recommended reading

Apple’s Next Big Problem: Figuring Out How the FBI Hacked its iPhone

FILE - This Feb. 17, ... ]

FILE - This Feb. 17, ... ] // Carolyn Kaster/AP FIle Photo

There’s been a serious role reversal in the legal battle between Apple and the FBI.

The FBI had attempted to use the courts to force Apple to help it unlock an iPhone, a course of action it’s no longer pursuing since it successfully accessed the phone with help from an unidentified third party.

Now, Apple is in the uncomfortable position of knowing that a serious vulnerability exists in its operating system, but not knowing what it is. As a result, Apple is pursuing legal tactics to make the FBI disclose the method used to break into the phone.

The spotlight now shifts from a courthouse in Riverside, California, to one in Brooklyn, New York. A federal judge at the Riverside court was to rule on whether Apple had to help the FBI access a phone belonging to an assailant in the San Bernardino, California, shootings, but the government dropped that case after unlocking the phone through other, undisclosed, means.

In Brooklyn, the Drug Enforcement Agency and the FBI have an outstanding appeal to compel Apple to access a phone used in a 2014 drug trafficking case. The outcome remains unclear. A federal judge there had already turned down the government’s request to use an archaic law, the All Writs Act, to force Apple’s assistance.

That law was also invoked by the government in Riverside, where a federal judge ruled in favor of its use, and has also been used to compel Google to help unlock devices running its Android operating system, the American Civil Liberties Union revealed March 30. (It’s unclear if the government was successful in those cases, but there’s a good chance it was, since federal prosecutors have said such requests were “routinely approved” until the San Bernardino case, according to the Wall Street Journal.)

Apple has gone on the offensive since the FBI dropped its action in California. Its lawyers wrote to the Brooklyn court March 24 that the FBI’s newly discovered method might “eliminate the need” for Apple’s involvement in the drug-trafficking case. It asked the court to delay briefing deadlines until after the Justice Department submits a status report on the San Bernardino phone to the Riverside court April 5. The government agreed to Apple’s request in a letter to the court March 29.

It’s not clear how the FBI accessed the San Bernardino phone, or whether that technique can be applied to the Brooklyn phone. An Israeli forensic technology firm called Cellebrite is reportedly helping the FBI.

But the Brooklyn phone runs an older version of Apple’s mobile operating system, iOS 7, than the phone in San Bernardino, which ran iOS 9. As such, it’s likely that the Brooklyn phone is easier to access. For example, hacking tools can be bought on eBay to unlock some phones running iOS 8 or earlier.

Apple does not know the technique, the vendor, or what it achieves, according to a person familiar with the case.

It faces a tough road learning that information. The FBI has no legal obligation to disclose to Apple how it broke the iPhone’s security, according to analysts who spoke to the LA Times. As the Times points out, the government organization could also argue that the technique is bound by a nondisclosure agreement with the party that unlocked the phone.

Apple, meanwhile, would have to argue that disclosing the technique is a matter of national security, because millions of users would be at risk if Apple couldn’t identify and fix the vulnerability, said Justin Olsson, a lawyer at security software firm AVG.

“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” Apple said in a statement to Quartz.

It’s not just Apple attempting to find out the FBI’s technique. Other law enforcement officials who have run into locked iPhones in the past also want details on the technique, according to Reuters.

In its most recent filing, the federal government set itself an April 11 deadline in the Brooklyn case to decide whether or not to modify its application to the court seeking Apple’s assistance. If it drops that request, then Apple would have emerged victorious in both legal wrangles, but the technology giant could still be left exposed by the whole affair.

Threatwatch Alert

Social Media Takeover

Qatar News Agency Says Hackers Published Fake Stories

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.