The FBI's mystery hack to get into San Bernardino shooter Syed Farook's iPhone worked, which means investigators now have access to the device's encrypted content without Apple having to create a hackable version of iOS. The DOJ and FBI are expected to withdraw their court order compelling the company to create the less secure iPhone operating system, and that request could come as early as today.
FBI finds a way to unlock San Bernardino shooter's iPhone
News of the FBI's successful hack comes from an unnamed federal law enforcement official speaking with USA TODAY on Monday. The source didn't elaborate on how the FBI gained access to the smartphone.
The FBI turned to Apple for help with the iPhone after it was recovered from Mr. Farook in early December. He was killed along with his wife Tashfeen Malik in a shootout with police after they killed 14 of their San Bernardino County coworkers and injured 22 others.
Apple was able to recover data from the iPhone's iCloud backups, but the FBI wanted access to the encrypted content stored on the phone, too. Apple told agents that wasn't possible because there isn't any way to bypass the iPhone lock screen passcode.
Agents then turned to the Federal courts for an order compelling Apple to create a version of iOS that doesn't include the security measures preventing brute force attacks on passcodes. Apple balked at the order calling it an overreach of government authority, and a major step towards eroding personal privacy and national security.
Apple and the FBI were scheduled to appear in court on March 22 to defend their positions, but the DOJ and FBI asked to put the hearing on hold because a third party outside the government had a way to hack into the device. The Judge agreed and gave the FBI until April 5th to report back with its findings.
Now that the FBI has access to the contents of Mr. Farook's iPhone the need for the court order is gone. That doesn't, however, mean the fight to give law enforcement easy access to our encrypted data is over. There are still loads of smartphones law enforcement agencies want unlocked, and the threat of terrorist acts and pedophiles stealing our children has some in the government calling for back doors and other means of access to read our personal files, encrypted messages, and more.
The FBI's claim that only Apple could get into the iPhone, hence the need for the court order, is in question now. That said, FBI agents weren't necessarily lying when they asserted there wasn't any other way to get into the iPhone; instead, it's possible they simply weren't aware of this still mysterious method.
Apple will no doubt want to access to the method the FBI used to hack into the iPhone so it can verify its validity and to work on security measures to prevent similar hacks in the future.
The likelihood anything of value is on the iPhone is slim at best. The phone was issued to Mr. Farook by his employer, San Bernardino County, and he had a personal smartphone he destroyed shortly before going on a shooting rampage with his wife. The destroyed phone is most likely where any evidence linking to other potential terrorist attacks was stored.
We may not know how the FBI managed to discover the passcode to Mr. Farook's iPhone, but we do know four-digit codes are easy to break once you have a reliable method for trying them without destroying the data they protect—and that's likely one of the reasons Apple switched to six-digit codes as the default in iOS 9. Complex passcodes using letters and numbers are even more secure, and very well could've been enough to make the hack the FBI used fail.
The FBI knew the chances of finding any useful information on Mr. Farook's iPhone was slim at best, but the case made for a perfect chance to push for a precedent where device makers could be forced to create the tools the government needs to hack into our smartphones and other personal devices. With legislators circulating draft bills requiring government-accessible back doors into our encrypted data and the Department of Justice pushing to create precedent through case law, Apple and its tech industry colleagues have a long fight ahead—as does everyone who wants to protect their privacy and digital security.