Apple’s fight with the FBI over the San Bernardino shooter’s iPhone isn’t over yet because now Apple has to figure out how the FBI actually hacked into the device without Apple’s help.
The FBI did not reveal to Apple how it bypassed the security protocols built into iOS, but the bureau told law enforcement agencies that it will help them in their investigations. Even if it doesn’t provide specifics about the iPhone hack at its disposal, the more iPhones the FBI unlocks for criminal cases, the more likely Apple will be able to figure out how it’s gaining access.
What the FBI has been able to achieve without Apple’s help is to bypass the screen lock of the iPhone, without worrying about triggering a full data wipe that occurs after too many incorrect passcode entries.
In a letter to law enforcement across the U.S., seen by Reuters, the FBI said that it’ll help them while abiding by existing laws.
“As has been our longstanding policy, the FBI will, of course, consider any tool that might be helpful to our partners,” the FBI said. “Please know that we will continue to do everything we can to help you consistent with our legal and policy constraints.”
“We are in this together,” the FBI said in the letter, which was sent five days after it dropped the case against Apple.
The Bureau said it’s well aware of the “worldwide publicity and attention” generated by the Apple case and is committed to maintaining “an open dialogue” with local law enforcement.
Meanwhile, an Apple official told Reuters that the FBI method used to break into the iPhone 5c will not stay secret for too long, an opinion shared by outside security experts.
In case the FBI unlocks more iPhones that are part of criminal investigations, defense attorneys will be able to cross-examine witnesses presenting information obtained from those devices. When that happens, Apple should get enough information to make up a general idea of how the hack works.
“Flaws of this nature have a pretty short life cycle,” a senior Apple engineer said. “Most of these things do come to light.”
As Reuters points out, when Apple does fix the flaw, it’ll announce it to customers, thus extending the public debate over security.
“The FBI would need to resign itself to the fact that such an exploit would only be viable for a few months if released to other departments,” independent forensics expert Jonathan Zdziarski said. “It would be a temporary Vegas jackpot that would quickly get squandered on the case backlog.”
Meanwhile, it looks like Apple engineers are pretty proud of the security of the iPhone, and the fact that defense contractors would pay as much as $1 million for an iPhone hack that’s likely to be short-lived and patched in the future.