The FBI Can Unlock an iPhone 11 Pro Max, So Why Does It Need Apple’s Help?

Iphone Grayshift Graykey Credit: Malwarebytes Labs
Text Size
- +

As U.S. politicians and lawmakers continue to turn up the heat on Apple for its stance on encryption, making hyperbolic statements that it’s being uncooperative in a recent mass shooting investigation and creating safe havens for criminals in general, many are beginning to question exactly why the FBI is asking for Apple’s help in the first place to help unlock two iPhones used by the shooter in the Pensacola Naval Air Station case that it should easily be able to handle with its own resources.

In fact, although both U.S. Attorney General William P. Barr and President Donald Trump have weighed in with their own criticisms of Apple in the case, it’s worth keeping in mind that Apple itself hasn’t actually said “no” to the FBI’s request yet. By all indications, the FBI and Apple are still talking at lower levels, and Apple has already offered — and is continuing to offer — as much assistance as it can, including providing many gigabytes of iCloud data from the shooter’s account.

While it’s no surprise that Apple isn’t likely to back down on its stance on encryption, there’s no indication that it’s come to that point yet, so high-level U.S. officials like the Attorney General and the President seem to be jumping the gun here on the assumption that they’re going to have a fight, with sources inside Apple already saying that executives have been taken by surprise at how quickly the situation has escalated, and trying to defuse it in a way that doesn’t compromise their own corporate ethics.

What’s even more mysterious is that the two iPhones in question, which were both used by the shooter, Mohammed Saeed Alshamrani, were so old that they should be almost trivial for the FBI to unlock. One, an iPhone 5, was even older than the iPhone 5c that the FBI successfully unlocked through third-party channels in the case of the San Bernardino shooter, and the other, an iPhone 7 Plus, shouldn’t prove significantly more difficult to get into, according to many security researchers, especially in light of a pretty serious exploit that surfaced last year.

The FBI Has the Tools

Now, adding further weight to the theory that the FBI doesn’t really need Apple’s help at all, Forbes uncovered a search warrant from late last year that reveals that the FBI was able to gain access to an iPhone 11 Pro Max — Apple’s latest and most secure model — without any direct outside assistance from Apple or any other third-party forensic firms.

Instead, the warrant shows that FBI investigators in Ohio were able to use a GrayKey device, a forensic tool specifically designed to hack iPhones that’s long been available to law enforcement investigators, to extract data from an iPhone 11 Pro Max. The device in question belonged to Baris Ali Koch, in a case that had considerably lower stakes than a mass shooting. Koch was accused of lying to the police and giving his ID documents to his brother, a convicted felon, in order to help him flee the country.

Forbes adds that it spoke with Koch’s lawyer, who confirmed that the device was locked, and that to the best of his knowledge investigators could not have acquired the passcode from Koch — he had not given it to them, nor had they forced him to use Face ID to unlock his iPhone. The application for the search warrant, dated Oct. 16, 2019, also included a photo of the iPhone, clearly showing it in a locked state.

The warrant, issued the same day, describes the property taken as: “One USB drive containing GrayKey derived forensic analysis of an Apple iPhone 12,5, serial number F2LZ80FSN70P.” “iPhone 12,5” is the internal device code used by Apple for the iPhone 11 Pro Max.

According to Forbes, the office of Senator Ron Wyden (D-OR) has asked the Department of Justice for an explanation as to why it’s making public demands for backdoors when it has already used forensic tools that can access the newest iPhones.

Political ‘Theatre’

Several researchers have suggested that the FBI and Justice Department are attempting to use this case in order to turn public opinion against Apple and the use of strong encryption techniques in general.

Nicholas Weaver, a researcher and lecturer at Berkeley’s International Computer Science Institute, says that Apple has essentially designed its iPhones so that if a tool like GrayKey can’t extract data from them, nothing can.

Basically, Apple made a safe where to change the combo you have to unlock the safe, and the FBI is saying ‘change the combo’ when they know full well you can’t change the combo without unlocking the safe first.

Nicholas Weaver, security lecturer at the University of California, Berkeley

Of course, many politicians and lawmakers either genuinely or willingly miss this particular point, since they fail to understand how encryption works. The general belief seems to be that since Apple created the lock, they can get into the lock.

However, with properly designed encryption technology, this is not the case, and Apple can’t hand over what it doesn’t actually have. Those lawmakers who do understand this are poised instead to force Apple and other companies to build backdoors into the iPhone and other systems, which is something that Apple patently refuses to do, making the valid point that there is absolutely no way to guarantee that a backdoor will only ever be used by “the good guys.”

Damaged iPhones

Despite all of the political kerfuffle, however, there may be a more pragmatic reason why the FBI is reaching out to Apple in this case, which is the fact that both of the iPhones being investigated were actually damaged by the shooter before the FBI got its hands on them. The iPhone 7 Plus was reportedly struck by a bullet during the incident and the shooter specifically tried to destroy the iPhone 5 himself.

While sources close to the investigation have said that both of the iPhones in question have been repaired to the point of being able to power on, there could still be other damage that’s making forensic investigation more complicated. However, as security researchers point out, if the damage is extensive enough to prevent tools like GrayKey from working, there’s almost certainly nothing more special that Apple itself will be able to do.

Neither Apple nor the Justice Department have commented officially on the specifics of the case, nor shared any information as to how the damage may impact the ability of the iPhones to be searched. However, it seems likely that while politicians and Apple executives are trading barbs and gearing up for a fight, actual engineers and forensic experts are likely still working to do as much as they can to solve the problem, and sources inside Apple have said that Cook’s team is working with the FBI to try and help them find an “outside resolution” that would avoid the need for Apple to break its own security. Whether this is enough, however, depends on the real motivations behind this latest fight; if lawmakers are looking at this as an opportunity to hold Apple’s feet to the fire and make it provide a backdoor to law enforcement, as many lawmakers seem eager to do, it’s likely that they won’t be satisfied with anything less than Apple capitulating to their demands, regardless of whether the data from the shooter’s iPhone can be obtained in any other way or not.

Sponsored
Social Sharing