A look inside a $10 million cyber lab designed to crack iPhones

Cracking iPhones is a huge business in its own regard, especially as law enforcement agencies across the United States fork over a ton of cash to bypass a device’s security.

Case in point: a $10 million cyber lab designed almost entirely around the idea of cracking Apple’s iPhone. Fast Company has the in-depth look, and it is in-depth. It details the efforts from Manhattan District Attorney Cy Vance Jr. as he oversees the expensive cyber lab and a team of cybersecurity experts as they try to crack the built-in security protocols in iPhones.

The facility features a variety of tools for the experts to use, including a radiofrequency isolation chamber — which makes it possible to remove the potential for outside tampering while law enforcement officials investigate the said device. The facility also includes a supercomputer that generates 26 million random passcodes per second, and the lab has thousands of iPhones on hand all in various stages of being cracked, most of which are related in some way to an ongoing criminal investigation.

Steven Moran is the director of the facility.

At the same time, Moran and Vance have to decide which devices to prioritize. On the day I visited the cyber lab, there were nearly 3,000 phones, most related to active criminal investigations, that Moran had not yet been able to access. The team has built a proprietary workflow management program, using open source software, to triage the incredible volume of incoming devices and to escalate the most important cases. “So if a third party were to say ‘hey, we have a solution that will work on iOS 12.1.2 and it costs X amount of dollars,’ I can see within five seconds that that’s going to affect 16 different phones,” Moran says.

Each of the iPhones are connected to computers basically at all times, with each computer trying to essentially brute force their way into the devices by generating random passwords all the time.

It’s probably not surprising to hear that Vance Jr. is an unabashed critic of Apple and the company’s security efforts. The District Attorney has requested that the government should introduce anti-encryption legislation which would make it easier for law enforcement agencies to access devices whenever they want. Vance Jr. says that 82 percent of smartphones that come into the lab are locked, and that they can successfully unlock about half of them.

One of the issues is Apple’s frequent software updates, which complicates the unlocking process. Especially as the cyber lab tries to unlock the devices in a timely manner of any kind. Vance Jr. says it’s not fair that Apple (and Google) can set the rules for locking down their devices “unilaterally”.

At the same time, Moran and Vance have to decide which devices to prioritize. On the day I visited the cyber lab, there were nearly 3,000 phones, most related to active criminal investigations, that Moran had not yet been able to access. The team has built a proprietary workflow management program, using open source software, to triage the incredible volume of incoming devices and to escalate the most important cases. “So if a third party were to say ‘hey, we have a solution that will work on iOS 12.1.2 and it costs X amount of dollars,’ I can see within five seconds that that’s going to affect 16 different phones,” Moran says.

Vance Jr. argues that most criminals don’t have an iCloud account, something that Apple can provide access to in some cases. Apple’s argument is that it can provide some iCloud information without breaking into the phone, which Vance Jr. doesn’t believe is good enough.

You should absolutely go read the full investigation of Vance Jr.’s cyber lab. Especially in light of the fact that Apple is back in the security and privacy fight with the FBI and Department of Justice. Here’s a quick rundown:

Earlier this month, the FBI requested that Apple unlock the iPhone used by the alleged shooter at the Pensacola naval air base. Not long after that, the United States Attorney General made a direct request of Apple, saying he wanted the company to “provide access” to the device. And then Apple denied many of the things the AG said, saying it had helped to the best of its ability.

And now we just heard that one of the reasons Apple decided to not encrypt iCloud backups was due to pressure from the FBI.

All of this is very important, and it will be interesting to see how long this fight continues.