We’ve previously written about The US Government’s Misguided War on Encryption.
Apple and the FBI have had a very public court battle going over whether Apple is obligated to help the government hack into the iPhone that belonged to the terrorist Syed Rizwan Farook who, with the help of his wife, killed 14 people in San Bernardino, California, in December 2015.
On March 28 in a surprise move the FBI said, “never mind.” They’d figured out a way to hack into the phone without Apple’s help.
Israeli company Cellebrite, a company that specializes in “mobile forensics,” is rumored to have been ones who broke into the phone for the FBI.
Apple wants the FBI to tell the company they did it, but the feds are saying “tough.” Apple attorneys are looking at legal tactics they could use to try and force the government to share that information.
Needless to say Apple – and Apple customers – are worried. If one iPhone can be hacked into, any iPhone (at least any similar iPhone running the same OS) could be hacked into.
Farook had enabled the passcode on his phone, and had enabled a feature that erases the key that would decrypt the data on the phone after ten failed attempts to open the phone. With 9,999 possible combinations, you’d have to be really lucky to randomly hit the right one in ten tries.
Unless, of course, you figured out a way to have unlimited attempts to open the phone.
The techie press is speculating that’s just what the hackers did: made a copy of the data on the phone’s NAND flash memory, and just started guessing, reloading the memory every ten attempts. When you hit the magic combination that works you can safely use it on the phone itself to unlock the contents.
But Apple’s not sure that’s what the FBI (or its contractor) did, which is why it wants to know exactly how it was done. In a way the FBI has done Apple a favor: it revealed a flaw in its data security, and Apple knows it needs to fix something. That’s how the usual cat and mouse game with the good guys and the cybercriminals work – the bad guys hack into something, the good guys figure out how it was done and come up with countermeasures.
PACid’s BoSS solution would make this cat and mouse game largely obsolete by completely changing the way we secure our data.