Some five years after it went down, the Washington Post’s Ellen Nakashima and Reed Albergotti have shed light on how the US Federal Bureau of Investigation (FBI) managed to unlock an iPhone belonging to the terrorist involved in the San Bernardino shooting of 2015 that saw 14 people killed. The agency’s method for cracking the code has been a secret until now.
The FBI initially sought Apple’s help to gain access to the locked iPhone, in the hopes of uncovering information to aid in its investigation. While Apple offered some assistance, it stopped short of creating a backdoor that would break iOS encryption and unlock the phone, as that could set a dangerous precedent for how law enforcement could deal with such systems, and undermine the company’s security measures for its products.
Luckily for the FBI, a small Australian firm called Azimuth Security stepped up with a solution. The challenge was that the agency only had a certain number of chances to guess the phone’s passcode; after the limit of failed passcode attempts was reached, the device would automatically erase its data.
Azimuth essentially found a vulnerability in a piece of software written by Mozilla, to gain access to the system. It subsequently chained two more exploits together to take over the phone’s processor, and run their own programs on it.
At this point, Azimuth’s employees devised a piece of software to test every possible passcode combination without causing the phone to erase its own data — and eventually unlocked the device.
As wild as that story is, it ultimately didn’t reveal anything useful to the FBI for its investigation. And the whole affair cost the agency $900,000 in fees to Azimuth.
The news from 2016 about the FBI cracking the iPhone kept me up at night back then, because the agency wouldn’t divulge how it managed this feat without Apple’s help.
The Post’s piece is worth a read for more details on Azimuth’s ingenious solution, as well as how Apple dodged a major bullet and didn’t have to weaken security for its customers. It also tells the story of how the security researchers created a way to test unlocking methods on ‘virtual iPhones.’ Find the story here .