Apple still doesn't know exactly how the FBI hacked into Syed Farook's iPhone 5c, and it looks like the agency doesn't want to hand over its little secret. There won't, however, be a legal fight to find out what technique the FBI used because Apple thinks it's a short-lived hack, which means there's a good chance the company has some ideas on how to block future attacks without needing any more details.
Apple isn't pushing FBI for iPhone hack details and may know how to patch it
Apple's legal team said the company doesn't know what flaw the FBI used, but they're confident it has a "Short shelf life," according to ZDNet. They added that the normal product development cycle would take care of the security weakness at some point.
The mystery weakness was discovered by an unnamed third party helping the FBI. It let investigators get at the encrypted data on the iPhone without risking losing anything after ten failed login attempts—something the FBI wanted Apple to do by making a hackable version of iOS.
The FBI wanted the less secure iOS version so they could see what was on the work-issued iPhone Mr. Farook had in his possession when he went on a shooting spree with his wife Tashfeen Malik. They killed 14 of their San Bernardino County coworkers and injured 22 others before being killed in a shootout with police.
The county didn't know the lockscreen passcode for Mr. Farook's iPhone, so the FBI obtained a court order telling Apple to make a custom iPhone operating system that didn't include the safeguards preventing brute force attacks. Apple responded by telling the court the order was an overreach of government authority, posed a serious risk to privacy and data security, and would set a dangerous precedent where governments could force companies to bypass their own device encryption measures.
The FBI put the legal fight with Apple on hold when it announced an unnamed company had a way to hack into the device. The case was dropped a week later when the FBI said it had access to the iPhone's encrypted data.
Last week FBI director James Comey said the hack wouldn't work on the iPhone 5s or newer models, all of which include Apple's secure enclave feature. He also said he's reticent to share the hack with Apple.
"We tell Apple, then they're going to fix it," Mr. Comey said. "Then we're back where we started from."
An unknown hack that gives the FBI access to the encrypted data on an iPhone qualifies as a serious security weakness—one that hackers, criminals, and other governments could potentially exploit. Taking a casual stance on the situation doesn't fit with Apple's usual efforts to find and patch known security flaws, so it's likely the company is confident it can patch iOS and block the technique the FBI bought from working on other phones.
Whatever patch Apple releases won't help with iPhones already in the FBI's custody, but it will block the exploit on iPhones users can still update.
The prospect of being back at square one without the means to hack into any iPhone isn't sitting well with the FBI. The agency is still pursuing cases to force Apple to essentially create backdoors into our iPhones, and that means the battle over whether or not we can have encryption is far from over.
The FBI and DOJ think encryption should be hackable, which is akin to not having encryption at all. Apple and other tech companies want to protect encryption, and the security of personal data, credit card transactions, private conversations, and more is at stake. Hopefully Apple really does know how to block the FBI's hack, and is hard at work at finding and blocking other potential security weaknesses, too.