The iPhone 5c that belonged to San Bernardino shooter Syed Farook is susceptible to certain malicious attacks that could get the FBI what it wants: unrestricted access to a device that might hold some evidence linking the shooter to other potential suspects. The NSA has been conspicuously absent from the Apple vs. FBI battle, AND MANY HAVE WONDERED whether the NSA can indeed break into the handset… AS WELL AS why it’s not doing it to help in this particular investigation.
Even Apple indirectly acknowledged that the NSA might have what it takes to crack any iPhones, by grilling the FBI on the reason it didn’t explain why the NSA’s resources aren’t being used.
However, even if the NSA has powerful tools to crack iPhones, it’s probably for the best it doesn’t use them on this particular device.
Talking to security experts, including former NSA employees who now work in the private sector, Forbes explains that NSA hackers may have a treasure trove of zero-day attacks that could be used to effectively render the iPhone 5c defenseless.
Zero-days, or bugs that are unknown to the manufacturer and can be used to inject malicious code into a computer or smartphone, are either discovered by the NSA or purchased from intrepid third-party companies. These software tools are hard to come by, and Apple would patch the security holes they take advantage of the minute they’re disclosed. In fact, it’s these security holes that can be used to jailbreak devices.
Dave Aitel, former NSA research scientist and CEO of security firm Immunity, believes that asking Apple to create a backdoor into the iPhone is far worse than asking for NSA’s help to decrypt it. He thinks other intelligence agencies should assist in the investigation, including national and international ones, and treat this threat as an attack coming from the outside.
“This is about dealing with a terrorist threat [where] you’d normally cooperate with foreign nations as well. It shouldn’t just be limited to the NSA… The Chinese have no problem probably helping us. Could be the Germans next time,” Aitel said.
His company does take part in the zero-day vulnerability market, and he advocates that the San Bernardino shooting proves the “strategic value of investing in your zero-days, solving hard policy problems.”
The zero-days needed to crack this iPhone would have to fool the device into thinking it’s running software signed by Apple. Exploits targeting a USB driver that manages communications between the iPhone and PC, exploits that would retrieve the encryption keys from the device, or exploits in the baseband chip that handles the cellular connection are some potential avenues the NSA might have at its disposal, according to experts.
The agency could also physically remove the iPhone memory chip, as was proposed in the past, and poke through it with a laser to expose a portion that contains the required key data. However, this kind of hardware hack is dangerous as it can destroy the memory chip.
Even so, while the NSA might have the capacity to perform any of this iOS software and hardware tricks – and probably even others that are more advanced – there might be little strategic value for the agency to waste them on this iPhone.
Farook’s iPhone 5c was not his main smartphone and people believe that the device doesn’t contain much information. The man destroyed other smartphones that could have contained sensitive data. But once the NSA exploits the security holes it knows about, Apple will likely patch them since this case is so public.
“Losing [zero-days like that] is so damaging,” former NSA computer scientist and co-founder of security firm Carbon Black told Forbes. “I don’t believe the NSA would think that this one case would be that valuable especially when Apple already provided the iCloud data.”
He continued, “I don’t doubt that capabilities exist I just feel like in this situation it isn’t something that the U.S. government’s national security mission would want to potentially burn.”