There’s a lot of publicity right now about the FBI’s request for Apple to help them unlock two iPhones owned by a murder suspect who opened fire at a Florida navy base.
However, what has gone underreported is the fact that the two iPhones in question are actually old models, an iPhone 5 and an iPhone 7.
As noted by the Wall Street Journal today, these devices are so old that their security has already been compromised. Plenty of security firms on the gray/black market are available to unlock older iPhone models, so why does the FBI need Apple?
In fact, the iPhone 5 is so old that it doesn’t have a Secure Enclave.
Remember the San Bernardino case in 2015? When Apple and the FBI went to court over very similar circumstances in 2015, the FBI ultimately stopped the trial and used an exploit from Cellebrite instead to get into the phone.
In the 2015 case, the phone in question was an iPhone 5C, which shares the same internals as the iPhone 5. In all likelihood, the same exploit used in 2015 could be used again in 2020 to access the 2019 shooter’s phone. The FBI could probably even partner with the same company it used then to gain access to the phone.
This naturally raises suspicions as to why the FBI and the government are asking Apple for assistance when known methods for unlocking the devices already exist in the market.
In 2015, the FBI paid around a million dollars to Cellebrite to unlock the San Bernardino shooter’s iPhone 5C. In the intervening years, the price of access has fallen dramatically. GrayShift infamously sells a ~$20,000 black box device that can unlock older iPhone models, and they are not the only commercial option by any means.
‘We’ve got the tools to extract data from an iPhone 5 and 7 now,’ said Andy Garrett, a chief executive of Garrett Discovery, a forensics investigation firm. ‘Everybody does.’
If the iPhones in the case were newer models like the iPhone XS or iPhone 11, then it may be true that exploits do not exist in the wild at this time, but both the iPhone 5 and iPhone 7 are readily exploitable. It may take some time for the iPhone 7’s passcode to be brute-forced, thanks to the Secure Enclave protections, but it’s still possible.
In addition to other techniques, a bootrom vulnerability was found last year that affects iPhone 4s through iPhone X. The bootrom exploit is essentially unpatchable by Apple through software as the issue persists in the read-only memory of the hardware.
Just like in 2015, critics of the government’s approach suggest that this latest instance is political cover to try to pass through legislation that would force companies like Apple to include backdoors in their hardware and software. It isn’t really about the data on these two phones.
In a statement this morning, Apple told the government that it has “responded with all of the information” it can get from iCloud backups and records. It reiterated its hard stance on unwavering encryption policies: “We have always maintained there is no such thing as a backdoor just for the good guys.”
FTC: We use income earning auto affiliate links. More.