This might be how the FBI is planning to break into an iPhone without Apple's help
The Bureau has been trying to force Apple to write software to help it unlock an encrypted iPhone linked to a deceased terrorist. But it has now moved to vacate a court hearing that was due to take place on Tuesday.
In a court filing (below), the FBI says that it might now have a way to unlock the device that doesn't require Apple's help. On Sunday, "an outside party demonstrated to the FBI a possible method for unlocking [Syed] Farook's iPhone," the filing reads. The FBI will now carry out "testing" to see whether the method is "viable."
So who is this "outside party"? Right now, there's no indication - and the US Justice Department did not respond to a request for comment.
Forensic expert Jonathan Zdziarski has a theory - one that's akin to "cheating at Super Mario Bros."
Writing on his blog, Zdziarski points out that the FBI sometimes works with "contracted external forensics and data recovery labs": It's likely that one is involved here.
The method involved, he speculates, may involve copying the contents of the NAND memory, then overwriting it whenever defensive security mechanisms kick in - allowing the FBI to get past a limit on the number of incorrect passcodes that can be entered before the device wipes itself. Here's Zdziarski's possible explanation - emphasis ours:
This potential method has been discussed as an option of gaining access to the iPhone before - the ACLU published a blog post in early March in which it alleged the FBI's claim it needs Apple's help is "fraudulent."
Security vulnerabilities that haven't been disclosed or discussed publicly can be highly valuable. They're often called "zero days" (as the developer has "zero days" to deal with the issue once it has been discovered), and there's a thriving market for these exploits - security companies and government agencies are willing to pay researchers big bucks for new ways to break into devices and software. In 2015, security company Zerodium paid a whopping $1 million (£700,000) for a hack into iOS, Apple's mobile operating system. (It's not clear how much, if anything, the FBI paid its unnamed "outside party.")
The FBI will provide a report to the court on April 5, so we may get more information then. Zdziarski says he reckons "the two weeks the FBI has asked for are ... [for the external forensics company] to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units."