FBI Backed Off Apple In iPhone Cracking Case

Outsmart Malicious Hackers


So the big furore this week is because the FBI backed off Apple in the whole Apple vs the World privacy case regarding cracking the iPhone Passcode of the phone belonging to the San Bernardino gunman Syed Farook.

If you’re not familiar with the case, catch up with it here: FBI–Apple encryption dispute.

FBI Backed Off Apple In iPhone Cracking Case

The latest turn in this case is that the FBI have said basically a 3rd party has demonstrated them a way to unlock the phone without Apple building a specific iOS version with weaker password back-off algorithms (which is what they were proposing) to allow brute forcing.

The FBI has come to a sudden and surprising all-stop in its legal war with Apple.

Rather than compel the Cupertino giant to help it unlock an iPhone belonging to one of the San Bernardino killers, the Feds say they may be able to break into the handset without the company’s assistance after all.

In a filing [PDF] submitted late Monday in a central California federal court, the Feds asked for a crunch hearing due to take place on Tuesday be vacated and proceedings be suspended at least until next month. The court has granted the request.

The FBI will use that time to test an alternate method for unlocking the iPhone that will not involve, as it had originally sought, Apple building a specially crafted version of the iOS firmware.

That custom operating system, when installed on the phone during boot up, would allow agents to guess the passcode by brute force without the device wiping itself after too many wrong attempts.

Now, despite insisting repeatedly that Apple were the only ones on the planet who could help its investigation, the Feds may use someone else’s unlock method instead, apparently.

“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [San Bernardino gunman Syed] Farook’s iPhone,” the FBI said in its filing.

“Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc.”

Apple did not immediately respond to a request for comment.


It’s an interesting turn in the case, and a collective sigh of relief is being exhausted from the security community as NO ONE wanted to Apple to compromise their own security standards just because of an iPhone 5C which may or may not have any pertinent data on it.

We will have to wait a little longer to see what actually happens right now as the Feds have just put a pause on proceedings now, citing they need time to validate the attack vector provided by this mysterious 3rd party.

The FBI said in its filing that it would be able to provide a progress report on the unlocking efforts on April 5, at which point the case could proceed or it could be dropped.

The move will be seen as a win for Apple, which has for weeks been fighting, both in court and in the press, against claims by the US government that it should comply with the FBI and craft deliberately weakened software.

“The FBI always had the option of hacking the phone the expensive way, using forensic tools; they never needed Apple for this,” Holmes Wilson, cofounder of digital rights campaign group Fight for the Future, told The Register.

“What they wanted was a legal precedent that let them force any company to issue malicious updates. So if they’re saying ‘maybe there’s another way’ that means they’re walking away with their tail between their legs, hopefully for good.”

Apple boss Tim Cook and his attorneys have been the public face of Apple’s opposition in this legal showdown. However, thousands of supporters within Apple’s own ranks and at fellow tech giants including Google, Amazon and Microsoft, have been resisting what they see as a power grab that would have a chilling effect on privacy and security, should engineers be forced to compromise their own products at the behest of governments.

There’s an interesting analysis by iOS chap Jonathan Zdziarski here: My Take on FBI’s “Alternative” Method, although it is of course all speculation, it’s speculation from a fairly well informed standpoint.

So we shall see, as with anything USG related – we are extremely unlikely to get any details on what is actually happening or the methods used whichever way the case goes.

Source: The Register

Posted in: Apple, Legal Issues

, , ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


Comments are closed.