015 when Syed Rizwan Farook and Tashfeen Malik killed 14 people and wounded 22 while perpetrating a terror attack in the city of San Bernardino, California. The couple was killed by police in a shootout. On February 16th of 2016, a federal court judge ruled that Apple had to help the FBI unlock Farook's iPhone 5c. The device was discovered locked and while the G-men had a valid search warrant for the handset, it did not have the technology available to open it.
Law enforcement was concerned that the phone might contain additional targets and the names of any co-conspirators, which is why Apple was asked to help. But CEO Tim Cook decided that the risk was too great for Apple. Allowing the FBI to open the phone would force Apple to develop a special version of iOS (dubbed GovtOS). Cook and other Apple executives were afraid that if the software got into the wrong hands, every iPhone in the world would be vulnerable. Back then, presidential candidate Donald Trump spoke out against his future pal Tim Apple Cook and said, "It’s ridiculous that the government has to be put in a position where if they have information about a possible attack, we waste a second because that could be the second that kills somebody."
The FBI reportedly paid nearly $1 million to unlock Syed Farook's Apple iPhone 5c
Eventually, the FBI was forced to pay an amount rumored to be a little under $1 million to a third-party (believed to be Israeli firm Cellebrite) to open the phone. Initially, the FBI reportedly found no clues or evidence inside the device, but the last word from the G-men was that the phone did contain some data helping them tie up some loose ends.
Move ahead to 2020 and the FBI once again is asking Apple to unlock a pair of iPhones. NBC reports that these handsets are thought to belong to Mohammed Saeed Alshamrani, the man considered responsible for the death of three men at the Naval Air Station in Pensacola, Florida last month. On Monday, FBI General Counsel Dana Boente sent a letter to Apple's general counsel that said in part, "Investigators are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful." Boente says that the FBI has asked for help from other federal agencies, experts from foreign countries and "familiar contacts in the third-party vendor community." That latter comment could refer to Cellebrite. Apple has been trying to stay one step ahead of that company and rival Grayshift.
A Cellebrite machine like the one that opened Farook Syed's Apple iPhone 5c
The FBI's difficulties in opening Alshamrani's iPhones seem to contradict a claim made last summer by Cellebrite on its website. The company said that it can "perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices." Machines like those made by Cellebrite connect to the iPhone's Lightning port in order to bypass limits on passcode attempts. Once the limits are no longer an issue, the machines use a brute force attack (trying every combination possible) to unlock an iPhone.
Apple thought that it had put these companies on the sidelines by adding USB Restricted Mode in iOS 12. This feature prevented the Lightning port from communicating with other devices if it had not been unlocked within the previous hour. But Cellebrite, which sells its devices to law enforcement as Grayshift does, crowed that it could open any iOS device from iOS 7 to iOS 12.3. Assuming that Alshamrani's iPhones were updated before the attack on the naval base, Cellebrite might have met its match with iOS 13 or else the FBI would have already unlocked the handsets.
Things that are NOT allowed: