The Department of Justice and Apple are squaring off again in 2020 over encryption, with both sides reiterating stances they made very public way back in 2015.
But here we are again anyway, with the Federal Bureau of Investigation (FBI) and the DOJ coming out swinging, requesting that Apple do whatever it can, to basically go to any length, to make its devices easily accessible to law enforcement agencies. Apple refuses to do this, especially in such a way that it would create a “backdoor” to the devices. The United States Attorney General has even gone as far as directly asking Apple to help. And Apple has gone as far as to say it has helped to the best of its ability, but it’s still not going to sacrifice user privacy and security to give law enforcement what it really wants:
Unfettered access to these devices.
That’s a quick recap to get us to today, where The Wall Street Journal has some interesting additions to this story. Specifically, which has gone unreported up to this point, that the reported mass shooter of the Naval air base in Pensacola, Florida, was using an iPhone 5 and an iPhone 7 — not the latest models.
That’s an important detail because, as security experts made it pretty clear in the WSJ‘s report, these older devices are “easier to crack” than the DOJ and the FBI would have the public believe.
We’ve got the tools to extract data from an iPhone 5 and 7 now,” said Andy Garrett, a chief executive of Garrett Discovery, a forensics investigation firm. “Everybody does.
It’s not a secret that, in 2015, the FBI spent upwards of $1 million to reach data stored in an encrypted iPhone 5C. Now, the agency could do the same thing for either one of the Pensacola shooter’s iPhones for $15,000 or less, according to this latest report, thanks to the tools the agency purchased over the last two years.
It’s a cat-and-mouse game. Apple locks things, but if someone wants to find a way to get into these devices, they will find a way,” said Sarah Edwards, a digital forensics instructor with the SANS Institute, an organization that trains cybersecurity investigators.
There are options for law enforcement agencies at this point, as far as older devices are concerned. Grayshift, for example, started selling its “iPhone hacking device” in 2018. It costs $15,000 for law enforcement agencies. And then there’s Cellebrite, which was rumored to be the company that helped the FBI back in 2015.
In the past two years, Grayshift has sold its products to the U.S. Bureau of Prisons, the Drug Enforcement Administration, the Internal Revenue Service and the FBI. The FBI has spent more than $1 million on Grayshift products, according to federal procurement records.
Georgia’s Gwinnett County, for example, started using the Grayshift device in 2018 and gained access to about 300 phones that year. Now, Chris Ford, an investigator with the district attorney’s office is using the device to reopen cases that had gone cold due to phones that were previously unreadable.
The report indicates that Cellebrite has been able to gain access to the iPhone 5 since 2015. And it’s worth noting here that the iPhone 5 is so old now that it doesn’t even have a Secure Enclave built into it. And even the iPhone 7 is reportedly “easily readable” in the year 2020 than it was when the phone first launched.
Forensic tools used to hack into iPhones have been enhanced recently, thanks to software called Checkm8 that exploits a vulnerability in Apple’s hardware. It allows forensics tools to download data, such as deleted files, that is often hidden from even the users of the iPhone, security professionals say.
A forensics tool built with Checkm8 works on all iPhone devices from the iPhone 5s to the iPhone X, and exploits a hardware bug that Apple is unable to patch, they say.
The reality here is that these older devices will probably need to be accessed via brute force methods, especially if the handsets were powered off when law enforcement got their hands on them. However, they are accessible via the tools available to these agencies — without the extra assistance from Apple. Specifically, despite the fact that the DOJ is trying to make it seem like Apple has to create a backdoor, it definitely doesn’t have to in this particular case.
But cracking the passcode is something that both Cellebrite and Grayshift’s device are designed to do, forensics experts say. “It may just take a while to crack the passcode,” Ms. Edwards said.
This is all very messy and noisy, but it stands to reason that Apple is not going to change its position here. And it’s probably safe to say that the FBI and DOJ won’t be changing their position on the matter anytime soon, either, even if its rationale is on shaky ground.