- Experts say Feds could access data without going to court
- A kiosk in a Chinese mall holds a potential solution
The Federal Bureau of Investigation has put the onus on Apple Inc. to break into the iPhone 5c carried by San Bernardino terrorist Syed Rizwan Farook. In fact, the feds almost certainly could do it themselves.
Security experts say there are many ways the FBI could hack the iPhone now at the center of a standoff between Apple and the U.S. government. They argue that doing so would be faster than waiting for the courts to decide whether Apple should be forced to create software that would let investigators try multiple passcodes without erasing the device. No one is saying a government hack would be easy, but the experts interviewed for this story have concluded the Feds aren’t even trying because they’d rather win a legal precedent that gives agents the power to access phone data with a warrant.
Jonathan Zdziarski, a cybersecurity researcher who consults with law enforcement, says the FBI could learn something from back-alley techies in China who break into iPhones all the time. He describes a kiosk in a Shenzhen mall that charges $60 to upgrade a 16-gigabyte phone to 128 gigabytes. Using a PC, tweezers and screwdrivers, he says, the kiosk operator copies the contents of the iPhone onto a chip with more capacity then swaps it in.
Zdziarski says the FBI could use a similar workaround: copy the phone’s contents onto a chip so there’s a backup file when password attempts erase the device. The trick is figuring out a way of doing this hundreds of times without destroying the chip. He says the problem could be solved with research and that typically investigators can crack a passcode with fewer that 200 attempts because people usually choose easy ones.
That’s just one of multiple ways the FBI could extract data by messing with iPhone hardware, Zdziarski says. Other potential solutions include finding and exploiting cracks in the software. All systems contain flaws and they continue to be found every month in Apple’s software, according to Jason Syversen, a former manager at the Defense Advanced Research Projects Agency (DARPA) and now chief executive officer of cyber security firm Siege Technologies. In fact, Apple publicly lists the security vulnerabilities that researchers have found. There’s no shortage of cyber experts within the FBI, contractors that work on-site, or third parties and academic organizations that law enforcement could enlist to try and use those cracks to extract the data, Syversen says.
Some experts have argued that the FBI should ask the National Security Agency for help. They note that the NSA is the best-funded spy agency on Earth, employs legions of hackers and almost certainly can break into secure computer systems. But in testimony before Congress on Tuesday, Worcester Polytechnic Institute cybersecurity professor Susan Landau said the NSA may be reluctant to help the FBI, since the secretive agency’s hacking abilities could become public should it be hauled into court.
In written testimony for the congressional hearing, Landau said the FBI needs to build its own investigative center employing agents with deep technical understanding so surveillance can keep up with advances at Apple and other tech companies. The cost to maintain this would be in the hundreds of millions, but a worthy investment and probably the only long-term solution, she wrote.
“The FBI must learn to investigate smarter; you, Congress, can provide it with the resources and guidance to help it do so,” Landau wrote in her testimony. “Bring FBI investigative capabilities into the twenty-first century.”
In the meantime, the FBI will continue to use the courts to force Apple to build back doors into its devices -- which Apple says would risk exposing customers’ private information to hackers and authoritarian regimes. FBI Director James Comey said at the congressional hearing that “we have engaged all parts of the U.S. government to see, does anybody have a way, short of asking Apple, to do it, with a 5C running iOS9, and we do not.”
Jay Edelson, a class-action lawyer at Edelson PC that specializes in suing technology companies (going after tech giants including Apple and Google), is on Silicon Valley’s side this time. He says the FBI chose this case to score political points -- not because hacking iPhones is too hard.
“The government’s take is even if we have experts in the government, we don’t have an obligation to enlist their help,” Edelson says. “They’re just trying to establish precedent. They think they have a decent argument where they can force companies to change their business systems to help them.”