Surprise! The FBI Got Into the Pensacola Shooter’s iPhone without Apple’s Help

After much brouhaha earlier this year, it seems that the FBI has managed to gain access to at least one of the two passcode-protected iPhones owned by the perpetrator in a terrorist attack late last year at the Pensacola Naval Air Station in Florida.

In early January, the FBI formally requested Apple’s assistance in unlocking two iPhones that were believed to be owned by Mohammed Saeed Alshamrani, who carried out a mass shooting attack that left three people dead and eight injured back in December.

In what sounded very much like a repeat of the infamous case of the San Bernardino shooter back in 2015, Apple stated that it had already provided what assistance it could, including access to the the shooter’s iCloud backups and other related server-side data, and would continue to offer what assistance it could, but maintained that it could not provide a way to access the data on the iPhones themselves.

Not surprisingly, Apple’s positions sparked another controversy, with law enforcement officials insisting that Apple was being uncooperative, although in a rather unprecedented development, the U.S. Attorney General became involved, incorrectly asserting that Apple was providing “no substantive assistance to the FBI” and effectively stonewalling law enforcement. If that weren’t enough, President Donald Trump also weighed in, claiming that despite all of the help that he has given Apple they “refuse to unlock phones used by killers, drug dealers, and other violent criminal elements.”

For Apple’s part, the company continued to insist that it was doing everything it could, vehemently denying the claim that it was providing no assistance by pointing to the fact that it had actually provided the FBI with “many gigabytes of information” in response to its requests, and had done within hour of the actual shooting — almost a full month before the FBI even made its formal request to provide direct access to the iPhones.

Smoke and Mirrors

As the case developed, however, it became apparent that there may have been convenient political games at play, with some politicians using this as an attempt to force Apple’s hand and turn the tide of public opinion against the iPhone maker, which has always taken a strong stance on user privacy, and building the iPhone hardware and operating system in such a way that even Apple itself can’t access the data on an iPhone.

In fact, during the 2015 San Bernardino case, Cook referred to the FBI’s request that Apple create a backdoor for law enforcement as “the equivalent of software cancer” based on the fact that once such a backdoor exists, it’s absolutely impossible to guarantee that it will only ever be used by legitimate authorities.

However, government officials on the side of law enforcement have long pilloried Apple for its position, insisting that the company has created a “safe haven” for criminals and trying to scare the public with the spectre of Apple’s encryption protecting terrorists, pedophiles, and other criminals. U.S. lawmakers have been making statements suggesting that they will introduce new laws that would force Apple to create such backdoors, but thus far they seem to have lacked the political will to follow through on those threats, likely to avoid the risk of a public backlash from many who feel that Apple’s consumer-friendly approach is the correct one.

The FBI Never Needed Apple’s Help

However, what really made the whole issue with the Pensacola iPhones seem like a tempest in a teapot was the fact that most experts agreed the FBI didn’t actually need Apple’s help.

Firstly there was the fact that the two iPhones in question were considerably older models. One, an iPhone 5, was even older than the iPhone 5c used by the San Bernardino shooter, which the FBI successfully unlocked four years ago. However, thanks to a serious exploit discovered last year, even the newer iPhone 7 Plus that was used by the terrorist shouldn’t have been significantly more difficult to get into, according to security researchers.

Then there’s the fact that the FBI had already been breaking into the latest iPhone 11 models, according to a search warrant that was uncovered by Forbes, and if they can break into that model, which isn’t vulnerable to any known security exploits, then cracking the iPhone 7 Plus involved in the Pensacola case should have been trivial.

Well, apparently according to CNN, it was. Apple may have received an unexpected bonus from the global health crisis, since the latest debate around law enforcement, privacy, and encryption suddenly took a back seat to the novel coronavirus wreaking havoc on the world’s economy. Meanwhile, although the U.S. Justice Department gave up its fight against Apple as it wrestled with considerably more serious issues, the FBI continued to quietly work away on the two iPhones, finally gaining access to them — without any assistance from Apple.

According to the report by CNN, U.S. investigators were able to use the data to discover a link between Alshamrani and al Qaeda, noting that U.S. Attorney General William Barr and the FBI are expected to announce the finding today in a news conference.

While the report doesn’t go into any details about how the FBI was able to gain access to the iPhone, much can be inferred from what security experts have already said while the battle was raging back in January. Most likely they used the same GrayKey device that was also used by investigators in Ohio to extract data from an iPhone 11 Pro Max last fall, which was part of a case that had considerably lower stakes than a terrorist attack; the device in question belonged to Boris Ali Koch, who was accused of lying to the police and supplying his ID documents to his brother to help him flee the country.

GrayKey devices are forensic tools that have been specifically designed to hack iPhones by making a direct connection to the Lightning port to override firmware restrictions, and it’s been a serious enough threat that Apple introduced a feature in iOS 11.4 to disable the Lightning port when an iPhone is locked. However, this didn’t stop the FBI from gaining access to an iPhone 11 Pro Max, which must have been running at least some version of iOS 13. By comparison, the iPhone 7 Plus used by Alshamrani could have been running an older version, but even if not it would have been vulnerable to a hardware-level security flaw in Apple’s A-series chips that wasn’t fixed until the A12 arrived in Apple’s iPhone X and iPhone 8 models.