Apple May Know how to Block FBI iPhone Hack

| News

Apple still doesn't know exactly how the FBI hacked into Syed Farook's iPhone 5c, and it looks like the agency doesn't want to hand over its little secret. There won't, however, be a legal fight to find out what technique the FBI used because Apple thinks it's a short-lived hack, which means there's a good chance the company has some ideas on how to block future attacks without needing any more details.

Apple isn't pushing FBI for iPhone hack details and may know how to patch itApple isn't pushing FBI for iPhone hack details and may know how to patch it

Apple's legal team said the company doesn't know what flaw the FBI used, but they're confident it has a "Short shelf life," according to ZDNet. They added that the normal product development cycle would take care of the security weakness at some point.

The mystery weakness was discovered by an unnamed third party helping the FBI. It let investigators get at the encrypted data on the iPhone without risking losing anything after ten failed login attempts—something the FBI wanted Apple to do by making a hackable version of iOS.

The FBI wanted the less secure iOS version so they could see what was on the work-issued iPhone Mr. Farook had in his possession when he went on a shooting spree with his wife Tashfeen Malik. They killed 14 of their San Bernardino County coworkers and injured 22 others before being killed in a shootout with police.

The county didn't know the lockscreen passcode for Mr. Farook's iPhone, so the FBI obtained a court order telling Apple to make a custom iPhone operating system that didn't include the safeguards preventing brute force attacks. Apple responded by telling the court the order was an overreach of government authority, posed a serious risk to privacy and data security, and would set a dangerous precedent where governments could force companies to bypass their own device encryption measures.

The FBI put the legal fight with Apple on hold when it announced an unnamed company had a way to hack into the device. The case was dropped a week later when the FBI said it had access to the iPhone's encrypted data.

Last week FBI director James Comey said the hack wouldn't work on the iPhone 5s or newer models, all of which include Apple's secure enclave feature. He also said he's reticent to share the hack with Apple.

"We tell Apple, then they're going to fix it," Mr. Comey said. "Then we're back where we started from."

An unknown hack that gives the FBI access to the encrypted data on an iPhone qualifies as a serious security weakness—one that hackers, criminals, and other governments could potentially exploit. Taking a casual stance on the situation doesn't fit with Apple's usual efforts to find and patch known security flaws, so it's likely the company is confident it can patch iOS and block the technique the FBI bought from working on other phones.

Whatever patch Apple releases won't help with iPhones already in the FBI's custody, but it will block the exploit on iPhones users can still update.

The prospect of being back at square one without the means to hack into any iPhone isn't sitting well with the FBI. The agency is still pursuing cases to force Apple to essentially create backdoors into our iPhones, and that means the battle over whether or not we can have encryption is far from over.

The FBI and DOJ think encryption should be hackable, which is akin to not having encryption at all. Apple and other tech companies want to protect encryption, and the security of personal data, credit card transactions, private conversations, and more is at stake. Hopefully Apple really does know how to block the FBI's hack, and is hard at work at finding and blocking other potential security weaknesses, too.

Popular TMO Stories



My guess is that, for a start, iPhone 7 will auto-erase if it’s put into DFU mode. Apple might put that into iOS 10 it can be done with a firmware update (i.e. firmware rather than hardware).

You’d still be able to recover a bricked device without a password, which is important if it really is solidly bricked. But it would be completely cleared. You did have a backup, didn’t you smile


9-5 Mac has an article saying the company is confident their method will work on later phones as well. If true, and it’s in the companies best interest to seem as omnipotant as possible, Apple does need to jump on this. For the last couple of weeks a lot of the online noise has been along the lines of “Yes, but the hack only works on a 5C or earlier. MODERN models aren’t vulnerable.” That may not be true. I suspect though Apple has a pretty good idea of what the company did, and is burning the midnight oil to come of with 1: a software fix, and 2: a permanent fix burned into a phones hardware.


It can’t be too long before the FBI HAS to divulge the information because the moment they try to use the data in a court case against a defendant, attorneys will require proof that they actually gained access to the phone and didn’t just make up the information and then can question which method was used to extract the data. It will all go into public record. With as many cases as there are nationally, they don’t stand a chance of avoiding having to release the information. We have one here, there is at least 12 cases pending.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account