Skip to main content

FBI officially confirms hack it used does not work with the iPhone 5s or later iPhones

It has been widely speculated that the method used by the FBI to access the San Bernardino iPhone might not work with phones that have the Secure Enclave, and this has now been effectively confirmed. FBI director James Comey told CNN that the method doesn’t work with the latest iPhones.

The FBI director also said the purchased tool worked only on a “narrow slice of phones” that does not include the newest Apple models, or the 5S.

This fact also lends support to the main theory about how the hack was performed …

Edward Snowden said that the auto-erase function can be bypassed by copying the contents of flash memory, making some passcode attempts and then copying the original content back to the iPhone to reset the counter. But on phones with an A7 chip and later, the Secure Enclave also appears to register login attempts, meaning that even over-writing the flash memory would not override the auto-erase.

It’s not clear at this stage whether the FBI appreciates how big a clue it just gave to the method used. The agency last week said that it may not reveal to Apple the method used, and it repeated the same line to CNN, stating that it had still not reached a decision.

“We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.”

But unless the FBI is bluffing, it does mean that there’s no loophole for Apple to close in future iPhones.

The Senate Intelligence Committee is still considering legislation that would compel tech companies to cooperate with law enforcement agencies to defeat encryption, but it was revealed today that this proposed bill does not have the support of the White House.

Image: digitalforensicscience.com

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. PhilBoogie - 8 years ago

    That’s a crying shame. Now we get all the uninformed posters claiming Apple should create a custom version of iOS for the Federal Bureau of iPhones.

    Guess I need to restock my popcorn supply.

    • 89p13 - 8 years ago

      Yes – I can hardly wait for the troll with the initials JS to show up and crow about how good the FBI is and what an Un-American, Law Breaking and Reckless company Apple is.

      Care to share that popcorn, PhilBoogie? ;)

      YMMV

  2. PhilBoogie - 8 years ago

    Post Scriptum: that lab looks like a Travel Agency.

  3. So a 32 bit exploit. This will start all over again.. It’s not even close to over..

    • Rob Miller - 8 years ago

      Not anything about 32 bit vs 64 bit, it’s a NVRAM access exploit.

    • mpias3785 - 8 years ago

      I don’t think it’s 32bit vs 64, Apple started using a portion of the SoC as a secure enclave when they introduced the A7. My guess is that the Apple will be expanding and improving the security of that portion of the SoC with each iteration.

  4. viciosodiego - 8 years ago

    This just confirms they used the NAND to get into the phone.

  5. hiksfiles - 8 years ago

    Or this is just a big bluff from the FBI and the real method they used does work with any iPhone or any smartphone for that matter!

    Let me get my thin foil hat…

  6. Dave Howarth - 8 years ago

    I think it’s very telling that they use the word “fix” here. It’s basically the FBI saying that “Apple has a flaw in it’s security (exploitable by anyone with any good or bad intentions) and we exploited it.”
    If they really wanted to sound combative and continue to convince people that Apple is the enemy then the line should’ve read “We tell Apple, then they’re going to CHANGE it (or ADAPT it) to keep us out, then we’re back where we started from,”

  7. Lawrence Krupp - 8 years ago

    The really interesting thing that comes out of all of this is how little respect and confidence educated citizens have for their government and its various law enforcement agencies. Comments here and on almost every other tech website show outright disdain and mistrust of the Federal Government. And with every revelation by whistleblowers and historians as to the skullduggery the U.S. government has perpetrated over the last two centuries that disdain and mistrust grows. From the attempted genocide of Native Americans, nuclear radiation experiments on the unsuspecting public, medical experiments on African American males, placing its citizens in concentration camps because of their Japanese heritage (and we add to that those of hispanic heritage and Trump’s wall), to contrived excuses for waging war and now demanding access to all its citizen’s data and privacy. What a piece of work the government “of the people, by the people, for the people” has become.

    • Doug Aalseth - 8 years ago

      Well said.

    • mpias3785 - 8 years ago

      Through their actions the government has taught us that it can’t be trusted. Now the government is outraged that we don’t trust them. This disconnect boggles my mind. Worse, there are still people still siding with the government. The WHO should be investigating this epidemic of stupidity.

      • Rich Davis (@RichDavis9) - 8 years ago

        I think the people that side with the government are just those that the Politicians tapped into the anti-terrorists/criminal mentality vs pro big business. It’s easy to conjure up ways to put down a successful company. Apple’s in a Catch 22 situation and the Government needs to not play like Apple’s purposely siding with criminals. Apple does help when they can, but the problem is that they are trying to protect their entire customer base and the expense of a small handful of phones owned by criminals. If the government wasn’t stupid, they would have just wounded the terrorist instead of killing them, because they would have be alive to unlock their phone. But they didn’t, they just killed the guy and now they are blaming the mfg of the smartphone used because Apple doesn’t specialize in unlocking their own devices. Yeah, the 5C can be unlocked, but the method is not something that Apple has developed and offers as a service. It’s like opening up a lock. if the mfg of the lock doesn’t have a master key, then people just go to locksmiths. So in the case of the 5C, they need to go to a smartphone “locksmith” and pay them when the mfg doesn’t provide a master key. Apple did TRY to help the FBI in telling them to get the device backed up on iCloud, but they didn’t do that. If they did have a back up on iCloud, then Apple can easily reset the iCloud password, which they have done and probably won’t have a problem assisting LE in doing that, but if no back up exists, then they have to go to a “locksmith”. At least for the 5C. with the newer phones? Either they can’t do anything about it, or the method is very costly and Apple simply hasn’t developed a method to unlock a more recent model phone that doesn’t have a back up.

    • srgmac - 8 years ago

      Amazing comment. It shouldn’t (and doesn’t have to) be this way.

  8. bdkennedy1 - 8 years ago

    AWWWWWWWWwwwwwwwwwwwww!

  9. iosser - 8 years ago

    Did the FBI perform this exploit as soon as they knew it was possible, or did they delay performing it while attempting to create a legal precedent?

    If the latter, then added to the incompetence of changing the password, we can say that they were also guilty of reckless delay in finding potentially important terrorist information.

  10. John Smith - 8 years ago

    “But unless the FBI is bluffing, it does mean that there’s no loophole for Apple to close in future iPhones.”

    It doesn’t mean that at all.

    It just means that this particular failure of Apple’s security doesn’t work on later phones.

    Judging by recent and past performance, there will be some new foul up on the later phones.

    Is that same Israeli company offering a tool? (Or perhaps just look on YouTube for a video of the latest ‘lock’ screen failure)

    We have a situation where Apple is doing everything they can to obstruct serious criminal investigations, yet at the same time they don’t seem to be able to manage the basics of securing our phones.

    • PhilBoogie - 8 years ago

      May I suggest not only read up on the issues at hand, but also to comprehend them? Because only from a fudmongers view this post seems to make sense.

      • John Smith - 8 years ago

        I’ve read up fine well – if you can’t understand that’s a problem with you.

        How does information that THIS particular tool does not work on later phones prove that no OTHER tool exists for those later phones ?

        Here’s the list of devices Cellebrite offer tools for:

        iOS Devices: iPhone 2G,iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5,iPhone 5S, iPhone 5C, iPhone 6, iPhone 6Plus, iPod Touch 1G, iPod Touch 2G, iPod Touch 3G, iPod Touch 4G, iPod Touch 5G, iPad Mini, iPad 1, iPad 2, iPad3, iPad 4

        (Copy/pasted from their website)

        That’s just Cellebrite.

  11. srgmac - 8 years ago

    What about these lock screen bypasses? https://www.youtube.com/watch?v=bKggZezZf2M
    How are they able to get so many tries on devices with secure enclaves just due to a simple GUI glitch?
    Wouldn’t the secure enclave reject the tries? Maybe they’re not *actually* being tried….

  12. srgmac - 8 years ago

    ““We tell Apple, then they’re going to fix it, then we’re back where we started from,” he said. “We may end up there, we just haven’t decided yet.””
    This is obscene. We have legislation that compels people to publicly disclose hacks / exploits so they can’t be sold and used on the black market…But the FBI is saying they’re above that!?

  13. kevinhancox - 8 years ago

    Lets go back a little and try to remember what has been said in the past, and what seems to be widely ignored apart from the 1 news report about the telecommunications act and what the law specifically says about what the government can and can’t do…!

    “In Section 1002 of that act, the Feds gave up authority to “require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer.”

    As such the law already protects Apple and ALL other phone companies regardless of weather they make the equipment or run the networks…

    http://9to5mac.com/2016/03/17/calea-trumps-all-writs-act-apple-fbi/

  14. Thomas Marble Peak - 8 years ago

    Encourage all companies to improve device security. The government, who cannot secure its own house, now constantly trying to undermine security to subject us all to hackers. Open this door and it is open to all hackers as well as foreign governments.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear